Intro to NFS
NFS is the abbreviation for Network File System, which is the biggest feature is that you can through the network, so that different machines, different operating systems can share each other's files .
NFS server allows the network PC NFS server shared directory is mounted to the end of the local file system, and in the local end system point of view, the remote host directory that is like one of their own disk partition, as in the use on very convenient;
NFS is generally used to store shared video, pictures and other static data.
NFS mount principle:
As illustrated:
When we set up a shared directory / home / public NFS server , the other has access to the NFS server NFS client can this directory is mounted to a mount point of its own file system , this can mount point their definition, as in FIG client a and client B is not the same end mounted directory. And after you mount all the data we can see the server / home / public locally. If the client server-side configuration of the end of the read-only, then the client will only be able to read-only. If the configuration read-write, clients are able to read and write. Once mounted, NFS client to view the disk information command: #df -h.
Since NFS is for data transmission between server and client over the network, the data to be transferred must have a network port corresponding to think between the two, in the end NFS server which port to use for data transmission it? Basically this NFS server port to open in 2049, but the file system is very complex. Therefore NFS There are other programs to start the extra ports, these additional ports to transfer data is randomly selected , the port is less than 1024; since it is random, then the client is aware of how to use the NFS server in the end which port it? Then you need to call (Remote Procedure Call, RPC) protocol remote procedure to achieve it!
RPC and NFS communication theory: Because NFS support functions quite a bit, and different functions will use a different program to start, a start of each function will be to enable some port to transmit data, the NFS functionality corresponding port is not fixed the client should know that NFS server related ports to establish a connection for data transmission, and RPC is used for unified management of NFS service port, and the common external port is 111 , RPC will record information about NFS port, so we can pass RPC implementation service and client communication port information. PRC main function is specified for each NFS function corresponding port number, and notifies the client, the client can connect to the referred port up properly.
So how do you know RPC is NFS function of each port it?
When the first NFS started, it will use some random port, then NFS RPC will go to register these ports, RPC will record these ports, and RPC will open 111 ports, RPC request to wait for the client, if the client there is a request, the server-side RPC will be recorded before the NFS port information to inform the client. So the client will get NFS server port information, the data will be transmitted to the actual port.
Note: Before starting the NFS SERVER, we must first start the RPC service (ie portmap service, the same below) or NFS SERVER will not be able to register with the RPC service area, in addition, if the RPC service is restarted, the already registered data will be good NFS port all is lost. Therefore, at this time of NFS RPC service management program should be restarted to re-register with the RPC. Special Note: After the general modify NFS configuration file is no need to restart NFS, do systemctl reload nfs exportfs -rv or directly in command to modify the / etc / exports into force
NFS client and NFS server communication process:
- First, start the RPC server-side service, and open port 111
- Start the NFS server service, and RPC ports registration information
- Client initiates RPC (portmap service), a service request to the NFS server port server-side RPC (portmap)
- Server-side RPC (portmap) service feedback NFS port information to the client.
- NFS client and server to establish connections and transmit data via NFS port acquired.
Under Linux NFS server deployments
NFS software and services required for the main configuration file:
NFS installation service, you need to install two software are:
>>> RPC main program: rpcbind
NFS RPC can actually be seen as a service, because before starting any RPC service, we all need to do correspondence (mapping) of the working port of the job, the job is actually "rpcbind" This service is responsible! In other words, before you start any RPC service, we need to start the rpcbind job! (In CentOS 5.x before this software called portmap, after CentOS 6.x only called rpcbind's!).
>>> NFS main program: nfs-utils
Rpc.nfsd is to provide software and rpc.mountd both NFS daemons and other related documents and documentation, execution of documents! This is the main software NFS service needs.
NFS-related documents:
>>>主要配置文件:/etc/exports
这是 NFS 的主要配置文件了。该文件是空白的,有的系统可能不存在这个文件,主要手动建立。NFS的配置一般只在这个文件中配置即可。
>>>NFS 文件系统维护指令:/usr/sbin/exportfs
这个是维护 NFS 分享资源的指令,可以利用这个指令重新分享 /etc/exports 变更的目录资源、将 NFS Server 分享的目录卸除或重新分享。
>>>分享资源的登录档:/var/lib/nfs/*tab
在 NFS 服务器的登录文件都放置到 /var/lib/nfs/ 目录里面,在该目录下有两个比较重要的登录档, 一个是 etab ,主要记录了 NFS 所分享出来的目录的完整权限设定值;另一个 xtab 则记录曾经链接到此 NFS 服务器的相关客户端数据。
>>>客户端查询服务器分享资源的指令:/usr/sbin/showmount
这是另一个重要的 NFS 指令。exportfs 是用在 NFS Server 端,而 showmount 则主要用在 Client 端。showmount 可以用来察看 NFS 分享出来的目录资源。
服务端安装NFS服务步骤:
第一步:安装NFS和rpc。
[root@localhost ~]# yum install -y rpc-bind nfs-utils #安装nfs服务 [root@localhost ~]# yum install -y rpcbind #安装rpc服务
第二步:启动服务和设置开启启动:
注意:先启动rpc服务,再启动nfs服务。
[root@localhost ~]# systemctl start rpcbind #先启动rpc服务 [root@localhost ~]# systemctl enable rpcbind #设置开机启动 [root@localhost ~]# systemctl start nfs-server nfs-secure-server #启动nfs服务和nfs安全传输服务 [root@localhost ~]# systemctl enable nfs-server nfs-secure-server [root@localhost /]# firewall-cmd --permanent --add-service=nfs success #配置防火墙放行nfs服务 [root@localhost /]# firewall-cmd --reload success
第三步:配置共享文件目录,编辑配置文件:
首先创建共享目录,然后在/etc/exports配置文件中编辑配置即可。
[root@localhost /]# mkdir /public #创建public共享目录 [root@localhost /]# vi /etc/exports /public 192.168.245.0/24(ro) /protected 192.168.245.0/24(rw) [root@localhost /]# systemctl reload nfs #重新加载NFS服务,使配置文件生效
配置文件说明:
格式: 共享目录的路径 允许访问的NFS客户端(共享权限参数)
如上,共享目录为/public , 允许访问的客户端为192.168.245.0/24网络用户,权限为只读。
请注意,NFS客户端地址与权限之间没有空格。
NFS输出保护需要用到kerberos加密(none,sys,krb5,krb5i,krb5p),格式sec=XXX
none:以匿名身份访问,如果要允许写操作,要映射到nfsnobody用户,同时布尔值开关要打开,setsebool nfsd_anon_write 1
sys:文件的访问是基于标准的文件访问,如果没有指定,默认就是sys, 信任任何发送过来用户名
krb5:客户端必须提供标识,客户端的表示也必须是krb5,基于域环境的认证
krb5i:在krb5的基础上做了加密的操作,对用户的密码做了加密,但是传输的数据没有加密
krb5p:所有的数据都加密
用于配置NFS服务程序配置文件的参数:
参数 作用
ro 只读
rw 读写
root_squash 当NFS客户端以root管理员访问时,映射为NFS服务器的匿名用户
no_root_squash 当NFS客户端以root管理员访问时,映射为NFS服务器的root管理员
all_squash 无论NFS客户端使用什么账户访问,均映射为NFS服务器的匿名用户
sync 同时将数据写入到内存与硬盘中,保证不丢失数据
async 优先将数据保存到内存,然后再写入硬盘;这样效率更高,但可能会丢失数据
NFS客户端挂载配置:
第一步 使用showmount命令查看nfs服务器共享信息。输出格式为“共享的目录名称 允许使用客户端地址”。
[root@localhost ~]# showmount -e 192.168.245.128 Export list for 192.168.245.128: /protected 192.168.245.0/24 /public 192.168.245.0/24
showmount命令的用法;
参数 作用
-e 显示NFS服务器的共享列表
-a 显示本机挂载的文件资源的情况NFS资源的情况
-v 显示版本号
第二步 在客户端创建目录,并挂载共享目录。
[root@localhost ~]# mkdir /mnt/public [root@localhost ~]# mkdir /mnt/date [root@localhost ~]# vim /etc/fstab #在该文件中挂载,使系统每次启动时都能自动挂载 192.168.245.128:/public /mnt/public nfs defaults 0 0 192.168.245.128:/protected /mnt/data nfs defaults 0 1 [root@localhost ~]# mount -a #是文件/etc/fstab生效
第三步 检查:
[root@mail ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/rhel-root xfs 17G 3.1G 14G 18% / devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev tmpfs tmpfs 1.4G 140K 1.4G 1% /dev/shm tmpfs tmpfs 1.4G 9.1M 1.4G 1% /run tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 173M 842M 18% /boot tmpfs tmpfs 280M 32K 280M 1% /run/user/0 /dev/sr0 iso9660 3.6G 3.6G 0 100% /mnt/cdrom 192.168.245.128:/public nfs4 17G 3.7G 14G 22% /mnt/public 192.168.245.128:/protected nfs4 17G 3.7G 14G 22% /mnt/data
————————————————
版权声明:本文为CSDN博主「曹世宏的博客」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_38265137/article/details/83146421