Ubuntu - Setting up an NFS (Server and Client)

What is NFS?

"NFS stands for Network File System, a file system developed by Sun Microsystems, Inc. It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory"

"The NFS protocol is designed to be independent of the computer, operating system, network architecture, and transport protocol. This means that systems using the NFS service may be manufactured by different vendors, use different operating systems, and be connected to networks with different architectures. These differences are transparent to the NFS application, and thus, the user. "
[ source ]

Host Installation Steps

To set up an NFS host in Ubuntu, you need to run the following command to install the necessary packages:

sudo apt-get install nfs-kernel-server nfs-common -y

Add lines to your

/etc/exports file
, specifying the directory locations that you want shared on the network like below:
sudo $EDITOR /etc/exports

Here's another example with comments explaining each part.

# Share the top level 'files' directory
# Allow access from computers accessing from the IPs in the range of 192.168.1.1 -> 192.168.1.255
# The client can access/edit files as if they were a root user on the host
# Grant both read and write access (rw)
/files 192.168.1.1/24(rw,no_root_squash,async)
If you want to allow read only access, you need to specify "ro", not just "r"
You cannot export encrypted directories. This means that if you selected "encrypt home directory" during your Ubuntu installation, you cannot export your home directory, or any of its subdirectories.

root_squash or no_root_squash?

The option 'root_squash' prevents root users connected remotely from having root privileges and assigns them the nfsnobody user ID. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the NFS host.

The alternative option 'no_root_squash', allows the root user on the client to access/create files as root on the NFS host which is dangerous, so don't enable this unless you know that you need to. Typically this is needed if one is hosting root filesystems on an NFS server for diskless clients (e.g. AWS EC2).

async or sync?

Async mode (which is the default) means that the system will reply to a client's write request, stating that it has completed, as soon as it has handled the request by passing it off to the filesystem to manage, rather than waiting for it to be written to stable storage (e.g. replying as soon as it has gone into cache rather than disk). This yields much better performance at the expense in a risk of data corruption should the server reboot or lose power whilst still holding data in cache.

If your system needs to work with other proprietary systems that work with NFS (Solaris, HP-UX, RS/6000, etc.), you will need to enable sync mode.

subtree_check or no_subtree_check?

There is a great explanation of this here, but to sum up, the subtree_check causes the host to check that a client request is not going outside the domain of the exported directory. This is only necessary when you are exporting a subdirectory within a filesystem and not the entire filesystem. However, this can cause issues, so the best choice of action is this: always use no_subtree_check (the default), and if you are making a public NFS, then set up the disk partitions so that you are only ever exporting entire filesystems.

Applying Export Changes

Whenever you make changes to the /etc/exports file, for them to take effect you need to run the following command which will let you know if there are any issues, and tell you about any defaults it assumes.

sudo exportfs -a

Restart NFS Service

You can restart the NFS service at any point with the following command:

sudo /etc/init.d/nfs-kernel-server restart

Client Steps

To be able to mount NFS shares as a client, you need to run the following command to install the relevant packages:

sudo apt-get install nfs-common -y

Mount the NFS by adding a line to your /etc/fstab file like below:

$NFS_HOST_IP:$HOST_EXPORT_DIR_PATH $LOCAL_DIR nfs auto 0 0
The last 0 indicates that we should never perform filesystem checks for this on boot (fsck).

Now run the following command to mount everything in your fstab.

sudo mount -a

If you just want to mount once, and not automatically on startup, then instead of adding to your fstab and calling mount -a, simply run this instead:
sudo mount $NFS_HOST_IP:$HOST_EXPORT_DIR_PATH $LOCAL_DIR

References

No comments:

Post a Comment