Before I was going to stand up my XenServer host, I needed some network storage for installation ISOs, virtual disks (potentially), and other random stuff. I decided to stand up a CentOS 7 NFS server for that purpose.
To start, I pulled down the minimal CentOS 7 ISO and made a bootable USB drive using dd:
$ sudo dd if=/home/jmehl/Downloads/nameofCentOSISO.iso of=/dev/sdb status=progress && sync
I ended up installing the CentOS instance on the ThinkServer from my last post. Once it was installed, I performed my usual initial configuration on CentOS/RHEL servers:
- Configured .vimrc – very important 😉
- set number # shows line numbers by default
- syntax on # turns on syntax highlighting by default
- Configured hostname:
- $ sudo hostnamectl nfs-server
- Setup static networking:
- $ sudo vim /etc/sysconfig/network-scripts/ifcfg-eno1
- Change BOOTPROTO to static
- Add the following lines:
- IPADDR= your ip address
- NETMASK= your subnet mask
- DNS1= your primary DNS IP
- GATEWAY= your default gateway IP
- ONBOOT=yes
- Setup key authentication with SSH from my management machine:
- From my management machine:
- $ ssh-keygen # This will place newly generated keys in ~/.ssh
- $ ssh-copy-id jmehl@nfs-server # copies my local public key over to the nfs-server (in jmehl’s ~/.ssh/authorized_keys file). You must supply the login credentials of the jmehl account here.
- $ ssh jmehl@nfs-server # should log in without password prompt
- Once you are logged in, we should harden the sshd_config a little:
- $ sudo vim /etc/ssh/sshd_config
- Uncomment #PermitRootLogin no
- Change #PasswordAuthentication yes to PasswordAuthentication no
- $ sudo systemctl restart sshd.service
- From my management machine:
- Patch the system fully:
- $ sudo yum update -y && sudo yum upgrade -y
Now that the server is set up, I started on the NFS configuration. I started by installing the nfs-utils package:
$ sudo yum install -y nfs-utils
Make the share directory:
$ sudo mkdir /var/nfs_share
Enable the nfs-server service:
$ sudo systemctl enable nfs-server
Start the nfs-server service:
$ sudo systemctl start nfs-server
Alter the permissions on the share directory:
$ sudo chmod -R 777 /var/nfs-share
In general, chmod 777 is a bad idea. Since this was a lab environment, I didn’t care too much. If you’re ever performing something like this in a production environment, or just want to learn how a secure NFS setup works, Red Hat has an awesome write-up.
Add to the /etc/exports file:
/var/nfs_share *(rw,sync,no_root_squash,no_all_squash)
Just as a note, I ran into a problem with my /etc/exports that turned out it was because I had put spaces in between my export options. There are no spaces between any options!
Another side note, this /etc/exports line is basically allowing access to the /var/nfs_share directory from any requesting client (hence the wildcard *). Not recommended for secure environments.
Update the local NFS file system table:
$ sudo exportfs -a
Allow nfs traffic through firewalld:
$ sudo firewall-cmd --permanent --zone=public --add-service=nfs
Update firewalld config:
$ sudo firewall-cmd --reload
Restart the nfs-server service:
$ sudo systemctl restart nfs-server
Now that the NFS server is configured properly, we can test the connection from any given client on the local network by attempting to locally mount the shared directory:
$ sudo mount -t nfs nfs-server:/var/nfs_share /mnt
This will mount the shared directory /var/nfs_share locally on your machine under /mnt.
If you want that share to be mounted persistently on the client (across reboots), add the following to /etc/fstab:
nfs-server:/var/nfs_share /mnt nfs rw,sync,hard,intr 0 0
Now that there is network storage for our VMs, next time, we can setup the XenServer host!