Is it feasible to have home folder hosted with NFS?

unix nfs user-management home-directory

64,907

Solution 1

I use NFS for my home directories in our production environment. There are a couple of tricks.

Don't NFS mount to /home - that way you can have a local user that allows you in in the event that the NFS server goes down. We mount to /mnt/nfs/home
Use soft mounts and a very short timeout - this will prevent processes from blocking forever.
Use the automounter. This will keep resource usage down and also means that you don't need to worry about restarting services when the NFS server comes up if it goes down for some reason.
```
auto.master:
  +auto.master
  /mnt/nfs /etc/auto.home --timeout=300

auto.home
   home -rw,soft,timeo=5,intr      home.bzzprod.lan:/home
```
Use a single sign-on system so you don't run into permission related issues. I have an OpenLDAP server.

Solution 2

HowtoForge posted an article titled Creating An NFS-Like Standalone Storage Server With GlusterFS On Debian Lenny, you may want to check it out.

Here is a short description of why it's a good "feasible" alternative to NFS, from the GlusterFS project page:

GlusterFS self-heals itself on the fly. There is no fsck. Storage backend is accessible directly as regular files and folders (NFS style). With replication enabled, GlusterFS can with-stand hardware failures.

More information can be found in the project documentation.

Also, another nice thing about using GlusterFS is if you need more space on your SAN you just add another storage brick (server node) and you are able to scale/grow your storage in parallel when there is need.

Solution 3

Be careful with the soft mounts! Soft mounting an NFS filesystem means IO will fail after a timeout occurs. Be very sure that is what you want on users' home directories! My guess is you don't. Using a hard mount on home directories in combination with the intr option feels a lot safer here.

Hard will not timeout: IO operations will be retried indefinitely. The intr option makes it possible to interrupt the mounting process. So if you mount the export and experience a failure, the hard-mount will lock your session. The intr option will make it possible to interrupt the mount, so the combination is pretty safe and ensures you will not easily lose a user's data.

Anyway, autofs makes this all even easier.

Solution 4

The one thing to note is that when the NFS server is out - your mounts will freeze - doing a soft mount will not block so the "freeze" itself can be avoided, however that will not fix the problem of home directories as without a home directory, the user is screwed anyway.

Even when the NFS server recovers, unless you do something about it, the freeze problem will remain - you'll have to kill the process on the mounting machine, and remount. The reason for this is that when the NFS server comes back up, it assigned a different fsid - so you can at least fix this problem by hard-coding the fsids on the NFS server, for example...

#. Home Directories
/usr/users \
  192.168.16.0/22(rw,sync,no_root_squash,fsid=1) \
  192.168.80.0/22(rw,sync,no_root_squash,fsid=1)

#. Scratch Space
/var/ftp/scratch \
  192.168.16.0/22(rw,async,no_root_squash,fsid=3) \
  192.168.80.0/22(rw,async,no_root_squash,fsid=3) \
  172.28.24.151(rw,async,root_squash,fsid=3)

The exports(5) man page states...

fsid=num
          This option forces the filesystem identification portion of the file handle
          and  file attributes used on the wire to be num instead of a number derived
          from the major and minor number of the block device on which the filesystem
          is  mounted.   Any 32 bit number can be used, but it must be unique amongst
          all the exported filesystems.

          This can be useful for NFS failover, to ensure that  both  servers  of  the
          failover  pair use the same NFS file handles for the shared filesystem thus
          avoiding stale file handles after failover.

...While that indicates that as long as the major/minor numbers do not change (which they usually don't, except for when you're exporting SAN/multipath volumes, where the may change), I've found that we've completely removed the problem - i.e., if the NFS server comes back - the connection has been restored quickly - I still really don't know why this has made a difference for devices such as /dev/sdaX for example.

I should now point out that my argument is largely anecdotal - it doesn't actually make sense why it has fixed the problem, but it "seems" to have fixed it - somehow - there are probably other variables at play here that I've not yet discovered. =)

Solution 5

Some general advice that will apply no matter which network filesystem you adopt: many programs cache data in the user's home directory, which usually does more harm than good when the home directory is accessed over a network.

These days, you can tell many programs to store their caches elsewhere (e.g., on a local disk) by setting the XDG_CACHE_HOME environment variable in a login script. Lots of programs (e.g., Firefox) still require manual configuration, however, so you will probably have to do some extra work to identify and configure them in a uniform manner for all your users.

View more solutions

64,907

Al Baker

Updated on September 17, 2022

Comments

Al Baker over 1 year

I'm planning to deploy some kiosk computers and would like to leave them with a small pendrive as boot disk, keeping the rest at an easy to back up server, ala LTSP.

Right now I'm pondering two options. An NFSed /home/, or a local copy of ~/ copied on login, rsynced on logout.

My fears are that working with files might get too slow, or my network might get clogged.
- iSee almost 15 years
  
  Could you please replace "safe" with another word that's less related to security? Maybe feasible merriam-webster.com/dictionary/feasible ?
- Al Baker almost 15 years
  
  A slight sense of déja vu. It's not the exact same thing, but it's an interesting thread they've got there. hardware.slashdot.org/story/09/06/23/1823201/…
iSee almost 15 years

Are you sure about this "random" fsid used by the server?
Xerxes almost 15 years

Hi Cristian - I've tried to explain above - but I can't fully explain the behavior with respect to the man page description of the flag. Have you tried it and seen otherwise?
Sumeet Kashyap over 14 years

I've always found the automounter horribly unreliable and prone to locking up, especially if the NFS server goes down. If you mount to /mnt/nfs/home, is that where you set the user's home in /etc/passwd?
Kcmamu about 12 years

+1 I've had performance problems with Google Chrome and NFS home dirs. fixed it by moving Chrome's working directories back to the local system, then placing a symlink from the NFS home dir (where Chrome expects to find the dirs), back to the local directory. There may be a better way of doing what I've done, but it solved the problem for me.
Jason over 11 years

Bryan (march 9) left a good partial answer, however, I want to elaborate on this issue. Please do... Thank you.. How did you move the working directories to the local machine, and place symlinks.
JKnight almost 10 years

Also look into the XDG_RUNTIME_DIR described for Dconf database location at: developer.gnome.org/dconf/unstable/dconf-overview.html
JFlo almost 7 years

I've tried cachefilesd for several years but gave up due to all the instability it brought. YMMV
JFlo almost 7 years

@AaronBrown I agree that if you're going to put $HOME on the network, you should also put user identity and authentication on the network as well. Regardless of how you do that, $HOME has to be defined somewhere and you've indicated that you prefer to set it to /mnt/nfs/home but how then do you utilize your local /home during an outage? Specifically, please see unix.stackexchange.com/questions/189404/…
myrdd about 6 years

note that the intr mount option has been deprecated in linux after kernel 2.6.2, see e.g. access.redhat.com/solutions/157873
Johnny Utahh over 3 years

On Ubuntu systems, install the autofs package to enable automounter features: apt-get install autofs.