Posted inCentos

Mastering NFS on CentOS Stream 9: High-Speed Data Sharing Solutions for Clusters

CentOS tutorial - IT technology blog
CentOS tutorial - IT technology blog

Why Do You Need Centralized Storage?

Managing data across multiple servers doesn’t have to be a nightmare. If you’re running a cluster of 5-10 Web Servers or Docker nodes, syncing data with SCP or Rsync often causes significant latency, sometimes up to several minutes. NFS (Network File System) solves this problem by allowing servers to access a shared data pool in real-time.

Imagine you have 100GB of product images. Instead of copying 10 versions across 10 servers, you only need to store them in one place. Previously, when deploying a system for an e-commerce platform on CentOS 7, I used NFS to handle millions of image requests daily. With CentOS Stream 9, this process remains stable but requires tighter security configurations.

NFSv4 and Key Considerations

NFS operates on a simple Client-Server model. The server “exports” a directory, and the client “mounts” it onto its own system.

  • NFSv4: This is the default version on CentOS 9. It is more secure and only requires opening port 2049 on the firewall.
  • Performance: NFSv4 handles files significantly faster than older versions thanks to its compound procedures mechanism.

Deploying the NFS Server

In this example, we use two machines with static IPs: Server (192.168.1.10) and Client (192.168.1.20). The goal is to share the /data/shared directory.

1. Installing the nfs-utils Package

First, install the NFS utility suite on both machines using the dnf package manager:

sudo dnf install nfs-utils -y

2. Setting Up the Shared Directory

We create the directory and set permissions. Note: NFS is very sensitive to user UID/GID.

sudo mkdir -p /data/shared
sudo chown -R nobody:nobody /data/shared
sudo chmod -R 755 /data/shared

Using nobody:nobody is a small trick to avoid User ID mismatch issues between different servers. This allows the Client to write files without being rejected by the system for no apparent reason.

3. Configuring the /etc/exports File

This file determines who has access to your data. Open the file:

sudo vi /etc/exports

Add the following configuration line:

/data/shared 192.168.1.20(rw,sync,no_subtree_check)

Where rw allows read and write access, and sync ensures data is written to the disk immediately to prevent data loss during sudden power outages.

4. Enabling Services and the Firewall

Start the NFS service and enable it to run at system boot:

sudo systemctl enable --now nfs-server

Don’t forget to open the ports on the Firewall. If you are new to managing services with firewalld, this step is crucial, otherwise the Client will encounter a “Connection timed out” error.

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --permanent --add-service=mountd
sudo firewall-cmd --reload

Client-Side Configuration

Now, switch to the Client (192.168.1.20) to connect to the Server.

1. Creating a Mount Point

sudo mkdir -p /mnt/nfs_share

2. Mounting and Testing

Perform a manual connection to check if everything is working smoothly:

sudo mount -t nfs 192.168.1.10:/data/shared /mnt/nfs_share

Run the df -h command. If you see the network drive appear with the correct capacity from the Server, you are 90% successful.

3. Auto-Mounting at Boot

To avoid having to remount after every reboot, add the information to /etc/fstab:

192.168.1.10:/data/shared /mnt/nfs_share nfs defaults,_netdev 0 0

Important Note: The _netdev parameter is critical. It tells the system to only mount the drive after the network connection is established, preventing the server from hanging during boot if the drive isn’t found.

Bypassing SELinux Hurdles

Many users still encounter “Permission Denied” errors due to SELinux even after configuration. When configuring SELinux, it is better to adjust policies rather than disabling it. If you are using NFS to host code for a Web Server (Nginx/Apache), run the following command:

sudo setsebool -P httpd_use_nfs 1

This command allows web services to interact with files on the NFS drive legitimately without having to completely disable SELinux.

Operational Optimization Tips

  1. Security First: Never use the * wildcard in the exports file. Only allow the specific IP addresses of the necessary servers to prevent internal data leaks.
  2. Health Monitoring: Regularly use the nfsstat -c command. If the retrans (retransmissions) count is high, it’s a sign that your internal network is congested or there’s an issue with the switch.
  3. Network Isolation: If possible, run NFS on a dedicated network card (Storage Network) to avoid impacting end-user bandwidth.

Summary

NFS on CentOS Stream 9 is a very stable and easy-to-deploy solution for medium-sized systems. Although there are many modern solutions today like S3 or Configuring GlusterFS for distributed storage, NFS still holds its own thanks to its simplicity and low latency. Good luck with your system setup!

Share:
Tags: