Enable kerberos support for NFSv4#1664
Conversation
use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions
kernel: Including relevent kernel modules for systemd unit
|
With this: we get the following image diff relative to the last nightly: This looks fine to me. @pothos can you give this a third pair of eyes, there might be something that I'm missing? @JAORMX has also reviewed this already. |
pothos
left a comment
There was a problem hiding this comment.
Thanks, I think you can also add a changelog entry or even better create a docs section on how to use this.
|
Thanks for the reviews all. |
|
Then let's create a changelog entry now, e.g. |
changelog: Adding changlog entry for nfs with kerberos
|
@pothos - Added a commit with the changelog, thanks again. |
changelog: I hope these commits are squashmerged :) Adding missing backtick
| @@ -0,0 +1,6 @@ | |||
| - Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1. [PR#1664](https://github.com/flatcar-linux/coreos-overlay/pull/1664) | |||
There was a problem hiding this comment.
It's a bit long now for the release notes. Since we link to this PR here which also has the same info, I suggest to shorten it to one bullet point
There was a problem hiding this comment.
Makes sense, removed in latest commit.
changelog: simplify changelog back to just a pointer to the PR
NFS4 with Kerberos use_flags: Adding use flags for nfs-utils so that it can support kerberos and nfs4.1 along with various other tools like junctions kernel: Including relevent kernel modules for systemd unit Co-authored-by: Owen Thomas <owen@owen-thomas.co.uk> Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
Enable kerberos support for NFSv4
Reasons outlined in flatcar/Flatcar#636 - This is an attempt at its implementation
How to use
sudo modprobe nfsv3 nfs_acl nfsv4 nfssudo modprobe rpcsec_gss_krb5systemctl start rpc-gssd.servicesystemctl status rpc-gssd.serviceOptionally (all as root)
realm join -U <da-user>/etc/krb5.confif your domain doesn't provide onekinit -kmkdir /mnt/test && mount.nfs4 -v -o sec=krb5,vers=4.1 fileserver.domain.local:/test-share /mnt/testTesting done
These steps have been tested with the flatcar SDK on the
flatcar-3127branch, we produced an OpenStack VM and have tested with the Openstack images. The qemu image also appeared to have the correct packages and kernel modules installed although we didn't perform an end to end test with it.changelog/directory (user-facing change, bug fix, security fix, update)