Quick tutorial on how i setup NFS server on Proxmox using LXC rather than the old OpenVZ. Before i began writing out my old tutorial on NFS, you can take a look at the instruction on OpenVZ NFS which is exactly the same. I will write out a quick one here.
Enable Port on Firewall
Before you proceed further, remember to install nfs server kernel as shown below
apt-get install nfs-kernel-server
the above will need to be install onto your host machine in this case, proxmox debian machine (host).
NFS Server on LXC
Do the following instruction to install NFS server (i'm using Centos btw)
yum install nfs* -y
service rpcbind start
chkconfig rpcbind on
service nfs start
chkconfig nfs on
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: rpc.nfsd: Unable to access /proc/fs/nfsd errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart rpc.nfsd to correct the problem
[FAILED]
Now here we can either do the following from the file /etc/apparmor.d/lxc/lxc-default-cgns
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
# the container may never be allowed to mount devpts. If it does, it
# will remount the host's devpts. We could allow it to do it with
# the newinstance option (but, right now, we don't).
deny mount fstype=devpts,
mount fstype=cgroup -> /sys/fs/cgroup/**,
mount fstype=nfs*,
mount fstype=rpc_pipefs,
}
or you could edit the configure file and disable Apparmor. Assuming your LXC is on 101, you will go to /etc/pve/lxc/101.conf and add the following line
arch: amd64 cpulimit: 4 cpuunits: 1024 hostname: nfs.localhost.com memory: 4000 nameserver: 8.8.8.8 8.8.4.4 net0: bridge=vmbr2,gw=192.168.100.1,hwaddr=32:36:30:61:61:34,ip=192.168.100.3/24,name=eth0,type=veth onboot: 1 ostype: centos rootfs: local:101/vm-101-disk-1.raw,size=1000G searchdomain: localhost swap: 512 lxc.aa_profile: unconfined
I will show you what i added, which is
lxc.aa_profile: unconfined
and also remember to add the line to /var/lib/lxc/101/config
lxc.aa_profile=unconfined
remember to reboot your LXC or else it won't work.
Now, in your LXC, open the file /etc/exports
/mnt/nfs *(rw,no_root_squash,no_subtree_check,fsid=0)
and add the above line. remember to create the folder /mnt/nfs
Enable Port on Firewall
Enable the following in iptables
-A PREROUTING -d 10.6.25.101/32 -i vmbr0 -p tcp -m tcp --dport 2925 -j DNAT --to-destination 192.168.0.111:22 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 32803 -j DNAT --to-destination 192.168.0.111:32803 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 892 -j DNAT --to-destination 192.168.0.111:892 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 662 -j DNAT --to-destination 192.168.0.111:662 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 2049 -j DNAT --to-destination 192.168.0.111:2049 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 111 -j DNAT --to-destination 192.168.0.111:111 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 892 -j DNAT --to-destination 192.168.0.111:892 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 662 -j DNAT --to-destination 192.168.0.111:662 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 111 -j DNAT --to-destination 192.168.0.111:111 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 2049 -j DNAT --to-destination 192.168.0.111:2049 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 32769 -j DNAT --to-destination 192.168.0.111:32769 -A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.111:8000
where 10.6.25.101 is public ip and 192.168.0.111 is lxc ip address.
Configure NFS
Head over to /etc/sysconfig/nfs and update the following
# # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default #MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="yes" # # # Path to remote quota server. See rquotad(8) #RQUOTAD="/usr/sbin/rpc.rquotad" # Port rquotad should listen on. #RQUOTAD_PORT=875 # Optinal options passed to rquotad #RPCRQUOTADOPTS="" # # # Optional arguments passed to in-kernel lockd #LOCKDARG= # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 # # # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support #RPCNFSDARGS="-N 2 -N 3" # Turn off v4 protocol support RPCNFSDARGS="-N 4" # Number of nfs server processes to be started. # The default is 8. #RPCNFSDCOUNT=8 # Stop the nfsd module from being pre-loaded NFSD_MODULE="noload" # Set V4 and NLM grace periods in seconds # # Warning, NFSD_V4_GRACE should not be less than # NFSD_V4_LEASE was on the previous boot. # # To make NFSD_V4_GRACE shorter, with active v4 clients, # first make NFSD_V4_LEASE shorter, then restart server. # This will make the clients aware of the new value. # Then NFSD_V4_GRACE can be decreased with another restart. # # When there are no active clients, changing these values # can be done in a single server restart. # #NFSD_V4_GRACE=90 #NFSD_V4_LEASE=90 #NLM_GRACE_PERIOD=90 # # # # Optional arguments passed to rpc.mountd. See rpc.mountd(8) #RPCMOUNTDOPTS="" # Port rpc.mountd should listen on. MOUNTD_PORT=892 # # # Optional arguments passed to rpc.statd. See rpc.statd(8) #STATDARG="" # Port rpc.statd should listen on. STATD_PORT=662 # Outgoing port statd should used. The default is port # is random #STATD_OUTGOING_PORT=2020 # Specify callout program #STATD_HA_CALLOUT="/usr/local/bin/foo" # # # Optional arguments passed to rpc.idmapd. See rpc.idmapd(8) #RPCIDMAPDARGS="" # # Set to turn on Secure NFS mounts. #SECURE_NFS="yes" # Optional arguments passed to rpc.gssd. See rpc.gssd(8) #RPCGSSDARGS="" # Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8) #RPCSVCGSSDARGS="" # # To enable RDMA support on the server by setting this to # the port the server should listen on #RDMA_PORT=20049
once you have done all the above, restart your host machine so you are clean and good to go.