NFS Configuration.
To use nfs successfully, you have to configure the server and the client. In this example, the client is 192.168.0.3 and the server is 192.168.0.2. The folder to be shared is /home/sharing, and to be mounted to /mnt on the client
On the server
1. Make directory that you want to use (-p option creates subdirectories also).
# mkdir --p /data/sessions
2. Edit /etc/exports, insert the client machine's ip
#vi /etc/exports
add lines like:
/data/sessions 192.168.0.0/255.255.0.0(rw,sync,no_root_squash) 10.0.0.0/255.0.0.0(rw,sync,no_root_squash)
- Allow rw access from computer nodes to server in a synchronized mode.
- Since no_root_squash is put in the parentheses, the remote root user will not be treated as a root but as a default nfs user.
#/usr/sbin/exportfs -a
This command is to export file system as described in /etc/exports.
3. Edit /etc/hosts.allow
#vi /etc/hosts.allow
Add lines like:
portmap: 192.168.0.0/255.255.0.0, 10.0.0.0/255.0.0.0
4. Let NFS read and make /home available to the network with the exportfs command.
# exportfs -a
5. Make sure the required nfs, nfslock, and portmap daemons are running and configured to start after the next reboot.
# chkconfig nfslock on
# chkconfig nfs on
# chkconfig portmap on
# service portmap start
# service nfslock start
# service nfs start
------------------------------------
On every Client computer
1. Make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.
# chkconfig nfslock on
# chkconfig netfs on
# chkconfig portmap on
# service portmap start
# service netfs start
# service nfslock start
2. Mount the nfs folder from command prompt
# mount 192.168.0.2:/data/sessions /mntnfs/sessions
Check /var/log/messages for any error that might occur
# tailf /var/log/messages
se mount to check if the folder is mounted properly
# mount
This should be the output:
#192.168.0.2:/data/sessions on /mntnfs/sessions type nfs (rw,addr=192.168.0.2)
Edit /etc/fstab to mount the shared folder on boot
# vi /etc/fstab
192.168.0.2:/data/sessions /mntnfs nfs rw,hard,intr 0 0
make sure to mkdir /mntnfs/sessions, or it won’t work. To do it manually, just:
mount nfshostname:/data/sessions /mntnfs/sessions (In our case nfshostname is 192.168.0.2 THE NFS SERVER)
____________________________________________________________________________
NFS FineTuning
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
LABEL=SWAP-sda3 swap swap defaults 0 0
192.168.19.91:/nfsmount/ocr /mntnfs/sessions nfs rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,vers=3,actimeo=0,timeo=600 0 0
NFS Consists of the following:
/etc/exports –> /etc/exports contains all the NFS shares
/usr/sbin/exportfs -r
#exportfs -r is used to synchronize nfsd in memory with the /etc/exports file
#Use exportfs -v to see which shares nfsd is currently exporting
/etc/rc.d/init.d/nfslock - which has 2 parts
/sbin/rpc.lockd
/sbin/rpc.statd
/etc/rc.d/init.d/nfs - which has 3 parts
/usr/sbin/rpc.rquotad
/usr/sbin/rpc.mountd
/usr/sbin/rpc.nfsd
At bare minimum you need to have portmap (or portmapper), mountd (or rpc.mountd), and nfsd (or rpc.nfsd) running; otherwise NFS isn’t running.
The /etc/exports file controls which file systems are exported to remote hosts and specifies options. Blank lines are ignored, comments can be made by starting a line with the hash mark (#), and long lines can be wrapped with a backslash (\). Each exported file system should be on its own individual line, and any lists of authorized hosts placed after an exported file system must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis. Valid host types are gss/krb5gss/krb5i and gss/krb5p.
A line for an exported file system has the following structure:
<export><host1>(<options>) <hostN>(<options>)...In this structure, replace <export> with the directory being exported, replace <host1> with the host or network to which the export is being shared, and replace <options> with the options for that host or network. Additional hosts can be specified in a space separated list.
The following methods can be used to specify host names:
single host — Where one particular host is specified with a fully qualified domain name, hostname, or IP address.
wildcards — Where a * or ? character is used to take into account a grouping of fully qualified domain names that match a particular string of letters. Wildcards should not be used with IP addresses; however, it is possible for them to work accidentally if reverse DNS lookups fail.Be careful when using wildcards with fully qualified domain names, as they tend to be more exact than expected. For example, the use of *.example.com as a wildcard allows sales.example.com to access an exported file system, but not bob.sales.example.com. To match both possibilities both *.example.com and *.*.example.com must be specified.
IP networks — Allows the matching of hosts based on their IP addresses within a larger network. For example, 192.168.0.0/28 allows the first 16 IP addresses, from 192.168.0.0 to 192.168.0.15, to access the exported file system, but not 192.168.0.16 and higher.
netgroups — Permits an NIS netgroup name, written as @<group-name>, to be used. This effectively puts the NIS server in charge of access control for this exported file system, where users can be added and removed from an NIS group without affecting /etc/exports.
In its simplest form, the /etc/exports file only specifies the exported directory and the hosts permitted to access it, as in the following example:
/exported/directory bob.example.comIn the example, bob.example.com can mount /exported/directory/. Because no options are specified in this example, the following default NFS options take effect:
ro — Mounts of the exported file system are read-only. Remote hosts are not able to make changes to the data shared on the file system. To allow hosts to make changes to the file system, the read/write (rw) option must be specified.
wdelay — Causes the NFS server to delay writing to the disk if it suspects another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. The no_wdelay option turns off this feature, but is only available when using the sync option.
root_squash — Prevents root users connected remotely from having root privileges and assigns them the user ID for the user nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the remote server. Alternatively, the no_root_squash option turns off root squashing. To squash every remote user, including root, use the all_squash option. To specify the user and group IDs to use with remote users from a particular host, use the anonuid and anongid options, respectively. In this case, a special user account can be created for remote NFS users to share and specify (anonuid=<uid-value>,anongid=<gid-value>), where <uid-value> is the user ID number and <gid-value> is the group ID number.
Important
By default, access control lists (ACLs) are supported by NFS under Red Hat Enterprise Linux. To disable this feature, specify the no_acl option when exporting the file system.
Each default for every exported file system must be explicitly overridden. For example, if the rw option is not specified, then the exported file system is shared as read-only. The following is a sample line from /etc/exports which overrides two default options:
/another/exported/directory 192.168.0.3(rw,sync)In this example 192.168.0.3 can mount /another/exported/directory/ read/write and all transfers to disk are committed to the disk before the write request by the client is completed.
Additionally, other options are available where no default value is specified. These include the ability to disable sub-tree checking, allow access from insecure ports, and allow insecure file locks (necessary for certain early NFS client implementations). Refer to the exports man page for details on these lesser used options.
Warning
The format of the /etc/exports file is very precise, particularly in regards to use of the space character. Remember to always separate exported file systems from hosts and hosts from one another with a space character. However, there should be no other space characters in the file except on comment lines.
For example, the following two lines do not mean the same thing:
/home bob.example.com(rw) /home bob.example.com (rw)
The first line allows only users from bob.example.com read/write access to the /home directory. The second line allows users from bob.example.com to mount the directory as read-only (the default), while the rest of the world can mount it read/write.
No comments:
Post a Comment