Adding a NFS Server to Nethserver
As always, use documents you find on blogs at your own risk. This worked for me. It may not work for you.
I've recently started playing with an install of Nethserver and I believe I've found the replacement for my Zentyal server.
Zentyal was great when I first discovered it, but with the latest release (4.1) there have been some features that have dropped off...but my gripes about Zentyal can be its own post for a later date.
Back to the real reason I'm writing this. I wanted an NFS server running on the nethserver due to the fact some of my applications where not playing well with the Samba ACLs. Files could be created, but if the file was needing to be modified after the original creation, this operation would fail. (Most likey due to an issue in the application writing to the share or a configuration error on my part)
Either way, I decided to stand up the NFS service rather than troubleshooting further...
Defining the NFS service
I originally started following this doc on the nethserver community pages, but have since deviated a bit from it. Big shout-out to the user 'islipfd19' on the community pages for his doc!!
Here is how I got NFS working on my nethserver.
First, we need the NFS server packages.
yum install nfs-utils nfs-utils-lib
Define your exports in
/etc/exports. This is just an example (pulled direct from the man page for
exports) and will more than likely have to be tweaked a bit.
Enable and start the NFS service(s)
chkconfig nfs on service rpcbind start service nfs start
At this point, you will most likely not have access to the services as we have not defined them nor have we poked any firewall holes, but we are getting there.
Next, create our defaults landing zone for the new service(s). This is taken directly from the doc mentioned above.
mkdir -p /etc/e-smith/db/configuration/defaults/nfs mkdir -p /etc/e-smith/db/configuration/defaults/nfslock mkdir -p /etc/e-smith/db/configuration/defaults/rpcbind mkdir -p /etc/e-smith/db/configuration/defaults/rpcgssd mkdir -p /etc/e-smith/db/configuration/defaults/rpcidmapd mkdir -p /etc/e-smith/db/configuration/defaults/rpcsvcgssd
Now, to make firewall rules easier, lets configure some portmap static ports for NFS to listen on. I just chose the ones already mentioned in the comments of
/etc/sysconfig/nfs. (these ports are in addition to TCP/UDP 111 and TCP/UDP 2049 which are the defaults for RPC 4.0 portmapper and NFSD (nfs server) respectivly)
LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 RQUOTAD_PORT=875 STATD_PORT=662 STATD_OUTGOING_PORT=2020
Next, define the service using e-smith
config (should be in your path, but if not it is located at
For the NFS server and to make firewalls easier
From what I can tell, using
config defines the service in the nethserver database, and creating the files in
/etc/e-smith/db/configuration/defaults/[service_name]/ defines the default settings.
config set nfs service status enabled config setprop nfs TCPPorts 111,662,875,892,2020,2049,32803 config setprop nfs UDPPorts 111,662,875,892,2020,2049,32769 config setprop nfs access private echo "enabled" > /etc/e-smith/db/configuration/defaults/nfs/status echo "111,662,875,892,2020,2049,32803" > /etc/e-smith/db/configuration/defaults/nfs/TCPPorts echo "111,662,875,892,2020,2049,32769" > /etc/e-smith/db/configuration/defaults/nfs/UDPPorts echo "private" > /etc/e-smith/db/configuration/defaults/nfs/access
For the rest of the services that make up NFS
config set nfslock service status enabled echo "enabled" > /etc/e-smith/db/configuration/defaults/nfslock/status
config set rpcbind service status enabled echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcbind/status
config set rpcgssd service status enabled echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcgssd/status
config set rpcidmapd service status enabled echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcidmapd/status
config set rpcsvcgssd service status enabled echo "enabled" > /etc/e-smith/db/configuration/defaults/rpcsvcgssd/status
Now, signal the firewall to save and update.
signal-event nethserver-firewall-base-save signal-event nethserver-firewall-base-update
There should now be the new services listed on the Dashboard's 'Services' tab, along with a new entry called 'nfs' in 'Network Services' under the 'Security' heading in the sidebar. You should also be able to mount your export on client machines in the 'green' network.