Hunter Ford

Senior Systems/Software Engineer

Amazon EC2 and NFS

There is a lack of updated information online about launching NFS in EC2 specifically, so I thought I would contribute to help those who might encounter this in the future; and it's actually quite easy.

We're running Fedora 8 (while we wait for Fedora 13 to be supported).

NFS-utils and rpcbind should already be installed, but if not, you need to run the following on the instance that will act as the server:

yum install nfs-utils rpcbind

*Note: you'll find in a lot of tutorials portmap is used instead of rpcbind. Portmap was renamed to rpcbind.

Still on the server, we need to define what directory we want to share, with whom (which server), along with the permissions and options for that share.

# open up our definition file
nano /etc/exports

You can look at all the options in the exports man page.

For the purpose of this tutorial I'm just going to share a directory I created under /var/www

/var/www/test   ec2-180-71-131-129.compute-1.amazonaws.com(rw,async)

In the example above, I'm using the public DNS of one of my instances that has an elastic IP. Elastic IP DNS names inside EC2 get translated to internal IPs (you can verify it with ping). You can use hostnames, IPs, netmasks and even wildcards. rw specifies that it's read/writable and async allows disk operations to happen asynchronously. Next we need to load the changes.

exportfs -ar

You can use that anytime you add another mount point.

And now we need to start the server and related services:

service rpcbind start
service nfs start
service nfslock start

Next, we need to open up some ports in Amazon's security group. Through the EC2 Console or API, you want to allowing connections from your client to your server on the following ports:

TCP: 111, 2049
UDP: 111, 32806

On the client, you need to start nfslock and rpcbind, and optionally add them to startup:

service rpcbind start
service nfslock start
chkconfig --level 2345 rpcbind on
chkconfig --level 2345 nfslock on

We need to create a directory as a mount point and mount the NFS server:

mkdir /var/www/test
mount -t nfs ec2-180-71-131-132.compute-1.amazonaws.com:/var/www/test /var/www/test

*Make sure to change the host name to the hostname or IP of your NFS server.

That's all there is to it.

Originally I had only opened up port TCP 111 and 2049. This only gave me this error:

mount to NFS server '10.214.58.54' failed: timed out, retrying

I then opened up UDP 111 and by running the mount command in verbose mode (-v) I saw that I needed to open UDP 32806. It looks like the mount command requires TCP and UDP 111, but only TCP 2049 and UDP 32806.

If you want these services to run on startup, you'll want to do the following:

chkconfig --level 2345 rpcbind on
chkconfig --level 2345 nfs on
chkconfig --level 2345 nfslock on

And to have the mounts created at startup, edit /etc/fstab

ec2-180-71-131-132.compute-1.amazonaws.com:/var/www/test    /var/www/test       nfs rsize=8192,wsize=8192,timeo=14,intr 0 0

Comments

Eric

Thanks a bunch. Easy and clear! Worked perfectly.

hari

Thanks Hunter. This explains the NFS setup using Elastic IPs DNS names. But if we stop and start a client(not reboot) the IP of the cliemt machine changes and then we have to assign the Elastic IP and then reboot the system for everything to work. Is there a work around for this. We tried to move the mount cmds to /etc/rc.local, but issue with it is mount -a will use /etc/fstab and the mounts in rc.loacal will not work. Worked on to automatically assign Elastic IP, issue is fstab gets executed before the assigning of the EIP.

Paul

You're a star, thanks for this

Jirapong

Thank you so much. This is very useful to me.

Dheeraj MS

Thanks Hunter! Your post helped me. Had missed out on UDP & Firewall front. Appreciate your effort!

mrik

Hi, really need to thank you for the effort you took to put up the steps. Greatly helped me.

Alex

Hi, thanks for the tutorial, i have an issue with it. i followed everything and when i try to connect from the client to the server i got the timeout error.... whereas in my amazon console i have opened all the ports from the server to the client... Error: mount ec2-xx-129-210-22.compute-1.amazonaws.com:/var/www/test /var/www/test -v mount: no type was given - I'll assume nfs because of the colon mount.nfs: Unable to connect to 10.xx.47.130:111, errno 110 (Connection timed out) do you have an idea?

Kirk True

Thanks Hunter. Your instructions worked flawlessly for me. My NFS setup is to share files within a set of EC2 instances internally. As such I didn't need to mess with opening ports or anything. Thanks!