Installation and configuration of NFS services in Linux environment _

Installation and configuration of NFS services in Linux environment __linux

Last Update:2018-07-26 Source: Internet

Author: User

Tags mkdir touch

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

first, several conceptsNFS is the acronym for Network File System, which was first developed by the Sun company. Its biggest function is to be able to share individual files (share files) with different machines, different operating systems, and each other through the network. We can simply regard him as a file server. This NFS server allows your PC to share the directory of remote NFS servers on the local side of the machine, and on the local machine it looks like the directory of that remote host is the same as one of its own partitions (partition). RPC (remote Procedure Call)-A remoting procedure called a protocol that requests services over a network from a remote computer program without the need to understand underlying network technology. The RPC protocol assumes the presence of certain transport protocols, such as TCP or UDP, that carry information data between communication programs. In the OSI network communication model, RPC spans both the transport layer and the application layer. RPC makes it easier to develop applications that include network distributed multiple programs. NFS servers are also an RPC server when they have to be registered with RPC when they are started. Ii. Preparatory workInstall Centos7.4min two or more servers with independent IP. This example takes 2 machines as an example, the server (providing one end of the NFS service, the actual storage end of the data): 192.168.237.21, Client: 192.168.237.22. Schema diagram.
third, the installation configuration process

1, the server and the client must be software nfs-utils, in fact, while installing nfs-utils, rpcbind as a dependent package is installed, so no longer need to install rpcbind separately. Installing Rpcbind alone does not install nfs-utils at the same time.

[Root@geeklp-nfs-server ~]# yum-y Install Nfs-utils

2, start the Server's NFS and Rpcbind services, and set it up to boot (as servers, should ensure that the service after each reboot can provide rapid service)

[Root@geeklp-nfs-server ~]# Systemctl start NFS
[root@geeklp-nfs-server ~]# Systemctl enable NFS
[ Root@geeklp-nfs-server ~]# systemctl status NFS
nfs-server.service-nfs Server and Services
   loaded:loaded (/US R/lib/systemd/system/nfs-server.service; Enabled  Vendor preset:disabled)
   Active:active (exited) since four 2017-12-07 17:01:25 CST; 58s ago
[Root@geeklp-nfs-server ~]# systemctl start Rpcbind
[root@geeklp-nfs-server ~]# systemctl enable Rpcbind
[Root@geeklp-nfs-server ~]# Systemctl status Rpcbind
rpcbind.service-rpc bind service
   loaded:loaded (/usr/lib/systemd/system/ Rpcbind.service; Indirect Vendor preset:enabled)
   Active:active (running) since four 2017-12-07 17:01:25 CST; 3min 26s ago
 Main pid:35630 ( Rpcbind)
   cgroup:/system.slice/rpcbind.service
           └─35630/sbin/rpcbind-w

3, create a shared directory on the server side.

[Root@geeklp-nfs-server ~]# Mkdir/nfs

4, modify the server-side configuration file
Modify the server-side configuration file/etc/exports to add the following line:
/nfs 192.168.237.22/24 (Rw,sync)
5, in turn, restart the service side Rpcbind, NFS services

[Root@geeklp-nfs-server ~]# systemctl restart Rpcbind
[root@geeklp-nfs-server ~]# systemctl Restart NFS

6. Configure the service-side firewall

[Root@geeklp-nfs-server ~]# firewall-cmd--add-service=nfs--permanent
Success
[Root@geeklp-nfs-server ~]# Firewall-cmd--reload
Success

7, Start client NFS service (client can not start Rpcbind service), Mount Server NFS directory.

[Root@geeklp-nfs-client ~]# Systemctl start NFS
[root@geeklp-nfs-client ~]# mount-t NFS 192.168.237.21:/nfs/mnt

8, testing.
View the mount on the client.

[root@geeklp-nfs-client mnt]# df-th
file system                type      capacity  used  available% mount point
/dev/mapper/centos-root XFS       8.3G  966M  7.4G   12%/
devtmpfs                devtmpfs  478M     0  478M    0%/dev
Tmpfs                   tmpfs     489M     0  489M    0%/dev/shm
tmpfs                   tmpfs     489M  6.8M  482M    2%/run
tmpfs                   tmpfs     489M     0  489M    0%               /sys/fs/cgroup/dev/sda1 XFS       247M  105M  142M   43%/boot
tmpfs                   tmpfs      98M     0   98M    0%/run/ user/0
192.168.237.21:/nfs     nfs4       14G  1.2G   13G    9%/mnt

Normal mount, no exception.
Writes data to the server and the client separately, and discovers that only the/nfs directory can be read and write on the server side, but only on the client. Because it is all done using the root account, the client sees root as the server root rather than the client root. In order to use and experience NFS services as soon as possible, set the/nfs directory permissions to 7 on the server side, and then enjoy the fun of NFS. But this is not rigorous, it is not the goal we want to achieve. Iv. Advanced Development Section

Today is not particularly busy, all of a sudden updated a few blog posts, unavoidable omissions, but also hope that you put forward a lot of comments or suggestions.
As soon as you get to the company and finish your daily patrol, you continue to finish the unfinished task yesterday. 2 problems were identified:
(1) client NFS mount is not on, error: Mount.nfs:access denied by server while mounting 192.168.237.21:/nfs
I checked the firewall, service End NFS, Rpcbind service status, network, etc., did not find any problems. What's the problem? Suddenly recalled, yesterday before shutting down the/etc/exports file, the contents of the brackets changed to (rwx,sync), remove x after the restart Service Rpcbind, NFS services, Mount success. The
(2) client side does not need to start Rpcbind and NFS services to mount NFS, but requires the installation of NFS services.

[Root@geeklp-nfs-client ~]# systemctl status rpcbind rpcbind.service-rpc bind service loaded:loaded (/usr/lib/syst Emd/system/rpcbind.service; Indirect  Vendor preset:enabled) active:inactive (dead) [root@geeklp-nfs-client ~]# status NFS systemctl- 
   NFS Server and Services loaded:loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset:disabled) Active:inactive (dead) [Root@geeklp-nfs-client ~]# umount/mnt [root@geeklp-nfs-client ~]# mount-t NFS 192.168.237.2       1:/nfs/mnt [root@geeklp-nfs-client ~]# df-th file system type capacity used available% mount point/dev/mapper/centos-root xfs      8.3G 966M 7.4G 12%/Devtmpfs devtmpfs 478M 0 478M 0%/dev Tmpfs tmpfs                   489M 0 489M 0%/dev/shm tmpfs tmpfs 489M 6.7M 482M 2%/run Tmpfs Tmpfs 489M 0 489M 0%/sys/fs/cgroup/dev/sda1 xfs 247M 105M 142M 43%/bOot tmpfs tmpfs 98M 0 98M 0%/run/user/0 192.168.237.21:/nfs nfs4 14G 1.1G 13 G 8%/mnt

To set up automatic Mount NFS service on the client:
[Root@geeklp-nfs-client ~]# echo "/nfs 192.168.237.21:/nfs/mnt NFS defaults 0 0" >>/etc/fstab
When you remove the Rpcbind installation package, NFS is also deleted as a dependency. Deleting nfs-utils individually does not delete Rpcbind at the same time. Nfs-utils cannot be isolated from rpcbind.

[Root@geeklp-nfs-client ~]# yum-y Remove Rpcbind
as a dependency was removed:     nfs-utils.x86_64                                                    1:1.3.0-0.48.el7_4 _64 1:4.01-14.EL7

If NFS is not uninstalled when Rpcbind and NFS installation packages are removed, the previously mounted NFS directory can still be manipulated. But could not be mounted again. To mount, you must install Nfs-utils.
Pull it off, get back to it, and say we'll talk about it in this section. Advanced Configuration for NFS. To differentiate, this use of NFS shared directory is:/nfs-server.
(a) New NFS shared directory/nfs-server on the server side, new mount point directory/nfs-client on client.

[Root@geeklp-nfs-server ~]# mkdir/nfs-server
[root@geeklp-nfs-client ~]# mkdir/nfs-client

Here, we first familiarize ourselves with the syntax and parameters of the/etc/exports configuration file, and prepare for the next content.

[Root@geeklp-nfs-server ~]# vim/etc/exports
/nfs-server 192.168.237.22/24 (RO) localhost (rw)  *.geeklp.com ( Ro,sync)

/nfs-server: Shared directory 192.168.237.22/24 (RO): IP shared to the specified host, in parentheses localhost (rw): You can use the hostname *.geeklp.com (ro,sync): You can use the domain name, And you can use wildcard characters
For the permissions in parentheses:

parameter values	content description
rw Ro	permissions to share in this directory are erasable Write (Read-write) or read-only (read-only), but ultimately can not read or write, or the file system rwx and identity.
sync Async	sync means that data is written synchronously to the memory and hard disk, and async represents that the data is staged in memory and not written directly to the hard disk.
no_root_squash Root_squash	clients using the NFS file system account as root, how the system determines the identity of the account. In the case of presupposition, the identity of the client root will be compressed into nfsnobody by the Root_squash setting, so the system of the server will be more secure. But if you want to open the client to use root to manipulate the server's file system, then you have to open no_root_squash.
all_squash	Regardless of the identity of the user who logged in to NFS, his identity is compressed into an anonymous user, usually the nobody (nfsnobody)
anonuid anongid	anon refers to the UID set value of the anonymous user mentioned in *_squash before Anonymous (anonymous), usually n Obody (nfsnobody), but you can set the value of this UID yourself. Of course, this UID will need to exist in your/etc/passwd. Anonuid refers to the UID and Anongid is the group's GID.

(b) Several application cases.
1, a full share of NFS directory, so that anyone can use root permissions to operate the contents of the shared directory.

[Root@geeklp-nfs-server/]echo "/nfs-server * (Rw,no_root_squash)" >>/etc/exports
[Root@Geeklp-NFS-Server /]# systemctl Restart Rpcbind
[root@geeklp-nfs-server/]# systemctl Restart NFS

Mount this shared directory on the client:

[Root@geeklp-nfs-client ~]# mount-t NFS 192.168.237.21:/nfs-server/nfs-client/
[Root@geeklp-nfs-client/]# Echo] GEEKLP NFS Test ">/nfs-client/a.txt
[root@geeklp-nfs-client/]# ls-l nfs-client/
total dosage 4
-rw-r--r--. 1 Root root 16 December  8 14:15 a.txt
[root@geeklp-nfs-client/]# cat  nfs-client/a.txt 
geeklp NFS test

Go back to the service side to see:

[Root@geeklp-nfs-server/]# ll/nfs-server/
total dosage 4
-rw-r--r--. 1 root root 16 December  8 14:15 a.txt
[root@ Geeklp-nfs-server/]# cat/nfs-server/a.txt 
geeklp NFS test

You do not have to modify permissions on the service side.
2, uninstall the shared directory on the client. The/nfs-server limited network segment is 192.168.237.0/24 and the user who joins the Geeklpgroup can read and write, and other sources can only read. This section deals with the content of ACL rights management.

[Root@geeklp-nfs-server/]# groupadd geeklpgroup
[root@geeklp-nfs-server/]# setfacl-m g:geeklpgroup:rwx/ nfs-server/

This NFS shared directory is mounted on the client at this time, and can be read correctly, but the data cannot be written. Add the group Geeklpgroup to the client, create the user geeklp and add it to the Geeklpgroup. Switch to GEEKLP user, write data successfully.

[Root@geeklp-nfs-client/]# groupadd geeklpgroup [root@geeklp-nfs-client nfs-client]# useradd-geeklp-g
Geeklpgroup
[Root@geeklp-nfs-server/]# echo/nfs-server 192.168.237.0/24 (rw) * (RO) >/etc/exports
[ Root@geeklp-nfs-server/]# systemctl Restart Rpcbind
[root@geeklp-nfs-server/]# systemctl restart NFS
[ Root@geeklp-nfs-client/]# mount-t NFS 192.168.237.21:/nfs-server/nfs-client
[root@geeklp-nfs-client NFS-Client ]# su geeklp
[geeklp@geeklp-nfs-client nfs-client]$ touch d.txt
[geeklp@geeklp-nfs-client nfs-client]$ ll
Total dosage 0
-rw-r--r--. 1 geeklp geeklpgroup 0 December  8 15:44 d.txt

If you want to specify that a specific user has read and write access to an NFS shared directory, you can do so with ACL rights management.
3, let the host 192.168.237.22/24, log on to NFS host, can read and write NFS shared directory, and read and write data with the specified UID and GID to operate. For example, specify a UID of 1001,gid 1002.

[Root@geeklp-nfs-server/]# Groupdel geeklpgroup [root@geeklp-nfs-server/]# setfacl-b]/NFS-Server [ Root@geeklp-nfs-client/]# umount/nfs-client/[root@geeklp-nfs-client/]# userdel-r Geeklp [root@Geeklp-NFS-Client/]# Geeklpgroup [root@geeklp-nfs-server/]# useradd-u 1001 Geeklp-nfs [Root@geeklp-nfs-server/]# groupadd-g 1002 Groupdel G eeklp-nfs-g [root@geeklp-nfs-server/]# useradd-u 1001 Geeklp-nfs [root@geeklp-nfs-server/]# ID Geeklp-NFS uid=1001 (gee KLP-NFS) gid=1001 (GEEKLP-NFS) group =1001 (GEEKLP-NFS) [Root@geeklp-nfs-server/]# groupadd-g 1002 geeklp-nfs-g [ Root@geeklp-nfs-server/]# echo "/nfs-server 192.168.237.22/24 (rw,all_squash_root,anonuid=1001,anongid=1002)" >/ etc/exports [Root@geeklp-nfs-server/]# cat/etc/exports/nfs-server 192.168.237.22/24 (rw,all_squash_root,anonuid= 1001,anongid=1002) [Root@geeklp-nfs-server ~]# chown geeklp-nfs/nfs-server/[root@geeklp-nfs-server ~]# chgrp Geeklp-nfs-g/nfs-server/[root@geeklp-nfs-server ~]# systemctl restart Rpcbind [root@geEklp-nfs-server ~]# systemctl Restart NFS [root@geeklp-nfs-client/]# umount/nfs-client/[root@Geeklp-NFS-Client/]# mou Nt-t NFS 192.168.237.21:/nfs-server/nfs-client [root@geeklp-nfs-client nfs-client]# Touch Geeklp.txt [ Root@geeklp-nfs-client nfs-client]# ll Total dosage 0-rw-r--r--. 1 1001 1002 0 December 8 18:23 geeklp.txt

The important point to note in this example is : NFS shared directory/nfs-server users and groups must match the user UID and group gid specified in/etc/exports, otherwise it cannot be written. The user can belong to the specified group in the exports, or it may not belong to.
4, a number of related command details
(1) Exportfs
If we have modified/etc/exports after we started NFS, do we have to restart NFS? This time we can use the EXPORTFS command to make the changes immediately effective, the command format is as follows:
# Exportfs [-aruv]
-A all mount or unload the contents of the/etc/exports
-R re-read/etc/ex Ports and Updates/etc/exports,/var/lib/nfs/xtab
-u unload a single directory (used together with-A to uninstall directories in all/etc/exports files)
-V in export, the detailed The information is exported to the screen.
Concrete Example:
# Exportfs-au Uninstall all shared Directories
# EXPORTFS-RV share all directories and output details
(2) Nfsstat
View the running Status of NFS.
(3) rpcinfo
looks at RPC execution information and can be used to detect RPC Runtime tools, using RPCINFO-P to see what programs are available from RPC-enabled ports.
(4) Showmount
-a displays the directory information that is already on the client connection
-e IP or hostname displays the directory where this IP address is shared
(reference: Http://jlk.fjfi.cvut.cz/arch /manpages/listing/core/nfs-utils/)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More