User Tools

Site Tools


unix:freebsd:system_builds:nfsserver

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
unix:freebsd:system_builds:nfsserver [2019/07/11 02:11]
127.0.0.1 external edit
unix:freebsd:system_builds:nfsserver [2019/11/08 17:52] (current)
rodolico [Configure and start NFS]
Line 8: Line 8:
  
 We also want to export to a couple of running virtuals to store large amounts of data. Since they have public interfaces, we need to set up our nfs server to only allow limited access to our nfs server, both by limiting through nfs and also with firewalls. We also want to export to a couple of running virtuals to store large amounts of data. Since they have public interfaces, we need to set up our nfs server to only allow limited access to our nfs server, both by limiting through nfs and also with firewalls.
 +
 +===== Set up storage space =====
 +
 +First, we need some directories to export. Since we want to configure space, etc..., we will do this by creating zfs entries.
  
 <code bash> <code bash>
 zfs create -o atime=off -o dedup=off -o mountpoint=/​media/​nfs_root storage/​nfs_root zfs create -o atime=off -o dedup=off -o mountpoint=/​media/​nfs_root storage/​nfs_root
  
-zfs create ​-o sharenfs='​alldirs,​network 10.19.209.0/​24' ​-o quota=100G storage/​nfs_root/​dom0 +zfs create -o quota=100G storage/​nfs_root/​dom0 
-mkdir /​media/​nfs_root/​dom0/​xen-configs +mkdir -p /​media/​nfs_root/​dom0/​xen-configs 
-mkdir /​media/​nfs_root/​dom0/​xen-store +mkdir -p /​media/​nfs_root/​dom0/​xen-store 
-mkdir /​media/​nfs_root/​dom0/​xen-images+mkdir -p /​media/​nfs_root/​dom0/​xen-images
 chmod 777 /​media/​nfs_root/​dom0/​xen* chmod 777 /​media/​nfs_root/​dom0/​xen*
  
-zfs create ​-o sharenfs='​network 10.19.209.144/​32' ​storage/​nfs_root/​simon +zfs create storage/​nfs_root/​simon 
-zfs create ​-o sharenfs='​network 10.19.209.155/​32' ​storage/​nfs_root/​strax+zfs create storage/​nfs_root/​strax
 </​code>​ </​code>​
  
Line 27: Line 31:
  
 Finally, we create two stores for some servers to put their stuff in, and we limit access to them to only the server itself. Finally, we create two stores for some servers to put their stuff in, and we limit access to them to only the server itself.
 +
 +===== Configure and start NFS =====
 +
 +NFS can be exported via ZFS, but that appears to be a little flaky still, so I went back to the old, tried and true (v1 was built by Sun Microsystems in 1984). On FreeBSD (and everything else I've worked on), this is done via the ///​etc/​exports//​ file. Following will export our stuff:
 +
 +<code bash exports>
 +/​media/​nfs_root/​dom0 ​ -alldirs ​ 10.81.210.37 10.81.210.32
 +/​media/​nfs_root/​simon ​ -maproot=root ​ 192.168.150.68
 +/​media/​nfs_root/​strax ​ -maproot=root ​ strax.example.com
 +</​code>​
 +
 +**Note:** <code bash>​service mountd reload</​code>​ must be run any time the exports file is modified.
 +
 +This allows servers at IP addresses 10.81.210.37 and 10.81.210.32 to access /​media/​nfsroot/​dom0,​ and mount specific directories under it independantly. We then set up simon and strax to mount the other two, limiting simon by IP address and strax by it's DNS name. In this case, we allow the root user to mark files/​directories as the root user (vs nobody).
 +
 +There are tons of other options. See [[https://​www.freebsd.org/​doc/​handbook/​network-nfs.html]] for a brief discussion and/or //man 5 exports// on any Unix system for details.
 +
 +You can now start nfs by
 +<code bash>​service nfsd onestart</​code>​
 +which will start rpcbind and nfsd. If you have an error, you can shut it down with two commands:
 +<code bash>
 +service nfsd onestop
 +service rpcbind onestop
 +</​code>​
 +
 +When you have no errors, you can set this up to be permenant by adding the following to /​etc/​rc.conf
 +
 +<code bash rc.conf.additional>​
 +rpcbind_enable="​YES"​
 +nfs_server_enable="​YES"​
 +# the -h below binds nfsd to a specific IP, so a machine with
 +# multiple IP's will only respond if this one is used for the
 +# request
 +mountd_flags="​-r -h 192.168.0.1"​
 +# uncomment the following lines if server side file locks are
 +# needed. Note you must replicate this on the clients
 +#​rpc_lockd_enable="​YES"​
 +#​rpc_statd_enable="​YES"​
 +</​code>​
 +
 +nfs will now be enabled at boot time. Note the two commented lines beginning with rpc_. Enabling these if you ever need server side locking on your nfs mounts. You must also enable them on each client. Locks will then be honored for all clients which access this mount.
 +
 +Note the mountd_flags entry. mountd is what actually handles the mount request from clients. The -r flag allows individual files to be mounted, such as swap a swap file, or a virtual image. Additional flags may be specified. See //man 5 mountd// for more information. Two nice ones are the -h and -p flags which allow you to specify the IP and Port mountd will listen on.
  
  
unix/freebsd/system_builds/nfsserver.1562829078.txt.gz · Last modified: 2019/07/11 02:11 by 127.0.0.1