Oracle Cloud Infrastructure - How to Setup a NFS server on Oracle Linux 7. (文档 ID 2504240.1)
APPLIES TO:
Oracle Cloud Infrastructure - Version N/A to N/A [Release 1.0]
Information in this document applies to any platform.
GOAL
This KM will explain how to setup a Basic NFS server and NFS client under Oracle Cloud Infrastructure.
Common issues will be showing.
SOLUTION
Enviroment :
NFS server: ol7nfsserveroracle IP: 10.0.1.10
NFS client : ol7nfsclientoracle IP: 10.0.1.11
ON NFS SERVER:
1- .Make sure that you have nfs-utils rpcbind on latest version
[root@ol7nfsserveroracle~]# yum install nfs-utils rpcbind
Loaded plugins: langpacks, ulninfo
Package 1:nfs-utils-1.3.0-0.61.0.1.el7.x86_64 already installed and latest version
Package rpcbind-0.2.0-47.el7.x86_64 already installed and latest version
Nothing to do
2- Enable and Start NFS services :
-nfs-server : process starts the NFS server and other RPC processes
RPC processes includes:
– rpc.statd : implements monitoring protocol (NSM) between NFS client and NFS server
– rpc.mountd : NFS mount daemon that implements the server side of the mount requests from NFSv3 clients.
– rpc.idmapd : Maps NFSv4 names and local UIDs and GIDs
– rpc.rquotad : provides user quota information for remote users.
[root@ol7nfsserveoracle~]# systemctl enable --now nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[root@ol7nfsserveroracle ~]# systemctl enable --now rpcbind
[root@ol7nfsserveroracle ~]# systemctl enable --now nfs-lock
[root@ol7nfsserveroracle ~]# systemctl enable --now nfs-idmap
2- Check the status of the NFS services:
[root@ol7nfsserveroracle ~]# systemctl status nfs
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Thu 2019-02-07 17:46:37 GMT; 59s ago
Main PID: 11915 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
Feb 07 17:46:37 ol7nfsserveroracle systemd[1]: Starting NFS server and services...
Feb 07 17:46:37 ol7nfsserveroracle systemd[1]: Started NFS server and services.
Hint: Some lines were ellipsized, use -l to show in ful
3- Add the directory that will be shared and the IP address of the instance that will mount it.
[root@ol7nfsservermau ~]# cat /etc/exports
/nfsshare 10.0.1.11(no_root_squash,rw,sync)
3.1- Restart the nfs services
[root@ol7nfsservermau ~]# systemctl restart nfs
[root@ol7nfsservermau ~]#
4-If firewalld is running add the following services on your firewalld
[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service mountd
success
[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service rpc-bind
success
[root@ol7nfsserveroracle ~]# firewall-cmd --permanent --zone public --add-service nfs
success
[root@ol7nfsserveroracle ~]# firewall-cmd --reload
success
5- Login to OCI console --> Instances --> Click on NFS-Server intance --> Attched Vnic --> Subnet --> On Resources --> Security List --> Select your Security list --> Edit All Rules -->
Open TCP port 111, 2049 and 20048 For UDP : 111 in Ingress rule for internal network.
ON NFS CLIENT
1- .Make sure that you have nfs-utils installed
[root@ol7nfsclientoracle~]# yum install nfs-utils rpcbind
Loaded plugins: langpacks, ulninfo
Package 1:nfs-utils-1.3.0-0.61.0.1.el7.x86_64 already installed and latest version
Package rpcbind-0.2.0-47.el7.x86_64 already installed and latest version
Nothing to do
2-Verify you can see the share:
[root@ol7nfsclientoracle ~]# showmount -e 10.0.1.10
Export list for 10.0.1.10:
/nfsshare 10.0.1.11
[root@ol7nfsclientoracle ~]#
3-Mount the NFS share:
[root@ol7nfsclientoracle ~]# mount -v -t nfs 10.0.1.10:/nfsshare /nfsshare
mount.nfs: timeout set for Thu Feb 7 17:59:48 2019
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.1.10,clientaddr=10.0.1.11'
3.1- Update /etc/fstab to mount NFS shares at boot time
[root@ol7nfsclientoracle ~]# cat /etc/fstab | grep -i nfs
10.0.1.10:/nfsshare /nfsshare nfs4 rw,bg,_netdev 0 0
[root@ol7nfsclientoracle ~]#
4- NFS Share is mounted successfully
[root@ol7nfsclientoracle ~]# df -h /nfsshare/
Filesystem Size Used Avail Use% Mounted on
10.0.1.10:/nfsshare 39G 2.1G 37G 6% /nfsshare
[root@ol7nfsclientoracle ~]#
COMMON ISSUES:
1- If firewalld does not have the ports or nfs services added on the firewalld you will get the following error on the NFS Client when you try to mount it:
[root@ol7nfsclientoracle ~]# mount -v -t nfs 10.0.1.10:/nfsshare /nfsshare
mount.nfs: timeout set for Thu Feb 7 18:09:41 2019
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.1.10,clientaddr=10.0.1.11'
mount.nfs: mount(2): No route to host
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.1.10,clientaddr=10.0.1.11'
mount.nfs: mount(2): No route to host
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.1.10,clientaddr=10.0.1.11'
mount.nfs: mount(2): No route to host
2- If you don't open a required NFS port on the OCI console - security list you will ger the following error:
[root@ol7nfsclientoracle ~]# mount -t nfs 10.0.1.10:/nfsshare /nfsshare
^C
[root@ol7nfsclientoracle]#
Time out - Hang
3- The export file on NFS server is sharing the share on as specific host 10.0.1.15 but our client is 10.0.1.11, in this case the export file need to be updated.
[root@ol7nfsclientmau ~]# mount -t nfs 10.0.1.10:/nfsshare /nfsshare
mount.nfs: access denied by server while mounting 10.0.1.10:/nfsshare <===
[root@ol7nfsclientmau ~]#
4- Make sure what instance can mount the share by running showmoiunt.
[root@ol7nfsclientmau ~]# showmount -e 10.0.1.10
Export list for 10.0.1.15: <=================== Should be 10.0.1.11
/nfsshare 10.0.1.15
[root@ol7nfsclientmau ~]#
Note 1: Please do not use a Public IP for NFS share.
It is not secure and it will have bad performance.
Note 2: If you have SELINUX enable on NFS server you might configure SELinux to allow remote hosts to access content that is exported through NFS.
nfs_export_all_ro -- allows file systems to be exported read-only
nfs_export_all_rw -- allows file systems to be exported read-write
use_nfs_home_dirs -- allows home directories to be exported over NFS
If SELinux is not required to be in enforcing mode you can disable or change it to permissive mode to void any issue.
Example:
[root@ol7nfsserveroracle ~]# setsebool -P nfs_export_all_rw 1
[root@ol7nfsserveroracle ~]#
[root@ol7nfsserveroracle ~]# getsebool -a | grep -i nfs
cobbler_use_nfs --> off
conman_use_nfs --> off
ftpd_use_nfs --> off
git_cgi_use_nfs --> off
git_system_use_nfs --> off
httpd_use_nfs --> off
ksmtuned_use_nfs --> off
logrotate_use_nfs --> off
mpd_use_nfs --> off
nagios_use_nfs --> off
nfs_export_all_ro --> off
nfs_export_all_rw --> on
nfsd_anon_write --> off
openshift_use_nfs --> off
polipo_use_nfs --> off
samba_share_nfs --> off
sanlock_use_nfs --> off
sge_use_nfs --> off
tmpreaper_use_nfs --> off
use_nfs_home_dirs --> off
virt_use_nfs --> off
xen_use_nfs --> off
[root@ol7nfsservermau ~]
[root@ol7nfsserveroracle ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing <=================================
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@ol7nfsserveroracle ~]#
[root@ol7nfsserveroracle ~]# getenforce
Enforcing
[root@ol7nfsserveroracle ~]#