Sharing ZFS Datasets Via NFS
You might have seen my previous tutorials on setting up an NFS server and a client. When it comes to sharing ZFS datasets over NFS, I suggest you use this tutorial as a replacement to the server-side tutorial. This is because we will be using ZFS to manage the ZFS shares, and not
/etc/exports. It is important to use one or the other for sharing your ZFS datasets, but never both.
The great thing about ZFS is that it is very easy to split your "pool" into as many datasets as you like. Each dataset is treated like its own filesystem, with its own rules and settings, which means with regards to sharing over NFS, that you can share more securely as client's will not be able to reach out of the bounds of that dataset/filesystem that you decided to share.
An important thing to bear in mind is that you will need to run the steps below for sharing on every pool/dataset that you wish to share, no matter the hierarchy. For example, if you have a dataset that is the parent of another, you would still have to set up sharing on that child if you wanted it to be shared, even if you have already set up sharing on the parent. This is great from a security point-of-view, but I realize it can be a bit annoying. If you don't set up that child for sharing, the client will see the dataset folder, but not be able to access it.
Firstly, install the nfs-kerenel-server service if you haven't already. You still need that.
sudo apt-get install -y nfs-kernel-server
Sharing a dataset can be as easy as:
zfs set sharenfs=on pool-name/dataset-name
If you didn't create a dataset, and just have the pool, you can still do:
zfs set sharenfs=on pool-name
Then run the mount on your client. This could be with the command:
mount -t nfs \ zfs.host.com:/pool-name/dataset-name \ /path/to/local/mount
...or in the case of an addition to your /etc/fstab file for auto-mounting on boot:
zfs.host.com:/pool-name/dataset-name /path/to/local/mount nfs auto 0 0
This scenario would give NFS access to any host on your network that can access zfs.host.com.
More Advanced Setup
In a lot of situations, you would not be happy to give every host on your network access to your NFS. You probably only want to give one specific host, or a specific group of hosts, access. For this, we would use a more sophisticated command on the host.
You can use the command below to give read/write access to all hosts on the 192.168.11.0/24 subnet (e.g. hosts with an IP between 192.168.11.0 and 192.168.11.255).
sudo zfs set sharenfs="firstname.lastname@example.org/24" \ pool-name/dataset-name
You can chain any number of parameters separated by commas. E.g.
sudo zfs set \ share="name=my-share,path=/path/on/server,prot=nfs,sec=sys,rw=*,public" \ pool-name/dataset-name
If you need to share to multiple subnets, you would do something like:
sudo zfs set sharenfs="email@example.com/24,firstname.lastname@example.org/24" \ pool-name/dataset-name
For more information about the available parameters, refer to the section called "New ZFS Sharing Syntax" in Oracle-s documentation: Sharing and Unsharing ZFS File Systems.