0、说明
因为工作中稍微会用到点NFS,大概又复习了下,这里记录下文档。
目前还有个问题没有解决,现在只是临时处理下,等以后想到解决方法再做补充:
为了保证NFS服务器的安全,开启了firewalld防火墙,对入站的源IP及端口做了访问限制。但是NFS的status和nlockmgr服务使用的是随机端口,网上找了许多固定端口的文档都测试不成功,所以这里只是先放行了随机的端口。重启服务后端口会发生改变就会对NFS正常工作有一定影响。
1、NFS服务端配置
服务端IP:192.168.43.213
客户端IP:192.168.43.195
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
#1.0、首先关闭SELinux [root@imzcy ~]# setenforce 0 [root@imzcy ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #1.1、安装nfs-utils [root@imzcy ~]# yum -y install nfs-utils #1.2、启动nfs服务并将其加入到开机自启动 [root@imzcy ~]# systemctl start nfs-server [root@imzcy ~]# systemctl enable nfs-server #1.3、创建共享的目录,并将其属主和属组改为nobody [root@imzcy ~]# mkdir /mydata [root@imzcy ~]# chown nobody:nobody /mydata/ #1.4、编辑nfs配置文件,共享/mydata目录,允许源192.168.43.195访问并具有读写权限,将所有用户创建的文件都指定为id为99的用户及组(nobody) [root@imzcy ~]# cat /etc/exports /mydata 192.168.43.195(rw,all_squash,anonuid=99,anongid=99) #1.5、重新读取exports配置文件 [root@imzcy ~]# exportfs -r #1.6、确认nfs导出 [root@imzcy ~]# exportfs /mydata 192.168.43.195 |
firewalld防火墙配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
#2.1、使用rpcinfo命令查看当前使用了哪些端口 [root@imzcy ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 45733 status 100024 1 tcp 43662 status 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 33194 nlockmgr 100021 3 udp 33194 nlockmgr 100021 4 udp 33194 nlockmgr 100021 1 tcp 43190 nlockmgr 100021 3 tcp 43190 nlockmgr 100021 4 tcp 43190 nlockmgr [root@imzcy ~]# #2.2、firewalld防火墙开启以上端口 [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="tcp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="111" protocol="udp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="tcp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="20048" protocol="udp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="tcp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="2049" protocol="udp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43662" protocol="tcp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="45733" protocol="udp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="43190" protocol="tcp" accept" [root@imzcy ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.43.195" port port="33194" protocol="udp" accept" #2.3、载入配置 [root@imzcy ~]# firewall-cmd --reload #2.4、查看配置 [root@imzcy ~]# firewall-cmd --list-all |
3、客户端配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
#3.1、关闭SELinux [root@gitlab ~]# setenforce 0 [root@gitlab ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #3.2、安装nfs-utils [root@gitlab ~]# yum -y install nfs-utils #3.3、使用showmount命令查看 [root@gitlab ~]# showmount -e 192.168.43.213 Export list for 192.168.43.213: /mydata 192.168.43.195 [root@gitlab ~]# #3.4、创建本地挂载目录,并挂载nfs共享 [root@gitlab ~]# mkdir /mnt/mydata [root@gitlab ~]# tail -n 1 /etc/fstab 192.168.0.103:/mydata /mnt/mydata nfs defaults 0 0 [root@gitlab ~]# mount -a [root@gitlab ~]# df -hT |grep mydata 192.168.43.213:/mydata nfs4 17G 5.6G 12G 33% /mnt/mydata #3.5、创建测试文件,查看其权限 [root@gitlab ~]# cd /mnt/mydata/ [root@gitlab mydata]# echo 111 >aa.txt [root@gitlab mydata]# ll 总用量 4 -rw-r--r-- 1 nobody nobody 4 7月 2 2018 aa.txt [root@gitlab mydata]# |
如果使用showmount查看nfs服务器共享目录以下错误,一般是防火墙屏蔽了(检查下防火墙是否放行nfs端口)
1 2 |
[root@gitlab ~]# showmount -e 192.168.43.213 clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host) |