NFS+SMB in AWS Envrioment

# Setting up NFS and SMB in a AWS Environment Owner: 侯智晟 meowheckerouo@gmail.com [TOC] ![](https://hackmd.io/_uploads/HJ4MlffMa.png) # Creating a Virtual Private Network(VPC) in AWS ![](https://hackmd.io/_uploads/H1uk3E-fp.png) # Creating a Public Subnet: ![](https://hackmd.io/_uploads/By_baVZza.png) ![](https://hackmd.io/_uploads/SktXySbMT.png) ## Auto-Assign Public IP ![](https://hackmd.io/_uploads/rJmiNI-za.png) ![](https://hackmd.io/_uploads/SyLAVU-za.png) ## Creating a Private Subnet ![](https://hackmd.io/_uploads/B1zagSbGT.png) ## Internet Gateway Configuration and Attachment ![](https://hackmd.io/_uploads/SJYHbBWMa.png) ### Attach Internet Gateway to VPC ![](https://hackmd.io/_uploads/S1V5-rZfa.png) ![](https://hackmd.io/_uploads/r17RWB-zT.png) ## Routing Table ### Public Subnet Routing Table Configuration ![](https://hackmd.io/_uploads/rkfvXHWM6.png) ![](https://hackmd.io/_uploads/SyunmBbGp.png) ![](https://hackmd.io/_uploads/SkOR7SbfT.png) ### Associate Subnets ![](https://hackmd.io/_uploads/ryN2NHZMT.png) ## Routing table associate with subnet ![](https://hackmd.io/_uploads/rylitpSbfT.png) ## Creating an EC2 instance in a public subnet ### AWS Linux(public SubNET) ![](https://hackmd.io/_uploads/r17iJIbGp.png) ### AMS Linux (private subNET) ### Network Configuration ![](https://hackmd.io/_uploads/ryHBPI-Mp.png) ## To upload an access key for logging into a private host Upload Access key ``` scp -i meowheckerKey2.pem meowheckerKey2.pem ec2-user@54.174.144.134:/tmp ``` Prepare ``` [ec2-user@ip-10-10-0-30 ~]$ cd /tmp [ec2-user@ip-10-10-0-30 tmp]$ sudo -s [root@ip-10-10-0-30 tmp]# mv meowheckerKey2.pem /home/ec2-user/ [root@ip-10-10-0-30 ~]# cd /home/ec2-user/ [root@ip-10-10-0-30 ec2-user]# chmod 400 meowheckerKey2.pem ``` ### Login to the Private Host ``` [root@ip-10-10-0-30 ec2-user]# ssh -i meowheckerKey2.pem ec2-user@10.10.1.19 ``` ![](https://hackmd.io/_uploads/S1GbUvbGT.png) ## Private host connect to the internet. ## Create NAT GAT way on public subnet Allocate an Elastic IP Address FOR NAT ![](https://hackmd.io/_uploads/Byi6Vubz6.png) ## Configure Route Table for Private Subnet ![](https://hackmd.io/_uploads/SJ9wBuWMp.png) ![](https://hackmd.io/_uploads/SycTBOZfa.png) ## Association a private route table with a private subnet ![](https://hackmd.io/_uploads/BJfSUdbMp.png) ![](https://hackmd.io/_uploads/rkT9LdWzT.png) NAT allows instances in a private subnet to access the internet by using their private IP addresse ![](https://hackmd.io/_uploads/SkJEwdWz6.png) # Samba (Server Message block) SMB port: 139/445 Samba ``` [root@ip-10-10-0-30 ec2-user]# yum install samba samba-client samba-common -y ``` ## Configuration ``` [ec2-user@ip-10-10-0-30 ~]$ mkdir windowShare [ec2-user@ip-10-10-0-30 ~]$ sudo -s [root@ip-10-10-0-30 ec2-user]# chown nobody windowShare/ ``` ![](https://hackmd.io/_uploads/Hk6YouWMT.png) ``` vim /etc/samba/smb.conf ``` ``` [publicMeowHeckerFolder] comment = meowmeow path = /home/ec2-user/windowShare guest ok = Yes read only = No writable = yes ``` ``` testparm ``` ![](https://hackmd.io/_uploads/By8c2dWG6.png) Writing passwords into the `passdb.tdb` file ``` [root@ip-10-10-0-30 ec2-user]# smbpasswd -a ec2-user New SMB password: Retype new SMB password: Added user ec2-user. ``` password -> meXXXXXXer ``` [root@ip-10-10-0-30 ec2-user]# systemctl restart smb ``` ![](https://hackmd.io/_uploads/H1qRRdbGa.png) ``` \\54.174.144.134 ``` ![](https://hackmd.io/_uploads/rknw1FZGp.png) ![](https://hackmd.io/_uploads/Hy2xZtbG6.png) # NFS (Network File System) https://qizhanming.com/blog/2018/08/08/how-to-install-nfs-on-centos-7 AWS NFS https://medium.com/tensult/nfs-configuration-on-aws-environment-95fad703a78e ## Setting UP NFS server: Port: 2049 RPC ## RPC timeouts and communication issues the issues is dut to the firewall blockd (whitlist) ### BIND the RPC port Remote procedure call (Default: Dynamic Assignment) reference https://blog.csdn.net/Micha_Lu/article/details/125082164 ``` Identify the Required Ports: ``` ### Configure Static Ports ``` [root@ip-10-10-1-19 ec2-user]# echo "mountd 20048/tcp" >> /etc/services [root@ip-10-10-1-19 ec2-user]# echo "mountd 20048/udp" >> /etc/services ``` ``` [root@ip-10-10-1-19 ec2-user]# echo "fs.nfs.nlm_udpport=42315" >> /etc/sysctl.conf [root@ip-10-10-1-19 ec2-user]# echo "fs.nfs.nlm_tcpport=42315" >> /etc/sysctl.conf [root@ip-10-10-1-19 ec2-user]# sysctl -p ``` ``` [root@ip-10-10-1-19 ec2-user]# systemctl restart rpcbind [root@ip-10-10-1-19 ec2-user]# systemctl restart nfs-server.service ``` ### Port information ``` [root@ip-10-10-1-19 ec2-user]# rpcinfo -p | grep nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl ``` ![](https://hackmd.io/_uploads/SJbavKWfT.png) ![](https://hackmd.io/_uploads/BJIBbWMzp.png) ### SG-rules configuration Open Firewall Ports ![](https://hackmd.io/_uploads/B18Ax-GGa.png) ## Setting UP NFS server Private subNET 10.10.1.0/24 ``` [ec2-user@ip-10-10-1-19 ~]$ sudo yum install nfs-utils Amazon Linux 2023 repository 40 MB/s | 20 MB 00:00 Amazon Linux 2023 Kernel Livepatch repository 782 kB/s | 160 kB 00:00 Package nfs-utils-1:2.5.4-2.rc3.amzn2023.0.3.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! ``` ``` [root@ip-10-10-1-19 ec2-user]# systemctl enable rpcbind Created symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service → /usr/lib/systemd/system/rpcbind.service. [root@ip-10-10-1-19 ec2-user]# systemctl enable nfs-server Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service. ``` ``` [root@ip-10-10-1-19 ec2-user]# mkdir nfsShare [root@ip-10-10-1-19 ec2-user]# ls nfsShare [root@ip-10-10-1-19 ec2-user]# chmod 755 nfsShare/ [root@ip-10-10-1-19 ec2-user]# vim /etc/exports ``` /etc/exports ``` /home/ec2-user/nfsShare 10.10.0.30(rw,sync,no_root_squash,no_all_squash) ``` ``` [root@ip-10-10-1-19 ec2-user]# systemctl restart nfs-server ``` ``` [root@ip-10-10-1-19 ec2-user]# showmount -e localhost Export list for localhost: /nfsShare/ 10.10.0.30 ``` ## Client ![](https://hackmd.io/_uploads/r1nStFbza.png) ``` [root@ip-10-10-0-30 windowShare]# yum install nfs-utils Last metadata expiration check: 4:04:07 ago on Sat Oct 21 13:15:44 2023. Package nfs-utils-1:2.5.4-2.rc3.amzn2023.0.3.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! ``` ``` [root@ip-10-10-0-30 windowShare]# systemctl enable rpcbind [root@ip-10-10-0-30 windowShare]# systemctl start rpcbind ``` ### Creating share folder ``` [root@ip-10-10-0-30 ec2-user]# mkdir -p /mnt/nfsShare ``` ### Showmount ``` [root@ip-10-10-0-30 ec2-user]# showmount -e 10.10.1.19 Export list for 10.10.1.19: /home/ec2-user/nfsShare 10.10.0.0/24 ``` ``` mount -t nfs 10.10.1.19:/home/ec2-user/nfsShare /home/ec2-user/mnt/nfsShare ``` ``` [root@ip-10-10-0-30 nfsShare]# mount -t nfs 10.10.1.19:/home/ec2-user/nfsShare /home/ec2-user/mnt/nfsShare ``` Result ![](https://hackmd.io/_uploads/BJPl7ZMzT.png) # SMB + NFS + AWS ``` [smbAndNFS] comment = homework guest ok = Yes path = /home/ec2-user/mnt/nfsShare read only = No ``` ``` [root@ip-10-10-0-30 nfsShare]# systemctl enable smb.service Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service. [root@ip-10-10-0-30 nfsShare]# systemctl restart smb.service ``` ![](https://hackmd.io/_uploads/Sy55LZMGT.png) ![](https://hackmd.io/_uploads/ByYaD-zM6.png)