72.1. NFSv4
72.1.1. Ubuntu
72.1.1.1. NFSv4 server
sudo apt-get install nfs-kernel-server
Configuration
vim /etc/exports /www *(ro,sync,no_root_squash) /home *(rw,sync,no_root_squash) /export 192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async) /export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)
To start the NFS server
sudo /etc/init.d/nfs-kernel-server start
72.1.1.2. NFSv4 client
sudo apt-get install nfs-common
NFSv3
sudo mount example.hostname.com:/www /www
NFSv4
# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/ /mnt # mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/users /home/users
NFS Client Configuration
vim /etc/fstab example.hostname.com:/ubuntu /local/ubuntu nfs rsize=8192,wsize=8192,timeo=14,intr
72.1.2. CentOS
72.1.2.1. NFS Server Configuration
yum install -y nfs-utils
过程 72.1. On the *SERVER* side
- stop & disable services
service nfs stop service nfslock stop service rpcbind stop service rpcidmapd stop
- /etc/fstab
as root edit /etc/fstab and add nfs4 exports /www /exports none bind 0 0
- as root edit /etc/exports
NFSv3
/exports 172.16.1.0/24 (rw,sync)
NFSv4
/exports 172.16.1.0/24(rw,sync,fsid=0,anonuid=99,anongid=99) /exports/neo *(rs,sync)
- reload exported filesystems
# exportfs -rv
- start required services
chkconfig rpcbind on chkconfig nfs on chkconfig nfslock on chkconfig rpcidmapd on service rpcbind start service rpcidmapd start service nfs start service nfslock start
- nfs status
# nfsstat Server rpc stats: calls badcalls badauth badclnt xdrcall 171 0 0 0 0 Server nfs v3: null getattr setattr lookup access readlink 3 1% 150 88% 0 0% 3 1% 2 1% 0 0% read write create mkdir symlink mknod 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% remove rmdir rename link readdir readdirplus 0 0% 0 0% 0 0% 0 0% 0 0% 9 5% fsstat fsinfo pathconf commit 0 0% 3 1% 0 0% 0 0%
# watch nfsstat -c Every 2.0s: nfsstat -c Mon Sep 20 16:53:55 2010 Client rpc stats: calls retrans authrefrsh 286818929 1160 0 Client nfs v4: null read write commit open open_conf 0 0% 37286763 13% 6 0% 1 0% 38990106 13% 17986485 6% open_noat open_dgrd close setattr fsinfo renew 6 0% 0 0% 38774539 13% 2172019 0% 16 0% 147 0% setclntid confirm lock lockt locku access 321 0% 321 0% 0 0% 0 0% 0 0% 62157123 21% getattr lookup lookup_root remove rename link 80553542 28% 8828991 3% 8 0% 5 0% 5 0% 0 0% symlink create pathconf statfs readlink readdir 0 0% 1 0% 0 0% 5 0% 0 0% 13933 0% server_caps delegreturn 24 0% 54556 0%
- security
# vi /etc/hosts.deny rpcbind:ALL # vi /etc/hosts.allow rpcbind:172.16.1.0/255.255.254.0
NFS的队列大小下面将设置为较合理的值256K
# echo 262144 > /proc/sys/net/core/rmem_default # echo 262144 > /proc/sys/net/core/rmem_max # echo 262144 > /proc/sys/net/core/wmmen_default # echo 262144 > /proc/sys/net/core/wmmen_max
过程 72.2. NFSv4
- /etc/exports
# cat /etc/exports /www 172.16.1.2/32(ro,sync,fsid=0,anonuid=99,anongid=99) /www/logs *(rw,sync)
注意,要通过NFS4共享一个目录,必须使用 fsid=0 的参数,使用fsid=0选项的时候只能共享一个目录,这个目录将成为NFS服务器的根目录。
- 启动NFS,v4 不需要rpcbind
service rpcbind stop service rpcidmapd stop service nfs restart service nfslock stop
- 查看 export 设置
# exportfs /www 172.16.1.2/32 /www/logs 172.16.1.0/24
- mount NFSv4
mount -t nfs4 172.16.1.15:/logs /mnt
72.1.2.1.1. NFS 防火墙配置
查看NFS正在使用的端口
rpcinfo -p localhost
vi /etc/sysconfig/nfs
LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 RQUOTAD_PORT=875 STATD_PORT=662 STATD_OUTGOING_PORT=2020
service nfs restart
iptables -I INPUT -m state --state NEW -p tcp \
-m multiport --dport 111,892,2049,32803 -s 192.168.0.0/24 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp \
-m multiport --dport 111,892,2049,32769 -s 192.168.0.0/24 -j ACCEPT
72.1.2.2. NFS Client Configuration
CentOS 6 NFSv3 portmap 已经不存,已经被rpcbind替代
chkconfig rpcbind on service rpcbind start
test nfs
mount 172.16.1.10:/exports /mnt
NFSv4
mount -t nfs4 -o ro,intr 172.16.1.10:/ /mnt
umount /mnt
过程 72.3. On the *CLIENT* side
- Mounting NFS File Systems using /etc/fstab
The general syntax for the line in /etc/fstab is as follows:
server:/usr/local/pub /pub nfs rsize=8192,wsize=8192,timeo=14,intr
NFSv4
server:/ /mount/point nfs4 rw,hard,intr,proto=tcp,port=2049,auto 0 0
- mount all stuff from /etc/fstab
# mount -a
- rpcinfo
rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 707 status 100024 1 tcp 710 status 100021 1 udp 48233 nlockmgr 100021 3 udp 48233 nlockmgr 100021 4 udp 48233 nlockmgr 100021 1 tcp 58065 nlockmgr 100021 3 tcp 58065 nlockmgr 100021 4 tcp 58065 nlockmgr - start required services
centos 5.x
chkconfig portmap on service portmap start
centos 6
chkconfig rpcbind on service rpcbind start
72.1.2.2.1. Using NFS over UDP
For example, on demand via the command line (client side):
mount -o udp shadowman.example.com:/misc/export /misc/local
When the NFS mount is specified in /etc/fstab (client side):
server:/usr/local/pub /pub nfs rsize=8192,wsize=8192,timeo=14,intr,udp
72.1.3. exports
72.1.3.1. Permission
/etc/exports为: /tmp *(rw,no_root_squash) /home/public 192.168.0.*(rw) *(ro) /home/test 192.168.0.100(rw) /home/linux *.example.com(rw,all_squash,anonuid=40,anongid=40)
72.1.3.2. Parameters
General Options
ro 只读访问 rw 读写访问 rsize 同时传输(读 )的数据块大小 wsize 同时传输(写)的数据块大小 sync 所有数据在请求时写入共享 async NFS在写入数据前可以相应请求 secure NFS通过1024以下的安全TCP/IP端口发送 insecure NFS通过1024以上的端口发送 wdelay 如果多个用户要写入NFS目录,则归组写入(默认) no_wdelay 如果多个用户要写入NFS目录,则立即写入,当使用async时,无需此设置。 hide 在NFS共享目录中不共享其子目录 no_hide 共享NFS目录的子目录 subtree_check 如果共享/usr/bin之类的子目录时,强制NFS检查父目录的权限(默认) no_subtree_check 和上面相对,不检查父目录权限
User ID Mapping
all_squash 共享文件的UID和GID映射匿名用户anonymous,适合公用目录。 no_all_squash 保留共享文件的UID和GID(默认) root_squash root用户的所有请求映射成如anonymous用户一样的权限(默认) no_root_squas root用户具有根目录的完全管理访问权限 anonuid=xxx 指定NFS服务器/etc/passwd文件中匿名用户的UID anongid=xxx 指定NFS服务器/etc/passwd文件中匿名用户的GID
72.1.3.3. 实例参考
只读挂载
172.16.2.5:/ /www/images nfs4 ro,rsize=8192,wsize=8192,timeo=15,intr,noac
72.1.4. NFS For Windows
安装NFS服务,进入“控制面板”,点击“打开或关闭Windows功能”,再勾选“NFS 服务”,最后确定
启动NFS服务,控制面板\管理工具\Network File System 服务(NFS)
或者通过命令启动NFS服务
nfsadmin client [ComputerName] start
指定挂在用户ID,开始“运行”输入“regedit”回车,然后找到 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default,右键“新建”选择“DWORD(32为)值” 添加 AnonymousUid,AnonymousGid,然后双击 AnonymousUid,AnonymousGid编辑,选择十进制并输入用户ID。
重新启动NFS 服务,不需要重新启动计算机。
挂载文件系统
C:\Users\neo>mount \\192.168.2.15\www x:\
卸载文件系统
C:\Users\neo>umount x: 正在断开 x: \\192.168.2.15\www 连接上存在打开的文件和/或未完成的目录搜索。 要继续此操作吗? (Y/N) [N]:Y 命令已成功完成。
 |
提示 |
|---|---|
|
很不幸Microsoft Windows 目前尚不支持UTF-8字符集。 |
72.1.5. exportfs - maintain table of exported NFS file systems
# exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/www # exportfs /www 172.16.0.0/24 # cat /var/lib/nfs/etab /www 172.16.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=500,anongid=500)
reload /etc/exports
/usr/sbin/exportfs -r
To unexport the /usr/tmp directory:
# exportfs -u netkiller.github.com:/usr/tmp
To unexport all exports listed in /etc/exports:
# exportfs -au
#!/bin/bash
RETVAL=0
start()
{
/usr/sbin/exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/backup
mount /dev/sdb1 /backup
RETVAL=$?
echo
}
stop()
{
exportfs -u 172.16.0.0/24:/backup
umount /backup
RETVAL=$?
}
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
时间: 2024-09-23 16:40:24