Simple configuration of Linux Server for NFS 6.8

Concise configuration of Linux Server for NFS

I. Introduction TO Services for NFS

NFS is the abbreviation for the network file system, which is the web filesystem. A contract for the decentralized file system, developed by Sun, was announced in 1984. The function is to enable different machines, different operating systems to share individual data with each other, so that the application can access the data on the server disk through the network, and it is a way to implement disk file sharing among Unix-like systems.

The basic principle of NFS is to "allow different clients and services to share the same file system through a set of RPC", which is independent of the operating system, allowing different hardware and operating systems to share files together.

NFS relies on the RPC protocol during file transfer or information transfer. RPC, remote procedure invocation (Procedure call) is a mechanism that enables clients to perform programs in other systems. NFS itself does not provide the protocol and functionality for transmitting information, but NFS allows us to share information over the network, because NFS uses some other transport protocols. And these transport protocols are used for this RPC function. It can be said that NFS itself is a program that uses RPC. Or, NFS is also an RPC SERVER. So whenever you use NFS, you start the RPC service, whether it's NFS server or NFS CLIENT. This allows the server and client to implement the program port correspondence via RPC. You can understand the relationship between RPC and NFS: NFS is a file system, and RPC is responsible for the transfer of information.

Ii. Installation of NFS ServicesThe installation of NFS is very simple, requires only two packages, and is normally installed as the default package for the system.

• Nfs-utils: Includes basic NFS command and Monitoring program (RPC.NFSD, RPC.MOUNTD)
• Rpcbind: Support for secure NFS RPC service connection, Rpcbind service is also a key basic service of graphical interface, do not start this service, cannot start graphical desktop.

third, the NFS system daemon

• NFSD: It is the basic NFS daemon, the main function is to manage whether the client can log on to the server;
• Mountd: It is the RPC installation daemon, and the primary function is to manage the NFS file system. After the client has successfully logged on to the NFS server through NFSD, it must also authenticate with the file usage permissions before using the files provided by the NFS service. It reads the NFS configuration file/etc/exports to compare client permissions.
• Rpcbind (formerly called Portmap): The main function is to do port mapping work. When a client attempts to connect and use a service provided by the RPC server, such as an NFS service, Rpcbind provides the managed port to the client, which enables the client to request services from the server through that port.

iv. configuration of Server for NFS

Server for NFS is relatively simple to configure, just set it up in the appropriate configuration file, and then start Server for NFS.

Common Directories for NFS

/etc/exports Primary configuration file for NFS Services/USR/SBIN/EXPORTFS management commands for NFS services/usr/sbin/showmoun The view command of the T client/var/lib/nfs/etab record the full permission setting value of the NFS shared directory/var/lib/nfs/xtab Logging of client information that has been logged on

The NFS service configuration file is/etc/exports, which is the primary NFS configuration file, but the system does not have a default value, so this file does not necessarily exist, it may be created manually using Vim, and then write the configuration content in the file.

/etc/exports File Content format:

< output directory > [Client 1 options (access rights, user mappings, others)] [Client 2 options (access rights, user mappings, others)]

A. Output directory:

The output directory is the directory that the NFS system needs to share with the client;

B. Client:

A client is a computer in the network that can access this NFS output directory

Common ways for clients to specify

• Specify the IP address of the host: 192.168.0.200
• Specify all hosts in the subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0
• Host of the specified domain name: david.bsmart.cn
• Specify all hosts in the domain: *.bsmart.cn
• All hosts: *

C. Options:

option to set the access permissions, user mappings, and so on for the output directory.

There are 3 main types of NFS options:

Access Permissions Options

• Set output Directory read-only: RO
• Set output directory Read/write: RW

User mapping Options

• All_squash: Maps all normal users and groups that are accessed remotely to anonymous users or user groups (Nfsnobody);
• No_all_squash: Reverse with All_squash (default setting);
• Root_squash: The root user and the owning group are mapped to anonymous users or groups of users (default setting);
• No_root_squash: Reverse with Rootsquash;
• ANONUID=XXX: Maps All remote access users to anonymous users and specifies that the user is a local user (uid=xxx);
• ANONGID=XXX: Maps All remote Access user groups to anonymous user group accounts and specifies that the anonymous user group account is a local user group account (GID=XXX);

Other options

• Secure: Restrict clients from connecting to Server for NFS (default setting) only from TCP/IP ports less than 1024;
• Insecure: Allow clients to connect to the server from TCP/IP ports greater than 1024;
• Sync: It is inefficient to write data synchronously to memory buffer and disk, but it can guarantee the consistency of data;
• Async: Save the data in the memory buffer first, and write to disk if necessary;
• Wdelay: Check if there is a related write operation, if any, then perform these writes together, which can improve the efficiency (default setting);
• No_wdelay: If a write operation is performed immediately, it should be used in conjunction with sync;
• Subtree: If the output directory is a subdirectory, the NFS server will check the permissions of its parent directory (default setting);
• No_subtree: Even if the output directory is a subdirectory, the NFS server does not check the permissions of its parent directory, which can improve efficiency;

v. Start and stop of Server for NFSAfter you have configured the exports file correctly, you can start the NFS server. 1. Start the NFS server, Query the NFS server status, Stop the NFS server in order for the NFS server to work properly, you need to start the Portmap and NFS two services, and Portmap must start before NFS. To stop the NFS runtime, you need to stop the NFS service before stopping the Portmap service, and you do not need to stop the Portmap service if there are other services in the system (such as NIS) that you need to use

1 /etc/init.d/rpcbind start|status| Stop 2 /etc/init.d/nfs start|status|stop

2, set the auto-start Status of NFS server for the actual application system, it is unrealistic to start the NFS server manually after each boot of the Linux system, and it is necessary to set the system to automatically start the Portmap and NFS services at the specified runlevel.

1 chkconfig--list rpcbind2 chkconfig--list NFS

3. Set Portmap and NFS services to start automatically at System run level 3 and 5.

1  * Rpcbind on 2  NFS On

Vi. Examples

1, the NFS Server/home/david/share to the 192.168.1.0/24 network segment, permissions read and write.

Server-side files are detailed as follows:

1 vim/etc/exports  2192.168.  1.0/(rw)

2. Restart Portmap and NFS Services

1 Service Rpcbind Restart 2 Service NFS Restart 3 exportfs-rv #平滑加载配置

3, server side use the showmount command to query the sharing status of NFS

1 showmount-e # default view of your shared services, if you want DNS to resolve themselves, otherwise easy to error 2 showmount-a # Displays directory information that has been connected to the client

4. The client uses the Showmount command to query the shared status of NFS

SHOWMOUNT-E NFS Server IP

5. The client mounts the shared directory in the NFS server

Command format

1 Mount NFS Server IP: Shared directory local mount point directory 2 Mount ip:/data//media/3mountgrep NFS

6. Sharing permissions and access Control for NFS

Now let's create a file in/tmp/david/and see what the permissions are # Touch a here permission denied is because the NFS server-side shared directory itself has write permissions that are not open to other users, and that permission is opened on the server side.

1 chown -R  nfsnobody/data/ #两种方法都行 2chmod777 -r/data/

I used the root user to create a file that became a nfsnobody user. NFS has a number of default parameters, open/var/lib/nfs/etab to view the shared/data/full permission set value.

Cat /var/lib/nfs/etab

By default there are sync,wdelay,hide and so on, No_root_squash is to allow root to maintain permissions, Root_squash is to map root to nobody,no_all_squash own files can be changed. Therefore, the file owner created by Root is nfsnobody. Below we use normal user mount, write file test.

1 su - flyme12 $ cd/data/3Touch A

Ordinary users write to the file is their own name, which will ensure the security of the server.

On the analysis of permissions

1. When the client connects, the check for the ordinary user

A. If the identity of the normal user is explicitly set, then the identity of the client user is converted to the specified user;

B. If there is a user with the same name on NFS server, then the identity of the client login account is converted to the same user name as NFS server;

C. If there is no explicit designation, there is no user of the same name, then the user identity is compressed into nfsnobody;

2. When the client connects, the root check

A. If the No_root_squash is set, then the root user's identity is compressed to root on NFS server;

B. If All_squash, Anonuid, Anongid are set, the root identity is compressed to the specified user;

C. If there is no explicit designation, the root user is compressed to nfsnobody at this time;

D. If you specify both No_root_squash and All_squash users will be compressed to Nfsnobody, if set Anonuid, Anongid will be compressed to the specified user and group;

7. Unmount The mounted NFS shared directory

Umount /data/

vii. Start Automatic mount NFS file system

Format:

0 0 It 's better to put it in the/etc/rc.d/local. Easy to manage, don't put/etc/fstab/inside

Viii. Related orders

1, Exportfs

If we change/etc/exports after we start NFS, do we have to restart NFS? At this point we can use the EXPORTFS command to make the change take effect immediately, the command format is as follows:

# Exportfs [-aruv]

-A all mount or unload content in/etc/exports
-R re-reads the information in/etc/exports and synchronizes updates/etc/exports,/var/lib/nfs/xtab
-U Uninstalls a single directory (used together with-A to unload directories in all/etc/exports files)
-V Exports detailed information to the screen at the time of export.

Specific examples:
# Exportfs-au Uninstall all shared directories
# EXPORTFS-RV re-share all directories and output detailed information

2, Nfsstat

Viewing the running Status of NFS is a great help in adjusting the operation of NFS.

3, Rpcinfo

View RPC execution information, a tool that can be used to detect RPC health, and use RPCINFO-P to see what programs are available for RPC-enabled ports.

4, Showmount

-A displays directory information that is already on the client connection
-e IP or hostname display the directory shared by this IP address

5, Netstat

You can view the ports that are open for NFS service, where NFS is turned on by 2049,portmap 111 and the rest is RPC enabled.

Finally note two points, although the permission settings can be accessed by ordinary users, but when mounted by default only root can be mounted, ordinary users can execute sudo.

When NFS server shuts down, make sure that the NFS service is down and no clients are connected! Showmount-a can be viewed, if any, with kill Killall Pkill to end, (-9 forced end)

1. The Rpcbind failure error
Failure phenomena:
NFS Mount:server1:: Rpc:rpcbind failure
Rpc:timed out
NFS Mount:retrying:/mntpoint
Reason:
First, there may be an incorrect IP address, hostname, or node name combination in the client's Hosts file;
Second, the server temporarily stops the service because of overloading.

2. The server not responding error
Phenomenon:
NFS server Server2 Not responding, still trying
Reason:
First, the network does not pass, with the ping command to detect.
Second, the server shuts down.

3. The NFS client fails a reboot error
Phenomenon:
After you start the client, it stops, and the following prompt message is displayed:
Setting default interface for Multicast:add net 224.0.0.0:gateway:
Client_node_name.
Reason:
FG was used in the Mount option of Etc/vfstab and the resource on the Mount server could not be successfully changed to BG or commented out until the server is available.

4. The Service not responding error
Phenomenon:
NFS Mount:dbserver:NFS:Service Not responding
NFS Mount:retrying:/mntpoint
Reason:
First, the current level is not level 3, viewed with Who-r, and switched with Init 3.
Second, the NFS server daemon does not exist, with Ps-ef | grep NFS Check, starting with/etc/init.d/nfs start.

5. The program is not registered error
Phenomenon:
NFS Mount:dbserver:RPC:Program not registered
NFS Mount:retrying:/mntpoint
Reason:
First, the current level is not Level 3.
Second, the Mountd daemon is not started and the NFS daemon is started with the/etc/init.d/nfs script.
Third, see if the entries in/etc/dfs/dfstab are normal.

6. The stale file handle error
Phenomenon:
Stale NFS file handle
Reason:
The shared resources on the server moved to the location, and the client uses Umount and mount to re-hook them.

7. The Unknown host error
Phenomenon:
NFS Mount:sserver1:: Rpc:unknown Host
Reason:
The contents of the Hosts file are incorrect.

8. The mount point error
Phenomenon:
MOUNT:MOUNT-POINT/DS9 does not exist.
Reason:
The mount point does not exist on the client, note the spelling of the related entry in the command line or the/etc/vfstab file.

9. The no such file error
Phenomenon:
No such file or directory.
Reason:
The mount point does not exist on the server, check the spelling of the relevant entry in the command line or the/etc/vfstab file.

10. No Route to host
Error phenomena:
# Mount 10.10.11.211:/opt/data/xmldb/c2c-web1/data/xmldb-t nfs-o RW
Mount:mount to NFS server ' 10.10.11.211 ' Failed:system error:no the route to host.

Reason:
The firewall is turned on and the firewall is turned off.
For this reason many people have overlooked, if the firewall (including iptables and hardware firewall), NFS default to use 111 port, we first to detect whether the port is open, but also check the tcp_wrappers settings.

11. Not owner
Phenomenon:
# mount-f Nfs-o RW 10.10.2.3:/mnt/c2c/data/resinfo2/data/data/resinfo2
NFS Mount:mount:/data/data/resinfo2:not owner

Reason:
This is an error in the version of Solaris 10 that mounts the earlier version of NFS times.

Solve:
You need to use the-o vers=3 parameter

Example:
# mount-f Nfs-o vers=3 10.10.2.3:/mnt/c2c/data/resinfo2/data/data/resinfo2

12, Rpc:program not registered & retrying
Phenomenon:
NFS mount:10.10.2.3:: Rpc:program not registered
NFS Mount:retrying:/data/data/resinfo2

Reason:
The NFS shared-side service is not started.

WORKAROUND: You need to restart the NFS service on the share side,
Linux:
Mount:RPC:Program not registered
#/etc/init.d/nfs Restart

Solaris:
Mount:RPC:Program not registered
#/etc/rc.d/init.d/nfs Restart

13. Can ' t contact Portmapper:RPC:Remote system Error–connection refused
Phenomenon:
# exportfs-a
Can ' t contact Portmapper:RPC:Remote system Error–connection refused

Reason:
This error message occurs because the server side of the Portmap is not started.

Solve:
#/etc/init.d/portmap Start

Original Connection http://www.cnblogs.com/mchina/archive/2013/01/03/2840040.html

Http://www.ha97.com/4798.html

Simple configuration of Linux Server for NFS 6.8