Note: This is an RHCSA 7 exam objective.
NFS network file system
To mount and unmount NFS network file systems, you need to set up a NFS server.
Install the NFS client package:
# yum install -y nfs-utils
Let’s assume that the /home/tools directory is exported by the nfsserver server.
If no working DNS, add an entry in the /etc/hosts file with the nfsserver name and its IP address.
Activate at boot and start the nfs-idmap service (RHEL 7.0 only):
# systemctl enable nfs-idmap && systemctl start nfs-idmap
Note: The nfs-idmap service is only required by NFSv4 when setting ACL by names or to display user/group names. It doesn’t allow you any UID/GID mismatches between clients and server.
All permission checks are still done with the UID/GID used by the server.
Activate at boot and start the nfs-client target (RHEL 7.1 and after):
# systemctl enable nfs-client.target && systemctl start nfs-client.target
Edit the /etc/fstab file and add the following line:
nfsserver:/home/tools /mnt nfs4 defaults 0 0
Execute the /etc/fstab file configuration:
# mount -a
To check the current configuration, type:
# mount | grep nfsserver nfsserver:/home/tools on /mnt type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.42,local_lock=none,addr=192.168.1.49)
To unmount the NFS mounted directory, remove the previous line from the /etc/fstab file and type:
# umount /mnt
Note: if you get a message like “/mnt: device is busy”, to check that you are not in the mounted directory and no process is using it, type:
# fuser /mnt
CIFS network file system
To mount and unmount CIFS network file systems, you need to set up a CIFS file server.
Install the Samba client packages:
# yum install -y cifs-utils # yum install -y samba-client
Let’s assume that the /shared directory is exported by the smbserver server.
If no working DNS, add an entry in the /etc/hosts file with the smbserver name and its IP address.
Edit the /etc/fstab file and add the following line:
//smbserver/shared /mnt cifs rw,username=user01,password=pass 0 0
Execute the /etc/fstab file configuration:
# mount -a
To check the current configuration, type:
# mount | grep smbserver //smbserver/shared on /mnt type cifs (rw,relatime,vers=1.0,cache=strict,username=user01,domain=MYSERVER,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.48,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)
To unmount the CIFS mounted directory, remove the previous line from the /etc/fstab file and type:
# umount /mnt
To learn more about the Automounter, go to the LDAP client configuration tutorial.
I’m a little leery about putting plaintext in fstab like you have above on your smb server example. Passwords in plaintext makes my skin crawl. In case anyone is wondering, you can add a reference to a credentials file in the fstab entry and then keep a hidden file in your root directory that has the password in a safer environment.
> touch /root/secret.txt && echo -e “username=user01/npassword=pass/n” >> /root/secret.txt
> \\smbserver\shared /mnt cifs rw,credentials=/root/secret.txt 0 0
I’m not sure if this is the most secure manner of accomplishing this but it worked on my home labs nicely. That leaves only one question I have! If you have an fstab entry mounting a remote system and the remote system becomes unavailable, you run the risk of having the crashing your own system if the entry can’t connect properly. The obvious solution would be to only mount the filesystems that you need and when you need them but that can become cumbersome. Could you use Autofs to make this more robust? Or is that in another entry you have somewhere else?
You are right when it comes to put a password in the /etc/fstab file. However, I knew your solution but didn’t propose it because RHCSA & RHCE exams are not about best practices but quick execution. It’s the same principle that explains why direct use of the root account is prefered over the sudo command: it wouldn’t be quick enough in the case of an exam.
After, it’s always a good idea to give best practices as a side note.
Concerning the risk of crash, couldn’t you use the _netdev option?
I hadn’t read up on the _netdev option for fstab prior to you mentioning it.
It is the solution though! I just tested it on my labs. Shutdown my NFS share, booted up my remote machine with a fstab entry pointing to the NFS with the _netdev and it prevented the crash. Good to know!
Always learning 🙂
Hi CertDepot, if RHCSA is about fat execution then does this means that there will be no scripting in the exam?
You need to get prepared to write small Bash scripts.
Additionally, I found that if you do not want to persistently mount a CIFS share, you can use the following:
> mount.cifs //fileserver/share /mountpoint
> mount.cifs //fileserver/share /mountpoint -o user=domain\username
If you require authentication, the share will bounce back asking for a password. You can also pass your password in using the modulo (%) to save waiting for the prompt but that’s considered insecure.
I’m not sure how to do this with NFS 100% yet.
I’m assuming it would look similar to the fstab entry above.
> mount -t nfs server:\stuff\you\want \mountpointyouwant
Not sure if that is right though… So much to learn…
Basically correct, except the backslashes must be changed to forwardslash for nfs.
> mount -t nfs server:/stuff/you/want /mountpointyouwant
Also note you can interchange “mount.cifs” and “mount -t cifs”, and likewise for nfs.
Hi,
first of all, thanks for this site. It´s a great help and it´s making me feel more confident about the exam.
Moving to the point of this comment, I just wanted to mention you that, in order for automounting a NFS share, you don´t need to enable in the client any unit.
It seems that the service “nfs-idmap” is static and this means that it works on demand, so there is no reason to enable nor start it. After adding the entry in the fstab file you are done.
Please check on your side and provide some feedback.
Regards
You are right.
Hi I get this error when trying to enable nfs-idmap
# systemctl enable nfs-idmap
Failed to issue method call: No such file or directory
Between RHEL 7 and RHEL 7.1, there were many changes in the NFS area. My tutorial still works for RHEL 7 but doesn’t for RHEL 7.1. I plan to update it but I haven’t found the time to do it.
thank you for the time to reply, if the nfs-idmap is disabled will it affect my nfs share? planning to take the exam on July 10. appreciate if you can help 🙂
I don’t think the nfs-idmap service will have any impact on your exam.
From my understanding, nfs-idmap is useful when there are differences between the IDs/domains on the NFS server and the ones on the NFS client. This won’t clearly be the case for your exam.
thanks mr certdepot you are very helpful, so do you think I should not bother starting nfs-idmap if asks during exam to mount an nfs share?
Absolutely.
I know this question is not part of this exercise, but I need an answer.
What is the main difference between .mount and .automount files created for systemd mounting process? Why do we need .automount file when we can achieve our target from .mount file?
If enabled, doesn’t this .mount file also automounts on boot?
I need clear answer about differences b/w these two files.
Thank you
Because it’s not in the RHCSA 7 curriculum and because there is another “more standard” way to do it, I didn’t study the .automount files. Also, I don’t remember seeing any documentation on this point.
You will have to find out by yourself. Sorry.
Hi CertDepot,
Is it possible that on the exam a kerberos authentication key will be provided in order to mount the NFS share? Again, if its violation on NDA you may ignore this one. Thanks so much! 🙂
We can suppose that a Kerberos keytab file will be provided.
Hi CertDepot,
I’m just confused since on Sanders video he mentioned that kerberos authentication is not part of RHCSA objectives.But anyways thanks CertDepot for the response!
Yes, Kerberos is only mentioned in the RHCE curriculum.
Hi CertDepot, Base on Rhel7 docs nfs-secure.service is also used for mounting NFS. Can we enable this service also? Is it possible on the exam that we will be asked to download the sec-key/keytab key? Thanks!
You can certainly enable the nfs-secure.service without any damage. This service is mainly useful when using Kerberos (which is not in the RHCSA curriculum).
Concerning the keytab file, yes, you can be asked to download it.
Thanks CertDepot, so mounting NFS when there is a keytab file should be look liked this on /etc/fstab?
nfsserver:/home/tools /mnt nfs4 rw,sec=keytabpath 0 0 ???
No, the sec option only accepts four values:
If you are asked to download a keytab file (krb5.keytab), it will replace the one in /etc.
Thanks so much CertDepot!
You’re welcome.
mount | grep ‘somestring’? You could just df -h and if it is mounted, it will show up in the list.
There are several to do it, I agree.
Do we need to set Kerberos keytab for NFS client setting in exam?
or just “nfsserver:/home/tools /mnt nfs4 defaults 0 0 ” is enough.
I saw some discuses about creating a keytab on the comments!!!!
You don’t need Kerberos keytab in the RHCSA exam. However, you will need it in the RHCE exam.
i get this error when mounting nfs.
mount.nfs4: Failed to resolve server nfsserver: Name or service not known
/mnt : successfully mounted
If the target resolvable? It seems like a missing DNS entry to me.
My understanding of this, is that It is mounted by cycling thru the protocols nfs4.1, nfs4.0 then nfs3, or something simular. This should explain the error.
Check the versions of nfs on server and client.
what is the difference between nfs-secure and nfs-client.target package? The example here is using nfs-client.target for non-kerberos, but in the rhcsa bootcamp, they use only nfs-secure for nfs mount using kerberos. Does nfs-secure install and start other packages including nfs-client.target?
How can I find more info on the diff? Goggle doesn’t provide much.
A bit puzzled on what you’re asking here as these aren’t packages but rather systemd service files. They both come with the nfs-utils package.
The nfs-client.target was introduced in RHEL 7.1 and is nowadays used on NFS clients. Prior to RHEL 7.1 you had to use the nfs-secure.service service to make NFS clients work. Starting RHEL 7.1, the nfs-secure.service has become a static service and can no longer be enabled. It is however started by the nfs-client.target service assuming that you have the file /etc/krb5.keytab present on the system.
And you can find more info on this blog post: https://www.lisenet.com/2016/kerberised-nfs-server-on-rhel-7/
I took a quick look at this. There are differences between Redhat and CentOS (my os), hence answers change depending on OS. The setup and running conditions are different for each. nfs-secure checks for a kerberos config file while nfs-client does not. For more information you will have to look at the systemd config files which can be a bit of a rabbit hole (eg locate nfs-client).
What differences in particular if I may ask? AFAIK these are built from the same sources.
I don’t know. I have no access to any Redhat OS. This is a result from home testing in Centos and OS used in the exam.
If you have no access to RHEL, how can you say that “There are differences between Redhat and CentOS”? Surely you must have a way of verifying this, otherwise it’s just pure guessing?
Hi CD, what seems to be the problem regarding on my NFS client? I can’t search the available filesystem from server. When tried to showmount -e ‘server’, it gives me error says “no route to host”. I have already forwarded the port to the server. Please help.
When using the showmount command, you should first stop the firewall. Otherwise, except if you opened some specific ports to the firewall configuration, the showmount command won’t work.