Skip to main content

NFS Drive Shares and FreeBSD Ports

One of the things I love about FreeBSD is the ports directory.

The ability to install and upgrade any port simply by going to /usr/ports/porttype/portname i.e. /usr/ports/www/apache13 then all you have to do is type in make and make install or in many cases make install clean and you are on your way. The system connects to various mirror sites and downloads the entire source needed to install the port.

Of course it can become a little painful if you are trying to install 3 identical ports on 3 different servers or trying to upgrade a port that is on 5 or 6 or more servers. I don’t mind running the portupgrade pkg-name command 5 or 6 times, but the problem is the server downloads the source package 5 or 6 times depending on how many servers that port needs to be installed or upgraded on.

So how to save time and bandwidth for port upgrades? Well that’s simple, but as always you have to take in to account some possible security issues.

The way we have used here is to use NFS, which by no means is a secure way of doing it, but the risk can be minimized. I would not suggest using something like NFS on a bunch of servers that are open completely to the Internet. However if you have your gaggle of say 5 or 10 servers in a firewalled environment where the only access from the outside world is limited to a few ports for instance





TCP 80 / www
TCP 443 / https
TCP 21 /FTP
TCP 25 / SMTP

And a few others then you have already done a fair amount to minimize your risk. And you can do some more in the actual NFS setup.

This is what we are going to do:
We set up a server to be the “master” and we setup the other servers to be the “slaves”
Ultimately, the slaves will mount the masters /usr/ports/distfiles directory as their own (the slaves will not have their own /usr/ports/distfiles directory
Firstly decide on a “master” machine the master should have a fair amount of spare drive space and should probably not be too over worked.

Once you have selected the NFS Master
You need to add these lines to your rc.conf file

rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags=""

Add these lines the the /etc/export file (you will probably have to create this file)

/usr/ports/distfiles -maproot=root 10.0.0.2 10.0.0.5 10.0.0.6 10.0.0.9 10.0.0.10 10.0.0.11 etc

The maproot=root basically is risky business but since our servers are pretty hard to get into unless you are on the inside of the firewall it’s a calculated risk.

Obviously the 10.0.0. list of servers should be replaced by the IP’s of your servers.

Ok now the “slave” setup
In the slaves /etc/rc.conf file add the following 2 lines

nfs_client_enable="YES"
amd_enable="YES"

The amd_enable=”YES” directive is to tell the server to automount

Then in the slaves /etc/fstab add this
10.0.0.15:/usr/ports/distfiles /usr/ports/distfiles nfs rw 0 0

For this example 10.0.0.15 is the “master server”

Ok time to start it all up

Firstly on the Master server run the following as root
# rpcbind
# nfsd -u -t -n 4
# mountd

Then on slave servers run the following as root
nfsiod -n 4

Ok that should get the servers all listening for the mounts that you want.

Now try to mount the master’s distfile

mount master-server:/usr/ports/distfile /usr/ports/distfile

That should do it if you run df –h you should see something like this

df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 68G 2.1G 60G 3% /
devfs 1.0K 1.0K 0B 100% /dev

master-server:/usr/ports/distfiles 340G 42G 271G 14% /usr/ports/distfiles


Now any files that a slave might download while doing a portupgrade will be downloaded to the master server and will automatically be available to any other server master or slave with out having to re-download the file

You might also want to check out the FreeBSD Handbook for info related to NFS

Comments

Popular posts from this blog

Setting up and Installing Rancid on FreeBSD for Cisco Products

Setting up and Installing Rancid on FreeBSD for Cisco Products What is Rancid? Rancid is an application that monitors a devices configuration including software and hardware. The configuration is then stored in a Concurrent Version System or CVS. Most of the time it is used to back up router, switch and firewall configurations, as well as notify you when a configuration has changed, i.e a firewall rule or a routers IP address or access list change. here is an example of the output =================================================================== retrieving revision 1.29 diff -u -4 -r1.29 mpls-jhb-pe1 @@ -288,9 +288,9 @@ ! interface Serial0/0 description Link to Client X bandwidth 2048 - ip address 192.168.1.244 255.255.255.254 + ip address 192.168.1.234 255.255.255.254 ip route-cache flow ip tcp header-compression iphc-format ip tcp compression-connections 256 ! ip ospf message-digest-key 1 md5 the - symbol represents what was removed the + symbol represents what was added The abo...

Tacacs+ Install and Config Guide

Tacacs+ Install and Config Guide What is TACACS As per wikipedia Terminal access controller access control system (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Installing Tacacs on FreeBSD This guide is intended to be a basic implementation of TACACS+, so although there are may features I am just going to document what I generally use. Please note that tac_plus is also available from Shrubbery Networks if you would like to install and configure on another platform. You may also want to check out my Rancid How-To Once again its in your ports directory. cd to /usr/ports/net/tac_plus4/ run a "make install clean" Once installed vi /usr/local/etc/rc.d/tac_plus.sh Then Change the following line from NO to YES tac_plus_enable=$ Save the file, then vi /e...

FreeBSD, Postfix, Mailscanner and Mailwatch Installation

Installing postfix, mailscanner and mailwatch on FreeBSD I have setup a number of servers using mailscanner and postfix to do antispam and antivirus checking. This particular example will show you how to set the server up as a mail gateway. i.e. all inbound and outbound mail will go via this server. You can also use the server as a pop3/imap4 server and doing so, does make life a little easier as you don't have to worry about the transport and relay_hosts files. At a later stage I will show that info too..... when I get a chance. This my seem strange but as there is quite a bit involved in installing and configuring I am splitting this into two How-To's this one, The install How-To and the configuration How-To First off its probably best to start on a new install of FreeBSD. Once you have done the initial portsnap fetch and portsnap extract Right here we go. Two things you might want to do is force your NIC to 100MB full duplex and install lsof Type in ifconfig and check if the...