Chapter 24

Accessing Network Storage

The following topics are covered in this chapter:

The following RHCSA exam objectives are covered in this chapter:

  • Mount and unmount network file systems using NFS

  • Configure autofs

The RHCSA exam requires that you know how to access network storage. This encompasses different topics. In this chapter we discuss accessing network storage that has been provided through NFS. You learn how to mount network storage through the fstab file, as well as how to automatically mount this storage on demand using automount.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 24-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 24-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Using NFS Services

1–5

Mounting Remote File Systems Through fstab

6

Using Automount to Mount Remote File Systems

7–10

1. Which command should you use to list shares offered by an NFS server?

  1. lsmount

  2. showmount -e

  3. lsexport

  4. showexport

2. Which of the following is not a feature in NFSv4?

  1. Integration with Active Directory

  2. Kerberized security

  3. Services offered on TCP port 2049

  4. The root mount

3. What is the name of the package that needs to be installed to mount NFS shares on an NFS client?

  1. nfs-client

  2. nfs-tools

  3. nfs-utils

  4. nfs

4. You type the command showmount -e to display available mounts on an NFS server, but you do not get any result. Which of the following is the most likely explanation?

  1. The NFS client software is not running.

  2. You are using a UID that does not exist on the server.

  3. SELinux is not configured properly.

  4. The firewall does not allow showmount traffic.

5. What is the name of the systemd service that provides NFS shares?

  1. nfs.service

  2. nfs-kernel-server.service

  3. nfs-server.service

  4. netmount.service

6. Which mount option needs to be used in /etc/fstab to mount NFS shares successfully?

  1. _netdev

  2. _netfs

  3. none

  4. nfs

7. Which of the following is not a required step in configuring automount?

  1. Identify the name of the automount directory in /etc/auto.master.

  2. Create an indirect file in /etc/auto.something.

  3. Start and enable the autofs service.

  4. On the local mount point, set the appropriate permissions.

8. Assuming that the name of the directory you want automount to monitor is /myfiles, what is the recommended name for the corresponding configuration file?

  1. /etc/automount/auto.myfiles

  2. /etc/auto.myfiles

  3. /etc/myfiles.auto

  4. There is no recommended name.

9. Which of the following lines correctly identifies the syntax of a wildcard automount configuration that uses the NFS protocol?

  1. &. -rw server:/homes/*

  2. &. rw. server:/homes/*

  3. * -rw server:/homes/&

  4. * rw. server:/homes/&

10. What is the name of the service that automount uses?

  1. autofs

  2. automount

  3. autofiles

  4. auto

Foundation Topics

Using NFS Services

In previous chapters, you learned how to work with local file systems and mount them into the file system structure. In this chapter, you learn how to work with network file systems. The classic network file system is the Network File System (NFS). It is a protocol that was developed for UNIX by Sun in the early 1980s, and it has been available on Linux forever. Its purpose is to make it possible to mount remote file systems into the local file system hierarchy.

Understanding NFS Security

When NFS was developed in the 1980s, it was often used together with Network Information Service (NIS), a solution that provides a network-based authentication server. With the use of NIS, all servers connected to NIS used the same user accounts, and security was dealt with by the NIS server. The only thing that needed to be configured on the NFS server was host access. So, NFS security by default was limited to allowing and restricting specific hosts to access it.

Since the 1990s, NIS is not often used any more. NFS, however, continues to be a very popular service, primarily because it is fast and easy to configure. Without NIS, the feature that provided user-based security has been removed, and that may make NFS seem to be an unsecure solution. Let’s look at an example: Imagine that on server1, user linda has UID 1001. On server2, which is the NFS server, UID 1001 is used by user bob. After successfully connecting from server1 to server2, server1 user linda would have the same access to server2 resources as user bob. This obviously is an undesired situation.

To prevent situations like this from happening, you should use NFS together with a centralized authentication service. Commonly, a combination of the Lightweight Directory Access Protocol (LDAP) and Kerberos is used to provide this functionality. Configuration and integration of NFS with LDAP and Kerberos are not included in the RHCSA exam objectives, and for that reason will not be covered here.

RHEL NFS Versions

On Red Hat Enterprise Linux, NFS 4 is the default version of NFS. If when making an NFS mount the NFS server offers a previous version of NFS, the client falls automatically back to that version. From a client, you can also force a specific NFS version to be used for the mount, by using the mount option nfsvers This technique can prove useful if you are connecting to a server or a device that offers NFS 3 only. Fortunately, this type of server or device is increasingly uncommon nowadays.

Setting Up NFS

Setting up an NFS server is not a part of the RHCSA exam. However, to practice your NFS-based skills, it’s useful to set up your own NFS test server. To do so, you need to go through a few tasks:

  1. Create a local directory you want to share.

  2. Edit the /etc/exports file to define the NFS share.

  3. Start the NFS server.

  4. Configure your firewall to allow incoming NFS traffic.

Exercise 24-1 guides you through these steps.

Exercise 24-1 Offering an NFS Share

You need a second server to do this exercise. A RHEL server that was installed using the minimal server installation pattern is sufficient. This exercise assumes that a server with the name server2.example.com is available to offer these services.

  1. Type mkdir -p /nfsdata /users/user1 /users/user2 to create some local directories that are going to be shared.

  2. Copy some random files to this directory, using cp /etc/[a-c]* /nfsdata.

  3. Use vim to create the /etc/exports file and give it the following contents:

    /nfsdata *(rw,no_root_squash)

    /users *(rw,no_root_squash)

  4. Type dnf install -y nfs-utils to install the required packages.

  5. Type systemctl enable --now nfs-server to start and enable the NFS server.

  6. Type firewall-cmd --add-service nfs --permanent to add the nfs service. Also type firewall-cmd --add-service rpc-bind --permanent and firewall-cmd --add-service mountd --permanent to add the bind and mountd services.

  7. To make the newly added services effective at this point, type firewall-cmd --reload.

Mounting the NFS Share

To mount an NFS share, you first need to find the names of the shares. This information can be provided by the administrator, but it is also possible to find out yourself. To discover which shares are available, you have multiple options:

  • If NFSv4 is used on the server, you can use a root mount. That means that you just mount the root directory of the NFS server, and under the mount point you’ll only see the shares that you have access to.

  • Use the showmount -e nfsserver command to find out which shares are available.

You’ll practice mounting NFS shares in Exercise 24-2.

Warning

The showmount command may have issues with NFSv4 servers that are behind a firewall. The reason is that showmount relies on the portmapper service, which uses random UDP ports while making a connection, and the firewalld nfs service opens port 2049 only, which does not allow portmapper traffic. If the firewall is set up correctly, the mountd and rpc-bind services need to be added to the firewall as well. It is very well possible that shares have been set up correctly on the server, but you cannot see them because showmount does not get through the firewall. If you suspect that this is the case, use the NFS root mount, or just try mounting the NFS share as explained in Exercise 24-2.

Exercise 24-2 Mounting an NFS Share

  1. On server1, type dnf install -y nfs-utils to install the RPM package that contains the showmount utility.

  2. Type showmount -e server2.example.com to see all exports available from server2.

  3. On server1, type mount server2.example.com:/ /mnt. (Note the space between the slashes in the command.) This performs an NFSv4 pseudo root mount of all NFS shares.

  4. Type mount | grep server2 to verify the mount has succeeded.

  5. Still on server1, type ls /mnt. This shows the subdirectories data and home, which correspond to the mounts offered by the NFS server.

Mounting Remote File Systems Through fstab

You now know how to manually mount NFS file systems from the command line. If a file system needs to be available persistently, you need to use a different solution. Mounts can be automated either by using the /etc/fstab file or by using the autofs service. In this section, you learn how to make the mount through /etc/fstab. This is a convenient solution if you need the remote file system to be available permanently.

Mounting NFS Shares Through fstab

As you learned in earlier chapters, the /etc/fstab file is used to mount file systems that need to be mounted automatically when a server restarts. Only the user root can add mounts to this configuration file, thus providing shares that will be available for all users. The /etc/fstab file can be used to mount the NFS file system as well as other network-based file systems such as Samba. To mount an NFS file system through /etc/fstab, make sure that the following line is included:

Click here to view code image

server1:/share /nfs/mount/point nfs  sync  0 0

When making an NFS mount through fstab, you have a few options to consider:

An icon reads, Key Topic.

  • In the first column, you need to specify the server and share name. Use a colon after the name of the server to identify the mount as an NFS share.

  • The second column has the directory where you want to mount the NFS share; this is not different from a regular mount.

  • The third column contains the NFS file system type.

  • The fourth column is used to specify mount options and includes the sync option. This ensures that modified files are committed to the remote file system immediately and are not placed in write buffers first (which would increase the risk of data getting lost). On older versions of RHEL, this column should include the _netdev option to ensure that this mount is only done after the network services are running. Because of better dependency handling, using this option is no longer required.

  • The fifth column contains a zero, which means that no backup support through the dump utility is requested.

  • The sixth column also contains a zero, to indicate that no fsck has to be performed on this file system while booting to check the integrity of the file system. The integrity of the file system would need to be checked on the server, not on the client.

Using Automount to Mount Remote File Systems

As an alternative to using /etc/fstab, you can configure automount to mount the share automatically. Automount can be used for SMB as well as NFS mounts, and the big difference is that mounts through automount are affected on demand and not by default. So, using automount ensures that no file systems are mounted that are not really needed.

On RHEL 9 there are two solutions for offering automount services. First, there is the old autofs service, which has been around for a long time. Second, systemd provides automount unit files, which are used together with mount unit files to ensure that a mount is done only when the corresponding directory is mounted. For purposes of the RHEL 9 RHCSA exam, you do not have to know about systemd automount, because only autofs is covered. The main reason is that autofs offers wildcard mounts, a feature that is not supported by systemd automount.

Understanding Automount

Automount is implemented by the autofs service that takes care of mounting a share when an attempt is made to access it. That means it is mounted on demand and that it does not have to be mounted permanently. An important benefit of using automount is that it works completely in user space and, contrary to mounts that are made through the mount command, no root permissions are required.

Defining Mounts in Automount

In automount, mounts are defined through a two-step procedure. First, you need to edit the master configuration file /etc/auto.master. In this directory you identify the mount point (for instance, /nfsdata). Next, and on the same line, you identify the name of the secondary file, as all further configuration happens in this secondary file. The line you create could look as follows:

/nfsdata    /etc/auto.nfsdata

In the secondary file you put the name of the subdirectory that will be created in the mount point directory as a relative filename. For instance, you start the line with files, to mount /nfsdata/files. After the name of the subdirectory, you specify NFS mount options, as well as the server and share name to access the NFS share. This line could look as follows:

Click here to view code image

files   -rw    server2:/nfsdata

Configuring Automount for NFS

Configuring an automount solution is a multistep procedure. To show how it works, Exercise 24-3 lists all steps involved. Follow the steps in this exercise to see for yourself how to configure automount.

Exercise 24-3 Configuring Direct and Indirect Maps to Mount NFS Shares

This exercise is performed on server1. It uses the NFS shares provided by server2 that you created in Exercise 24-1.

  1. Type dnf install -y autofs to install the autofs package.

  2. Type showmount -e server2.example.com, which shows you NFS exports offered by server2.

  3. Type vim /etc/auto.master and add the following line:

    /nfsdata /etc/auto.nfsdata

  4. Type vim /etc/auto.nfsdata and add the following line:

    files -rw server2:/nfsdata

  5. Type systemctl enable --now autofs to start and enable the autofs service.

  6. Type ls /; notice that there is no /nfsdata directory.

  7. Type cd /nfsdata/files to get access to the /nfsdata directory.

  8. Type mount and notice the last three lines in the mount output, created by the autofs service.

Using Wildcards in Automount

In Exercise 24-3, you learned how to perform automounts based on fixed directory names. In some cases, this is not very useful, and you are better off using wildcards. This is, for example, the case for automounting home directories. By using a wildcard, automount tries to mount a share that matches the name of the directory that is accessed.

With home directories, a very helpful solution is to have the home directory of a specific user automounted when that user logs in. This allows administrators to store home directories on a central NFS server, instead of on individual workstations. So, for example, if user linda logs in, she gets access to the NFS exported directory /home/linda, and when user anna logs in, she gets access to /home/anna. Using wildcards in automount offers an excellent tool to do this.

To create a wildcard mount, you will use lines like * -rw server2:/users/&. In this line, the * represents the local mount point, which in this case represents anything, and the & represents the matching item on the remote server.

Obviously, you could also choose to export the /home directory and mount just the /home directory, but that increases the risk that user anna gets access to user linda’s home directory. For that reason, using a wildcard mount is a much cleaner solution, as demonstrated in Exercise 24-4.

Exercise 24-4 Configuring Wildcard Mounts

This exercise is performed on server1. It uses the NFS shares that are provided by server2, which you created in Exercise 24-1. On server2, the directory /users is exported, which simulates an NFS server that exports home directories. You are going to configure a wildcard mount, such that when /users/user1 is accessed, that exact directory is mounted, and when /users/user2 is accessed, that directory is mounted.

  1. Open the file /etc/auto.master and make sure it includes the following line:

    /users    /etc/auto.users

  2. Create the file /etc/auto.users and give it the following contents:

    *    -rw    server2:/users/&

  3. Type systemctl restart autofs to restart the autofs service.

  4. Type cd /users/user1 to get access to the NFS export /users/user1 on the server2 server.

Summary

In this chapter you learned how to mount remote file systems and how to configure automount. You first learned how to manually mount an NFS file system from the command line. Then you learned how these mounts can be automated through /etc/fstab or automount.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have several choices for exam preparation: the end-of-chapter labs; the memory tables in Appendix C; Chapter 27, “Final Preparation”; and the practice exams.

Review All Key Topics

Review the most important topic in the chapter, noted with the Key Topic icon in the margin of the page. Table 24-2 lists a reference for this key topic and the page number on which it is found.

An icon reads, Key Topic.

Table 24-2 Key Topic for Chapter 24

Key Topic Element

Description

Page

List

Options to consider when making an NFS mount through fstab

515

Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

Network File System (NFS)

automount

Review Questions

The questions that follow are meant to help you test your knowledge of concepts and terminology and the breadth of your knowledge. You can find the answers to these questions in Appendix A.

1. On your NFS server, you have verified that the nfs service is active, and the firewall allows access to TCP port 2049. A client uses showmount against your server but doesn’t see any exports. What is the most likely explanation?

2. Which command enables you to show available NFS mounts on server1?

3. Which command enables you to mount an NFS share that is available on server1:/share?

4. How would you mount all NFS shares that are provided by nfsserver on the directory /shares?

5. Which additional mount option is required in /etc/fstab to ensure that NFS shares are only mounted after the network services have been started?

6. Which option should you include in /etc/fstab to ensure that changes to the mounted file system are written to the NFS server immediately?

7. Which autofs feature is not supported by systemd automount?

8. What is the name of the main automount configuration file?

9. What is the name of the service that implements automount?

10. Which ports do you need to open in the firewall of the automount client?

End-of-Chapter Lab

In this chapter, you learned how to mount remote file systems and automate those mounts using /etc/fstab or automount. In this end-of-chapter lab, you practice these skills in a way that is similar to how you need to perform them on the exam.

Lab 24.1

  1. Set up an NFS server that shares the /home directory on server2.

  2. Configure server1 to access the NFS-shared home directory using automount. You need to do this using wildcard automount.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset