Bài giảng Quản trị Linux Network File System: Chia sẻ từ Đặng Thanh Bình

Đặng Thanh Bình

Network File System

• How It Works • NFS Client Configuration • autofs • Common NFS Mount Options • Starting and Stopping NFS • NFS Server Configuration • Securing NFS • NFS and portmap • Using NFS over TCP

Introduction

• A Network File System (NFS) allows remote hosts file systems over a network and to mount interact with those file systems as though they are mounted locally.

• This enables system administrators to consolidate resources onto centralized servers on the network.

• This

chapter

focuses on fundamental NFS

concepts and supplemental information

HOW IT WORKS

How It Works

– NFS version 2 (NFSv2)

is older and is widely

supported.

– NFS version 3 (NFSv3) has more features, including 64bit file handles, Safe Async writes and more robust error handling.

– NFS version 4 (NFSv4) works through firewalls and on the Internet, no longer requires portmapper, supports ACLs, and utilizes stateful operations

• Three versions of NFS:

How It Works

• All versions of NFS can use Transmission Control Protocol (TCP) running over an IP network, with NFSv4 requiring it.

• NFSv2 and NFSv3 can use the User Datagram Protocol (UDP) running over an IP network to provide a stateless network.

• NFSv4 has no interaction with portmapper, rpc.mountd, rpc.lockd, and rpc.statd, since protocol support has been incorporated into the v4 protocol.

How It Works

• TCP is the default transport protocol for NFS

under Red Hat Enterprise Linux.

• UDP can be used for compatibility purposes as needed, but is not recommended for wide usage. • All the RPC/NFS daemon have a '-p' command line option that can set the port, making firewall configuration easier.

Working Procedure

• Firstly, the client is granted access by TCP

wrappers • Secondly,

server refers

its to the NFS configuration file, /etc/exports, to determine whether the client is allowed to access any of the exported file systems.

• Once access is granted, all file and directory

operations are available to the user.

Notes

• In order

for NFS to work with a default installation of Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 2049 must be configured.

• The NFS initialization script and rpc.nfsd process now allow binding to any specified port during system start up.

Required Services

• nfs: NFS server • nfslock: a mandatory service that starts the appropriate RPC processes to allow NFS clients to lock files on the server

• portmap: accepts port reservations from local

RPC services

Required Services

• The following RPC processes facilitate NFS

services – rpc.mountd – rpc.nfsd – rpc.lockd – rpc.statd – rpc.rquotad – rpc.idmapd

NFS CLIENT CONFIGURATION

Mounting on the Client Side

• NFS shares are mounted on the client side using

the mount command -t

-o

mount :

– : nfs for NFSv2 or NFSv3, nfs4 for NFSv4. – : a comma separated list of options for NFS – : remote host – : remote directory being mounted – : local directory where the remote

file system is to be mounted

Mounting on the Client Side

• Mounting remote file systems automatically at

boot time – Edit the /etc/fstab file – Use autofs service

Using /etc/fstab

• The general syntax for the line in /etc/fstab is as

follows:

server:/usr/local/pub /pub nfs rsize=8192,wsize=8192,timeo=14,intr – The mount point /pub must exist on the client

machine before this command can be executed.

– After adding this line to /etc/fstab on the client system, type the command mount /pub at a shell prompt

– The mount point /pub is mounted from the server

Using /etc/fstab

• The /etc/fstab file is referenced by the netfs

service at boot time

• Lines referencing NFS shares have the same effect as manually typing the mount command during the boot process.

• A sample /etc/fstab line to mount an NFS export : 0 0

AUTOFS

autofs

• Kernel-based automount utility • Components of an automounter:

– A kernel module that implements a file system – A user-space daemon performing all other functions • autofs uses /etc/auto.master (master map) as its

default primary configuration file

• This can be changed to use another supported source and name using the autofs in

/etc/sysconfig/autofs)

(in

network configuration conjunction with Name Service Switch mechanism

autofs Configuration

• Configuration file: /etc/auto.master • Lists autofs-controlled mount points on the system, corresponding configuration files or

and their network sources known as automount maps.

• The format of the master map is as follows:

– mount-point is the autofs mount point e.g /home. – map-name is the name of a map source which contains a list of mount points, and the file system location from which those mount points should be mounted

autofs Configuration

• Map file structure:

[]

• Samples:

autofs

• Run autofs

• View the status of the automount daemon

COMMON NFS MOUNT OPTIONS

Mount Options

• fsid=num – Forces the file handle and file

attributes settings on the wire to be num

• hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft)

• noacl — Turns off all ACL processing • nolock — Disables file locking

Mount Options

• nosuid — Disables set-user-identifier or set-

group-identifier bits

• noexec — Prevents execution of binaries on

mounted file systems

• tcp — Specifies for the NFS mount to use the

TCP protocol.

• udp — Specifies for the NFS mount to use the

UDP protocol

Mount Options

• Using soft mounts is not recommended as they in very congested

can generate I/O errors networks or when using a very busy server.

STARTING AND STOPPING NFS

Starting and Stopping NFS

• To run an NFS server, the portmap service must

be running.

• To verify that portmap is active, type

Starting and Stopping NFS

• /sbin/service nfs start • /sbin/service nfs stop • /sbin/service nfs restart • Only restart nfs if it is currently running – /sbin/service nfs condrestart

• Reload the NFS server configuration file without

restarting the service – /sbin/service nfs reload