Annotation of wikisrc/guide/net-services.mdwn, revision 1.1

1.1     ! jdf         1: # Network services
        !             2: 
        !             3: ## The Network File System (NFS)
        !             4: 
        !             5: Now that the network is working it is possible to share files and directories
        !             6: over the network using the Network File System (NFS). From the point of view of
        !             7: file sharing, the computer which gives access to its files and directories is
        !             8: called the *server*, and the computer using these files and directories is the
        !             9: *client*. A computer can be client and server at the same time.
        !            10: 
        !            11:  * A kernel must be compiled with the appropriate options for the client and the
        !            12:    server (the options are easy to find in the kernel configuration file. See
        !            13:    [[A walk through the kernel configuration|guide/net-practice#kernel-options]]
        !            14:    for more information on NFS related kernel options.
        !            15: 
        !            16:  * The server must enable the rpcbind, mountd lockd statd and `nfs_server`
        !            17:    daemons in `/etc/rc.conf`:
        !            18: 
        !            19:        rpcbind=yes
        !            20:        mountd=yes
        !            21:        nfs_server=yes
        !            22:        lockd=yes
        !            23:        statd=yes
        !            24: 
        !            25:  * The client must enable the rpcbind, lockd statd and `nfs_client` daemons in
        !            26:    `/etc/rc.conf`:
        !            27: 
        !            28:        rpcbind=yes
        !            29:        nfs_client=yes
        !            30:        lockd=yes
        !            31:        statd=yes
        !            32: 
        !            33:  * The server must list the exported directories in `/etc/exports` and then run
        !            34:    the command `kill -HUP \`cat /var/run/mountd.pid` (`hup mountd` may work
        !            35:    too!).
        !            36: 
        !            37: 
        !            38: A client host can access a remote directory through NFS if:
        !            39: 
        !            40:  * The server host exports the directory to the client. The list of filesystems
        !            41:    a NFS server exports can be checked with the `showmount -e` command, see
        !            42:    [showmount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?showmount+8+NetBSD-5.0.1+i386):
        !            43: 
        !            44:         # showmount -e 192.168.1.2
        !            45:         Exports list on 192.168.1.2:
        !            46:         /home                              host1 host2 host3
        !            47: 
        !            48:  * The client host mounts the remote directory with the command `mount
        !            49:    192.168.1.2:/home /home`
        !            50: 
        !            51: The [mount(8)](http://netbsd.gw.com/cgi-bin/man-cgi?mount+8+NetBSD-current)
        !            52: command has a rich set of options for remote directories which are not very
        !            53: intuitive (to say the least).
        !            54: 
        !            55: ### NFS setup example
        !            56: 
        !            57: The scenario described here is the following: five client machines (*cli1*, ...,
        !            58: *cli5*) share some directories on a server (*buzz.toys.org*). Some of the
        !            59: directories exported by the server are reserved for a specific client, the other
        !            60: directories are common for all client machines. All the clients boot from the
        !            61: server and must mount the directories.
        !            62: 
        !            63: The directories exported from the server are:
        !            64: 
        !            65:  * `/export/cli?/root` -- the five root directories for the five client
        !            66:    machines. Each client has its own root directory.
        !            67:  * `/export/cli?/swap` -- Five swap directories for the five swap machines.
        !            68:  * `/export/common/usr` -- `/usr` directory; common for all client hosts.
        !            69:  * `/usr/src` -- Common `/usr/src` directory for all client machines.
        !            70: 
        !            71: The following file systems exist on the server
        !            72: 
        !            73:     /dev/ra0a on /
        !            74:     /dev/ra0f on /usr
        !            75:     /dev/ra1a on /usr/src
        !            76:     /dev/ra2a on /export
        !            77: 
        !            78: Each client needs the following file systems
        !            79: 
        !            80:     buzz:/export/cli?/root   on /
        !            81:     buzz:/export/common/usr  on /usr
        !            82:     buzz:/usr/src            on /usr/src
        !            83: 
        !            84: The server configuration is the following:
        !            85: 
        !            86:     # /etc/exports
        !            87:     /usr/src  -network 192.168.1.0 -mask 255.255.255.0
        !            88:     /export   -alldirs -maproot=root -network 192.168.1.0 -mask 255.255.255.0
        !            89: 
        !            90: On the client machines `/etc/fstab` contains:
        !            91: 
        !            92:     buzz:/export/cliX/root  /        nfs rw
        !            93:     buzz:/export/common/usr /usr     nfs ro,nodev,nosuid
        !            94:     buzz:/usr/src           /usr/src nfs rw,nodev,nosuid
        !            95: 
        !            96: Each client machine has its number substituted to the `X` character in the first
        !            97: line of the previous example.
        !            98: 
        !            99: ### Setting up NFS automounting for `/net` with
        !           100: [amd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?amd+8+NetBSD-5.0.1+i386)
        !           101: 
        !           102: #### Introduction
        !           103: 
        !           104: The problem with NFS (and other) mounts is, that you usually have to be root to
        !           105: make them, which can be rather inconvenient for users. Using
        !           106: [amd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?amd+8+NetBSD-5.0.1+i386) you can
        !           107: set up a certain directory (Commonly `/net`), under which one can make any
        !           108: NFS-mount as a normal user, as long as the filesystem about to be accessed is
        !           109: actually exported by the NFS server.
        !           110: 
        !           111: To check if a certain server exports a filesystem, and which ones, use the
        !           112: `showmount`-command with the `-e` (export) switch:
        !           113: 
        !           114:     $ showmount -e wuarchive.wustl.edu
        !           115:     Exports list on wuarchive.wustl.edu:
        !           116:     /export/home                       onc.wustl.edu
        !           117:     /export/local                      onc.wustl.edu
        !           118:     /export/adm/log                    onc.wustl.edu
        !           119:     /usr                               onc.wustl.edu
        !           120:     /                                  onc.wustl.edu
        !           121:     /archive                           Everyone
        !           122: 
        !           123: If you then want to mount a directory to access anything below it (for example
        !           124: `/archive/systems/unix/NetBSD`), just change into that directory:
        !           125: 
        !           126:     $ cd /net/wuarchive.wustl.edu/archive/systems/unix/NetBSD
        !           127: 
        !           128: The filesystem will be mounted (by amd), and you can a access any files just
        !           129: as if the directory was mounted by the superuser of your system.
        !           130: 
        !           131: #### Actual setup
        !           132: 
        !           133: You can set up such a `/net` directory with the following steps (including basic
        !           134: amd configuration):
        !           135: 
        !           136:  1. in `/etc/rc.conf`, set the following variable:
        !           137: 
        !           138:         amd=yes
        !           139: 
        !           140:  2. **mkdir /amd**
        !           141: 
        !           142:  3. **mkdir /net**
        !           143: 
        !           144:  4. Taking `/usr/share/examples/amd/amd.conf`, put the following into
        !           145:     `/etc/amd.conf`:
        !           146: 
        !           147:         [ /net ]
        !           148:         map_name =              /etc/amd/net
        !           149:         map_type =              file
        !           150: 
        !           151:  5. Taking `/usr/share/examples/amd/net` as example, put the following into
        !           152:     `/etc/amd/net`:
        !           153: 
        !           154:         /defaults       type:=host;rhost:=${key};fs:=${autodir}/${rhost}/root
        !           155:         *             host==${key};type:=link;fs:=/                           \
        !           156:                       host!=${key};opts:=ro,soft,intr,nodev,nosuid,noconn
        !           157: 
        !           158:  6. Reboot, or (re)start **amd** by hand:
        !           159: 
        !           160:         # sh /etc/rc.d/amd restart
        !           161: 
        !           162: 
        !           163: ## The Network Time Protocol (NTP)
        !           164: 
        !           165: It is not unusual to find that the system clock is wrong, often by several
        !           166: minutes: for some strange reason it seems that computer clocks are not very
        !           167: accurate. The problem gets worse if you administer many networked hosts: keeping
        !           168: the clocks in sync can easily become a nightmare. To solve this problem, the NTP
        !           169: protocol (version 3) comes to our aid: this protocol can be used to synchronize
        !           170: the clocks of a network of workstations using one or more NTP servers.
        !           171: 
        !           172: Thanks to the NTP protocol it is possible to adjust the clock of a single
        !           173: workstation but also to synchronize an entire network. The NTP protocol is quite
        !           174: complex, defining a hierarchical master-slave structure of servers divided in
        !           175: strata: the top of the hierarchy is occupied by stratum 1 servers, connected to
        !           176: an external clock (ex. a radio clock) to guarantee a high level of accuracy.
        !           177: Underneath, stratum 2 servers synchronize their clocks with stratum 1, and so
        !           178: on. The accuracy decreases as we proceed towards lower levels. This hierarchical
        !           179: structure avoids the congestion which could be caused by having all hosts refer
        !           180: to the same (few) stratum 1 servers. If, for example, you want to synchronize a
        !           181: network, you don't connect all the hosts to the same public stratum 1 server.
        !           182: Instead, you create a local server which connects to the main server and the
        !           183: remaining hosts synchronize their clocks with the local server.
        !           184: 
        !           185: Fortunately, to use the NTP tools you don't need to understand the details of
        !           186: the protocol and of its implementation (if you are interested, refer to RFC
        !           187: 1305) and you only need to know how to configure and start some programs. The
        !           188: base system of NetBSD already contains the necessary tools to utilize this
        !           189: protocol (and other time related protocols, as we'll see), derived from the xntp
        !           190: implementation. This section describes a simple method to always have a correct
        !           191: system time.
        !           192: 
        !           193: First, it is necessary to find the address of the public NTP servers to use as a
        !           194: reference; a detailed listing can be found at
        !           195: [http://support.ntp.org/bin/view/Servers/WebHome](http://support.ntp.org/bin/view/Servers/WebHome).
        !           196: As an example, for Italy the three stratum 1 servers `tempo.cstv.to.cnr.it`,
        !           197: `ntp1.inrim.it`, and `ntp2.inrim.it` can be used.
        !           198: 
        !           199: Next, to adjust the system clock give the following command as root:
        !           200: 
        !           201:     # ntpdate -b ntp1.inrim.it ntp2.inrim.it
        !           202: 
        !           203: (substitute the names of the servers in the example with the ones that you are
        !           204: actually using. Option `-b` tells
        !           205: [ntpdate(1)](http://netbsd.gw.com/cgi-bin/man-cgi?ntpdate+8+NetBSD-current) to
        !           206: set the system time with the settimeofday system call, instead of slewing it
        !           207: with adjtime (the default). This option is suggested when the difference between
        !           208: the local time and the correct time can be considerable.
        !           209: 
        !           210: As you've seen, ntpdate is not difficult to use. The next step is to start it
        !           211: automatically, in order to always have the correct system time. If you have a
        !           212: permanent connection to the Internet, you can start the program at boot with the
        !           213: following line of `/etc/rc.conf`:
        !           214: 
        !           215:     ntpdate=YES      ntpdate_hosts="ntp1.inrim.it"
        !           216: 
        !           217: The name of the NTP server to use is specified in the `ntpdate_hosts` variable;
        !           218: if you leave this field empty, the boot script will try to extract the name from
        !           219: the `/etc/ntp.conf` file.
        !           220: 
        !           221: If you don't have a permanent Internet connection (ex. you have a dial-up modem
        !           222: connection through an ISP) you can start ntpdate from the `ip-up` script, as
        !           223: explained in
        !           224: [[Setting up TCP/IP on NetBSD in practice|guide/net-practice]].
        !           225: In this case add the following line to the `ip-up` script:
        !           226: 
        !           227:     /usr/sbin/ntpdate -s -b ntp1.inrim.it
        !           228: 
        !           229: (the path is mandatory or the script will probably not find the executable).
        !           230: Option `-s` diverts logging output from the standard output (this is the
        !           231: default) to the system
        !           232: [syslog(3)](http://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-5.0.1+i386)
        !           233: facility, which means that the messages from ntpdate will usually end up in
        !           234: `/var/log/messages`.
        !           235: 
        !           236: Besides ntpdate there are other useful NTP commands. It is also possible to turn
        !           237: one of the local hosts into an NTP server for the remaining hosts of the
        !           238: network. The local server will synchronize its clock with a public server. For
        !           239: this type of configuration you must use the
        !           240: [ntpd(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ntpd+8+NetBSD-current)
        !           241: daemon and create the `/etc/ntp.conf` configuration file. For example:
        !           242: 
        !           243:     server ntp1.inrim.it
        !           244:     server ntp2.inrim.it
        !           245: 
        !           246: ntpd can be started too from `rc.conf`, using the relevant option:
        !           247: 
        !           248:     ntpd=YES
        !           249: 
        !           250: NTP is not your only option if you want to synchronize your network: you can
        !           251: also use the timed daemon or the
        !           252: [rdate(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rdate+8+NetBSD-5.0.1+i386)
        !           253: command as well. timed was developed for 4.3BSD.
        !           254: 
        !           255: Timed too uses a master-slave hierarchy: when started on a host, timed asks the
        !           256: network time to a master and adjusts the local clock accordingly. A mixed
        !           257: structure, using both timed and ntpd can be used. One of the local hosts gets
        !           258: the correct time from a public NTP server and is the timed master for the
        !           259: remaining hosts of network, which become its clients and synchronize their
        !           260: clocks using timed. This means that the local server must run both NTP and
        !           261: timed; care must be taken that they don't interfere with each other (timed must
        !           262: be started with the `-F hostname` option so that it doesn't try to adjust the
        !           263: local clock).
        !           264: 
        !           265: Finally,
        !           266: [rdate(8)](http://netbsd.gw.com/cgi-bin/man-cgi?rdate+8+NetBSD-5.0.1+i386) can
        !           267: be used to synchronize once against a given host, much like
        !           268: [ntpdate(8)](http://netbsd.gw.com/cgi-bin/man-cgi?ntpdate+8+NetBSD-5.0.1+i386).
        !           269: The host in question must have the "time" service (port 37) enabled in
        !           270: `/etc/inetd.conf`.
        !           271: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb