Starting the mapr-loopbacknfs Service to Access a Cluster

Describes the prerequisites and the process of starting the mapr-loopbacknfs service to access a secure cluster.

The following instructions explain how to start the loopbacknfs service so you can access either a non-secure or secure cluster.

To access multiple clusters, ensure that the first cluster that you configure is a MapR 4.0.2 or later cluster, with available POSIX client licenses.

Prerequisites for accessing a secure cluster:

  • Ensure that the stock Linux NFS service is not running. Linux NFS and MapR NFS cannot run concurrently.
  • Disable the lock manager (nlockmgr).
  • Check that the rpcbind service is running on Red Hat and CentOS v6.0 and higher. You can use the command ps ax | grep rpcbind to check.
  • Check that the portmapper service is running on Red Hat and CentOS v5.x and lower, and on Ubuntu and SUSE. You can use the command ps ax | grep portmap to check.
  • Make sure you have applied a Community Edition (M3) license or an Enterprise Edition (M5) license (paid or trial) to the cluster. See Adding a License.
  • Enable security for the cluster. See Enabling Wire-level Security and Disabling Wire-level Security wire-level security.
  • Generate a user ticket. See Generating a MapR User Ticket for instructions. If you do not already have a MapR user ticket, with full control Access Control List (ACL) authorization on the cluster, you must have a cluster administrator do this for you.
    • In the MapR cluster, navigate to the server node to which you want to connect.
    • First, run maprlogin password to login. The user who logs in must be a privileged user, such as the mapr superuser.
    • Next, run maprlogin generateticket -type service -user <user> -duration 365:0:0 -out <file> to generate the user ticket. The <user> for whom the ticket is generated can be any user. If the service ticket expires, the POSIX client:
      • Automatically uses the renewed service ticket without requiring a restart, if the ticket is replaced before expiration (ticket expiry time + grace period of 55 minutes). If the ticket is replaced after expiration (which is ticket expiry time + grace period of 55 minutes), the POSIX loopbacknfs client does not refresh the ticket as the mount becomes stale.
      • Allows impersonation if a service ticket is replaced before ticket expiration (which is ticket expiry time + grace period of 55 minutes) with a servicewithimpersonation ticket.
      • Honor all changes in user/group IDs of the renewed ticket.
  • Copy the user ticket file from the cluster server node where you generated it to the /usr/local/mapr-loopbacknfs/conf directory on the client machine where the MapR POSIX client runs.
Note: Since the NFS server runs based on a single user's ticket, it can act on behalf of only one user. Therefore, the UID or GID associated with the ticket must match the UID or GID of any user who accesses the NFS server through the MapR POSIX Client.
Note: Securing the cluster so that only one user can have secure access provides tight control over cluster access, but it also means that any user on the client who is able to read the generated ticket has read access to all data in the cluster.

Start the mapr-loopbacknfs service and mount the volume

Complete the following steps from your client node, except where noted, to start the mapr-loopbacknfs service and mount the volume:
Note: If cluster security is enabled, the ticket you generated above must be available or the NFS server does not start.
  1. Start the mapr-loopbacknfs service from the command line.
    # service mapr-loopbacknfs start
  2. Create a mount point at /mapr and mount the client node to it.
    # mkdir /mapr
    # mount localhost:/mapr /mapr
  3. You can also automate the mounting of the volume with every launch of the mapr-loopbacknfs service. On the POSIX client node, create /usr/local/mapr-loopbacknfs/conf/mapr_fstab and add the following line:
    localhost:/mapr /mapr hard,nolock