Repository files navigation

A lightweight, robust, flexible, and containerized NFS server.

This is the only containerized NFS server that offersall of the following features:

• small (~15MB) Alpine Linux image
• NFS versions 3, 4, or both simultaneously
• clean teardown of services upon termination (no lingeringnfsd processes on Docker host)
• flexible construction of/etc/exports
• extensive server configuration via environment variables
• human-readable logging (with a helpfuldebug mode)
• optional bonus features
  • Kerberos security
  • NFSv4 user ID mapping viaidmapd
  • AppArmor compatibility

• Requirements
• Usage
  • Starting the server
  • Mounting filesystems from a client
• Optional features
  • Debug logging
  • Kerberos security
  • NFSv4 user ID mapping
  • AppArmor integration
• Advanced
  • automatically load required kernel modules
  • custom server ports
  • custom NFS versions offered
  • performance tuning
• Help!
• Remaining tasks
• Acknowledgements

1. The Dockerhost kernel will need the following kernel modules

   • nfs
   • nfsd
   • rpcsec_gss_krb5 (only if Kerberos is used)

   You can manually enable these modules on the Docker host with:

   modprobe {nfs,nfsd,rpcsec_gss_krb5}

   or you can just allow the container toload them automatically.

2. The container will need to run withCAP_SYS_ADMIN (or--privileged). This is necessary as the server needs to mount several filesystemsinside the container to support its operation, and performing mounts from inside a container is impossible without these capabilities.

3. The container will need local access to the files you'd like to serve via NFS. You can use Docker volumes, bind mounts, files baked into a custom image, or virtually any other means of supplying files to a Docker container.

Starting theerichough/nfs-server image will launch an NFS server. You'll need to supply some information upon container startup, which we'll cover below, but briefly speaking yourdocker run command might look something like this:

docker run                                            \  -v /host/path/to/shared/files:/some/container/path  \  -v /host/path/to/exports.txt:/etc/exports:ro        \  --cap-add SYS_ADMIN                                 \  -p 2049:2049                                        \  erichough/nfs-server

Let's break that command down into its individual pieces to see what's required for a successful server startup.

1. Provide the files to be shared over NFS

   As noted in therequirements, the container will need local access to the files you'd like to share over NFS. Some ideas for supplying these files:

   • bind mounts (-v /host/path/to/shared/files:/some/container/path)
   • volumes (-v some_volume:/some/container/path)
   • filesbaked into custom image (e.g. in aDockerfile:COPY /host/files /some/container/path)

   You may use any combination of the above, or any other means to supply files to the container.

2. Provide your desiredNFS exports (/etc/exports)

   You'll need to tell the server whichcontainer directories to share. You havethree options for this; choose whichever one you prefer:

   1. bind mount/etc/exports into the container

      docker run                                      \  -v /host/path/to/exports.txt:/etc/exports:ro  \  ...                                           \  erichough/nfs-server

   2. provide each line of/etc/exports as an environment variable

      The container will look for environment variables that start withNFS_EXPORT_ and end with an integer. e.g.NFS_EXPORT_0,NFS_EXPORT_1, etc.

      docker run                                                                       \  -e NFS_EXPORT_0='/container/path/foo                  *(ro,no_subtree_check)'  \  -e NFS_EXPORT_1='/container/path/bar 123.123.123.123/32(rw,no_subtree_check)'  \  ...                                                                            \  erichough/nfs-server

   3. bake/etc/exports into a custom image

      e.g. in aDockerfile:

      FROM erichough/nfs-serverADD /host/path/to/exports.txt /etc/exports

3. Use--cap-add SYS_ADMIN or--privileged

   As noted in therequirements, the container will need additional privileges. So yourrun command will needeither:

   docker run --cap-add SYS_ADMIN ... erichough/nfs-server

   or

   docker run --privileged ... erichough/nfs-server

   Not sure which to use? Go for--cap-add SYS_ADMIN as it's the lesser of two evils.

4. Expose the server ports

   You'll need to open up at least one server port for your client connections. The ports listed in the examples below are the defaults used by this image and most can becustomized.

   • If your clients connect viaNFSv4 only, you can get by with just TCP port2049:

     docker run -p 2049:2049 ... erichough/nfs-server

   • If you'd like to supportNFSv3, you'll need to expose a lot more ports:

     docker run                          \  -p 2049:2049   -p 2049:2049/udp   \  -p 111:111     -p 111:111/udp     \  -p 32765:32765 -p 32765:32765/udp \  -p 32767:32767 -p 32767:32767/udp \  ...                               \  erichough/nfs-server

If you pay close attention to each of the items in this section, the server should start quickly and be ready to accept your NFS clients.

# mount <container-IP>:/some/export /some/local/path

• Debug logging
• Kerberos security
• NFSv4 user ID mapping
• AppArmor integration

• automatically load required kernel modules
• customizing which ports are used
• customizing NFS versions offered
• performance tuning

Pleaseopen an issue if you have any questions, constructive criticism, or can't get something to work.

• figure out whyrpc.nfsdtakes 5 minutes to startup/timeout unlessrpcbind is running
• add more examples

This work was based on prior projects:

• f-u-z-z-l-e/docker-nfs-server
• sjiveson/nfs-server-alpine