*Checks calendar*
Ah well. My last post on this blog was well over a year a go. Not much to share when you’re dealing with proprietary stuff, and I’m trying to limit my gadget review as minimum as possible
..Anyway
A couple years back, I posted an article on how to access nfs share through ssh tunnel. Fast forward today, the guy maintaining the system is asking whether this particular setup can be made to automatically connect the ssh tunnel and mount the share after reboot.
Well of course!
So there are two steps involved in this, which are:
- Establishing the ssh tunnel and exposing the remote NFS port to our local system
- Mount the aforementioned NFS share.
Let’s cater this one by one:
Bringing up the tunnel on startup
Assuming that you can already establish the tunnel on-demand, we should be half way done. The next step is to enable passwordless ssh connection from the local system to the remote node. Put the private key somewhere that can only be accessed by your root account, and change the owner of said key to root.
Let’s generate our new Unit file for the SystemD service
$ sudo nano /etc/systemd/system/shtunnel.service
Here’s how my Unit file looks like:
[Unit] Description=Create Tunnel and expose port 2049 on remote system to port 3049 on local After=network.target [Service] Restart=on-failure RestartSec=5 ExecStart=/usr/bin/ssh -i /key/id_rsa -NTC -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L 3049:localhost:2049 pipe@aaa.bbb.ccc.ddd -p wxyz [Install] WantedBy=multi-user.target
Notice “After=network.target” on top. This will tell the service to initiate only after “network.target” is up. Change aaa.bbb.ccc.ddd to your remote node IP address and wxyz to the SSH port you’re exposing to the internet (Please don’t use the default port). Change “pipe” to the username that you set your passwordless ssh login to. I’m exposing NFS port 2049 on the remote system as port 3049 on my local machine. Change it to whatever you need to expose
Update SystemD daemon, and enable the service so it will automatically run on system startup
$ sudo systemctl daemon-reload $ sudo systemctl enable shtunnel
The system should now automatically establish our ssh tunnel on boot. You can also
Start,
$ sudo systemctl start shtunnel
Stop,
$ sudo systemctl stop shtunnel
..or restart the tunnel via SystemD
$ sudo systemctl restart shtunnel
To see whether the tunnel is alive, do
$ telnet localhost 3049 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
We are done with the first half of the setup
Mounting the NFS share
Now that we have the ssh tunnel at system startup, let’s handle how we mount the NFS share as well.
Like part 1, we will be relying on another type of SystemD unit file, this time it’s a “mount”. Unlike other type of SystemD unit file a mount type SystemD unit file must be named in accordance to the file system mount target. For example:
$ sudo nano /etc/systemd/system/mnt-remote.mount
Here’s how the unit file configured:
[Unit] after=shtunnel.service [Mount] What=localhost:/data/storage Where=/mnt/remote Type=nfs Options=port=3049,proto=tcp [Install] WantedBy=multi-user.target
Since we are going to mount the remote NFS share to “/mnt/remote”, then the name for unit file would be “mnt-remote.mount”. Just like our ssh tunnel unit file, we will need to set this one run only after a particular service has been established, in this case, the shtunnel.service. As usual, after we add, remove, or modify a SystemD daemon, do:
$ sudo systemctl daemon-reload
And set the daemon to run on system startup
$ sudo systemctl enable mnt-remote.mount
…and now, you should have your ssh tunelled NFS share mounted on reboot.