Mounting file shares in CentOS
Use these instructions to connect a CentOS Linux®-based IBM Cloud® Compute Instance to a Network File System (NFS) file share.
Before you begin
-
If your file share was set up with VPC access mode, verify that the virtual server instance where you want to mount the share is in the same zone as the file share. If the file share was set up with Security group access mode, verify that the virtual server instance is part of the same security group. For more information, see Mount target access modes.
-
Confirm that a mount target for the share exists for the VPC that the instance resides in. If a new mount target is needed, follow the instructions in Creating file shares and mount targets.
-
Get the mount path of the file share from the mount target. Mount path information can be obtained from the File share details page in the UI, from the CLI, with the API or Terraform.
-
If you want to use encryption in transit, you need to obtain an IPsec certificate from the Instance Metadata service. Ensure that encryption in transit is enabled for the mount target. Plus, mount the file share with a secure connection. This feature is only available for file shares with
dp2profiles and security group access mode. For more information, see Encryption in transit - Securing mount connections between file share and host.Install and run the mount helper utility to mount file shares with encryption in transit or without an encrypted connection.
File Storage for VPC service requires NFS versions v4.1 or higher.
Mounting the file share on CentOS
Mount a file share on a CentOS host by following these steps. The examples are based on CentOS 8. The steps are similar to the ones that are described on Mounting file shares on Red Hat Enterprise Linux®.
SSH into the Compute instance where you want to mount the file share, then continue with these steps:
-
Install the required tools.
yum install nfs-utils -
Create a directory in your instance.
mkdir /mnt/test -
Mount the remote file share.
mount -t nfs4 -o <options> <host:/mount_target> /mntSee following example.
mount -t nfs4 -o sec=sys,nfsvers=4.1 fsf-dal2433a-dz.adn.networklayer.com:/nxg_s_voll_246a9cb9-4679-4dc5-9522-4a7ed2575136 /mnt/test -
Verify that the mount was successful with the disk file system command.
$ df -h Filesystem Size Used Avail Use% Mounted on udev 3.9G 0 3.9G 0% /dev tmpfs 798M 660K 798M 1% /run /dev/vda2 99G 1.6G 93G 2% / tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup /dev/vda1 240M 73M 155M 33% /boot fsf-dal2433a-dz.adn.networklayer.com:/nxg_s_voll_246a9cb9-4679-4dc5-9522-4a7ed2575136 190G 384K 190G 1% /mnt/test tmpfs 798M 0 798M 0% /run/user/0 -
Go to the mount point to create a test file and list all files to verify that the share is mounted as read/write.
touch /mnt/test/test.txt ls -al /mnt/test$ touch /mnt/test/test.txt ls -al /mnt/test total 12 drwxr-xr-x 2 nobody nobody 4096 Apr 8 15:52 . dr-xr-xr-x. 22 root root 4096 Apr 8 14:30 .. -rw-r--r-- 1 nobody nobody 0 Apr 8 15:52 test.txtThe files are created by root and have an ownership of
nobody:nobody. To display the ownership correctly, updateidmapd.confwith the correct domain settings. For more information, see How to implement no_root_squash for NFS. -
Mount the remote file share on start. To complete the setup, you must edit the file systems table (
/etc/fstab) and add the remote file share to the list of entries that are automatically mounted on startup. Before you create an entry in thefstab, perform the following steps to add the mount path hostname to/etc/hosts.-
Get the
hostname.comportion of the mount path, for examplefsf-dal2433a-dz.adn.networklayer.comand get the IP address. Run the following command from the instance to get the IP address.host hostname.comSee following example.
host fsf-dal2433a-dz.adn.networklayer.com fsf-dal2433a-dz.adn.networklayer.com has address 203.0.113.0If you get a command not found error when you run
hostcommand, useyum install bind-utilsto install it. -
Edit
/etc/hostsand add an IP to the hostname entry.<IP_Address> hostname.comhostname.comSee following example.
198.51.100.0 fsf-dal2433a-dz.adn.networklayer.com -
Edit the file systems table
/etc/fstab, and add an entry.(hostname):/(file_share_path) /mnt nfs_version options 0 0See following example.
fsf-dal2433a-dz.adn.networklayer.com:/nxg_s_voll_246a9cb9-4679-4dc5-9522-4a7ed2575136 /mnt/test nfs4 nfsvers=4.1,sec=sys,_netdev 0 0
-
-
Verify that the configuration file has no errors.
mount -favIf the command completes without errors, your setup is complete.
For NFS 4.1, add
sec=systo the mount command to prevent file ownership issues. Use_netdevto wait for the storage to get mounted until after all network components are started.
Implementing no_root_squash for NFS (optional)
By default, NFS downgrades any files that were created with the root permissions to the nobody user. This security feature prevents privileges from being shared unless they are requested.
By configuring no_root_squash, root clients can retain root permissions on the remote NFS file share.
For NFSv4.1, set the nfsv4 domain to: slnfsv4.com, and start rpcidmapd or a similar service that is used by your OS. See following example.
-
From the host, set the domain setting in
/etc/idmapd.conf.$ vi /etc/idmapd.conf [General] #Verbosity = 0 #The following should be set to the local NFSv4 domain name #The default is the host's DNS domain name. Domain = slnfsv4.com [Mapping] Nobody-User = nobody Nobody-Group = nobody -
Run
nfsidmap -c.
Unmounting the file system
To unmount any currently mounted file system on your host, run the umount command with disk name or mount point name.
umount /dev/sdb
umount /mnt