centos配置nfs服务详细步骤(centos开启nfs服务)
<h2>服务端配置</h2><h3>1. 安装nfs-utils和rpcbind</h3>
<div> nfs客户端和服务端都安装nfs-utils包,同时自动安装rpcbind。安装后会创建nfsnobody用户和组,uid和gid都是65534。</div>
<div>代码如下:</div>
<div> </div>
<div>yum install nfs-utils rpcbind</div>
<div> </div>
<div>
<h3>2.配置端口</h3>
</div>
<div> nfs除了主程序端口2049和rpcbind的端口111是固定以外,还会使用一些随机端口,以下配置将定义这些端口,以便配置防火墙</div>
<div> 代码如下:
<pre># vim /etc/sysconfig/nfs
#追加端口配置
MOUNTD_PORT=4001
STATD_PORT=4002
LOCKD_TCPPORT=4003
LOCKD_UDPPORT=4003
RQUOTAD_PORT=4004</pre>
</div>
<div>
<h3>NFS权限说明</h3>
<p>1、普通用户</p>
<p>当设置all_squash时:访客时一律被映射为匿名用户(nfsnobody)</p>
<p>当设置no_all_squash时:访客被映射为服务器上相同uid的用户,因此在客户端应建立与服务端uid一致的用户,否则也映射为nfsnobody。root除外,因为root_suqash为默认选项,除非指定了no_root_squash</p>
<p>2、root用户</p>
<p>当设置root_squash时:访客以root用户访问NFS服务端时,被映射为nfsnobody用户</p>
<p>当设置no_root_squash时:访客以root用户访问NFS服务端时,被映射为root用户。以其他用户访问时同样映射为对应uid的用户,因为no_all_squash是默认选项</p>
<blockquote>
<p>选项说明<br>ro:共享目录只读<br>rw:共享目录可读可写<br>all_squash:所有访问用户都映射为匿名用户或用户组<br>no_all_squash(默认):访问用户先与本机用户匹配,匹配失败后再映射为匿名用户或用户组<br>root_squash(默认):将来访的root用户映射为匿名用户或用户组<br>no_root_squash:来访的root用户保持root帐号权限<br>anonuid=<UID>:指定匿名访问用户的本地用户UID,默认为nfsnobody(65534)<br>anongid=<GID>:指定匿名访问用户的本地用户组GID,默认为nfsnobody(65534)<br>secure(默认):限制客户端只能从小于1024的tcp/ip端口连接服务器<br>insecure:允许客户端从大于1024的tcp/ip端口连接服务器<br>sync:将数据同步写入内存缓冲区与磁盘中,效率低,但可以保证数据的一致性<br>async:将数据先保存在内存缓冲区中,必要时才写入磁盘<br>wdelay(默认):检查是否有相关的写操作,如果有则将这些写操作一起执行,这样可以提高效率<br>no_wdelay:若有写操作则立即执行,应与sync配合使用<br>subtree_check(默认) :若输出目录是一个子目录,则nfs服务器将检查其父目录的权限<br>no_subtree_check :即使输出目录是一个子目录,nfs服务器也不检查其父目录的权限,这样可以提高效率</p>
</blockquote>
<p>以nfsuser(uid=1000)创建共享目录,参数默认rw</p>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img src="https://common.cnblogs.com/images/copycode.gif"></span></div>
<pre># mkdir /var/nfs<br># chown nfsuser. -R /var/nfs
# vim /etc/exports
/var/nfs 192.168.1.0/24(rw)<br># exportfs -r #重载exports配置<br># exportfs -v #查看共享参数<br>/var/nfs 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)</pre>
<div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img src="https://common.cnblogs.com/images/copycode.gif"></span></div>
</div>
<blockquote>
<p>exportfs参数说明</p>
<p>-a 全部挂载或卸载 /etc/exports中的内容<br>-r 重新读取/etc/exports 中的信息 ,并同步更新/etc/exports、/var/lib/nfs/xtab<br>-u 卸载单一目录(和-a一起使用为卸载所有/etc/exports文件中的目录)<br>-v 输出详细的共享参数</p>
</blockquote>
<h3>四、防火墙</h3>
<div class="cnblogs_code">
<div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img src="https://common.cnblogs.com/images/copycode.gif"></span></div>
<pre># iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT
# iptables-save >/etc/sysconfig/iptables</pre>
<div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img src="https://common.cnblogs.com/images/copycode.gif"></span></div>
</div>
<h3>五、启动服务</h3>
<div class="cnblogs_code">
<pre># systemctl start rpcbind.service
# systemctl enable rpcbind.service
# systemctl start nfs.service
# systemctl enable nfs.service</pre>
</div>
<p>启动顺序一定是rpcbind->nfs,否则有可能出现错误</p>
</div>
<h3>3.设置开机启动服务</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>chkconfig nfs on</div>
<div>chkconfig rpcbind on</div>
<div> </div>
<div> </div>
<h3>4.启动相关服务</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>service rpcbind start</div>
<div>service nfs start</div>
<div> </div>
<div> </div>
<h3>5.创建共享目录</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>mkdir -p /export/primary</div>
<div>mkdir -p /export/secondary</div>
<div> </div>
<div> </div>
<h3>6.编辑/etc/exports文件添加如下内容</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>vi /etc/exports</div>
<div>/export*(rw,async,no_root_squash,no_subtree_check)</div>
<div> </div>
<div> </div>
<h3>7.刷新配置立即生效</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>exportfs -a</div>
<div> </div>
<div> </div>
<h2>客户端配置</h2>
<div> </div>
<h3>1. 安装nfs-utils和rpcbind</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>yum install nfs-utils rpcbind</div>
<div> </div>
<div> </div>
<h3>2.设置开机启动服务</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>chkconfig nfs on</div>
<div>chkconfig rpcbind on</div>
<div> </div>
<div> </div>
<h3>3.启动服务</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>servicerpcbind start</div>
<div>servicenfs start</div>
<div> </div>
<div> </div>
<h3>4.创建挂载点</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>mkdir -p /mnt/primary</div>
<div>mkdir -p /mnt/secondary</div>
<div> </div>
<div> </div>
<h3>5.挂载目录</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>mount -t nfs server_ip:/export/primary /mnt/primary</div>
<div>mount -t nfs server_ip:/export/secondary /mnt/secondary</div>
<div> </div>
<div> </div>
<h3>6.查看挂载的目录</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>df -h</div>
<div> </div>
<div> </div>
<h3>7.卸载挂载的目录</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>umount /mnt/primary</div>
<div>umount /mnt/secondary</div>
<div> </div>
<div> </div>
<h3>8.编辑/etc/fstab,开机自动挂载</h3>
<div> </div>
<div>代码如下:</div>
<div> </div>
<div>vi /etc/fstab</div>
<div>server_ip:/export/primary/mnt/primary nfs rw,tcp,intr 0 1</div>
<div>server_ip:/export/secondary/mnt/secondary nfs rw,tcp,intr 0 1</div>
<div> </div>
<div>
<h3>七、故障解决</h3>
<p>1、nfs只能挂载为nobody</p>
<p>同时修改服务端、客户端/etc/idmapd.conf中的Domain为一样的值,随后重启rpcidmapd服务,或重启所有服务</p>
<p>2、客户端无法卸载nfs目录</p>
<p>umount.nfs4: /var/nfs: device is busy</p>
<p>执行fuser -km /var/nfs/,然后再执行umount</p>
</div>
<div>
<h3>参考</h3>
<p>http://www.361way.com/rh254-nfs/4703.html</p>
<p>http://www.361way.com/nfs-mount-nobody/2616.html</p>
<p>https://www.server-world.info/en/note?os=CentOS_7&p=nfs&f=1</p>
<p>http://www.cnblogs.com/lykyl/archive/2013/06/14/3136921.html</p>
</div><br><br>
来源:https://www.cnblogs.com/xhomex/p/15265036.html
頁:
[1]