linux NFS installation configuration and FAQ and etc and exports configuration file showmount command

1. Server-side software: install nfs-utils and portmap (rpcbind)
nfs-utils: rpc.nfsd and rpc.mountd are available in two NFS DAEMONS packages
portmap: NFS can actually be regarded as one RPC SERVER PROGRAM, while to start one RPC SERVER PROGRAM, the corresponding work of PORT must be done well, and such a task is completed by PORTMAP. Generally speaking, PortMap is used to make mapping of PORT.
NFS needs to be booted DAEMONS: refer to NFS daemons

pc.nfsd: the main complex login permission detection is required portmap: handles RPC application client and server side port correspondence required rpc.mountd: responsible for the file system of NFS. When the CLIENT terminal logs on to SERVER via rpc.nfsd, clinet's access to server files must be managed in series 1 lockd: handles lock requests through the RPC package statd: provides crash recovery for the nfs lock service rquotad: handles the quota when a user passes through nfsmount to a remote server Daemons start in order: rpc.portmap, rpc.mountd, rpc.nfsd, rpc.statd, rpc.lockd (the new version will automatically start with nfsd), rpc.rquotad

NF server-side command:

•yum install nfs-utils portmap
The & # 8226; chkconfig rpcbind on #chkconfig: updates and queries system services at various runlevels
•chkconfig nfs on
•service rpcbind start
•service nfs start

2. Server-side configuration file /etc/exports: specify the directory and permissions to be Shared by man exports

# That would allow ip Address range: 192.168.0.* Is accessed with read-write access /home/work  Directory. 

/home/work 192.168.0.* ( rw,sync,root_squash ) 

/home  192.168.1.105 (rw,sync)

/public  * (rw,sync)
 The configuration file is divided into two paragraphs per line: first 1 Segment for Shared directory, using absolute path, section 2 Segment is the client address and permissions. 

 Addresses can be used full IP Or a segment, for example 10.0.0.8 or 10.0.0.0/24 . 10.0.0.0/255.255.255.0 And of course you can have the address you can have the host name, DNS Parsed and local /etc/hosts Either parse, support wildcards, such as: *.chengyongxu.com
 Permissions are: 

rw : read-write , can read and write;      Note that only the read-write client is not able to write properly, and the permissions to the Shared directory should be set correctly, for reference 7

ro : read-only Read only; 

sync : files are written to hard disk and memory simultaneously; 

async : the file is temporarily stored in memory, rather than directly written to memory; 

no_root_squash : NFS If the client connects to the server using root Then, for the directory Shared by the server, it is also owned root Permissions. Obviously it's not safe to turn this on. 

root_squash : NFS If the client connects to the server using root Then, for the directory Shared by the server, it has anonymous user privileges that it will normally use nobody or nfsnobody Identity; 

all_squash : no matter NFS What users the client USES when connecting to the server, the directory Shared by the server has the rights of anonymous users; 

anonuid : for anonymous users UID The value, usually nobody or nfsnobody , which can be set by itself here; 

anongid : for anonymous users GID Value. 

NFS client user mapping: the client login user is root or other users, and then according to the server nfs server configuration, the corresponding client connection is mapped to nfs server user is root or designated user (set by anonuid or anongid), nfsnobody, etc. Finally, the permissions of the mapped user and the Shared directory together affect whether the client connection has read and write permissions.
Manually set the client side and server side user mapping, parameter: map_static=/etc/ nfs.map
/etc/ nfs.map file mapping contents are as follows:
# remote local
gid 500 1000
uid 500 2003

Reference: the description of the nfs customer connection user identity in the NFS study note does not verify the following description:

The & # 8226; Client connection, check for ordinary users, NO. 1 if clear set the identity of ordinary users are compressed, so the client user identity is converted to a specified user, NO. 2 if NFS server with users of the same name, so at this point the identity of the client login account into NFS server above the users of the same name, NO. 3 if not explicitly specified, also does not have the same user, then the user's identity is compressed into nfsnobody at this time
The & # 8226; NO. 1 if no_root_squash is set, then the root user's identity is compressed to root, NO. 2 if all_squash, anonuid, anongid above NFS server, root identity is compressed to the specified user. If no_root_squash and all_squash are specified at the same time, root will be compressed to nfsnobody. If anonuid and anongid are set, anongid will be compressed to the specified users and groups

3. Firewall Settings are modified

By default, when the CentOS6 server version is installed, only port 22 is released in the firewall iptables configuration.
Specify the nfs service-related port in the nfs configuration file /etc/sysconfig/nfs, and modify the firewall to release the corresponding port

#Port rpc.mountd should listen on.  

#MOUNTD_PORT=892  

  

#Port rpc.statd should listen on.  

#STATD_PORT=662  

  

#/usr/sbin/rpc.rquotad Port rquotad should listen on.  

#RQUOTAD_PORT=875  

  

#TCP port rpc.lockd should listen on.  

#LOCKD_TCPPORT=32803  

  

#UDP port rpc.lockd should listen on.  

#LOCKD_UDPPORT=32769   

Modify the iptables configuration file /etc/sysconfig/iptables, release 111 (portmap service port), 2049 (nfs service port)

4, /etc/ hosts.allow configuration modification
/etc/ hosts.allow, /etc/ hosts.deny describes which hosts are allowed to use local INET services.
By default it seems that no change is required, but it is best to set it to allow only the required client machine connections, and then all the other machine connections are deny
Service process name: host list: optional command action when rules match
server_name:hosts-list[:command]
Add rules to /etc/ hosts.allow that allow client access
ALL:127.0.0.1               # allows native access to all service processes on the machine
ALL:192.168.0.135         # allows the client machine 192.168.0.135 to access all service processes on the machine
smbd: 192.168.0.0/255.255.255.0       # IP access smbd service allows network segment
sshd: 192.168.100.0/255.255.255.0               # allows 192.168.100. sshd segment IP access server process
sshd:60.28.160.244                            
        # allows 60.28.160.244 access to the sshd process on this server
Attempts to log in at /etc/ hosts.deny can also be set to record and send to the user's mailbox
sshd:ALL       # prohibit all

5. Change the permission of the Shared directory to 760, and change all groups of the directory to nfsnobody
Reference: question 7

6. Client mount: execute the following instructions to mount /home Shared from the NFS server (IP address 192.168.1.45) to the local /mnt/nfs/home directory.
showmount-e nfs-serverip: view the resources Shared by the nfs server
mount -t nfs 192.168.1.45:/home /mnt/nfs/home

7. NFS performance test:

The & # 8226; Follow the command time dd if=/dev/zero of=/mnt/home bs=16k count=16384 to set a reasonable WSIZE,RSIZE value
The & # 8226; According to the number of nfs clients, set the appropriate number of nfs server-side processes RPCNFSDCOUNT in the /etc/sysconfig/nfs configuration file, with the default of 8

exportfs command: if we change /etc/exports after starting NFS, do we need to restart nfs? At this point we can use the exportfs command, which is formatted as follows:
exportfs [-aruv] -a: full mount or unmount /etc/exports contents -r: rescreen - mount /etc/exports -v: mount/umount -v: in export, output detailed information to the screen.
showmount command: displays mount information for the NFS server.
showmount-e [nfs-server] : displays the directory from export on the specified NFS SERVER. When you do not specify IP, you view the external Shared directory on the native NFS Server.
rpcinfo-p command: display RPC information  -p parameters: use the rpc protocol to detect rpcbind used on host host and display all registered RPC programs.
nfsstat command: check the running status of NFS. It is very helpful to adjust the running status of NFS

Problem solving in the process:

1. After installing portmap through es3990en or rpm, the following error is found in executing the command service portmap start: portmap: unrecognized service.
In CentOS6 (Linux Kernel 2.6.32), portmap has been replaced by rpcbind, and a closer look at the installation information will reveal that the command yum install portmap was installed as rpcbind. Once the installation is complete, you can also view the details using the command yum whatprovides portmap.

2, when the client is mounted, error mount clntudp_create: RPC: Port failure-RPC: Unable to receive.

The & # 8226; 1. View portmap service with normal startup and corresponding port by command rpcinfo-p (default 111)
The & # 8226; 2, check the /etc/sysconfig/iptables firewall Settings to allow access to port 111 of tcp, udp, and then service iptables restart
The & # 8226; 3. Check /etc/ hosts.deny, /etc/ hosts.allow to see if the client connection is blocked

3, when the client executes the command showmount-e nfs-server, error: mount clntudp_create: RPC: Program not registered.
nfs and rpcbind services are not started. chkconfig is used to add nfs and rpcbind to the system services and start service
Or in /etc/ hosts.allow add the rule ALL:192.168.0.135 that allows client access

4, when the client executes the command showmount-e nfs-server, error: rpc mount export: RPC: Unable to receive; errno = No route to host
Profile: /etc/sysconfig/nfs
After finding the nfs service-related port Settings and removing the comments, specify in the iptables firewall Settings that Udp, tcp allows the corresponding port to flow through.
#MOUNTD_PORT=892
#STATD_PORT=662
#LOCKD_TCPPORT=32803
#LOCKD_UDPPORT=32769
iptables -A INPUT -p TCP --dport 662 -m state --state NEW -j ACCEPT
iptables -A INPUT -p UDP --dport 661 -m state --state NEW -j ACCEPT

5, showmount-e nfs-server mount: mount NFS server '192.168.1.5' failed: System to host. This is due to the fact that the default port of nfs service 2049 is blocked by the firewall

6, showmount-e nfs-server successful, official mounting error: mount: mount to NFS server '192.168.1.5' failed: timed out (retrying).
When editing /etc/sysconfig/iptables, the tcp port of the relevant port is allowed, while udp is not. Other possible causes refer to mount command fails with NFS server failed error.
Disable name lookup requests from NFS server to a DNS server.  
or   NFS version used by the NFS client is other than version 3.

7, the directory permission property in the exports configuration file is set to rw(default is root_squash), but the touch command is executed in the mount directory on the client: touch: cannot touch 'a': Permission denied. Solution:

The & # 8226; Server-side Shared directory permissions view ll-d /home
The & # 8226; Modify the server-side Shared directory permissions chown 760 /home(file owner root has full permissions, file group users have read and write permissions, other users have no permissions, and then set the directory group to nfsnobody)
The & # 8226; Modify the server-side Shared directory permission group owner to be nfsnobody(cat /etc/passwd | grep nob)
•chgrp nfsnobody /home
The & # 8226; Successfully create a new file on the client!