User:Renich/HowTo/NFSv4

From FedoraProject

Jump to: navigation, search

Sharing files with NFSv4 on Fedora (Server & Client configuration)

Description

This HowTo explains how to set up the Network File System version 4 on your LAN for multiple shares. It explains, also, how to mount the exports on your client(s).

Tested in Fedora Versions

  • Fedora 19

Requirements

The nfs-utils package provides what's need for both then client and the server. However, to make sure it's installed, run the following command. Enter your root password when prompted:

su -c "yum install nfs-utils"

Server requirements (services)

  • rpcbind
  • rpcidmapd
  • nfs

Client requirements ((services)

  • rpcbind
  • rpcidmapd
  • nfs

Doing the Work

Note.png
Doing the work as root
Yes, this is administrative work so you can just issue su - and avoid so many su -c '...'. Just remember to logout after you're done.

Configuring the server

  • Change your eth1 (internal) interface to the "internal" zone
su -c 'firewall-cmd --zone=internal --change-interface=eth1'
  • Open up the necessary port on the firewall (port: 2049 TCP).
su -c "firewall-cmd --permanent --zone=internal --add-service=nfs"
su -c "firewall-cmd --permanent --zone=internal --add-service=rpc-bind"
su -c "firewall-cmd --permanent --zone=internal --add-service=mountd"
su -c "firewall-cmd --reload"
Important.png
Disallow unnecessary services from the firewall
I would totally recommend removing all unnecessary services from the internal zone. For example, I do not need printers nor samba here so: su -c "for s in samba-client ipp-client; do firewall-cmd --permanent --zone=internal --remove-service=$s; done"
  • Edit /etc/idmapd.conf. Enter your root password when prompted:
su -c "vim /etc/idmapd.conf"
  • Configure your domain name and change the users to nfsnobody:
[General]
Domain = domain.tld

[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
  • Enable rpcbind, rpcidmapd, and nfs services to start at boot:
su -c "systemctl enable rpcbind.service nfs-idmap.service nfs-server.service"
  • Start those services:
su -c "systemctl start rpcbind.service nfs-idmap.service nfs-server.service"
  • Edit /etc/exports. Enter your root password when prompted:
su -c "vim /etc/exports"
  • Add your shares here (available to your home network) If you want your shares to be read only, change rw to ro from these statements:
/srv/nfs/share1     192.168.1.0/255.255.255.0(rw,sync)
/srv/nfs/share2     192.168.1.0/255.255.255.0(ro)
/srv/nfs/share3     192.168.1.0/255.255.255.0(rw)
  • Reload your exports:
su -c "/usr/sbin/exportfs -rv"
  • Edit your /etc/hosts.allow file, so your clients are allowed to access your shares:
su -c "vim /etc/hosts.allow"
  • Allow your LAN to access your shares:
rpcbind: 192.168.1.0/255.255.255.0

Configuring the clients

  • Edit /etc/idmapd.conf. Enter your root password when prompted:
su -c "vim /etc/idmapd.conf"
  • Configure your domain name and change the users to nfsnobody:
[General]
Domain = domain.tld

[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
  • Edit /etc/fstab:
su -c "vim /etc/fstab"
  • Add the desired shares:
<ip-address-to-server>:/srv/nfs/share1  /mnt/share1                                         nfs4    rsize=8192,wsize=8192,timeo=14,soft     0 0
<ip-address-to-server>:/srv/nfs/share2  /srv/www/somewebsite.tld/default/public/share2      nfs4    rsize=8192,wsize=8192,timeo=14,soft     0 0
<ip-address-to-server>:/srv/nfs/share3  /home/user/share3                                   nfs4    rsize=8192,wsize=8192,timeo=14,soft     0 0
Note.png
SELinux Booleans
You need to remember to activate a relevant boolean. There a few SELinux booleans for nfs in general. Make sure to check them out by using getsebool -a | grep -i nfs and enable them permanently with setsebool -P <someboolean>=1 <someotherbool>=1 ...
  • Remount everything:
su -c "mount -a"

Common problems and fixes

Can't write to a rw share

Nope, it's just that you're using root to try and write while not adding no_root_squash to your exports. This will map root to nfsnobody you on the other server so if nfsnobody doesn't have write permissions at your server, you're screwed.

You should read man exports to get more info on this.

Apache can't use the share

So, yeah; SELinux is preventing you from using the share. Just read the note about SELinux booleans... you might've missed it; it's up there. ;=)

More Information

It is hard to find since, it seems, NFSv4 disapeard from updated docs.

RedHat recommends, on RHEL5 Docs, that one should use automount instead of /etc/fstab; which saves resources when sharing to multiple workstations. Feel free to extend it if you know how ;=)

Added Reading