1, Server-side software: Install nfs-utils and portmap (rpcbind)
nfs-utils: Provide rpc.nfsd and rpc.mountd, two nfs daemons packages
portmap : nfs can actually be regarded as an rpc server program. To start an rpc server program, you must do the corresponding port work, and such tasks are completed by portmap. In layman's terms, portmap is used for port mapping.
Daemons that nfs needs to start
pc.nfsd: Mainly complex login permission detection, etc. must
portmap: handle rpc The ports of the program client and server must correspond
rpc.mountd: Responsible for the file system of nfs. When the client logs in to the server through rpc.nfsd, it performs clinet access to the server's files. A series of management must
lockd: handle lock requests through rpc package
statd: provide crash recovery function for nfs lock service
rquotad: Handles quotas when users mount to remote servers via nfsmount
Daemon startup sequence: rpc.portmap, rpc.mountd, rpc. nfsd, rpc.statd, rpc.lockd (the new version will automatically start with nfsd), rpc.rquotad
nf server-side command:
•yum install nfs-utils portmap
•chkconfig rpcbind on #chkconfig: Update and query system services at each run level
•chkconfig nfs on
•service rpcbind start
•service nfs start
2, Server-side configuration file/etc/exports: Specify the directory and permissions to be shared man exports
Copy code The code is as follows:
#: Allow computers with IP addresses in the 192.168.0.* range to access the /home/work directory with read and write permissions.
/home/work 192.168.0.* (rw,sync,root_squash)
/home 192.168.1.105 (rw,sync)
/public * (rw,sync)
Configuration Each line of the file is divided into two sections: the first section is the shared directory, using an absolute path, and the second section is the client address and permissions.
The address can use the complete IP or network segment, such as 10.0.0.8 or 10.0.0.0/24, 10.0.0.0/255.255.255.0. Of course, the address can also use the host name, dns resolution and local /etc/hosts resolution. All are OK, wildcards are supported, for example: *.chengyongxu.com
Permissions are:
rw: read-write, read-write; Note, just setting it as a read-write client still cannot write normally , and also correctly set the permissions of the shared directory, refer to question 7
ro: read-only, read-only;
sync: the file is written to the hard disk and memory at the same time;
async: the file is temporarily stored in the memory, Instead of writing directly into the memory;
no_root_squash: If the nfs client uses root when connecting to the server, it also has root permissions for the directory shared by the server. Obviously turning this on is unsafe.
root_squash: If the nfs client uses root when connecting to the server, then it has anonymous user permissions for the directory shared by the server. Usually he will use the identity of nobody or nfsnobody;
all_squash: regardless of nfs What user is used when the client connects to the server? All directories shared by the server have anonymous user permissions;
anonuid: the uid value of the anonymous user, usually nobody or nfsnobody, which can be set here;
anongid: gid value of anonymous user.
nfs client user mapping:The client login user is root or other users, and then according to the server-side nfs server configuration, the corresponding client connection is mapped to the nfs server-side user. root or specified user (set through anonuid or anongid), nfsnobody, etc. Finally, the mapping user and shared directory permissions jointly affect whether the client connection has read and write permissions.
Manually set client and server user mapping, parameters: map_static=/etc/nfs.map
/etc/nfs.map file mapping content is as follows:
# remote local
gid 500 1000
uid 500 2003
Reference: Regarding the description of the user identity of the nfs client connection, the following description has not been verified:
•When the client connects, for ordinary users Check, no.1 if the compressed identity of the ordinary user is clearly set, then the identity of the client user is converted to the specified user at this time, no.2 if there is a user with the same name on the nfs server, then the identity of the client login account at this time Convert to the user with the same name on the nfs server, no.3 If there is no explicit specification, and there is no user with the same name, then the user identity is compressed into nfsnobody
• When the client connects, check the root, no.1 if If no_root_squash is set, then the identity of the root user is compressed to the root on the nfs server. If no.2 is set to all_squash, anonuid, and anongid, the identity of the root is compressed to the specified user. If no.3 is not explicitly specified, this When no_root_squash and all_squash are specified at the same time, the root user will be compressed into nfsnobody. If no_root_squash and all_squash are specified at the same time, the user will be compressed into nfsnobody. If anonuid and anongid are set, the user will be compressed into the specified user and group
3 , Firewall settings modification
By default, after the centos6 server version is installed, only port 22 is opened in the firewall iptables configuration.
Specify the nfs service-related ports in the nfs configuration file /etc/sysconfig/nfs, and modify the firewall to release the corresponding ports
Copy code The code is as follows:
#port rpc.mountd should listen on.
#mountd_port=892
#port rpc.statd should listen on.
#statd_port=662
#/usr/sbin/rpc.rquotad port rquotad should listen on.
#rquotad_port=875
#tcp port rpc.lockd should listen on.
#lockd_tcpport=32803
#udp port rpc.lockd should listen on.
#lockd_udpport=32769
Modify the iptables configuration file /etc/sysconfig/iptables and put Open 111 (portmap service port), 2049 (nfs service port)
4, /etc/hosts.allow configuration modification
/etc/hosts.allow, /etc/hosts .deny describes which hosts are allowed to use the local inet service.
The default here seems to be no need to modify, but it is best to set it to only allow the required client machines to connect, and then deny connections from other machines
#Service process name: Host list: Optional when the rule matches Command operation
server_name:hosts-list[:command]
Add rules that allow client access in /etc/hosts.allow
all:127.0.0.1 #Allow this machine to access all service processes on this machine
all:192.168.0.135 #Allow 192.168.0.135 client machine to access all service processes of this machine
smbd:192.168.0.0/255.255.255.0 #Allow IPs in the network segment to access the smbd service
sshd:192.168. 100.0/255.255.255.0#Allowed 192.168.100. The SSHD process on the IP access server on the network segment
SSHD: 60.28.160.244#SSHD processes on this server
on/ETC The connection information of prohibited login attempts in /hosts.deny can also be set to be recorded and sent to the user's mailbox
sshd:all #Forbid all
5, and modify the shared directory permissions to 760 , and modify all groups in the directory to nfsnobody
Reference: Question 7
6, client mount: Execute the following instructions to install the nfs server (ip address is 192.168.1.45) The shared /home is mounted to the local /mnt/nfs/home directory.
showmount -e nfs-serverip: View the resources shared by the nfs server
mount -t nfs 192.168.1.45:/home /mnt/nfs/home
7, nfs performance test :
•According to the command time dd if=/dev/zero of=/mnt/home bs=16k count=16384 to set reasonable wsize and rsize values
•According to the number of nfs clients, Set the appropriate nfs server-side process number rpcnfsdcount in the /etc/sysconfig/nfs configuration file. The default is 8
exportfs command: If we modify /etc/exports after starting nfs, is it still What about restarting nfs? At this time, we can use the exportfs command to make the changes take effect immediately. The command format is as follows:
exportfs [-aruv] -a: mount all or unmount the contents of /etc/exports -r: remount /etc/exports Directory shared in -u: umount directory -v: When exporting, output detailed information to the screen.
showmount command: Display the mounting information of the nfs server.
showmount -e [nfs-server]: Displays the exported directory on the specified nfs server. If the following IP is not specified, the directory shared externally when the local machine serves as the nfs server is viewed. .
rpcinfo -p command: display rpc information -p parameter: use rpc protocol to detect rpcbind used on the host and display all registered rpc programs.
nfsstat command: Check the running status of nfs, which is very helpful for adjusting the operation of nfs
Solution to problems that arise during the process:
1, through yum Or after installing portmap via rpm, you find the following error when executing the service portmap start command: portmap: unrecognized service.
In centos6 (linux kernel 2.6.32), portmap has been replaced by rpcbind. If you carefully check the installation information, you will find that rpcbind is installed when you execute the command yum install portmap. After the installation is complete, you can also view detailed information through the command: yum whatprovides portmap.
2. When the client is mounted, the error mount clntudp_create: rpc: port mapper failure - rpc: unable to receive is reported.
•1. Use the command rpcinfo -p to check the normal startup of the portmap service and the corresponding port (default 111)
•2. Check the /etc/sysconfig/iptables firewall settings to allow tcp and udp. Access port 111, then service iptables restart
•3, check /etc/hosts.deny, /etc/hosts.allow to see if the client connection is blocked
3, the client executes the command showmount - e nfs-server, an error is reported: mount clntudp_create: rpc: program not registered.
nfs and rpcbind services are not started. Use chkconfig to add nfs and rpcbind to the system services and use service to start them.
Or add the rule all:192.168.0.135# in /etc/hosts.allow to allow client access. ##
4. When the client executes the command showmount -e nfs-server, an error is reported: rpc mount export: rpc: unable to receive; errno = no route to host
Configuration file: /etc/sysconfig/nfs
Find the place where the port settings related to the nfs service are set, and after removing the comments, specify in the iptables firewall settings to allow the udp and tcp flows of the corresponding ports to pass.
#mountd_port=892
#statd_port=662
#lockd_tcpport=32803
#lockd_udpport=32769
iptables -a input -p tcp --dport 662 -m state --state new - j accept
iptables -a input -p udp --dport 661 -m state --state new -j accept
5, showmount -e nfs-server is successful, and an error is reported when the official mount is: mount: mount to nfs server '192.168.1.5' failed: system error: no route to host. This is because the default port 2049 of the nfs service is blocked by the firewall. Similar to the above, modify iptables to allow port 2049 to pass
6, showmount -e nfs-server is successful, but an error occurs when it is officially mounted: mount: mount to nfs server '192.168.1.5' failed: timed out (retrying).
When editing /etc/sysconfig/iptables, the tcp port of the relevant port Allowed through, but not udp. For other possible reasons, refer to: mount command fails with nfs server failed error.
disable name lookup requests from nfs server to a dns server.
or nfs version used by the nfs client is other than version 3.
7. The directory permission attribute in the exports configuration file is set to rw (default is root_squash), but when the touch command is executed in the client's mount directory, an error is reported: touch: cannot touch `a': permission denied. Solution:
•Check the permissions of the shared directory on the server side ll -d /home
•Modify the permissions of the shared directory on the server side chown 760 /home (the file owner root has full permissions, and all group users of the file have read and write permissions) permissions, other users have no permissions, and then set the group of the directory to nfsnobody)
•Modify the server-side shared directory permission group owner to nfsnobody(cat /etc/passwd | grep nob)
•chgrp nfsnobody /home
•Successfully created a new file on the client!
The above is the detailed content of What is the method for NFS installation and configuration under Linux?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
