Linux NFS Installation: Difference between revisions
| Line 60: | Line 60: | ||
:[[Amazon EC2 NFS Server Security Group]] | :[[Amazon EC2 NFS Server Security Group]] | ||
</blockquote> | </blockquote> | ||
==Define the Directories to Share== | |||
1. Create the directory: | |||
<pre> | |||
mkdir /opt/shared | |||
</pre> | |||
2. Give it the right permissions that make sense across your entire client set. | |||
3. Share it <tt>/etc/exports</tt>. | |||
Best if you specify only the subnet that must have access to it: | |||
<pre> | |||
... | |||
/opt/shared 192.168.0.0/255.255.255.0(rw,sync,no_root_squash,no_subtree_check) | |||
... | |||
</pre> | |||
More details on export options can be found here: | |||
|[NFS#ExportOptions] | |||
!!Start NFS | |||
!Linux | |||
{{{ | |||
service rpcbind start | |||
service nfs start | |||
}}} | |||
!Amazon | |||
{{{ | |||
service nfs-server start | |||
}}} | |||
!!Start at Boot | |||
!init.d | |||
Also add these to {{chkconfig}} if needed on reboot.: | |||
{{{ | |||
chkconfig --add rpcbind | |||
chkconfig --add nfs | |||
chkconfig --level 2345 rpcbind on | |||
chkconfig --level 2345 nfs on | |||
}}} | |||
More details on chkconfig: | |||
|[chkconfig] | |||
!systemd | |||
{{{ | |||
systemctl enable nfs-server.service | |||
systemctl list-unit-files | grep nfs-server | |||
}}} | |||
More details on | |||
|[systemd] | |||
=Client Installation= | =Client Installation= | ||
Revision as of 06:27, 21 August 2016
Internal
Relevance
- Updated for Amazon EC2
Server Installation
Install Packages
sudo su - yum install rpcbind nfs-utils
On some system we also need to install "nfs-utils-lib".
Setup Security
iptables
Normally, a specific list of ports should be provided to iptables. I tried the following, but it did not work:
... -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p udp --dport 32769 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p udp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p udp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p tcp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -p udp --dport 662 -j ACCEPT -A SSH -s 192.168.0.0/255.255.0.0 -j ACCEPT ...
then
service iptables restart
I ended up allowing everything from 192.168.0.0/255.255.0.0 for the duration of using the NFS.
... -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT ...
Amazon EC2
1. Create the directory:
mkdir /opt/shared
2. Give it the right permissions that make sense across your entire client set.
3. Share it /etc/exports.
Best if you specify only the subnet that must have access to it:
... /opt/shared 192.168.0.0/255.255.255.0(rw,sync,no_root_squash,no_subtree_check) ...
More details on export options can be found here:
|[NFS#ExportOptions]
!!Start NFS
!Linux
{{{ service rpcbind start service nfs start }}}
!Amazon
{{{ service nfs-server start }}}
!!Start at Boot
!init.d
Also add these to Template:Chkconfig if needed on reboot.:
{{{ chkconfig --add rpcbind chkconfig --add nfs chkconfig --level 2345 rpcbind on chkconfig --level 2345 nfs on }}}
More details on chkconfig:
|[chkconfig]
!systemd
grep nfs-server
More details on
|[systemd]