Contact for queries :

Login

  UpComing Live WebEx Workshop Series

NFS Configuration in Linux

The Network File Systems (NFS) protocol works great when it comes to Linux systems because it allows for client flexibility, centralized management of files, and some other great features.
To get NFS working properly, you need to set up the NFS server first and then set up the client to test access to the server. As with any other service, you need to install a few packages before doing anything else.
The actual NFS service is the same for both servers and clients, with the difference being found in the services running and the config files.
There are four different versions of NFS; version 4 is the most current. Although you can disable what versions the server listens for, the client actually determines which version it will use when connecting to the server (unless, of course, the server is offering the version the client is asking for).
Task 1 : Installation of NFS Services
Step 1. To begin the NFS server setup, install the required packages:

# yum install -y nfs-utils nfs4-acl-tools

Step 2. Verify the package installation:

# rpm -qa | grep nfs
nfs4-acl-tools-0.3.3-5.el6.x86_64
nfs-utils-1.2.2-7.el6.x86_64
nfs-utils-lib-1.1.5-1.el6.x86_64

Step 3. The NFS server uses three different services to function properly. You need to enable them all at boot for the NFS server to function the way it should:

# chkconfig nfs on
# chkconfig nfslock on
# chkconfig rpcbind on

Step 4. Verify that all three services are set to start on system boot:

# chkconfig –list nfs
nfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig –list nfslock
nfslock 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig –list rpcbind
netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off

You should also verify that the NFS service is currently stopped because you need to make some configuration changes before you can start it.
Step 5. Verify that the service is off:

# service nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped

 

Task 2:  Configuring NFS Services

The nfs and rpcbind services both control a number of daemons on the system when they are started. Let’s look at the different daemons these two services are composed of:

  • rpcbind        Forwards incoming requests to the appropriate subservice
  • rpc.idmapd Maps the UID and GID to users and groups
  • rpc.lockd     Manages file locks and releases in case of client disconnect
  • rpc.nfsd       Responds to client requests for file access
  • rpc.rquotad Provides statistics on disk quotas to clients
  • rpc.statd      Works with rpc.lockd to provide recovery services

Let’s also look at the config files that you will be dealing with:

  • /etc/sysconfig/nfs Contains the main config files for the NFS service
  • /etc/exports Contains a list

 
Here are some additional files that you will use when working with NFS:

  • /var/lib/nfs/etab Contains a list of currently exported resources
  • /var/lib/nfs/rmtab Contains a list of remotely mounted resources

For the first configuration step, you need to make a few changes to the main config file.
Step 1. Open the main config file for editing:

# nano /etc/sysconfig/nfs
Step 2. Uncomment the following lines:
MOUNTD_NFS_V1=”no”
MOUNTD_NFS_V2=”no”
MOUNTD_NFS_V3=”no”
RPCNFSDARGS=”-N 2 -N 3”

The first three lines disable the mountd daemon from accepting anything below version 4. The last line disables the NFS service from even advertising anything but version 4 as well.
Step 3. Save the file and exit.
Next, let’s work with the /etc/exports file because this defines what resources will be available to your clients. If the file doesn’t exist already, you can create it. The syntax of the /etc/exports file is
<mountpoint> <host><permissions/options>
Mount Options:

  • rw Sets read/write permissions
  • ro Sets read-only permissions
  • insecure Allows the use of ports over 1024
  • sync Specifies that all changes must be written to disk before a command completes
  • no_wdelay Forces the writing of changes immediately (useful for logs  if something crashes)
  • root_squash Prevents root users

As an example, you can use the following two locations to export to the clients:
Step 4. Set up your exports in the /etc/exports files to be available to any client on the network:

# nano /etc/exports
/home *(ro,sync)
/opt/company_data *(rw,sync)

Here, you define two resources that you will make available. The first line defines the /home directory to be exported and allows read-only access to all clients. The second line provides the /opt/company_data directory to all of your clients with read and write permissions. After you finish defining all the resources you want to export, save and close the file.
Step 5. Start the two NFS services (rpcbind should be running already by default):

# service nfslock start
Starting NFS statd: [ OK ]
# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]

Step 6. Verify that the services have started successfully:

# service rpcbind status
rpcbind (pid 25068) is running…
# service nfslock status
rpc.statd (pid 17726) is running…
# service nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 17780) is running…
nfsd (pid 17777 17776 17775 17774 17773 17772 17771 17770) is
running…
rpc.rquotad (pid 17764) is running…

Task 3: Manually export of Shares

If you already started the services before creating an /etc/exports file, you can also use the exportfs command to manually export any new resources added to the /etc/exports file.
Syntax: exportfs [options]
Options:

-a Exports or unexports all directories
-r Reexports all directories
-u Unexports one or more directories
-v Provides verbose output

Step 1. Here is what a manual export of resources would look like:

# exportfs -avr
exporting *:/opt/company_data
exporting *:/home

Step 2. Alternatively, you can also get the same effect by restarting only the NFS service, which in turn restarts all daemons:

# service nfs restart
Shutting down NFS mountd: [ OK ]
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]

Now that all the resources have been exported properly and the NFS service has been started, you can use the rpcinfo command to verify that all the parts of the NFS service are running properly.
Syntax: rpcinfo -p [host]
You can view both local and remote connection information with the rpcinfo command. Because you are looking for information about the local server, you don’t have to specify a host when calling the command. View the current running nfs daemons:

# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 41853 status
100024 1 tcp 40535 status
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100003 4 tcp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 32769 nlockmgr
100021 3 udp 32769 nlockmgr
100021 4 udp 32769 nlockmgr
100021 1 tcp 32803 nlockmgr
100021 3 tcp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr

Where you see the nfs daemon running, notice that only version 4 is listed. The reason is that you disabled all other versions in the config file. Although some of the other daemons listed use other versions as well, you should verify that at least the nfs daemon shows version 4.

Task 4: Firewall  Configuration for NFS server

NFS is one of the many Red Hat services that can take advantage of TCP Wrappers as well as firewall rules for security. We don’t use TCP Wrappers here, but should you run into trouble on the exam with the NFS service not working, don’t forget to check to see whether anything is being filtered by TCP Wrappers. Because you are using NFS version 4 here, you need to create only a single firewall rule.
Step 1. Use iptables to create the additional firewall rules:

# iptables -I INPUT 5 -p tcp -m tcp –dport 2049 -j ACCEPT

Step 2. Save the firewall rules you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Restart the iptables service:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

If you are using NFS4 , you can configure the firewall rules as per below steps:
you need to statically define ports in the /etc/sysconfig/nfs file for each of the four daemons required for the NFS service to run. You also need to add these ports to the /etc/services file and create a firewall rule for each one.
Step 1. Define static ports in /etc/sysconfig/nfs for each of the four required daemons NFS uses.
Step 2. Create a firewall rule for the rpcbind server (TCP and UDP port 111).
Step 3. Create a firewall rule for the MOUNTD_PORT you specified (TCP and UDP).
Step 4. Create a firewall rule for the STATD_PORT you specified (TCP and UDP).
Step 5. Create a firewall rule for the LOCKD_TCPPORT you specified (TCP).
Step 6. Create a firewall rule for the LOCKD_UDPPORT you specified (UDP).
 

Task 5: SELinux Configuration for NFS Server:

Step 1. Query for the Boolean value you need to change:

# getsebool -a | grep nfs
allow_ftpd_use_nfs –> off
allow_nfsd_anon_write –> off
git_system_use_nfs –> off
httpd_use_nfs –> off
nfs_export_all_ro –> off
nfs_export_all_rw –> off
qemu_use_nfs –> on
samba_share_nfs –> off
use_nfs_home_dirs –> off
virt_use_nfs –> off
xen_use_nfs –> off

Step 2. Disable SELinux protection for only the options that you need:

# setsebool -P nfs_export_all_ro=1 nfs_export_all_rw=1

Step 3. Verify that the Boolean has changed:

# getsebool -a | grep nfs
allow_ftpd_use_nfs –> off
allow_nfsd_anon_write –> off
git_system_use_nfs –> off
httpd_use_nfs –> off
nfs_export_all_ro –> on
nfs_export_all_rw –> on
qemu_use_nfs –> on
samba_share_nfs –> off
use_nfs_home_dirs –> off
virt_use_nfs –> off
xen_use_nfs –> off

 

November 15, 2015

0 responses on "NFS Configuration in Linux"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

top
copyright protected - 2011 © igurkul I.T. solutions. All rights reserved.