Mount an NFS Share Using a Rootful Podman Volume
Introduction
A Network File System or NFS is a distributed file system protocol originally developed by Sun Microsystems in 1984. NFS allows a user on a client computer to access files over the network, similar to how they access local storage.
When working with Podman containers, the need may arise to access files on an NFS share, which you accomplish using a Podman volume. Volumes are the preferred means to persist data generated and used by the containers. Podman completely manages volumes and differs from bind mounts as they are independent of the host machine's directory structure and OS.
This lab will show how to use Podman volumes to mount and access a remote NFS share.
Objectives
- Create an NFS-backed Podman volume
- Read and write to the Podman volume
What Do You Need?
- A client system with Oracle Linux installed
- An up-and-running NFS server with a shared data directory
For more information on setting up an NFS server, see the tutorial Create an NFS server on Oracle Linux .
Setup the Lab Environment
Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.
Open a terminal and connect via ssh to the ol-client instance if not already connected.
ssh oracle@<ip_address_of_instance>
Install the Container Tools
The Container Tools in Oracle Linux provide the latest fast and stable versions of Podman, Buildah, Skopeo, and dependencies.
Install the Container Tools packages.
sudo dnf install -y container-tools
Check the version of Podman.
podman --version
Install the NFS Utilities
The NFS Utilities package provides the tools to mount an NFS share at the OS level. These tools allow for testing the ability to mount the NFS share before attempting to use it within Podman.
The free lab environment uses an Oracle Cloud Infrastructure Oracle Linux image that includes this package as a default.
Install the NFS utilities package.
sudo dnf install -y nfs-utils
Confirm the NFS Export
The free lab environment NFS server exports the share /nfs-share
granting access to the ol-client using the internal IP address of 10.0.0.151.
Open a new terminal and connect via ssh to the ol-server instance.
ssh oracle@<ip_address_of_instance>
Confirm the list of NFS exports.
showmount -e
Example Output:
[oracle@ol-server ~]$ showmount -e Export list for ol-server: /nfs-share 10.0.0.151
The idea of running a remote RPC query from the client, such as
showmount -e <nfs-server>
, against the NFS server is obsolete in NFSv4.In an NFSv4 environment, administrators need to mount the nfsroot using
mount -t nfs4 nfs-server:/ /mountpoint
and then browse for the share by navigating the filesystem.Close the ssh connction to ol-server.
exit
Close the terminal window.
exit
Mount the NFS Share
On the ol-client instance, confirm you can mount the NFS share and access it.
Switch back to the terminal connected to the ol-client instance.
Create a directory to mount the NFS share.
sudo mkdir -p /nfs-mount
Mount the NFS share.
sudo mount 10.0.0.150:/nfs-share /nfs-mount
List the files accessible on the NFS server.
ls -l /nfs-mount
Example Output:
[oracle@ol-client ~]$ ls -l /nfs-mount total 19540 -rwxr-xr-x. 1 oracle oracle 10000000 Sep 19 19:40 file1 -rwxr-xr-x. 1 oracle oracle 10000000 Sep 19 19:41 file2 -rwxr-xr-x. 1 oracle oracle 29 Sep 19 19:41 shared-text.txt
Check the version of NFS used for the mount.
In the version of Oracle Linux deployed in the free lab environment, the default version is NFSv4.
sudo nfsstat -c | grep -i "client nfs"
Example Output:
[[oracle@ol-client ~]$ sudo nfsstat -c | grep -i "client nfs" Client nfs v4:
Create a Podman Volume
Podman can run containers as rootful or rootless. However, running a rootless container has limitations as they don't have access to all operating system features. For a list of limitations, see the upstream document https://github.com/containers/podman/blob/master/rootless.md . The rootful requirement demonstrated here is the mounting of an NFS share.
Create a volume based on an existing NFS share.
sudo podman volume create --opt type=nfs --opt o=rw --opt device=10.0.0.150:/nfs-share nfsvol
The
--opt
sets driver-specific options, which mostly map to an equivalent flag inmount(8)
.type=nfs
sets the type of the filesystem to be mounted and is equivalent to the -t flag.o=rw
sets options for the mount and is equivalent to the -o flag.device=10.0.0.150:/nfs-share
sets the device to be mounted and is equivalent to the device argument.
The
nfsvol
value is the name of the Podman volume created and how to reference the volume when running the container.Get a list of existing volumes.
sudo podman volume ls
Example Output:
[oracle@ol-client ~]$ sudo podman volume ls DRIVER VOLUME NAME local nfsvol
The
podman
command requires usingsudo
again as the volume above resides in theroot
user namespace.
Access the Volume within a Container
Although the volume exists, it does not attempt to mount until running the podman volume mount
command or using the volume within a container.
Try running a container to list the contents of the NFS share.
sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo
-v nfsvol:/foo
mounts the volume created within the container at thefoo
mountpoint.
Example Output:
[oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it oraclelinux:9 ls -al /foo Resolved "oraclelinux" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull container-registry.oracle.com/os/oraclelinux:9... Getting image source signatures Copying blob 56f7a0abdb77 done Copying config fa05a8a603 done Writing manifest to image destination Storing signatures Error: lchown /var/lib/containers/storage/volumes/nfsvol/_data: operation not permitted
Important: The error displayed is due to an existing upstream bug reported and fixed here . Workaround this issue by rerunning the same command.
Rerun the container.
sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo
Example Output:
[oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo total 19540 drwxrwxr-x. 2 1001 1001 55 Sep 21 14:44 . dr-xr-xr-x. 1 root root 39 Sep 21 15:34 .. -rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:43 file1 -rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:44 file2 -rwxr-xr-x. 1 1001 1001 29 Sep 21 14:44 shared-text.txt
Write a file to the volume and list the volume contents.
The output above shows the directory owned by the user with a user id of
1001
. Therefore, to write a file to the NFS-based volume, the user inside the container must be the same.sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 touch /foo/test1
sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 ls -al /foo
--user 1001:1001
maps the user inside the container to UID1001
.
Example Output:
[oracle@ol-client ~]$ sudo podman run -it --rm -v nfsvol:/foo --user 1001:1001 oraclelinux:9 touch /foo/test1 [oracle@ol-client ~]$ sudo podman run -v nfsvol:/foo -it --rm oraclelinux:9 ls -al /foo total 19540 drwxrwxr-x. 2 1001 1001 68 Sep 21 15:44 . dr-xr-xr-x. 1 root root 39 Sep 21 15:44 .. -rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:43 file1 -rwxr-xr-x. 1 1001 1001 10000000 Sep 21 14:44 file2 -rwxr-xr-x. 1 1001 1001 29 Sep 21 14:44 shared-text.txt -rw-r--r--. 1 1001 1001 0 Sep 21 15:44 test1
Summary
This completes the demonstration detailing how to use rootful Podman volumes to read and write to an NFS share within containers.
For More Information
See other related resources: