A brief analysis of the principles of NFS servers and the steps for building, configuring and deploying them

Introduction to NFS Service

What is NFS?

• NFS is the abbreviation of Network File System. Its biggest function is to allow different machines and different operating systems to share each other's files through the network.
• NFS server allows PC to mount the directory shared by NFS server in the network to the local file system. From the local system's point of view, the directory of the remote host is just like one of its own disk partitions, which is very convenient to use.
• NFS is generally used to store static data such as shared videos and pictures.

NFS Mounting Principles

Server mounting structure diagram

As shown above:

After we set up a shared directory /home/public on the NFS server,

Other NFS clients that have access to the NFS server can mount this directory to a mount point in their own file system.

This mount point can be defined by yourself

As shown in the figure above, the directories mounted by client A and client B are different.

And after mounting, we can see all the data of the server /home/public locally.

• If the server configures the client to read-only, then the client can only read-only.
• If read and write are configured, the client will be able to read and write.

After mounting, the NFS client checks the disk information using the command: #df –h.

Since NFS transfers data between the server and the client through the network, there must be corresponding network ports for data transmission between the two.

Which port does the NFS server use for data transmission?

Basically, the port of the NFS server is opened at 2049, but the file system is very complicated.

Therefore, NFS has other programs to start additional ports. These additional ports used to transmit data are randomly selected and are ports less than 1024.

Since it is random, how does the client know which port the NFS server is using?

At this time, it is necessary to implement it through the Remote Procedure Call (RPC) protocol!

Communication Principles between RPC and NFS

​ Because NFS supports quite a lot of functions, and different functions will use different programs to start, each time a function is started, some ports will be enabled to transmit data. Therefore, the ports corresponding to the NFS functions are not fixed. The client must know the relevant ports on the NFS server to establish a connection for data transmission. RPC is a service used to uniformly manage NFS ports, and the unified external port is 111. RPC will record the information of the NFS port, so that we can use RPC to communicate port information between the server and the client. The main function of PRC is to specify the port number corresponding to each NFS function and notify the client that the client can connect to the normal port.

So how does RPC know the port for each NFS function?

First, when NFS is started, it will randomly use some ports, then NFS will register these ports with RPC, RPC will record these ports, and RPC will open port 111 and wait for the client RPC request. If the client has a request, the server-side RPC will inform the client of the previously recorded NFS port information. In this way, the client will obtain the port information of the NFS server and transmit data using the actual port.

Notice:

Before starting the NFS server, you must first start the RPC service (that is, the portmap service, the same below)

Otherwise, the NFS SERVER will not be able to register with the RPC service area.

In addition, if the RPC service is restarted, all the registered NFS port data will be lost.

Therefore, the NFS program managed by the RPC service must also be restarted to re-register with RPC.

Special attention:

Generally, after modifying the NFS configuration document, you do not need to restart NFS. You can directly execute the command systemctl reload nfs or exportfs –rv to make the modified /etc/exports take effect.

Communication process between NFS client and NFS server

• First, start the RPC service on the server and open port 111
• The server starts the NFS service and registers the port information with RPC
• The client starts the RPC (portmap service) and requests the server's NFS port from the server's RPC (portmap) service.
• The server's RPC (portmap) service feeds back the NFS port information to the client.
• The client establishes an NFS connection with the server through the obtained NFS port and transmits data.

NFS server deployment under Linux

Software and main configuration files required for NFS service

To install the NFS service, you need to install two software:

RPC main program: rpcbind

NFS can actually be regarded as an RPC service, because before starting any RPC service, we need to do the port mapping work, and this work is actually the responsibility of the "rpcbind" service!

That is to say, before starting any RPC service, we need to start rpcbind! (Before CentOS 5.x, this software was called portmap, and after CentOS 6.x it was called rpcbind!).

NFS main program: nfs-utils

It is the software that provides the two NFS daemons rpc.nfsd and rpc.mountd and other related documents and instructions, executable files, etc.! This is the main software required for NFS service.

NFS related files

• Main configuration file: /etc/exports
  This is the main configuration file for NFS. This file is blank and may not exist on some systems. It is mainly created manually. NFS configuration generally only needs to be configured in this file.
• NFS file system maintenance command: /usr/sbin/exportfs
  This is a command for maintaining NFS shared resources. You can use this command to re-share directory resources changed in /etc/exports, or to unmount or re-share directories shared by the NFS Server.
• Login file for shared resources: /var/lib/nfs/*tab
  The login files of the NFS server are placed in the /var/lib/nfs/ directory. There are two important login files in this directory. One is etab, which mainly records the complete permission settings of the directory shared by NFS; the other xtab records the relevant client data that has been connected to this NFS server.
• The client query server shared resource command: /usr/sbin/showmount
  This is another important NFS directive. exportfs is used on the NFS server side, while showmount is mainly used on the client side. showmount can be used to view the directory resources shared by NFS.

Steps to install NFS service on the server

Step 1: Install NFS and rpc

[root@localhost ~]# yum install -y nfs-utils   
#Install nfs service [root@localhost ~]# yum install -y rpcbind
#Install rpc service

Step 2: Start the service and set it to start

Note: Start the rpc service first, then start the nfs service.

[root@localhost ~]# systemctl start rpcbind #Start the rpc service first[root@localhost ~]# systemctl enable rpcbind #Set up boot[root@localhost ~]# systemctl start nfs-server nfs-secure-server      
#Start nfs service and nfs secure transmission service [root@localhost ~]# systemctl enable nfs-server nfs-secure-server
[root@localhost /]# firewall-cmd --permanent --add-service=nfs
success #Configure the firewall to release the nfs service [root@localhost /]# firewall-cmd --reload 
success

Step 3: Configure the shared file directory and edit the configuration file

First create a shared directory, then edit the configuration in the /etc/exports configuration file.

[root@localhost /]# mkdir /public
#Create a public shared directory [root@localhost /]# vi /etc/exports
	/public 192.168.245.0/24(ro)
	/protected 192.168.245.0/24 (rw)
[root@localhost /]# systemctl reload nfs 
#Reload the NFS service to make the configuration file take effect

Configuration file description:

• Format: The path of the shared directory that the NFS client is allowed to access (share permission parameters)
  As shown above, the shared directory is /public , the clients allowed to access it are 192.168.245.0/24 network users, and the permission is read-only.
  Note that there is no space between the NFS client address and the permissions.
  NFS export protection requires kerberos encryption ( none , sys , krb5 , krb5i , krb5p ), format sec=XXX
• none : Access as anonymous. To allow write operations, map to the nfsnobody user and turn on the Boolean switch.
  setsebool nfsd_anon_write 1
• sys : File access is based on standard file access. If not specified, the default is sys, trusting any username sent
• krb5 : The client must provide an identifier, and the client representation must also be krb5, based on domain environment authentication
• krb5i : Performs encryption operations based on krb5, encrypts the user's password, but the transmitted data is not encrypted
• krb5p : All data is encrypted

Parameters used to configure the NFS service program configuration file:

NFS client mount configuration

Step 1: Use the showmount command to view the nfs server sharing information

The output format is "Shared directory name allows the use of client addresses"

[root@localhost ~]# showmount -e 192.168.245.128      
Export list for 192.168.245.128:
/protected 192.168.245.0/24
/public 192.168.245.0/24

Usage of showmount command;

Step 2: Create a directory on the client and mount the shared directory

[root@localhost ~]# mkdir /mnt/public
[root@localhost ~]# mkdir /mnt/data
[root@localhost ~]# vim /etc/fstab 
#Mount in this file so that the system can automatically mount every time it starts 192.168.245.128:/public /mnt/public nfs defaults 0 0
	192.168.245.128:/protected /mnt/data nfs defaults 0 1
[root@localhost ~]# mount -a #The file /etc/fstab takes effect

Step 3: Check

[root@mail ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/rhel-root xfs 17G 3.1G 14G 18% /
devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs tmpfs 1.4G 140K 1.4G 1% /dev/shm
tmpfs tmpfs 1.4G 9.1M 1.4G 1% /run
tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 173M 842M 18% /boot
tmpfs tmpfs 280M 32K 280M 1% /run/user/0
/dev/sr0 iso9660 3.6G 3.6G 0 100% /mnt/cdrom
192.168.245.128:/public nfs4 17G 3.7G 14G 22% /mnt/public
192.168.245.128:/protected nfs4 17G 3.7G 14G 22% /mnt/data

Mounting NFS on Windows

Step 1: In Control Panel -> Add Programs and Features -> Add NFS Components

Step 2: Add the nfs address and the folder to be shared in the mapped drive of this computer

Step 3: If there is a problem with permissions

Open the registry: regedit , in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

Create two new OWORD (64) bit values, add the value AnonymousGid , the default value is 0, and AnonymousUid , the default value is 0.

The above is a brief analysis of the NFS server principles and detailed content of the construction and configuration steps. For more information on the principles, construction, and configuration of NFS servers, please pay attention to other related articles on 123WORDPRESS.COM!