[Gllug] Getting initramfs to work

Peter Grandi pg_gllug at gllug.for.sabi.co.UK
Thu Aug 11 01:36:20 UTC 2005 

[ ... about mounting via NFS from a FC4 system ... ]

>> [ ... ] perhaps showing the contents of '/etc/exports' might
>> help.

adrian> This is what it currently says (I can mount neither -
adrian> both give -13 errors)

adrian> [adrian at mayday linux-2.6.12.3]$ cat /etc/exports
adrian> /home/adrian/linux-sh/initrd/ 192.168.61.55(ro,insecure,sync,nohide)
adrian> /mnt/dcspace  192.168.61.55(ro,insecure,async)

That looks OKish, and that kind of stuff indeed works here (see
transcript below for the details), both under Fedora 4 (recently
installed and with few updates) and in a Fedora 4 'chroot' under Debian
with a custom compiled kernel (2.6.12.3), and the client being either
Debian or Fedora 4.

I actually used these '/etc/export' entries and they worked both with
the userspace Debian dæmon and the kernel based one under Debian and
Fedora 4:

  /mnt/dcspace		        192.168.2.35(ro,insecure,sync,all_squash)
  /home/adrian/linux-sh/initrd/ 192.168.2.35(ro,insecure,sync,all_squash)

So, here is the transcript of fully detailed ''manual setup'' which
shows how to make it all work, step by step. '/etc/init.d/nfs start'
does most of this automatigically. I have added to '/etc/exports' the
address of the server itself, 192.168.2.34, to enable single-host
service and mounting.

These steps have been run in a Fedora 4 'chroot' running under a
kernel, they work similarly under Fedora natively as the server
and Debian as the client on another PC.

----------------------------------------------------------------
[root at base ~]# cat /etc/redhat-release
Fedora Core release 4 (Stentz)
[root at base ~]# uname -r
2.6.12.3
[root at base ~]# rpm -q nfs-utils
nfs-utils-1.0.7-8
[root at base ~]# mount
/dev/hdb11 on / type ext3 (rw)
/dev/sys on /sys type sysfs (rw)
/dev/pts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
/dev/proc on /proc type proc (rw)
[root at base ~]# ls /mnt/dcspace /home/adrian/linux-sh/initrd
/home/adrian/linux-sh/initrd:
THIS_IS_INITRD

/mnt/dcspace:
THIS_IS_DCSPACE
[root at base ~]# mount /var/lib/nfs/rpc_pipefs
[root at base ~]# mount /proc/fs/nfsd
[root at base ~]# portmap -d &
[1] 10413
[root at base ~]# rpc.nfsd 4
[root at base ~]# rpc.mountd -F &
[2] 10421
[root at base ~]# [root at base ~]# rpcinfo -p 192.168.2.34
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32793  nlockmgr
    100021    3   udp  32793  nlockmgr
    100021    4   udp  32793  nlockmgr
    100021    1   tcp  33080  nlockmgr
    100021    3   tcp  33080  nlockmgr
    100021    4   tcp  33080  nlockmgr
    100005    1   udp    846  mountd
    100005    1   tcp    849  mountd
    100005    2   udp    846  mountd
    100005    2   tcp    849  mountd
    100005    3   udp    846  mountd
    100005    3   tcp    849  mountd
[root at base ~]# exportfs -a
[root at base ~]# showmount -e 192.168.2.34
Export list for 192.168.2.34:
/tmp                         192.168.2.0/26
/var/tmp                     192.168.2.0/26
/usr                         192.168.2.35,192.168.2.34
/mnt/dcspace                 192.168.2.35,192.168.2.34,localhost.localdomain
/home/adrian/linux-sh/initrd 192.168.2.35,192.168.2.34,localhost.localdomain
[root at base ~]# mkdir /misc/a /misc/b
[root at base ~]# mount -t nfs -o ro 192.168.2.34:/mnt/dcspace /misc/a
[root at base ~]# mount -t nfs -o ro 192.168.2.34:/home/adrian/linux-sh/initrd/ /misc/b/
[root at base ~]# mount
/dev/hdb11 on / type ext3 (rw)
/dev/sys on /sys type sysfs (rw)
/dev/pts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
/dev/proc on /proc type proc (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.2.34:/mnt/dcspace on /misc/a type nfs (ro,addr=192.168.2.34)
192.168.2.34:/home/adrian/linux-sh/initrd/ on /misc/b type nfs (ro,addr=192.168.2.34)
[root at base ~]# ls /misc/a /misc/b
/misc/a:
THIS_IS_DCSPACE

/misc/b:
THIS_IS_INITRD
[root at base ~]# umount /misc/a
[root at base ~]# umount /misc/b
[root at base ~]# rmdir /misc/a /misc/b
[root at base ~]# kill %2
[root at base ~]# umount /proc/fs/nfsd /var/lib/nfs/rpc_pipefs
[2]+  Exit 1                  rpc.mountd -F
[root at base ~]# rpc.nfsd 0
[root at base ~]# kill %1
[root at base ~]#
[1]+  Terminated              portmap -d
----------------------------------------------------------------

Under Fedora 4 the RPM versions were '1.0.7-8' for 'nfs-utils'
and '2.6.11-1.1369_FC4' for the kernel.

However getting it working like in the above transcript took me
a fair bit of time because of these reasons:

* Almost any setup error results in a (often misleading)
  ''permission denied'' message.

* The RedHat NFS is the kernel based one; in order to make this
  work one has to mount a couple of virtual filesystems which
  are nonobvious. The freshly installed Fedora 4 does that, but
  if one customizes this and that those mounts can get missed.
  These are the equivalent '/etc/fstab' lines:

    nfsd	/proc/fs/nfsd		nfsd	    noauto,defaults   0 0
    rpc_pipefs	/var/lib/nfs/rpc_pipefs rpc_pipefs  noauto,defaults   0 0

* One must use 'exportfs' to inform the NFS dæmons of changes to
  the '/etc/exports' table, and one can forget to have it reread
  the table if it modified. One can make sure with 'exportfs -r'
  and 'showmount -e ...'.

* The firewall properties of NFS v2 and v3 are rather annoying,
  as it is of course RPC based and it can connect to and from
  more or less arbitrary ports. I issued something like this
  (these specific lines are untested) to weaken my firewall:

    iptables -I INPUT  -j ACCEPT -p udp -s 192.168.2.0/24
    iptables -I OUTPUT -j ACCEPT -p udp -d 192.168.2.0/24
    iptables -I INPUT  -j ACCEPT -p tcp -s 192.168.2.0/24 -m state --state NEW
    iptables -I OUTPUT -j ACCEPT -p tcp -d 192.168.2.0/24 -m state --state NEW

  Part of the problem is that under Fedora 4 the
  'system-config-security' utility does not have NFS as one of
  the cases for opening the firewall, for obvious reasons.

It was less hassle overall with the slower (but apparently not
really) userspace dæmon, both under Debian and Fedora, but this
is not part of Fedora Core. I may have read somewhere that most
distributions are avoiding the kernel based NFS and defaulting
to the userspace based implementation...

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list