Under CentOS7 NFS services to install and configure a fixed port under CentOS7 NFS service installation and configuration

CentOS7 under NFS service installation and configuration

System Environment: CentOS Linux release 7.4.1708 (Core) 3.10.0-693.el7.x86_64

Software Version: nfs-utils-1.3.0-0.48.el7_4.x86_64

Network environment to configure the DNS server, NFS server corresponding to the domain name is nfs.st.local, IP is 192.168.1.18. All the configuration process using the domain name.

First, install

nfs client and server are installed nfs-utils package is automatically installed rpcbind. It creates nfsnobody users and groups after installation, uid and gid are 65534.

# yum -y install nfs-utils

Second, configure ports

In addition to the main routine nfs port 2049 and the port 111 are fixed rpcbind, also use some random port, these ports will define the following configuration in order to configure the firewall

Vim # / etc / sysconfig / NFS 
# additional port configuration 
MOUNTD_PORT = 4001　　
STATD_PORT = 4002 
LOCKD_TCPPORT = 4003 
LOCKD_UDPPORT = 4003 
RQUOTAD_PORT = 4004

Three, NFS permissions Description

1, ordinary users

When setting all_squash: when all visitors are mapped to anonymous user (nfsnobody)

When setting no_all_squash: Visitors are mapped to the same uid user on the server, so the client and server uid should establish a consistent user, otherwise it is mapped to nfsnobody. Except for root, because root_suqash is the default, unless you specify no_root_squash

2, root user

When setting root_squash: Visitors to the root user to access the NFS server, the user is mapped to nfsnobody

When setting no_root_squash: When guest access NFS server as the root user is mapped to the root user. When other users access to the same mapped to the corresponding user's uid, because no_all_squash is the default option

Option Description
ro: read-only shared directory
rw: shared directory readable and writable
all_squash: All Access users are mapped to anonymous users or user groups
no_all_squash (default): Access the user to match the local user, the match fails then mapped to anonymous user or user group
root_squash (default): the visiting root user mapped to an anonymous user or user group
no_root_squash: visiting the root user to keep root user access
anonuid = <UID>: Specifies the local UID of anonymous access to the user, the default is nfsnobody ( 65534)
anongid = <the GID>: Specifies the local user anonymous access to the user group GID, default nfsnobody is (65534)
Secure (default): only small to limit client tcp / ip server port 1024
in the insecure: allow the client from tcp / ip port greater than 1024 server
sync: synchronize data written to disk and memory buffers, low efficiency, but can ensure the consistency of data
async: the first data stored in the memory buffer, write only when necessary disk
wdelay (default): check for related write operation, if there is a write operation will be executed with these OK, this can increase the efficiency
no_wdelay: if a write operation is performed immediately, should cooperate with the sync using
subtree_check (default): If the output directory is a subdirectory, then the nfs server checks the parent directory permissions
no_subtree_check: even if the output directory is a subdirectory, nfs server does not check the permissions of the parent directory, which can improve efficiency

To nfsuser (uid = 1000) to create a shared directory, the default parameters rw

Mkdir # / var / NFS 
# chown nfsuser. -R & lt / var / NFS　　
# Vim / etc / exports　　
/ var / NFS 192.168.1.0/24(rw) 
# # reload the exportfs -R & lt exports configuration 
# exportfs -v # view shared parameter 
/ var / nfs 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)

exportfs Parameter Description

-a to mount all content or uninstall / etc / exports in
-r reread / Information etc / exports, and synchronize updates / etc / exports, / var / lib / nfs / xtab
-u Uninstall a single directory (and use -a uninstall all together / etc / exports file directory)
-v detailed output parameters share

Fourth, the firewall

# iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT
# iptables-save >/etc/sysconfig/iptables

Fifth, start the service

# systemctl start rpcbind.service
# systemctl enable rpcbind.service
# systemctl start nfs.service
# systemctl enable nfs.service

Boot sequence must be rpcbind-> nfs, otherwise an error may occur

Six, Linux clients to mount

1, direct mount

# mount -t nfs nfs.st.local:/var/nfs /mnt

It can also be configured to mount write fstab file, the same as ordinary disk mount, the mount can also specify the permissions, but the type is nfs.

2, autofs mount

Yum the install the autofs -Y # 
# /etc/auto.master VI 
# adding a line 
/ - /etc/auto.mount 
# VI /etc/auto.mount 
# adding a line 
/ mnt -fstype = nfs, rw nfs.st.local : / var / nfs 

# start the service 
# systemctl start the autofs 
# systemctl enable the autofs

Seven, troubleshooting

1, nfs only mounted as nobody

At the same time modify the service, the client /etc/idmapd.conf the Domain to the same value, then restart rpcidmapd service, or restart all services

2, the client can not be uninstalled nfs directory

umount.nfs4: /var/nfs: device is busy

Performing fuser -km / var / nfs /, then the umount

reference

http://www.361way.com/rh254-nfs/4703.html

http://www.361way.com/nfs-mount-nobody/2616.html

https://www.server-world.info/en/note?os=CentOS_7&p=nfs&f=1

http://www.cnblogs.com/lykyl/archive/2013/06/14/3136921.html

Category: Linux service , CentOS7