For the past few weeks I’ve been trying to solve few particular set of problems which I won’t go into detail here, perhaps in another post.

One of the challenges I’ve faced is how to export NFS from my ZFS pool on Fedora host machine and mount it within Ubuntu based VM.

The whole process is quite simple and straight forward so here we go.

In order to be able to use NFS at all we first need to install required components on the host machine:

sudo dnf install nfs-utils

Then do the same on the guest machine:

sudo apt-get install nfs-common

In order for NFS to work we need to enable and start the service:

systemctl enable --now nfs-server.service

If you wish to use NFSv2 or NFSv3 rpcbind service will also be required, but Fedora ships rpcbind.socket which is basically socket based trigger for starting up the service.

With everything out of the way, we can share NFS. As I’ll be using it over private VM network I’ll only allow rw from my VM IP

zfs set sharenfs="rw=@192.168.122.11/32" storage/nfs/ubuntu

To show the current list of exports one can use

[root@kirk ~]# showmount -e
Export list for kirk.tomica.lan:
/nfs/ubuntu 192.168.122.11/32

At last, to mount the share, in VM you can use:

mount -t nfs 192.168.122.1:/nfs/ubuntu /mnt

Since Fedora has ports 111 and 2049 blocked by default, you first need to enable access to those ports. Using FirewallD you can first find the appropriate zone:

[root@kirk ~]# firewall-cmd --list-all-zones
...
libvirt (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule priority="32767" reject
...

For me it’s the libvirt zone. To allow access to the NFS and required services in that zone I’ve used:

firewall-cmd --permanent --add-service=nfs --zone=libvirt
firewall-cmd --permanent --add-service=mountd --zone=libvirt
firewall-cmd --permanent --add-service=rpc-bind --zone=libvirt

Although last one is not necessary required when using NFSv4. After firewall reload all should work fine:

firewall-cmd --reload