Create a ISO datastore with CentOS

Morning,

This came up in a discussion in the vmware forums and I figured I would put it all down.  The user wanted to be able to have his ISO’s for VMware and Windows shared and wanted to know how to do it from Vmware.  Well it’s not possible from VMware because it cannot be a NFS server to share out VMFS.  But VMware does support NFS storage so with CentOS (RedHat / OracleLinux it will work the same) you can create a shared NFS mount that can also be mounted via CIFS to Windows.

So I am going to Assume you know how to install Linux if not download and click next…next…next. Once installed login as root and make sure you have networking.

Install and lock down NFS

Code:

yum install nfs -y

Secure the install of NFS:

add the following to /etc/hosts.deny (Will block everyone access to NFS services)

portmap: ALL
lockd: ALL
statd: ALL
mountd: ALL
rquotad: ALL

Add hosts that are allowed to connect to NFS to /etc/hosts.allow each Ip with an or

portmap: 10.10.101.10 or 10.10.101.11
lockd: 10.10.101.10 or 10.10.101.11
statd: 10.10.101.10 or 10.10.101.11
mountd: 10.10.101.10 or 10.10.101.11
rquotad: 10.10.101.10 or 10.10.101.11

The exported file system is the file system you want to share out we will use /nfs/ISO in this example it can be anything.  I would make it a different partition and potentially LVM but that’s out of scope.  Edit /etc/exports and add the servers you want to be able to mount /nfs/ISO notice I made 10.10.101.11 read only (ro) and 10.10.101.10 read write (rw)

# Sample
/nfs/ISO 10.10.101.10(rw,no_root_squash)
/nfs/ISO 10.10.101.11(ro,no_root_squash)

Now we need to lock down NFS to specific ports to make it more firewall friendly.   Edit /etc/sysconfig/nfs and add the following lines (make sure to comment out these lines if already in use)

STATD_PORT=4000
LOCKD_TCPPORT=4001
LOCKD_UDPPORT=4001
MOUNTD_PORT=4002
RQUOTAD_PORT=4003

Add the following to /etc/services and comment out original entries:

rquotad         4003/tcp                        # rquota
rquotad         4003/udp                        # rquota

Start NFS service and enable at boot time:

/etc/init.d/portmap start 
/etc/init.d/nfs start 
/etc/init.d/nfslock start 

chkconfig portmap on 
chkconfig nfs on 
chkconfig nfslock on

Now if your running a host based firewall you will want to open it remember we are controlling access via hosts.allow:

-A RH-Firewall-1-INPUT -p tcp -m multiport --dports 4000:4003 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m multiport --dports 4000:4003 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 111 -j ACCEPT

Now you need to setup and install SAMBA to share out the same file system via CIFS:

Lets start with the firewall rules and assume that our Windows servers are all on 192.168.10.0/24

-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

Install Samba and required componets:

yum install samba samba-client samba-common

Turn it on at boot time

chkconfig smb on
chkconfig nmb on

Edit the file /etc/samba/smb.conf and add your info to the config file including workgroup… yes it’s possible to add Samba to a domain I will not cover it here

#======================= Global Settings =====================================
[global]
 workgroup = WORKGROUP
 security = share
 map to guest = bad user
#============================ Share Definitions ==============================
[ISO]
 path = /nfs/ISO
 browsable =yes
 writable = yes
 guest ok = yes
 read only = no

Restart samba services to reload the changed config

sudo service smb restart
sudo service nmb restart

Browse to the machine for something in 192.168.10.0/24 and you should see the share and be able to write to it.

Please let me know if you have any questions and enjoy your ISO share (yes it can be a virtual machine)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.