13.2.7. Configuring Services: autofs
About Automount, LDAP, and SSSD
Automount maps are commonly flat files, which define a relationship between a map, a mount directory, and a fileserver. (Automount is described in the Storage Administration Guide.)
For example, let's say that there is a fileserver called
nfs.example.com
which hosts the directory pub
, and automount is configured to mount directories in the /shares/
directory. So, the mount location is /shares/pub
. All of the mounts are listed in the auto.master
file, which identifies the different mount directories and the files which configure them. The auto.shares
file then identifies each file server and mount directory which goes into the /shares/
directory. The relationships could be viewed like this:
auto.master _________|__________ | | | | /shares/ auto.shares | | | nfs.example.com:pub
Every mount point, then, is defined in two different files (at a minimum): the
auto.master
and auto.
whatever file, and those files have to be available to each local automount process.
One way for administrators to manage that for large environments is to store the automount configuration in a central LDAP directory, and just configure each local system to point to that LDAP directory. That means that updates only need to be made in a single location, and any new maps are automatically recognized by local systems.
For automount-LDAP configuration, the automount files are stored as LDAP entries, which are then translated into the requisite automount files. Each element is then translated into an LDAP attribute.
The LDAP entries look like this:
# container entry dn: cn=automount,dc=example,dc=com objectClass: nsContainer objectClass: top cn: automount # master map entry dn: automountMapName=auto.master,cn=automount,dc=example,dc=com objectClass: automountMap objectClass: top automountMapName: auto.master # shares map entry dn: automountMapName=auto.shares,cn=automount,dc=example,dc=com objectClass: automountMap objectClass: top automountMapName: auto.shares # shares mount point dn: automountKey=/shares,automountMapName=auto.master,cn=automount,dc=example,dc=com objectClass: automount objectClass: top automountKey: /shares automountInformation: auto.shares # pub mount point dn: automountKey=pub,automountMapName=auto.shares,cn=automount,dc=example,dc=com objectClass: automount objectClass: top automountKey: pub automountInformation: filer.example.com:/pub description: pub
The schema elements, then, match up to the structure like this (with the RFC 2307 schema):
auto.master
objectclass: automountMap filename attribute: automountMapName _______________________|_________________________ | | | |/shares/
auto.shares
objectclass: automount objectclass: automountMap mount point name attribute: automountKey filename attribute: automountMapName map name attribute: automountInformation | | |nfs.example.com:pub
objectclass: automount mount point name attribute: automountKey fileserver attribute: automountInformation
autofs
uses those schema elements to derive the automount configuration. The /etc/sysconfig/autofs
file identifies the LDAP server, directory location, and schema elements used for automount entities:
LDAP_URI=ldap://ldap.example.com SEARCH_BASE="cn=automount,dc=example,dc=com" MAP_OBJECT_CLASS="automountMap" ENTRY_OBJECT_CLASS="automount" MAP_ATTRIBUTE="automountMapName" ENTRY_ATTRIBUTE="automountKey" VALUE_ATTRIBUTE="automountInformation"
Rather than pointing the automount configuration to the LDAP directory, it can be configured to point to SSSD. SSSD, then, stores all of the information that automount needs, and as a user attempts to mount a directory, that information is cached into SSSD. This offers several advantages for configuration — such as failover, service discovery, and timeouts — as well as performance improvements by reducing the number of connections to the LDAP server. Most important, using SSSD allows all mount information to be cached, so that clients can still successfully mount directories even if the LDAP server goes offline.
Procedure 13.4. Configuring autofs Services in SSSD
- Make sure that the autofs and sssd-common packages are installed.
- Open the
sssd.conf
file.~]# vim /etc/sssd/sssd.conf
- Add the
autofs
service to the list of services that SSSD manages.[sssd] services = nss,pam,
autofs
.... - Create a new
[autofs]
service configuration section. This section can be left blank; there is only one configurable option, for timeouts for negative cache hits.This section is required, however, for SSSD to recognize theautofs
service and supply the default configuration.[autofs]
- The automount information is read from a configured LDAP domain in the SSSD configuration, so an LDAP domain must be available. If no additional settings are made, then the configuration defaults to the RFC 2307 schema and the LDAP search base (
ldap_search_base
) for the automount information. This can be customized:- The directory type,
autofs_provider
; this defaults to theid_provider
value; a value of none explicitly disables autofs for the domain. - The search base,
ldap_autofs_search_base
. - The object class to use to recognize map entries,
ldap_autofs_map_object_class
- The attribute to use to recognize map names,
ldap_autofs_map_name
- The object class to use to recognize mount point entries,
ldap_autofs_entry_object_class
- The attribute to use to recognize mount point names,
ldap_autofs_entry_key
- The attribute to use for additional configuration information for the mount point,
ldap_autofs_entry_value
For example:[domain/LDAP] ... autofs_provider=ldap ldap_autofs_search_base=cn=automount,dc=example,dc=com ldap_autofs_map_object_class=automountMap ldap_autofs_entry_object_class=automount ldap_autofs_map_name=automountMapName ldap_autofs_entry_key=automountKey ldap_autofs_entry_value=automountInformation
- Save and close the
sssd.conf
file. - Configure
autofs
to look for the automount map information in SSSD by editing thensswitch.conf
file and changing the location fromldap
tosss
:# vim /etc/nsswitch.conf automount: files
sss
- Restart SSSD.
# service sssd restart