Today we’re going to setup an NFS server and client on a pair of RackSpace Cloud Servers.
To get started create two cloud servers – one will be the NFS server and the other will be the NFS client. We’ll be using CentOS (RHEL) for our project but you can use the distribution of your choice.
We’re going to do the NFS share over the Private Net interface which is a 10.x.x.x unroutable network. This way NFS is not exposed to the public network and the security issues are simplified.
Our server will be named “file01” and our client will be “client01”. We will share the /data directory tree on the server and mount it to /data on the client.
Server
- Install necessary packages. You’ll need nfs-utils and portmap. Additional dependent packages will be installed automatcially:
1yum install nfs-utils portmapNote: On RHEL6, “portmap” is now “rpcbind”.
- Setup /etc/hosts. On the server, I like to add host entries to /etc/hosts for each client so that it’s easy to reference them in the configuration files. So we’ll add this line to /etc/hosts:
110.10.232.1 client01-private
Remember to use the private address of the client. We want the NFS traffic to use the non-public network for improved security. - Setup /etc/exports. This text file defines what paths will be shared and to whom. Here is a simple case sharing /data to a single client:
1/data client01-private(rw,no_root_squash)
There are a number of different configuration options available for the /etc/exports file. See the man page for full details. - Setup /etc/hosts.allow. This text file defines access controls for the NFS related services. Here’s an example configuration:
12345portmap: client01-privatelockd: client01-privaterquotad: client01-privatemountd: client01-privatestatd: client01-private - Setup iptables. Edit the /etc/sysconfig/iptables file and add the following line to the RH-Firewall-1-INPUT table right before the final COMMIT:
1-A RH-Firewall-1-INPUT -s 10.176.97.227 -j ACCEPT
Notice that the IP address is the private interface on the client. You’ll need to add additional lines if you have more then one client. This is a very simple rule that allows all traffic from the client to the server. Now restart iptables:
1/sbin/service iptables restart - Configure startup. Use the following commands to configure the nfs and portmap services to start on boot.
12/sbin/chkconfig --level 345 portmap on/sbin/chkconfig --level 345 nfs on - Start services. Start or restart the portmap and nfs services. You’ll need to do this anytime that you change the NFS configuration.
12/sbin/service portmap restart/sbin/service nfs restart
Client
- Install necessary packages. You’ll need nfs-utils and portmap. Additional dependent packages will be installed automatcially:
1yum install nfs-utils portmap - Setup /etc/hosts. On the server, I like to add host entries to /etc/hosts for the server so that it’s easy to reference them in the configuration files. So we’ll add this line to /etc/hosts:
110.10.232.2 file01-private
Remember to use the private address of the client. We want the NFS traffic to use the non-public network for improved security. - Configure startup. Use the following commands to configure the portmap service to start on boot.
1/sbin/chkconfig --level 345 portmap on - Start portmap service. Start or restart the portmap.
1/sbin/service portmap restart - Setup /etc/fstab. The /etc/fstab text file contains a list of filesystems that should be mounted on the client server. We need to add new line at the bottom of the file for our NFS server. Here’s an example:
1file01-private:/data /data nfs rw,hard,intr 0 0
Notice that we’ve stated that the /data share on file01-private should be mounted to /data on the client server. - Create the mount point. The mount point is just an empty directory to which the remote filesystem will be connected.
1mkdir /data - Mount the share. Next step is to mount the share with this command:
1mount /data
And now you should have a working NFS mount of file01:/data to client01:/data.
If it’s not working, here’s a good page of advice on how to troubleshoot: