Configuration and application of NFS service

I. NFS service Overview

Network File System (NFS) is a Network protocol that allows different computers to share files over the Network. It is mostly used in Linux/Unix Network systems.

An NFS server is like a file server. As long as the file system is shared, the NFS client can mount it to the local system, this allows you to use files in remote file systems like files in local file systems.

Although NFS can share files in the network, the NFS protocol does not provide the data transmission function. It must use Remote Procedure Call (RPC) Protocol to transmit data. RPC defines a mechanism for intercommunication between processes over the network. It allows client processes to request services from service processes on the remote server over the network, you do not need to know the details of the underlying communication protocol.

To use the NFS service, you must start at least three system daemon processes:

(1) rpc. nfsd: it is a basic NFS Daemon. Its main function is to manage whether the client can log on to the server.

(2) rpc. mountd: it is the RPC installation daemon. Its main function is to manage NFS file systems. When the client successfully passes the rpc. after nfsd logs on to the NFS server, it must pass the File Permission verification, rpc, before using the files provided by the NFS server. mountd reads the NFS configuration file/etc/exports to compare the client's permissions.

(3) portmap: The main function is port ing. When the client tries to connect to and use the services (such as the NFS service) provided by the RPC server, portmap will provide the port number corresponding to the service to the client, this allows the client to request services from the server through this port.

It is worth noting that although portmap is only used for RPC, it is essential for the NFS service. If portmap is not running, the NFS client cannot find the shared directory from the NFS server.

Ii. NFS service installation

At present, almost all Linux distributions have installed the NFS service by default, and Red Hat is no exception. Once the default configuration is installed and Red Hat Enterprise Linux is installed, the NFS service is installed on the system. The NFS-utils and portmap packages are required to start the nfs service. before configuring NFS, run the following command to check whether the two packages have been installed in the system:

[root@localhost ~]# rpm -q nfs--utils-.---.

The NFS service and portmap service have been installed in the system.

Tip: Run The rpcinfo-p command to check whether the NFS service is running normally. If the NFS service runs normally, you can view entries about daemon such as portmapper in the command execution result.

Iii. NFS service configuration

The NFS service configuration method is relatively simple. You only need to set it in the NFS configuration file/etc/exports and then start the NFS service.

1. exports File Format

In the exports file, you can define parameters such as the output directory (shared directory) of the NFS system, access permissions, and hosts allowed to access. This file is empty by default.

Each row in the exports file provides a shared directory setting in the format:

<Output directory> [client 1 (option 1, option 2,...)] [client 2 (option 1, option 2,...)]

The output directory is a required parameter, and other parameters are optional.

It is worth noting that the output directory in the format is separated by spaces between the client and the client, but there cannot be spaces between the client and the options (the client is closely followed by the left parenthesis, there cannot be spaces between the options (the previous option is followed by a comma, and the comma is followed by the next option ).

(1) the output directory refers to the directory that needs to be shared to the client in the NFS system.

(2) A client is a computer on the network that can access the NFS output directory. The client can be an IP address or domain name of a single host, or a host in a subnet or domain.

Common Methods for specifying a client are as follows:

192.168.16.20: host with the specified IP address.

192.168.16.0/24 (or 192.168.16. *): Specify all hosts in the subnet.

Pcl.gdvcp.net: Specifies the host of the domain name.

* .Gdvcp.net: all hosts in the specified domain.

* (Or default): all hosts.

(3) options are used to set the access permission and user ing of the output directory. The options in the exports file can be divided into the following three categories:

1) access permission options:

Ro: Set the output directory to read-only

Rw: Set the output directory to read/write.

2) User ing options:

By default, when the client accesses the NFS server, if the remote access user is a root user, the NFS server maps it to a local anonymous user (the user account is nfsnobody ),

The user group to which it belongs is also mapped to an anonymous user group (the user group account is also nfsnobody), which helps improve system security. User ing options can be adjusted:

All_squash: maps all common users and user groups for remote access to anonymous users or user groups (generally nfsnobody ).

No_all_squash: Do not map all common users and user groups for remote access to anonymous users or user groups (set by default ).

Root_squash: maps root users and user groups to anonymous users or user groups (default ).

No_root_squash: Do not map root users and user groups to anonymous users or user groups.

Anonuid = xxx: maps all remotely accessed users to anonymous users, and specifies the anonymous user account as a local user account (UID = xxx ).

Anongid = xxx: maps all remotely accessed user groups to anonymous user group accounts, and specifies the anonymous user group account as the local user group account (GID = xxx ).

3) Other Options:

Secure: restrict the client to connect to the NFS server from a TCP/IP Port less than 1024 (default ).

Insecure: allows the client to connect to the NFS server from a TCP/IP Port greater than 1024.

Sync: write data synchronously to the memory buffer and disk. Although this method is inefficient, it ensures data consistency.

Async: stores data in the memory buffer before writing data to the disk if necessary.

Wdelay: Check whether there are related write operations. If yes, execute these write operations together to improve efficiency (set by default ).

No_wdelay: if there is a write operation, it will be executed immediately and should be used with sync.

Subtree_check: If the output directory is a sub-directory, the NFS server checks the permissions of its parent directory (set by default ).

No_subtree_check: even if the output directory is a sub-directory, the NFS server does not check the permissions of its parent directory. This improves the efficiency.

2. Configure an instance for the NFS service

The following describes an application instance of the NFS master configuration file/etc/exports, and then describes the settings.

[root@localhost ~]# cat /etc//nfs/     ./(rw,async) */nfs/liu        ./nfs/root       */nfs/users      */mnt/cdrom      ..*(ro)

(1)/nfs/./(rw, async )*

.

.. * (Ro)

3. Maintain the NFS service output directory list

The exportfs command is used to maintain the output directory list of the NFS service. The basic format of the command is as follows:

Exportfs [Option]

The options are as follows:

A: output all directories set in the/etc/exports file.

R: re-read the settings in the/etc/exports file and make the settings take effect immediately without restarting the NFS service.

U: Stop outputting a directory.

V: displays the directory on the screen when outputting the directory.

(1) output the shared directory again

After modifying the content of the/etc/exports file, you can use the following command to output the shared directory again:

[root@localhost ~]# exportfs -./:/nfs/.:/nfs/*.gdvcp.net:/nfs/..*:/mnt/*.gdvcp.net:/nfs/*:/nfs/

(2) Stop outputting all shared directories

To stop outputting all the shared directories of the NFS server on the current host, run the following command:

[root@localhost ~]# exportfs -auv

4. Start and Stop the NFS service

1. Start the NFS service

To ensure that the NFS server works properly, you need to start the portmap and nfs services, and portmap must be started before nfs. The specific command is as follows:

[root@localhost ~]# /etc/rc.d/init.d/~]# /etc/rc.d/init.d/

2. Stop the NFS service.

When stopping the NFS service, you must stop the NFS service before stopping the portmap service. If other services in the system need to use the portmap service, you do not need to stop the portmap service. The command is as follows:

[root@localhost ~]# /etc/rc.d/init.d/~]# /etc/rc.d/init.d/

3. Restart the NFS service (ensure that the portmap service is enabled ):

[root@localhost ~]# /etc/rc.d/init.d/

4. Check the status of the portmap and nfs services:

[root@localhost ~]# /etc/rc.d/init.d/) ~]# /etc/rc.d/init.d/)        ) )  running...

5. Set automatic start of NFS service

For Linux systems in actual use, it is unrealistic to manually start the nfs service after each boot. You should set the system at the specified running level (usually 3 and 5) automatically Start the portmap and nfs services.

[root@localhost ~]# chkconfig --level ~]# chkconfig --level  nfs on

Of course, you can also run the ntsysv command to start the service configuration program for configuration.

V. Test the NFS service

1. Check the options used in the output directory:

In the configuration file/etc/exports, even if only one or two options are set in the command line, there are many default options in the output directory. By viewing the/var/lib/nfs/etab file, you can see what options are used in the real output directory:

[root@localhost ~]# cat //lib/nfs//nfs/     ./(rw,async,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=/nfs/liu        .(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=/nfs/users      *.gdvcp.net(rw,sync,no_wdelay,hide,nocrossmnt,insecure,root_squash,all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=/mnt/cdrom      ..*(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=/nfs/root       *.gdvcp.net(ro,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=/nfs/     *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=,anongid=)

2. Run the showmount command to test the output directory status of the NFS server.

The basic format of the showmount command is:

Showmount [Option] NFS server name or address

Common options include:

A: displays all client hosts of the specified NFS server and Their Connected Directories.

D: displays all output directories connected by clients in the specified NFS server.

E: displays all output shared directories on the specified NFS server.

(1) view all output shared directories on the NFS server on the current host

Run the showmount-e command without the NFS server name or address parameter to view the shared directories output by the NFS server on the current host:

[root@localhost ~]# showmount -/nfs/root   */mnt/cdrom  ..*/nfs/users  */nfs/liu    ./nfs/ (everyone)

(2) display all output directories mounted on the NFS server on the current host

Run the showmount-d command without the NFS server name or address parameter to view all mounted output directories on the NFS server on the current host:

[root@localhost ~]# showmount -

Vi. Use of the NFS client

After the NFS server is configured, the client can first view the shared directories on the NFS server, and then use the mount command to mount the available shared directories to the local file system, you can even enable automatic mounting upon startup. Later, you can use the NFS mount directory like a directory in the local file system.

1. View NFS server information

On the client, you can run the showmount command to view the shared directories on the NFS server.

For example, if the IP address of the NFS server is 192.168.1.4, run the following command:

[root@localhost ~]# showmount -e . ./nfs/root   */mnt/cdrom  ..*/nfs/users  */nfs/liu    ./nfs/ (everyone)

It is worth noting that when you use the showmount-e command to view the output directory on the NFS server, if the following fault occurs:

[root@localhost ~]# showmount -e .- RPC: Unable to receive

The portmap service may not be started.

[root@localhost ~]# showmount -e .

The nfs service may not be started.

To test the functions of the NFS server, you can simply use the service iptables stop command to disable the firewall.

2. Connect to the NFS server

After using the showmount command to learn about the shared resources on the remote NFS server, the next step is to perform the actual mounting operation.

The command format for mounting the output directory on the NFS server is:

Mount-t nfs server name or IP Address: local mount directory of the output directory

For example, mount the/nfs/public shared directory on the server (192.168.1.4) to the/mnt/nfs directory on the local machine:

[root@localhost ~]# mkdir /mnt/~]# mount -t nfs .:/nfs/ /mnt/nfs

It is worth noting that if the client user does not have access to the output directory on the NFS server, the mounting will fail.

3. Uninstall the NFS server

If you do not want to use the mounted NFS output directory, run the umount command to uninstall the directory.

[root@localhost ~]# umount /mnt/nfs

Tip: if a client is currently connected to the NFS server and you want to shut down the host where the NFS server is located, you should first turn off the portmap and nfs services. Otherwise, it may take a long time to shut down the server normally. If you cannot properly disable the portmap and nfs services, you can first use netstat-ulp to find their PID and then kill it to shut down properly. Of course, you can also stop all output directories of the NFS server on the current host by using the exportfs-Aug command, and then shut down.

4. automatically connect to NFS at startup

To enable the system to automatically mount the output directory on the NFS server at startup, edit the file/etc/fstab and add the following statement to the file:

NFS server name or IP Address: Local Mount directory of the output directory nfs ults

For example:

.：/nfs/ /mnt/nfs defaults