Linux NFS Installation: Difference between revisions
| Line 57: | Line 57: | ||
1. Create the directory: | 1. Create the directory: | ||
mkdir /opt/shared | |||
mkdir /opt/shared | |||
If the storage is on a dedicated block device, mount it in [[/etc/fstab]]: | |||
/dev/vdb1 /nfs xfs defaults 0 0 | |||
2. Give it the right permissions that make sense across your entire client set. | 2. Give it the right permissions that make sense across your entire client set. | ||
Revision as of 04:06, 9 November 2017
External
Internal
Relevance
- Updated for Amazon EC2
Server Installation
Install Packages
sudo su - yum install rpcbind nfs-utils
On some system we also need to install "nfs-utils-lib".
Security Setup
iptables
Add the following rules above the INPUT chain rule that rejects traffic:
-A INPUT -s 172.23.0.0/16 -p udp -m multiport --dports 10053,111,2049,32769,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -s 172.23.0.0/16 -p tcp -m multiport --dports 10053,111,2049,32803,875,892 -m state --state NEW,ESTABLISHED -j ACCEPT
where "172.23.0.0/16" should be replaced with the actual subnet value.
For more details on what services are using what ports, see Linux Ports.
A more permissive rule allows everything that comes from the specified subnet.
-A INPUT -s 172.23.0.0/16 -j ACCEPT
Restart iptables for changes to take effect.
systemctl restart iptables
Amazon EC2
1. Create the directory:
mkdir /opt/shared
If the storage is on a dedicated block device, mount it in /etc/fstab:
/dev/vdb1 /nfs xfs defaults 0 0
2. Give it the right permissions that make sense across your entire client set.
3. Share it /etc/exports.
Best if you specify only the subnet that must have access to it:
... /opt/shared 192.168.0.0/255.255.255.0(rw,sync,no_root_squash,no_subtree_check) ...
More details on export options can be found here:
Start NFS
RHEL 6
service rpcbind start service nfs start
RHEL 7
systemctl start nfs-server
Start at Boot
init.d
Also add these to chkconfig if needed on reboot.:
chkconfig --add rpcbind chkconfig --add nfs chkconfig --level 2345 rpcbind on chkconfig --level 2345 nfs on
More details on chkconfig:
systemd
systemctl enable nfs-server.service systemctl list-unit-files | grep nfs-server
More details on systemd:
List Filesystems Exported by a NFS Server
Client Installation
Install Packages
sudo su - yum install nfs-utils
Security Setup
iptables
iptables should allow outgoing connections.
SELinux
Authentication against the NFS Server
For context, see:
Mount "on-the-fly"
Mount "on-the-fly" the directory from another machine:
mount [-v] -t nfs 192.168.0.145:/shared /mnt/tmp
Mount the directory at boot
In /etc/fstab add:
192.168.1.4:/volume3/test3 /rackstation/test3/ nfs nolock,_netdev,bg 0 0
After mount, the client will report the NFS version, as described below:
f01:/opt/shared on /opt/shared type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.31.21.22,local_lock=none,addr=172.31.20.184,_netdev)
More about fstab:
More details on mount options can be found here: