Note: This is an RHCE 7 exam objective.
Configuration Procedure
Install the NFS packages:
# yum groupinstall -y "file-server"
Add a new service to the firewall:
# firewall-cmd --permanent --add-service=nfs Success
Reload the firewall configuration:
# firewall-cmd --reload Success
Activate the NFS services at boot:
# systemctl enable rpcbind # systemctl enable nfs-server # systemctl enable nfs-lock
Note: With the RHEL 7.3 release, the Systemd init system is able to use aliases. For example, the nfs.service is a symbolic link/alias to the nfs-server.service service file. This enables, for example, using the systemctl status nfs.service command instead of systemctl status nfs-server.service.
Previously, running the systemctl enable command using an alias instead of the real service name failed with an error.
Start the NFS services:
# systemctl start rpcbind # systemctl start nfs-server # systemctl start nfs-lock
Create a directory to export (here /shared):
# mkdir /shared
Create a dedicated group (here called sharedgrp):
# groupadd -g 60000 sharedgrp
Assign this group to the new directory:
# chgrp sharedgrp /shared
Define permissions:
# chmod 2770 /shared
Edit the /etc/exports file and add the following lines with the name (or IP address) of the client(s):
/shared client(rw,no_root_squash)
Export the directories:
# exportfs -avr # systemctl restart nfs-server
Note1: The client needs to have access to the same group (via LDAP) and be a member of this group.
Note2: The last command shouldn’t be necessary in the future. But, for the time being, it avoids rebooting.
Note3: The standard way to export shares is to create a file finishing by .exports in the /etc/exports.d directory (/etc/exports.d/openshift-ansible.exports for example).
Thank you for your efforts.
I’ve a question here, in the exam, Will I need to make any LDAP configuration, or just the NFS server configuration?
Nobody will ask you to configure a LDAP server. However, as the LDAP client configuration is part of the RHCSA exam, you could need to do it even during the RHCE exam.
thank you for your reply, much appreciated.
Note1: The client needs to have access to the same group (via LDAP) and be a member of this group. – ipa group-add… ???
Shouldn’t this :
firewall-cmd –permanent –add-service=nfs
be
firewall-cmd –permanent –add-service={nfs,rpc-bind}
???
No, it shouldn’t, unless you’re setting up NFSv3.
And if you want a mixture – both should be available?
If you want both NFSv3 and NFSv4, then you need the following:
nfs,mountd,rpc-bind
Or just take a look here:
https://www.lisenet.com/2016/kerberised-nfs-server-on-rhel-7/
I have explained the setup.
Hi, thanks for the great tutorial.
I am also not clear about “Note1: The client needs to have access to the same group (via LDAP) and be a member of this group.”.
What does “this group” mean? Does that mean the test will provide us with the user group name so we can add locally on nfs server? In this case, on LDAP server, there is a group called “sharedgrp”??
Or the LDAP clients (the nfs server and client) need to be in the same group?
Thanks
Hi, since I am preparing now my RHCE, I will try to answer you question.
For example, if you have IPA server in place as LDAP/Kerberos/DNS/NFS server and in LDAP you create user “Alice” and group “Ldapusers”, you add Alice to Ldapusers. Next step is to change group owner of the NFS directory(your export) on the Linux FS to Ldapusers. Imagine that your client is configured to use LDAP/Kerberos and you mapped shared folder on the client under /nfs. If you now login on the client as Alice using LDAP repository, user is member of the Ldapusers group, you then request kerberos ticket with kinit, you will be able to access /nfs as Alice, so if you add more users to the same group, they will be able to write to that directory as well. Hope this helps a bit