A means of exchanging files between the server and the BHYVE guests is required for various purposes. Be it for storing configurations, data or backups, similar to the way this is done with jails.
The easiest way to do this is via NFS. As this only involves internal traffic, no major authentication or other security measures are required. Only the restriction to the network or the host should be sufficient here. The nfsuserd is also omitted so that the IDs and different users do not have to be synchronized everywhere. This is no fun and only doubles the effort unnecessarily. The preparation is done quickly, all details will follow in the upcoming articles.
NEW: For the very impatient I have a console only section. There are only commands, no explanations.
Last update:
Firstly, the NFS service is activated with service nfsd enable and version 4 is limited with sysrc nfsv4_server_enable=‘YES’ and sysrc nfsv4_server_only=‘YES’. NFSv4 only requires a single entry in /etc/exports, which is created with echo ‘V4: /’ > /etc/exports. Don't worry, this does not immediately release everything, it only represents the lowest level of a possible release. The exact shares will follow later and are enabled using ZFS-Share. Finally, the service can be started with service nfsd start. That is all.
As a firewall has been activated, the rules must be extended to include NFS traffic (port 2049).
The pf firewall is configured via the central /etc/pf.conf file.
All required rules are stored in this file and edited with ee /etc/pf.conf:
# NFSv4 Verkehr erlauben
pass in inet proto tcp from any to any port 2049 flags S/SA keep state
pass in inet proto udp from any to any port 2049After changes to the rule set, these become active after a service pf reload.
service nfsd enable
sysrc nfsv4_server_enable="YES"
sysrc nfsv4_server_only="YES"
echo "V4: /" > /etc/exports
service nfsd start
echo "# NFSv4 Verkehr erlauben" >> /etc/pf.conf
echo "pass in inet proto tcp from any to any port 2049 flags S/SA keep state" >> /etc/pf.conf
echo "pass in inet proto udp from any to any port 2049" >> /etc/pf.conf
service pf reloadVoilá