Mount the Nexus filesystem on a cloud server

This guide to assumes you have already created a VM running Ubuntu 20.04 and noted its IP address (e.g. 10.186.xx.xx). For details about how to launch a new VM and connect as root, see the general documentation.

Additionally you will need to know the project directory assigned in Nexus-Posix and the Linux group the project was created with. These values will be used in the following configuration to ensure the NFS mount points are correctly configured and that the VM users have access to the mounted Nexus-Posix filesystem.

Procedure

1. Initial setup to be performed by an admin of the VM:

   a. Install the necessary nfs client software packages:

   apt update
   apt upgrade -y
   apt install -y nfs-client
   

   b. Configure uid and gid mapping:

   sed -i.bak 's/# Domain = localdomain/Domain = mpcdf.mpg.de/' /etc/idmapd.conf
   echo "options nfs nfs4_disable_idmapping=N" >> /etc/modprobe.d/nfs.conf
   

   Now reboot the VM.

   c. Request a Nexus-Posix project directory and dedicated network. Use the dashboard to attach a second interface (not floating ip) in the nexus-private-… network to the VM.

   echo "nexus-posix0.hpccloud.mpcdf.mpg.de:/nexus/posix0/PROJECT_DIR /nexus/posix0/PROJECT_DIR nfs _netdev" >> /etc/fstab
   mkdir -p /nexus/posix0/PROJECT_DIR
   mount /nexus/posix0/PROJECT_DIR
   

   where PROJECT_DIR is the name of the project in Nexus-Posix.

   d. Install sssd for user identities:

   apt install -y sssd 
   

   e. Create the sssd configuration (/etc/sssd/sssd.conf)

   [sssd]
   config_file_version = 2
   domains = CUSTOM
   
   [nss]
   filter_users = root
   filter_groups = root
   
   [pam]
   offline_credentials_expiration = 3
   
   [domain/CUSTOM]
   id_provider = ldap
   access_provider = ldap
   ldap_search_base = ou=general-u,ou=ua,o=rzg,c=de
   ldap_access_filter = (gidNumber=GROUP_ID)
   ldap_uri = ldap://directory1.hpccloud.mpcdf.mpg.de/,ldap://directory2.hpccloud.mpcdf.mpg.de/
   auth_provider = krb5
   krb5_realm = IPP-GARCHING.MPG.DE
   krb5_server = kerberos.mpcdf.mpg.de,kerberos1.mpcdf.mpg.de,kerberos2.mpcdf.mpg.de,kerberos3.mpcdf.mpg.de
   cache_credentials = true
   enumerate = true
   min_id = 1000
   override_homedir = /home/%u
   

   where GROUP_ID is the ID of the Linux group the Nexus-Posix project was created with.

   f. Complete the sssd configuration

   chmod -R 0600 /etc/sssd/*
   
   systemctl restart sssd
   
   pam-auth-update --enable mkhomedir
   

   Note: The over riding the home dir to /home/ is useful for login nodes/workstations.

   g. Re-boot the VM

   shutdown -r now
   

   A re-boot of a VM, once initially deployed, helps ensure that the configuration is correct and that the VM will correctly re-start in case of any outages.

2. Users may now read and write to the project directory from both the VM and Raven.