RH354 - ch05s06

Bookmark this page

Guided Exercise: Administering NFS Enhancements

In this exercise, you will configure NFS using the nfsconf utility and investigate changes to the NFS service in Red Hat Enterprise Linux 8.

Outcomes

You should be able to install and configure an NFSv4-only Server, to provide shared storage, and use autofs on client side to consume it.

Install all necessary packages to export NFS shares on servera.

[student@workstation ~]$ ssh root@servera

Install the nfs-utils package on servera, if not already installed.

[root@servera ~]# yum install nfs-utils
...output omitted...
Is this ok [y/N]: y
...output omitted...

Enable the nfs-server service on servera to start at boot time.

[root@servera ~]# systemctl enable --now nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.

Using the nfsconf command to configure /etc/nfs.conf, enable NFS Server to work in just version 4.X, and also ensure that TCP mode is enabled and UDP mode is disabled.

Review the available tags and sections in the /etc/nfs.conf file.

[root@servera ~]# cat /etc/nfs.conf
#
# This is a general configuration for the
# NFS daemons and tools
...output omitted...
[nfsd]
# debug=0
# threads=8
# host=
# port=0
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
#
...output omitted...

Disable the tags udp, vers2, vers3, configure them with nfsconf tool.

[root@servera ~]# nfsconf --set nfsd udp n
[root@servera ~]# nfsconf --set nfsd vers2 n
[root@servera ~]# nfsconf --set nfsd vers3 n

Enable the tags vers4, vers4.0, vers4.1, vers4.2 , configure them with nfsconf tool.

[root@servera ~]# nfsconf --set nfsd tcp y
[root@servera ~]# nfsconf --set nfsd vers4 y
[root@servera ~]# nfsconf --set nfsd vers4.0 y
[root@servera ~]# nfsconf --set nfsd vers4.1 y
[root@servera ~]# nfsconf --set nfsd vers4.2 y

Disable listening for the RPCBIND, MOUNT, and NSM protocol calls, which are not necessary in the NFSv4-only case. Disable related services:

[root@servera ~]# systemctl mask --now rpc-statd.service \
> rpcbind.service rpcbind.socket
Created symlink /etc/systemd/system/rpc-statd.service → /dev/null.
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
Created symlink /etc/systemd/system/rpcbind.socket → /dev/null.

Restart the nfs-server service to apply the changes.
```
[root@servera ~]# systemctl restart nfs-server
```

Configure firewalld on servera to allow incoming connections for the NFSv4 Server.

Inspect which ports are listening, on servera as root with the ss command.

[root@servera ~]$ ss --listening --tcp --udp
Netid  State   Recv-Q  Send-Q  Local Address:Port  Peer Address:Port
udp    UNCONN  0       0           127.0.0.1:323        0.0.0.0:*
udp    UNCONN  0       0               [::1]:323           [::]:*
tcp    LISTEN  0       128           0.0.0.0:ssh        0.0.0.0:*
tcp    LISTEN  0       64            0.0.0.0:nfs        0.0.0.0:*
tcp    LISTEN  0       128              [::]:ssh           [::]:*
tcp    LISTEN  0       64               [::]:nfs           [::]:*
tcp    LISTEN  0       128                 *:websm            *:*

Configure firewalld on servera to allow NFSv4 service.

[root@servera ~]# firewall-cmd --add-service=nfs
success

Make the firewalld changes persistent with firewall-cmd.

[root@servera ~]# firewall-cmd --runtime-to-permanent
success

List the services enabled on firewalld.

[root@servera ~]# firewall-cmd --list-services
cockpit dhcpv6-client nfs ssh

Configure servera to export content with NFSv4 Server.

Create a folder on servera to export content.
```
[root@servera ~]# mkdir /exports
```
Change the /exports folder ownership to the user nobody and group nobody.
```
[root@servera ~]# chown nobody:nobody /exports
```

Configure and restore SELinux contexts on the /exports folder.

[root@servera ~]# semanage fcontext -a -t public_content_rw_t "/exports(/.*)?"
[root@servera ~]# restorecon -vvFR /exports/

Export the /exports folder by creating a new configuration file in /etc/exports.d/

[root@servera ~]# echo "/exports *(rw,security_label)" > \
> /etc/exports.d/example.exports

Reload the NFSv4 exports:
```
[root@servera ~]# exportfs -r
```

Log out from servera.

[root@servera ~]# exit
Connection to servera closed.

Configure serverb as client system of servera NFSv4 exports, and use autofs.

[student@workstation ~]$ ssh root@serverb

Install the autofs package on serverb.

[root@serverb ~]# yum install autofs
...output omitted...
Is this ok [y/N]: y
...output omitted...

Enable the autofs service on serverb to start at boot time.

[root@serverb ~]# systemctl enable --now autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service.

Create a mount point folder on serverb.
```
[root@serverb ~]# mkdir -p /mnt/exports
```

Configure a new master map file, name it as /etc/auto.master.d/example.autofs on serverb

[root@serverb ~]# echo "/mnt/exports  /etc/auto.exports" > \
> /etc/auto.master.d/example.autofs

Configure /etc/auto.exports with a map-file on serverb

[root@serverb ~]# cat << EOF > /etc/auto.exports
> example  -fstype=nfs4  servera.lab.example.com:/exports/example
> EOF

Restart the autofs service to apply the changes.
```
[root@serverb ~]# systemctl restart autofs
```

Test the autofs and NFSv4 Server, create some small text content file on servera and review it on serverb. When done, log out from serverb.

Switch to servera to create a subdirectory /exports/example and then create a text file inside the folder.

[root@servera ~]# mkdir -p /exports/example
[root@servera ~]# echo "Test from $(hostname)" > /exports/example/TEST

On serverb, use autofs to explore the on-demand mount point exported on servera. Verify the SELinux context.

[root@serverb ~]# cd /mnt/exports/example
[root@serverb example]# ls -lZ
tal 4
-rw-r--r--. 1 root root system_u:object_r:public_content_rw_t:s0 34 May 19 17:24 TEST
[root@serverb example]# cat TEST
Test from servera.lab.example.com

Explore the mount options for the NFSv4 auto mounted share.

[root@serverb example]# mount | grep nfs4
servera.lab.example.com:/exports/example on /mnt/exports/example type nfs4
(rw,relatime,seclabel,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,
proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=172.25.250.11,local_lock=none,
addr=172.25.250.10)

Log out from serverb.

[root@serverb example]# exit
[student@workstation ~]$

This concludes the guided exercise.

Discuss RHEL 8 New Features for Experienced Linux Administrators

Go to community

Welcome to the Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH354.Read more about Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators here.

Revision: rh354-8.0-0e36520