NFS (Network File System) is used for file sharing between Unix/Linux, and NFS relies on the RPC (Remote Procedure Call) protocol during file transfer. NFS itself does not provide protocols and functions for information transmission. As long as NFS is used, the RPC service needs to be started, whether it is the NFS server or the client.
Before starting the NFS service, first start the RPC service (CentOS5 is the portmap service, and versions after CentOS6.6 are the rpcbind service), otherwise the NFS server cannot register with the RPC service. In addition, if the RPC service is restarted, the original and some NFS ports will be lost. Therefore, as long as the RPC service is restarted, the NFS service will restart and re-register a new random port number with the RPC. Generally, after modifying the NFS configuration file, you do not need to restart the service, and you can restart it smoothly. The command: /etc/init.d/nfs reload or exportfs -rv can modify /etc/exports to take effect.
Related software packages: nfs-utils (NFS service main program), rpcbind (PRC service program)
nfsd
Listening ports: 2049/tcp, 2049/udpportmapper
Listening ports: 111/tcp, 111/udp- Related configuration files:
- /etc/exports
- /etc/sysconfig/nfs
- /etc/nfsmount.conf
- /etc/nfs.conf
1. Install and start nfs-utils, rpcbind
# yum -y install nfs-utils rpcbind
启动顺序很关键,必须先启动rpcbind服务,是的nfs服务可以像rpc服务注册端口
# systemctl restart rpcbind
# systemctl restart nfs
查看NFS服务向rpc注册的端口信息,主端口号是:111
# rpcinfo -p 192.168.10.10
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 37633 nlockmgr
100021 3 udp 37633 nlockmgr
100021 4 udp 37633 nlockmgr
100021 1 tcp 44262 nlockmgr
100021 3 tcp 44262 nlockmgr
100021 4 tcp 44262 nlockmgr
2. Add a share entry
编辑/etc/exports文件添加共享条目
# vim /etc/exports
/shared 192.168.10.0/24(ro) 192.168.20.0/24(rw)
修改共享目录权限和属主属组
# mkdir /shared
# chown -R nfsnobody:nfsnobody /shared
# chmod -R 760 /shared
# 重新导出共享目录
# exportfs -arv
测试
# showmount -e 192.168.10.10
Export list for 192.168.10.10:
/shared 192.168.10.0/24
测试成功
条目格式:(man exports查看man手册)
共享目录 NFS客户端地址(属性1,属性2)
- ro: 只读
- rw: 读写(还需要配置共享目录有读写权限)
- sync: 数据同步写入NFS服务器端的硬盘中
- async: 数据先写到缓存区,再写到磁盘里中
- root_squash: NFS客户端连接服务端时如果使用的是root的话,那么对服务端分享的目录来说,拥有匿名用户权限,通常他将使用nobody或nfsnobody身份
- no_root_squash: NFS客户端连接服务端时如果使用的是root的话,那么对服务端分享的目录来说,也拥有root权限。显然开启这项是不安全的
- all_squash: 不论NFS客户端连接服务端时使用什么用户,对服务端分享的目录来说都是拥有匿名用户权限
- anonuid:指定匿名用户的UID值,通常是nobody或nfsnobody,可以在此处自行设定
- anongid: 指定匿名用户的GID值
3. Client mount and use
客户端也要安装nfs-utils、rpcbind
# yum -y install nfs-utils rpcbind
客户端只需要启动rpcbind服务即可,不需要启动nfs服务
# systemctl restart rpcbind
列出服务端的共享目录
# showmount -e 192.168.10.10
Export list for 192.168.10.10:
/shared 192.168.10.0/24
挂载文件系统到本地
# mount -t nfs 192.168.10.10:/shared /nfs
# df -h
192.168.10.10:/shared 17G 5.4G 12G 32% /nfs
4. Related commands
showmount
Display the mount information of the NFS server
showmount -e NFS_SERVER: 查看NFS服务器“导出”的各文件系统
showmount -a NFS_SERVER: 查看NFS服务器所有被挂载的文件系统及其挂载的客户端对应关系列表
showmount -d NFS_SERVER: 显示NFS服务器所有导出的文件系统中被客户端挂载了文件系统列表
exportfs
Execute this command after modifying the /etc/exports file to re-export or unexport all file systems without restarting the nfs service
-a:跟-r或-u选项同时使用,表示重新挂载所有文件系统或取消导出所有文件系统;
-r: 重新导出
-u: 取消导出
-v: 显示详细信息
rpcinfo
Show RPC information
-p:用rpc协议来探测主机host上使用的rpcbind,并显示所有已注册的RPC程序
nfsstat
Viewing the running status of NFS is very helpful for adjusting the running of NFS
5. NFS performance tuning
Use the dd command to test the read and write performance, and modify the configuration file according to the read and write performance to allow the maximum number of nfs client connections
# time dd if=/dev/zero of=/nfs/test bs=10k count=10000
10000+0 records in
10000+0 records out
102400000 bytes (102 MB) copied, 0.604919 s, 169 MB/s
real 0m0.608s
user 0m0.002s
sys 0m0.078s
修改配置文件/etc/sysconfig/nfs中的参数RPCNFSDCOUNT,该参数默认值为8
Q&A Frequently Asked Questions
- When the client mounts, an error is reported
mount clntudp_create: RPC: Port mapper failure - RPC: Unable to receive
- Use the command
rpcinfo -p
to check whether the portmap service starts normally and the corresponding port (default 111) - Check firewall settings, allow tcp, udp port 111 access
- Check /etc/hosts.deny, /etc/hosts.allow to see if client connections are blocked
- When the client executes the command
showmount -e NFS_SERVER_IP
, an error is reported:mount clntudp_create: RPC: Program not registered
- The nfs or rpcbind service is not started, use chkconfig to add nfs and rpcbind to the system service and use service to start
- When the client executes the command
showmount -e NFS_SERVER_IP
, an error is reported:rpc mount export: RPC: Unable to receive; errno = No route to host
- Configuration file: /etc/sysconfig/nfs Find the place where the relevant port settings of the nfs service are set, remove the comment and configure the specified port, and then specify the Udp that allows the corresponding port in the iptables firewall settings, and the tcp flow passes through.
- The execution
showmount -e NFS_SERVER_IP
is successful, but the mount reports an error:mount: mount to NFS server '192.168.10.10' failed: System Error: No route to host.
- This is because the default port 2049 of the nfs service is blocked by the firewall. Modify iptables to allow port 2049 to pass through.
- The execution
showmount -e NFS_SERVER_IP
is successful, but the mount reports an error:mount: mount to NFS server '192.168.10.10' failed: timed out (retrying).
- Edit the tcp port of the iptables-related port to allow through, but not udp.
- The directory permission attribute in the /etc/exports configuration file of the server is set to rw (the default is root_squash), but an error is reported when the touch command is executed in the mount directory of the client:
touch: cannot touch a: Permission denied
- Check if the server-side shared directory has write permission
ll -d /shared
- Modify the server-side shared directory permissions
chown -R 760 /shared
(the file owner root has full permissions, all group users of the file have read and write permissions, other users have no permissions, and then set the directory group to nfsnobody) - Modify the server-side shared directory owner group to nfsnobody
chown -R nfsnobody:nfsnobody /shared