Shulou(Shulou.com)06/02 Report--

11.1. Introduction to NFS

NFS is the abbreviation of Network File System and its Chinese name is Network File system. It is a network protocol that enables computers with different operating systems to share through the network. Because NFS can share files quickly, effectively provide resource utilization, save local disk space, and facilitate centralized management, it is widely used.

NFS works in Cramp S mode. After the NFS server sets up the shared file directory, other NFS clients can transfer the directory shared by the remote server to a self-defined mount point on the local system and use it.

NFS supports many functions, and different functions are realized by different programs. Every time you start a function, you need to open some ports for data transmission. Therefore, unlike most other Cramp S structures, NFS does not monitor some fixed ports, but randomly uses some unused ports less than 1024 for data transmission. However, when the client needs to connect to the server, it must first know the service port provided by the server program, and the randomness of the NFS port brings trouble for the client connection, so NFS uses remote procedure call RPC (Remote Procedure Call) to solve the problem.

When NFS starts, it randomly uses the unused port less than 1024 on the server as the service port, and then registers the port number, process ID, and listening IP with the RPC service. In this way, the RPC service knows the service port corresponding to each NFS function. When the client connects to the RPC service through fixed port 111, RPC will return the port number corresponding to each NFS function to the client. At this point, the client can communicate directly with NFS through these ports.

11.2. Installation and configuration of NFS server

The main software designed by NFS server is rpcbind and nfs-utils, which are the main programs of RPC and NFS respectively. The functions of these two software packages are:

Rpcbind: listens to ports 111/tcp and 111/udp. The main function is to specify the port number corresponding to each NFS function and report it to the client, so that the client can connect to the correct port.

The main program of nfs-utils:NFS listens on the ports 2049/tcp and 2049/udp, including the two daemons rpc.nfsd and rpc.mountd needed to provide NFS services and other related configuration files.

[root@localhost home] # yum install-y rpcbind nfs-utils # yum installation package [root@localhost home] # rpm-ql rpcbind # View the specific installation path of the file / etc/rc.d/init.d/rpcbind # rpcbind automatic startup script / sbin/rpcbind # main program / usr/sbin/rpcinfo/usr/share/doc/rpcbind-0.2 .0 # documentation / usr/share/doc/rpcbind-0.2.0/AUTHORS/usr/share/doc/rpcbind-0.2.0/ChangeLog/usr/share/doc/rpcbind-0.2.0/README/usr/share/man/man8/rpcbind.8.gz # help File / usr/share/man/man8/rpcinfo.8.gz/var/cache/rpcbind# when starting the NFS service Start rpcbind first, then start the nfs service [root@localhost home] # service rpcbind start # start rpcbindStarting rpcbind: [OK] [root@localhost home] # service nfs start # start nfsStarting NFS services: [OK] Starting NFS mountd: [OK] Starting NFS daemon: [OK] Starting RPC idmapd: [OK] # when shutting down the NFS service, shut down the nfs service first Then disable the rpcbind service [root@localhost home] # service nfs stopShutting down NFS daemon: [OK] Shutting down NFS mountd: [OK] Shutting down RPC idmapd: [OK] [root@localhost home] # service rpcbind stopStopping rpcbind: [OK]

The configuration file on the NFS server is implemented through the / etc/exports configuration file. After changing the configuration file, you need to use the exports command to make the changed configuration take effect.

Exports profile

The / etc/exports file is the main configuration file for NFS, which is used to set the shared directory of the server, as well as the host that the directory is allowed to access, access permissions, and so on. After NFS is installed, a blank exports file is created in the / etc directory, that is, there is no shared directory, and users need to edit it manually. Each line of the file defines a shared directory in the format:

Shared directory [client 1 (option 1, option 2.)] [client 2 (option 1, option 2)].

The shared directory is separated from each client by a space, and other content is optional except the shared directory.

Shared directories: provide directories used by NFS clients

Client: a computer that can access a shared directory, which can be specified by an IP address and hostname, a network segment using a subnet mask or a wildcard'*'or'?' Make a fuzzy assignment.

Options: specify access to the shared directory, if not, NFS uses the default option.

Client example:

The client describes all computers in the 192.168.2.0 subnet of the Demoserver hostname Demoserver computer with the 10.0.0.71IP address 10.0.0.71 host?.example.com? Represents all computers in any character * .example.com.example.com domain * all computers

Common client options:

The client option states that the ro client can only access files in the shared directory as read-only, and cannot write rw to the shared directory to read / write sync to write data synchronously to memory and async on the hard disk.

In asynchronous IO mode, the data is temporarily stored in memory and then written to the hard disk secure when needed.

Restrict NFS services to use less than 1024 port numbers for data transmission insecure

Use wdelay with ports greater than 1024

If multiple clients want to read and write to the same directory, then no_wdelay these operations together

Write immediately if there is a write operation. When the async option is set, this option has no effect on hide

When sharing a directory, the subdirectory no_hide in the directory is not shared

Shared subdirectory subtree_check

Force NFS to check the permissions no_subtree_check of the parent directory of a shared directory

Do not check parent directory permissions all_squash

Regardless of the identity of the user who logs in to NFS, his UID and GID are mapped to anonymous users and user groups. No_all_squash retains the original UID and GID of users, but not mapping anonuid specifies that the NFS server uses the user with this value of UID in the / etc/passwd file as anonymous users. Try to maintain the consistency of client-side and server-side users UID. Anongid specifies that the NFS server uses the user with this value in the / etc/group file as the anonymous user group root_squash. If the user who logs in to the NFS server to use the shared directory is root, the permissions of this user are mapped to anonymous users no_root_squash. If the user who logs in to the NFS server to use the shared directory is root, retain its root permissions. This can lead to serious security problems.

Exportfs command: output shared directory

When the NFS service starts, it reads the contents of the / etc/exports configuration file and outputs the shared directory set in the file for client use. After the NFS service starts, if you want to make changes to / etc/exports, you need to output the shared directory through exportfs with the command format:

/ usr/sbin/exportfs [- avi] [- o options,..] [client:/path..] / usr/sbin/exportfs-r [- v] / usr/sbin/exportfs [- av]-u [client:/path..] / usr/sbin/exportfs [- v] / usr/sbin/exportfs-f

Common options:

-a: export all or cancel all shared directories

-I: ignore the / etc/exports configuration file and use the default or options specified on the command line

-o: specify client options for the output

-r: reread the configuration in / etc/exports and synchronize the contents of / var/lib/nfs/xtab and / etc/exports

-u: cancel the output of one or more shared directories

-v: if not used with other options, all directories currently shared and their option settings are displayed, and those actions are shown if the shared directory is exported or unexported

11.3. NFS client configuration

To use the server's shared directory on the NFS client, you need to start the rpcbind service on the local host, then use the showmount command to see which directories are shared by the NFS server, use the mkdir command to establish a local mount point of the shared directory, and finally use the mount command to mount the shared directory locally.

The format of the showmount command is:

Showmount [option] [host IP or name]

Common options:

-a: commonly used on NFS servers to display clients that have mounted the server's shared directory and the shared directory they use

-d: similar to-a, but only shows the directory, not the specific client

-e: displays a list of shared directories output by the specified NFS server

-h: displays help information

-v: displays version information

-- no-headers: no title information is output

The mount point can be specified by the user. After you create the mount point, you can mount the shared directory. The command used to mount the shared directory is the same as the command for mounting the local file system. The mount command is in the following format:

Mount [options] NFS server IP or hostname: shared directory mount point

Common options:

Option description-t nfs specifies the type of file system to be mounted as NFS-o ro read-only mount file system is read-o rw read-write-o rsize=n specifies the block size used by NFS when reading files on the NFS server, unit byte-o wsize=n specifies the block size used by NFS when writing files on the NFS server, and unit byte-o timeo=n specifies the delay for resending the request after the timeout Unit 1/10 seconds-o retrans=n specifies the number of attempts before abandoning the mount-o acregmin=n specifies the minimum time for files to be stored in the buffer, unit seconds-o acregmax=n specifies the maximum time for files to be stored in buffer, unit seconds-o acdirmin=n specifies the minimum time for directories to be stored in buffer, unit seconds-o acdirmax=n specifies the maximum time for directories to be stored in buffer, unit seconds-o actime=n this option value instead of acregmin,acregmax,acdirmin,acdirmax Set these four values to the same-o retry=n specifies the time to attempt before abandoning the mount, in minutes-o port=n specifies the port number used to connect to the NFS server-o proto=n specifies the network protocol used when mounting the NFS file system-o fg uses the foreground method to mount the job-o bg uses the background mode to complete the mount work-o hard displays an error message of server not responding on the console and tries to connect again if it times out Until recovery-o soft if the connection times out, return I intr O error to the requesting program-o intr if the NFS file operation timed out and hard mount was used, allowing file operations to be interrupted-o noac to disable caching, forcing synchronous writes-o fsc to start local disk cache

11.4. Mount the shared directory on demand using autofs

In the traditional way of using NFS shared directory, the client generally mounts the shared directory by executing the mount command manually or by configuring the boot to hang automatically in the fstab file. However, there is not a permanent connection between the NFS client and the server, and one of the disadvantages of NFS is that when the client and the server connect, either party may go offline and cause the other party to wait for a timeout. At the same time, many users may mount the shared directory, but do not actually use it, resulting in the consumption of NFS server resources. in order to solve these problems, the general practice is to use autofs service to mount the shared directory dynamically during access.

Autofs is a program that mounts the file system on demand and can be installed directly using yum.

[root@localhost ~] # yum install-y autofs [root@localhost ~] # service autofs startLoading autofs4: [OK] Starting automount: [OK]

/ etc/auto.master is the main configuration file for autofs, and the configuration format is:

Mount point top-level directory mapping file

Top-level directory of the mount point: for example, if you want to hang the shared directory under the / nfs/public directory, then the value here is set to / nfs, and / nfs/public does not need to be created manually

Mapping file: this file is specified and created by the user, and how the NFS system set up in this file should be mounted

Mapping file format:

Mount point [- mount option] NFS server name or IP: shared directory

Where the mount point is based on the relative path of the 'mount point top directory' set in the auto.master file. After the configuration file is changed, you need to restart the autofs service configuration to take effect, or you can use reload overload.

Configure an instance

Suppose the NFS server nfsserver outputs four shared directories, and the specific contents of the / tmp,/sharefiles/public / sharefiles/private,/media/cdrom,exports file are as follows:

[root@localhost ~] # cat / etc/exports / tmp 192.168.191.* (rw,no_root_squash) / sharefiles/public 192.168.191.* (rw,all_squash,anonuid=40,anongid=40) / sharefiles/private 192.168.191.* (rw) / media/cdrom 192.168.191.* (ro)

To mount these directories locally through the autofs service

/ nfs/tmp/nfs/public/nfs/private/nfs/cdrom

Create the top-level directory of the mount point

[root@localhost ~] # mkdir / nfs

Edit the / etc/automaster file and add the following:

/ nfs / etc/auto.nfs

Edit the / etc/auto.nfs mapping file:

[root@localhost] # cat / etc/auto.nfs tmp-192.168.191.128:/tmppublic-192.168.191.128:/sharefiles/publicprivate-192.168.191.128:/sharefiles/privatecdrom-192.168.191.128:/media/cdrom

Restart the autofs service:

[root@localhost nfs] # service autofs reloadReloading maps [root@localhost home] # cd / nfs/ # enter the nfs directory Directory is empty [root@localhost nfs] # ls [root@localhost nfs] # ls / nfs/cdrom # access to each mounted directory cdrom.txt [root@localhost nfs] # ls / nfs/privateprivate [root@localhost nfs] # ls / nfs/publicpublic [root@localhost nfs] # ls / nfs/tmpyum.log [root@localhost nfs] # ls # cdrom private public tmp appears only when the mounted directory is accessed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.