Lab 8a NFS

Aims

1. To configure a Linux machine to act as an NFS server and NFS client

2. To understand the use of the exportfs command to list available exports

Task 1: Basic NFS client and server functionality

1. In this lab, we will setup NFSv4. The steps to setup NFSv4 are different to other NFS versions, e.g. v3 or v2.

1.1 On the Linux virtual machine, ensure the ens37 interface uses a static network address, e.g. 10.0.2.1/24.

1.2 Ensure the required packages - nfs-utils, rpcbind, and nfs4-acl-tools - are installed.

1.3 If they are not installed, you can install them by using dnf install packagename

1.4 In your virtual machine, create a directory called /share/IT_Projects. Export the /share/IT_Projects directory as read-only by modifying the _/etc/exports file. Only hosts on your local subnet (_10.0.2.0/24) should be able to mount this file system using NFS.

1.5 Turn on the rpcbind and NFS server service (daemons) using _systemctl.

systemctl start rpcbind

systemctl start nfs-server

1.6 Also use the _systemctl command to make sure these service(s) for NFS are enabled (start every time the machine boots in future).

Task 1 - Steps

1.1 Disable DNS settings

# vim /etc/sysconfig/network-scripts/ifcfg-ens33

//disable dns settint on ens33 if exist

#Dns1

:wq

Same on ens37 also ensure the IP address

# vim /etc/sysconfi/network-scripts/ifcfg-ens37

IP ADDR=10.0.2.1

#dns

:wq

Enable the network

# nmcli con reload ens33

# nmcli con reload ens37

# nmcli con up ens33

# nmcli con up ens37

Try to ping Google and it should work

# ping 8.8.8.8

1.2

Check if all required packages are installed or not

# rpm -q -nfs-utils

# rmp -q rpcbind

# rpm -q nfs4-acl-tools

In your virtual machine, create a directory called /share/IT_Projects.

Export the /share/IT_Projects directory as read-only by modifying the _/etc/exports file. Only hosts on your local subnet (_10.0.2.0/24) should be able to mount this file system using NFS.

1.4 Create a directory (read-only)

# mkdir /share/IT_Projects

# vim /etc/exports

/share/IT_Projects 10.0.2.0/24 ro

//local subnet//

:wq

1.5 Restart the service for the changes to take effect.

# systemctl start rpcbind

# systemctl start nfs-server

1.6 To make sure the system starts when rebooted, run the following commands:

# systemctl enable rpcbind

# systemctl enable nfs-server

1. Use the command exportfs -v to verify the /share/IT_Projects directory is exported. Also, verify that it is read-only (ro).

# exportfs -v

Test 1 – local mount

As a first test, use the same virtual machine as an NFS client to access the exported directory. In this case, we are using the same machine to act as both Client and Server (it is a client to itself). When you do this task it might help if you have two shell windows open and think of one of them as the Server and the other as the Client.

Create a directory called _{/mnt/projects} that we will use as a mount point (in your "client" shell window). Then, in your "client" shell window, try mounting your exported /share/IT_Projects directory onto the /mnt/projects mount point using the command below. This reflects what a client machine would do.

mount -t nfs4 10.0.2.1:/share/IT_Projects /mnt/projects

For testing:

1. Create a file in the _{/share/IT_Projects} directory (in your "server" shell window). Just using touch /share/IT_Projects/file1 is enough.

Verify that you can see "file1" (or whatever file you created) inside the _{/mnt/projects}directory too.

To test the service in the same machine (Server), open another terminal (as Client)

# mkdir /mnt/projects //temporary mount//

# mount -t nfs4 10.0.2.1:/share/IT_Projects /mnt/projects

Test it

Go to Server and create a file called file1

# touch /share/IT_Projects/file1

Next go to Client and check if the we can access the file1 file.

# ls /mnt/projects

2. Now try creating a file in the _{/mnt/projects} directory (in your "client" shell window), e.g. touch /mnt/projects/file2

(it shouldn't allow you, as you exported the filesystem read-only). Document the commands, testing process, and error message in your journal.

From the client site, let's see if file1 is read-only access.

# touch /mnt/projects/client

Error: there should be a message saying Read-only file system.

Finally, to finish the test, unmount the directory. Remember again that the command is "umount", not "unmount".

umount /mnt/projects

Before finishing task 1, unmount the directory:

# unmount /mnt/projects

If any of your shell windows is using the directory (e.g. because you used "cd" to change into the directory), the umount command won't allow you to unmount it. Just change directory to somewhere else. Document what happens (if you get an error message) and why.

Task 2: Advanced Task – Setup a separate Linux virtual machine to access the remote NFS share

Setup a second Linux virtual machine by either:

• creating a second "linked clone" of the Linux VM, if you are working in the labs at UTS (see Lab 1); or

• making a complete copy of your VM folder, if you are working on your own laptop or at home.

There are several ways to create a copy of VMs. Before we create a copy of a VM lets shutdown the Server.

We are creating a copy of our existing Linux VM Server. To do that, first shut down the Server.

VM > Power > Shut Down Guest

Copy the VM Server and rename it

After the copy task is completed, turn on the both VMs

This second machine will be configured to act as an NFS client. When you start the second VM and are asked whether you moved or copied it, make sure you say you copied it.

1. When you start the second VM, set the ens37 IP address to 10.0.2.3/24.

# vim /etc/sysconfig/network-scripts/ifcfg-ens37

Update IP addr

IPADDR=10.0.2.3

# nmcli con reload ens37

# nmcli con up ens37

Let's ping the Server

# ping 10.0.2.1

The Server and the Client should be able to ping each other.

As we copied the VM for testing purposes, it has the created files and directory we created earlier. Let's remove them from the Client:

# rm -rf /mnt/projects/

# rm -rf /share/IT_Projects/

# Vim /etc/exports

Remove the contents (it should be blank)

Save it

Restart the service

# systemctl restart rpcbind

# systemctl restart nfs-server

To check if there is nothing to share (should be nothing)

# exportfs -v

On Client

# mkdir /mnt/projects

Temporary mount

# mount -t nfs4 10.0.2.1:/share/IT_Projects /mnt/projects/

Error:

If we see a mount error on the Client machine, that is because the Firewall on the Server is blocking the NFS service. To fix the issue, Go to the Server and enable the NFS service

On the Server, open the Firewall

Server# firewall-config

Ø Zones > Public > Services > check NFS

Ø Configuration change it from Runtime to Permanent

Ø Configuration > Permanent

Ø Zone > Public > Services > check NFS (again for Permanent)

Now Go to the Client and try mount again.

To make mount permanent Go to /etc/fstab

# vim /etc/fstab

Add the following parameter:

10.0.2.1:/share/IT_Projects /mnt/projects nfs defaults 1 1

# reboot //to test that the Client machine mounts /share/IT_Projects when reboot//

After reboot,

# ls /mnt/projects

file1 // verified Client machine mounted /share/IT_Projects directory on reboot//

2. Install the required NFS packages as in Task 1.

3. Start up the NFS related services using _systemctl. Also make sure the NFS related services are enabled so they will start every time the machine boots in future.

4. Create the _{/mnt/projects} directory to use as a mount point. Mount the remote NFS exported directory

/share/_{IT_Projects} from server 10.0.2.1 onto _{/mnt/projects}. Verify you can access the remote directory from the client machine.

5. To automatically have the client machine mount the filesystem from the Server during startup, append

something like the following line to _/etc/fstab. Explore the fields in the _/etc/fstab file on the Client.

10.0.2.1/share/IT_Projects /mnt/projects nfs default 1 1

Reboot your second (Client) virtual machine and verify that it automatically mounts the remote NFS filesystem on boot and that you can access the remote NFS exported directory. The access should be read-only as before.

6. As a final test, on the NFS server, change the filesystem to read-write rather than read-only by editing

/etc/exports. Tell the Server to reread the exports file (re-export) with the -r option. Also make sure you change the UNIX filesystem permissions on the _{/share/IT_Projects} directory so it is writable. exportfs -_r (on the NFS server) _{chmod 777 /share/IT_Projects} (on the NFS server)

On the Client, ask it to remount the filesystem from the Server, using the remount option to mount:

mount -o remount /mnt/projects (on the NFS client)

Task 2.6 Steps

On the Server machine

Server# vim /etc/exports

Modify to the following

/share/IT_Projects 10.0.2.0/24(rw)

:wq

Server# exportfs -r

// Tell the Server to reread the exports file (re-export)

Server# chmod 777 /share/IT_Projects/

//changing the permissions for others to be able to read, write and execute within the directory//

Verify

To verify on the Client machine, remount the directory

Client# mount -o remount /mnt/projects

Client# touch /mnt/projects/Clients

//it should be successful in creating the file//

Verify that the client machine can now create and edit files in _{/mnt/projects}. If you are logged in as the root user, and create a file, what happens? Make sure you use "_{ls -l}" to see the long directory listing. Who owns the new file you created? (Hint: read about "root squash"). Note that if for whatever reason you can't create a second VM