Centos7-nfs Server-Notes

One, Server for NFS Foundation

Because NFS supports quite a lot of features, and different functions will be started with different programs, each boot feature will enable some ports to transfer data, so the function of NFS is not fixed on the end, but random use of some unused ports less than 1024 for transmission. How does the client know that you use that port on the server side? At this point , a remote procedure call (Procedure calls, RPC) is needed to aid the contract.

　　1) RPC (remote Procedure Call) remoting procedure calls

　　The main function of RPC is to specify the port number for each NFS function and return it to the client so that the client can connect to the correct port.

How does RPC know the port of each NFS? This is because when the server starts NFS at random to take a number of ports, and actively register RPC, so RPC can know each port corresponding to the NFS function, and then RPC is fixed using port 111来 listener client's demand and return the correct port port, so of course, can let NFS boot is easier and more enjoyable!

Note: Before you start NFS, RPC is started, otherwise NFS will not be able to register with RPC. Additionally, if RPC restarts, the data that was originally registered will be missing, so after the RPC restarts, all services it manages need to be restarted to re-register with RPC.

When the client has NFS file access requirements, it communicates with the server-side process:

1. The client will issue an NFS file access request to the server-side RPC (port 111);

2. after the server has found the corresponding registered NFS daemon port, it will return to the client;

3. After the client understands the correct port, it can be brought online directly with the NFS daemon.

　　2) NFS-initiated RPC daemons

The NFS server is registered to RPC when it is started, so the NFS server is also known as one of the RPC servers, and the main task of NFS server is to share the file system, and the sharing of the file system is related to the permissions. So the NFS server starts at least two daemons, a management client is able to log in the issue, a management client can get permissions. If you still want to manage quota, then NFS has to load the other RPC programs. We use a simpler server for NFS:

• RPC.NFSD:
  The most important Server service provider for NFS. The main function of this daemon is to manage whether the client can use the server file system to mount the information, etc., which also contains the ID of the login to distinguish Oh!
  
  
• Rpc.mountd
  The main function of this daemon is to manage the NFS file system in a mile! After the client has successfully logged into the server through RPC.NFSD, he will also pass the file permission (that is, the-rwxrwxrwx and owner, group that several permissions) before he can use the files provided by NFS server! He's going to read the NFS profile /etc/exports to the client, and after that, the client can get permission to use NFS files! (Note: This is also where we manage the permissions and security settings for NFS share directories!) )
  
  
• rpc.lockd (not necessary)
  This gadget can be used for locking (lock) purposes of managing archives. Why do files need to be "locked"? Since shared NFS files can be used by clients, it can cause problems with multiple clients attempting to write to a file at the same time! This rpc.lockd can be used to overcome this problem. But RPC.LOCKD must be open both on the client and server side. In addition, RPC.LOCKD is also often enabled with RPC.STATD.
  
  
• rpc.statd (not necessary)
  Can be used to check the consistency of the file, related to RPC.LOCKD! RPC.STATD can be used to detect and attempt to reply to a file if it occurs because the client simultaneously uses the same file to cause the files to be damaged. As with RPC.LOCKD, this feature must be started on both the server side and the client before it takes effect.

The above-mentioned RPC required programs, in fact, have been written to two basic service startup scripts, that is, NFS and nfslock ! That is, in /etc/init.d/nfs, /etc/init.d/nfslock, the server is related to the write in the NFS service, and the client's RPC.LOCKD, and so on, is set in the Nfslock service.

Ii. server-side settings for NFS

　　1) Required Software

• RPC Main program: Rpcbind
  
• NFS Main program: Nfs-utils

　　2) NFS Software architecture

• Main profile: /etc/exports
  This file is NFS. The main configuration file! However, the system does not have a default value, so this file " 
  
• nfs File system maintenance directives: /usr/sbin/ Exportfs
  This is the command to maintain NFS shared resources, which we can use to re-share/etc/exports changed directory resources, dismount or re-share the NFS Server shared directory, and so on, which is NFS The system inside is quite important one!
  
  
• share a resource's login file: /var/lib/nfs/*tab
  The login files for the NFS server are placed in the/var/lib/nfs/directory, where there are two more important logins, one is Etab, the full permission setting value of the directory shared by NFS is recorded, and the other Xtab records the link to Related client data for this NFS server.
  
  
• client Query server commands to share resources: /usr/sbin/ Showmount
  This is another important NFS directive. The EXPORTFS is used on the NFS server side, while the showmount is used primarily on the client side. This showmount can be used to look at the directory resources shared by NFS Oh!

　　3)/etc/exports configuration file syntax and parameters

　　　　

The common parameters in terms of permissions (that is, parameters within parentheses) are:

Parameter values	Content Description
rw Ro	The permissions that the directory shares are erasable (read-write) or read-only (read-only), but can eventually be read or written, or rwx and identity of the file system.
Sync Async	Sync means the data is written synchronously to the memory and hard disk, and async means that the data is staged in memory, not directly to the hard disk!
No_root_squash Root_squash	How does the system determine the identity of the client using the NFS file system if the account is root? By default, the identity of the client root is compressed into nfsnobody by the Root_squash setting, so the system for the server will be more secure. But if you want to open the client to use root to operate the server's filesystem, then you need to open No_root_squash!
All_squash	Regardless of the identity of the user who logged in to NFS, his identity will be compressed into anonymous users, usually nobody (nfsnobody)!
Anonuid Anongid	Anon means anonymous (anonymous) in front of the *_squash mentioned by the anonymous user UID setpoint, usually nobody (nfsnobody), but you can set the value of this UID! Of course, this UID must exist in your/etc/passwd! Anonuid refers to the UID and Anongid is the group GID.

　　4) Start NFS

[Email protected] ~]#Service Rpcbind Start if you are already executing, you do not have to start again
　　　　[Email protected] ~]#Service NFS Start
[Email protected] ~]#Service Nfslock Start

　　　you can use Rpcinfo to observe  
  5) Online watch for NFS  
 After the NFS server is set up, we can test the server to see if we can go online, and use the Showmount directive to check: 
  
 If other clients mount your NFS file system, then the client and filesystem information will be recorded in/var/lib/nfs/xtab. 
 
 In addition, if you want to re-process the/etc/exports file, you do not need to restart NFS after you reset the/etc/exports, this time we can help by exportfs this command. 
 
   
  6) Security for NFS  
 in general, Services for NFS are only open to the internal domain and not to the Internet. 
 If there is a special need, it may also span different domains. The firewall for NFS is particularly hard to do because there are a number of non-fixed ports that are opened by other RPC services in addition to the fixed port 111 and 2049. But CENTOS6 has a port profile that provides a fixed specific NFS service, and that's/etc/sysconfig/nfs! You can specify a specific port in this file so that each time you start NFS, the port where the service starts will be fixed, so that we can set the correct firewall! This configuration file a lot of content, most of the data are not to change, as long as the PORT of the key word about the data can be. 
 
 NFS server shuts down:  
 It is recommended that you "turn off Rpcbind and NFS" before your NFS server wants to shut down two things. 
 
 Third, NFS client settings 
 1) Manually mount NFS server-shared resources 
 

How do you mount the file system provided by Server for NFS? Basically, you can do this:

1. 1. Confirm that the Rpcbind service has been started on the local side!
   2. Scan the NFS server for shared directories and see if we can use them (showmount);
   3. Establish a mount point directory (mkdir) that is expected to mount on the local side;
   4. Use mount to mount the remote host directly to the relevant directory.

　　　　

　　　　

Dismount the Mounted NFS directory

　　　　

Centos7-nfs Server-Notes