Creating the NFS Shares
NFS storage is used by all nodes in the Platform Kubernetes cluster to maintain state information about the infrastructure and to store other pertinent data.
- For high availability, the NFS server must run on a highly available device separate from the Kubernetes cluster nodes. This topic provides the information to manually configure the NFS share to be used by the Kubernetes cluster.
- If the service availability requirements of your environment do not require the NFS server to be highly available and if you plan to use ArcSight Platform Installer to automate the installation, you can also automate the configuration of the NFS server. To do so, use the NFS type
newin the install configuration file, and skip this NFS server manual configuration topic.
For optimal security, secure all NFS settings to allow only required hosts to connect to the NFS server.
- Understanding NFS Prerequisites
- Checking for Prior Installation
- Installing a Missing Required Package
- Understanding NFS Directory Structure
- Exporting the NFS Configuration
- Testing NFS
Understanding NFS Prerequisites
To ensure that your environment meets the prerequisites:
- On the NFS server, ensure ports 111, 2049, and 20048 are open.
- Ensure the required packages
rpcbindandnfs-utilsare installed and the related services are enabled on the NFS server. - Check for prior installation.
- Install any missing required packages.
-
Enable the required services by running the following commands:
systemctl enable rpcbind systemctl start rpcbind systemctl enable nfs-server systemctl start nfs-server
- For the minimum required sizes for each of the NFS installation directories, see the "Network File System" section in the Technical Requirements for ArcSight Platform 22.1.
Checking for Prior Installation
To check for prior installation of these packages:
- Set up the yum repository on your server.
- Run the following command:
- 0 indicates the package is installed
- 1 indicates the package is not installed (does not check whether the package is valid)
yum list installed <package name>
This command returns an exit status code where:
Installing a Missing Required Package
To install a missing required package, run the following command:
yum -y install <package name>
Understanding NFS Directory Structure
To create the NFS directory structure:
- Log in to the NFS server and create the following.
| Item | Name | Specification | Example Command |
|---|---|---|---|
| GROUP | arcsight
|
GID of 1999 | # groupadd -g 1999 arcsight
|
| USER | arcsight
|
UID of 1999 | # useradd -u 1999 -g 1999 -d /opt/arcsight arcsight
|
NFS root directory |
/opt/arcsight-nfs
|
– | # mkdir -p /opt/arcsight-nfs
|
If you have previously installed any version of CDF, you must remove all NFS shared directories from the NFS server before you proceed. To do this, run the following command for each directory:
rm -rf <path to shared directory>- For each directory listed in the table below, run the following command to create each NFS shared directory.
mkdir -p <path to shared directory>
For example:
mkdir -p /opt/arcsight-nfs/itom-vol
| Directory | Mount Point Example |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- The permission setting of each parent directory and each subdirectory must be recursively set. If it is not, run the following command to update the permissions:
chmod -R <path to shared directory>
For example:
chmod -R 755 /opt/arcsight-nfs
- Set the ownership in this structure to UID 1999 and GID 1999. Change the directory to
/opt, then run the following command:
chown -R 1999:1999 <NFS_root_DIRECTORY>
If you use a UID/GID different than 1999/1999, then provide it during the CDF installation in the install script arguments
--system-group-id and --system-user-id. In addition, if you are using NetApp with NFSv4 configuration, consider applying stickybits to al <NFS_root_directory> shares with:chmod g+w #chmod g+s
Exporting the NFS Configuration
The /etc/exports file on the NFS server must be configured to export each volume in order for the volume to be accessible over the NFS protocol. Every master and worker node in the CDF cluster must be granted access to the NFS volume shares.
For example, this is an /etc/exports file for all of the NFS volumes for a cluster with 3 master and 3 worker nodes:
/opt/arcsight-nfs/itom-vol yourdomain-masternode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) /opt/arcsight-nfs/db-single-vol yourdomain-masternode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash)\ yourdomain-masternode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) /opt/arcsight-nfs/db-backup-vol yourdomain-masternode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) /opt/arcsight-nfs/itom-logging-vol yourdomain-masternode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) /opt/arcsight-nfs/arcsight-volume yourdomain-masternode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-masternode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode1.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode2.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash) \ yourdomain-workernode3.yourenterprise.net(rw,sync,anonuid=1999,anongid=1999,all_squash)
- Save the
/etc/exportsfile, then run the following command: - Synchronize the time on the NFS server and the time on the other servers in the cluster.
- If you add more NFS shared directories later, you must restart the NFS service.
exportfs -ra
Testing NFS
Test a mount to the NFS that might be used to determine the supported version.
- Create a test directory by running the following command:
- Create a test mount by running the following command:
- Confirm the command.
- Remove the mount by running the following command:
mkdir /mnt/nfstest
mount -t nfs -o nfsvers=4 192.168.1.15:/opt/arcsight-nfs/arcsight-volume /mnt/nfstest
umount /mnt/nfstest