System environment: CentOS Linux release 7
1, Installation
Both nfs client and server install nfs utils package, and rpcbind is installed automatically. After installation, the nfsnobody user and group will be created. The uid and gid are 65534.
# yum -y install nfs-utils
2, Configure port
In addition to the fixed main program port 2049 and rpcbind port 111, nfs also uses some random ports. The following configuration will define these ports to configure the firewall
# vim /etc/sysconfig/nfs #Add port configuration MOUNTD_PORT=4001 STATD_PORT=4002 LOCKD_TCPPORT=4003 LOCKD_UDPPORT=4003 RQUOTAD_PORT=4004
3, NFS permission description
1. Ordinary users
When all is set_ Square: visitors are always mapped as anonymous users (nfsnobody)
When no is set_ all_ Square: the guest is mapped to a user with the same uid on the server. Therefore, a user with the same uid on the server should be established on the client, otherwise it should also be mapped to nfsnobody. Except root, because root_suqash is the default option unless no is specified_ root_ squash
2. root user
When setting root_squash: when a guest accesses the NFS server as root, it is mapped to the nfsnobody user
When no is set_ root_ Square: when a guest accesses the NFS server as root, it is mapped as root. When accessed by other users, it is also mapped to the user corresponding to the uid, because No_ all_ Square is the default option
Option description
ro: shared directory read only
rw: the shared directory is readable and writable
all_ Square: all access users are mapped to anonymous users or user groups
no_ all_ Square (default): the access user is first matched with the local user, and then mapped to an anonymous user or user group after the matching fails
root_ Square (default): the root user accessed in the future is mapped to an anonymous user or user group
no_ root_ Square: the visiting root user keeps the root account permission
anonuid =: Specifies the local user UID of the anonymous access user. The default is nfsnobody (65534)
anongid =: Specifies the local user group GID of the anonymous access user. The default is nfsnobody (65534)
secure (default): restrict clients to connect to the server only from tcp/ip ports less than 1024
Secure: allows clients to connect to the server from tcp/ip ports greater than 1024
sync: write data into memory buffer and disk synchronously, which is inefficient, but can ensure data consistency
async: save the data in the memory buffer before writing to disk if necessary
wdelay (default): check whether there are related write operations. If so, execute these write operations together, which can improve efficiency
no_wdelay: if there is a write operation, it will be executed immediately. It should be used in conjunction with sync
subtree_check (default): if the output directory is a subdirectory, the nfs server will check the permissions of its parent directory
no_subtree_check: even if the output directory is a subdirectory, the nfs server does not check the permissions of its parent directory, which can improve efficiency
Create a shared directory with nfsuser(uid=1000). The parameter is rw by default
# mkdir /var/nfs# chown nfsuser. -R /var/nfs # vim /etc/exports /var/nfs 192.168.1.0/24(rw)# exportfs -r #heavy load exports to configure# exportfs -v #View shared parameter / var/nfs 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
exportfs parameter description
-a mount or uninstall all contents in / etc/exports
-r reread the information in / etc/exports and update / etc/exports, / var/lib/nfs/xtab synchronously
-u uninstall a single directory (used with - A to uninstall directories in all / etc/exports files)
-v output detailed shared parameters
4, Firewall (cloud service does not need to be configured)
# iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT # iptables-save >/etc/sysconfig/iptables
5, Start service
# systemctl start rpcbind.service # systemctl enable rpcbind.service # systemctl start nfs.service # systemctl enable nfs.service
The startup sequence must be rpcbind - > NFS, otherwise an error may occur
6, Client mount
1. Direct mount
# mount -t nfs nfs.st.local:/var/nfs /mnt
You can also write the mounting configuration into the fstab file. Like ordinary disk mounting, you can also specify permissions during mounting, but the type is nfs.
2. autofs mount
# yum -y install autofs # vi /etc/auto.master #Add a row /- /etc/auto.mount # vi /etc/auto.mount #Add a row /mnt -fstype=nfs,rw nfs.st.local:/var/nfs #Start service # systemctl start autofs # systemctl enable autofs
7, Troubleshooting
1. nfs can only be mounted as nobody
At the same time, modify the Domain in the server and client / etc/idmapd.conf to the same value, and then restart the rpcidmapd service or restart all services
2. The client cannot uninstall the nfs directory
umount.nfs4: /var/nfs: device is busy
Execute fuser -km /var/nfs /, then umount