DigitalOcean Bare Metal GPUs are dedicated, single-tenant servers with 8 NVIDIA H100 GPUs that can operate standalone or in multi-node clusters.
NFS, or Network File System, is a distributed file system protocol. An NFS file share is storage you mount on a server that multiple clients can access over a network.
To add an NFS file share to your DigitalOcean Bare Metal GPUs, first contact sales. Once we provision the file share for you, we send you the following information:
The path to mount your file share in the form /id/share_name, like /1234567/example_name.
The IP addresses you can use to mount the file share.
After we provision the file share and you have this information, you can mount the file share. To do so, you need to install the NFS client software and then install and configure stunnel to connect with TLS.
First, install the NFS client software and stunnel:
sudo apt install stunnel nfs-common
We enforce NFS v4.1 with TLS. Stunnel lets you establish this TLS connection to the NFS server.
To configure stunnel, first create the /var/run/stunnel directory so stunnel can create its PID file:
sudo mkdir /var/run/stunnel
Then add our root CA certificate to your bare metal GPU by saving it to /root/nfs.crt:
sudo curl https://docs.digitalocean.com/products/bare-metal-gpus/how-to/mount-nfs-file-shares/nfs.crt -o /root/nfs.crt
This is the certificate that we sign the NFS server certificates with. When you trust this certificate, you trust any certificates signed by it as well, which lets you access our NFS servers.
Next, create a stunnel client configuration file at /etc/stunnel/stunnel.conf with the following configuration.
Replace the placeholder on the connect= line with one of the IP addresses we provided. We recommend using one IP address per GPU node for the best performance.
pid = /var/run/stunnel/stunnel.pid
CAfile = /root/nfs.crt
socket = r:TCP_NODELAY=1
[nfs4]
client = yes
accept = 127.0.0.1:49152
connect = <use_the_provided_ip_address>:2049
ciphers = ALL
sslVersion = TLSv1.2
This configures a single listener on port 49152, encrypts communications with TLS, and forwards them to the specified IP address on port 2049 to connect to our NFS infrastructure. It specifies the location of the certificate you downloaded and the location of the PID file in the directory you created.
Finally, restart stunnel to apply the configuration.
sudo systemctl restart stunnel4
You can check that stunnel is running with sudo systemctl status stunnel4.
Once stunnel is configured and running, you can mount your NFS share via stunnel. Replace /<id>/<share_name> with the path to mount your share.
sudo mount -o port=49152,nfsvers=4.1,nconnect=16 127.0.0.1:/<id>/<share_name> /mountpoint/
The port option must match the port in the connect line of the stunnel configuration. nconnect=16 allows up to 16 TCP connections for the file share to provide better performance.
You can confirm that the share is mounted with df -h /mountpoint/.