Mount an NFS Share Using a Rootful Podman Volume

2
0
Send lab feedback

Mount an NFS Share Using a Rootful Podman Volume

Introduction

A Network File System or NFS is a distributed file system protocol originally developed by Sun Microsystems in 1984. NFS allows a user on a client computer to access files over the network, similar to how they access local storage.

When working with Podman containers, the need may arise to access files on an NFS share, which you accomplish using a Podman volume. Volumes are the preferred means to persist data generated and used by the containers. Podman completely manages volumes and differs from bind mounts as they are independent of the host machine's directory structure and OS.

This lab will show how to use Podman volumes to mount and access a remote NFS share.

Objectives

  • Create an NFS-backed Podman volume
  • Read and write to the Podman volume

What Do You Need?

  • A client system with Oracle Linux installed
  • An up-and-running NFS server with a shared data directory

For more information on setting up an NFS server, see the tutorial Create an NFS server on Oracle Linux .

Setup the Lab Environment

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

  1. Open a terminal and connect via ssh to the ol-client instance if not already connected.

    ssh oracle@<ip_address_of_instance>

Install the Container Tools

The Container Tools in Oracle Linux provide the latest fast and stable versions of Podman, Buildah, Skopeo, and dependencies.

  1. Install the Container Tools packages.

    sudo dnf install -y container-tools

  2. Check the version of Podman.

    podman --version

Install the NFS Utilities

The NFS Utilities package provides the tools to mount an NFS share at the OS level. These tools allow for testing the ability to mount the NFS share before attempting to use it within Podman.

The free lab environment uses an Oracle Cloud Infrastructure Oracle Linux image that includes this package as a default.

  1. Install the NFS utilities package.

    sudo dnf install -y nfs-utils

Confirm the NFS Export

The free lab environment NFS server exports the share /nfs-share granting access to the ol-client using the internal IP address of 10.0.0.151.

  1. Open a new terminal and connect via ssh to the ol-server instance.

    ssh oracle@<ip_address_of_instance>

  2. Confirm the list of NFS exports.

    showmount -e

    Example Output:

    [oracle@ol-server ~]$ showmount -e
Export list for ol-server:
/nfs-share 10.0.0.151

    The idea of running a remote RPC query from the client, such as showmount -e <nfs-server>, against the NFS server is obsolete in NFSv4.

    In an NFSv4 environment, administrators need to mount the nfsroot using mount -t nfs4 nfs-server:/ /mountpoint and then browse for the share by navigating the filesystem.

  3. Close the ssh connction to ol-server.

    exit

  4. Close the terminal window.

    exit

Mount the NFS Share

On the ol-client instance, confirm you can mount the NFS share and access it.

  1. Switch back to the terminal connected to the ol-client instance.

  2. Create a directory to mount the NFS share.

    sudo mkdir -p /nfs-mount

  3. Mount the NFS share.

    sudo mount 10.0.0.150:/nfs-share /nfs-mount

  4. List the files accessible on the NFS server.

    ls -l /nfs-mount

    Example Output:

    [oracle@ol-client ~]$ ls -l /nfs-mount
total 19540
-rwxr-xr-x. 1 oracle oracle 10000000 Sep 19 19:40 file1
-rwxr-xr-x. 1 oracle oracle 10000000 Sep 19 19:41 file2
-rwxr-xr-x. 1 oracle oracle       29 Sep 19 19:41 shared-text.txt

  5. Check the version of NFS used for the mount.

    In the version of Oracle Linux deployed in the free lab environment, the default version is NFSv4.

    sudo nfsstat -c | grep -i "client nfs"

    Example Output:

    [[oracle@ol-client ~]$ sudo nfsstat -c | grep -i "client nfs"
Client nfs v4:

Create a Podman Volume

Podman can run containers as rootful or rootless. However, running a rootless container has limitations as they don't have access to all operating system features. For a list of limitations, see the upstream document https://github.com/containers/podman/blob/master/rootless.md . The rootful requirement demonstrated here is the mounting of an NFS share.

  1. Create a volume based on an existing NFS share.

    sudo podman volume create --opt type=nfs --opt o=rw --opt device=10.0.0.150:/nfs-share nfsvol

    The --opt sets driver-specific options, which mostly map to an equivalent flag in mount(8).

    • type=nfs sets the type of the filesystem to be mounted and is equivalent to the -t flag.
    • o=rw sets options for the mount and is equivalent to the -o flag.
    • device=10.0.0.150:/nfs-share sets the device to be mounted and is equivalent to the device argument.

    The nfsvol value is the name of the Podman volume created and how to reference the volume when running the container.

  2. Get a list of existing volumes.

    sudo podman volume ls

    Example Output:

    [oracle@ol-client ~]$ sudo podman volume ls
DRIVER      VOLUME NAME
local       nfsvol

    The podman command requires using sudo again as the volume above resides in the root user namespace.

Access the Volume within a Container

Although the volume exists, it does not attempt to mount until running the podman volume mount command or using the volume within a container.

  1. Try running a container to list the contents of the NFS share.

    sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo
    • -v nfsvol:/foo mounts the volume created within the container at the foo mountpoint.

    Example Output:

    [oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it oraclelinux:9 ls -al /foo
Resolved "oraclelinux" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull container-registry.oracle.com/os/oraclelinux:9...
Getting image source signatures
Copying blob 56f7a0abdb77 done  
Copying config fa05a8a603 done  
Writing manifest to image destination
Storing signatures
Error: lchown /var/lib/containers/storage/volumes/nfsvol/_data: operation not permitted

    Important: The error displayed is due to an existing upstream bug reported and fixed here . Workaround this issue by rerunning the same command.

  2. Rerun the container.

    sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo

    Example Output:

    [oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo
total 19540
drwxrwxr-x. 2 1001 1001       55 Sep 21 14:44 .
dr-xr-xr-x. 1 root root       39 Sep 21 15:34 ..
-rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:43 file1
-rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:44 file2
-rwxr-xr-x. 1 1001 1001       29 Sep 21 14:44 shared-text.txt

  3. Write a file to the volume and list the volume contents.

    The output above shows the directory owned by the user with a user id of 1001. Therefore, to write a file to the NFS-based volume, the user inside the container must be the same.

    sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 touch /foo/test1
    sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 ls -al /foo
    • --user 1001:1001 maps the user inside the container to UID 1001.

    Example Output:

    [oracle@ol-client ~]$ sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 touch /foo/test1
[oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo
total 19540
drwxrwxr-x. 2 1001 1001       68 Sep 21 15:44 .
dr-xr-xr-x. 1 root root       39 Sep 21 15:44 ..
-rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:43 file1
-rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:44 file2
-rwxr-xr-x. 1 1001 1001       29 Sep 21 14:44 shared-text.txt
-rw-r--r--. 1 1001 1001        0 Sep 21 15:44 test1

Summary

This completes the demonstration detailing how to use rootful Podman volumes to read and write to an NFS share within containers.

For More Information

See other related resources:

SSR