LinuxNFS description, configuration, and fault analysis

LinuxNFS description, configuration and Fault Analysis I. Introduction to NFS services NFS is short for NetworkFileSystem, that is, the Network File System. An agreement for the use of distributed file systems, developed by Sun, was published on April 9, 1984. The function is to allow different machines and different... Linux NFS descriptions through the Network. configuration and Fault Analysis I. Introduction to NFS services NFS is the abbreviation of Network File System, that is, Network File System. An agreement for the use of distributed file systems, developed by Sun, was published on April 9, 1984. The function is to allow different machines and operating systems to share individual data with each other through the network, so that applications can access data on server disks through the network on the client, it is a way to share disk files between Unix-like systems. The basic principle of NFS is "allow different clients and servers to share the same file system through a group of RPC", which is independent of the operating system, allows different hardware and operating system systems to share files. NFS depends on the RPC protocol during file transfer or information transfer. Remote Procedure Call (RPC) is a mechanism that enables the client to execute programs in other systems. NFS itself does not provide information transmission protocols and functions, but NFS allows us to share data over the network, because NFS uses some other transmission protocols. These transmission protocols use this RPC function. NFS itself is a program that uses RPC. Or NFS is also an rpc server. Therefore, the RPC service must be started wherever NFS is used, whether it is an nfs server or an nfs client. In this way, the SERVER and CLIENT can implement the corresponding program port through RPC. We can understand the relationship between RPC and NFS in this way: NFS is a file system, while RPC is responsible for information transmission. II. system environment system platform: Red hat 5.8NFS Server IP: 10.48.11.41 Firewall disabled/iptables: Firewall is not running. SELINUX = disabled 3. installing NFS is very simple. you only need two software packages. In general, they are installed as the system's default package. Nfs-utils-*: includes basic NFS commands and monitoring program portmap -*: support secure nfs rpc service connection 1. check if NFS is installed in the system [root @ exadatabackup dir01] # rpm-qa | grep nfsnfs-utils-lib-1.0.8-7.9.el5nfs-utils-1.0.9-60.el5 [root @ exadatabackup dir01] # rpm-qa | grep portmapportmap-4.0-65.2.2.1 4, NFS system daemon nfsd: it is a basic NFS daemon, mainly used to manage whether the client can log on to the server; mountd: it is an RPC installation daemon and mainly used to manage the NFS file system. After the client successfully logs on to the NFS server through nfsd, it must pass the file permission verification before using the files provided by the NFS service. It reads the NFS configuration file/etc/exports to compare the Client Permissions. Portmap: mainly used for port ING. When the client tries to connect to and use the services provided by the RPC server (such as the NFS service), portmap will provide the managed port corresponding to the service to the client, this allows the customer to request services from the server through this port. 5. NFS server configuration the NFS server configuration is relatively simple. you only need to set it in the corresponding configuration file and then start the NFS server. Common NFS directory/etc/exports NFS service configuration file/usr/sbin/exportfs NFS service management command/usr/sbin/showmount client view command/var/lib/ nfs/etab records the complete permission settings for the directories shared by NFS./var/lib/nfs/xtab records the information of the client that has been logged on. The NFS service configuration file is/etc/exports, this file is the main configuration file of NFS, but the system does not have the default value. Therefore, this file may not exist. you may need to manually create it using vim and then write the configuration content in the file. /Etc/exports file content format: <输出目录> [Client 1 option (access permission, user ING, others)] [client 2 option (access permission, user ING, others)]. output Directory: the directory to be shared to the client in the NFS system. B. client: the client is a computer client that can access the NFS output directory in the network. the commonly used method is as follows: host with the specified IP address: 192.168.0.200 all hosts in the specified subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0 host of the specified domain name: David .bsmart.cn all hosts in the specified domain: * .bsmart.cn all hosts: * c. option: it is used to set the access permission and user ING of the output directory. NFS has three main options: access permission option: set output directory read-only: ro set output directory read/write: rw user ing option: all_squash: maps all common users and groups for remote access to an anonymous user or user group (nfsnobody), no_all_squash: reversed with all_squash (default setting), and root_squash: map root users and groups to anonymous users or user groups (set by default); no_root_squash: returns the opposite value from rootsquash; anonuid = xxx: maps all remotely accessed users to anonymous users, and specifies the user as a local user (UID = xxx); anongid = xxx: map all user groups remotely accessed to an anonymous user group account, and specify this anonymous user group account as a local user group account (GID = xxx); other options: secure: restrict the client to connect to the nfs server from a tcp/ip port less than 1024 (default); insecure: allow the client Connect to the server over 1024 TCP/IP ports; sync: write data synchronously to the memory buffer and disk, which is less efficient, but can ensure data consistency; async: store data in the memory buffer before writing data to the disk if necessary. wdelay: Check whether there are related write operations. If yes, execute these write operations together, this improves the efficiency (the default setting). no_wdelay: if a write operation is performed immediately, it should be used with sync. subtree: If the output directory is a sub-directory, the nfs server checks the permissions of its parent directory (set by default). no_subtree: even if the output directory is a sub directory, the nfs server does not check the permissions of its parent directory, which improves efficiency; 6. start and stop the NFS server after the exports file is correctly configured, you can start the NFS server. 1. start the NFS server. in order to enable the NFS server to work normally, you need to start the portmap and nfs services. portmap must be started before nfs. # Service portmap start # service nfs start2, query NFS server status # service portmap status # service nfs status 3. when stopping an NFS server, you need to stop the nfs service before stopping the portmap service. when other services (such as NIS) in the system need to be used, you do not need to stop the portmap service # service nfs stop # service portmap stop4. set the automatic startup status of the NFS server for the actual application system, it is unrealistic to manually start the nfs server every time you start the LINUX system. you need to set the system to automatically start the portmap and nfs services at the specified running level. # Chkconfig -- list portmap # chkconfig -- list nfs sets portmap and nfs services to automatically start at system running level 3 and 5. # Chkconfig -- level 35 portmap on # chkconfig -- level 35 nfs on [root @ exadatabackup dir01] # cat/etc/exports #/dir01 * (rw, no_root_squash) #/dir02 * (rw, no_root_squash)/dir01 * (rw)/dir02 * (rw) [root @ exadatabackup dir01] # exportsfs-bash: exportsfs: command not found [root @ exadatabackup dir01] # exportfs/dir01 /Dir02 [Root @ exadatabackup dir01] # showmount-eExport list for exadatabackup:/dir02 */dir01 * [root @ exadatabackup dir01] # showmount-esExport list for exadatabackup: /dir02 */dir01 * [root @ exadatabackup dir01] # showmount-aAll mount points on exadatabackup: 10.48.28.3:/dir0110.48.28.9:/dir0110.48.28.9: /dir02 the client uses the showmount command to query the NFS sharing status # showmount-e NFS_SERVER_IP [root @ exadatabackup dir01] # showmount-e 10.48. 11.41 Export list for 10.48.11.41:/dir02 */dir01 * NFS has many default parameters, open/var/lib/nfs/etab to view the shared/home/david/full permission settings. [Root @ exadatabackup dir01] # cat/var/lib/nfs/etab/dir01 * (rw, sync, wdelay, hide, nocrossmnt, secure, root_squash, no_all_squash, no_subtree_check, callback, acl, mapping = identity, anonuid = 65534, anongid = 65534)/dir02 * (rw, sync, wdelay, hide, nocrossmnt, secure, root_squash, no_all_squash, no_subtree_check, deny, acl, mapping = identity, anonuid = 65534, anongid = 65534) no_root_squash is used to keep root privileges, while root_squash is used to map root As nobody, no_all_squash does not allow all users to maintain permissions in the mounted directory. Therefore, the root object owner is nfsnobody. Permission analysis 1. check for common users during client connection. if the identity of a common user is clearly set to be compressed, then the client user's identity is converted to a specified user; B. if the NFS server has a user with the same name, the identity of the client logon account is converted to the user with the same name on the NFS server; c. if no user with the same name is specified, the user identity is compressed into nfsnobody; 2. check root when the client is connected. if no_root_squash is set, the root user's identity is compressed to the root; B. if all_squash, anonuid, and anongid are set, the root identity is compressed to the specified user; c. if not explicitly specified, the root user is compressed to nfsnobody; d. if both no_root_squash and all_squash are specified, the user will be compressed to nfsnobody. if ano is set Nuid and anongid will be compressed to the specified user and group. related commands 1. exportfs if we modify/etc/exports after starting NFS, is it necessary to restart nfs? At this time, we can use the exportfs command to make the change take effect immediately. the command format is as follows: # exportfs [-aruv]-a Mount or detach all content in/etc/exports-r re-read the information in/etc/exports, and synchronously update/etc/exports,/var/lib/nfs/xtab-u to detach a single directory (used with-a to detach all directories in the/etc/exports file) -v outputs detailed information to the screen during the export operation. Example: # exportfs-au unmount all shared directories # exportfs-rv re-share all directories and output details. 2. view the running status of NFS with nfsstat, it is of great help to adjust the running of NFS. 3. rpcinfo: a tool used to check rpc running Status. you can use rpcinfo-p to check the programs provided by the ports enabled by rpc. 4. showmount-a displays the directory information that has been connected to the client-e IP address or hostname displays the directory shared by this IP address. 5. netstat shows the port opened by the nfs service, nfs enables 2049, portmap enables 111, and rpc enables others. At last, pay attention to the two points. Although the permission settings allow normal users to access the file, by default, only root users can mount the file, and general users can execute sudo. When the NFS server is shut down, make sure that the NFS service is closed. no client is connected! You can check through showmount-a. If yes, kill killall pkill is used to end the process. (-9 is forced to end) the faulty instance ======== failed to mount with nfs: mount: 10.48.11.41:/home/test/distfiles failed, reason given by server: Permission denied disable the firewall and mount again. View Server/var/log/message records and find Aug 2 16:15:11 exadatabackup mountd [1106]: refused mount request from 10.48.28.9 for/dir01 (/dir01 ): the host name ip addresses in the/etc/hosts of the unmatched host server are all removed, and the client can mount again. However, the same error occurs when another client fails to mount. After repeated experiments, the solution is summarized: Solution 1. remove the host name ip address in/etc/hosts. 2. check that the directory mounted on the client does not have the read/write permission. add the permission. Solution 3: because the IP address ranges of the server and client are different, modify the IP address so that the IP address ranges are the same. Replace 192 with 192.168.0.0/16. 168. * if someone encounters the same problem with me on the supervisor, I guess that NFS will first convert the IP address to the corresponding host name, and then use this host name to match the/etc/exports file, the file is configured with IP segments, so you certainly do not have the mount permission. My guess was confirmed by checking the materials and tests. In addition, if you use the host name or fully qualified host name (FQDN) to mount the NFS file system, it is much faster than simply using IP addresses. Therefore, if you use the NFS service to add a DNS service in the Lan and then use the full-quality host name for access, the effect would be much better.