NFS Service Introduction
What is NFS?
NFS is the abbreviation of Network File System. Its biggest function is to enable different machines and different operating systems to share files with each other over the Network.
The NFS server allows PC to mount the shared directory of the NFS server to the local file system. In the local system, the directory of the remote host is like a disk partition, which is quite convenient to use.
NFS stores static data such as shared videos and images.
NFS mounting principles:
<
As shown above:
After setting A shared directory /home/public on the NFS server, other NFS clients that have access to the NFS server can mount the directory to A certain mount point on their own file system. The mount point can be customized by themselves. For example, client A and client B mount different directories. After mounting, we can see all data of server /home/public locally. If the client is configured as read-only on the server side, then the client can only be read-only. If read/write is configured, the client can read/write. After mounting, run the #df -h command on the NFS client to view disk information.
Since NFS transfers data between the server and the client over the network, a corresponding network port is required for data transfer between the two. Which port does the NFS server use for data transfer? Basically NFS this server port is opened at 2049, but because the file system is very complex. Therefore, NFS has other programs to enable additional ports, which are randomly selected to transmit data less than 1024; Since it is random, how does the client know which port the NFS server is using? This is done through the Remote Procedure Call (RPC) protocol!
Communication between RPC and NFS:
NFS supports many functions, and different functions are enabled by different programs. Each function enables some ports for data transmission. Therefore, the ports corresponding to NFS functions are not fixed, and clients can establish connections for data transmission only after they know the related ports on the NFS server. RPC is used to centrally manage NFS ports. The unified external port is 111. RPC records NFS port information, so that the server and client can communicate port information through RPC. The most important function of PRC is to specify the port number corresponding to each NFS function and notify clients that they can connect to normal ports.
So how does RPC know the port of each NFS function?
When NFS start after the first, for the use of random ports, then the NFS RPC to register to these ports, RPC will record these ports, and RPC will open 111 port, waiting for the client RPC requests, if the client request, then the server RPC will record before NFS port information to inform the client. In this case, the client obtains the port information of the NFS server and transfers data using the actual port.
Note: Before starting the NFS SERVER, start the RPC service (portMap service, same below). Otherwise, the NFS SERVER cannot register with the RPC service area. In addition, if the RPC service is restarted, all the data of registered NFS ports will be lost. Therefore, the NFS program managed by the RPC service must also be restarted to re-register with the RPC. Note that you do not need to restart NFS after modifying NFS configuration files. You can run systemctl reload NFS or exportfs -rv to make the modified /etc/exports take effect
Communication between an NFS client and an NFS server:
-
First, the RPC service is enabled on the server and port 111 is enabled
-
The SERVER starts the NFS service and registers the port information with the RPC
-
The client starts the Portmap service (RPC) and requests the NFS port of the server from the Portmap service (RPC)
-
The portmap (RPC) service on the server reports NFS port information to the client.
-
The client establishes an NFS connection with the server and transfers data through the NFS port.
The NFS server is deployed in Linux
Software and configuration files required for the NFS service:
Two software packages are required to install the NFS service:
-
RPC main program: rpcBind
NFS can be considered as an RPC service, because before starting any RPC service, you need to do port mapping. This is what the “rpcbind” service does. That is, before starting any RPC services, we need to start rpcBind! (This software was called portMap before CentOS 5.x and rpcbind after CentOS 6.x!) .
-
NFS main program: nfs-utils
NFSD and mountd NFS daemons and other related documents and instructions, execution files, etc. This is the main software required for the NFS service.
NFS related files:
- /etc/exports this is the main NFS configuration file. This file is blank, some systems may not exist this file, mainly manually created. Generally, NFS configuration can only be configured in this file.
- NFS file system maintenance command: /usr/sbin/exportfs This command is used to maintain NFS share resources. You can use this command to re-share the changed directory resources of /etc/exports, remove or re-share the directory shared by the NFS Server.
- Login files for sharing resources: /var/lib/nfs/* TAB All login files on the NFS server are stored in the /var/lib/nfs/directory. Two important login files are stored in this directory. One is etab, which records the complete permission Settings of the shared directories. The other XTab records relevant client data that has been linked to this NFS server.
- This is another important NFS directive: /usr/sbin/showmount. Exportfs is used on the NFS Server, and showmount is used on the Client. You can view the NFS shared directory resources by running the showmount command.
Procedure For installing the NFS service on the server:
Step 1: Install NFS and RPC.
[root@localhost ~]# yum install -y nfs-utils # yum install -y rpcbind #Copy the code
Step 2: Start services and Settings
Note: Start the RPC service first and then the NFS service.
[root@localhost ~]# systemctl start rpcbind [root@localhost ~]# systemctl enable rpcbind [root@localhost ~]# systemctl start nfs-server nfs-secure-server # Start the NFS service and NFS secure transmission service [root@localhost ~]# systemctl enable Nfs-server nfs-secure-server [root@localhost /]# firework-cmd --permanent --add-service= NFS success [root@localhost /]# firewall-cmd --reload successCopy the code
Step 3: Configure the shared file directory and edit the configuration file:
Create the shared directory first and then edit the configuration in the /etc/exports configuration file.
[root@localhost /]# mkdir /public # create public shared directory [root@localhost /]# vi /etc/exports /public 192.168.245.0/24(ro) /protected 192.168.245.0/24 (rw) [root@localhost /]# systemctl reload NFSCopy the code
Configuration file description:
Format: Shared directory path NFS clients allowed to access (share permission parameter)
In the preceding example, the shared directory is /public, and the client that is allowed to access is 192.168.245.0/24. The permission is read-only.
Note that there is no space between the NFS client address and permissions.
NFS output protection requires Kerberos encryption (none, sys, KRb5, KRB5i, krb5p) in the format SEC =XXX
None: Access anonymously. To allow write operations, map to user nfsnobody and enable the Boolean value switch. Setsebool nfsd_anon_write 1
Sys: File access is based on standard file access. If not specified, the default is SYS, and any user name sent is trusted
Krb5: The client must provide an identity, and the client representation must also be KRB5, domain-based authentication
Krb5i: Based on KRB5, the user’s password is encrypted, but the transmitted data is not encrypted
Krb5p: All data is encrypted
Parameters used to configure the NFS service profile:
parameter | role |
---|---|
ro | read-only |
rw | Read and write |
root_squash | When an NFS client is accessed as the root administrator, it is mapped as an anonymous user on the NFS server |
no_root_squash | If an NFS client is accessed as the root administrator, it is mapped to the root administrator of the NFS server |
all_squash | Is the access account used by an NFS client an anonymous user on the NFS server |
sync | At the same time, data is written to the memory and hard disk to prevent data loss |
async | Data is stored in memory before being written to hard disks. It’s more efficient, but you can lose data |
NFS client mounting configuration:
** Step 1: ** Run the showmount command to view the NFS share information. The output format is Share directory name Allow client address.
[root@localhost ~]# showmount -e 192.168.245.128
Export list for 192.168.245.128:
/protected 192.168.245.0/24
/public 192.168.245.0/24
Copy the code
Usage of the showmount command;
parameter | role |
---|---|
-e | The share list of the NFS server is displayed |
-a | Displays information about mounted file resources Information about NFS resources |
-v | Display version number |
** Step 2, ** create a directory on the client and mount the shared directory.
[root@localhost ~]# mkdir/MNT /public [root@localhost ~]# mkdir/MNT /data [root@localhost ~]# vim /etc/fstab The system can automatically mount 192.168.245.128: every time you start/public/MNT/public NFS defaults 0 0 192.168.245.128: / protected/MNT/data NFS defaults to 0 1 [root@localhost ~]# mount -a # If the /etc/fstab file takes effectCopy the code
Step 3: Check:
[root@mail ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/rhel-root xfs 17G 3.1G 14G 18% /
devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs tmpfs 1.4G 140K 1.4G 1% /dev/shm
tmpfs tmpfs 1.4G 9.1M 1.4G 1% /run
tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 173M 842M 18% /boot
tmpfs tmpfs 280M 32K 280M 1% /run/user/0
/dev/sr0 iso9660 3.6G 3.6G 0 100% /mnt/cdrom
192.168.245.128:/public nfs4 17G 3.7G 14G 22% /mnt/public
192.168.245.128:/protected nfs4 17G 3.7G 14G 22% /mnt/data
Copy the code
Mount NFS on Windows
Step 1: In the Control Panel – > Add Programs and Features – > Add NFS Components.
Step 2: On this computer, add the NFS address to the mapped drive and the folder to share.
Step 3: If there is a problem with permissions, open the registry: Regedit create two OWORD (64) bit values under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default and add the value AnonymousGid. The default value is 0, AnonymousUid, the default value is 0.