Install Server
Install
dnf -y install nfs-utils
Start / Enable at boot
{
systemctl start nfs-server.service
systemctl enable nfs-server.service
}
Configs
- /etc/nfs.conf – main configuration file for the NFS daemons and tools
- /etc/nfsmount.conf – an NFS mount configuration file
Create shared directory
I want to share the directory /mnt/backups on the NFS server.
mkdir -p /mnt/backups
Create the export file system
mdir -p /srv/nfs4/backups
Mount the directory
mount --bind /mnt/backups /srv/nfs4/backups
Update fstab.
vi /etc/fstab
/mnt/backups /srv/nfs4/backups none bind 0 0
Export the file system
The next step is to define the file systems that will be exported by the NFS server, the shares options and the clients that are allowed to access those file systems.
Export the backups directory and allow access only from clients on the network (e.g. 10.158.0.0/24).
Update /etc/exports.
- man exports to view all the options
The first line contains fsid=0 which defines the NFS root directory /srv/nfs4. Access to this NFS volume is allowed only from servers on the 10.158.0.0/24 subnet. The crossmnt option is required to share directories that are sub-directories of an exported directory.
vi /etc/exports
/srv/nfs4 10.158.0.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)
For reference, here are a few different permission options.
Read and write from subnet.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)
Read from subnet, write from IP.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check) 10.158.0.11(rw,sync,no_subtree_check)
Read only from subnet.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)
Read only from IP.
/srv/nfs4/backups 10.158.0.11(ro,sync,no_subtree_check)
Save the file and export the shares
- -a Export or unexport all directories.
- -r Reexport all directories, synchronizing /var/lib/nfs/etab with /etc/exports and files under /etc/exports.d. This option removes entries in /var/lib/nfs/etab which have been deleted from /etc/exports or files under /etc/exports.d, and removes any entries from
the kernel export table which are no longer valid. - -v Be verbose.
exportfs -arv
Example
exportfs -arv
exporting 10.158.0.0/24:/srv/nfs4/backups
exporting 10.158.0.0/24:/srv/nfs4
Display exports.
-s Display the current export list suitable for /etc/exports.
exportfs -s
Example
root_squash prevents root users from having root privileges on the mounted shares. It will map root UID and GID to nobody/nogroup UID/GID.
exportfs -s
/srv/nfs4 10.158.0.0/24(sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups 10.158.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
Firewall
Option 1
{
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
}
Option 2
{
firewall-cmd --permanent --new-zone=nfs
firewall-cmd --permanent --zone=nfs --add-service=nfs
firewall-cmd --permanent --zone=nfs --add-source=10.158.0.0/24
firewall-cmd --reload
}
Important: If you are using a Cloud service such as Google Cloud, make sure to allow ingress TCP and UDP ports 111, 2049, 20048.
Verify
firewall-cmd --list-all | grep nfs
Example
firewall-cmd --list-all | grep nfs
services: nfs
View RPC services.
rpcinfo — report RPC information
rpcinfo -p
Example
rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 53277 status
100024 1 tcp 54211 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 47907 nlockmgr
100021 3 udp 47907 nlockmgr
100021 4 udp 47907 nlockmgr
100021 1 tcp 45523 nlockmgr
100021 3 tcp 45523 nlockmgr
100021 4 tcp 45523 nlockmgr
Client
Install
dnf -y install nfs-utils
Verify
Verify port access to the NFS server.
nc -zv 10.158.0.7 2049
Mount
Create a local file system/directory for mounting the remote NFS file system and mount it as an ntf file system.
mkdir /backups
Mount the exported filesystem.
When mounting an NFSv4 filesystem, you need to omit the NFS root directory, so instead of /srv/nfs4/backups you need to use /backups.
mount -t nfs 10.158.0.7:/backups /backups
Verify mount.
mount | grep nfs
df /backups
Example
mount | grep nfs
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
10.158.0.7:/backups on /backups type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.158.0.11,local_lock=none,addr=10.158.0.7)
df /backups
Filesystem 1K-blocks Used Available Use% Mounted on
10.158.0.7:/backups 20754432 2870784 17883648 14% /backups
Update fstab
To make the mounts permanent on reboot, open the /etc/fstab.
vi /etc/fstab
10.158.0.7:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0
Test
Run showmount against the NFS server from the NFS client.
Showmount queries the mount daemon on a remote host for information about the state of the NFS server on that machine.
showmount -e [NFS_SERVER]
Example
showmount -e 10.158.0.7
Export list for 10.158.0.7:
/srv/nfs4/backups 10.158.0.0/24
/srv/nfs4 10.158.0.0/24
If you receive the following error, it could be because UDP/TCP port 20048 is not open.
showmount -e 10.158.0.7
clnt_create: RPC: Timed out
Test write on NFS server, read on Client.
touch /srv/nfs4/backups/file_created_on_server.text # Ran on NFS server
ls -l /backups/file_created_on_server.text # Ran on NFS client
Test write on NFS client, read on NFS Server.
touch /backups/file_created_on_client.text # Ran on NFS client
You should get a read-only error.
Example
touch /backups/file_created_on_client.text
touch: cannot touch '/backups/file_created_on_client.text': Read-only file system
Unmount
Unmout the file system on the client side.
umount /backups
Remove from /etc/fstab.
vi /etc/fstab