centos 7下安装配置nfs

0、说明

因为工作中稍微会用到点NFS，大概又复习了下，这里记录下文档。

目前还有个问题没有解决，现在只是临时处理下，等以后想到解决方法再做补充：

为了保证NFS服务器的安全，开启了firewalld防火墙，对入站的源IP及端口做了访问限制。但是NFS的status和nlockmgr服务使用的是随机端口，网上找了许多固定端口的文档都测试不成功，所以这里只是先放行了随机的端口。重启服务后端口会发生改变就会对NFS正常工作有一定影响。

1、NFS服务端配置

服务端IP：192.168.43.213
客户端IP：192.168.43.195

#1.0、首先关闭SELinux
[root@imzcy ~]# setenforce 0
[root@imzcy ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#1.1、安装nfs-utils
[root@imzcy ~]# yum -y install nfs-utils

#1.2、启动nfs服务并将其加入到开机自启动
[root@imzcy ~]# systemctl start nfs-server
[root@imzcy ~]# systemctl enable nfs-server

#1.3、创建共享的目录，并将其属主和属组改为nobody
[root@imzcy ~]# mkdir /mydata
[root@imzcy ~]# chown nobody:nobody /mydata/

#1.4、编辑nfs配置文件，共享/mydata目录，允许源192.168.43.195访问并具有读写权限，将所有用户创建的文件都指定为id为99的用户及组（nobody）
[root@imzcy ~]# cat /etc/exports
/mydata 192.168.43.195(rw,all_squash,anonuid=99,anongid=99)

#1.5、重新读取exports配置文件
[root@imzcy ~]# exportfs -r

#1.6、确认nfs导出
[root@imzcy ~]# exportfs 
/mydata         192.168.43.195

#1.0、首先关闭SELinux

[root@imzcy ~]# setenforce 0

[root@imzcy ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#1.1、安装nfs-utils

[root@imzcy ~]# yum -y install nfs-utils

#1.2、启动nfs服务并将其加入到开机自启动

[root@imzcy ~]# systemctl start nfs-server

[root@imzcy ~]# systemctl enable nfs-server

#1.3、创建共享的目录，并将其属主和属组改为nobody

[root@imzcy ~]# mkdir /mydata

[root@imzcy ~]# chown nobody:nobody /mydata/

#1.4、编辑nfs配置文件，共享/mydata目录，允许源192.168.43.195访问并具有读写权限，将所有用户创建的文件都指定为id为99的用户及组（nobody）

[root@imzcy ~]# cat /etc/exports

/mydata 192.168.43.195(rw,all_squash,anonuid=99,anongid=99)

#1.5、重新读取exports配置文件

[root@imzcy ~]# exportfs -r

#1.6、确认nfs导出

[root@imzcy ~]# exportfs

/mydata 192.168.43.195

firewalld防火墙配置

#2.1、使用rpcinfo命令查看当前使用了哪些端口
[root@imzcy ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  45733  status
    100024    1   tcp  43662  status
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    3   udp   2049  nfs_acl
    100021    1   udp  33194  nlockmgr
    100021    3   udp  33194  nlockmgr
    100021    4   udp  33194  nlockmgr
    100021    1   tcp  43190  nlockmgr
    100021    3   tcp  43190  nlockmgr
    100021    4   tcp  43190  nlockmgr
[root@imzcy ~]# 

#2.2、firewalld防火墙开启以上端口
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="tcp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="udp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="tcp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="udp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="tcp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="udp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43662" protocol="tcp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="45733" protocol="udp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43190" protocol="tcp" accept"
[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="33194" protocol="udp" accept"

#2.3、载入配置
[root@imzcy ~]# firewall-cmd --reload

#2.4、查看配置
[root@imzcy ~]# firewall-cmd --list-all

#2.1、使用rpcinfo命令查看当前使用了哪些端口

[root@imzcy ~]# rpcinfo -p

program vers proto port service

100000 4 tcp 111 portmapper

100000 3 tcp 111 portmapper

100000 2 tcp 111 portmapper

100000 4 udp 111 portmapper

100000 3 udp 111 portmapper

100000 2 udp 111 portmapper

100024 1 udp 45733 status

100024 1 tcp 43662 status

100005 1 udp 20048 mountd

100005 1 tcp 20048 mountd

100005 2 udp 20048 mountd

100005 2 tcp 20048 mountd

100005 3 udp 20048 mountd

100005 3 tcp 20048 mountd

100003 3 tcp 2049 nfs

100003 4 tcp 2049 nfs

100227 3 tcp 2049 nfs_acl

100003 3 udp 2049 nfs

100003 4 udp 2049 nfs

100227 3 udp 2049 nfs_acl

100021 1 udp 33194 nlockmgr

100021 3 udp 33194 nlockmgr

100021 4 udp 33194 nlockmgr

100021 1 tcp 43190 nlockmgr

100021 3 tcp 43190 nlockmgr

100021 4 tcp 43190 nlockmgr

[root@imzcy ~]#

#2.2、firewalld防火墙开启以上端口

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="tcp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="udp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="tcp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="udp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="tcp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="udp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43662" protocol="tcp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="45733" protocol="udp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43190" protocol="tcp" accept"

[root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="33194" protocol="udp" accept"

#2.3、载入配置

[root@imzcy ~]# firewall-cmd --reload

#2.4、查看配置

[root@imzcy ~]# firewall-cmd --list-all

3、客户端配置

#3.1、关闭SELinux
[root@gitlab ~]# setenforce 0
[root@gitlab ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#3.2、安装nfs-utils
[root@gitlab ~]# yum -y install nfs-utils

#3.3、使用showmount命令查看
[root@gitlab ~]# showmount -e 192.168.43.213
Export list for 192.168.43.213:
/mydata 192.168.43.195
[root@gitlab ~]#

#3.4、创建本地挂载目录，并挂载nfs共享
[root@gitlab ~]# mkdir /mnt/mydata
[root@gitlab ~]# tail -n 1 /etc/fstab 
192.168.0.103:/mydata /mnt/mydata nfs defaults 0 0
[root@gitlab ~]# mount -a
[root@gitlab ~]# df -hT |grep mydata
192.168.43.213:/mydata   nfs4       17G  5.6G   12G   33% /mnt/mydata

#3.5、创建测试文件，查看其权限
[root@gitlab ~]# cd /mnt/mydata/
[root@gitlab mydata]# echo 111 >aa.txt
[root@gitlab mydata]# ll
总用量 4
-rw-r--r-- 1 nobody nobody 4 7月   2 2018 aa.txt
[root@gitlab mydata]#

#3.1、关闭SELinux

[root@gitlab ~]# setenforce 0

[root@gitlab ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#3.2、安装nfs-utils

[root@gitlab ~]# yum -y install nfs-utils

#3.3、使用showmount命令查看

[root@gitlab ~]# showmount -e 192.168.43.213

Export list for 192.168.43.213:

/mydata 192.168.43.195

[root@gitlab ~]#

#3.4、创建本地挂载目录，并挂载nfs共享

[root@gitlab ~]# mkdir /mnt/mydata

[root@gitlab ~]# tail -n 1 /etc/fstab

192.168.0.103:/mydata /mnt/mydata nfs defaults 0 0

[root@gitlab ~]# mount -a

[root@gitlab ~]# df -hT |grep mydata

192.168.43.213:/mydata nfs4 17G 5.6G 12G 33% /mnt/mydata

#3.5、创建测试文件，查看其权限

[root@gitlab ~]# cd /mnt/mydata/

[root@gitlab mydata]# echo 111 >aa.txt

[root@gitlab mydata]# ll

总用量 4

-rw-r--r-- 1 nobody nobody 4 7月 2 2018 aa.txt

[root@gitlab mydata]#

如果使用showmount查看nfs服务器共享目录以下错误，一般是防火墙屏蔽了（检查下防火墙是否放行nfs端口）

[root@gitlab ~]# showmount -e 192.168.43.213
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

1 2	[root@gitlab ~]# showmount -e 192.168.43.213 clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

本作品采用知识共享署名 4.0 国际许可协议进行许可