1. Introduction
This document will not explain you how to install NFSv4 on Linux. Either NFSv4 is pre-installed with your distribution, or you can install it following for example the CITI documentation: http://www.citi.umich.edu/projects/nfsv4/linux/.
This document assumes that NFSv4 is installed on your hosts (clients and servers), and deals only with the administration of an NFSv4 network running Linux.
The administration of NFSv4 is made with Webmin, which allows you to:
- mount a directory from an NFSv4 server, with the Disk and Network Filesystems module
- export a directory on an NFSv4 server, with the Exportfs module
- set the mapping between NFSv4 ids and Unix ids with the Idmapd module
- set the security (optional but strongly recommended) with the kerberos5 module
The monitoring of the main NFSv4 features is made with a Nagios plugin, which allows you to:
- check if all the daemons are running correctly
- detect the RPC errors, and some other errors from the log files
- detect when a mount point hangs
- view the CPU consumed by nfsd via graphics
2. Administration with Webmin
Webmin (htp://www.webmin.com) is a web-based interface for system administration.
In the previous versions of Webmin, There were two modules for NFSv3 and NFSv2, one to mount an NFS filesystem (called "Disk and Network Filesystem"), and one to export an NFS filesystem (called "Exports").
These modules have been modified to support NFSv4, new options have been added, the on-line help has been updated, and the french translation has been completed.
You can click on each field to get a description of it.
Two new modules have been added, to help the configuration of NFSv4: "idmapd" and "kerberos5".
2.1 Webmin: Disk and Network Filesystems module
For the mount command, nfs and nfs4 are two different types. So in Webmin, to mount an NFSv4 filesystem, you have to select the Network Filesystem v4 (nfsv4) type:
Here are the available options when mounting an NFSv4 filesystem:
For NFSv4, when mounting on a linux server, you should always mount '/' which is the pseudofilesystem exported by the server. All the available exported directories are in this pseudofilesystem (if they have been exported with the option nohide)
Here is what's new since the last version of this module:
- The options rsize and wsize (commom with NFSv3) have been added
- New options for choosing of the authentication mode (common with NFSv3, since the authentication options are backported into NFSv3)
- NFS specific options are now more precisely displayed
- Some Javascript has been added: it is used to grey out some fields (UDP is disabled for NFSv4; there is no security level for the sys authentication). Of course if Javascript is disabled on the user's browser, the module is still fully usable.
Later, some other transfer protocols will be available (infiniband, quadrics, ...) when NFSv4 will use the library TI-RPC.
2.2 Webmin: Exports module
Here are the available options when exporting an NFSv4 filesystem:
Here is what's new since the last version of this module:
- New fields for the NFSv4 pseudofilesystem (and a readonly text field for the real NFSv4 exported directory): an NFSv4 client doesn't mount distinct repertories from a same server, but mounts the NFSv4 pseudofilesystem, in which are all the directories exported by the server. These directories are locally mounted with a 'mount --bind' by webmin. See the example below.
- New options for choosing the authentication mode
- The "WebNFS clients" option is now disabled for Linux
- An "IPv6 address" option (disabled for the moment)
- The option "Access mode" is renamed into "Read-only?" (to have the same name as in the Mount module)
- Addition of the option "subtree_check"
- Addition of the option "nohide"
- About the "sync" option: the default option is "sync" since the version 1.0.0 of the package nfs-utils. It was "async" in the previous versions. So the text "(usually No)" is removed
- The NFSv2 specific options are separated from the others. The NFSv2 specific options no longer works with NFSv3 nor NFSv4
You can export a filesystem as you did with NFSv3. But you can also use an interesting feature of NFSv4: the pseudofilesystem.
Example:
You set the "Directory to export" to /usr/local/bin and the "NFSv4 Pseudofilesystem to export" to /export, in order to export /usr/local/bin through the pseudofilesystem /export.
On the server, the following three operations are made by WebMin:
/export is exported with the option fsid=0/usr/local/bin is mounted (with the option --bind) on /export/bin/export/bin is exported (if possible, with the option nohide)
On the client, all you have to do is:
mount -t nfs4 server:/ /mnt/nfs4
If the option nohide has been passed, you can immediatly do cd /mnt/nfs4/bin which is the server directory /usr/local/bin. Otherwise, you need to mount also server:/bin
2.3 Webmin: idmapd module
This module allows you to modify the configuration file /etc/idmapd.conf and to restart the daemon rpc.idmapd.
Here are the available options:
2.4 Webmin: kerberos5 module
This module allows you to modify the configuration file /etc/krb5.conf.
Here are the available options:
2.5 Webmin: future developments
Some NFSv4 features are still in development.
Theses features will be available later in Webmin:
- Use of other transfer protocols in the Mount module.
- NFSv4 ACLs: the File Manager module allows to modify the POSIX ACLs for every files or directories. It will be upgraded to support the future NFSv4 ACLs.
- Replication, migration and load-balancing of NFSv4 servers will be managed in Webmin.
3. Monitoring with Nagios
Nagios (http://www.nagios.org) is a host, service and network monitoring program.
No plugin was available for monitoring NFSv3.
The plugin check_rpc (which used the rpcinfo command) can be used to check if the daemon nfsd is responding on the port 2049, and which version is supported (NFSv2, NFSv3, NFSv4).
3.1 Nagios: check_nfs4.pl plugin installation
This plugin will be integrated in the nagios-plugin package (http://nagiosplug.sourceforge.net/) but is for the moment only available on our web site: here. You also need to install the nagios-plugin package.
This plugin must be launched on every host (NFSv4 server or NFSv4 client). So NRPE (Nagios Remote Plugin Executor : http://prdownloads.sourceforge.net/nagios/nrpe-2.0.tar.gz?download) is used to create the communication between the plugin and the Nagios server.
Here is the configuration of nrpe (usually in the file /etc/nrpe.cfg) on the monitored host:
command[check_nfs4]=/usr/local/bin/check_nfs4.pl
Here is the configuration of check_nrpe on the Nagios server, in the file services.cfg:
| define service { |
| host_name | nfs2,nfs3 |
| service_description | NFSV4 |
| check_command | check_nrpe!check_nfs4 |
| .... |
| } |
3.2 Nagios: check_nfs4.pl plugin features
Usage:
check_nfs4 [-v] [-i | --client] [-s | --sec] [-w=xx | --warning=xx]
check_nfs4 [-h | --help]
check_nfs4 [-V | --version]
| [-v] | Verbose |
| [-i | --client] | Monitor an NFSv4 client |
| [-s | --sec] | Check also security features |
| [-w=xx | --warning=xx] | Percentage of CPU consumed by nfsd above which a WARNING will result |
| [-h | --help] | Display help |
| [-V | --version] | Display version |
Features:
On an NFSv4 server (or on an NFSv4 client), this plugin monitors the following NFSv4 features:
- Check if the daemons are running:
- server-side:
nfsd, idmapd, mountd, (security: svgssd)
- client-side:
idmapd, (security: gssd)
- Check if there are RPC errors (the bad* strings read from the command
nfsstat)
- Detect if a mount point hangs. The timeout (3 s by default) can be modified at the beginning of the plugin code.
- Check the percentage of CPU consumed by nfsd
- Check the number of effective used nfsd processes, read from
/proc/net/rpc/nfsd
- Grep some problematic strings from logs. These strings and the log files (usually
/var/log/messages) are defined at the beginning of the plugin code.
Warning: the log files must be readable by the nagios user.
Here are views of the service page of Nagios running the check_nfs4.pl and check_rpc plugins:
3.3 Nagios: check_nfs4.pl plugin performance data
This plugin returns also performance data which can be drawn with RRDtool (http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/) and Nagiosgraph (http://sourceforge.net/projects/nagiosgraph/).
Features:
This plugin returns the following performance data:
- The percentage of CPU consumed by nfsd
- The number of effective used nfsd processes
- The transfer rates
Configuration:
Here is the configuration of Nagiosgraph, in the file map:
Service type: nfs4
/perfdata:nfsd_cpu=(\d+)% nfsd_used_threads=(\d+)% io_read=(\d+)% io_write=(\d+)%/
| and push @s, | [ NFS4, |
| [ nfsd_cpu, | GAUGE, $1 ], |
| [ nfsd_used_threads, | GAUGE, $2 ], |
| [ io_read, | GAUGE, $3 ], |
| [ io_write, | GAUGE, $4 ] ]; |
Graph page:
An HTML page is generated by Nagiosgraph and displays daily, weekly, monthly and yearly graphs.
This page is accessible from the Nagios Service page, and is generated for every host running the check_nfs4.pl plugin.
Here is a view of the graphs:
