CentOS7NFS service installation and configuration

System environment: CentOS Linux release 7

1, Installation

Both nfs client and server install nfs utils package, and rpcbind is installed automatically. After installation, the nfsnobody user and group will be created. The uid and gid are 65534.

# yum -y install nfs-utils

2, Configure port

In addition to the fixed main program port 2049 and rpcbind port 111, nfs also uses some random ports. The following configuration will define these ports to configure the firewall

# vim /etc/sysconfig/nfs
#Add port configuration
MOUNTD_PORT=4001  
STATD_PORT=4002
LOCKD_TCPPORT=4003
LOCKD_UDPPORT=4003
RQUOTAD_PORT=4004

3, NFS permission description

1. Ordinary users

When all is set_ Square: visitors are always mapped as anonymous users (nfsnobody)

When no is set_ all_ Square: the guest is mapped to a user with the same uid on the server. Therefore, a user with the same uid on the server should be established on the client, otherwise it should also be mapped to nfsnobody. Except root, because root_suqash is the default option unless no is specified_ root_ squash

2. root user

When setting root_squash: when a guest accesses the NFS server as root, it is mapped to the nfsnobody user

When no is set_ root_ Square: when a guest accesses the NFS server as root, it is mapped as root. When accessed by other users, it is also mapped to the user corresponding to the uid, because No_ all_ Square is the default option

Option description
ro: shared directory read only
rw: the shared directory is readable and writable
all_ Square: all access users are mapped to anonymous users or user groups
no_ all_ Square (default): the access user is first matched with the local user, and then mapped to an anonymous user or user group after the matching fails
root_ Square (default): the root user accessed in the future is mapped to an anonymous user or user group
no_ root_ Square: the visiting root user keeps the root account permission
anonuid =: Specifies the local user UID of the anonymous access user. The default is nfsnobody (65534)
anongid =: Specifies the local user group GID of the anonymous access user. The default is nfsnobody (65534)
secure (default): restrict clients to connect to the server only from tcp/ip ports less than 1024
Secure: allows clients to connect to the server from tcp/ip ports greater than 1024
sync: write data into memory buffer and disk synchronously, which is inefficient, but can ensure data consistency
async: save the data in the memory buffer before writing to disk if necessary
wdelay (default): check whether there are related write operations. If so, execute these write operations together, which can improve efficiency
no_wdelay: if there is a write operation, it will be executed immediately. It should be used in conjunction with sync
subtree_check (default): if the output directory is a subdirectory, the nfs server will check the permissions of its parent directory
no_subtree_check: even if the output directory is a subdirectory, the nfs server does not check the permissions of its parent directory, which can improve efficiency

Create a shared directory with nfsuser(uid=1000). The parameter is rw by default

# mkdir /var/nfs# chown nfsuser. -R /var/nfs  
# vim /etc/exports  
/var/nfs    192.168.1.0/24(rw)# exportfs -r  #heavy load exports to configure# exportfs -v  #View shared parameter / var/nfs 	 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)

exportfs parameter description

-a mount or uninstall all contents in / etc/exports
-r reread the information in / etc/exports and update / etc/exports, / var/lib/nfs/xtab synchronously
-u uninstall a single directory (used with - A to uninstall directories in all / etc/exports files)
-v output detailed shared parameters

4, Firewall (cloud service does not need to be configured)

# iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT
# iptables-save >/etc/sysconfig/iptables

5, Start service

# systemctl start rpcbind.service
# systemctl enable rpcbind.service
# systemctl start nfs.service
# systemctl enable nfs.service

The startup sequence must be rpcbind - > NFS, otherwise an error may occur

6, Client mount

1. Direct mount

# mount -t nfs nfs.st.local:/var/nfs /mnt

You can also write the mounting configuration into the fstab file. Like ordinary disk mounting, you can also specify permissions during mounting, but the type is nfs.

2. autofs mount

# yum -y install autofs
# vi /etc/auto.master
#Add a row
/-    /etc/auto.mount
# vi /etc/auto.mount
#Add a row
/mnt -fstype=nfs,rw  nfs.st.local:/var/nfs

#Start service
# systemctl start autofs 
# systemctl enable autofs 

7, Troubleshooting

1. nfs can only be mounted as nobody

At the same time, modify the Domain in the server and client / etc/idmapd.conf to the same value, and then restart the rpcidmapd service or restart all services

2. The client cannot uninstall the nfs directory

umount.nfs4: /var/nfs: device is busy

Execute fuser -km /var/nfs /, then umount

Tags: Linux CentOS nfs

Posted on Wed, 01 Dec 2021 08:55:26 -0500 by nodster