From Fedora Project Wiki
m (offering people to extend article)
Line 120: Line 120:
It is hard to find since, it seems, '''NFSv4''' disapeard from updated docs.  
It is hard to find since, it seems, '''NFSv4''' disapeard from updated docs.  


RedHat recommends, on RHEL5 Docs, that one should use automount instead of /etc/fstab; which saves resources when sharing to multiple workstations. I haven't had the time to try this configuration. This document will be modified/augmented once I've got the hang of it.
RedHat recommends, on RHEL5 Docs, that one should use automount instead of /etc/fstab; which saves resources when sharing to multiple workstations. Feel free to extend it if you know how ;=)


== Added Reading ==
== Added Reading ==

Revision as of 08:18, 8 November 2013

Sharing files with NFSv4 on Fedora (Server & Client configuration)

Description

This HowTo explains how to set up the Network File System version 4 on your LAN for multiple shares. It explains, also, how to mount the exports on your client.

Tested in Fedora Versions

  • Fedora 19

Requirements

The nfs-utils package provides what's need for both then client and the server. However, to make sure it's installed, run the following command. Enter your root password when prompted:

su -c "yum install nfs-utils"

Server requirements (services)

  • rpcbind
  • rpcidmapd
  • nfslock
  • nfs

Client requirements ((services)

  • rpcbind
  • rpcidmapd
  • nfslock
  • nfs

Doing the Work

Configuring the server

  • Change your eth1 (internal) interface to the "internal" zone
su -c 'firewall-cmd --zone=internal --change-interface=eth1'
  • Open up the necessary port on the firewall (port: 2049 TCP).
su -c "firewall-cmd --permanent --zone=internal --permanent --add-service=nfs"
su -c "firewall-cmd --reload"
  • Edit /etc/idmapd.conf. Enter your root password when prompted:
su -c "vim /etc/idmapd.conf"
  • Configure your domain name and change the users to nfsnobody:
[General]
Domain = domain.tld

[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
  • Enable rpcbind, rpcidmapd, nfslock, and nfs services to start at boot:
su -c "systemctl enable rpcbind.service rpcidmapd.service nfslock.service nfs.service"
  • Start those services:
su -c "systemctl start rpcbind.service rpcidmapd.service nfslock.service nfs.service"
  • Edit /etc/exports. Enter your root password when prompted:
su -c "vim /etc/exports"
  • Add your shares here (available to your home network) If you want your shares to be read only, change rw to ro from these statements:
/srv/nfs/share1     192.168.1.0/255.255.255.0(rw,async)
/srv/nfs/share2     192.168.1.0/255.255.255.0(ro)
/srv/nfs/share3     192.168.1.0/255.255.255.0(rw)
  • Reload your exports:
su -c "/usr/sbin/exportfs -rv"
  • Edit your /etc/hosts.allow file, so your clients are allowed to access your shares:
su -c "vim /etc/hosts.allow"
  • Allow your LAN to access your shares:
rpcbind: 192.168.1.0/255.255.255.0

Configuring the clients

  • Edit /etc/idmapd.conf. Enter your root password when prompted:
su -c "vim /etc/idmapd.conf"
  • Configure your domain name and change the users to nfsnobody:
[General]
Domain = domain.tld

[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
  • Edit /etc/fstab:
su -c "vim /etc/fstab"
  • Add the desired shares:
<ip-address-to-server>:/share1  /mnt/share1                                         nfs4    rsize=8192,wsize=8192,timeo=14,soft
<ip-address-to-server>:/share2  /srv/www/somewebsite.tld/default/public/share2      nfs4    rsize=8192,wsize=8192,timeo=14,soft
<ip-address-to-server>:/share3  /home/user/share3                                   nfs4    rsize=8192,wsize=8192,timeo=14,soft
Note.png
SELinux Booleans
You need to remember to activate a relevant boolean. There a few SELinux booleans for nfs in general. Make sure to check them by using getsebool -a | grep -i nfs and enable them permanently with setsebook -P <someboolean>=1 <someotherbool>=1 ...
  • Remount everything:
su -c "mount -a"

Common problems and fixes

Can't write to a rw share

Nope, it's just that you're using root to try and write while not adding no_root_squash to your exports. This will map root to nfsnobody you on the other server so if nfsnobody doesn't have write permissions at your server, you're screwed.

You should read man exports to get more info on this.

More Information

It is hard to find since, it seems, NFSv4 disapeard from updated docs.

RedHat recommends, on RHEL5 Docs, that one should use automount instead of /etc/fstab; which saves resources when sharing to multiple workstations. Feel free to extend it if you know how ;=)

Added Reading