NFS Server Deployment Guide#

The following instructions are for deploying the NFS server.

Prerequisites#

This guide is written for a Red Hat Enterprise Linux 8 based operating system which is operating within a cluster of systems.

Follow-on Deployments#

The following guides can be applied after the deployment of their associated nodes.

References#

Instructions are based on the following documentation:
https://www.server-world.info/en/note?os=Rocky_Linux_8&p=nfs&f=1

Post Deployment#

The Cockpit Management Web Interface can be accessed at the following URLs:
NSF Server Node: https://nfs01.engwsc.example.com:9090

Deployment Scripts#

An example bash script of the instructions has been provided: deploy-nfs-server.sh

Deployment Steps#

Note

Instructions assume execution using the root account.

  1. Install required NFS server packages:

dnf -y install nfs-utils

  1. Enable Cockpit:

dnf -y remove cockpit-podman
systemctl enable --now cockpit.socket

  1. Set the Domain Name:

Important

Replace engwsc.example.com with the domain name of your network.

sed -i 's/#Domain = local.domain.edu/Domain = engwsc.example.com/g' /etc/idmapd.conf

  1. Create directories that will be exported by NFS:

# Create Directories
mkdir -p /srv/nfs/app
mkdir -p /srv/nfs/backup
mkdir -p /srv/nfs/home
mkdir -p /srv/nfs/mirror
mkdir -p /srv/nfs/scratch

# Set owner to root
chown -R root:root /srv/nfs/app
chown -R root:root /srv/nfs/backup
chown -R root:root /srv/nfs/home
chown -R root:root /srv/nfs/mirror
chown -R root:root /srv/nfs/scratch

# Limit file and directory creation to root at this level
chmod 755 /srv/nfs/app
chmod 755 /srv/nfs/backup
chmod 755 /srv/nfs/home
chmod 755 /srv/nfs/mirror
chmod 755 /srv/nfs/scratch

# Set SELinux context
chcon -R -t user_home_dir_t /srv/nfs/home
semanage fcontext -a -t user_home_dir_t /srv/nfs/home

  1. Create exports file:

Important

Replace the IPv4 Address and Subnet mask with the value of your network.

sh -c 'cat >> /etc/exports <<EOL

# NFS Exports
/srv/nfs/app     192.168.1.0/24(rw,sync,secure,wdelay,no_subtree_check,no_root_squash)
/srv/nfs/backup  192.168.1.0/24(rw,sync,secure,wdelay,no_subtree_check,no_root_squash)
/srv/nfs/home    192.168.1.0/24(rw,sync,secure,wdelay,no_subtree_check,no_root_squash)
/srv/nfs/mirror  192.168.1.0/24(rw,sync,secure,wdelay,no_subtree_check,no_root_squash)
/srv/nfs/scratch 192.168.1.0/24(rw,sync,secure,wdelay,no_subtree_check,no_root_squash)

EOL'

  1. Start the NFS serices:

systemctl enable --now rpcbind nfs-server

  1. Configure firewall rules:

Important

Replace the IPv4 Address and Subnet mask with the value of your network.

Note

The additional firewalld rule firewall-cmd --zone=nfs-server --add-service={nfs3,mountd,rpc-bind} --permanent is required if supporting NFSv3.

systemctl enable --now firewalld
firewall-cmd --zone=public --add-source=192.168.1.0/24 --permanent
firewall-cmd --zone=public --add-service=cockpit --permanent
firewall-cmd --zone=public --add-service=nfs --permanent
firewall-cmd --reload