Linux NFS configuration

quick code

# Server configuration file and configuration method of nfs
echo '/newnfs 192.168.3.*rw,sync,no_root_squash)' >> /etc/exports
# Create a new folder in the root directory, permissions 777
mkdir /newnfs && chmod 777 /newnfs
# Restart rpcbind and nfs-server services systemctl restart rpcbind && systemctl restart nfs-server # Client of nfs # View Sever Information showmount -e 192.168.2.197
# mount mkdir /newnfs mount -t nfs 192.168.2.197:/newnfs /newnfs

 

File transfer series

There are many ways to transfer files, such as sftp provided by ssh, ftp provided by vsftp, and provided by samba.
  • openssh
    • sftp:22/tcp
    • sftp is implemented based on ssh, so after sshd is started, sftp comes with it, and it can be used without any additional configuration.
  • vsftp
    • ftp:20,21/tpc
    • ftp is the most "traditional" file transfer protocol, but the message is not encrypted, you can directly see the account password in the header by capturing the packet, which is not safe.
  • samba
    • smb:139/udp and 445/tcp
    • smb is a protocol created by Microsoft, which is currently used to transfer files between Windows systems and Linux systems.
  • webdav
    • http:?/tcp
    • webdav is my favorite transmission method. If you only need to download files, you don't even need an additional download software client. Just open it on the web and also support https.
  • nfs-utils
    • nfs:2049/tcp and rpc:111/tcp
    • To transfer files between multiple Linux machines, nfs is nothing more than the best choice. Nfs can mount files of other Linux hosts on this Linux, just as convenient as managing local files.

NFS

  • Learn about NFS today

Overview of NFS

Here's an overview citing the Big Guy article: NFS service details
  • NFS(Network File System) is a network file system protocol based on TCP/IP transmission. By using the NFS protocol, clients can access shared resources in remote servers as if they were local directories
  • NAS storage: The implementation of the NFS service relies on the RPC (Remote Process Call) mechanism to complete the remote-to-local mapping process.
  • NFS requires two packages
    • nfs-utils: the main program responsible for file transfer
    • rpcbind: It can convert RPC program numbers and general addresses to each other, and is responsible for information transmission.
  • The two have a division of labor, and nfs can only be started after rpcbind is started.

NFS mount

# You can first check whether the machine has nfs installed 
# rpm seriesLinux
rpm -aq | grep nfs

# deb series
dpkg -l | grep nfs

# The same is true for querying rpcbind 
 
# If not, install it
# rpm, of course, can also be installed with the dnf command
yum install nfs-utils rpcbind 

# deb 
apt install nfs-utils rpcbind

NFS_Server configuration

The configuration file corresponding to NFS is /etc/exports. The file is empty during initialization, and there is no # remark.
[root@client_149 ~]# cat /etc/exports
[root@client_149 ~]#

Format of the configuration file

1 The path of the shared directory 2 The NFS client ip to allow access (3 share permission parameter)
  • 1. The first item is the absolute path of the directory
  • 2. Wildcards can be used for the ip that allows access, for example, 192.168.2.* means 192.168.2.0-255 can be accessed
  • 3. Permission parameters, there are three pairs
parameter
Remark
File read and write permissions
  • read and write rw
  • read only ro
Login Account Mapping Anonymous
  • root_squash: When the NFS client accesses as the root administrator, the anonymous user mapped to the NFS server
  • no_root_squash: When the NFS client accesses as the root administrator, it is mapped to the root administrator of the NFS server
  • all_squash: No matter what account the NFS client uses to access, it is mapped to the anonymous user of the NFS server
How to synchronize data
  • sync: write data to memory and hard disk at the same time to ensure no data loss
  • async: Save data to memory first, and then write to hard disk; this is more efficient, but data may be lost if power is lost or other conditions occur in memory
#for example
/root/newdir 192.168.2.149(rw,sync,root_squash)
Note that there is no need for spaces between the following deductions, this is also a pit.

New shared folder

First create a new folder and give sufficient permissions, 777.
[root@server_197 ~]# mkdir /newnfs
[root@server_197 ~]# ll / | grep newnfs
drwxr-xr-x. 2 root root 6 Aug 30 19:57 newnfs
[root@server_197 ~]# chmod -R 777 /newnfs/
[root@server_197 ~]# ll / | grep newnfs
drwxrwxrwx. 2 root root 6 Aug 30 19:57 newnfs

write configuration

[root@server_197 ~]# echo '/newnfs 192.168.2.*rw,sync,no_root_squash)' >> /etc/exports
[root@server_197 ~]# cat /etc/exports /newnfs
192.168.2.(rw,sync,no_root_squash)

Fixed port (optional)

If you are using ipstables, or have other network segment port restrictions, you may need to fix the port.

  • nfs uses the port
    • portmapper (provided by rpc-bind) port: 111 udp/tcp
    • nfs/nfs_acl (provided by nfs) port: 2049 udp/tcp
    • mountd port: 32768-65535 udp/tcp
    • nlockmgr port: 32768-65535 udp/tcp
 
By default, the system RPC service will dynamically select a random port for mountd and nlockmgr to communicate with when the nfs service starts.
Append the following after /etc/sysconfig/nfs to fix the mountd and nlockmgr ports to 4001-4004.
RQUOTAD_PORT=4001
LOCKD_TCPPORT=4002
LOCKD_UDPPORT=4002
MOUNTD_PORT=4003
STATD_PORT=4004
The port can be fixed here, and the service needs to be restarted after modification.

Start the service and start up

Use systemctl to start rpcbind and nfs-server services, pay attention to start rpcbind first and then start nfs-server
[root@server_197 ~]# systemctl restart rpcbind
[root@server_197 ~]# systemctl enable rpcbind
[root@server_197 ~]# systemctl restart nfs-server
[root@server_197 ~]# systemctl enable nfs-server Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

Use netstat to see if there is a port listening, and if it is, the startup is successful.

[root@server_197 ~]# netstat -tlpn | grep "2049\|111"
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::2049 :::* LISTEN -

firewall and iptables

The firewall releases the corresponding services, nfs, rpc-bind, and mountd.
If you can suggest just keeping the firewall on it.
systemctl stop iptables
systemctl disable iptables
[root@server_197 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@server_197 ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@server_197 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@server_197 ~]# firewall-cmd --reload
success

iptables is a bit limited. If you have to use it, first fix the mountd port according to the previous options. I usually turn off iptables and leave the firewall first. But still write it like this, in case it is useful.

Fixed ports with previously set mountd, 4001-4004, and nfs:2049, rpc:111

iptables -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT 
iptables -A INPUT -p udp -m udp --dport 111 -j ACCEPT 
iptables -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 2049 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 4001:4004 -j ACCEPT 
iptables -A INPUT -p udp -m udp --dport 4001:4004 -j ACCEPT

# iptables -I : Add a new rule chain
# iptables -A : add a rule chain
# ptables -I Added rules are placed at the top of existing rules, iptables -A at the end of existing rules.

Restart the firewall

NFS_Client configuration

As the use of the Client, it is equivalent to the Sever sharing a hard disk, and we can directly mount it locally on the Client.

mount mount

Let's take a look at the Sever shared information, which is the configuration corresponding to our previous /etc/exports in Sever.

If it is not within the scope of the license, it will prompt mount.nfs: access denied by server while mounting.

  • showmount -[e|a|v] <ip>
    • -e, view shared information (remember -e)
    • -a, check the status of the file resources mounted on the machine NFS resources
    • -v, view nfs version
  • mount -t nfs 192.168.2.197:/newnfs /newnfs

    • Mount 192.168.2.197:/newnfs on /newnfs of the local machine, because the permissions are set before this folder is 777
[root@client_149 ~]# showmount -e 192.168.2.197 #Take a look at the information shared by Sever first
Export list for 192.168.2.197:
/newnfs 192.168.2.*
[root@client_149 ~]# mount -t nfs 192.168.2.197:/newnfs /newnfs
  • You can also mount all from the root directory, but because there is no permission, you can only see /newnfs with 777 permissions
# Create a new folder to mount the root directory of the Server
[root@client_149 ~]# mkdir /nfs_197
# mount
[root@client_149 ~]# mount -t nfs 192.168.2.197:/ /nfs_197
# Check the contents of the mounted directory
[root@client_149 ~]# ll /nfs_197
total 0
drwxrwxrwx. 2 root root 20 Aug 31 01:30 newnfs

auto mount

fstab mount

After restarting, it will be mounted again. We can edit /etc/fstab to set up automatic mounting.

append at the end

echo '192.168.2.197:/newnfs /newnfs nfs 0 0' >> /etc/fstab

If it does not take effect, set the automatic mount to start at boot.

systemctl start remote-fs.target
systemctl enable remote-fs.target

Boot execution

Of course, you can also automatically execute the mount command /etc/rc.local at boot time

# Append the previous mount command to the end of rc.local
[root@client_149 ~]# echo 'mount -t nfs 192.168.2.197:/newnfs /newnfs' >> /etc/rc.local
# Check it out after adding
[root@client_149 ~]# cat /etc/rc.local | grep -v "#"
touch /var/lock/subsys/local
mount -t nfs 192.168.2.197:/newnfs /newnfs

Remember to make this /etc/rc.local executable +x

test

At present, both Server and Client have been configured. We create a new file in the shared and mounted directory on any host of Server and Client, and then check it on another host.

 

 

Tags: Linux nfs

Posted by frkmilla on Tue, 30 Aug 2022 20:24:10 +0930