Install Server
Install
dnf -y install nfs-utilsStart / Enable at boot
{
systemctl start nfs-server.service
systemctl enable nfs-server.service
}Configs
- /etc/nfs.conf – main configuration file for the NFS daemons and tools
- /etc/nfsmount.conf – an NFS mount configuration file
Create shared directory
I want to share the directory /mnt/backups on the NFS server.
mkdir -p /mnt/backupsCreate the export file system
mdir -p /srv/nfs4/backupsMount the directory
mount --bind /mnt/backups /srv/nfs4/backupsUpdate fstab.
vi /etc/fstab
/mnt/backups /srv/nfs4/backups none bind 0 0Export the file system
The next step is to define the file systems that will be exported by the NFS server, the shares options and the clients that are allowed to access those file systems.
Export the backups directory and allow access only from clients on the network (e.g. 10.158.0.0/24).
Update /etc/exports.
- man exports to view all the options
The first line contains fsid=0 which defines the NFS root directory /srv/nfs4. Access to this NFS volume is allowed only from servers on the 10.158.0.0/24 subnet. The crossmnt option is required to share directories that are sub-directories of an exported directory.
vi /etc/exports
/srv/nfs4 10.158.0.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)For reference, here are a few different permission options.
Read and write from subnet.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)Read from subnet, write from IP.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check) 10.158.0.11(rw,sync,no_subtree_check)Read only from subnet.
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)Read only from IP.
/srv/nfs4/backups 10.158.0.11(ro,sync,no_subtree_check)Save the file and export the shares
- -a Export or unexport all directories.
- -r Reexport all directories, synchronizing /var/lib/nfs/etab with /etc/exports and files under /etc/exports.d. This option removes entries in /var/lib/nfs/etab which have been deleted from /etc/exports or files under /etc/exports.d, and removes any entries from
the kernel export table which are no longer valid. - -v Be verbose.
exportfs -arvExample
exportfs -arv
exporting 10.158.0.0/24:/srv/nfs4/backups
exporting 10.158.0.0/24:/srv/nfs4Display exports.
-s Display the current export list suitable for /etc/exports.
exportfs -sExample
root_squash prevents root users from having root privileges on the mounted shares. It will map root UID and GID to nobody/nogroup UID/GID.
exportfs -s
/srv/nfs4 10.158.0.0/24(sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups 10.158.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)Firewall
Option 1
{
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
}Option 2
{
firewall-cmd --permanent --new-zone=nfs
firewall-cmd --permanent --zone=nfs --add-service=nfs
firewall-cmd --permanent --zone=nfs --add-source=10.158.0.0/24
firewall-cmd --reload
}Important: If you are using a Cloud service such as Google Cloud, make sure to allow ingress TCP and UDP ports 111, 2049, 20048.
Verify
firewall-cmd --list-all | grep nfsExample
firewall-cmd --list-all | grep nfs
services: nfsView RPC services.
rpcinfo — report RPC information
rpcinfo -pExample
rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 53277 status
100024 1 tcp 54211 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 47907 nlockmgr
100021 3 udp 47907 nlockmgr
100021 4 udp 47907 nlockmgr
100021 1 tcp 45523 nlockmgr
100021 3 tcp 45523 nlockmgr
100021 4 tcp 45523 nlockmgrClient
Install
dnf -y install nfs-utilsVerify
Verify port access to the NFS server.
nc -zv 10.158.0.7 2049Mount
Create a local file system/directory for mounting the remote NFS file system and mount it as an ntf file system.
mkdir /backupsMount the exported filesystem.
When mounting an NFSv4 filesystem, you need to omit the NFS root directory, so instead of /srv/nfs4/backups you need to use /backups.
mount -t nfs 10.158.0.7:/backups /backupsVerify mount.
mount | grep nfsdf /backupsExample
mount | grep nfs
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
10.158.0.7:/backups on /backups type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.158.0.11,local_lock=none,addr=10.158.0.7)df /backups
Filesystem 1K-blocks Used Available Use% Mounted on
10.158.0.7:/backups 20754432 2870784 17883648 14% /backupsUpdate fstab
To make the mounts permanent on reboot, open the /etc/fstab.
vi /etc/fstab
10.158.0.7:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0Test
Run showmount against the NFS server from the NFS client.
Showmount queries the mount daemon on a remote host for information about the state of the NFS server on that machine.
showmount -e [NFS_SERVER]Example
showmount -e 10.158.0.7
Export list for 10.158.0.7:
/srv/nfs4/backups 10.158.0.0/24
/srv/nfs4 10.158.0.0/24If you receive the following error, it could be because UDP/TCP port 20048 is not open.
showmount -e 10.158.0.7
clnt_create: RPC: Timed outTest write on NFS server, read on Client.
touch /srv/nfs4/backups/file_created_on_server.text # Ran on NFS server
ls -l /backups/file_created_on_server.text # Ran on NFS clientTest write on NFS client, read on NFS Server.
touch /backups/file_created_on_client.text # Ran on NFS clientYou should get a read-only error.
Example
touch /backups/file_created_on_client.text
touch: cannot touch '/backups/file_created_on_client.text': Read-only file systemUnmount
Unmout the file system on the client side.
umount /backupsRemove from /etc/fstab.
vi /etc/fstab