How To Install NFS Server on CentOS Stream 10

Network File System (NFS) continues to be a cornerstone technology for Linux administrators seeking efficient file sharing solutions. This powerful protocol allows you to share directories and files with multiple systems across a network, enabling users to access remote resources as if they were local. Whether you’re managing a small office network or enterprise-level infrastructure, NFS provides a reliable, high-performance solution for file sharing in Linux environments.

CentOS Stream 10 represents the latest iteration in the CentOS ecosystem, offering a rolling-release distribution that sits between Fedora and RHEL. Its cutting-edge yet stable nature makes it an excellent choice for deploying NFS services. This comprehensive guide walks you through the entire process of installing and configuring an NFS server on CentOS Stream 10, from basic setup to advanced configurations and troubleshooting.

Understanding NFS Basics

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984. It allows users to access files and directories located on remote systems as if they were stored locally. The protocol has evolved significantly over the decades, progressing from NFSv2 through to the current NFSv4.2, with each version introducing improvements in security, performance, and functionality.

Unlike Samba, which primarily facilitates file sharing between Linux and Windows systems, NFS is optimized for Unix-like environments. This makes it particularly efficient for Linux-to-Linux file sharing scenarios. The protocol operates on a client-server model where the NFS server exports specific directories that clients can mount remotely.

The NFS architecture consists of several key components:

• Server: Exports file systems to be shared with clients
• Client: Mounts and accesses the exported file systems
• Remote Procedure Call (RPC): Facilitates communication between servers and clients

NFS finds applications in various scenarios, including centralized storage for home directories, shared application data, backup repositories, and development environments where multiple users need access to the same files. Its low overhead and native integration with Linux make it particularly suited for high-performance computing environments and data centers.

Prerequisites for NFS Installation

Before proceeding with the NFS server installation on CentOS Stream 10, ensure your system meets the following requirements:

• A CentOS Stream 10 installation with regular updates applied
• Root access or a user account with sudo privileges
• Minimum 2GB RAM and 2 CPU cores (recommended for production environments)
• At least 10GB of free disk space for the operating system
• Additional storage space for the directories you plan to share
• A stable network connection with properly configured networking

Your server should have a static IP address configured to ensure clients can reliably connect to the NFS shares. Dynamic IP addressing can cause connection issues when the server’s IP changes. Additionally, proper hostname resolution through either DNS or the local hosts file will simplify administration and troubleshooting.

For production environments, consider implementing redundant network connections to improve availability and throughput, especially if you anticipate heavy file-sharing traffic.

Pre-Installation Steps

Before installing the NFS server packages, complete these preparatory steps to ensure a smooth installation process:

First, update your system packages to ensure you have the latest security patches and bug fixes:

sudo dnf update -y

Next, configure a static IP address if you haven’t already done so. Edit the network configuration file for your interface:

sudo nano /etc/sysconfig/network-scripts/ifcfg-enp0s3

Modify or add the following parameters (adjust according to your network):

BOOTPROTO=static
IPADDR=192.168.1.100
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
ONBOOT=yes

Set a proper hostname for your NFS server:

sudo hostnamectl set-hostname nfs-server.example.com

Update your hosts file to include the server’s hostname and IP address:

sudo nano /etc/hosts

Add an entry like:

192.168.1.100 nfs-server.example.com nfs-server

For SELinux configuration, you have two options: either disable it temporarily for testing purposes or configure it properly for NFS. For production environments, it’s recommended to configure SELinux rather than disable it. To temporarily disable SELinux:

sudo setenforce 0

To make this change persistent across reboots, edit the SELinux configuration file:

sudo nano /etc/selinux/config

Change SELINUX=enforcing to SELINUX=permissive.

Finally, synchronize your system time using NTP to prevent time-related issues:

sudo dnf install chrony -y
sudo systemctl enable --now chronyd

Installing NFS Server Components

Now that your system is prepared, you can proceed with installing the NFS server components. CentOS Stream 10 uses the DNF package manager, which simplifies the installation process.

Start by ensuring your package repositories are up to date:

sudo dnf clean all
sudo dnf makecache

Install the NFS utilities package, which contains all the necessary components for both server and client operations:

sudo dnf install nfs-utils -y

This package includes:

• NFS server daemons
• RPC support programs
• Administrative tools
• Supporting libraries

Additionally, you might want to install supporting packages for enhanced functionality:

sudo dnf install rpcbind nfs4-acl-tools -y

After installation, verify that the packages were installed correctly:

rpm -qa | grep nfs

This command should display a list of installed NFS-related packages. The key configuration files for NFS are:

• /etc/exports: Defines shared directories and their access permissions
• /etc/nfs.conf: Contains NFS server configuration parameters
• /etc/sysconfig/nfs: Contains additional configuration options

With the NFS server components successfully installed, you can now proceed to configure your NFS shares.

Creating NFS Shares

Creating well-structured NFS shares requires careful planning of directory hierarchies and permissions. The directories you share should follow a logical organization that meets your organization’s needs while maintaining security.

First, determine the locations you want to share. Common approaches include:

• Separate mount points for different shared resources
• Dedicated partitions for heavily used shares
• Logical volume management (LVM) for flexibility

For this example, let’s create several directories that serve different purposes:

sudo mkdir -p /nfs/general
sudo mkdir -p /nfs/home
sudo mkdir -p /nfs/backups

Next, set appropriate permissions and ownership for these directories. The permissions you set will affect how users can access the files when mounted on client systems:

sudo chmod 755 /nfs/general
sudo chown nobody:nobody /nfs/general

sudo chmod 770 /nfs/home
sudo chown root:users /nfs/home

sudo chmod 750 /nfs/backups
sudo chown root:backup /nfs/backups

Consider the following best practices when creating your directory structure:

• Separate read-only shares from read-write shares
• Group related data in logical hierarchies
• Use descriptive directory names
• Place frequently accessed data on faster storage
• Consider backup requirements when planning

If you plan to share existing data, ensure it’s properly prepared:

# For example, copying data to a share directory
sudo cp -rp /path/to/source/* /nfs/general/

# Ensuring correct permissions after copying
sudo find /nfs/general -type d -exec chmod 755 {} \;
sudo find /nfs/general -type f -exec chmod 644 {} \;

A well-planned directory structure simplifies administration, improves security, and enhances user experience when accessing shared resources.

Configuring /etc/exports File

The /etc/exports file is the central configuration file for NFS exports. Each line in this file defines a directory to be shared, the clients allowed to access it, and the specific options for that share.

Open the exports file for editing:

sudo nano /etc/exports

The basic syntax for each entry is:

/exported/directory client1(options) client2(options)

Let’s configure our example directories with different access controls:

/nfs/general *(ro,sync,all_squash)
/nfs/home 192.168.1.0/24(rw,sync,no_root_squash)
/nfs/backups 192.168.1.10(rw,sync,no_subtree_check) 192.168.1.11(ro,sync)

Let’s break down the common options:

Access options:

• ro: Read-only access
• rw: Read-write access

Synchronization options:

• sync: Writes changes to disk before replying (safer but slower)
• async: Replies before changes are written to disk (faster but riskier)

User mapping options:

• root_squash: Maps requests from uid/gid 0 to the anonymous uid/gid (default)
• no_root_squash: Allows remote root users to have root privileges
• all_squash: Maps all UIDs and GIDs to the anonymous user
• no_all_squash: Maps requests according to the remote user’s UID/GID (default)

Security options:

• secure: Requires that requests originate from secure ports (default)
• insecure: Allows requests from non-secure ports

Performance options:

• no_subtree_check: Disables subtree checking, which can improve reliability
• subtree_check: Enables subtree checking (useful when exporting a subdirectory)

For more complex scenarios, you might want to use wildcard characters or netgroups:

/nfs/projects 192.168.1.*(rw,sync) *.example.com(ro)
/nfs/confidential @trusted_hosts(rw,sync)

After configuring your exports file, save and exit the editor. The changes will take effect when you start or reload the NFS service in a later step.

Understanding NFS Security Options

Security is a critical consideration when configuring NFS servers. Understanding the various security options helps you strike the right balance between accessibility and protection.

The root_squash option is one of the most important security features in NFS. When enabled (which is the default), it maps requests from UID 0 (root) on clients to the anonymous UID, typically nobody (65534). This prevents remote root users from having full root access to your shared files.

/nfs/data 192.168.1.0/24(rw,sync,root_squash)

The no_root_squash option disables this protection, allowing remote root users to have root privileges on the shared filesystem. This should only be used in trusted environments:

/nfs/admin 192.168.1.5(rw,sync,no_root_squash)

The all_squash option is even more restrictive, mapping all user requests to the anonymous user, regardless of the remote user’s UID:

/nfs/public *(ro,all_squash)

You can specify which anonymous UID and GID to use with the anonuid and anongid options:

/nfs/uploads *(rw,all_squash,anonuid=1000,anongid=1000)

For NFSv4, Kerberos provides a robust authentication mechanism, offering three security levels:

• krb5: Authentication only
• krb5i: Authentication and integrity checking
• krb5p: Authentication, integrity, and privacy (encryption)

/nfs/secure *(rw,sec=krb5p)

When configuring NFS security, consider these best practices:

• Use the principle of least privilege
• Limit exports to specific hosts rather than using wildcards
• Use firewalls to restrict access to NFS ports
• Consider using NFSv4 with Kerberos for sensitive data
• Regularly audit your exports and access patterns
• Keep your NFS server updated with security patches

By carefully applying these security measures, you can significantly reduce the risk of unauthorized access to your shared data.

Starting and Managing NFS Services

Once you’ve configured your NFS shares, you need to start and enable the NFS services to make the shares available to clients. CentOS Stream 10 uses systemd for service management, which provides simple commands for controlling services.

Start the NFS server service:

sudo systemctl start nfs-server

To ensure the service starts automatically at boot time:

sudo systemctl enable nfs-server

Verify that the service is running correctly:

sudo systemctl status nfs-server

You should see output indicating the service is active (running).

The NFS server depends on several supporting services, including rpcbind. These dependencies should be automatically managed by systemd, but you can verify they’re running:

sudo systemctl status rpcbind

If you make changes to the /etc/exports file after starting the NFS service, you need to reload the exports:

sudo systemctl reload nfs-server

Alternatively, you can use the exportfs command:

sudo exportfs -ra

To check which shares are currently exported:

sudo exportfs -v

If you need to stop the NFS service for maintenance:

sudo systemctl stop nfs-server

For troubleshooting purposes, you can view the NFS server logs:

sudo journalctl -u nfs-server

These commands provide full control over the NFS service lifecycle, allowing you to start, stop, restart, and monitor the service as needed.

Firewall Configuration for NFS

Properly configuring your firewall is essential for allowing NFS traffic while maintaining security. CentOS Stream 10 uses firewalld as the default firewall management tool, which simplifies the process of opening ports for NFS services.

NFS requires several ports to function correctly:

• Port 2049 (TCP/UDP): Main NFS service
• Port 111 (TCP/UDP): rpcbind/portmapper
• Dynamic ports for auxiliary services (mountd, statd, lockd)

The simplest approach is to add the NFS service to firewalld:

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --permanent --add-service=mountd

For better security, you can restrict access to specific network ranges:

sudo firewall-cmd --permanent --add-service=nfs --zone=internal
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="nfs" accept'

To improve the predictability of your NFS configuration, it’s recommended to use static ports for the auxiliary services. Edit the NFS configuration file:

sudo nano /etc/sysconfig/nfs

Add or modify these lines:

MOUNTD_PORT=20048
STATD_PORT=20050
LOCKD_TCPPORT=20049
LOCKD_UDPPORT=20049

Then update your firewall rules to allow these specific ports:

sudo firewall-cmd --permanent --add-port=20048/tcp
sudo firewall-cmd --permanent --add-port=20048/udp
sudo firewall-cmd --permanent --add-port=20049/tcp
sudo firewall-cmd --permanent --add-port=20049/udp
sudo firewall-cmd --permanent --add-port=20050/tcp
sudo firewall-cmd --permanent --add-port=20050/udp

After making these changes, reload the firewall to apply the new rules:

sudo firewall-cmd --reload

To verify that the firewall is correctly configured, check the current rules:

sudo firewall-cmd --list-all

You can test connectivity from a client system using telnet or nmap to verify the ports are accessible:

telnet nfs-server 2049
nmap -p 111,2049,20048-20050 nfs-server

With these firewall settings in place, your NFS server should be accessible to authorized clients while remaining protected from unauthorized access.

Exporting NFS Shares

After configuring the /etc/exports file, you need to export the defined shares to make them available to clients. The exportfs command provides a flexible way to manage NFS exports without restarting the entire NFS service.

To export all directories listed in /etc/exports:

sudo exportfs -a

To re-export all directories, updating any changes made to /etc/exports:

sudo exportfs -ra

The -r flag refreshes the exports, and -a applies to all exports.

To view the current list of exported file systems:

sudo exportfs -v

This command displays detailed information about each export, including the export points and the applied options.

If you need to export a directory that isn’t in the /etc/exports file, you can do so temporarily:

sudo exportfs 192.168.1.100:/nfs/temp

This exports /nfs/temp to the specified client with default options.

To unexport a specific directory:

sudo exportfs -u 192.168.1.100:/nfs/temp

If you encounter issues with exports, check the status with:

sudo showmount -e localhost

This command shows the exports available from your server, which can help diagnose configuration problems.

Remember that changes made directly with exportfs are not persistent across reboots unless they’re also added to the /etc/exports file. Use this command primarily for testing or for temporary changes.

Setting Up NFS Client on CentOS

To access your NFS shares, you’ll need to configure client systems. This section covers setting up an NFS client on another CentOS Stream 10 system.

First, install the required NFS client packages:

sudo dnf install nfs-utils -y

Before mounting any shares, check what exports are available from your NFS server:

sudo showmount -e nfs-server

Replace nfs-server with your server’s hostname or IP address. This command should display a list of exported directories and their access restrictions.

Create mount points for each share you want to access:

sudo mkdir -p /mnt/nfs/general
sudo mkdir -p /mnt/nfs/home
sudo mkdir -p /mnt/nfs/backups

Test connectivity to the NFS server by pinging it:

ping nfs-server

If the server responds, you can proceed with mounting the shares. If not, check your network configuration and firewall settings.

For better reliability, ensure that the NFS client services are running:

sudo systemctl start rpcbind
sudo systemctl enable rpcbind

If you’re using NFSv4 with security features, you may need additional configuration, such as Kerberos setup or ID mapping. Refer to the CentOS documentation for these advanced configurations.

With these prerequisites in place, you’re ready to mount the NFS shares on your client system.

Mounting NFS Shares Temporarily

To temporarily mount an NFS share, use the mount command. This is useful for testing connections or for shares that you don’t need permanently mounted.

The basic syntax for mounting an NFS share is:

sudo mount -t nfs server:/exported/directory /mount/point

For example, to mount the general share we created earlier:

sudo mount -t nfs nfs-server:/nfs/general /mnt/nfs/general

You can specify additional options using the -o flag:

sudo mount -t nfs -o rw,soft,timeo=15,retrans=2 nfs-server:/nfs/home /mnt/nfs/home

Let’s explain some common mount options:

• rw/ro: Read-write or read-only access
• soft/hard: With soft, operations fail after timeout; with hard, they retry indefinitely
• timeo=N: Sets the timeout value in tenths of a second
• retrans=N: Number of retransmissions before failure
• noatime: Doesn’t update access times, which can improve performance
• nodiratime: Doesn’t update directory access times
• vers=4: Specifies the NFS version to use (3 or 4)

To verify that the share is mounted correctly:

mount | grep nfs

Test the mount by creating a test file (if you have write access):

touch /mnt/nfs/general/test_file

Check permissions and ownership:

ls -la /mnt/nfs/general/

If you encounter permission issues, verify that the UIDs and GIDs match between the server and client, or adjust the NFS server’s export options.

When you’re done using a temporary mount, unmount it with:

sudo umount /mnt/nfs/general

If the unmount command reports that the device is busy, use the lsof command to find which processes are using the mount:

sudo lsof | grep /mnt/nfs/general

Temporary mounts are ideal for testing and occasional use, but for persistent access, you’ll want to configure automatic mounting as described in the next section.

Configuring Persistent Mounts

For shares that should be available automatically after reboots, configure them in the /etc/fstab file. This ensures that your NFS mounts are persistent and available when the system starts.

Open the fstab file for editing:

sudo nano /etc/fstab

Add entries for your NFS shares using this format:

server:/exported/directory /mount/point nfs options 0 0

For example:

nfs-server:/nfs/general /mnt/nfs/general nfs rw,sync,hard,intr 0 0
nfs-server:/nfs/home /mnt/nfs/home nfs rw,sync,hard,intr 0 0
nfs-server:/nfs/backups /mnt/nfs/backups nfs ro,sync,hard,intr 0 0

The last two zeros represent the dump and fsck order. For NFS mounts, these are typically set to 0.

For better boot-time reliability, add the _netdev option, which indicates that the filesystem resides on a device requiring network access:

nfs-server:/nfs/general /mnt/nfs/general nfs rw,sync,hard,intr,_netdev 0 0

You can also add nofail to prevent boot delays if the NFS server is unavailable:

nfs-server:/nfs/general /mnt/nfs/general nfs rw,sync,hard,intr,_netdev,nofail 0 0

After editing /etc/fstab, test the configuration without rebooting:

sudo mount -a

This command attempts to mount all filesystems specified in /etc/fstab. If there are any issues, they will be reported, allowing you to correct the configuration before rebooting.

Verify that the mounts are working correctly:

df -h | grep nfs

With persistent mounts configured, your NFS shares will be automatically mounted when the system boots, providing seamless access to shared resources.

Automounting with Autofs

While /etc/fstab is suitable for shares that should always be mounted, autofs provides a more flexible approach by mounting shares only when they’re accessed and automatically unmounting them after a period of inactivity. This can improve system performance and resource usage.

First, install the autofs package:

sudo dnf install autofs -y

Configure the master map file:

sudo nano /etc/auto.master

Add a line for your NFS mounts:

/mnt/nfs /etc/auto.nfs --timeout=60

This tells autofs to look in /etc/auto.nfs for mount configurations and to automatically unmount shares after 60 seconds of inactivity.

Next, create the map file for your NFS mounts:

sudo nano /etc/auto.nfs

Add entries for your shares:

general -rw,soft,intr nfs-server:/nfs/general
home   -rw,soft,intr nfs-server:/nfs/home
backups -ro,soft,intr nfs-server:/nfs/backups

The format for each entry is:

mount-point [mount-options] server:/exported/directory

Autofs supports two types of maps:

• Direct maps: The mount point is specified as the full path
• Indirect maps: The mount point is relative to the parent directory specified in auto.master

After configuring autofs, start and enable the service:

sudo systemctl start autofs
sudo systemctl enable autofs

Unlike traditional mounts, with autofs, you don’t need to create the mount point directories in advance. Autofs will create them as needed.

To test your autofs configuration, try accessing one of the shares:

ls /mnt/nfs/general

The first access might be slightly slower as autofs mounts the share. Subsequent accesses will be faster until the share is unmounted due to inactivity.

To verify that a share is mounted:

mount | grep nfs

Autofs provides several advantages over traditional mounting:

• Reduces resource usage by mounting shares only when needed
• Handles network interruptions gracefully
• Makes it easier to add or remove mounts without editing multiple files
• Improves boot times by not waiting for network mounts

These features make autofs particularly useful in environments with many NFS shares or where network reliability might be a concern.

Testing NFS Performance and Functionality

After setting up your NFS server and clients, it’s important to test both functionality and performance to ensure optimal operation.

Start by verifying that files can be created, read, and deleted on the mounted shares (assuming you have write access):

# Creating a test file
touch /mnt/nfs/general/test_file

# Writing to the file
echo "NFS test" > /mnt/nfs/general/test_file

# Reading the file
cat /mnt/nfs/general/test_file

# Removing the file
rm /mnt/nfs/general/test_file

Test file ownership and permissions by creating files as different users (if applicable) and checking the resulting ownership:

sudo -u user1 touch /mnt/nfs/home/user1_file
ls -la /mnt/nfs/home/user1_file

For performance testing, you can use tools like dd to measure read and write speeds:

# Write test
time dd if=/dev/zero of=/mnt/nfs/general/testfile bs=1M count=1000

# Read test
time dd if=/mnt/nfs/general/testfile of=/dev/null bs=1M

For more comprehensive performance testing, consider using specialized tools like iozone or fio:

sudo dnf install iozone -y
iozone -a -n 512M -g 2G -i 0 -i 1 -f /mnt/nfs/general/test

Monitor NFS operations and performance metrics using nfsstat:

nfsstat -c  # Client statistics
nfsstat -s  # Server statistics

Check network throughput with iftop or nethogs:

sudo dnf install iftop -y
sudo iftop -i eth0

If you encounter performance issues, investigate potential bottlenecks:

• Network bandwidth limitations
• Disk I/O constraints
• CPU utilization
• Memory usage

Use the top, iostat, and vmstat commands to monitor system resources during heavy NFS usage:

top
iostat -x 5
vmstat 5

By thoroughly testing functionality and performance, you can identify and address issues before they impact users in a production environment.

Troubleshooting Common NFS Issues

Even with careful configuration, NFS issues can arise. This section covers common problems and their solutions.

Issue: “Permission denied” errors

Possible causes:

• Incorrect export options in /etc/exports
• UID/GID mismatch between server and client
• SELinux restrictions

Solutions:

# Check export options
sudo exportfs -v

# Verify SELinux context on the server
sudo ls -lZ /nfs/general

# Temporarily set SELinux to permissive mode
sudo setenforce 0

# Configure SELinux for NFS
sudo setsebool -P nfs_export_all_rw 1

Issue: “RPC: Program not registered” errors

Possible causes:

• NFS services not running
• RPC binding issues

Solutions:

# Check service status
sudo systemctl status nfs-server
sudo systemctl status rpcbind

# Restart services
sudo systemctl restart rpcbind
sudo systemctl restart nfs-server

# Verify RPC registration
rpcinfo -p

Issue: Mount timeouts

Possible causes:

• Firewall blocking NFS ports
• Network connectivity issues
• Server overload

Solutions:

# Check firewall status
sudo firewall-cmd --list-all

# Test network connectivity
ping nfs-server
telnet nfs-server 2049

# Check server load
top

Issue: Connection refused

Possible causes:

• NFS server not running
• Incorrect hostname or IP
• Export restrictions

Solutions:

# Verify server is running
sudo systemctl status nfs-server

# Check exports
sudo showmount -e nfs-server

# Try mounting with IP address instead of hostname
sudo mount -t nfs 192.168.1.100:/nfs/general /mnt/nfs/general

Issue: Stale file handles

Possible causes:

• Files deleted or moved on server while mounted on client
• Server restarted with different export configuration

Solution:

# Remount the share
sudo umount -f /mnt/nfs/general
sudo mount -t nfs nfs-server:/nfs/general /mnt/nfs/general

For troubleshooting, check these log files:

sudo journalctl -u nfs-server
sudo journalctl -u rpcbind

On the client side:

dmesg | grep nfs

The nfsidmap command can help with ID mapping issues in NFSv4:

sudo nfsidmap -c

By methodically working through these troubleshooting steps, you can identify and resolve most common NFS issues and maintain a reliable file-sharing environment.

Performance Tuning for NFS

To maximize NFS performance, consider these optimization techniques based on your specific workload and network environment.

Network Buffer Size Optimization

Adjust TCP buffer sizes to improve throughput, especially on high-speed networks:

sudo sysctl -w net.core.rmem_max=16777216
sudo sysctl -w net.core.wmem_max=16777216

To make these changes persistent, add them to /etc/sysctl.conf:

sudo nano /etc/sysctl.conf

Add:

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

Read/Write Block Sizes

When mounting NFS shares, specify optimal read and write sizes:

sudo mount -t nfs -o rsize=1048576,wsize=1048576 nfs-server:/nfs/general /mnt/nfs/general

For /etc/fstab:

nfs-server:/nfs/general /mnt/nfs/general nfs rsize=1048576,wsize=1048576 0 0

Sync vs Async Considerations

For better performance at the cost of some safety:

/nfs/general 192.168.1.0/24(rw,async,no_subtree_check)

For improved data integrity with somewhat lower performance:

/nfs/general 192.168.1.0/24(rw,sync,no_subtree_check)

Caching Options

Enable client-side caching for improved read performance:

sudo mount -t nfs -o rw,actimeo=600 nfs-server:/nfs/general /mnt/nfs/general

The actimeo parameter sets the time in seconds that attributes and directory entries are cached.

NFS Version Selection

NFSv4 generally offers better performance than NFSv3, especially over higher-latency networks:

sudo mount -t nfs -o vers=4 nfs-server:/nfs/general /mnt/nfs/general

Monitoring Tools

Use these tools to monitor and analyze NFS performance:

# Show NFS operation statistics
nfsstat

# Monitor filesystem I/O
iostat -x 5

# Track NFS RPC calls
nfsiostat 5

# Network throughput monitoring
iftop -i eth0

For filesystems that experience heavy metadata operations (like many small files), using NFSv4 with its compound operations can significantly improve performance.

Consider enabling no_subtree_check to reduce the server load:

/nfs/general 192.168.1.0/24(rw,no_subtree_check)

By carefully tuning these parameters based on your specific workload characteristics and monitoring the results, you can achieve optimal NFS performance for your environment.

Advanced NFS Configuration

For enterprise environments and specialized use cases, NFS offers advanced configuration options that enhance security, reliability, and integration with other systems.

NFSv4 Pseudo-filesystem

NFSv4 introduces the concept of a pseudo-filesystem, which creates a unified namespace for all exports. To implement this:

sudo nano /etc/exports

Add:

/export        192.168.1.0/24(fsid=0,rw,sync,no_subtree_check)
/export/home   192.168.1.0/24(rw,sync,no_subtree_check)
/export/data   192.168.1.0/24(rw,sync,no_subtree_check)

Then create the necessary directory structure:

sudo mkdir -p /export/{home,data}
sudo mount --bind /nfs/home /export/home
sudo mount --bind /nfs/general /export/data

Make these bind mounts persistent in /etc/fstab:

/nfs/home    /export/home    none    bind    0 0
/nfs/general    /export/data    none    bind    0 0

ID Mapping Configuration

For consistent user and group ID mapping in NFSv4:

sudo nano /etc/idmapd.conf

Configure the domain and mapping methods:

[General]
Domain = example.com

[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup

Kerberos Integration

For enhanced security with Kerberos authentication:

sudo dnf install krb5-workstation -y

Edit the /etc/exports file to use Kerberos security:

/nfs/secure 192.168.1.0/24(rw,sec=krb5p,sync)

High-Availability Considerations

For mission-critical environments, implement NFS with Pacemaker and Corosync:

sudo dnf install pacemaker corosync pcs -y
sudo systemctl enable pcsd
sudo systemctl start pcsd

Load Balancing Options

For improved scalability, consider DNS round-robin or dedicated load balancers with multiple NFS servers exporting the same data.

Backup Strategies

Implement consistent backups of NFS shares:

# Create a snapshot before backup
sudo lvcreate -L5G -s -n nfs_snapshot /dev/vg0/nfs_volume

# Mount the snapshot
sudo mount /dev/vg0/nfs_snapshot /mnt/snapshot

# Perform backup
sudo rsync -avzP /mnt/snapshot/ /backup/nfs/

# Clean up
sudo umount /mnt/snapshot
sudo lvremove -f /dev/vg0/nfs_snapshot

By implementing these advanced configurations, you can build a robust, secure, and highly available NFS infrastructure that meets enterprise requirements and scales with your organization’s needs.

Congratulations! You have successfully setup the NFS Server. Thanks for using this tutorial for installing the R and NFS Server on CentOS Stream 10 system. For additional help or useful information, we recommend you check the official NFS Server website.