【转】在Oracle Linux 7上配置NFS Server

Oracle Cloud Infrastructure - Version N/A to N/A [Release 1.0]

Information in this document applies to any platform.

This KM will explain how to setup a Basic NFS server and NFS client under Oracle Cloud Infrastructure.

Common issues will be showing.

Enviroment :

NFS server:  ol7nfsserveroracle  IP: 10.0.1.10

NFS client :   ol7nfsclientoracle    IP: 10.0.1.11

ON NFS SERVER:

1- .Make sure that you have nfs-utils rpcbind on latest version

[root@ol7nfsserveroracle~]# yum install nfs-utils rpcbind

Loaded plugins: langpacks, ulninfo

Package 1:nfs-utils-1.3.0-0.61.0.1.el7.x86_64 already installed and latest version

Package rpcbind-0.2.0-47.el7.x86_64 already installed and latest version

Nothing to do

2- Enable and Start NFS services : 

    -nfs-server : process starts the NFS server and other RPC processes

    RPC processes includes:

    – rpc.statd : implements monitoring protocol (NSM) between NFS client and NFS server

    – rpc.mountd : NFS mount daemon that implements the server side of the mount requests from NFSv3 clients.

    – rpc.idmapd : Maps NFSv4 names and local UIDs and GIDs

    – rpc.rquotad : provides user quota information for remote users.

[root@ol7nfsserveoracle~]# systemctl enable --now nfs-server

Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

[root@ol7nfsserveroracle ~]# systemctl enable --now  rpcbind

[root@ol7nfsserveroracle ~]# systemctl enable --now  nfs-lock

[root@ol7nfsserveroracle ~]# systemctl enable --now  nfs-idmap

2- Check the status of the NFS services:

[root@ol7nfsserveroracle ~]# systemctl status nfs

● nfs-server.service - NFS server and services

   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)

  Drop-In: /run/systemd/generator/nfs-server.service.d

           └─order-with-mounts.conf

   Active: active (exited) since Thu 2019-02-07 17:46:37 GMT; 59s ago

 Main PID: 11915 (code=exited, status=0/SUCCESS)

   CGroup: /system.slice/nfs-server.service

Feb 07 17:46:37 ol7nfsserveroracle systemd[1]: Starting NFS server and services...

Feb 07 17:46:37 ol7nfsserveroracle systemd[1]: Started NFS server and services.

Hint: Some lines were ellipsized, use -l to show in ful

3- Add the directory that will be shared  and  the IP address of the instance that will mount it.

[root@ol7nfsservermau ~]# cat /etc/exports

/nfsshare   10.0.1.11(no_root_squash,rw,sync)

3.1- Restart the nfs services

[root@ol7nfsservermau ~]# systemctl restart nfs

[root@ol7nfsservermau ~]#

4-If firewalld is running add the following services on your firewalld

[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service mountd

success

[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service rpc-bind

[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service nfs

[root@ol7nfsserveroracle ~]# firewall-cmd --reload

5- Login to OCI console --> Instances --> Click on NFS-Server intance --> Attched Vnic --> Subnet --> On Resources --> Security List --> Select your Security list --> Edit All Rules -->

   Open TCP  port  111, 2049 and 20048  For UDP : 111 in Ingress rule for internal network.

ON NFS CLIENT

1- .Make sure that you have nfs-utils installed 

[root@ol7nfsclientoracle~]# yum install nfs-utils rpcbind

2-Verify you can see the share:

[root@ol7nfsclientoracle ~]# showmount -e 10.0.1.10

Export list for 10.0.1.10:

/nfsshare 10.0.1.11

[root@ol7nfsclientoracle ~]#

3-Mount the NFS share:

[root@ol7nfsclientoracle ~]# mount -v -t nfs 10.0.1.10:/nfsshare /nfsshare

mount.nfs: timeout set for Thu Feb 7 17:59:48 2019

mount.nfs: trying text-based options 'vers=4.1,addr=10.0.1.10,clientaddr=10.0.1.11'

3.1- Update /etc/fstab to mount NFS shares at boot time

[root@ol7nfsclientoracle ~]# cat /etc/fstab | grep -i nfs

10.0.1.10:/nfsshare /nfsshare nfs4 rw,bg,_netdev 0 0

4- NFS Share is mounted successfully 

[root@ol7nfsclientoracle ~]# df -h /nfsshare/

Filesystem Size Used Avail Use% Mounted on

10.0.1.10:/nfsshare 39G 2.1G 37G 6% /nfsshare

COMMON ISSUES:

1- If firewalld does not have the ports or nfs services added on the firewalld you will get the following error on the NFS Client when you try to mount it:

mount.nfs: timeout set for Thu Feb 7 18:09:41 2019

mount.nfs: mount(2): No route to host

2- If you don't open a required NFS  port on the  OCI console - security list you will ger the following error:

[root@ol7nfsclientoracle ~]# mount -t nfs 10.0.1.10:/nfsshare /nfsshare

^C

[root@ol7nfsclientoracle]#

Time out - Hang

3- The export file on NFS server is sharing the share on as specific host 10.0.1.15 but our client is 10.0.1.11, in this case the export file need to be updated.

[root@ol7nfsclientmau ~]# mount -t nfs 10.0.1.10:/nfsshare /nfsshare

mount.nfs: access denied by server while mounting 10.0.1.10:/nfsshare  <===

[root@ol7nfsclientmau ~]#

4- Make sure what instance can mount the share by running showmoiunt.

[root@ol7nfsclientmau ~]# showmount -e 10.0.1.10

Export list for 10.0.1.15:             <=================== Should be 10.0.1.11

/nfsshare 10.0.1.15

Note 1: Please do not use a Public IP for NFS share.

          It is not secure and it will have bad performance. 

Note 2: If you have SELINUX enable on NFS server you might configure SELinux to allow remote hosts to access content that is exported through NFS.

nfs_export_all_ro -- allows file systems to be exported read-only

nfs_export_all_rw -- allows file systems to be exported read-write

use_nfs_home_dirs -- allows home directories to be exported over NFS

If SELinux is not required to be in enforcing mode you can disable or change it to permissive mode to void any issue.

Example:

[root@ol7nfsserveroracle ~]# setsebool -P nfs_export_all_rw 1

[root@ol7nfsserveroracle ~]#

[root@ol7nfsserveroracle ~]# getsebool -a | grep -i nfs

cobbler_use_nfs --> off

conman_use_nfs --> off

ftpd_use_nfs --> off

git_cgi_use_nfs --> off

git_system_use_nfs --> off

httpd_use_nfs --> off

ksmtuned_use_nfs --> off

logrotate_use_nfs --> off

mpd_use_nfs --> off

nagios_use_nfs --> off

nfs_export_all_ro --> off

nfs_export_all_rw --> on

nfsd_anon_write --> off

openshift_use_nfs --> off

polipo_use_nfs --> off

samba_share_nfs --> off

sanlock_use_nfs --> off

sge_use_nfs --> off

tmpreaper_use_nfs --> off

use_nfs_home_dirs --> off

virt_use_nfs --> off

xen_use_nfs --> off

[root@ol7nfsservermau ~]

[root@ol7nfsserveroracle ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=enforcing     <=================================

# SELINUXTYPE= can take one of three values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

[root@ol7nfsserveroracle ~]# getenforce

Enforcing