Configuring the audit client for NFS

The audit share is automatically enabled as a read-only share.

Before you begin

You must have the Passwords.txt file with the root/admin password (available in the SAID package).
You must have the Configuration.txt file (available in the SAID package).
The audit client must be using NFS Version 3 (NFSv3).

About this task

Perform this procedure for each Admin Node in a StorageGRID deployment from which you want to retrieve audit messages.

Procedure

From the service laptop, log in to the primary Admin Node:
1. Enter the following command: ssh admin@primary_Admin_Node_IP
2. Enter the password listed in the Passwords.txt file.
3. Enter the following command to switch to root: su -
4. Enter the password listed in the Passwords.txt file.
  When you are logged in as root, the prompt changes from $ to #.
Confirm that all services have a state of Running or Verified. Enter: storagegrid-status
If any services are not listed as Running or Verified, resolve issues before continuing.
Return to the command line, press Ctrl+C.

Start the NFS configuration utility. Enter: config_nfs.rb

-----------------------------------------------------------------
| Shares               | Clients              | Config          |
-----------------------------------------------------------------
| add-audit-share      | add-ip-to-share      | validate-config |
| enable-disable-share | remove-ip-from-share | refresh-config  |
|                      |                      | help            |
|                      |                      | exit            |
-----------------------------------------------------------------

Add the audit client: add-audit-share
1. When prompted, enter the audit client’s IP address or IP address range for the audit share: client_IP_address
2. When prompted, press Enter.
If more than one audit client is permitted to access the audit share, add the IP address of the additional user: add-ip-to-share
1. Enter the number of the audit share: audit_share_number
2. When prompted, enter the audit client’s IP address or IP address range for the audit share: client_IP_address
3. When prompted, press Enter.
  The NFS configuration utility is displayed.
4. Repeat step 6 for each additional audit client that has access to the audit share.
Optionally, verify your configuration.
1. Enter the following: validate-config
  The services are checked and displayed.
2. When prompted, press Enter.
  The NFS configuration utility is displayed.
3. Close the NFS configuration utility: exit
Determine if you must enable audit shares at other sites.
- If the StorageGRID deployment is a single site, go to step 9.
- If the StorageGRID deployment includes Admin Nodes at other sites, enable these audit shares as required:
1. Remotely log in to the site’s Admin Node:
  1. Enter the following command: ssh admin@grid_node_IP
  2. Enter the password listed in the Passwords.txt file.
  3. Enter the following command to switch to root: su -
  4. Enter the password listed in the Passwords.txt file.
2. Repeat steps 4 through 7.c to configure the audit shares for each additional Admin Node.
3. Close the remote secure shell login to the remote Admin Node. Enter: exit
Log out of the command shell: exit
NFS audit clients are granted access to an audit share based on their IP address. Grant access to the audit share to a new NFS audit client by adding its IP address to the share, or remove an existing audit client by removing its IP address.