In fact, this article is a continuation of the previous NFS Ganesha article – Simple export of an ext4 directory with NFS Ganesha 3.5 server in CentOS 8 without SELinux because it has the same purpose to export a directory residing on an ext4 file system under CentOS 8 Stream, but this time the SELinux is enabled and it is in enforcing mode! There is a need for this additional article because the SELinux is not enabled in many user configurations (despite being wrong!) and the SELinux configuration may add complexity to the first article, which could lead to misleading thoughts. The previous article might be a little bit more detailed, so the reader could check it, too.
It’s worth mentioning the key points of NFS-Ganesha:
- a user-mode file sharing server
- supports NFS 3, 4.x and 9P
- using plugins for different file systems
- CentOS Storage Special Interest Group offers a file repository with NFS-Ganesha server
- supports file systems like ext4, xfs, brtfs, zfs and more. There are sample configurations: https://github.com/phdeniel/nfs-ganesha/tree/master/src/config_samples
- supports cluster and/or distributed file systems like GlusterFS, Ceph, GPFS, HPSS, Lustre
- Current version 3.5 and it is included in the official SIG CentOS Storage Special Interest Group repository.
This article assumes the reader has a clean CentOS 8 Stream installation with SELinux in enforcing mode.
STEP 1) Install the repository and NFS-Ganesha software
NFS-Ganesha 3 packages are from the CentOS Storage SIG repository, which is a good repository and may be trusted.
dnf install -y centos-release-nfs-ganesha30 dnf install -y nfs-ganesha nfs-ganesha-vfs nfs-ganesha-selinux
STEP 2) Configuration for exporting a directory.
There are two files under /etc/ganesha/:
ganesha.conf vfs.conf
ganesha.conf includes global configuration and NFS share configuration. Each export path begins with the keyword EXPORT followed by a block ebraced by brackets {}.
vfs.conf includes a simple example for the VFS plugin, but this configuration file is not used by the NFS Ganesha server. It is just a sample file.
Here is a simple configuration, which exports /mnt/storage with Read/Write permissions to a single IP. Just add at the end of the file /etc/ganesha/ganesha.conf contains:
EXPORT
{
Export_Id = 2;
Path = /mnt/storage1;
Pseudo = /mnt/storage1;
Protocols = 3,4;
Access_Type = RW;
Squash = None;
FSAL
{
Name = VFS;
}
CLIENT
{
Clients = 192.168.0.12;
}
}
STEP 3) Start the server and mount the exported directory. Configure the firewall.
Start the server, enable the service to start on boot and then configure the firewall to pass the NFS requests:
systemctl start nfs-ganesha systemctl enable nfs-ganesha firewall-cmd --permanent --zone=public --add-service=nfs firewall-cmd --reload