** SETTING UP AN NFS SERVER ON OSX/TIGER (NON-SERVER OSX) **
SITUATION
---------
Let's say you want to set up Rush quickly on a small network of (20) OSX machines:
o All machines are running regular OSX (ie. no "OSX Server")
o Each machine configured with one or more local user accounts,
each with either the same or different user names
o uid/gid values were assigned haphazardly; different users are sometimes
sharing the same uid across machines, or the same user account might have
different uids on some machines.
Due to time pressure, lets say you don't want to clean up the uid/gid mess,
but still want to get things up and running with Rush and NFS quick+dirty+reliable.
POSSIBLE SOLUTION/DESIGN
------------------------
An easy thing to do is create a 'render' user on all machines with a unique uid,
then set up rush to force renders to run as that 'render' user, and set up the
NFS server to map all user access to the 'render' user.
This will avoid permission problems completely, and ensures everyone can
manipulate each other's data without permissions getting in the way.
STEPS TO SETUP
--------------
1) On all machines, create the "render" user with a fixed UID/GID that
doesn't conflict with any uid/gid on the network.
This can be done easily by running the following script on each machine
as root to create the 'render' account on each machine with the uid=555,
gid=20, and the password set to 'render'. (Tested under OSX 10.4.x)
** UPDATE May 2009: In Leopard (10.5) Apple changed the commands for manipulating
** the user database; 'niload' -> 'dscl'. So for the newer OSX releases (Leopard and up)
** you'll need an updated version of the following script, which is here:
** http://seriss.com/cgi-bin/rush/newsgroup-threaded.cgi?-view+1839+1839
--- snip
#!/bin/csh -f
#
# make-render-user - Run this script to create the 'render' user on a machine
# 1.0 05/10/06 - erco@(email surpressed) - Supports Tiger (10.4), Panther (10.3)
#
set username = render # user's name
set uid = 555 # must be an unused uid
set gid = 20 # 20=staff
set passwd = 'oFxbR2cAnG902' # passwd is 'render'
# CREATE PASSWD ENTRY
echo ${username}:${passwd}:${uid}:${gid}::0:0:${username}:/Users/${username}:/bin/bash | niload passwd /
# CREATE USER'S HOME DIRECTORY
if ( ! -d /Users/${username} ) then
cp -R '/System/Library/User Template/English.lproj' /Users/${username}
endif
# ENSURE OWNERSHIPS ASSIGNED TO USER'S ENTIRE HOME DIRECTORY
/usr/sbin/chown -R ${uid}:${gid} /Users/${username}
--- snip
Just make sure 'rsh' is enabled on all machines:
http://www.seriss.com/rush-current/misc/rsh-config.html#Mac
..then you can rcp the file to each machine and run it:
foreach i ( host1 host2 host3 .. )
echo Working on $i
rcp makerender ${i}:/var/tmp
rsh $i csh /var/tmp/makerender
end
2) Enable NFS on the file server.
Non-server versions of OSX have NFS services disabled by default, and in 10.4.x,
there is no GUI way to enable/disable NFS services.
NFS services are not started unless an /etc/exports file exists.
On boot, if that file is found, the boot scripts automatically start
the NFS server daemons.
To configure NFS to export the /Volumes/RAID/jobs directory to all machines,
such that all user access is mapped to the new 'render' account, you can use
the following to a) create the /etc/exports file, b) chown the entire directory
tree to be owned by render:staff, and c) reboot to get NFS started:
echo '/Volumes/RAID/jobs -mapall=render:staff' > /etc/exports
chown -R render:staff /Volumes/RAID/jobs
reboot
The NFS server should now be ready to be mounted by remote clients.
3) Verify you can mount the NFS server from one of the clients:
mkdir -m 777 /Volumes/jobs
mount -t nfs -o intr,bg 192.168.0.3:/Volumes/RAID/jobs /Volumes/Jobs
-----------
|
IP address of your NFS server
..you should then be able to view the files on the server with ls(1):
ls -la /Volumes/jobs/
4) Configure all the clients to mount the NFS server.
An easy way to do this is to add the appropriate mount commands to eg.
the rush boot script (/usr/local/rush/etc/S99rush) to ensure the mount
is started /before/ the rush daemon starts.
Just add these commands at the top of the 'start)' clause of the
S99rush boot script:
---- snip
# Mount the drive
# > Redirect errors to /var/log/system.log via logger(1)
# > When mounting the server, use its IP address, not its hostname.
# DNS is often not resolving right after a reboot.
(
if [ ! -d /Volumes/jobs ]; then
echo "Creating /Volumes/jobs mount point"
mkdir -m 777 /Volumes/jobs
fi
echo "Mounting /Volumes/jobs"
/sbin/mount -t nfs -o intr,bg 192.168.0.3:/Volumes/RAID/jobs /Volumes/jobs
) 2>&1 | logger -t "JOB-MOUNT"
---- snip
Just add the commands to one machine's S99rush script, test it,
and when it works, just rcp(1) it to all the other machines:
foreach i ( host1 host2 host3 .. )
echo Working on $i
rcp /usr/local/rush/etc/S99rush ${i}:/usr/local/rush/etc/S99rush
rsh $i 'mkdir -m 777 /Volumes/jobs'
rsh $i '/sbin/mount -t nfs -o intr,bg 192.168.0.3:/Volumes/RAID/jobs /Volumes/jobs'
end
This will install the script, and run the mkdir/mount commands to ensure
the drive is mounted on each machine.
** UPDATE June 3, 2009: A better technique is to create your own
** OSX boot script, separate from Rush, using the techniques shown here:
** http://seriss.com/cgi-bin/rush/newsgroup-threaded.cgi?-view+1847
5) Modify the /usr/local/rush/etc/rush.conf file to force Rush to run
all renders as the 'render' user we created in step #1:
forceuid 555
forcegid 20
Push these changes to the network with 'rush -push rush.conf +any'
6) Submit a job from one of the workstations.
The render should say its owned by the user who submitted the job,
but the actual frames should run as the user 'render'. Files will appear
on the disk owned by the user 'render', and all users will be able to
access and manipulate these files without permission problems.
CAVEATS REGARDING THE ABOVE
If you are working in a mixed OSX/Windows environment, you can use the
following "symbolic link" technique to enable UNC paths to resolve your
/Volumes mounts:
http://www.seriss.com/rush-current/rush/rush-td-faq.html#TDFAQ-UNC2
Or, you can configure your mount points to actually follow the UNC
style naming directly, avoiding the need for symbolic links. OSX
does not require that mounts be in /Volumes, that's just a default
convention Apple uses.
So for instance, if the Windows machines see your file server as:
//tahoe/bigdisk/
..then you can set up the OSX machines to mount the server as:
/tahoe/bigdisk
..via nfs, eg:
mkdir -m 755 /tahoe ; mkdir -m 777 /tahoe/bigdisk
/sbin/mount -t nfs -o intr,bg tahoe:/RAID/bigdisk /tahoe/bigdisk
^^^^^^^^^^^^^^
..just change the mkdir/mount commands above accordingly. By default
OSX puts mounts in /Volumes, but they don't have to be created there.
This way the mounts will already have a name that follows UNC style
without the need for the symlink technique.
The reason to mount via NFS instead of SMB or AFP is described here:
http://seriss.com/cgi-bin/rush/newsgroup-threaded.cgi?-view+1062+1062
Feel free to follow up to this thread with questions/comments.
|