Previous | Next | Table of Contents

Setting up the NFS server, Diskless NetBSD HOW-TO

NFS is a somewhat standard networked filesystem on UNIX. The bootloader expects to find the kernel on an nfs server, load it into memory, and transfer control to it. If you are only netbooting to install NetBSD on a local hard drive, please read this page. The client needs root read/write access on the nfs server. If this is a security issue with you, then you may need to be careful deciding where the client has access.

NOTE: Even if you export only specific subdirectories of a filesystem, a malicious client might still obtain access to the entire filesystem because the NFS server on many operating systems (including NetBSD) does not limit access requests to the actually exported subdirectory.

The following directories must have root read/write permissions:

/
/var
/etc
/dev
Therefore, the easiest thing would be to export /home and /usr separately from /export/client/root, and without root read/write permissions. This is why /usr and /home are explicitly shuffled around in this HOW-TO. Here's what the directory structure will look like when you're done:

Server (exported directory) Client
/export/client/root /
/export/client/swap (file) /swap (file)
/export/client/usr /usr
/export/client/home /home

Note that /swap will be mounted as a file.

Also, note that if the server has the same architecture (e.g. Motorola 680X0 microprocessor for NetBSD/hp300 and sun3, Sparc microprocessor for NetBSD/sparc, and Vax microprocessor for NetBSD/vax), and is running NetBSD, then the client will be able to use the /usr directory structure from the server, saving a significant amount of disk space. If this is the case, then you will need to export /usr instead of /export/client/usr from the server.

You need to make sure that you haven't denied any host access via TCP wrappers. Look in /etc/hosts.deny and /etc/hosts.allow for nfsd, mountd, rpcbind, and portmap entries. If you're using these files to restrict nfs access, then you need to either comment out the nfsd, mountd, rpcbind, and/or portmap entries in hosts.deny or add entries for your client in hosts.allow. You'll probably have to kill -HUP these daemons. Note that portmap is tricky, and on some platforms kill -HUP will actually kill it. It may be easiest to reboot your nfs server after changing your host access files.

The nfs servers on some of these platforms have problems, but usually, they can be worked around with a little effort. This will be covered in the next section of this HOW-TO.

Setting up nfs, NetBSD
Setting up nfs, OpenBSD
Setting up nfs, FreeBSD
Setting up nfs, MacOS X and Darwin
Setting up nfs, Linux
Setting up nfs, SunOS
Setting up nfs, Solaris
Setting up nfs, NEWS-OS
Setting up nfs, NEXTSTEP
Setting up nfs, HP-UX 7 (couldn't get it to work)
Setting up nfs, HP-UX 9
Setting up nfs, HP-UX 10 and later


NetBSD and OpenBSD

If you have built your own kernel, you need to make sure you have the following in your config file:
options         NFSSERVER
The GENERIC kernel distributed with NetBSD has this compiled in.

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Add the following lines to /etc/exports:
    #/etc/exports
    /export/client/root -maproot=root:wheel    client.test.net
    /export/client/swap -maproot=root:wheel    client.test.net
    /export/client/usr  -maproot=nobody:nobody client.test.net
    /export/client/home -maproot=nobody:nobody client.test.net

  9. # ps -aux | grep mountd
    If mountd is running, then kill -HUP that process to force it to reread /etc/exports. Otherwise, you'll need to start it:
    # /usr/sbin/mountd

  10. # ps -aux | grep nfsd
    If the nfsdaemons are not running, then you need to start them:
    # /usr/sbin/nfsd -tun 4

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


FreeBSD

The setup for FreeBSD 4.x is similar to NetBSD, but mountd needs different options and /etc/exports has a different format.
  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Add the following line to /etc/exports (see the FreeBSD Handbook, Section 17.4 on NFS):
    #/etc/exports
    /export/client/root /export/client/swap -maproot=root:wheel    client.test.net 
    
    FreeBSD is unable to export multiple directories within a filesystem (such as /export) to a client unless all of the directories are listed on a single line in /etc/exports.

    You will also need to make sure the your client's /home and /usr are stored in /export/client/root. FreeBSD is unable to set different properties for exported directories, defeating the point of exporting those directories separately (and without -maproot=root:wheel).

  9. # ps -aux | grep mountd
    If mountd is running, then kill that process. You need it to be running with the -r option for the swap file to be mountable, and the -2 option is to force it to use NFS V2.
    # /sbin/mountd -2r

  10. # ps -aux | grep nfsd
    If the nfsdaemons are not running, then you need to start them:
    # /sbin/nfsd -tun 4

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


MacOS X and Darwin

This setup for MacOS X and Darwin use the NetInfo system. There are ways to use typical BSD-style configuration files, but most systems are by default configured to use NetInfo. Here, we describe how to set up a default install of MacOS X/Darwin (i.e. in its own local NetInfo domain). Read your netinfo(5) man page for more information.

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Modify the NetInfo database to export your shares. Note that you must escape the forward slashes in the path to your export twice. Once for the shell, and once for the NetInfo parser (since it uses forward slashes to delimit NetInfo properties). Just to add to the confusion, the NetInfo property we're adding to is called /exports.
    # nicl . -create /exports/\\/export\\/client\\/root opts maproot=root:wheel
    # nicl . -create /exports/\\/export\\/client\\/root clients 192.168.0.10
    # nicl . -create /exports/\\/export\\/client\\/swap opts maproot=root:wheel
    # nicl . -create /exports/\\/export\\/client\\/swap clients 192.168.0.10
    # nicl . -create /exports/\\/export\\/client\\/usr opts maproot=nobody:nobody
    # nicl . -create /exports/\\/export\\/client\\/usr clients 192.168.0.10
    # nicl . -create /exports/\\/export\\/client\\/home opts maproot=nobody:nobody
    # nicl . -create /exports/\\/export\\/client\\/home clients 192.168.0.10
    
    To later add another client for the same export, you would append to that property (as opposed to the initial create):
    # nicl . -append /exports/\\/export\\/client\\/root clients 192.168.0.12
    

    To verify that everything looks good, read it back:

    # nicl . -read /exports/\\/export\\/client\\/root
    name: /export/client/root
    opts: maproot=root:wheel
    clients: 192.168.0.10 192.168.0.12

  9. # ps -aux | grep portmap
    If the portmap is not running, then you need to start it:
    # /usr/sbin/portmap

  10. # ps -aux | grep nfsd
    If the nfsdaemons are not running, then you need to start them:
    # /sbin/nfsd -t -u -n 6

  11. # ps -aux | grep mountd
    If mountd is running, then kill -HUP that process to force it to reread the NetInfo database. If it's not running, then you need to start it:
    # /usr/sbin/mountd

  12. Your system will always start the NFS daemons after reboots if the NetInfo /exports property is present. To remove all exports and prevent your system from starting NFS in the future, run:
    # nicl . -delete /exports

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


Linux

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Add the following lines to /etc/exports:
    #/etc/exports
    /export/client/root client.test.net(rw,no_root_squash)
    /export/client/swap client.test.net(rw,no_root_squash)
    /export/client/usr client.test.net(rw,root_squash)
    /export/client/home client.test.net(rw,root_squash)

  9. # ps aux | grep mountd
    If mountd is running, then kill -HUP that process. This will force it to reread the /etc/exports file. If it's not already running, then you need to:
    # /sbin/rpc.mountd [--no-nfs-version 3]
    You may need to add the --no-nfs-version 3 if you're having problems. See below.

  10. # ps aux | grep nfsd
    If the nfsdaemons are running, then you need to restart them so that they reread the /etc/exports file. If they're not already running, then you need to:
    # /sbin/rpc.nfsd

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Kernel NFS Problem:

Most versions of linux only implement NFS2, in which case NetBSD will try NFS3 and then automatically fall back. Some versions (notably RedHat 6.0) will incorrectly answer both NFS2 and NFS3 mount requests, then ignore any attempt to access the filesystem using NFS3. This causes untold pain and hassle.

The workaround is to kill mountd and start it with options preventing NFS3 problems (i.e., rpc.mountd --no-nfs-version 3).

Continue on to setting up the client filesystem


SunOS

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Create (or add to) your /etc/exports file:
    #/etc/exports
    /export/client/root -root=client
    /export/client/swap -root=client
    /export/client/usr
    /export/client/home

  9. # rm -f /etc/xtab;touch /etc/xtab

  10. # exportfs -a

  11. # ps aux | grep nfsd
    If nfsd not already running, then run:
    # nfsd 8 &

  12. # ps aux | grep mountd
    If mountd is not already running, then run:
    # rpc.mountd -n &

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


Solaris

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Add the following lines to /etc/dfs/dfstab:
    share -F nfs -o root=client /export/client/root
    share -F nfs -o root=client /export/client/swap
    share -F nfs -o rw=client   /export/client/usr
    share -F nfs -o rw=client   /export/client/home

    Be certain to use names, if you use numeric IP addresses, Solaris will deny access without any error messages.

  9. # /usr/bin/ps -ef | grep nfs
    If the nfs daemons are running, then you merely need to run:
    # shareall
    Normally, you'd need to run unshareall;shareall, but you've only added entries, not deleted anything.

    If the nfs daemons aren't running, then you will need to run:
    # /etc/init.d/nfs.server start

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


NEWS-OS

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Create (or add to) your /etc/exports file:
    #/etc/exports
    /export/client/root -root=client
    /export/client/swap -root=client
    /export/client/usr
    /export/client/home

  9. # rm -f /etc/xtab;touch /etc/xtab

  10. # /usr/etc/exportfs -av

  11. # ps -aux | grep nfsd
    If nfsd not already running, then run:
    # /etc/nfsd 4 &

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


NEXTSTEP

Note, NEXTSTEP doesn't support exporting a file. This means that swap will have to be a file on your root (nfs) filesystem, and not its own nfs mounted file. Keep this in mind in later steps involving swap.

You may also wish to keep with NEXTSTEP convention and place all of your client files in /private/export/client instead of /export/client.

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/root/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Launch /NextAdmin/NFSManager.app

  9. Click on the "Export From ..." menu item

  10. Select your NetInfo Domain (probably /) and click OK.

  11. Click on the top Add button to pick your Directory Name

  12. Type in your client's name under "Root Access" and click that "Add" button.

  13. Click OK. If your client doesn't have a DNS or /etc/hosts entry, NEXTSTEP will not serve correctly.

  14. Click the "Quit" menu item.

For reference, here is a snapshot of what the NFSManager Exported Directories window should look like.

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


HP-UX 7

I couldn't get the HP-UX 7 rpc.mountd to start. Here's what I tried, if you think it might work for you. Let us know what we're doing wrong.

I don't think HP-UX 7's NFS server allows for restricting root read/write access.

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Add the following lines to /etc/exports:
    #/etc/exports
    /export/client/root client.test.net
    /export/client/swap client.test.net
    /export/client/usr  client.test.net
    /export/client/home client.test.net

  9. # ps -ef | grep nfsd
    If they're not running, then run:
    # /etc/nfsd 4

  10. Make sure the rpc.mountd in /etc/inetd.conf is uncommented

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


HP-UX 9

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Open sam and make sure that the kernel has NFS support compiled in.
    Kernel Configuration -> Subsystems, NFS/9000
    This will require a reboot if it's not.

  9. Add the following lines to /etc/exports:
    #/etc/exports
    /export/client/root   -root=client.test.net
    /export/client/swap   -root=client.test.net
    /export/client/usr  -access=client.test.net
    /export/client/home -access=client.test.net

  10. # ps -ef | grep mountd
    If mountd is not already running, then run:
    # /usr/etc/rpc.mountd

  11. # ps -ef | grep nfsd
    If nfsd isn't already running, then run:
    # /etc/nfsd 4

  12. # /usr/etc/exportfs -a

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


HP-UX 10

  1. # mkdir -p /export/client/root/dev

  2. # mkdir /export/client/usr

  3. # mkdir /export/client/home

  4. # touch /export/client/swap

  5. # cd /export/client/root

  6. tar [--numeric-owner] -xvpzf /export/client/NetBSD-release/binary/sets/kern.tgz

  7. mknod /export/client/root/dev/console c 0 0

  8. Edit /etc/rc.config.d/nfsconf and make sure that:
    NFS_SERVER=1
    START_MOUNTD=1
    If those are not set, then you will need to run:
    # /sbin/init.d/nfs.server start

  9. Add the following lines to /etc/exports:
    #/etc/exports
    /export/client/root   -root=client.test.net
    /export/client/swap   -root=client.test.net
    /export/client/usr  -access=client.test.net
    /export/client/home -access=client.test.net

  10. # /usr/sbin/exportfs -a

If the server isn't running the NFS daemons, the client will print:

le(0,0,0,0): Unknown error: code -1
boot: Unknown error: code -1
If the server is running NFS, but isn't exporting the root directory to the client, the client will print:
boot: no such file or directory
If everything is working properly, you will see a few numbers and a spinning cursor on the client. This means you have succeeded! At this point, your client isn't bootable. If you let it continue, it will panic when attempting to start init.

Continue on to setting up the client filesystem


Previous | Next | Table of Contents
NetBSD Home Page
NetBSD Documentation top level

(Contact us) $NetBSD: nfs.html,v 1.47 2005/02/07 10:08:00 darcy Exp $
Copyright © 1998-2004 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.