-
Notifications
You must be signed in to change notification settings - Fork 36
Conversation
use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions
kernel: Including relevent kernel modules for systemd unit
With this:
we get the following image diff relative to the last nightly: This looks fine to me. @pothos can you give this a third pair of eyes, there might be something that I'm missing? @JAORMX has also reviewed this already. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I think you can also add a changelog entry or even better create a docs section on how to use this.
Thanks for the reviews all. |
Then let's create a changelog entry now, e.g.
|
changelog: Adding changlog entry for nfs with kerberos
@pothos - Added a commit with the changelog, thanks again. |
changelog: I hope these commits are squashmerged :) Adding missing backtick
@@ -0,0 +1,6 @@ | |||
- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1. [PR#1664](https://github.com/flatcar-linux/coreos-overlay/pull/1664) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a bit long now for the release notes. Since we link to this PR here which also has the same info, I suggest to shorten it to one bullet point
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, removed in latest commit.
changelog: simplify changelog back to just a pointer to the PR
NFS4 with Kerberos use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions kernel: Including relevent kernel modules for systemd unit Co-authored-by: Owen Thomas <owen@owen-thomas.co.uk> Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
Enable kerberos support for NFSv4
Reasons outlined in flatcar/Flatcar#636 - This is an attempt at its implementation
How to use
sudo modprobe nfsv3 nfs_acl nfsv4 nfs
sudo modprobe rpcsec_gss_krb5
systemctl start rpc-gssd.service
systemctl status rpc-gssd.service
Optionally (all as root)
realm join -U <da-user>
/etc/krb5.conf
if your domain doesn't provide onekinit -k
mkdir /mnt/test && mount.nfs4 -v -o sec=krb5,vers=4.1 fileserver.domain.local:/test-share /mnt/test
Testing done
These steps have been tested with the flatcar SDK on the
flatcar-3127
branch, we produced an OpenStack VM and have tested with the Openstack images. The qemu image also appeared to have the correct packages and kernel modules installed although we didn't perform an end to end test with it.changelog/
directory (user-facing change, bug fix, security fix, update)