Installation and configuration of NFS server client on Linux
1. System environment
$ cat /proc/version Linux version 3.10.0-327.el7.x86_64 (mockbuild@x86-034.build.eng.bos.redhat.com) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Oct 29 17:29:29 EDT 2015
2. NFS server setup
2.1 install and check NFS and RPC services
# install $ yum install nfs-utils rpcbind -y # inspect $ rpm -qa nfs-utils rpcbind rpcbind-0.2.0-32.el7.x86_64 nfs-utils-1.3.0-0.21.el7.x86_64
2.2 start RPC service and NFS service (RPC service must be started before NFS service)
$ systemctl start rpcbind
$ systemctl start nfs
$ ps -ef|grep rpc
rpc 960 1 0 2020 ? 00:01:15 /sbin/rpcbind -w
rpcuser 11716 1 0 13:57 ? 00:00:00 /usr/sbin/rpc.statd --no-notify
root 11724 2 0 13:57 ? 00:00:00 [rpciod]
root 11728 1 0 13:57 ? 00:00:00 /usr/sbin/rpc.idmapd
root 11743 1 0 13:57 ? 00:00:00 /usr/sbin/rpc.mountd
root 12483 20145 0 13:57 pts/1 00:00:00 grep --color=auto rpc
$ ps -ef|grep nfs
root 11755 2 0 13:57 ? 00:00:00 [nfsd4]
root 11756 2 0 13:57 ? 00:00:00 [nfsd4_callbacks]
root 11760 2 0 13:57 ? 00:00:00 [nfsd]
root 11761 2 0 13:57 ? 00:00:00 [nfsd]
root 11762 2 0 13:57 ? 00:00:00 [nfsd]
root 11763 2 0 13:57 ? 00:00:00 [nfsd]
root 11764 2 0 13:57 ? 00:00:00 [nfsd]
root 11765 2 0 13:57 ? 00:00:00 [nfsd]
root 11766 2 0 13:57 ? 00:00:00 [nfsd]
root 11767 2 0 13:57 ? 00:00:00 [nfsd]
root 12644 20145 0 13:57 pts/1 00:00:00 grep --color=auto nfs
$ lsof -i:111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 960 rpc 6u IPv4 90650864 0t0 UDP *:sunrpc
rpcbind 960 rpc 8u IPv4 90650866 0t0 TCP *:sunrpc (LISTEN)
rpcbind 960 rpc 9u IPv6 90650867 0t0 UDP *:sunrpc
rpcbind 960 rpc 11u IPv6 90650869 0t0 TCP *:sunrpc (LISTEN)
$ rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 51177 status
100024 1 tcp 55076 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 60484 nlockmgr
100021 3 udp 60484 nlockmgr
100021 4 udp 60484 nlockmgr
100021 1 tcp 38648 nlockmgr
100021 3 tcp 38648 nlockmgr
100021 4 tcp 38648 nlockmgr
2.3 set startup and self startup and check
$ systemctl enable rpcbind $ systemctl enable nfs Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. $ systemctl list-unit-files --type=service|grep "enabled"|egrep "rpcbind|nfs" nfs-server.service enabled nfs.service enabled
2.4 create shared directory
$ mkdir /data/nfs-server-images $ chown -R nfsnobody.nfsnobody /data/nfs-server-images $ ls -ld /data/nfs-server-images drwxr-x--- 2 nfsnobody nfsnobody 4096 1 June 14:18 /data/nfs-server-images
2.5 set the allowed access website and directory
$ cat>>/etc/exports<<EOF #NFS server share directories /data/nfs-server-images 10.1.236.0/24(ro,sync,no_root_squash) EOF $ cat /etc/exports #NFS server share directories /data/nfs-server-images 10.1.236.0/24(ro,sync,no_root_squash)
2.6 restart NFS service smoothly and check the service
$ systemctl reload nfs $ cat /var/lib/nfs/etab /data/nfs-server-images 10.1.236.0/24(ro,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,ro,secure,root_squash,no_all_squash)
2.7 viewing the local mount directory
$ showmount -e 10.1.236.58 Export list for 10.1.236.58: /data/nfs-server-images 10.1.236.0/24
3. NFS client setup
3.1 install NFS and RPC services and check
$ yum install nfs-utils rpcbind -y $ rpm -qa nfs-utils rpcbind nfs-utils-1.3.0-0.21.el7.x86_64 rpcbind-0.2.0-32.el7.x86_64
3.2 start RPC service (it is not necessary to start NFS service, because there is no command showmount if NFS service is not installed)
$ systemctl start rpcbind $ ps -ef|grep rpc rpc 9119 1 0 14:38 ? 00:00:00 /sbin/rpcbind -w root 9201 6816 0 14:39 pts/0 00:00:00 grep --color=auto rpc [root@ocdp-42-59 data]# lsof -i:111 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpcbind 9119 rpc 6u IPv4 2910094566 0t0 UDP *:sunrpc rpcbind 9119 rpc 8u IPv4 2910094568 0t0 TCP *:sunrpc (LISTEN) rpcbind 9119 rpc 9u IPv6 2910094569 0t0 UDP *:sunrpc rpcbind 9119 rpc 11u IPv6 2910094571 0t0 TCP *:sunrpc (LISTEN)
3.3 set startup and self startup and check
$ systemctl enable rpcbind $ systemctl list-unit-files --type=service|grep "enabled"|grep "rpcbind"
3.4 check whether the NFS mount directory on the server is OK
$ showmount -e 10.1.236.58 Export list for 10.1.236.58: /data/nfs-server-images 10.1.236.0/24
3.5 mount setting automatic mount after startup
$ mkdir /data/nfs-client-images $ mount -t nfs 10.1.236.58:/data/nfs-server-images /data/nfs-client-images $ echo "mount -t nfs 10.1.236.58:/data/nfs-server-images /data/nfs-client-images">>/etc/rc.local #Tip: you can also put / etc/fstab. If you want to put / etc/fstab, you need to enable netfs service. This is because fstab will be loaded by Linux system before the network. Executing fstab when the network is not started will result in failure to connect to the NFS server, and automatic mount after startup cannot be realized.
3.6 check whether the attachment is successful
$ df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/rootvg-lv_root 36G 25G 12G 69% / devtmpfs 16G 0 16G 0% /dev tmpfs 16G 0 16G 0% /dev/shm tmpfs 16G 1.6G 15G 10% /run tmpfs 16G 0 16G 0% /sys/fs/cgroup /dev/vda1 509M 110M 399M 22% /boot tmpfs 3.2G 0 3.2G 0% /run/user/995 tmpfs 3.2G 0 3.2G 0% /run/user/0 tmpfs 3.2G 0 3.2G 0% /run/user/1039 /dev/vdb 493G 185G 283G 40% /data 10.1.236.58:/data/nfs-server-images 493G 129G 339G 28% /data/nfs-client-images #We just mounted it
4. Verify whether it can be shared
Add a file to the NFS Server shared directory
$ ll nfs-server-images/ Total consumption 4 -rw-r----- 1 root root 12 1 June 14:35 test.txt
Check that the files have been synchronized in the NFS Client shared directory
$ ll /data/nfs-client-images/ total 4 -rw-r----- 1 root root 12 Jan 6 14:35 test.txt
Attempt to delete file in NFS Client
# In step 2.5, we set the shared directory permission to (ro,sync), which means read-only permission. When requesting or writing data, the data is synchronously written to the hard disk of NFS Server before returning $ rm test.txt rm: remove regular file 'test.txt'? y rm: cannot remove 'test.txt': Read-only file system
5. NFS permission description
| jurisdiction | explain |
|---|---|
| rw | Indicates read-write permissions |
| ro | Indicates read-only permission |
| sync | When requesting or writing data, the data is synchronously written to the hard disk of NFSServer before returning (advantages: data security will not be lost, disadvantages: performance is worse than not enabling this parameter) |
| async | When writing, the data will be written to the memory buffer first, and will not be written to the disk until there is space on the hard disk, which can improve the writing efficiency!; The risk is that if the server goes down or shuts down abnormally, the data written to the disk in the buffer will be lost (solution: add battery or UPS to the server motherboard)! |
| no_root_squash | If the user accessing the NFS Server share is root, it has root permission on the shared directory. This configuration was originally prepared for diskless clients. Users should avoid application |
| root_squash | If the user accessing the NFS Server shared directory is root, its permissions will be compressed or anonymous, and its UID and GID will usually become the identity of nfsnobody account |
| all_squash | Regardless of the identity of the user accessing the NFS Server shared directory, its permissions will be compressed into anonymous users, and its UID and GID will usually become the identity of nfsnobody account. This parameter is very useful when multiple NFS clients write NFS Server data at the same time in the early stage * important skills of configuring NFS in production 1). Ensure that all client servers have the same user access rights to the NFS shared directory_ Squash compresses all clients into fixed anonymous users (with the same UID). b. that is, aninuid. The UID and GID users specified by anongid 2). All clients and servers need to have the same UID and GID users, that is, nfsnobody(UID must be the same) |
| anonuid | The parameter starts with anon *, which means anonymous user. The UID setting value of this user is usually the UID value of nfsnobody. Of course, you can also set this UID value yourself. However, the UID must exist in / etc/passwd. When multiple NFS Clients, such as multiple web servers sharing an NFS directory, this parameter allows the data written by different NFS Clients to maintain the same user permissions for all NFS Clients, that is, the user permissions corresponding to the configured anonymous UID. This parameter is very useful and can be used by default |
| anongid | The difference is to change the user group (u id) to (uid) |
| noatime | Do not update inode access time on file system |
| nosuid | Setting user ID or group ID to is not allowed to take effect |
| intr | When the server is down or unreachable, NFS requests are allowed to be interrupted |
| noexec | When the server is down or unreachable, NFS requests are allowed to be interrupted |
| rsize=8192 and wsize=8192 | Set a large data block size (bytes) for simultaneous transmission to improve the reading and writing speed of NFS |
| nodiratime | Updating directory inode access records on file systems is not allowed |
Problem solving
Setting the shared directory read-only prevents the client from deleting the image
It is found that after the directory is set to read-only ro, the NFS side cannot decompress the tar package, or copy the tar package to the yum repo directory
terms of settlement:
# To modify permissions, no is required_ root_ squash $ cat >/etc/exports<<EOF #NFS server share directories /data/nfs-server-images 10.1.236.0/24(ro,sync,no_root_squash) EOF $ systemctl reload nfs