Supported by the National Science Foundation Collaborator: University of Michigan Collaborator: Michigan State University Collaborator: Wayne State University Collaborator: Indiana University

OSiRIS can provide access to your CephFS space via our NFS servers if you are on campus at MSU, UM, or WSU. Please email osiris-help@umich.edu if interested in using OSiRIS via NFS so we can setup the necessary ‘user mapping’ from your local user to your OSiRIS identity. Once configured, files owned by your OSiRIS identity will show as owned by your local (non-osiris) identity when listed in the NFS mount. Groups will still show as ‘nobody’ but actual group permissions will be respected as determined by your OSiRIS group memberships. We can also map selected OSiRIS groups to local groups if there is an appropriate correlation.

HPCC at MSU

HPCC users at MSU can access OSiRIS storage already mounted on globus-01.hpcc.msu.edu at /mnt/cephfs. After login you will need to run ‘kinit’ and enter your password to manually obtain Kerberos credentials.

Client Configuration

Mounting NFS requires Kerberos credentials. Your client will require a keytab and users of the space require credentials to verify their identity.

If interested in mounting NFS on your client OSiRIS admins can obtain a keytab for your client as well as assist with configuration. We also have to configure a ‘user mapping’ to map your local system user to your OSiRIS identity. It is not strictly required but if not setup then your files will all show as owned by the NFS ‘nobody’ user.

For reference, the NFS servers are:
um-nfs01.osris.org
msu-nfs01.osris.org

Your client must have rpc.gssd and gssproxyd running. These should startup automatically if /etc/krb5.keytab exists. If you have just installed a keytab and need to start them on RHEL7 (or CentOS 7):

systemctl start rpc-gssd.service 
systemctl start gssproxy.service  

You should also set a default_realm in /etc/krb5.conf under libdefaults. For example:

/etc/krb5.conf:

[libdefaults]
    default_realm = UMICH.EDU

On your client system the /etc/idmapd.conf file should have a domain that matches your institution. At UM that domain is ‘umich.edu’. At MSU that domain is ‘hpcc.msu.edu’. For example:

/etc/idmapd.conf:

[General]

  # The default is the host's DNS domain name.
  Domain = umich.edu

A typical mount command might look like this:

mount -t nfs4 -o sec=krb5,nfsvers=4.1,noacl um-nfs01.osris.org:/cephfs /mnt/cephfs/

Or in fstab:

um-nfs01.osris.org:/cephfs /mnt/cephfs nfs sec=krb5,nfsvers=4.1,noacl,_netdev,rw 0 0