Is it feasible to have home folder hosted with NFS?
Solution 1
I use NFS for my home directories in our production environment. There are a couple of tricks.
Don't NFS mount to
/home
- that way you can have a local user that allows you in in the event that the NFS server goes down. We mount to/mnt/nfs/home
Use soft mounts and a very short timeout - this will prevent processes from blocking forever.
-
Use the automounter. This will keep resource usage down and also means that you don't need to worry about restarting services when the NFS server comes up if it goes down for some reason.
auto.master: +auto.master /mnt/nfs /etc/auto.home --timeout=300 auto.home home -rw,soft,timeo=5,intr home.bzzprod.lan:/home
Use a single sign-on system so you don't run into permission related issues. I have an OpenLDAP server.
Solution 2
HowtoForge posted an article titled Creating An NFS-Like Standalone Storage Server With GlusterFS On Debian Lenny, you may want to check it out.
Here is a short description of why it's a good "feasible" alternative to NFS, from the GlusterFS project page:
GlusterFS self-heals itself on the fly. There is no fsck. Storage backend is accessible directly as regular files and folders (NFS style). With replication enabled, GlusterFS can with-stand hardware failures.
More information can be found in the project documentation.
Also, another nice thing about using GlusterFS is if you need more space on your SAN you just add another storage brick (server node) and you are able to scale/grow your storage in parallel when there is need.
Solution 3
Be careful with the soft mounts! Soft mounting an NFS filesystem means IO will fail after a timeout occurs. Be very sure that is what you want on users' home directories! My guess is you don't. Using a hard mount on home directories in combination with the intr option feels a lot safer here.
Hard will not timeout: IO operations will be retried indefinitely. The intr option makes it possible to interrupt the mounting process. So if you mount the export and experience a failure, the hard-mount will lock your session. The intr option will make it possible to interrupt the mount, so the combination is pretty safe and ensures you will not easily lose a user's data.
Anyway, autofs makes this all even easier.
Solution 4
The one thing to note is that when the NFS server is out - your mounts will freeze - doing a soft mount will not block so the "freeze" itself can be avoided, however that will not fix the problem of home directories as without a home directory, the user is screwed anyway.
Even when the NFS server recovers, unless you do something about it, the freeze problem will remain - you'll have to kill the process on the mounting machine, and remount. The reason for this is that when the NFS server comes back up, it assigned a different fsid
- so you can at least fix this problem by hard-coding the fsid
s on the NFS server, for example...
#. Home Directories
/usr/users \
192.168.16.0/22(rw,sync,no_root_squash,fsid=1) \
192.168.80.0/22(rw,sync,no_root_squash,fsid=1)
#. Scratch Space
/var/ftp/scratch \
192.168.16.0/22(rw,async,no_root_squash,fsid=3) \
192.168.80.0/22(rw,async,no_root_squash,fsid=3) \
172.28.24.151(rw,async,root_squash,fsid=3)
The exports(5)
man page states...
fsid=num
This option forces the filesystem identification portion of the file handle
and file attributes used on the wire to be num instead of a number derived
from the major and minor number of the block device on which the filesystem
is mounted. Any 32 bit number can be used, but it must be unique amongst
all the exported filesystems.
This can be useful for NFS failover, to ensure that both servers of the
failover pair use the same NFS file handles for the shared filesystem thus
avoiding stale file handles after failover.
...While that indicates that as long as the major/minor numbers do not change (which they usually don't, except for when you're exporting SAN/multipath volumes, where the may change), I've found that we've completely removed the problem - i.e., if the NFS server comes back - the connection has been restored quickly - I still really don't know why this has made a difference for devices such as /dev/sdaX
for example.
I should now point out that my argument is largely anecdotal - it doesn't actually make sense why it has fixed the problem, but it "seems" to have fixed it - somehow - there are probably other variables at play here that I've not yet discovered. =)
Solution 5
Some general advice that will apply no matter which network filesystem you adopt: many programs cache data in the user's home directory, which usually does more harm than good when the home directory is accessed over a network.
These days, you can tell many programs to store their caches elsewhere (e.g., on a local disk) by setting the XDG_CACHE_HOME
environment variable in a login script. Lots of programs (e.g., Firefox) still require manual configuration, however, so you will probably have to do some extra work to identify and configure them in a uniform manner for all your users.
Related videos on Youtube
Al Baker
Updated on September 17, 2022Comments
-
Al Baker over 1 year
I'm planning to deploy some kiosk computers and would like to leave them with a small pendrive as boot disk, keeping the rest at an easy to back up server, ala LTSP.
Right now I'm pondering two options. An NFSed /home/, or a local copy of ~/ copied on login, rsynced on logout.
My fears are that working with files might get too slow, or my network might get clogged.
-
iSee almost 15 yearsCould you please replace "safe" with another word that's less related to security? Maybe feasible merriam-webster.com/dictionary/feasible ?
-
Al Baker almost 15 yearsA slight sense of déja vu. It's not the exact same thing, but it's an interesting thread they've got there. hardware.slashdot.org/story/09/06/23/1823201/…
-
-
iSee almost 15 yearsAre you sure about this "random" fsid used by the server?
-
Xerxes almost 15 yearsHi Cristian - I've tried to explain above - but I can't fully explain the behavior with respect to the man page description of the flag. Have you tried it and seen otherwise?
-
Sumeet Kashyap over 14 yearsI've always found the automounter horribly unreliable and prone to locking up, especially if the NFS server goes down. If you mount to /mnt/nfs/home, is that where you set the user's home in /etc/passwd?
-
Kcmamu about 12 years+1 I've had performance problems with Google Chrome and NFS home dirs. fixed it by moving Chrome's working directories back to the local system, then placing a symlink from the NFS home dir (where Chrome expects to find the dirs), back to the local directory. There may be a better way of doing what I've done, but it solved the problem for me.
-
Jason over 11 yearsBryan (march 9) left a good partial answer, however, I want to elaborate on this issue. Please do... Thank you.. How did you move the working directories to the local machine, and place symlinks.
-
JKnight almost 10 yearsAlso look into the
XDG_RUNTIME_DIR
described for Dconf database location at: developer.gnome.org/dconf/unstable/dconf-overview.html -
JFlo almost 7 yearsI've tried cachefilesd for several years but gave up due to all the instability it brought. YMMV
-
JFlo almost 7 years@AaronBrown I agree that if you're going to put $HOME on the network, you should also put user identity and authentication on the network as well. Regardless of how you do that, $HOME has to be defined somewhere and you've indicated that you prefer to set it to
/mnt/nfs/home
but how then do you utilize your local/home
during an outage? Specifically, please see unix.stackexchange.com/questions/189404/… -
myrdd about 6 yearsnote that the
intr
mount option has been deprecated in linux after kernel 2.6.2, see e.g. access.redhat.com/solutions/157873 -
Johnny Utahh over 3 yearsOn Ubuntu systems, install the
autofs
package to enable automounter features:apt-get install autofs
.