Setting Up NFS Shares
While this step is optional, it can be beneficial. Storing all configuration and Docker compose files on the PVE host, rather than in the VM or LXC, simplifies backup and access. There are various methods to achieve this, but creating a straightforward NFS share on PVE is a simple solution.
Remember, securing your setup from potential attacks is your responsibility. This documentation does not cover security measures, as setups vary greatly and there are more comprehensive guides/tutorials available elsewhere.
All these steps are performed using an SSH client, not the console in PVE.
On the PVE host
apt-get update
This command updates the package list on PVE.
apt-get install nfs-kernel-server
This command instructs PVE to install the nfs-kernel-server package, which is not included by default.
Creating the directorie(s) on PVE
You can either use existing directories or create new ones for the NFS share. To create new directories, use the following command (make sure to change [PATH] to a location of your preference)
mkdir [PATH]
File editing
Next we will need to edit the /etc/exports file
To read about the function of the /etc/exports file here is a good write up by Red Hat /etc/exports configuration
nano /etc/exports
This will open up the /etc/exports file in nano for you to add the below lines
You will need to add each directory from above on its own line, you just need the root folder. Example if you created /home/vm/configs and /home/vm/docker that would be one line each.
[PVE_PATH] [VM_IP_ADDRESS](rw,sync,no_root_squash,no_subtree_check)
Save and close nano
PVE_PATH is the location on PVE so /home/vm/configs as an Example
VM_IP_ADDRESS is the IP Address from the VM (you can also use a host name instead of the IP Address)
-
rw: This stands for "read-write". It allows the client to both read from and write to the shared directory. If you only wanted to allow the client to read the files, you would use "ro" for "read-only".
-
sync: This option forces changes to the shared directory to be committed to disk immediately, rather than being cached in memory. This can make write operations slower, but it ensures that no data is lost if the server crashes.
-
no_root_squash: By default, NFS translates requests from a root user remotely into a non-privileged user on the server. This is called "root squashing" and is designed to prevent a root account on the client from using its elevated privileges on the server. The "no_root_squash" option disables this behavior, and allows the root user on the client to have root access to the shared directory.
-
no_subtree_check: This option disables subtree checking, which is a process where the host checks whether the file is actually still available in the exported directory tree for every request. This can cause many problems when a file is renamed while the client has it opened. By disabling this, you can increase the reliability of the NFS server, but it might increase the load on your server as it has to check the entire subtree.
These options provide a balance between performance, data integrity, and security. You can adjust them according to your specific needs. Remember to always consider the security implications of these settings, especially when dealing with sensitive data or systems.
While still on PVE we will need to run
exportfs -a
exportfs: This is the command that manages the exported NFS directories. It controls the table of directories that are exported to remote hosts.
-a: This is an option that you can use with the exportfs command. When you use -a, it means “all”. So exportfs -a will export all directories listed in /etc/exports and/or /etc/exports.d/.
In the context of setting up an NFS server, after you’ve made changes to the /etc/exports file (which is where you specify which directories you want to share), you would run exportfs -a to apply those changes.
Next we restart the NFS server with
systemctl restart nfs-kernel-server
On the Alpine VM
We need to add nfs-utils, this will allow us to connect to the PVE share.
First lets set the terminal to root
su
Now we can add the package we need
apk add nfs-utils
Creating the directorie(s) on Alpine
You can either keep the same directory structure that you created on PVE or have a completely different [PATH] on Alpine the choice is yours.
mkdir [PATH]
Remeber to do this for each directory that you created!
File editing
Alpine does not use nano so we will need to use vi here are some quick commands
To open the editor
vi
Once vi is open
i
This will put vi into interactive/editing mode which will allow editing
Esc
This exits interactive/editing mode
-
The arrow keys will move you around the lines and columns
-
:wq
This command tells vi to write/save and then quit
Let's edit /etc/fstab
vi /etc/fstab
Don't forget to add multiple lines for each directory you created if you created multiples.
What we did was combine starting vi and telling it to open the file /etc/fstab now we need to add the following
[PVE_IP_ADDRESS]:[PVE_PATH] [ALPINE_PATH] nfs defaults 0 0
Save and exit vi
-
nfs: is the protocol to be used for the share
-
defaults: is to use the default share options
-
rw: is read-write access
-
sync: forces changes to be saved to disk immediately rather than caching to memory first
-
0 0: is disabling dump and fsck which are legacy options and only needed in rare circumstances
Just like we did on PVE we will mount the share right always
mount -a
You should now be able to navigate to the directorie(s) that you specified in [ALPINE_PATH]. If you wish to verify that you can create files use navigate to the directory and then run
touch text.txt
Then open up the file with vi
vi text.txt
Add some text into the file, then save and quit. If the file permissions are wrong then you will get an error when creating the file or when trying to save the file. If you do have an error you will have to go back to PVE and then change the file permissions.
Congratulations! We are done setting up the NFS share. This process is considerably easier when dealing with and LXC.