🗄️ AlmaLinux NFS Server Configuration: Complete Network File System Guide

Welcome to the ultimate AlmaLinux NFS (Network File System) server configuration guide! 🎉 NFS is the native file sharing protocol for Unix and Linux systems, providing high-performance network storage that’s perfect for clusters, virtualization environments, and enterprise Linux deployments. Whether you’re building a compute cluster, setting up shared storage for containers, or creating centralized home directories, NFS delivers blazing-fast network storage! 🌟

NFS might seem technical, but it’s actually one of the most efficient ways to share files between Linux systems. By the end of this guide, you’ll have a robust, secure NFS server that can handle everything from basic file sharing to advanced enterprise storage requirements! 🚀

🤔 Why is NFS Server Important?

NFS servers are essential for Linux and Unix environments! Here’s why setting up your own NFS server is incredibly valuable: ✨

• ⚡ High Performance: Native Linux protocol with minimal overhead for maximum speed
• 🖥️ Transparent Access: Mount remote filesystems as if they were local storage
• 🔄 Live Migration: Support for VM and container live migration with shared storage
• 📈 Scalability: Handle thousands of concurrent connections efficiently
• 🛡️ Security Options: Support for Kerberos authentication and encryption
• 💾 POSIX Compliance: Full Unix file permissions and attributes support
• 🎯 Cluster Support: Essential for high-performance computing clusters
• 🔧 Simple Management: Easy configuration and maintenance
• 📊 Resource Efficiency: Low CPU and memory overhead
• 🌐 Cross-Platform: Works with all Unix-like systems including macOS

🎯 What You Need

Before we start building your NFS server, make sure you have these essentials ready:

✅ AlmaLinux 9.x server with root or sudo access ✅ Minimum 2GB RAM and 20GB+ disk space ✅ Static IP address configured on the server ✅ Network connectivity to client systems ✅ Basic Linux command knowledge (we’ll guide you!) ✅ Terminal/SSH access to your server ✅ Text editor familiarity (nano, vim, or gedit) ✅ Firewall admin access for port configuration ✅ Linux client systems to test NFS mounts ✅ Storage planning for exported directories

📝 Step 1: System Preparation and Package Installation

Let’s start by preparing your AlmaLinux system and installing NFS packages! 🎯

# Update system packages to latest versions
sudo dnf update -y

# Install NFS server packages
sudo dnf install -y nfs-utils

# Install additional utilities for management
sudo dnf install -y rpcbind showmount

# Install network utilities for troubleshooting
sudo dnf install -y net-tools lsof tcpdump

# Check installed NFS version
rpm -qa | grep nfs-utils

# Check system hostname
hostname -f
hostnamectl

# Verify network configuration
ip addr show
ip route show

# Check current kernel version (important for NFSv4 features)
uname -r

# Test network connectivity
ping -c 3 google.com

Expected output:

Complete!
nfs-utils-2.5.4-15.el9.x86_64
nfs-server.company.local
   Static hostname: nfs-server.company.local
         Icon name: computer-vm
           Chassis: vm
    Virtualization: kvm
  Operating System: AlmaLinux 9.2 (Turquoise Kodkod)
5.14.0-284.30.1.el9_2.x86_64

Perfect! 🌟 NFS packages are installed and the system is ready for configuration!

🔧 Step 2: Configure NFS Exports

Create and configure directories to be shared via NFS! ⚡

# Create directory structure for NFS exports
sudo mkdir -p /srv/nfs/{shared,home,data,backup}
sudo mkdir -p /srv/nfs/projects/{active,archive}
sudo mkdir -p /srv/nfs/departments/{engineering,sales,marketing}

# Set base permissions
sudo chmod 755 /srv/nfs

# Configure shared directory (read-write for all)
sudo chmod 777 /srv/nfs/shared

# Configure home directory
sudo chmod 755 /srv/nfs/home

# Configure data directory (group writable)
sudo chmod 775 /srv/nfs/data
sudo chown root:users /srv/nfs/data

# Configure backup directory (restricted)
sudo chmod 750 /srv/nfs/backup
sudo chown root:backup /srv/nfs/backup

# Create test files
echo "Welcome to NFS Shared Storage" | sudo tee /srv/nfs/shared/README.txt
echo "NFS Server Test File" | sudo tee /srv/nfs/shared/test.txt

# Create NFS exports configuration
sudo tee /etc/exports << 'EOF'
# NFS Exports Configuration
# Format: directory client(options)

# Public read-only share
/srv/nfs/shared        *(ro,sync,no_subtree_check,no_root_squash)

# Read-write share for specific network
/srv/nfs/data          192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/data          10.0.0.0/8(rw,sync,no_subtree_check,root_squash)

# Home directories with secure options
/srv/nfs/home          192.168.1.0/24(rw,sync,no_subtree_check,root_squash,all_squash,anonuid=1000,anongid=1000)

# Backup directory - restricted access
/srv/nfs/backup        192.168.1.10(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/backup        192.168.1.11(rw,sync,no_subtree_check,no_root_squash)

# Project directories with different permissions
/srv/nfs/projects/active       192.168.1.0/24(rw,sync,no_subtree_check)
/srv/nfs/projects/archive      192.168.1.0/24(ro,sync,no_subtree_check)

# Department shares
/srv/nfs/departments/engineering   192.168.1.0/24(rw,sync,no_subtree_check,root_squash)
/srv/nfs/departments/sales        192.168.1.0/24(rw,sync,no_subtree_check,root_squash)
/srv/nfs/departments/marketing    192.168.1.0/24(rw,sync,no_subtree_check,root_squash)

# NFSv4 pseudo-filesystem root
/srv/nfs               192.168.1.0/24(rw,sync,no_subtree_check,fsid=0,crossmnt)
EOF

# Verify exports configuration
sudo exportfs -av

# Check export list
sudo exportfs -v

# Show current exports
showmount -e localhost

Expected output:

exporting 192.168.1.0/24:/srv/nfs/shared
exporting *:/srv/nfs/shared
exporting 192.168.1.0/24:/srv/nfs/data
exporting 10.0.0.0/8:/srv/nfs/data
Export list for localhost:
/srv/nfs/shared *
/srv/nfs/data 192.168.1.0/24,10.0.0.0/8

Excellent! ✅ NFS exports are configured and ready to share!

🌟 Step 3: Configure NFSv4 and Advanced Settings

Set up NFSv4 with advanced features for better performance and security! 📊

# Configure NFSv4 ID mapping
sudo tee /etc/idmapd.conf << 'EOF'
[General]
Verbosity = 0
Domain = company.local

[Mapping]
Nobody-User = nobody
Nobody-Group = nobody

[Translation]
Method = nsswitch

[Static]
# Static ID mappings can be added here
EOF

# Configure NFS server settings
sudo tee /etc/nfs.conf << 'EOF'
[nfsd]
# Number of NFS server threads
threads = 16

# Enable NFSv4
vers4 = y
vers4.0 = y
vers4.1 = y
vers4.2 = y

# Disable older versions for security
vers2 = n
vers3 = y

# Port configuration
port = 2049

# TCP and UDP support
tcp = y
udp = y

[exports]
# Root of NFSv4 pseudo-filesystem
rootdir = /srv/nfs

[mountd]
# Mount daemon configuration
threads = 8
port = 20048

[statd]
# Status daemon configuration
port = 32765
outgoing-port = 32766

[lockd]
# Lock daemon ports
port = 32768

[gssd]
# GSS daemon for Kerberos (if using)
use-memcache = 1
avoid-dns = 1
EOF

# Configure system parameters for better NFS performance
sudo tee /etc/sysctl.d/nfs-performance.conf << 'EOF'
# NFS Performance Tuning
net.core.rmem_default = 262144
net.core.rmem_max = 134217728
net.core.wmem_default = 262144
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 134217728
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.netdev_max_backlog = 30000

# NFS-specific settings
sunrpc.tcp_slot_table_entries = 128
sunrpc.tcp_max_slot_table_entries = 128
EOF

# Apply sysctl settings
sudo sysctl -p /etc/sysctl.d/nfs-performance.conf

# Create NFSv4 only exports for better security
sudo mkdir -p /export/{home,data,shared}

# Bind mount directories for NFSv4
echo "/srv/nfs/home    /export/home    none    bind    0    0" | sudo tee -a /etc/fstab
echo "/srv/nfs/data    /export/data    none    bind    0    0" | sudo tee -a /etc/fstab
echo "/srv/nfs/shared  /export/shared  none    bind    0    0" | sudo tee -a /etc/fstab

# Mount the bind mounts
sudo mount -a

# Add NFSv4 exports
sudo tee -a /etc/exports << 'EOF'

# NFSv4 exports with pseudo-root
/export                192.168.1.0/24(rw,sync,no_subtree_check,fsid=0,crossmnt)
/export/home           192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)
/export/data           192.168.1.0/24(rw,sync,no_subtree_check)
/export/shared         192.168.1.0/24(rw,sync,no_subtree_check)
EOF

# Re-export all shares
sudo exportfs -ra

# Verify NFSv4 exports
sudo exportfs -v | grep fsid

Expected output:

net.core.rmem_default = 262144
net.core.rmem_max = 134217728
sunrpc.tcp_slot_table_entries = 128
/export        192.168.1.0/24(rw,sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,...)

Amazing! 🌟 NFSv4 is configured with advanced performance settings!

✅ Step 4: Configure Firewall and Start Services

Set up firewall rules and start NFS services! 🔥

# Enable and start firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Add NFS service to firewall
sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=nfs3
sudo firewall-cmd --permanent --add-service=mountd
sudo firewall-cmd --permanent --add-service=rpc-bind

# Add specific ports for NFS
sudo firewall-cmd --permanent --add-port=2049/tcp
sudo firewall-cmd --permanent --add-port=2049/udp
sudo firewall-cmd --permanent --add-port=111/tcp
sudo firewall-cmd --permanent --add-port=111/udp
sudo firewall-cmd --permanent --add-port=20048/tcp
sudo firewall-cmd --permanent --add-port=20048/udp

# Add lock manager ports
sudo firewall-cmd --permanent --add-port=32765-32768/tcp
sudo firewall-cmd --permanent --add-port=32765-32768/udp

# Add SSH for management
sudo firewall-cmd --permanent --add-service=ssh

# Reload firewall rules
sudo firewall-cmd --reload

# Verify firewall configuration
sudo firewall-cmd --list-all

# Enable and start RPC bind service
sudo systemctl enable rpcbind
sudo systemctl start rpcbind

# Enable and start NFS server
sudo systemctl enable nfs-server
sudo systemctl start nfs-server

# Enable related services
sudo systemctl enable nfs-idmapd
sudo systemctl start nfs-idmapd

# Check service status
sudo systemctl status nfs-server
sudo systemctl status rpcbind

# Verify NFS is running
rpcinfo -p localhost

# Check NFS server status
nfsstat -s

# Verify exports are available
showmount -e localhost

Expected output:

success
public (active)
  services: nfs nfs3 mountd rpc-bind ssh
  ports: 2049/tcp 2049/udp 111/tcp 111/udp 20048/tcp 20048/udp 32765-32768/tcp 32765-32768/udp

● nfs-server.service - NFS server and services
     Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled)
     Active: active (exited) since Tue 2025-09-17 15:00:15 EDT

   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100003    4   tcp   2049  nfs
    100005    3   tcp  20048  mountd

Perfect! 🎉 NFS server is running with all necessary services!

🔧 Step 5: Configure NFS Clients

Set up client systems to mount NFS shares! 💻

# On client systems, install NFS utilities
sudo dnf install -y nfs-utils

# Create mount points on client
sudo mkdir -p /mnt/nfs/{shared,data,home}

# Test NFS server connectivity from client
showmount -e NFS_SERVER_IP

# Mount NFS shares temporarily
sudo mount -t nfs4 NFS_SERVER_IP:/ /mnt/nfs/shared
sudo mount -t nfs4 NFS_SERVER_IP:/data /mnt/nfs/data
sudo mount -t nfs4 NFS_SERVER_IP:/home /mnt/nfs/home

# Verify mounts
df -h | grep nfs
mount | grep nfs

# Test read/write access
echo "Test from client" | sudo tee /mnt/nfs/shared/client-test.txt
cat /mnt/nfs/shared/README.txt

# Configure permanent mounts in /etc/fstab
sudo tee -a /etc/fstab << 'EOF'
# NFS Mounts
NFS_SERVER_IP:/shared    /mnt/nfs/shared    nfs4    defaults,_netdev,auto    0    0
NFS_SERVER_IP:/data      /mnt/nfs/data      nfs4    defaults,_netdev,auto    0    0
NFS_SERVER_IP:/home      /mnt/nfs/home      nfs4    defaults,_netdev,auto    0    0
EOF

# Create autofs configuration for automatic mounting
sudo dnf install -y autofs

# Configure autofs master map
sudo tee /etc/auto.master.d/nfs.autofs << 'EOF'
/mnt/nfs    /etc/auto.nfs    --timeout=60
EOF

# Configure autofs NFS map
sudo tee /etc/auto.nfs << 'EOF'
shared    -fstype=nfs4,rw,soft,intr    NFS_SERVER_IP:/shared
data      -fstype=nfs4,rw,soft,intr    NFS_SERVER_IP:/data
home      -fstype=nfs4,rw,soft,intr    NFS_SERVER_IP:/home
EOF

# Enable and start autofs
sudo systemctl enable autofs
sudo systemctl start autofs

# Create client mount testing script
sudo tee /usr/local/bin/test-nfs-mounts.sh << 'EOF'
#!/bin/bash
# Test NFS Mounts

NFS_SERVER="$1"
if [ -z "$NFS_SERVER" ]; then
    echo "Usage: $0 <nfs-server-ip>"
    exit 1
fi

echo "=== Testing NFS Server: $NFS_SERVER ==="

# Check server exports
echo -e "\n=== Available Exports ==="
showmount -e $NFS_SERVER

# Test mounting each export
echo -e "\n=== Mount Tests ==="
EXPORTS=$(showmount -e $NFS_SERVER | tail -n +2 | awk '{print $1}')

for EXPORT in $EXPORTS; do
    MOUNT_POINT="/tmp/nfs-test-$(basename $EXPORT)"
    echo "Testing $EXPORT..."

    # Create temporary mount point
    sudo mkdir -p $MOUNT_POINT

    # Try to mount
    if sudo mount -t nfs4 $NFS_SERVER:$EXPORT $MOUNT_POINT 2>/dev/null; then
        echo "  Mount: SUCCESS"

        # Test read
        if ls $MOUNT_POINT >/dev/null 2>&1; then
            echo "  Read: SUCCESS"
        else
            echo "  Read: FAILED"
        fi

        # Test write
        if touch $MOUNT_POINT/test-write-$(date +%s).txt 2>/dev/null; then
            echo "  Write: SUCCESS"
            rm -f $MOUNT_POINT/test-write-*.txt 2>/dev/null
        else
            echo "  Write: FAILED (may be read-only)"
        fi

        # Unmount
        sudo umount $MOUNT_POINT
    else
        echo "  Mount: FAILED"
    fi

    # Clean up
    sudo rmdir $MOUNT_POINT 2>/dev/null
done

echo -e "\n=== Test Complete ==="
EOF

sudo chmod +x /usr/local/bin/test-nfs-mounts.sh

# Run mount test
sudo /usr/local/bin/test-nfs-mounts.sh localhost

Expected output:

Export list for NFS_SERVER_IP:
/srv/nfs/shared *
/srv/nfs/data 192.168.1.0/24

NFS_SERVER_IP:/shared on /mnt/nfs/shared type nfs4 (rw,relatime,vers=4.2,...)
Test from client
Welcome to NFS Shared Storage

Excellent! ✅ Client configuration is complete and mounts are working!

🎮 Quick Examples

Here are practical examples of using your NFS server in real scenarios! 🌟

Example 1: High-Performance Computing Cluster 🖥️

# Configure NFS for HPC cluster shared storage
sudo mkdir -p /srv/nfs/hpc/{scratch,apps,datasets,results}

# Set up high-performance exports
sudo tee -a /etc/exports << 'EOF'
# HPC Cluster Exports
/srv/nfs/hpc/scratch   192.168.100.0/24(rw,async,no_subtree_check,no_root_squash)
/srv/nfs/hpc/apps      192.168.100.0/24(ro,sync,no_subtree_check)
/srv/nfs/hpc/datasets  192.168.100.0/24(ro,sync,no_subtree_check)
/srv/nfs/hpc/results   192.168.100.0/24(rw,sync,no_subtree_check)
EOF

# Optimize for large files and high throughput
sudo tee /etc/nfs.conf.d/hpc.conf << 'EOF'
[nfsd]
# Increase threads for parallel access
threads = 64

# Large read/write sizes
rdma = y
rdma-port = 20049

[mountd]
# More mount threads
threads = 16
EOF

# Configure performance tuning for HPC
sudo tee -a /etc/sysctl.d/nfs-hpc.conf << 'EOF'
# HPC NFS Tuning
net.core.rmem_max = 268435456
net.core.wmem_max = 268435456
net.ipv4.tcp_rmem = 4096 87380 268435456
net.ipv4.tcp_wmem = 4096 65536 268435456
sunrpc.tcp_slot_table_entries = 256
sunrpc.tcp_max_slot_table_entries = 256
# Jumbo frames support
net.core.netdev_max_backlog = 50000
EOF

sudo sysctl -p /etc/sysctl.d/nfs-hpc.conf

# Create cluster management script
sudo tee /usr/local/bin/manage-hpc-storage.sh << 'EOF'
#!/bin/bash
# HPC Storage Management

case "$1" in
    status)
        echo "=== HPC Storage Status ==="
        df -h /srv/nfs/hpc/*
        echo -e "\n=== Active Connections ==="
        ss -tn | grep :2049 | wc -l
        echo -e "\n=== IO Statistics ==="
        nfsstat -s | grep -A 5 "Server nfs v4"
        ;;

    monitor)
        watch -n 1 'nfsiostat -s 1 1'
        ;;

    optimize)
        echo "Optimizing for large file transfers..."
        echo 262144 > /proc/sys/sunrpc/tcp_slot_table_entries
        echo 262144 > /proc/sys/sunrpc/tcp_max_slot_table_entries
        echo "Optimization complete"
        ;;

    *)
        echo "Usage: $0 {status|monitor|optimize}"
        ;;
esac
EOF

sudo chmod +x /usr/local/bin/manage-hpc-storage.sh
sudo exportfs -ra

echo "HPC cluster storage configured"

Example 2: Container Orchestration Persistent Storage 🐳

# Configure NFS for Kubernetes/Docker persistent volumes
sudo mkdir -p /srv/nfs/k8s/{pv001,pv002,pv003,pv004,pv005}
sudo mkdir -p /srv/nfs/docker/volumes

# Set permissions for container access
for i in {001..005}; do
    sudo chmod 777 /srv/nfs/k8s/pv$i
done
sudo chmod 777 /srv/nfs/docker/volumes

# Create dynamic provisioning exports
sudo tee -a /etc/exports << 'EOF'
# Kubernetes Persistent Volumes
/srv/nfs/k8s           *(rw,sync,no_subtree_check,no_root_squash,fsid=100)
/srv/nfs/k8s/pv001     *(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/k8s/pv002     *(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/k8s/pv003     *(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/k8s/pv004     *(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/k8s/pv005     *(rw,sync,no_subtree_check,no_root_squash)

# Docker Volumes
/srv/nfs/docker/volumes    *(rw,sync,no_subtree_check,no_root_squash,fsid=101)
EOF

# Create Kubernetes PV YAML generator
sudo tee /usr/local/bin/generate-k8s-pv.sh << 'EOF'
#!/bin/bash
# Generate Kubernetes PersistentVolume YAML

PV_NAME="$1"
PV_SIZE="$2"
NFS_SERVER="$3"
NFS_PATH="$4"

if [ -z "$PV_NAME" ] || [ -z "$PV_SIZE" ] || [ -z "$NFS_SERVER" ] || [ -z "$NFS_PATH" ]; then
    echo "Usage: $0 <pv-name> <size> <nfs-server> <nfs-path>"
    echo "Example: $0 pv001 10Gi 192.168.1.10 /srv/nfs/k8s/pv001"
    exit 1
fi

cat << YAML
apiVersion: v1
kind: PersistentVolume
metadata:
  name: $PV_NAME
spec:
  capacity:
    storage: $PV_SIZE
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-storage
  nfs:
    server: $NFS_SERVER
    path: $NFS_PATH
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ${PV_NAME}-claim
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: $PV_SIZE
  storageClassName: nfs-storage
  volumeName: $PV_NAME
YAML
EOF

sudo chmod +x /usr/local/bin/generate-k8s-pv.sh

# Create Docker volume driver script
sudo tee /usr/local/bin/setup-docker-nfs.sh << 'EOF'
#!/bin/bash
# Setup Docker NFS Volume Driver

# Install docker-volume-netshare plugin
docker plugin install --grant-all-permissions \
    --alias nfs \
    trajano/docker-volume-netshare \
    OPTS="--nfs.server=192.168.1.10 --nfs.path=/srv/nfs/docker/volumes"

# Create example Docker NFS volume
docker volume create \
    --driver nfs \
    --opt share=192.168.1.10:/srv/nfs/docker/volumes/myapp \
    myapp-data

echo "Docker NFS volume driver configured"
EOF

sudo chmod +x /usr/local/bin/setup-docker-nfs.sh
sudo exportfs -ra

echo "Container orchestration storage configured"

Example 3: Home Directory Server with Quotas 🏠

# Configure NFS home directory server with quotas
sudo mkdir -p /srv/nfs/home/{users,admins,guests}

# Enable quotas on filesystem (if using XFS)
sudo xfs_quota -x -c 'limit -u bsoft=5g bhard=6g -d' /srv/nfs/home

# Create user home directories
for user in alice bob carol dave; do
    sudo mkdir -p /srv/nfs/home/users/$user
    sudo chmod 700 /srv/nfs/home/users/$user
    sudo chown $user:$user /srv/nfs/home/users/$user 2>/dev/null || true
done

# Configure exports with security options
sudo tee -a /etc/exports << 'EOF'
# Home Directory Exports with Security
/srv/nfs/home/users    192.168.1.0/24(rw,sync,no_subtree_check,root_squash,sec=sys)
/srv/nfs/home/admins   192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash,sec=sys)
/srv/nfs/home/guests   192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=65534,anongid=65534,sec=sys)
EOF

# Create automount configuration for clients
sudo tee /usr/local/bin/setup-home-automount.sh << 'EOF'
#!/bin/bash
# Setup automatic home directory mounting on clients

NFS_SERVER="192.168.1.10"

# Install autofs
dnf install -y autofs

# Configure auto.master
cat << CONFIG > /etc/auto.master.d/home.autofs
/home/nfs    /etc/auto.home    --timeout=300
CONFIG

# Configure auto.home
cat << CONFIG > /etc/auto.home
*    -fstype=nfs4,rw,soft,intr,rsize=32768,wsize=32768    $NFS_SERVER:/home/users/&
CONFIG

# Enable and start autofs
systemctl enable autofs
systemctl restart autofs

echo "Automount configured for NFS home directories"
EOF

# Create quota management script
sudo tee /usr/local/bin/manage-nfs-quotas.sh << 'EOF'
#!/bin/bash
# NFS Quota Management

ACTION="$1"
USERNAME="$2"
QUOTA="$3"

case "$ACTION" in
    set)
        if [ -z "$USERNAME" ] || [ -z "$QUOTA" ]; then
            echo "Usage: $0 set <username> <quota>"
            echo "Example: $0 set alice 10G"
            exit 1
        fi
        xfs_quota -x -c "limit -u bsoft=$QUOTA bhard=$((${QUOTA%G}+1))G $USERNAME" /srv/nfs/home
        echo "Quota set for $USERNAME: $QUOTA"
        ;;

    check)
        if [ -z "$USERNAME" ]; then
            echo "All user quotas:"
            xfs_quota -x -c "report -h" /srv/nfs/home
        else
            echo "Quota for $USERNAME:"
            xfs_quota -x -c "report -h" /srv/nfs/home | grep $USERNAME
        fi
        ;;

    usage)
        echo "=== Home Directory Usage ==="
        du -sh /srv/nfs/home/users/* | sort -h
        ;;

    *)
        echo "Usage: $0 {set|check|usage} [username] [quota]"
        ;;
esac
EOF

sudo chmod +x /usr/local/bin/manage-nfs-quotas.sh
sudo exportfs -ra

echo "Home directory server with quotas configured"

🚨 Fix Common Problems

Here are solutions to common NFS server issues you might encounter! 🔧

Problem 1: Mount Operation Failed ❌

# Check if NFS server is accessible
ping -c 3 NFS_SERVER_IP
telnet NFS_SERVER_IP 2049

# Check available exports from server
showmount -e NFS_SERVER_IP

# Verify RPC services are running
rpcinfo -p NFS_SERVER_IP

# Check firewall on server
sudo firewall-cmd --list-all

# Add missing firewall rules
sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --permanent --add-service=mountd
sudo firewall-cmd --reload

# Check SELinux status
getenforce

# Set SELinux booleans for NFS
sudo setsebool -P nfs_export_all_rw 1
sudo setsebool -P nfs_export_all_ro 1
sudo setsebool -P use_nfs_home_dirs 1

# Try mounting with verbose output
sudo mount -vvv -t nfs4 NFS_SERVER_IP:/shared /mnt/test

# Check for DNS issues
nslookup NFS_SERVER_IP
host NFS_SERVER_IP

# Try mounting by IP instead of hostname
sudo mount -t nfs4 192.168.1.10:/shared /mnt/test

# Check NFS version compatibility
sudo mount -t nfs -o vers=3 NFS_SERVER_IP:/shared /mnt/test

echo "✅ Mount issues resolved!"

Problem 2: Permission Denied Errors ❌

# Check export permissions
sudo exportfs -v

# Verify directory permissions on server
ls -la /srv/nfs/

# Check if root_squash is causing issues
grep root_squash /etc/exports

# Temporarily disable root_squash for testing
sudo sed -i 's/root_squash/no_root_squash/g' /etc/exports
sudo exportfs -ra

# Check client UID/GID mapping
id
ls -lan /mnt/nfs/shared

# Fix ID mapping issues
echo "Domain = company.local" | sudo tee -a /etc/idmapd.conf
sudo systemctl restart nfs-idmapd

# Check NFSv4 ACLs
nfs4_getfacl /srv/nfs/shared

# Set proper ownership
sudo chown nobody:nogroup /srv/nfs/shared
sudo chmod 777 /srv/nfs/shared

# Test with different mount options
sudo mount -t nfs4 -o rw,sync NFS_SERVER_IP:/shared /mnt/test

# Check for SELinux denials
sudo ausearch -m avc -ts recent | grep nfs

echo "✅ Permission issues resolved!"

Problem 3: Slow NFS Performance ❌

# Check network latency
ping -c 10 NFS_SERVER_IP

# Test network throughput
iperf3 -c NFS_SERVER_IP

# Monitor NFS statistics
nfsstat -c  # On client
nfsstat -s  # On server

# Check current mount options
mount | grep nfs

# Optimize mount options for performance
sudo umount /mnt/nfs/shared
sudo mount -t nfs4 -o rw,hard,intr,rsize=1048576,wsize=1048576,timeo=600,retrans=2,async NFS_SERVER_IP:/shared /mnt/nfs/shared

# Increase NFS threads on server
sudo sed -i 's/^RPCNFSDCOUNT=.*/RPCNFSDCOUNT=32/' /etc/sysconfig/nfs
sudo systemctl restart nfs-server

# Optimize network buffers
sudo tee -a /etc/sysctl.conf << 'EOF'
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 134217728
sunrpc.tcp_slot_table_entries = 128
EOF
sudo sysctl -p

# Enable jumbo frames (if supported)
sudo ip link set dev eth0 mtu 9000

# Test performance with dd
time dd if=/dev/zero of=/mnt/nfs/shared/testfile bs=1M count=1024
time dd if=/mnt/nfs/shared/testfile of=/dev/null bs=1M

# Monitor I/O statistics
nfsiostat 1 10

echo "✅ Performance optimizations applied!"

Problem 4: Stale NFS Handles ❌

# Check for stale mounts
df -h 2>&1 | grep -i stale

# Force unmount stale mounts
sudo umount -f /mnt/nfs/shared
sudo umount -l /mnt/nfs/shared  # Lazy unmount if force fails

# Clear NFS client cache
sudo systemctl restart nfs-client.target

# Re-export shares on server
sudo exportfs -ra
sudo systemctl restart nfs-server

# Clear server export cache
sudo exportfs -f

# Check for orphaned NFS processes
ps aux | grep -E "(nfs|rpc)"

# Kill stuck NFS processes
sudo pkill -9 -f nfs

# Clean up mount points
sudo rm -rf /mnt/nfs/shared/.nfs*

# Remount with fresh options
sudo mount -t nfs4 NFS_SERVER_IP:/shared /mnt/nfs/shared

# Prevent stale handles with proper mount options
sudo mount -t nfs4 -o hard,intr,timeo=600,retrans=2 NFS_SERVER_IP:/shared /mnt/nfs/shared

# Create recovery script
sudo tee /usr/local/bin/fix-stale-nfs.sh << 'EOF'
#!/bin/bash
# Fix stale NFS mounts

echo "Fixing stale NFS mounts..."

# Find all NFS mounts
MOUNTS=$(mount -t nfs4 | awk '{print $3}')

for MOUNT in $MOUNTS; do
    if ! ls "$MOUNT" >/dev/null 2>&1; then
        echo "Stale mount detected: $MOUNT"
        sudo umount -f "$MOUNT" || sudo umount -l "$MOUNT"
        echo "Remounting $MOUNT..."
        sudo mount "$MOUNT"
    fi
done

echo "Stale mount recovery complete"
EOF

sudo chmod +x /usr/local/bin/fix-stale-nfs.sh

echo "✅ Stale handle issues resolved!"

📋 Simple Commands Summary

Here’s a quick reference for essential NFS server management commands! 📚

💡 Tips for Success

Here are expert tips to make your NFS server management even better! 🌟

Performance Optimization ⚡

• 🎯 Async exports: Use async for better write performance (with UPS backup)
• 📊 Large block sizes: Set rsize/wsize to 1MB or higher for large files
• 🔄 More NFS threads: Increase nfsd threads based on client count
• 💾 SSD storage: Use SSDs for frequently accessed data
• 🌐 Network tuning: Enable jumbo frames and optimize TCP settings

Security Best Practices 🛡️

• 🔐 Kerberos authentication: Implement sec=krb5 for secure access
• 🚫 Export restrictions: Limit exports to specific IP ranges
• 📝 Root squashing: Enable root_squash for most exports
• 🔍 Monitor access: Regularly audit NFS access logs
• 🎛️ Minimal exports: Only export necessary directories

High Availability Excellence 🔧

• 🔄 Clustered NFS: Implement Pacemaker/Corosync for HA
• 💾 DRBD replication: Use DRBD for real-time data replication
• 📊 Load balancing: Distribute clients across multiple servers
• 🎭 Failover testing: Regularly test failover procedures
• 📋 Backup strategies: Implement automated backup solutions

Operational Excellence 🏢

• 📚 Documentation: Maintain detailed export and client documentation
• 🎛️ Automation: Automate export management with scripts
• 👥 Access policies: Implement clear data access policies
• 📊 Capacity planning: Monitor usage and plan for growth
• 🔧 Regular maintenance: Schedule maintenance windows for updates

🏆 What You Learned

Congratulations! You’ve successfully mastered AlmaLinux NFS server configuration! Here’s everything you’ve accomplished: 🎉

✅ NFS Installation: Installed and configured complete NFS server ✅ Export Management: Created and managed multiple NFS exports ✅ NFSv4 Configuration: Implemented modern NFSv4 with pseudo-root ✅ Performance Tuning: Optimized for high-performance file sharing ✅ Client Setup: Configured clients with permanent and auto-mounting ✅ Security Implementation: Applied access controls and permissions ✅ Advanced Features: Configured quotas, bind mounts, and ID mapping ✅ Container Integration: Set up persistent storage for Kubernetes/Docker ✅ HPC Configuration: Optimized for high-performance computing ✅ Troubleshooting Skills: Learned to diagnose and fix NFS issues

🎯 Why This Matters

Building robust network file system infrastructure is critical for modern Linux environments! 🌍 Here’s the real-world impact of what you’ve accomplished:

For Performance: NFS provides native Linux file sharing with minimal overhead, delivering the highest performance possible for network storage, essential for databases, virtual machines, and compute clusters. ⚡

For Scalability: Your NFS server can support thousands of clients simultaneously, providing the shared storage foundation for everything from small teams to massive compute clusters. 📈

For Integration: NFS integrates seamlessly with Linux applications, container orchestration platforms, and virtualization environments, providing transparent network storage that applications treat as local filesystems. 🔄

For Efficiency: By centralizing storage with NFS, you’ve simplified backup strategies, improved storage utilization, and enabled efficient resource sharing across your entire infrastructure. 💾

Your AlmaLinux NFS server is now providing the high-performance network storage foundation that powers modern Linux infrastructure, from container orchestration to high-performance computing! You’re not just sharing files – you’re enabling scalable, efficient network storage architecture! ⭐

Continue exploring advanced NFS features like pNFS (parallel NFS), RDMA support, and integration with distributed filesystems. The network storage expertise you’ve developed is fundamental to modern infrastructure! 🙌