Thursday, September 27, 2012

Setting up NFS on EC2

When you get to the point of having a little virtual server farm it is handy to have a place to put common files. In the case of an Oracle DBA we've historically used an NFS mount point to accomplish that. Maybe in today's ever increasing security conscious world there may be a better way then using NFS, but that also may translate into more complexity too.

The NFS setup is fairly simple on EC2 EBS storage. In the case of this example AMI ami-e565ba8c (Amazon t.mirco Linux) image was used as the server, and ami-42778a2b (Oracle Linux aka Red Hat) was used as the client.

1) Insure that nfs utils and rpcbind are instgalled. When doing yum update if you get an on rpcbind, then use 'portmap' instead.

    yum install nfs-utils rpcbind

2) On the server that is going to be the source of the shared storage edit the export file to add the shared directory.

    vi /etc/exports
   
Add the following parameters to the file : your directory path, your public (EIP) address and the options to control access such as read/write options, security, and asychronous options. The EIP is of the client. The file format is reported to be very sensitive. Notice that there is no space after the EIP and before the options as you might exepect there to be. Use only the 'space' character between parameters. There are a lot of options for security and other things. Look up the doc on NFS and the exports file for more detail.

     /yourDIRname ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com(rw,async)

3) Now start the services.

    service rpcbind start   (if rpcbind is not available then use ‘portmap’)
    service nfs start
    service nfslock start

4) Next load the changes. You can add more mount points latter and repeat the export step.

    exportfs –ar

5) Insure that the services are up on the client. If they do not exist, then do the yum update step.

6) Create the nfs mount point on the client. The permissions on the server and the client shared storeage should be open enough to permit the nfs mount, otherwise you will receive a 'permission denied' message. For testing purposes I opened mine to 777. If you receive permission errors also try opening permissions on the parent directory of the mount point.

7) Open permissions on the server's AWS Security Group to allow the NFS mount. In the excellent blog post by Hunter Ford he set the group as follows. For example, for UDP he opened ports 111, and 32806.

    TCP: 111, 2049
    UDP: 111, 32806

However, you will also see in other posts that other ports were opened, and there are some notes stating the the port number used by the NFS process changes during server bounces. I have not confirmed any of this myself. For testing purposes just open TCP and UDP to all ports. Then after testing tighten it down to the desired level. If you get a 'time out, retrying' message then it is probably a security group issue, or, a configuration issue with your exports file.

9) Do the manual mount. The EIP is the NFS server's EIP. I've seen on other systems that the mount can't occur if you have a user sitting within the to-be mounted path. Insure that that you CD out of the shared area.

    mount -t nfs ec2-xxx-xx-xxx-xx.compute-1.amazonaws.com:/var/www/test /var/www/test

8) To make the changes permanent you will need to update the /etc/fstab file and add the services to your server startup.

    chkconfig --level 2345 rpcbind on
    chkconfig --level 2345 nfs on
    chkconfig --level 2345 nfslock on

    ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com:/var/www/test    /var/www/test  nfs rsize=8192,wsize=8192,timeo=14,intr 0 0


No comments:

Post a Comment