5. Network File System (NFS)

5.1. Outline of the NFS topic

  • Network File System (NFS) sharing.

  • Services involved in NFS

  • File system exporting and mounting

  • NFS server setup on a VM

  • NFS client setup on a VM

  • File access permissions on a server

  • Automount


5.2. File system sharing over network

NFS defines a method of sharing files in which files residing on one or more remote servers can be accessed on a local client system in a manner that makes them appear as local files and directories.


5.3. NFS versions

  • NFS was originally developed by Sun Microsystems:

NFS versions

NFSv2 released in 1985 (no longer supported on Ubuntu and RedHat)
NFSv3 released in 1995
NFSv4 released in 2003 (developed by Internet Engineering Task Force (IETF)) 
NFSv4.1 released in 2010
NFSv4.2 released in 2016
  • Detailed info about the NFS versions for Linux is available at on Wiki (Links to an external site.) NFS support should be enabled in Linux kernel. Check the kernel config file for ‘CONFIG_NFS’:

grep CONFIG_NFS /boot/config-*

output

CONFIG_NFS_V2=m
CONFIG_NFS_V3=m
CONFIG_NFS_V3_ACL=y
CONFIG_NFS_V4=m
CONFIG_NFS_V4_1=y
CONFIG_NFS_V4_2=y
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
CONFIG_NFS_V4_1_MIGRATION=y
CONFIG_NFS_V4_SECURITY_LABEL=y

5.4. File system virtualization

  • VFS is an abstraction of a local file system provided by Kernel for an application.

  • Platform independent.

  • Preserves or emulates Unix file system semantics.


5.5. Example of physical file locations

In a python script we may use files referenced by their full path:

f1 = open("/home/hostadm/python/parameters.txt","w")
f2 = open("/NFS/python/parameters.txt","w")

Files f1 and f2 can physically reside anywhere, on the local file system or NFS. The application doesn’t care. It is the task of the VFS to provide access to the files by their full path.


5.6. NFS and RPC

  • NFS utilizes Remote Procedure Calls (RPC) layer for server – client communications.

  • Marshalling - Packaging arguments in XDR (eXternal Data Representation) format.

  • XDR format is platform independent

  • RPC allows applications on one host to call procedures (functions) on the other remote host

  • RPC allows a server to respond to more than one version of a protocol at the same time (NFS 4 or 3).


5.7. NFS in the 7 layer OSI tcp/ip protocol

  • NFS, XDR and RPC fit into the top 3 layes of the OSI model.

  • XDR translates DATA into canonical (platform independent) format

  • RPC provides remote procedure calls that appear as local processes.


5.8. NFS server daemons

  • Daemons are processes running on a server and providing some services.

  • Several daemons are involved in NFS.

  • The same server can offer NFSv4 and NFSv3 file system access. It is up to the client to decide which version to use.

NFS version 3 server daemons:

NFS version 4 server daemons:

rpcbind handles RPC requests and registers ports for RPC services.

(Unnecessary in NFSv4. Good to have for diagnostics.)

rpc.mountd handles the initial mount requests.

rpc.mountd handles the initial mount requests.

nfsd or [nfsd] handles data streaming.

nfsd or [nfsd] handles data streaming.

rpc.rquotad handles user file quotas on exported volumes.

rpc.lockd handles file locking to make sure several processes don’t write into the same file.

rpc.statd Interacts with the rpc.lockd daemon and provides crash and recovery for the locking services.

rpc.idmapd handles user and group mapping (optional).

  • To verify that the services have started and registeresd with rpcbind, run command

    rpcinfo -p
    
  • To see rpc services on a remote host, for example with IP address 192.168.112.3:

    rpcinfo -p 192.168.112.3
    

5.9. NFS client daemons

NFS version 3 client daemons

NFS version 4 client daemons

rpcbind

rpcbind (unnecessary)

rpc.lockd

rpc.statd

rpc.idmapd (optional)


5.10. NFS mount and file handle

  • An NFS client receives file handles from NFS server when executes mount and lookup calls.

mount

  • The file handles on a client relate to the file pointers on an NFS server (inode number, disk device number, and inode generation number).

  • If the NFS server crashes or reboots, NFS dependent applications on the client hang and then continue running after the server becomes available.

  • If the file system on the server is changed or corrupted, the client gets a stale file handle error.


5.11. Export/mount directory over NFS

  • NFS server exports a directory and NFS client mounts it.

  • NFS server may run several versions of NFS, for example, NFSv3, and NFSv4.

  • NFS client chooses the NFS version at the mount time.


5.12. Remove old unneded VM (exercise)

To reclaim some disk space, let’s remove netplan VM:

virsh shutdown netplan
virsh undefine netplan
cd KVM
rm netplan.qcow2

5.13. VM setup for NFS (Exercises)

Clone kvm1 to a new NFS server VM host, master, by executing the command below:

virt-clone  -o kvm1 -n master -f /home/hostadm/KVM/master.qcow2

Check if the new VM is in the list, start it, then login to its console:

virsh list --all
virsh start master
virsh console master

Fix the host name: Replace kvm1 with master in /etc/hostname file. Reset the machine ID by running the following commands on master:

./vm_id_reset.sh

Execute command reboot Reboot the VM. After reboot, the new VM should come up with the correct host name and the MAC address. Clone kvm1 to a new NFS client VM host, n01, by executing the command below:

virt-clone -o kvm1 -n n01 -f /home/hostadm/KVM/n01.qcow2

Fix the host name and the host ID of n01 in the same way as for master VM above. Both the VMs need to be able to communicate with each other by their host names, therefore we need to define their host name-to-ip match in /etc/hosts files. In /etc/hosts file on the master put the IP addreaas of n01 and host name n01, for example:

192.168.122.216    n01

On n01 VM, similarly set the host name resolution for the master in /etc/hosts file, for example:

192.168.122.9    master

Note, the IP addresses may be different from above for your VMs


5.14. Update Linux kernel on master VM (Exercises)

On the master, run command below

cd /boot
grep NFS config-5.15.0-1059-kvm

It shows

in the output, there is:

# CONFIG_NFSD is not set

The kernel is not suitable for running NFS server.

Install the latest linux kernel by running following commands on master VM:

sudo apt install linux-image-6.5.0-35-generic

Reboot the VM.

Login to the VM, then remove the old kernel package:

sudo apt remove linux-image-5.15.0-1059-kvm

Run command below to verify that you are running the installed kernel:

uname -a

Run

grep NFS /boot/config-6.5.0-35-generic

it shows CONFIG_NFSD=m and CONFIG_NFSD_V4=y, which means we can install and run NFS server.


5.15. NFS server configuration (Exercises)

Install NFS server packages on master VM by following the instructions below.

apt install rpcbind nfs-common nfs-kernel-server

Create a directory to export:

mkdir -p /NFS/home

Modify file /etc/exports to include the following entry:

file content

/NFS/home n01(rw)

Make sure host n01 is reachable from master:

ping -c 2  n01

Restart the NFSv4 related service:

systemctl restart nfs-kernel-server

Make sure the services are running by executing command rpcinfo:

rpcinfo -p

You should see the following:

output

program vers proto   port  service
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  41147  status
100024    1   tcp  50021  status
100005    1   udp  45022  mountd
100005    1   tcp  47677  mountd
100005    2   udp  43482  mountd
100005    2   tcp  60947  mountd
100005    3   udp  50653  mountd
100005    3   tcp  36245  mountd
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100227    3   tcp   2049
100003    3   udp   2049  nfs
100227    3   udp   2049
100021    1   udp  40359  nlockmgr
100021    3   udp  40359  nlockmgr
100021    4   udp  40359  nlockmgr
100021    1   tcp  37625  nlockmgr
100021    3   tcp  37625  nlockmgr
100021    4   tcp  37625  nlockmgr

Run command below to see what and how is exported by the NFS server:

showmount -e

5.16. NFS client configuration (Exercises)

Install the NFS related packages by using apt on n01 VM:

apt install nfs-common

Run command rpcinfo pointing at the server:

rpcinfo -p master

If you see the same output as on the NFS server, it means the server allows you to access the rpcbind and the rpc services. Check what directories are exported to you from the server:

/sbin/showmount -e master

It should show:

output

/NFS/home   n01

Now you are ready to mount its directory on n01.


5.17. NFS file system mount

NFS mount


5.18. NFS mount on a client (Exercises)

Create a new mounting point and mount the exported directory onto it via NFS:

mkdir -p /NFS/home
mount  master:/NFS/home /NFS/home

To make sure the directory has been mounted, run command

mount

Run also

df -h

The mounted directory shows up in the bottom of the file systems list:

output

master:/NFS/home   3.9G   1.5G   2.3G   39%  /NFS/home

Unmount the directory,

umount /NFS/home

Modify file /etc/fstab

nano /etc/fstab

include a new entry with /NFS/home:

/etc/fstab

master:/NFS/home    /NFS/home    nfs    rw     0    0

Then run

mount -a

Check if it is mounted

df -h

Reboot n01 VM, login to the VM, and make sure /NFS/home gets mounted:

df -h

5.19. File access on NFS by uid match (Exercise)

  • To secure file access, NFS either assumes UID match or has IDMAPD service configured.

  • We’ll create two user accounts with mismatched UID first, then fix one to be the same as the other.

  • On the NFS server, master VM, create a new user with home directory in /NFS/home:

/usr/sbin/groupadd -g 1666 edward
/usr/sbin/useradd -m -s /bin/bash -u 1666 -g 1666 -d /NFS/home/edward edward

Copy some files from /etc into directory /NFS/home/edward and give them ownership “edward”:

cp /etc/hosts /NFS/home/edward
cp /etc/nsswitch.conf /NFS/home/edward
chown edward:edward /NFS/home/edward/*

Then

cp /etc/group /NFS/home/edward

and live it with root ownreship.

  • On the NFS client VM, n01, run command

ls -l /NFS/home/edward

Since there is no user with UID=1666 and GID=1666 on the node, the mounted directory would belong to a non-existent user:

ls -l /NFS/home/edward

total 5

output

-rw-r--r--    1 1666      1666           104 Feb 10 19:32 hosts
-rw-r--r--    1 1666      1666          1750 Feb 10 19:32 nsswitch.conf
-rw-------    1 root     root          114 Feb 10  2003 group

Create user edward with UID=GID=1667:

/usr/sbin/groupadd -g 1667 edward
/usr/sbin/useradd -s /bin/bash -u 1667 -g 1667 -d /NFS/home/edward edward

Assign password to the user:

passwd edward

Now try to change the ownership of the directory on the node:

chown edward:edward /NFS/home/edward

It doesn’t work:

output

chown: changing ownership of `/NFS/home/edward': Operation not permitted

Change the UID and GID of edward to be consistent with those on the NFS server:

/usr/sbin/groupmod -g 1666 edward
/usr/sbin/usermod -u 1666 -g 1666 edward

Become user edward then step into directory /NFS/home:

su edward
cd /NFS/home/edward

and see if you can create files in this directory:

touch  newfile.txt

Exit from user edward account:

exit

5.20. Unmounting busy directories (Exercises)

Open another terminal on your desktop and ssh to n01 as user edward. You can figure out the IP address of n01 by running command ip addr in the console of n01. For example, if n01 has IP address 192.168.122.64, the ssh command on the desktop looks as follows:

ssh edward@192.168.122.216

Note, in your KVM environment the IP address of n01 may be different.

In the ‘root’ console of n01 try to unmount the directory:

umount /NFS/home

If the directory can not get unmounted and you receive error message “device is busy”, check what processes hold the directory by executing command lsof +D on the file system. Specifically, in our case:

lsof +D  /NFS/home

Kill the process, for example with PID 1367, and try to unmount the directory again.

kill -9 1367
umount /NFS/home

Comment the NFS entry in /etc/fstab file:

/etc/fstab

# master:/NFS/home    /NFS/home    nfs   rw    0   0

Try to avoid NFS mounting through /etc/fstab. Use either manual mount or automount.


5.21. Automount (Exercises)

Install autofs on n01 (NFS client).

apt install autofs

Make sure /NFS/home directory is unmounted:

df -h

If it shows in the list of mounted file systems, unmount it:

umount /NFS/home

Remove directory /NFS/home:

rmdir /NFS/home

Configure the master map file, /etc/auto.master, and specify the timeout 60 seconds. The content of file /etc/auto.master should be the following:

/etc/auto.master:

/NFS   /etc/auto.exports  --timeout=30

Configure the exports map file, /etc/auto.exports:

/etc/auto.exports:

home  -rw  master:/NFS/home

Restart or reload autofs:

systemctl restart autofs

Access the file system and check if it gets mounted:

cd /NFS/home
df -h

Step out of the directory:

cd

Run command df -h again in about two minutes to see if it gets unmounted automatically after the inactivity period.


5.22. Stale NFS file handle (Exercise)

On the NFS server, master, create a new directory tree under NFS exported directory:

mkdir -p /NFS/home/test/demo

On the client, n01, step into the directory:

cd /NFS/home/test
ls

On the NFS server, master, remove directory test with its subdirectory:

cd /NFS/home
rm -rf test

On the client, run

ls

It should give you the following error:

output

ls: cannot open directory .: Stale NFS file handle

Step out of the NFS mounted directory:

cd /

The autofs will unmount the NFS directory after the inactivity period, one minute in our case. Next time the NFS is mounted, it will contain the updated directory tree.


5.23. Export NFS from master to rocky VM (exercise)

  • On master VM, make sure you can ping rocky:

ping -c 3 rocky
  • If the ping doesn’t respond, include the IP address of rocky in file /etc/hosts.

  • Export directory /NFS/home to rocky by following two steps below: Edit file /etc/exports on master VM and add the line below

/NFS/home  rocky(rw)

Run command

exportfs -a

Verify the exports by running command showmount on master VM:

showmount -e master

5.24. Setting NFS client on Redhat (Exercise)

On rocky VM, install the packages for NFS services:

dnf install nfs-utils

Verify that rocky can reach out to the RPC on master:

rpcinfo -p master

Verify that rocky can get the exported NFS directory from master:

showmount -e master

On rocky VM, create the mount point:

mkdir -p /NFS/home

Mount the NFS directory from master VM.

mount master:/NFS/home /NFS/home

Verify that the directory is mounted:

df -h

Unmount the directory:

umount /NFS/home