Article Directory
NFS service overview
Network File System is a distributed file system protocol that allows you to share remote directories over the network. You can mount remote directories on the system and use files on the remote computer just like local files.
By default, the NFS protocol is unencrypted, and unlike Samba, it does not provide username and password authentication, but is authenticated by the client's IP address.
NFS service construction
- NFS service deployment
yum -y install nfs-utils rpcbind
- NFS service configuration
# 权限配置
vi /etc/exports
/backup 10.130.1.0/24(rw,async)
# 立刻生效
exportfs -arv
Parameter explanation: ([*] core parameters)
(1) Ro the host has read-only access to the shared directory
(2) Rw the host has read-write access to the shared directory [*]
(3) Root_squash client is the root user When accessing the shared folder, the root user is mapped to an anonymous user
(4) No_root_squash When the client uses root to access the shared folder, the root user is not mapped
(5) All_squash is mapped to any user on the client when accessing the shared directory Anonymous users[*]
(6) Anonuid maps the users on the client to users with the specified local user ID
(7) Anongid maps the users on the client to belong to the specified local user group ID
(8) Sync data is synchronously written to Memory and hard disk
(9) Async data will be temporarily stored in the memory, rather than directly written to the hard disk. [*]
(10) Insecure allows unauthorized access from this machine
(11) subtree_check if sharing /usr/bin For subdirectories such as NFS, force NFS to check the permissions of the parent directory (default)
(12) no_subtree_check is the opposite of the above, does not check the parent directory permissions
(13) wdelay If multiple users want to write to the NFS directory, group write (
( Default) (14)no_wdelay If multiple users want to write to the NFS directory, they will write immediately. When using async, this setting is not required.
(15) hide does not share its subdirectories in the NFS shared directory
(16) no_hide shares the subdirectories of the NFS directory
(17) Secure NFS is sent through a secure TCP/IP port below 1024
(18) insecure NFS is sent through a port above 1024
- NFS service started
# 启动
service rpcbind start
service nfs start
# 停止
service rpcbind stop
service nfs stop
# 状态
service rpcbind status
service nfs status
- NFS status check
# nfs进程
ps aux | grep nfs
# rpc状态
rpcinfo -p
# 检查本机共享
showmount -e 127.0.0.1
NFS service optimization
- NFS service process optimization
Another important factor to be aware of when using NFS is the total number of NFS threads available on the NFS server. If you have a large number of clients accessing the NFS server, it is best to increase the number of threads on the NFS server.
There are 8 processes by default, optimization needs to modify the [RPCNFSDCOUNT] parameter of the [/etc/sysconfig/nfs] file:
vi /etc/sysconfig/nfs
# Number of nfs server processes to be started.
# The default is 8.
RPCNFSDCOUNT=16
- Kernel parameter optimization
Transferring large files over the network requires a lot of memory on the server and client. However, by default, a Linux machine will never allocate a lot of memory for this purpose, because it also needs to provide memory for other applications.
There are two values that can be modified to adjust them. One is the socket input queue and the other is the socket output queue. The input queue is where the requests that need to be processed are queued, and the output queue is where the requests are queued.
echo 'net.core.wmem_max=219136' >> /etc/sysctl.conf
echo 'net.core.rmem_max=219136' >> /etc/sysctl.conf
- Client mount optimization
# 性能优化选项
rsize,wsize,noatime,nodiratime
# 安全优化选项
nosuid,noexec
mount -t nfs -o noatime,nodiratime,rsize=131072,wsize=131072 192.168.0.114:/backup/NFS /mnt
Parameter explanation
noatime Cancel the update of the inode access time on the file system, improve the I/O performance, and optimize the I/O purpose. It is recommended.
nodiratime cancels the update of the directory inode access time on the file system. For high concurrency environments, it is recommended to apply this option explicitly to improve system performance.
On the file system mounted by nosuid, can you set the UID (security option)
for the file system mounted by noexec, or execute the program (security option)