Network File System NFS and Network File System

Network File System NFS and Network File System

What is NFS?

NFS is short for Network File System, that is, Network File System. Its main function is to allow different host systems to share files or directories through a network (generally a LAN. NFS clients (typically application servers, such as web) can be mounted) to mount the data directory shared by the NFS server to the local system of the NFS client (under a mount point ). From the local machine of the NFS client, the directory shared by the NFS server is like the disk partition or directory of the customer, but it is actually the directory of the remote NFS server.

The NFS Network File System is similar to windows network sharing, security, and network drive ing, which is similar to the samba service in linux. It is used for Internet small and medium-sized cluster architecture backend as data sharing. If it is a large website, it may also use more complex distributed file systems, such as Moosefs (mfs), glusterfs, and FastDFS.

Application scenarios of NFS in Enterprises

In enterprise cluster architecture scenarios, NFS network file systems are generally used to store shared videos, images, attachments, and other static resource files. Generally, files uploaded by website users are stored in NFS sharing. For example, BBS product images, attachments, and portraits are not stored in NFS sharing, then all the front-end nodes access one of the storage services, especially for small and medium-sized website companies.

NFS Flowchart

NFS schematic

Nfs rpc service, named portmap in centos 5.x and rpcbind in centos 6.x.

NFS server deployment environment preparation NFS service Deployment Server preparation

Server System	Role	Ip
CentOS 6.6 x86_64	NFS server (nfs-server)	Custom
CentOS 6.6 x86_64	NFS client (nfs-client1)	Custom
CentOS 6.6 x86_64	NFS client (nfs-client2)	Custom

Nfs server sets the NFS Software List

To deploy the NFS service, install the following software package:

Nfs-utils: The main NFS service program includes rpc. nfsd and rpc. mountd daemons and related documentation and command execution files.

Rpcbind: Main RPC program under CentOS 6. x (portmap under CentOS 5. x)

NFS can be considered as an RPC program. before starting any RPC program, port ing is required. This ing is done by the rpcbind service. Therefore, you must first start the rpcbind service.

The NFS package is not installed by default in CentOS 6.6 (CentOS 5 is installed by default ).

Two software packages appear, indicating that the NFS server software has been installed.

Start NFS-related services

We recommend that you use/etc/rc. local to start the service, rather than chkconfig to facilitate management.

Configure NFS server

The default configuration file path of the NFS service is/etc/exports, which is empty by default.

Exports configuration file format

/Etc/exports file configuration format

NFS shared directory: NFS client address 1 (parameter 1, parameter 2, parameter 3 ...) Client address 1 (parameter 1, parameter 2, parameter 3 ...)

NFS shared directory: NFS client address (parameter 1, parameter 2 ...)

 

 

 

Client Configuration

Start rpcbind

 

 

Delete the/oldboy.txt file in/data on the server, and view it on the client. The file does not exist.

You cannot write data because of permission issues. The solution is as follows.

 

 

Enable automatic mounting on the client

Configure another client.

Troubleshooting

1. Check whether the NFS server configuration and service are normal.

It is best for the server to mount it on its own to see if it is successful.

This step mainly checks whether the NFS service on the server is normal.

2. Check whether the NFS client showmount is normal.

If any problem occurs, perform the following troubleshooting.

1) ping the IP address of the NFS server

2) telnet NFS server IP Port Check

If No route to host appears, it may be caused by the server firewall.

In addition, pay attention to the order in which the RPC service is started on the server.

/Etc/init. d/rpcbind start

Rpcinfo-p localhost

/Etc/init. d/nfs start

Rpcinfo-p localhost

NFS configuration parameter permissions NFS configuration file permission Parameters

NFS server-side permission settings, that is, parameters in parentheses in the/etc/exports file configuration format.

Parameter Name	Parameter usage
Rw	Read-write, indicating the read/write permission *
Ro	Read-only, indicating read-only permission
Sync	When data is requested or written, the data is synchronized to the hard disk of the NFS Server and then returned. Data security will not be lost, disadvantages, and performance degradation.
Async	The request or write data is to first return the request and then write the data to the memory cache and hard disk, that is, to write data asynchronously. This parameter can improve NFS performance, but reduces data security. Therefore, it is generally not recommended that you enable this parameter to improve NFS performance if NFS is in a bottleneck and data loss occurs. When writing data, the data is first written to the memory buffer, and then written to the disk when the hard disk is empty. This improves the write efficiency. If the server is down or shut down abnormally, data not written to the disk in the buffer zone will be lost (solution: the server board battery or the UPS uninterruptible power supply ). (E-commerce seckilling is asynchronous)
No_root_squash	If the user accessing the NFS Server shared directory is root, the user has root permission on the shared directory. This configuration was originally prepared for the diskless client. Users should avoid using it.
Root_squash	If the user accessing the NFS Server shared directory is root, its permissions will be compressed into anonymous users, and its UID and GID will usually become the nfsnobody account identity.
All_squash	Regardless of the identity of the user accessing the NFS Server shared directory, its permissions are compressed into anonymous users, and its UID and GID will become the nfsnobody account identity. This parameter is useful when multiple NFS clients read and write data on the NFS Server at the same time. *
Anonuid	The parameter starts with anon * and is named anonymous user. The UID value of this user is usually the UID value of nfsnobody. Of course, you can also set this UID value. However, the UID must exist in/etc/passwd. When multiple NFS Clients are used, such as when multiple web servers share an NFS Directory, this parameter allows different NFS Clients to write data with the same user permissions for all NFS Clients, this parameter is useful when the configured anonymous UID corresponds to user permissions. *
Anongid	The difference with anonuid is to change uid (User id) to gid (group id ).

Configuration is recommended.

NFS service Summary: configuration conditions for writable servers on the NFS Client

When multiple NFS clients write data to the file system on the server in NFS mode, they must have the following permissions:

1. the NFS server/etc/exports setting requires the write permission, that is, the server share permission.

2. the NFS directory permission that the NFS server actually wants to share has the permission to write data to w, that is, the security permission of the local directory of the server.

3. Each machine corresponds to an nfsnobody user with the same UID65534 UID as the nfs default configuration (ensure that all clients have the same access permissions; otherwise, users with the same UID must be created on each machine at the same time, and overwrite the default NFS configuration ).

When three conditions are met, multiple NFS clients can write to each other and modify the permissions for writing files to other hosts.

NFS important files

/Etc/exports

The main configuration file of the NFS service. It specifies the location of the NFS shared service. The default content is null, in the unit of action.

/Usr/sbin/exportfs

NFS service management commands. For example, you can load the NFS configuration to take effect, or directly configure the NFS shared directory, that is, you do not need to configure/etc/exports for sharing.

Exportfs not only can load the configuration to take effect, but also can directly share the Directory through commands. Overwrite/etc/exports, but the restart fails.

/Usr/sbin/showmount

Commands used to view NFS configurations and mount results on the client. Configure the nfsserver and view the mounting information on the server and client respectively.

/Var/lib/nfs/etab

Complete parameter setting file of the NFS configuration file (many NFS parameters are not configured but are available by default ).

/Proc/mounts

Client mount parameters

NFS client mount command

NFS client mounting command

Mount command	Mounting format type	Shared directory provided by the NFS server	Directory to which the NFS client is attached
Mount	-T nfs	192.168.31.129:/data	/Mnt (required)
Complete mount command: mount-t nfs 192.168.31.129:/data/mnt

Mounting Process

NFS client mount in-depth NFS client mount parameter description

On the NFS server, you can use cat/var/lib/nfs/etab to view the Parameter Details of the NFS server configuration.

On the NFS client, you can view the mount Parameter Details through cat/proc/mounts.

NFS Client mount parameter list

Parameters	Parameter Functions	Default parameters
Fg Bg	When mounting on the client, you can choose whether to execute fg at the front end or bg at the backend. If you run the mount command on the foreground, the mount command will continue to try mounting until it is successful or the mount time times out. If you run the command on the background, the mount command will be mounted multiple times in the background, it does not affect other program operations on the front-end. If the network is unstable online or the server often needs to switch ON/OFF, it is recommended that you use bg.	Fg
Soft Hard	When the NFS Client mounts the Server with soft, if a problem occurs on the network or Server, the Client and Server cannot transmit data, the Client keeps trying to timeout and displays an error and stops trying. If soft mount is used, data may be lost when timeout occurs. It is generally not recommended. If the hard disk is mounted in hard mode, the Client tries to connect to the Server. If the Server responds, continue the operation, if you do not respond to NFS Client, you will always try it. In this case, you cannot umount or kill it, so it is often used with intr.	Hard
Intr	When the hard-mounted resource timeout is used, if the intr parameter is specified, it can be interrupted after timeout, which avoids the entire system being locked by NFS when a problem occurs.	None
Rsize Wsize	The block size of reading (rsize) and writing (wrize). This setting can affect the buffer storage of data transmitted between the client and the server. Generally, if the local area network (LAN) and the client and server have enough memory, this value can be set to a larger value (65535 bytes ), improving the buffer block improves the transmission capability of the NFS file system. However, the value cannot be too large. It is best to limit the maximum value that the network can transmit.	CentOS 5: 1024 by default CentOS 6: 131072 by default
Proto = udp	Using the UDP protocol to transmit data has good performance in the LAN. If you want to cross the Internet, using proto = tcp multi-transmission data will provide better error correction capabilities	Proto = tcp

Man nfs to view the above information.

Optimization:

The following lists the options corresponding to the mount-o parameter.

Parameters	Parameter meaning	Default Value
Suid Nosuid	When the mounted file system has any SUID program, you only need to use nosuid to cancel the SUID setting function.	Suid
Rw Ro	You can specify whether the file system is read-only ro or writeable rw.	Rw
Dev Nodev	Whether the special features of the device file can be retained. Generally, only/dev has a special device, so nodev can be selected.	Dev
Exec Noexec	Whether you have the permission to execute files. If you want to mount only common resource data areas (such as instance slices and attachments), you can select noexec	Exec
User Nouser	Whether to allow users to mount and detach files. If you want to protect the file system, it is best not to allow users to choose to mount and detach files.	Nouser
Auto Noauto	This auto refers to the project that will be mounted when "mount-a" is used. If you do not need this partition to be mounted at any time, you can set it to noauto.	Auto

NFS client mount Optimization

In enterprise scenarios, generally, NFS servers only share common static data (images, attachments, and videos) and do not require suid, exec, or other permissions, the mounted file system can only be used for data access and cannot execute programs. This increases the security of the client. For example, many Trojans tamper with website files by uploading the uploaded program to the storage directory and then executing the program.

Therefore, it is necessary to use the following command during mounting.

Mount Security mount parameters

Mount-t nfs-o nosuid, noexec, nodev, rw 192.168.31.129:/data/mnt

Using mount-o to specify the mount parameter is the same as specifying the mount parameter in/etc/fstab.

Mount performance optimization Parameter options

1. Update directories and file timestamp mounting prohibited

Mount-t nfs-o noatime, nodiratime 192.168.31.129:/data/mnt

2. Security and optimized Mounting Mode

Mount-t nfs-o nosuid, noexec, nodev, noatime, nodiratime, intr, rsize = 131072, wsize = 131072 192.168.31.129:/data/mnt

3. Default mounting method (recommended)

Mount-t nfs 192.168.31.129:/data/mnt

For a local file system

Mount/dev/sdb1/mnt-o defaults, async, noatime, data = writeback, barrier = 0

NFS service kernel Optimization

Optimization Options:

1./proc/sys/net/core/rmem_default

This file specifies the missing value of the buffer size of the receiving socket (in bytes). The default value is 124928.

2./proc/sys/net/core/rmem_max

This file specifies the maximum buffer size of the received socket (in bytes). The default value is 124928.

3./proc/sys/net/core/wmem_default

This file specifies the missing value of the buffer size of the sending socket (in bytes). The default value is 124928.

4./proc/sys/net/core/wmem_max

This file specifies the maximum size of the buffer for sending Sockets (in bytes). The default value is 124928.

The specific kernel optimization commands corresponding to the above files:

Summary of NFS shared storage Optimization for enterprise scenarios

1. Hardware: sas, ssd hard drive, buy multiple disks, raid0, raid10. Nic throughput must be at least 1 GB

2. NFS server configuration:/data

192.168.31.0/24 (rw, sync, all_squash, anonuid = 65534, anongid = 65534)

3. NFS client mounting: rsize, wsize, noatime, nodirtime, nosuid, noexec, soft (hard, intr)

Mount-t nfs-o nosuid, noexec, nodev, noatime, rsize = 131072, wsize = 131072 192.168.31.129:/data/mnt

Mount-t nfs-o noatime, nodiratime, rsize = 131072, wsize = 131072 192.168.31.129:/data/mnt

Mount-t nfs-o noatime, nodiratime 192.168.31.129:/data/mnt

4. kernel Optimization for all servers related to the NFS service

5. If the system prompts "umount:/mnt: device is busy" during uninstallation, You need to exit the Mount directory and unmount it, or the NFS Server is down, mount-lf/mnt needs to be forcibly uninstalled.

6. Replacement software for NFS network file systems for large websites, distributed file systems: Moosefs (mfs), glusterfs, and FastDFS.

Advantages and disadvantages of NFS System Applications

Purpose:

The NFS service allows different clients to mount and use the same directory as shared storage. This ensures data consistency between clients on different nodes and is often used in the cluster architecture environment. Samba can be used in windows and linux.

Advantages:

1. simple, easy to use, and easy to grasp.

2. Data in the NFS file system is on top of the file system, that is, data can be seen.

3. Convenient, Fast deployment, simple maintenance, controllable, and satisfying requirements.

4. Reliability: In terms of software, data is highly reliable and durable. Data is stored on the file system.

5. Stable.

Limitations:

1. The limitation is that there is a single point of failure. If the nfs server goes down, all clients cannot access the shared directory.

It can be compensated through load balancing and high availability solutions.

2. In the case of high concurrency of big data, NFS efficiency and performance are limited (usually tens of millions of pv websites are not bottlenecks, unless the website architecture is too poor, pv/day ).

3. client authentication is based on ip addresses and host names, and permissions are identified based on IDs. Security is common (internal and external authentication is not a problem ).

4. NFS data is in plain text, and NFS itself does not verify data integrity.

5. Connection Management and Maintenance (high Coupling Degree) when multiple customer machines mount an NFS server ). In particular, when the NFS service encounters a problem, all NFS clients are suspended (in the test environment, autofs can be used for automatic mounting ).

6. Large and medium-sized websites (less than 10 million PVs) can be used online.

Showmount command description

Short format	Long format	Purpose and instance result
-E	-- Exports	Displays the list of directories output by the NFS server. [Root @ web-lamp01 ~] # Showmount-e 192.168.31.129 Export list for 192.168.31.129: /Data 192.168.31.0/24
-D	-- Directories	Displays the shared directories on the NFS server.
-	-- All	Display the ip address and mounted directory of the NFS server in ip:/die format