NFS server setup

NFS (Network File System) is used for file sharing between Unix/Linux, and NFS relies on the RPC (Remote Procedure Call) protocol during file transfer. NFS itself does not provide protocols and functions for information transmission. As long as NFS is used, the RPC service needs to be started, whether it is the NFS server or the client.

Before starting the NFS service, first start the RPC service (CentOS5 is the portmap service, and versions after CentOS6.6 are the rpcbind service), otherwise the NFS server cannot register with the RPC service. In addition, if the RPC service is restarted, the original and some NFS ports will be lost. Therefore, as long as the RPC service is restarted, the NFS service will restart and re-register a new random port number with the RPC. Generally, after modifying the NFS configuration file, you do not need to restart the service, and you can restart it smoothly. The command: /etc/init.d/nfs reload or exportfs -rv can modify /etc/exports to take effect.

Related software packages: nfs-utils (NFS service main program), rpcbind (PRC service program)

• nfsdListening ports: 2049/tcp, 2049/udp
• portmapperListening ports: 111/tcp, 111/udp
• Related configuration files:
  • /etc/exports
  • /etc/sysconfig/nfs
  • /etc/nfsmount.conf
  • /etc/nfs.conf

1. Install and start nfs-utils, rpcbind

# yum -y install nfs-utils rpcbind

启动顺序很关键，必须先启动rpcbind服务，是的nfs服务可以像rpc服务注册端口
# systemctl restart rpcbind
# systemctl restart nfs

查看NFS服务向rpc注册的端口信息，主端口号是：111 
# rpcinfo -p 192.168.10.10
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    3   udp   2049  nfs_acl
    100021    1   udp  37633  nlockmgr
    100021    3   udp  37633  nlockmgr
    100021    4   udp  37633  nlockmgr
    100021    1   tcp  44262  nlockmgr
    100021    3   tcp  44262  nlockmgr
    100021    4   tcp  44262  nlockmgr

2. Add a share entry

编辑/etc/exports文件添加共享条目
# vim /etc/exports
/shared		192.168.10.0/24(ro) 192.168.20.0/24(rw)

修改共享目录权限和属主属组
# mkdir /shared
# chown -R nfsnobody:nfsnobody /shared
# chmod -R 760 /shared

# 重新导出共享目录
# exportfs -arv

测试
# showmount -e 192.168.10.10
Export list for 192.168.10.10:
/shared 192.168.10.0/24
测试成功

条目格式：(man exports查看man手册)
共享目录		NFS客户端地址(属性1,属性2) 

- ro: 只读
- rw: 读写（还需要配置共享目录有读写权限）
- sync: 数据同步写入NFS服务器端的硬盘中
- async: 数据先写到缓存区，再写到磁盘里中
- root_squash: NFS客户端连接服务端时如果使用的是root的话，那么对服务端分享的目录来说，拥有匿名用户权限，通常他将使用nobody或nfsnobody身份
- no_root_squash: NFS客户端连接服务端时如果使用的是root的话，那么对服务端分享的目录来说，也拥有root权限。显然开启这项是不安全的
- all_squash: 不论NFS客户端连接服务端时使用什么用户，对服务端分享的目录来说都是拥有匿名用户权限
- anonuid：指定匿名用户的UID值，通常是nobody或nfsnobody，可以在此处自行设定
- anongid: 指定匿名用户的GID值

3. Client mount and use

客户端也要安装nfs-utils、rpcbind
# yum -y install nfs-utils rpcbind

客户端只需要启动rpcbind服务即可，不需要启动nfs服务
# systemctl restart rpcbind

列出服务端的共享目录
# showmount -e 192.168.10.10
Export list for 192.168.10.10:
/shared 192.168.10.0/24

挂载文件系统到本地
# mount -t nfs 192.168.10.10:/shared /nfs 
# df -h 
192.168.10.10:/shared     17G  5.4G   12G  32% /nfs

4. Related commands

showmount

Display the mount information of the NFS server

showmount -e NFS_SERVER: 查看NFS服务器“导出”的各文件系统
showmount -a NFS_SERVER: 查看NFS服务器所有被挂载的文件系统及其挂载的客户端对应关系列表
showmount -d NFS_SERVER: 显示NFS服务器所有导出的文件系统中被客户端挂载了文件系统列表

exportfs

Execute this command after modifying the /etc/exports file to re-export or unexport all file systems without restarting the nfs service

-a：跟-r或-u选项同时使用，表示重新挂载所有文件系统或取消导出所有文件系统；
-r: 重新导出
-u: 取消导出
-v: 显示详细信息

rpcinfo

Show RPC information

-p：用rpc协议来探测主机host上使用的rpcbind，并显示所有已注册的RPC程序

nfsstat

Viewing the running status of NFS is very helpful for adjusting the running of NFS

5. NFS performance tuning

Use the dd command to test the read and write performance, and modify the configuration file according to the read and write performance to allow the maximum number of nfs client connections

# time dd if=/dev/zero of=/nfs/test bs=10k count=10000
10000+0 records in
10000+0 records out
102400000 bytes (102 MB) copied, 0.604919 s, 169 MB/s

real    0m0.608s
user    0m0.002s
sys     0m0.078s

修改配置文件/etc/sysconfig/nfs中的参数RPCNFSDCOUNT,该参数默认值为8

Q&A Frequently Asked Questions

1. When the client mounts, an error is reportedmount clntudp_create: RPC: Port mapper failure - RPC: Unable to receive

• Use the command rpcinfo -pto check whether the portmap service starts normally and the corresponding port (default 111)
• Check firewall settings, allow tcp, udp port 111 access
• Check /etc/hosts.deny, /etc/hosts.allow to see if client connections are blocked

2. When the client executes the command showmount -e NFS_SERVER_IP, an error is reported:mount clntudp_create: RPC: Program not registered

• The nfs or rpcbind service is not started, use chkconfig to add nfs and rpcbind to the system service and use service to start

3. When the client executes the command showmount -e NFS_SERVER_IP, an error is reported:rpc mount export: RPC: Unable to receive; errno = No route to host

• Configuration file: /etc/sysconfig/nfs Find the place where the relevant port settings of the nfs service are set, remove the comment and configure the specified port, and then specify the Udp that allows the corresponding port in the iptables firewall settings, and the tcp flow passes through.

4. The execution showmount -e NFS_SERVER_IPis successful, but the mount reports an error:mount: mount to NFS server '192.168.10.10' failed: System Error: No route to host.

• This is because the default port 2049 of the nfs service is blocked by the firewall. Modify iptables to allow port 2049 to pass through.

5. The execution showmount -e NFS_SERVER_IPis successful, but the mount reports an error:mount: mount to NFS server '192.168.10.10' failed: timed out (retrying).

• Edit the tcp port of the iptables-related port to allow through, but not udp.

6. The directory permission attribute in the /etc/exports configuration file of the server is set to rw (the default is root_squash), but an error is reported when the touch command is executed in the mount directory of the client:touch: cannot touch a: Permission denied

• Check if the server-side shared directory has write permissionll -d /shared
• Modify the server-side shared directory permissions chown -R 760 /shared(the file owner root has full permissions, all group users of the file have read and write permissions, other users have no permissions, and then set the directory group to nfsnobody)
• Modify the server-side shared directory owner group to nfsnobodychown -R nfsnobody:nfsnobody /shared