Network File System on CentOS 7

Posted: July 16, 2015 in Linux

Network file system (NFS)  allows the client to automatically mount remote file systems and  access to it as if the file system is local.Users will not see a difference between the Network File System and another local file system. The computer on which shares are available for network access is called an NFS server, and the process of making the shares accessible is named exporting.Computers which access these NFS shares are called NFS clients, and the process of making the shares accessible is referred to as mounting.In order for server and client to make connections,Remote Procedure Call (RPC) and eXternal Data Representation (XDR) mechanisms are used.This allows the NFS server and client to run on two different operating systems with different hardware platforms. NFS uses some deamons for data to be exchanged between client and the server:

nfsdServer process that responds to client requests on TCP port 2049 for file access.It is used for the file locking and recovery.

rpcbind -Present both the server and client.It converts RPC program numbers into universal addresses to facilitate communication for other RPC-based services.

rpc.rquotad -Present on both the server and client.Responisble for showing user quota information for a remotely mounted share on the server,used also for setting up of user quotas on a mounted share on the client.

rpc.idmapd -Runs on the server and client to control the mappings of UIDs and GIDs with their username and groupnames based on the configuration defined in the /etc/idmapd.conf file.

NFS config files /etc/exports -contains share definitions for export.

/var/lib/nfs/etab -records entries for exported shares no matter whether they are remotely mounted or not. /etc/nfsmount.conf -Client file that defines settings used at mounting shares.

/etc/fstab contains of shares which are mounted at system reboots or manually with the mount command.

/etc/mtab -shows mounted shares,and the local file systems.

/etc/sysconfig/nfs -Server and client-side NFS startup configuration file. Modifications of nfsmount.conf and /etc/sysconfig/nfs files don’t requires modifications.

Installing and configuring NFS

In this example,we will create a folder sharenfs and export it with the NFSv4 protocol (default for RHEL7/CENTOS7) to windows XP (named client) in read/write mode with root squash disabled. I have built network for this example in this article.I installed nfs utils on squid machine.It will serve as NFS server.

yum –y install nfs-utils

Create folder /sharenfs

mkdir /sharenfs

Set SELinux booleans persistently (P) to allow NFS exports in both read-only(nfs_export_all_ro=1) and read-write (nfs_export_all_rw=1) modes, and check it:

setsebool –P nfs_export_all_ro=1 nfs_export_all_rw=1
getsebool –a | grep nfs_export
nfs_export_all_ro --> on
nfs_export_all_rw --> on

This is appropriate point where we can see all nfs related SELinux booleans:

getsebool –a | egrep ‘^nfs|^use_nfs’
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nfsd_anon_write --> off
use_nfs_home_dirs --> off

nfs_export_all_ro Allows/disallows share exports in read-only mode.

nfs_export_all_rw Allows/disallows share exports in read/write mode.

nfsd_anon_write Allows/disallows the nfsd daemon to write anonymously to public directories on clients.

use_nfs_home_dirs Allows/disallows NFS clients to mount user home directories. NFS server users TCP port 2049 to communicate with clients

firewall-cmd --permanent --add-service nfs ; firewall-cmd --reload

Above line is sufficient when connecting from linux client,but it didn’t work when i had been connecting from Windows

server 2012,connection was refused,it only worked after stopping the firewall until i opened ports for mountd service:

firewall-cmd --add-service=mountd --permanent;firewall-cmd --reload

Start the rpcbind and NFS services:

systemctl start rpcbind nfs

Edit the /etc/exports file and add an entry for our created folder with read/write and no_root_squash options:

/sharenfs dc.example.com(rw,no_root_squash,no_all_squash))
/sharenfs 192.168.122.200(rw,no_root_squash,no_all_squash)

First line will export /sharenfs folder to Windows Server 2012 and second one to Linux client
all_squash (no_all_squash) all clients (including root) are (aren’t) seen as anonymous on client systems

root_squash  Map requests from uid/gid 0 to the anonymous uid/gid.

(no_root_squash) Turn off root squashing.

async/sync Replies to clients’s requests before writting changes to disk

rw/ro Allows/disalows file modifications on the client.

secure/insecure Allows /prevents access only on clients on ports lower than 1024. We now must make local directories available for Network File System (NFS) clients to mount.This list is kept in a file named /var/lib/nfs/etab which is read by mountd when a remote host requests access to mount a file tree:

exportfs –avr
exporting dc.example.com:/sharenfs

-a Export or unexport all directories
-v Verbose mode

-r If /proc/fs/nfsd or /proc/fs/nfs is mounted, flush everything
out of the kernel’s export table.

Check the /var/lib/nfs/etab file:

/sharenfs dc.example.com(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,secure,no_root_squash,no_all_squash)
/sharenfs 192.168.122.200(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,secure,no_root_squash,no_all_squash)

First entry exports /sharenfs to Windows Server,and the second one to Centos box

If we need to unexport shares,we can do with the exportfs command,with the –u option specified. exportfs –u servernmae:/folder_name

exportfs –v | grep common

Mount share on client side-linux

On linux client install also nfs-utils package,start rpcbind and nfs services

Then mount NFS share

mount -t nfs -o rw 192.168.122.90:/sharenfs /tmp

Mount share from 192.168.122.90 as read-write to /tmp folder
Export shares to Windows client (Server 2012)

Install feature Client for NFS

Untitled

For win7:

Untitled2

Then,from CMD type

mount 192.168.122.90:/sharenfs z:

Share is mounted as mapped drive Z

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s