第 71 章 File Share

第 71 章 File Share
上一頁	部分 VI. Backup, Recovery, and Archiving Solutions	下一頁

71.1. NFSv4

71.1.1. Ubuntu

71.1.1.1. NFSv4 server

sudo apt-get install nfs-kernel-server

Configuration

vim /etc/exports
/www	 *(ro,sync,no_root_squash)
/home    *(rw,sync,no_root_squash)
/export       192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)

To start the NFS server

sudo /etc/init.d/nfs-kernel-server start

71.1.1.2. NFSv4 client

sudo apt-get install nfs-common

NFSv3

sudo mount example.hostname.com:/www /www

NFSv4

# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/ /mnt
# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/users /home/users

NFS Client Configuration

vim /etc/fstab
example.hostname.com:/ubuntu /local/ubuntu nfs rsize=8192,wsize=8192,timeo=14,intr

71.1.2. CentOS

71.1.2.1. NFS Server Configuration

yum install -y nfs-utils

過程 71.1. On the *SERVER* side

stop & disable services

service nfs stop
service nfslock stop
service rpcbind stop
service rpcidmapd stop

/etc/fstab

as root edit /etc/fstab and add nfs4 exports

/www  /exports    none    bind    0 0

as root edit /etc/exports

NFSv3

/exports 		172.16.1.0/24 (rw,sync)

NFSv4

/exports 		172.16.1.0/24(rw,sync,fsid=0,anonuid=99,anongid=99)
/exports/neo	*(rs,sync)

reload exported filesystems
```
# exportfs -rv
				
```

start required services

chkconfig rpcbind on
chkconfig nfs on
chkconfig nfslock on
chkconfig rpcidmapd on

service rpcbind start
service rpcidmapd start
service nfs start
service nfslock start

nfs status

#  nfsstat
Server rpc stats:
calls      badcalls   badauth    badclnt    xdrcall
171        0          0          0          0

Server nfs v3:
null         getattr      setattr      lookup       access       readlink
3         1% 150      88% 0         0% 3         1% 2         1% 0         0%
read         write        create       mkdir        symlink      mknod
0         0% 0         0% 0         0% 0         0% 0         0% 0         0%
remove       rmdir        rename       link         readdir      readdirplus
0         0% 0         0% 0         0% 0         0% 0         0% 9         5%
fsstat       fsinfo       pathconf     commit
0         0% 3         1% 0         0% 0         0%

# watch nfsstat -c

Every 2.0s: nfsstat -c                                                                                                                          Mon Sep 20 16:53:55 2010

Client rpc stats:
calls      retrans    authrefrsh
286818929   1160       0

Client nfs v4:
null         read         write        commit       open         open_conf
0         0% 37286763 13% 6         0% 1         0% 38990106 13% 17986485  6%
open_noat    open_dgrd    close        setattr      fsinfo       renew
6         0% 0         0% 38774539 13% 2172019   0% 16        0% 147       0%
setclntid    confirm      lock         lockt        locku        access
321       0% 321       0% 0         0% 0         0% 0         0% 62157123 21%
getattr      lookup       lookup_root  remove       rename       link
80553542 28% 8828991   3% 8         0% 5         0% 5         0% 0         0%
symlink      create       pathconf     statfs       readlink     readdir
0         0% 1         0% 0         0% 5         0% 0         0% 13933     0%
server_caps  delegreturn
24        0% 54556     0%

security

# vi /etc/hosts.deny
rpcbind:ALL

# vi /etc/hosts.allow
rpcbind:172.16.1.0/255.255.254.0

NFS的隊列大小下面將設置為較合理的值256K

# echo 262144 > /proc/sys/net/core/rmem_default
# echo 262144 > /proc/sys/net/core/rmem_max
# echo 262144 > /proc/sys/net/core/wmmen_default
# echo 262144 > /proc/sys/net/core/wmmen_max

過程 71.2. NFSv4

/etc/exports
```
# cat /etc/exports
/www		172.16.1.2/32(ro,sync,fsid=0,anonuid=99,anongid=99)
/www/logs	*(rw,sync)
				
```
注意，要通過NFS4共享一個目錄,必須使用 fsid=0 的參數,使用fsid=0選項的時候只能共享一個目錄，這個目錄將成為NFS伺服器的根目錄。

啟動NFS,v4 不需要rpcbind

service rpcbind stop
service rpcidmapd stop
service nfs restart
service nfslock stop

查看 export 設置

# exportfs
/www          	172.16.1.2/32
/www/logs     	172.16.1.0/24

mount NFSv4

mount -t nfs4 172.16.1.15:/logs /mnt

71.1.2.1.1. NFS 防火牆配置

查看NFS正在使用的連接埠

rpcinfo -p localhost

vi /etc/sysconfig/nfs

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

service nfs restart

iptables -I INPUT -m state --state NEW -p tcp \
    -m multiport --dport 111,892,2049,32803 -s 192.168.0.0/24 -j ACCEPT
 
iptables -I INPUT -m state --state NEW -p udp \
    -m multiport --dport 111,892,2049,32769 -s 192.168.0.0/24 -j ACCEPT

71.1.2.2. NFS Client Configuration

CentOS 6 NFSv3 portmap 已經不存,已經被rpcbind替代

chkconfig rpcbind on
service rpcbind start

test nfs

mount 172.16.1.10:/exports /mnt

NFSv4

mount -t nfs4 -o ro,intr 172.16.1.10:/ /mnt

umount /mnt

過程 71.3. On the *CLIENT* side

Mounting NFS File Systems using /etc/fstab

The general syntax for the line in /etc/fstab is as follows:

server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr

NFSv4

server:/ /mount/point nfs4 rw,hard,intr,proto=tcp,port=2049,auto 0 0

mount all stuff from /etc/fstab
```
# mount -a
				
```

rpcinfo

rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    707  status
    100024    1   tcp    710  status
    100021    1   udp  48233  nlockmgr
    100021    3   udp  48233  nlockmgr
    100021    4   udp  48233  nlockmgr
    100021    1   tcp  58065  nlockmgr
    100021    3   tcp  58065  nlockmgr
    100021    4   tcp  58065  nlockmgr

start required services

centos 5.x

chkconfig portmap on
service portmap start

centos 6

chkconfig rpcbind on
service rpcbind start

71.1.2.2.1. Using NFS over UDP

For example, on demand via the command line (client side):

mount -o udp shadowman.example.com:/misc/export /misc/local

When the NFS mount is specified in /etc/fstab (client side):

server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr,udp

71.1.3. exports

71.1.3.1. Permission

/etc/exports為：

/tmp　　　　　*(rw,no_root_squash)

/home/public　192.168.0.*(rw)　　 *(ro)

/home/test　　192.168.0.100(rw)

/home/linux　 *.example.com(rw,all_squash,anonuid=40,anongid=40)

71.1.3.2. Parameters

General Options

ro                      只讀訪問
rw                      讀寫訪問
rsize					同時傳輸(讀 )的數據塊大小
wsize					同時傳輸(寫)的數據塊大小

sync                    所有數據在請求時寫入共享
async                   NFS在寫入數據前可以相應請求

secure                  NFS通過1024以下的安全TCP/IP連接埠發送
insecure                NFS通過1024以上的連接埠發送
wdelay                  如果多個用戶要寫入NFS目錄，則歸組寫入（預設）
no_wdelay               如果多個用戶要寫入NFS目錄，則立即寫入，當使用async時，無需此設置。
hide                    在NFS共享目錄中不共享其子目錄
no_hide                 共享NFS目錄的子目錄
subtree_check           如果共享/usr/bin之類的子目錄時，強制NFS檢查父目錄的權限（預設）
no_subtree_check        和上面相對，不檢查父目錄權限

User ID Mapping

all_squash              共享檔案的UID和GID映射匿名用戶anonymous，適合公用目錄。
no_all_squash           保留共享檔案的UID和GID（預設）
root_squash             root用戶的所有請求映射成如anonymous用戶一樣的權限（預設）
no_root_squas           root用戶具有根目錄的完全管理訪問權限
anonuid=xxx             指定NFS伺服器/etc/passwd檔案中匿名用戶的UID
anongid=xxx             指定NFS伺服器/etc/passwd檔案中匿名用戶的GID

71.1.3.3. 實例參考

只讀掛載

172.16.2.5:/   /www/images   nfs4       ro,rsize=8192,wsize=8192,timeo=15,intr,noac

71.1.4. NFS For Windows

安裝NFS服務，進入“控製麵板”，點擊“打開或關閉Windows功能”，再勾選“NFS 服務”，最後確定

啟動NFS服務，控製麵板\管理工具\Network File System 服務(NFS)

或者通過命令啟動NFS服務

nfsadmin client [ComputerName] start

指定掛在用戶ID，開始“運行”輸入“regedit”回車，然後找到 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default，右鍵“新建”選擇“DWORD(32為)值” 添加 AnonymousUid，AnonymousGid，然後雙擊 AnonymousUid，AnonymousGid編輯，選擇十進制並輸入用戶ID。

重新啟動NFS 服務，不需要重新啟動計算機。

掛載檔案系統

		
C:\Users\neo>mount \\192.168.2.15\www x:\

卸載檔案系統

		
C:\Users\neo>umount x:

正在斷開                x:      \\192.168.2.15\www
連接上存在打開的檔案和/或未完成的目錄搜索。

要繼續此操作嗎? (Y/N) [N]:Y

命令已成功完成。

	提示
	很不幸Microsoft Windows 目前尚不支持UTF-8字符集。

71.1.5. exportfs - maintain table of exported NFS file systems

# exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/www
# exportfs
/www          	172.16.0.0/24

# cat /var/lib/nfs/etab
/www	172.16.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=500,anongid=500)

reload /etc/exports

/usr/sbin/exportfs -r

To unexport the /usr/tmp directory:

# exportfs -u netkiller.github.com:/usr/tmp

To unexport all exports listed in /etc/exports:

# exportfs -au

#!/bin/bash
RETVAL=0

start()
{
	/usr/sbin/exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/backup
	mount /dev/sdb1 /backup
	RETVAL=$?
	echo
}

stop()
{
	exportfs -u 172.16.0.0/24:/backup
	umount /backup
	RETVAL=$?
}

71.1.6. macOS

71.1.6.1. 配置 exports

			
sudo vi /etc/exports
/Users/neo/Documents -alldirs -rw -maproot=neo:staff -network 192.168.3.0 -mask 255.255.255.0
/Users/neo/Downloads -alldirs -rw -maproot=root:wheel -network 192.168.3.0 -mask 255.255.255.0

啟動 NFS 服務

			
iMac:~ neo$ sudo nfsd start
The nfsd service is already running.	

iMac:~ neo$ sudo nfsd status
nfsd service is enabled
nfsd is running (pid 11344, 8 threads)

查看共享目錄

			
iMac:~ neo$ showmount -e
Exports list on localhost:
/Users/neo/Documents                192.168.0.0

71.1.6.2. 查看共享狀態

			
showmount -e 
showmount -e 192.168.0.1

71.1.6.3. 掛載共享目錄

			
sudo mkdir /mnt/share
sudo mount -t nfs4 -o nolock 192.168.0.1:/Users/neo/Documents /mnt/share

操作演示

			
iMac:~ neo$ mkdir -p tmp

iMac:~ neo$ sudo mount -t nfs 192.168.3.85:/Users/neo/Documents/ tmp

iMac:~ neo$ mount -t nfs
192.168.3.85:/Users/neo/Documents on /Users/neo/tmp (nfs)

iMac:~ neo$ sudo umount /Users/neo/tmp

71.1.6.4. 服務管理

			
sudo nfsd enable
sudo nfsd disable
sudo nfsd start
sudo nfsd stop
sudo nfsd restart
sudo nfsd status
sudo nfsd update

系統啟動後自動啟動NFS

			
sudo nfsd enable

修改 /etc/exports 後使用 update 更新

			
iMac:~ neo$ sudo nfsd update

iMac:~ neo$ showmount -e
Exports list on localhost:
/Users/neo/Downloads                192.168.3.0
/Users/neo/Documents                192.168.3.0

上一頁	上一級	下一頁
70.6. synctool	起始頁	71.2. Samba