Skip to main content

Configuring the audit client for NFS

Contributors
PDFs

The audit share is automatically enabled as a read-only share.

What you'll need

  • You must have the Passwords.txt file with the root/admin password (available in the SAID package).

  • You must have the Configuration.txt file (available in the SAID package).

  • The audit client must be using NFS Version 3 (NFSv3).

About this task

Perform this procedure for each Admin Node in a StorageGRID deployment from which you want to retrieve audit messages.

Steps

  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Confirm that all services have a state of Running or Verified. Enter: storagegrid-status

    If any services are not listed as Running or Verified, resolve issues before continuing.

  3. Return to the command line. Press Ctrl+C.

  4. Start the NFS configuration utility. Enter: config_nfs.rb

    -----------------------------------------------------------------
| Shares               | Clients              | Config          |
-----------------------------------------------------------------
| add-audit-share      | add-ip-to-share      | validate-config |
| enable-disable-share | remove-ip-from-share | refresh-config  |
|                      |                      | help            |
|                      |                      | exit            |
-----------------------------------------------------------------

  5. Add the audit client: add-audit-share

    1. When prompted, enter the audit client's IP address or IP address range for the audit share: client_IP_address

    2. When prompted, press Enter.

  6. If more than one audit client is permitted to access the audit share, add the IP address of the additional user: add-ip-to-share

    1. Enter the number of the audit share: audit_share_number

    2. When prompted, enter the audit client's IP address or IP address range for the audit share: client_IP_address

    3. When prompted, press Enter.

      The NFS configuration utility is displayed.

    4. Repeat these substeps for each additional audit client that has access to the audit share.

  7. Optionally, verify your configuration.

    1. Enter the following: validate-config

      The services are checked and displayed.

    2. When prompted, press Enter.

      The NFS configuration utility is displayed.

    3. Close the NFS configuration utility: exit

  8. Determine if you must enable audit shares at other sites.

    • If the StorageGRID deployment is a single site, go to the next step.

    • If the StorageGRID deployment includes Admin Nodes at other sites, enable these audit shares as required:

      1. Remotely log in to the site's Admin Node:

        1. Enter the following command: ssh admin@grid_node_IP

        2. Enter the password listed in the Passwords.txt file.

        3. Enter the following command to switch to root: su -

        4. Enter the password listed in the Passwords.txt file.

      2. Repeat these steps to configure the audit shares for each additional Admin Node.

      3. Close the remote secure shell login to the remote Admin Node. Enter: exit

  9. Log out of the command shell: exit

    NFS audit clients are granted access to an audit share based on their IP address. Grant access to the audit share to a new NFS audit client by adding its IP address to the share, or remove an existing audit client by removing its IP address.