Table of Contents
Red Hat 6.5 NFS Server
This server is installed using the kickstart as described in Red Hat Enterprise Linux 6.5 Management Server. It provides a few shares for the business application, but it also provides the home directories share, so users have the same home directory on all servers.
First we will install NFS server and configure shares.
Deploy NFS Server
The NFS software is already installed by the installation, which can be checked like this:
# yum list installed | grep nfs nfs-utils.x86_64 1:1.2.3-39.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5 nfs-utils-lib.x86_64 1.1.5-6.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
Create Share Directories
For now I need two shares, one for moving around data (business_tmp) and the home directores:
mkdir /data/all-servers-home mkdir /data/all-servers-business_tmp
Create NFS Shares
Add the required shares and their permissions in /etc/exports:
# Share the home directory will all redhat 6.5 servers /data/all-servers-home clientprd*.getshifting.local(rw,sync) /data/all-servers-home dbserverprd*.getshifting.local(rw,sync) /data/all-servers-home managementserver.getshifting.local(rw,sync) # Share the business_tmp directory will all unix and redhat servers /data/all-servers-business_tmp clientprd*.getshifting.local(rw,sync) /data/all-servers-business_tmp dbserverprd*.getshifting.local(rw,sync)
Start NFS Service
You can now start the NFS service and make it available after reboots like this:
service nfs restart chkconfig nfs on
You can now check the local shares by issuing this command:
showmount -e Export list for nfsserver.getshifting.local: /data/all-servers-business_tmp clientprd*.getshifting.local,dbserverprd*.getshifting.local /data/all-servers-home clientprd*.getshifting.local,dbserverprd*.getshifting.local,managementserver.getshifting.local
Note that if you want to run this against a remote server you need to add the remote servername to the command:showmount -e nfsserver
Open Firewall Ports
If you would run the command as described above to check if the shares are available you'll see that they are not. The system comes with a firewall by default so you first need to open the correct ports, which is done with the iptables command. However, since the port mapper can use different ports you first have to configure a few ports in the NFS config so you know which ports to open.
Configure Ports
I want to keep the default so simply uncomment the correct lines in the /etc/sysconfig/nfs file:
LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662
Open the Ports
Open the ports using the iptables command (here used with sudo):
# open ports for NFS and portmapper for PRD sudo iptables -I INPUT -p tcp -s 10.10.10.0/24 --dport 2049 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.10.0/24 --dport 2049 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.10.0/24 --dport 111 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.10.0/24 --dport 111 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.10.0/24 --dport 892 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.10.0/24 --dport 892 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.10.0/24 --dport 662 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.10.0/24 --dport 662 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.10.0/24 --dport 32803 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.10.0/24 --dport 32769 -j ACCEPT # open ports for NFS and portmapper for PRD management server sudo iptables -I INPUT -p tcp -s 10.10.100.10 --dport 2049 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.100.10 --dport 2049 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.100.10 --dport 111 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.100.10 --dport 111 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.100.10 --dport 892 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.100.10 --dport 892 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.100.10 --dport 662 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.100.10 --dport 662 -j ACCEPT sudo iptables -I INPUT -p tcp -s 10.10.100.10 --dport 32803 -j ACCEPT sudo iptables -I INPUT -p udp -s 10.10.100.10 --dport 32769 -j ACCEPT sudo service iptables save
Note that you could skip the portmapper port (111) in case you would run a pure NFSv4 environment.
TIP on AutoFS for HomeDirs
After you've configured the auto mounting for home directories in configure_autofs_for_homedirs you might want to set some special things. It might be convenient to set a different home directoy place, so in the properties in the AD account change the homedir value:
You also have to create the home directories for the users manually due to some bugs and SELinux constraints. I will create an automatic script for this but that is not finished yes. For now follow these steps to create the homedir:
- sudo mkdir /data/all-servers-home/adminsjoerd
- sudo cp -R /etc/skel/.??* /data/all-servers-home/adminsjoerd
- sudo chown -R adminsjoerd:UNIX-Servers-AdminGroup /data/all-servers-home/adminsjoerd
If you want to use the same directory on the NFS server itself also create a symbolic link to the share:
- cd /home
- ln -s /data/all-servers-home/ GETSHIFTING
More Information
NFS Version
You can see the NFS version of the shares with the rcpinfo command. Running that will show the NFS version in the second column:
rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 38834 status 100024 1 tcp 54364 status 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad ...<cut>...
Errors
Error:
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
Solution: Open the correct firewall ports
Error:
rpc mount export: RPC: Unable to receive; errno = No route to host
Solution: Uncomment the ports in /etc/sysconfig/nfs and open the specified ports in the firewall