Find out how to Set up and Configure an NFS Server on CentOS 8

Community File System (NFS) is a distributed file system protocol that means that you can share distant directories over a community. With NFS, you may mount distant directories in your system and work with the information on the distant machine as in the event that they had been native information.

NFS protocol just isn’t encrypted by default, and in contrast to Samba, it doesn’t present consumer authentication. Entry to the server is restricted by the shoppers’ IP addresses or hostnames.

On this tutorial, you’ll undergo the steps essential to arrange an NFSv4 Server on CentOS 8. We’ll additionally present you methods to mount an NFS file system on the shopper.

Conditions #

We’re assuming that you’ve got a server working CentOS Eight on which we’ll arrange the NFS server and different machines that can act as NFS shoppers. The server and the shoppers ought to have the ability to talk with one another over a non-public community. In case your internet hosting supplier doesn’t provide personal IP addresses, you should use the general public IP addresses and configure the server firewall to permit visitors on port 2049 solely from trusted sources.

The machines on this instance have the next IPs:

NFS Server IP: 192.168.33.148
NFS Purchasers IPs: From the 192.168.33.0/24 vary

Set Up the NFS Server #

This part explains methods to set up the required packages, create and export the NFS directories, and configure the firewall.

Putting in the NFS server #

The “nfs-utils” package deal offers the NFS utilities and daemons for the NFS server. To put in it run the next command:

sudo dnf set up nfs-utils

As soon as the set up is full, allow and begin the NFS service by typing:

sudo systemctl allow –now nfs-server

By default, on CentOS Eight NFS variations Three and 4.x are enabled, model 2 is disabled. NFSv2 is fairly outdated now, and there’s no cause to allow it. To confirm it run the next cat command:

sudo cat /proc/fs/nfsd/versions-2 +3 +4 +4.1 +4.2

NFS server configuration choices are set in /and so on/nfsmount.conf and /and so on/nfs.conf information. The default settings are ample for our tutorial.

Creating the file programs #

When configuring an NFSv4 server, it’s a good apply is to make use of a worldwide NFS root listing and bind mount the precise directories to the share mount level. On this instance, we’ll use the /srv/nfs4 director as NFS root.

To higher clarify how the NFS mounts will be configured, we’re going to share two directories (/var/www and /choose/backups) with totally different configuration settings.

The /var/www/ is owned by the consumer and group apache and /choose/backups is owned by root.

Create the export filesystem utilizing the mkdir command:

sudo mkdir -p /srv/nfs4/

Mount the precise directories:

sudo mount –bind /choose/backups /srv/nfs4/backupssudo mount –bind /var/www /srv/nfs4/www

To make the bind mounts everlasting, add the next entries to the /and so on/fstab file:

sudo nano /and so on/fstab

/and so on/fstab

/choose/backups /srv/nfs4/backups none bind Zero 0
/var/www /srv/nfs4/www none bind Zero 0

Exporting the file programs #

The following step is to outline the file programs that might be exported by the NFS server, the shares choices and the shoppers which might be allowed to entry these file programs. To take action open the /and so on/exports file:

sudo nano /and so on/exports

Export the www and backups directories and permit entry solely from shoppers on the 192.168.33.0/24 community:

/and so on/exports

/srv/nfs4 192.168.33.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 192.168.33.0/24(ro,sync,no_subtree_check) 192.168.33.3(rw,sync,no_subtree_check)
/srv/nfs4/www 192.168.33.110(rw,sync,no_subtree_check)

The primary line incorporates fsid=Zero which defines the NFS root listing /srv/nfs. The entry on this NFS quantity is allowed solely to the shoppers from the 192.168.33.0/24 subnet. The crossmnt possibility is required to share directories which might be sub-directories of an exported listing.

The second line exhibits methods to specify a number of export guidelines for one filesystem. It exports the /srv/nfs4/backups listing and permits solely learn entry to the entire 192.168.33.0/24 vary, and each learn and write entry to 192.168.33.3. The sync possibility tells NFS to write down modifications to disk earlier than replying.

The final line needs to be self-explanatory. For extra details about all of the out there choices, kind man exports in your terminal.

Save the file and export the shares:

sudo exportfs -ra

You might want to run the command above every time you modify the /and so on/exports file. If there are any errors or warnings, they are going to be proven on the terminal.

To view the present energetic exports and their state, use:

sudo exportfs -v

The output will embrace all shares with their choices. As you may see, there are additionally choices that we haven’t outline within the /and so on/exports file. These are default choices, and if you wish to change them, you’ll have to set these choices explicitly.

/srv/nfs4/backups
192.168.33.3(sync,wdelay,disguise,no_subtree_check,sec=sys,rw,safe,root_squash,no_all_squash)
/srv/nfs4/www 192.168.33.110(sync,wdelay,disguise,no_subtree_check,sec=sys,rw,safe,root_squash,no_all_squash)
/srv/nfs4 192.168.33.0/24(sync,wdelay,disguise,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,safe,root_squash,no_all_squash)
/srv/nfs4/backups
192.168.33.0/24(sync,wdelay,disguise,no_subtree_check,sec=sys,ro,safe,root_squash,no_all_squash)

root_squash is without doubt one of the most necessary choices regarding NFS safety. It prevents root customers linked from the shoppers to have root privileges on the mounted shares. It would map root UID and GID to no one/nogroup UID/GID.

For the customers on the shopper machines to have entry, NFS expects the shopper’s consumer and group ID’s to match with these on the server. Another choice is to make use of the NFSv4 idmapping function that interprets consumer and group IDs to names and the opposite method round.

That’s it. At this level, you may have arrange an NFS server in your CentOS server. Now you can transfer to the following step and configure the shoppers and connect with the NFS server.

Firewall configuration #

FirewallD is the default firewall resolution on Centos 8 .

The NFS service contains predefined guidelines for permitting entry to the NFS server.

The next instructions will completely permit entry from the 192.168.33.0/24 subnet:

sudo firewall-cmd –new-zone=nfs –permanentsudo firewall-cmd –zone=nfs –add-service=nfs –permanentsudo firewall-cmd –zone=nfs –add-source=192.168.33.0/24 –permanentsudo firewall-cmd –reload

Set Up the NFS Purchasers #

Now that the NFS server is setup and shares are exported, the following step configure the shoppers and mount the distant file programs.

It’s also possible to mount the NFS share on macOS and Home windows machines, however we’ll deal with Linux programs.

Putting in the NFS shopper #

On the shopper’s machines, set up the instruments required to mount distant NFS file programs.

  • Set up NFS shopper on Debian and Ubuntu

    The identify of the package deal that features applications for mounting NFS file programs on Debian primarily based distributions is nfs-common. To put in it run:

    sudo apt updatesudo apt set up nfs-common

  • Set up NFS shopper on CentOS and Fedora

    On Crimson Hat and its derivatives set up the nfs-utils package deal:

    sudo yum set up nfs-utils

Mounting file programs #

We’ll work on the shopper machine with IP 192.168.33.110, which has learn and write entry to the /srv/nfs4/www file system and read-only entry to the /srv/nfs4/backups file system.

Create two new directories for the mount factors. You may create these directories at any location you need.

sudo mkdir -p /backupssudo mkdir -p /srv/www

Mount the exported file programs with the mount command:

sudo mount -t nfs -o vers=4 192.168.33.148:/backups /backupssudo mount -t nfs -o vers=4 192.168.33.148:/www /srv/www

The place 192.168.33.148 is the IP of the NFS server. It’s also possible to use the hostname as an alternative of the IP tackle, nevertheless it must be resolvable by the shopper machine. That is normally achieved by mapping the hostname to the IP within the /and so on/hosts file.

When mounting an NFSv4 filesystem, you’ll want to omit the NFS root listing, so as an alternative of /srv/nfs4/backups you’ll want to use /backups.

Confirm that the distant file programs are mounted efficiently utilizing both the mount or df command:

df -h

The command will print all mounted file programs. The final two traces are the mounted shares:


192.168.33.148:/backups 9.7G 1.2G 8.5G 13% /backups
192.168.33.148:/www 9.7G 1.2G 8.5G 13% /srv/www

To make the mounts everlasting on reboot, open the /and so on/fstab file:

sudo nano /and so on/fstab

and add the next traces:

/and so on/fstab

192.168.33.148:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev Zero 0
192.168.33.148:/www /srv/www nfs defaults,timeo=900,retrans=5,_netdev Zero 0

To seek out extra details about the out there choices when mounting an NFS file system, kind man nfs in your terminal.

One other choice to mount the distant file programs is to make use of both the autofs device or to create a systemd unit.

Testing NFS Entry #

Let’s check the entry to the shares by creating a brand new file in every of them.

First, attempt to create a check file to the /backups listing utilizing the contact command:

sudo contact /backups/check.txt

The /backup file system is exported as read-only, and as anticipated you will note a Permission denied error message:

contact: can’t contact ‘/backups/check’: Permission denied

Subsequent, attempt to create a check file to the /srv/www listing as a root utilizing the sudo command:

sudo contact /srv/www/check.txt

Once more, you will note Permission denied message.

contact: can’t contact ‘/srv/www’: Permission denied

The /var/www listing is owned by the apache consumer, and this share has root_squash possibility set, which maps the foundation consumer to the no one consumer and nogroup group that doesn’t have write permissions to the distant share.

Assuming {that a} consumer apache exists on the shopper machine with the identical UID and GID as on the distant server (which needs to be the case if, for instance, you put in apache on each machines), you may check to create a file as consumer apache with:

sudo -u apache contact /srv/www/check.txt

The command will present no output, which suggests the file was efficiently created.

To confirm it record the information within the /srv/www listing:

ls -la /srv/www

The output ought to present the newly created file:

drwxr-xr-x Three apache apache 4096 Jun 23 22:18 .
drwxr-xr-x Three root root 4096 Jun 23 22:29 ..
-rw-r–r– 1 apache apache Zero Jun 23 21:58 index.html
-rw-r–r– 1 apache apache Zero Jun 23 22:18 check.txt

Unmounting NFS File System #

In the event you not want the distant NFS share, you may unmount it as every other mounted file system utilizing the umount command. For instance, to unmount the /backup share you’d run:

sudo umount /backups

If the mount level is outlined within the /and so on/fstab file, ensure you take away the road or remark it out by including # firstly of the road.

Conclusion #

On this tutorial, we have now proven you methods to arrange an NFS server and methods to mount the distant file programs on the shopper machines. In the event you’re implementing NFS in manufacturing and sharing smart information, it’s a good suggestion to allow kerberos authentication.

As an alternative choice to NFS, you should use SSHFS to mount distant directories over an SSH connection. SSHFS is encrypted by default and far simpler to configure and use.

Be happy to go away a remark when you’ve got any questions.

Supply

Germany Devoted Server

Leave a Reply