/ HowTos

Adding a NFS Server to Nethserver

As always, use documents you find on blogs at your own risk. This worked for me. It may not work for you.

I've recently started playing with an install of Nethserver and I believe I've found the replacement for my Zentyal server.

Zentyal was great when I first discovered it, but with the latest release (4.1) there have been some features that have dropped off...but my gripes about Zentyal can be its own post for a later date.

Back to the real reason I'm writing this. I wanted an NFS server running on the nethserver due to the fact some of my applications where not playing well with the Samba ACLs. Files could be created, but if the file was needing to be modified after the original creation, this operation would fail. (Most likey due to an issue in the application writing to the share or a configuration error on my part)

Either way, I decided to stand up the NFS service rather than troubleshooting further...

Defining the NFS service

I originally started following this doc on the nethserver community pages, but have since deviated a bit from it. Big shout-out to the user 'islipfd19' on the community pages for his doc!!

Here is how I got NFS working on my nethserver.

First, we need the NFS server packages.

yum install nfs-utils nfs-utils-lib

Define your exports in /etc/exports. This is just an example (pulled direct from the man page for exports) and will more than likely have to be tweaked a bit.

/projects       proj*.local.domain(rw)

Enable and start the NFS service(s)

chkconfig nfs on 
service rpcbind start
service nfs start

At this point, you will most likely not have access to the services as we have not defined them nor have we poked any firewall holes, but we are getting there.

Next, create our defaults landing zone for the new service(s). This is taken directly from the doc mentioned above.

mkdir -p /etc/e-smith/db/configuration/defaults/nfs
mkdir -p /etc/e-smith/db/configuration/defaults/nfslock
mkdir -p /etc/e-smith/db/configuration/defaults/rpcbind
mkdir -p /etc/e-smith/db/configuration/defaults/rpcgssd
mkdir -p /etc/e-smith/db/configuration/defaults/rpcidmapd
mkdir -p /etc/e-smith/db/configuration/defaults/rpcsvcgssd

Now, to make firewall rules easier, lets configure some portmap static ports for NFS to listen on. I just chose the ones already mentioned in the comments of /etc/sysconfig/nfs. (these ports are in addition to TCP/UDP 111 and TCP/UDP 2049 which are the defaults for RPC 4.0 portmapper and NFSD (nfs server) respectivly)


Next, define the service using e-smith config (should be in your path, but if not it is located at /sbin/e-smith/config)

For the NFS server and to make firewalls easier

From what I can tell, using config defines the service in the nethserver database, and creating the files in /etc/e-smith/db/configuration/defaults/[service_name]/ defines the default settings.

config set nfs service status enabled
config setprop nfs TCPPorts 111,662,875,892,2020,2049,32803
config setprop nfs UDPPorts 111,662,875,892,2020,2049,32769
config setprop nfs access private

echo "enabled" > /etc/e-smith/db/configuration/defaults/nfs/status
echo "111,662,875,892,2020,2049,32803" > /etc/e-smith/db/configuration/defaults/nfs/TCPPorts
echo "111,662,875,892,2020,2049,32769" > /etc/e-smith/db/configuration/defaults/nfs/UDPPorts
echo "private" > /etc/e-smith/db/configuration/defaults/nfs/access

For the rest of the services that make up NFS

config set nfslock service status enabled

echo "enabled" > /etc/e-smith/db/configuration/defaults/nfslock/status


config set rpcbind service status enabled

echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcbind/status


config set rpcgssd service status enabled

echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcgssd/status


config set rpcidmapd service status enabled

echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcidmapd/status


config set rpcsvcgssd service status enabled

echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcsvcgssd/status

Now, signal the firewall to save and update.

signal-event nethserver-firewall-base-save
signal-event nethserver-firewall-base-update

There should now be the new services listed on the Dashboard's 'Services' tab, along with a new entry called 'nfs' in 'Network Services' under the 'Security' heading in the sidebar. You should also be able to mount your export on client machines in the 'green' network.