Configuring the audit client for NFS

The audit share is automatically enabled as a read-only share.

Before you begin

About this task

Perform this procedure for each Admin Node in a StorageGRID Webscale deployment from which you want to retrieve audit messages.

Steps

  1. From the service laptop, log in to the primary Admin Node:
    1. Enter the following command: ssh admin@primary_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Confirm that all services have a state of Running or Verified. Enter: storagegrid-status
    If any services are not listed as Running or Verified, resolve issues before continuing.
  3. Return to the command line, press Ctrl+C.
  4. Start the NFS configuration utility. Enter: config_nfs.rb
    -----------------------------------------------------------------
    | Shares               | Clients              | Config          |
    -----------------------------------------------------------------
    | add-audit-share      | add-ip-to-share      | validate-config |
    | enable-disable-share | remove-ip-from-share | refresh-config  |
    |                      |                      | help            |
    |                      |                      | exit            |
    -----------------------------------------------------------------
  5. Add the audit client: add-audit-share
    1. When prompted, enter the audit client’s IP address or IP address range for the audit share: client_IP_address

      IP address ranges must be expressed using a subnet mask in CIDR notation (that is, in a form such as 192.168.110.0/24).

    2. When prompted, press Enter.
  6. If more than one audit client is permitted to access the audit share, add the IP address of the additional user: add-ip-to-share
    1. Enter the number of the audit share: audit_share_number
    2. When prompted, enter the audit client’s IP address or IP Address range for the audit share: client_IP_address

      IP address ranges must be expressed using a subnet mask in CIDR notation (that is, in a form such as 192.168.110.0/24).

    3. When prompted, press Enter.

      The NFS configuration utility is displayed.

    4. Repeat step 6 for each additional audit client that has access to the audit share.
  7. Optionally, verify your configuration.
    1. Enter the following: validate-config

      The services are checked and displayed.

    2. When prompted, press Enter.

      The NFS configuration utility is displayed.

    3. Close the NFS configuration utility: exit
  8. Determine if you must enable audit shares at other sites.
    • If the StorageGRID Webscale deployment is a single site, go to step 9.
    • If the StorageGRID Webscale deployment includes Admin Nodes at other sites, enable these audit shares as required:
    1. Remotely log in to the site’s Admin Node:
      1. Enter the following command: ssh admin@grid_node_IP
      2. Enter the password listed in the Passwords.txt file.
      3. Enter the following command to switch to root: su -
      4. Enter the password listed in the Passwords.txt file.
    2. Repeat steps 4 through 7.c to configure the audit shares for each additional Admin Node.
    3. Close the remote secure shell login to the remote Admin Node. Enter: exit
  9. Log out of the command shell: exit
    NFS audit clients are granted access to an audit share based on their IP address. Grant access to the audit share to a new NFS audit client by adding its IP address to the share, or remove an existing audit client by removing its IP address.