NFS

From Gentoo Wiki
(Redirected from NFSv4)
Jump to: navigation, search
Resources

Network File System (NFS) is a file system protocol that allows client machines to access network attached filesystems. The newest version is version 4.

Installation

Kernel

NFS server support is not required for NFS clients, and NFS client support is not required for NFS servers. Dnotify support is only required for NFSv4. NFSv3 is only required for compatibility with legacy clients e.g. the BusyBox mount command does not support NFSv4.

KERNEL
File systems --->
  [*] Dnotify support
  [*] Network File Systems --->
        <*>   NFS client support
        <*>     NFS client support for NFS version 3
        <*>     NFS client support for NFS version 4
        [*]   NFS client support for NFSv4.1
        <*>   NFS server support
        [*]     NFS server support for NFS version 3
        [*]     NFS server support for NFS version 4
        [*]       NFSv4.1 server support for Parallel NFS (pNFS)

USE flags

USE flags for net-fs/nfs-utils NFS client and server daemons

caps Use Linux capabilities library to control privilege global
ipv6 Add support for IP version 6 global
kerberos Add kerberos support global
libmount Link mount.nfs with libmount local
nfsdcld Enable nfsdcld NFSv4 clientid tracking daemon local
nfsidmap Enable support for newer nfsidmap helper local
nfsv4 Enable support for NFSv4 local
nfsv41 Enable support for NFSv4.1 local
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur global
tcpd Add support for TCP wrappers global
uuid Support UUID lookups in rpc.mountd local

Emerge

Install net-fs/nfs-utils:

root #emerge --ask net-fs/nfs-utils

Configuration

Server

The following table describes the filesystems that will be exported by the server:

Device Mount directory Description
/dev/sdb1 /home Filesystem containing user home directories.
/dev/sdc1 /data Filesystem containing user data.

Virtual root

The filesystems to be exported must be made available under a single directory. This directory is known as the virtual root directory, and it is required for NFSv4:

root #mkdir /export
Note
The /export directory is used throughout this article as the virtual root directory, although any directory can be used e.g. /nfs or /srv/nfs

Create directories in the virtual root directory for the filesystems (e.g. /home and /data) that are to be exported:

root #mkdir /export/home
root #mkdir /export/data

The filesystems to be exported need to be made available under their respective directories in the virtual root directory. This is accomplished with the --bind option of the mount command:

root #mount --bind /home /export/home
root #mount --bind /data /export/data

To make the above mounts persistent, add the following to /etc/fstab:

FILE /etc/fstab
/home    /export/home    none    bind    0    0
/data    /export/data    none    bind    0    0

Exports

The filesystems to be made accessible for clients are specified in /etc/exports. This file consists of the directories to be exported, the clients allowed to access those directories, and a list options for each client. Refer to man exports for more information about the NFS export configuration options:

FILE /etc/exports
/export         192.168.0.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0)
/export/home    192.168.0.0/24(insecure,rw,sync,no_subtree_check)
/export/data    192.168.0.0/24(insecure,rw,sync,no_subtree_check)

The above configuration grants access to the exported directories by IP network, in this case 192.168.0.0/24. Client access can also be specified as a single host (IP address or fully qualified domain name), NIS netgroup, or with a single * character which grants all clients access.

The following table briefly describes the client options used in the configuration above:

Option Description
insecure The server will require that client requests originate on unprivileged ports (those above 1024). This option is required when mounting exported directories from OS X or by the nfs:/ kioslave in KDE. The default is to use privileged ports.
rw The client will have read and write access to the exported directory. The default is to allow read-only access.
sync The server must wait until filesystem changes are committed to storage before responding to further client requests. This is the default.
no_subtree_check The server will not verify that a file requested by a client is in the appropriate filesystem and exported tree. This is the default.
crossmnt The server will reveal filesystems that are mounted under the virtual root directory that would otherwise be hidden when a client mounts the virtual root directory.
fsid=0 This option is required to uniquely identify the virtual root directory.

If changes are made to /etc/exports after the NFS server has started, issue the following command to propagate the changes to clients:

root #exportfs -rv

Daemon

The NFS daemon is configured via /etc/conf.d/nfs:

FILE /etc/conf.d/nfs
OPTS_RPC_NFSD="8 -N 2 -V 3 -V 4 -V 4.1"

The option 8 is the number of NFS server threads to start. Since only one thread is started by default, the thread count should be increased for optimal performance. The option -N 2 disables NFS version 2, while options -V 3, -V 4 and -V 4.1 enable NFS versions 3,4 and 4.1. Refer to man nfsd for more information about the NFS daemon configuration options.

Service

OpenRC

To start the NFS server:

root #/etc/init.d/nfs start
 * Starting rpcbind ...                                                   [ ok ]
 * Starting NFS statd ...                                                 [ ok ]
 * Starting idmapd ...                                                    [ ok ]
 * Exporting NFS directories ...                                          [ ok ]
 * Starting NFS mountd ...                                                [ ok ]
 * Starting NFS daemon ...                                                [ ok ]
 * Starting NFS smnotify ...                                              [ ok ]

The above output shows that many other services are also started along with the nfs service. To stop all NFS services, stop the rpcbind service:

root #rc-service rpcbind stop

To start the NFS server at boot:

root #rc-update add nfs default

Client

Service

OpenRC

To be able to mount exported directories, start the NFS client:

root #rc-service nfsclient start
 * Starting rpcbind                                                       [ ok ]
 * Starting NFS statd                                                     [ ok ]
 * Starting NFS sm-notify                                                 [ ok ]

To start the NFS client at boot:

root #rc-update add nfsclient default

Mounting exports

Note
The commands and configuration files below use the IP address 192.168.0.1 to represent the NFS server.

Mount the exported directories:

root #mount 192.168.0.1:/home /home
root #mount 192.168.0.1:/data /data

To make the above mounts persistent, add the following to /etc/fstab:

FILE /etc/fstab
192.168.0.1:/home    /home    nfs    rw,_netdev    0    0
192.168.0.1:/data    /data    nfs    rw,_netdev    0    0

The virtual root directory can be mounted instead of each individual exported directory. This will make all exported directories available to the client:

root #mount 192.168.0.1:/ /mnt

To make the above mount persistent, add the following to /etc/fstab:

FILE /etc/fstab
192.168.0.1:/        /mnt     nfs    rw,_netdev    0    0

When using /etc/fstab to mount the exported directories, add the netmount service to the default runlevel:

root #rc-update add netmount default

If the NFS server or client support NFSv3 only, the full path to the exported directory (e.g. /export/home or /export/data) needs to be specified when mounting:

root #mount 192.168.0.1:/export/home /home
root #mount 192.168.0.1:/export/data /data

The same applies when mounting the virtual root directory:

root #mount 192.168.0.1:/export /mnt

Troubleshooting

  • The system may become unresponsive during shutdown when the NFS client attempts to unmount exported directories after udev has stopped. To prevent this issue, a local.d script can be used to forcibly unmount the exported directories during shutdown:
FILE /etc/local.d/nfs.stop
/bin/umount -a -f -t nfs,nfs4
root #chmod a+x /etc/local.d/nfs.stop
  • Verify that the NFS server is running and listening for connections:
root #netstat -tupan | egrep 'rpc|Active|Proto'
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:34950           0.0.0.0:*               LISTEN      1891/rpc.statd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1875/rpcbind
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1875/rpcbind
udp        0      0 0.0.0.0:57655           0.0.0.0:*                           1891/rpc.statd
udp        0      0 0.0.0.0:774             0.0.0.0:*                           1875/rpcbind
udp        0      0 0.0.0.0:795             0.0.0.0:*                           1891/rpc.statd
  • Verify which NFS daemons are running:
root #rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  57655  status
    100024    1   tcp  34950  status
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  44208  nlockmgr
    100021    3   udp  44208  nlockmgr
    100021    4   udp  44208  nlockmgr
    100021    1   tcp  44043  nlockmgr
    100021    3   tcp  44043  nlockmgr
    100021    4   tcp  44043  nlockmgr
  • List the exported directories from the NFS server:
root #exportfs -v
/export       	192.168.0.0/24(rw,wdelay,crossmnt,insecure,root_squash,no_subtree_check,fsid=0,sec=sys,no_all_squash)
/export/home  	192.168.0.0/24(rw,wdelay,insecure,root_squash,no_subtree_check,sec=sys,no_all_squash)
/export/data  	192.168.0.0/24(rw,wdelay,insecure,root_squash,no_subtree_check,sec=sys,no_all_squash)
  • List the current open connections to the NFS server:
user $netstat -tn | egrep '2049|Active|Proto'
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 192.168.0.1:2049       192.168.0.10:884        ESTABLISHED
  • Verify that the exported directories are mounted by the NFS client:
user $netstat -tn | egrep '2049|Active|Proto'
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 192.168.0.10:997        192.168.0.1:2049        ESTABLISHED

External resources