LFCE Preparation Guide: Network Filesystems and File Services – Configuring systems to mount standard, encrypted, and network filesystems on demand

Introduction

Obviously, the handling of file systems is integral to the job of any system administrator or engineer.  Without file systems, operating systems are not of much use, after all.  The key to distinguishing this competency from the subsequent “Create, mount and unmount standard Linux file systems” competency is the “on demand” portion of the language.  This likely refers directly to the autofs software package which allows the administrator to configure the system to understand the locations of file systems and automatically mount them when an attempt to access the relevant path is made by a user.

Given its commonality, this software is among the most likely to be tested upon, so understanding it is very important for an exam candidate.  The good news here is that the scope of this competency is pretty well-understood.

Overview of autofs

The autofs software functions by using the autofs service control script to manage the operation of the automount daemon in the standard fashion (start|restart|stop|status, etc.).  The automount daemon, when started, consults the /etc/autofs.conf file to determine the options with which it should operate and then the /etc/auto.master file to gain an understanding of the mount points which can be accessed on the system through the use of the automount daemon.  The /etc/auto.master file contains entries formatted as follows:

mount-point [map-type[,format]:]map [options]

Where each mount-point is a file path (such as /mnt/) under which various directories may be mounted, each of which may point to separate file systems or resources.  The map-type and format entries describe the map entry which points to another file similar to /etc/auto.master which defines the various subdirectories accessible within each mount-point and the associated file systems and options with which they should be mounted.  The format for each entry in these map files is:

key [ -mount-options-separated-by-comma ] location

Where “key” refers to the name of the subdirectory being accessed (such as “cd” for /mnt/cd), the mount options are standard options passable to the mount command (except for four automount-specific options – check out the autofs(5) manual page for this critical information), and the location is the path to the file system being mounted (e.g. :/dev/cdrom for a CD).  If the location begins with a slash, it must be prefixed with a colon.

Brief Walkthrough

Say an administrator wants to allow a user to access a Windows file share on a remote server whose UNC path is //windows/share on-demand.  The administrator might decide that the user should access this file share from /mnt/windows.  To accomplish this, the administrator would first ensure that the automount daemon starts appropriately using the autofs service control script through chkconfig.  The administrator would also ensure that the /mnt directory is empty so that nothing interferes with the operation of the automount daemon.  Then, the administrator would configure /etc/auto.master with a line such as:

/mnt   /etc/auto.mnt

This instructs the automount daemon to consult the configuration file “/etc/auto.mnt” for information regarding the file systems mountable as subdirectories in the /mnt directory.  The administrator would then create a configuration file at /etc/auto.mnt with the line:

windows  -fstype=cifs,credentials=/etc/windows.creds ://windows/share

Then, the administrator would need to configure the /etc/windows.creds file to include the credentials necessary to access the server in the standard credential file format (see mount.cifs(8) for that syntax).  Of course, ensure that this file is locked down solid with root:root ownership and a file mode of 600.  Because automount operates with root authority, it is capable of accessing and using this information even though the user responsible for prompting the execution of the automount routine may not be.

Troubleshooting

The best advice I can give in the event that troubleshooting is required is to modify /etc/autofs.conf so that the logging option is specified as “debug” (by default it is “none”).  After a service restart, this will provide a wealth of information (through syslog, winding up in /var/log/messages) regarding the operation of automount and should allow you to at least understand where it’s getting tripped up, even if the solution is not always obvious (the inclusion of a colon in the UNC path, for instance, is not easy to guess based on the logging output provided in the event that the colon is omitted, but you can infer that a character is missing from the beginning of the UNC path since the log shows you how the parsing utility renders the path with the first slash trimmed away).

Other Interesting Stuff

The automount software package comes with two preconfigured executable maps: /etc/auto.net and /etc/auto.smb.  They are ultimately just bash scripts which are employed by automount to generate mount information dynamically.  The first script detects and mounts exports from a given NFS server hostname and the second does the same for a CIFS system.  Read them and understand them, as this is very useful functionality and the principles on which the scripts are based and designed are worth understanding, as you can design your own similar programmatic map files.

Resources

  • Manual pages
    • autofs(5) – Valuable syntax information for the map files.  This is likely the most important resource for understanding administration of the automount software.
    • autofs(8) – The service control script for the automount daemon.
    • automount(8) – The actual automount daemon.
    • autofs.conf(5) – The configuration file which controls the settings used by the automount daemon when it launches.
    • auto.master(5) – The configuration file which associates file paths (mount points) with configuration files which specify the options to be used when mounting the various file systems into the potential mount points in the specified directory.
  • Books
    • The Linux Bible, 8th Edition
      • Chapter 20:  Configuring an NFS File Server
        • Using autofs to mount NFS filesystems on demand
      • Chapter 23:  Understanding Advanced Linux Security
        • Implementing Security with Cryptography
  • Red Hat Documentation
    • Red hat Enterprise Linux 6 Storage Guide
      • Chapter 9.4:  autofs

Techniques

  • Commands
    • automount
      • But since it typically operates as a daemon, you likely will not need to execute it directly
  • Logs
    • /var/log/messages
      • See the note above under the Troubleshooting section regarding the enabling of the logging feature.

Procedural Examples

  • Configure automount for a Windows file share (CIFS)
  • Configure automount for an NFS share
  • Configure automount for standard file systems
  • Configure automount for LUKS encrypted file systems
  • Configure automount to automatically mount home directories for users from remote systems based on their usernames.
  • Configure a custom executable map for automount to generate paths to be mounted under various circumstances.
  • Configure automount to use the builtin -hosts map to allow access to various NFS systems’ exports.

Tactical Exercises

In your virtual environment, you’ll be setting up NFS as a part of your training for later competencies.  Once it’s configured, you can spin up another client VM on which to implement automount functionality.  Experiment with different configurations and make sure you cover all the procedures listed above.  Don’t shrug off any of the permutations – it would be a shame to miss points on the exam because you can’t configure automount.  This is one of the more basic competencies of the examination.

Advertisements
This entry was posted in Academics, Information Technology and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s