Linux - NFS server summary

reference resources

http://cn.linux.vbird.org/linux_server/0330nfs.php#What_NFS_0


Introduction to NFS

introduce

NFS is network Short for file system, the main function is to let different machines and different operating systems share the specified resource files with each other through the network. It can be simply considered as a file server, which can mount the directory shared by the remote NFS server to the local machine. In the local machine, the mounted directory looks like a disk partition of its own Very convenient.

After the NFS server in the above figure has set the directory to be shared, other clients can directly mount the directory to a mount point on their own system, and then directly access the data in the server's shared directory through the mount point (provided that the permissions are sufficient)


NFS data acquisition process

background

Because NFS supports many functions, different programs will be used to start the non functional functions, and each program will start some ports to transmit data, so the corresponding ports of NFS function are not fixed, but randomly obtain some ports less than 1024 for use. So when clients need to use these ports, they need remote procedure call (RPC) services. When the NFS server starts, it will register the randomly acquired ports into RPC, because RPC knows the NFS function corresponding to each port, so when the client requests the server, it only needs to let the RPC service listening on port 111 return the correct port of the client.

**Note: * * before starting NFS, you need to start RPC service. Otherwise, NFS cannot register with RPC. At the same time, when RPC restarts, the old registration data will be lost. All services managed by him need to register with RPC again.

Therefore, after the server registers the port with RPC, if the client has NFS data access requirements, the execution process is as follows:

  1. The client will ask the RPC (port 111) of the server for NFS file access function;
  2. After the server finds the corresponding registered port, it will report to the client;
  3. After the client knows the correct port, it can directly connect with the program running on the port.

Primary profile

The default configuration file address is / etc/exports, and the contents of the configuration file need to be written manually


Syntax and parameters

[root@suhw ~]# vim /etc/exports
/tmp         192.168.100.0/24(ro)   localhost(rw)   *.ev.ncku.edu.tw(ro,sync)
[Share directory]    [The first host(jurisdiction)]   [Available hosts]  [Wildcards available]

Detailed users can refer to the example.

Authority reference parameter, more comprehensive introduction reference man exports

Parameter value Content description
ro The host has read-only permissions on the shared directory
rw The host has read-write permission to the shared directory
root_squash When the client uses the root user to access the shared folder, it maps the root user to an anonymous user
no_root_squash When the client uses the root user to access the shared folder, it does not map the root user. If you want to open the client to use the root identity to operate the server's file system, you have to open no here_ root_ Squash!
all_squash Any user on the client will map to an anonymous user when accessing the shared directory
anonuid Map users on the client to users with the specified local user ID
anongid Map users on the client to belong to the specified local user group ID
sync Write data to memory and hard disk synchronously
async Data will be stored in memory instead of being written directly to the hard disk
insecure Allow unauthorized access from this machine

give an example

  1. Open / home/public, but only users of 192.168.100.0/24 can read and write, and other sources can only read
/home/public 192.168.100.0/24(rw) *(ro)

  1. Make the / home/iso directory public and allow everyone to read
/home/iso        *(ro,insecure,no_root_squash)

Note no_ root_ Functions of squash. In this example, if you are a client and you log in to your Linux host as root, then when you mount my host's / home/iso, you will have root permission in the mount's directory!


exportfs instruction

With exportfs, you can re share the directory resources changed by / etc/exports, dismount or re share the directory shared by NFS Server, and so on.

Syntax and parameters

parameter effect
-a Turn all directory shares on or off
-o options Specify a list of sharing options
-i Ignore the / etc/exports file and use only the default and command line specified options
-r Share all directories again for / etc/exportfs to take effect
-u Unsharing one or more directories
-v Output details
-s Show the list in / etc/exports

View shared resource records

The login files of NFS server are placed in / var/lib/nfs directory, and etab is more important

etab records the full permission settings of the directory shared by NFS

/home/iso     (ro,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,insecure,no_root_squash,no_all    _squash)


showmount instruction

exportfs is used to maintain shared resources on the NFS server side, while shownmount is used on the NFS client side. This command can view the directory resources shared by the NFS server

Syntax and parameters

showmount [ -adehv ] [ --all ] [ --directories ] [ --exports ] [ --help ] [ --version ] [ host ]

Parameter options effect
-d or --directories Show directories loaded by nfs clients
-e or --exports Display all shared directories on the nfs server

Example of mounting a remote directory

NFS Server configuration

Environmental preparation

To configure NFS server, rpcbind and NFS utils are required first

You can use RPM - QA | grep NFS utils to check whether the software has been installed. If not, execute the following command

[root@suhw ~]# yum install -y nfs-utils

Rpcbind: NFS can be treated as an RPC service. Before starting the RPC service, we need to start rpcbind first

[root@suhw ~]# systemctl start rpcbind
[root@suhw ~]# systemctl status rpcbind
● rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-06-16 10:26:08 CST; 2s ago
  Process: 29537 ExecStart=/sbin/rpcbind -w $RPCBIND_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 29538 (rpcbind)
    Tasks: 1
   Memory: 660.0K
   CGroup: /system.slice/rpcbind.service
           └─29538 /sbin/rpcbind -w

Jun 16 10:26:07 suhw systemd[1]: Starting RPC bind service...
Jun 16 10:26:08 suhw systemd[1]: Started RPC bind service.

Since the fixed use of port 111 in rpc, you can directly check whether port 111 is in listening state

[root@suhw ~]# netstat -tulnp | grep 111
tcp6       0      0 :::111                  :::*                    LISTEN      29538/rpcbind
udp        0      0 0.0.0.0:111             0.0.0.0:*                           29538/rpcbind
udp6       0      0 :::111                  :::*                                29538/rpcbind


Start service

Make sure rpcbind starts

#View rpcbind status
[root@suhw ~]# systemctl status rpcbind
#If rpcbind is not started, start
[root@suhw ~]# systemctl start rpcbind

Make sure nfs starts

[root@suhw ~]# systemctl status nfs
#If nfs is not started, start
[root@suhw ~]# systemctl start nfs

Profile writing

Allow addresses beginning with 10.91 to share / home/test directory and have read-write operation

[root@suhw ~]# cat /etc/exports
/home/test 10.91.*(rw,sync,no_root_squash)

Profile takes effect

Use the exportfs command described above to manage the list of file systems for the current NFS share

# Share again for exports to take effect
[root@suhw ~]# exportfs -r
[root@suhw ~]# exportfs -s
/home/test  10.91.*(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)


verification

After the NFS server configuration is completed, first test whether it has been shared successfully through the showmount command on the server

[root@suhw ~]#  showmount -e localhost
Export list for localhost:
/home/test 10.91.*

At this time, if you look at the previous "etab", you will find that there is an additional record i

[root@suhw ~]# cat /var/lib/nfs/etab
/home/test      10.91.*(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,secure,no_root_squash,no_all_squash)

Create a file in the mount directory for observation

[root@suhw ~]# touch /home/test/test.txt

NFS Cient configuration

Environmental validation

1. Confirm that the local side has started the rpcbind service

[root@nfs-client ~]# systemctl status rpcbind
● rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-06-15 18:11:40 CST; 20h ago
 Main PID: 1264 (rpcbind)
   CGroup: /system.slice/rpcbind.service
           └─1264 /sbin/rpcbind -w

Jun 15 18:11:40 csmp-SP1Fusion systemd[1]: Starting RPC bind service...
Jun 15 18:11:40 csmp-SP1Fusion systemd[1]: Started RPC bind service.

2. Make sure showmount is installed


View remote server shared resources

[root@nfs-client ~]# showmount -e 10.91.156.174
Export list for 10.91.156.174:
/home/test 10.91.*/

Mount

1. Set up the directory of mount points to be mounted on the local side

[root@nfs-client ~]# mkdir -p /home/test

2. mount the remote host directly to the relevant directory with mount

[root@nfs-client ~]# mount 10.91.156.174:/home/test /home/test

3. View mount information

[root@nfs-client ~]# df -h
Filesystem                Size  Used Avail Use% Mounted on
'''
10.91.156.174:/home/test   17G  8.0G  9.1G  47% /home/test

verification

Just view the contents of the local mount directory

[root@nfs-client ~]# ll /home/test/
total 0
-rw-r--r-- 1 root root 0 Jun 16 14:47 test.txt

Unmount

If you do not need to mount, use the umount command to specify the local mount directory

[root@nfs-client ~]# umount /home/test

Keywords: Linux network PHP less

Added by rhaggert on Wed, 17 Jun 2020 07:47:11 +0300