Install and Configure NFS on CentOS 8

Install and Configure NFS on CentOS 8

Install Server

Install

dnf -y install nfs-utils

Start / Enable at boot

{
  systemctl start nfs-server.service
  systemctl enable nfs-server.service
}

Configs

  • /etc/nfs.conf – main configuration file for the NFS daemons and tools
  • /etc/nfsmount.conf – an NFS mount configuration file

Create shared directory

I want to share the directory /mnt/backups on the NFS server.

mkdir -p /mnt/backups

Create the export file system

mdir -p /srv/nfs4/backups

Mount the directory

mount --bind /mnt/backups /srv/nfs4/backups

Update fstab.

vi /etc/fstab
/mnt/backups /srv/nfs4/backups  none   bind   0   0

Export the file system

The next step is to define the file systems that will be exported by the NFS server, the shares options and the clients that are allowed to access those file systems.

Export the backups directory and allow access only from clients on the network (e.g. 10.158.0.0/24).

Update /etc/exports.

  • man exports to view all the options

The first line contains fsid=0 which defines the NFS root directory /srv/nfs4. Access to this NFS volume is allowed only from servers on the 10.158.0.0/24 subnet. The crossmnt option is required to share directories that are sub-directories of an exported directory.

vi /etc/exports
/srv/nfs4         10.158.0.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)

For reference, here are a few different permission options.

Read and write from subnet.

/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)

Read from subnet, write from IP.

/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check) 10.158.0.11(rw,sync,no_subtree_check)

Read only from subnet.

/srv/nfs4/backups 10.158.0.0/24(ro,sync,no_subtree_check)

Read only from IP.

/srv/nfs4/backups 10.158.0.11(ro,sync,no_subtree_check)

Save the file and export the shares

  • -a Export or unexport all directories.
  • -r Reexport all directories, synchronizing /var/lib/nfs/etab with /etc/exports and files under /etc/exports.d. This option removes entries in /var/lib/nfs/etab which have been deleted from /etc/exports or files under /etc/exports.d, and removes any entries from
    the kernel export table which are no longer valid.
  • -v Be verbose.
exportfs -arv

Example

exportfs -arv
exporting 10.158.0.0/24:/srv/nfs4/backups
exporting 10.158.0.0/24:/srv/nfs4

Display exports.

-s Display the current export list suitable for /etc/exports.

exportfs -s

Example

root_squash prevents root users from having root privileges on the mounted shares. It will map root UID and GID to nobody/nogroup UID/GID.

exportfs -s
/srv/nfs4  10.158.0.0/24(sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups  10.158.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)

Firewall

Option 1

{
  firewall-cmd --permanent --add-service=nfs
  firewall-cmd --reload
}

Option 2

{
  firewall-cmd --permanent --new-zone=nfs
firewall-cmd --permanent --zone=nfs --add-service=nfs
firewall-cmd --permanent --zone=nfs --add-source=10.158.0.0/24
firewall-cmd --reload }

Important: If you are using a Cloud service such as Google Cloud, make sure to allow ingress TCP and UDP ports 111, 2049, 20048.

Verify

firewall-cmd --list-all | grep nfs

Example

firewall-cmd --list-all | grep nfs
services: nfs

View RPC services.

rpcinfo — report RPC information

rpcinfo -p

Example

rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 53277 status
100024 1 tcp 54211 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 47907 nlockmgr
100021 3 udp 47907 nlockmgr
100021 4 udp 47907 nlockmgr
100021 1 tcp 45523 nlockmgr
100021 3 tcp 45523 nlockmgr
100021 4 tcp 45523 nlockmgr

Client

Install

dnf -y install nfs-utils

Verify

Verify port access to the NFS server.

nc -zv 10.158.0.7 2049

Mount

Create a local file system/directory for mounting the remote NFS file system and mount it as an ntf file system.

mkdir /backups

Mount the exported filesystem.

When mounting an NFSv4 filesystem, you need to omit the NFS root directory, so instead of /srv/nfs4/backups you need to use /backups.

mount -t nfs  10.158.0.7:/backups /backups

Verify mount.

mount | grep nfs
df /backups

Example

mount | grep nfs
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
10.158.0.7:/backups on /backups type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.158.0.11,local_lock=none,addr=10.158.0.7)
df /backups
Filesystem 1K-blocks Used Available Use% Mounted on
10.158.0.7:/backups 20754432 2870784 17883648 14% /backups

Update fstab

To make the mounts permanent on reboot, open the /etc/fstab.

vi /etc/fstab
10.158.0.7:/backups /backups   nfs   defaults,timeo=900,retrans=5,_netdev   0 0

Test

Run showmount against the NFS server from the NFS client.

Showmount queries the mount daemon on a remote host for information about the state of the NFS server on that machine.

showmount -e [NFS_SERVER]

Example

showmount -e 10.158.0.7
Export list for 10.158.0.7:
/srv/nfs4/backups 10.158.0.0/24
/srv/nfs4 10.158.0.0/24

If you receive the following error, it could be because UDP/TCP port 20048 is not open.

showmount -e 10.158.0.7
clnt_create: RPC: Timed out

Test write on NFS server, read on Client.

touch /srv/nfs4/backups/file_created_on_server.text # Ran on NFS server
ls -l /backups/file_created_on_server.text          # Ran on NFS client

Test write on NFS client, read on NFS Server.

touch /backups/file_created_on_client.text # Ran on NFS client

You should get a read-only error.

Example

touch /backups/file_created_on_client.text
touch: cannot touch '/backups/file_created_on_client.text': Read-only file system

Unmount

Unmout the file system on the client side.

umount /backups

Remove from /etc/fstab.

vi /etc/fstab