Programster's Blog

Tutorials focusing on Linux, programming, and open source

Sharing ZFS Datasets Via NFS

You might have seen my previous tutorials on setting up an NFS server and a client. When it comes to sharing ZFS datasets over NFS, I suggest you use this tutorial as a replacement to the server-side tutorial. This is because we will be using ZFS to manage the ZFS shares, and not /etc/exports. It is important to use one or the other for sharing your ZFS datasets, but never both.

The great thing about ZFS is that it is very easy to split your "pool" into as many datasets as you like. Each dataset is treated like its own filesystem, with its own rules and settings, which means with regards to sharing over NFS, that you can share more securely as client's will not be able to reach out of the bounds of that dataset/filesystem that you decided to share.

An important thing to bear in mind is that you will need to run the steps below for sharing on every pool/dataset that you wish to share, no matter the hierarchy. For example, if you have a dataset that is the parent of another, you would still have to set up sharing on that child if you wanted it to be shared, even if you have already set up sharing on the parent. This is great from a security point-of-view, but I realize it can be a bit annoying. If you don't set up that child for sharing, the client will see the dataset folder, but not be able to access it.

Steps

Firstly, install the nfs-kerenel-server service if you haven't already. You still need that.

sudo apt-get install -y nfs-kernel-server

Simple Scenario

Sharing a dataset can be as easy as:

zfs set sharenfs=on pool-name/dataset-name

Then run the mount on your client. This could be with the command:

mount -t nfs \
zfs.host.com:/pool-name/dataset-name \
/path/to/local/mount

...or in the case of an addition to your /etc/fstab file for auto-mounting on boot:

zfs.host.com:/pool-name/dataset-name  /path/to/local/mount  nfs  auto  0  0

This scenario would give NFS access to any host on your network that can access zfs.host.com.

More Advanced Setup

In a lot of situations, you would not be happy to give every host on your network access to your NFS. You probably only want to give one specific host, or a specific group of hosts, access. For this, we would use a more sophisticated command on the host.

You can use the command below to give read/write access to all hosts on the 192.168.11.0/24 subnet (e.g. hosts with an IP between 192.168.11.0 and 192.168.11.255).

sudo zfs set sharenfs="rw=@192.168.11.0/24" \
pool-name/dataset-name

You can chain any number of parameters separated by commas. E.g.

sudo zfs set \
share="name=my-share,path=/path/on/server,prot=nfs,sec=sys,rw=*,public" \
pool-name/dataset-name

If you need to share to multiple subnets, you would do something like:

sudo zfs set sharenfs="rw=@192.168.0.0/24,rw=@10.0.0.0/24" \
pool-name/dataset-name

For more information about the available parameters, refer to the section called "New ZFS Sharing Syntax" in Oracle-s documentation: Sharing and Unsharing ZFS File Systems.

References