How to Easily Configure External NFS Server

By September 27, 2016 HowTo No Comments
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

jelastic-nfs-configurationJelastic DevOps platform allows to interact with Data Storage Container not only internally (i.e. within a single account or platform), but also with external instances anywhere over the Internet. This means that it supports both mounting data from a third-party NFS storage server and exporting files from your Jelastic-hosted instance worldwide. Herewith, some special manual adjustments are required to be preliminary performed on your server for each of these cases. And today we will proceed sharing our series of technical how-to articles and describe the thorough flow for configuring any NFS-based storage server on the example of Jelastic Dedicated Storage Container usage.

1. First of all, in order to share data over the Internet, it’s required to attach a Public IP address to your server:attach-public-ip-in-jelastic

2. Next, you need to declare the list of directories you’d like to share within the corresponding etc/exports file (in Jelastic, it can be easily accessed through the Exports section of the inbuilt Configuration Manager, opened with the Config button).

Here, the following format should be used:

{directory} {server}([option],[option],..)

jelastic-configurations-manager

where:

  • {directory} – path to the folder (relative to the Root folder) that should be exported
  • {server}custom domain name or Public IP address of the client node the exported files should be mounted at

Note: In case your Jelastic instance does not have an external address attached, you can alternatively use IP of its hardware node. It could be obtained through executing the following command through your terminal while being connected to the required container via SSH:

curl ifconfig.co

config-command-jelasticBe aware that such flow is highly insecure and should not be used for production purposes, as it will make your shared data available for any container on the same hardware node.

  • [option] – some additional parameters to describe the access permissions, where the main are:
    • async – allows client server to receive a response from the storage as soon as its request on adding content is processed (but before the data is actually written to a storage). This gives better performance but leaves a risk that some part of your data may be lost if the storage server will be stopped when still holding unwritten data in its cache. To increase reliability, an opposite sync option can be used;
    • ro – defines read-only permissions to make the client node available to view the shared data but not to edit it;
    • rw – states read & write permissions for the client node so it will be able to view and edit the shared data;
    • no_root_squash – gives root user of a client server the same level of access to the files as a root user on a storage container has;
    • no_subtree_check – disables the subtree checking option, which verifies whether the requested file should be accessible (can come in handy if only a part of the folder is exported, or to speed up a transfer in case of exporting the entire directory by means of eliminating the necessity to re-check which files should be available).
Tip: For the additional security, you can configure the corresponding etc/hosts.allow and etc/hosts.deny files to manage a list of hosts, that NFS server will be able to work with.

Don’t forget to Save the changes you’ve made.

3. To apply new export settings, the corresponding unfsd service should be restarted. This can be done via SSH by means of the following command (in our case):

service unfsd.jelastic restart

Tip: In the case you haven’t work with Jelastic containers over SSH before, you need to:

4. Next, you need to open the NFS server ports for the client IP address. This can be done through the appropriate iptable rules addition:

iptables -I INPUT -p tcp -m multiport --dports 111,2049 -s {client_IP} -j ACCEPT
iptables -I INPUT -p udp -m multiport --dports 111,2049 -s {client_IP} -j ACCEPT

where {client_IP}  is the same external address of your client container you’ve exported the directory(ies) for in the first step.

5. Additionally, take into consideration that in order to be editable (i.e. if clients have been granted RW rights), the mounted from a storage folder should have the same permissions for the same user as on a client node (since the default user names may vary for different servers – e.g. root and jelastic).

So, if needed, execute the following command on your storage server to adjust the rights:

chown {uid}:{gid} {path}

Here:

  • {uid} – user ID, which can be found in the /etc/passwd file of your Jelastic container
  • {gid} – group identifier, that is shown within the /etc/group file of your Jelastic node
  • {path} – path to the directory you’d like to change the permissions for

adjust-the-rights-command-jelastic

And that’s all – now your data storage server is ready! Take a try and configure it on your own: just register at one of the Jelastic Cloud Hosting partners.   

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Leave a Reply

Subscribe to get the latest updates