Autofs

Note (2016-07-03): This article still might be interesting if you want to learn about autofs on Linux, but if you want to share files with a local VM I recommend reading this updated article instead.

There is this really cool feature on Unix systems called autofs. It is really crazy, really magical, and really convenient. In a previous life I had to maintain what is likely the world’s most complicated hierarchical autofs setup (distributed in an hierarchical manner across thousands of NetApp filers), so I learned a lot about autofs and how it works. In this post though, I’m just going to explain what it is, why you’d want to use it, and how to set it up.

I’m explicitly going to explain the workflow for using autofs with a local VM, not how to use it in production.

Let’s say you’re in the habit of doing dev work on a VM. A lot of people do this because they are on OS X or Windows and need to do dev work on Linux. I do it because I’m Fedora and need to do dev work on Debian, so I have a VM that runs Debian. You can set up autofs on OS X too. However, I don’t use OS X so I can’t explain how to set it up. I believe it works exactly the same way, and it I think it’s even be installed by default, so I think you can follow this guide with OS X and it might be even easier. But no guarantees.

Now, there are a lot of ways to set it up so that you can access files on your VM. A lot of people use sshfs because it’s super easy to set up. There’s nothing wrong per se with sshfs, but it works via FUSE and therefore is kind of weird and slow. The slowness is what really bothers me personally.

There’s this amazing things called NFS that has been available on Unix systems since the 1980s and is specifically designed to be an efficient POSIX network filesystem. It has a ton of features, you can do tons of fine-grained control over your NFS mounts, and the Linux kernel has both native support for being an NFS client and server. That’s right, there’s an NFS server in the Linux kernel (there’s also a userspace one). So if you’re trying to access remote files on a Linux system for regular work, I highly recommend using NFS instead of sshfs. It has way higher performance and has been specifically designed from day one for Unix systems remotely accessing filesystems on other Unix systems.

Setting up the NFS Server on Debian

There’s one package you need to install, nfs-kernel-server. To install it:

sudo apt-get install nfs-kernel-server

Now you’re going to want to set this up to actually run and be enabled by default. On a Debian Jessie installation you’ll do:

sudo systemctl enable nfs-kernel-server
sudo systemctl start nfs-kernel-server

If you’re using an older version of Debian (or Ubuntu) you’ll have to futz with the various legacy systems for managing system startup service e.g.by using Upstart or update-rc.d.

Great, now you have an NFS server running. You need to set it up so that other people can actually access things using it. You do this by modifying the file /etc/exports. I have a single line in mine:

/home/evan 192.168.124.0/24(rw,sync,no_subtree_check)

This makes it possible for any remote system on the 192.168.124.0/24 subnet possible to mount /home/evan with read/write permissions on my server without any authentication. Normally this would be incredibly insecure, but the default way that Linux virtualization works with libvirt is that 192.168.124.0/24 is reserved for local virtual machines, so I’m OK with it. In my case I know that only localhost can access this machine, so in my case it’s only insecure insofar as if I give someone else my laptop they can access my VM.

Please check your network settings to verify that remote hosts on your network can’t mount your NFS export since if they can you’ve exposed your NFS mount to your local network. Your firewall may already disable NFS exports by default, if not just change the host mask. There are also ways to set up NFS authentication, but you shouldn’t need to do that just to use a VM and that topic is outside the scope of this blog post.

Now reload nfs-kernel-server so it knows about the new export:

sudo systemctl restart nfs-kernel-server

Update: It was pointed out to me that if you’re accessing the VM from OS X you have to use high ports for automounted NFS, meaning that in the /etc/exports file on the guest VM you’ll need to add “insecure” as an export option.

Setting up the NFS Client on Debian/Fedora

On client you’ll need the autofs package. On Fedora that will be:

sudo dnf install autofs

and on Debian/Ubuntu it will be

sudo apt-get install autofs

I think it’s auto-installed on OS X?

Again, I’m going to assume you’re on a recent Linux distro (Fedora, or a modern Debian/Ubuntu) that has systemd, and then you’ll do:

sudo systemctl enable autofs
sudo systemctl start autofs

Before we proceed, I recommend that you record the IP of your VM and put it in /etc/hosts. There’s some way to set up static networking with libvirt hosts, but I haven’t bothered to figure it out yet, so I just logged into the machine and recorded its IP (which is the same every time it boots). On my system, in my /etc/hosts file I added a line like:

192.168.124.252   d8

So now I can use the hostname d8 as an alias for 192.168.124.252. You can verify this using ssh or ping.

Due to some magic that I don’t understand, on modern NFS systems there’s a way to query a remote server and ask what NFS exports it knows about. You can query these servers using the showmount command. So in my case I now see:

$ showmount -e d8
Export list for d8:
/home/evan 192.168.124.0/24

This confirms that for the host alias d8 I added that the host is actually exporting NFS mounts in the way I expect. If you don’t have a showmount command you may need to install a package called nfs-utils to get it.

Actually Using Autofs

Now here’s where it gets magical.

When you do any filesystem operation (e.g. change directory, open a file, list a directory, etc.) that would normally fail with ENOENT, the kernel checks if that file should have been available via autofs. If it is, it will mount the filesystem using autofs and then proceed with the operation as usual.

This is really crazy if you think about it. Literally every filesystem related system call has logic in it that understands this autofs thing and can transparently mount remote media (which doesn’t just have to be NFS, this used to be how Linux distros auto-mounted CD-ROMs) and then proceeds with the operation. And this is all invisible ot the user.

There’s a ton of ways to configure autofs, but here’s the easiest way. Your /etc/auto.master file will likely contain a file like this already (if not, add it):

/net    -hosts

This means that there is a magical autofs directory called /net, which isn’t a real directory. And if you go to /net/<host-or-ip>/mnt/point then it will automatically NFS mount /mnt/point from <host-or-ip> on your behalf.

If you want to be really fancy you can set /etc/auto.masster to use a timeout, e.g.:

/net    -hosts  --timeout=60

So here’s what I do. I added a symlink like this:

ln -s /net/d8/home/evan ~/d8

So now I have an “empty” directory called ~/d8. When I start up my computer, I also start up my local VM. Once the VM boots up, if I enter the ~/d8 directory or access data in it, it’s automatically mounted! And if I don’t use the directory, or I’m not running the VM, then it’s just a broken symlink.

This solves a major problem with the conventional way you would use NFS with a VM. Normally what you would do is you’d have a line in /etc/fstab that has the details of the NFS mount. However, if you set it up to be automatically mounted, you have a problem where your machine will try to mount the VM before the VM is finished booting. You can use the user option in your /etc/fstab options line which lets you subsequently mount the VM NFS server without being root, but then you have to manually invoke the mount command once you know the VM is started.

By using autofs, you don’t ever need to type the mount command, and you don’t even need to change /etc/fstab. I recommend editing /etc/hosts because it’s convenient, but you don’t need to do that either. I could have just as easily used /net/192.168.124.252/home/evan and not created a hosts entry.