配置NFS共享存儲(chǔ)并固定端口
服務(wù)端服務(wù)器配置
環(huán)境準(zhǔn)備:
關(guān)閉防火墻及selinux
# 防火墻
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已經(jīng)關(guān)閉择懂,需要重啟系統(tǒng)才能永久生效
1.安裝服務(wù)端 ip:192.168.100.86
[root@anolis8 ~]# rpm -qa nfs-utils rpcbind #查看是否安裝
[root@anolis8 ~]# yum install -y nfs-utils rpcbind
Repository epel is listed more than once in the configuration
上次元數(shù)據(jù)過期檢查:0:36:34 前后裸,執(zhí)行于 2022年12月20日 星期二 15時(shí)58分09秒庸娱。
依賴關(guān)系解決铃拇。
============================================================================================================================================================================
軟件包 架構(gòu) 版本 倉庫 大小
============================================================================================================================================================================
安裝:
nfs-utils x86_64 1:2.3.3-51.0.1.an8 BaseOS 503 k
rpcbind x86_64 1.2.5-8.an8 BaseOS 69 k
安裝依賴關(guān)系:
gssproxy x86_64 0.8.0-20.an8 BaseOS 118 k
keyutils x86_64 1.5.10-9.an8 BaseOS 65 k
libverto-libevent x86_64 0.3.0-5.el8 BaseOS 15 k
python3-pyyaml x86_64 3.12-12.el8 BaseOS 192 k
quota x86_64 1:4.04-14.an8 BaseOS 213 k
quota-nls noarch 1:4.04-14.an8 BaseOS 94 k
事務(wù)概要
============================================================================================================================================================================
安裝 8 軟件包
總下載:1.2 M
安裝大刑┏ァ:3.8 M
下載軟件包:
(1/8): libverto-libevent-0.3.0-5.el8.x86_64.rpm 90 kB/s | 15 kB 00:00
(2/8): gssproxy-0.8.0-20.an8.x86_64.rpm 491 kB/s | 118 kB 00:00
(3/8): nfs-utils-2.3.3-51.0.1.an8.x86_64.rpm 2.1 MB/s | 503 kB 00:00
(4/8): python3-pyyaml-3.12-12.el8.x86_64.rpm 1.2 MB/s | 192 kB 00:00
(5/8): keyutils-1.5.10-9.an8.x86_64.rpm 160 kB/s | 65 kB 00:00
(6/8): rpcbind-1.2.5-8.an8.x86_64.rpm 701 kB/s | 69 kB 00:00
(7/8): quota-4.04-14.an8.x86_64.rpm 1.0 MB/s | 213 kB 00:00
(8/8): quota-nls-4.04-14.an8.noarch.rpm 268 kB/s | 94 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
總計(jì) 1.6 MB/s | 1.2 MB 00:00
運(yùn)行事務(wù)檢查
事務(wù)檢查成功。
運(yùn)行事務(wù)測試
事務(wù)測試成功铸豁。
運(yùn)行事務(wù)
準(zhǔn)備中 : 1/1
運(yùn)行腳本: rpcbind-1.2.5-8.an8.x86_64 1/8
安裝 : rpcbind-1.2.5-8.an8.x86_64 1/8
運(yùn)行腳本: rpcbind-1.2.5-8.an8.x86_64 1/8
安裝 : quota-nls-1:4.04-14.an8.noarch 2/8
安裝 : quota-1:4.04-14.an8.x86_64 3/8
安裝 : python3-pyyaml-3.12-12.el8.x86_64 4/8
安裝 : libverto-libevent-0.3.0-5.el8.x86_64 5/8
安裝 : gssproxy-0.8.0-20.an8.x86_64 6/8
運(yùn)行腳本: gssproxy-0.8.0-20.an8.x86_64 6/8
安裝 : keyutils-1.5.10-9.an8.x86_64 7/8
運(yùn)行腳本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
安裝 : nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
運(yùn)行腳本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
驗(yàn)證 : gssproxy-0.8.0-20.an8.x86_64 1/8
驗(yàn)證 : keyutils-1.5.10-9.an8.x86_64 2/8
驗(yàn)證 : libverto-libevent-0.3.0-5.el8.x86_64 3/8
驗(yàn)證 : nfs-utils-1:2.3.3-51.0.1.an8.x86_64 4/8
驗(yàn)證 : python3-pyyaml-3.12-12.el8.x86_64 5/8
驗(yàn)證 : quota-1:4.04-14.an8.x86_64 6/8
驗(yàn)證 : quota-nls-1:4.04-14.an8.noarch 7/8
驗(yàn)證 : rpcbind-1.2.5-8.an8.x86_64 8/8
已安裝:
gssproxy-0.8.0-20.an8.x86_64 keyutils-1.5.10-9.an8.x86_64 libverto-libevent-0.3.0-5.el8.x86_64 nfs-utils-1:2.3.3-51.0.1.an8.x86_64 python3-pyyaml-3.12-12.el8.x86_64
quota-1:4.04-14.an8.x86_64 quota-nls-1:4.04-14.an8.noarch rpcbind-1.2.5-8.an8.x86_64
完畢灌曙!
- 無論客戶端,服務(wù)端节芥,需要使用NFS平匈,必須安裝RPC服務(wù)。NFS的RPC服務(wù)藏古,在Centos5下名為portmap,Centos6下名稱為rpcbind增炭。Centos7下名稱為rpcbind。anolis8下名稱為rpcbind.service拧晕。
2隙姿。啟動(dòng)rpcbind服務(wù)
- 查看服務(wù)狀態(tài)
[root@anolis8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:rpcbind(8)
- 如果不知道rpcbind命令在哪
[root@anolis8 ~]# which rpcbind
/usr/bin/rpcbind
- 啟動(dòng)rpc服務(wù)
[root@anolis8 ~]# systemctl restart rpcbind.service
[root@anolis8 ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-12-21 10:20:40 CST; 5s ago
Docs: man:rpcbind(8)
Main PID: 20777 (rpcbind)
Tasks: 1 (limit: 24888)
Memory: 1.5M
CGroup: /system.slice/rpcbind.service
└─20777 /usr/bin/rpcbind -w -f
12月 21 10:20:40 anolis8 systemd[1]: Starting RPC Bind...
12月 21 10:20:40 anolis8 systemd[1]: Started RPC Bind.
- 查看rpc
[root@anolis8 ~]# lsof -i :111
-bash: lsof: 未找到命令
[root@anolis8 ~]# yum install lsof
Repository epel is listed more than once in the configuration
上次元數(shù)據(jù)過期檢查:4:13:35 前,執(zhí)行于 2022年12月21日 星期三 06時(shí)12分30秒厂捞。
依賴關(guān)系解決输玷。
============================================================================================================================================================================
軟件包 架構(gòu) 版本 倉庫 大小
============================================================================================================================================================================
安裝:
lsof x86_64 4.93.2-1.0.1.an8 BaseOS 131 k
事務(wù)概要
============================================================================================================================================================================
安裝 1 軟件包
總下載:131 k
安裝大小:212 k
確定嗎靡馁?[y/N]: y
下載軟件包:
lsof-4.93.2-1.0.1.an8.x86_64.rpm 646 kB/s | 131 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
總計(jì) 630 kB/s | 131 kB 00:00
運(yùn)行事務(wù)檢查
事務(wù)檢查成功欲鹏。
運(yùn)行事務(wù)測試
事務(wù)測試成功。
運(yùn)行事務(wù)
準(zhǔn)備中 : 1/1
安裝 : lsof-4.93.2-1.0.1.an8.x86_64 1/1
運(yùn)行腳本: lsof-4.93.2-1.0.1.an8.x86_64 1/1
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
驗(yàn)證 : lsof-4.93.2-1.0.1.an8.x86_64 1/1
已安裝:
lsof-4.93.2-1.0.1.an8.x86_64
完畢臭墨!
[root@anolis8 ~]# lsof -i :111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 58u IPv4 35868 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 59u IPv4 35869 0t0 UDP *:sunrpc
systemd 1 root 61u IPv6 35870 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 63u IPv6 35871 0t0 UDP *:sunrpc
rpcbind 20777 rpc 4u IPv4 35868 0t0 TCP *:sunrpc (LISTEN)
rpcbind 20777 rpc 5u IPv4 35869 0t0 UDP *:sunrpc
rpcbind 20777 rpc 6u IPv6 35870 0t0 TCP *:sunrpc (LISTEN)
rpcbind 20777 rpc 7u IPv6 35871 0t0 UDP *:sunrpc
[root@anolis8 ~]# netstat -lntup|grep rpcbind
[root@anolis8 ~]#
- 查看nfs服務(wù)向rpc注冊的端口信息
[root@anolis8 ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
- 設(shè)置rpcbind是否開機(jī)啟動(dòng)
[root@anolis8 ~]# systemctl enable rpcbind.service
3.啟動(dòng)NFS服務(wù)
centos7下nfs服務(wù)名稱是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服務(wù)名稱是/usr/lib/systemd/system/nfs-server.service
#啟動(dòng)服務(wù)赔嚎,查看狀態(tài)
[root@anolis8 ~]# systemctl start nfs-server.service
[root@anolis8 ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Wed 2022-12-21 14:11:13 CST; 8s ago
Process: 21698 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
Process: 21685 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 21683 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 21698 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 24888)
Memory: 0B
CGroup: /system.slice/nfs-server.service
12月 21 14:11:13 anolis8 systemd[1]: Starting NFS server and services...
12月 21 14:11:13 anolis8 systemd[1]: Started NFS server and services.
設(shè)置nfs開機(jī)啟動(dòng)
[root@anolis8 ~]# systemctl enable nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服務(wù)啟動(dòng)時(shí)會(huì)隨機(jī)使用端口向RPC服務(wù)進(jìn)行注冊,共享存儲(chǔ)開啟了多個(gè)端口胧弛,除了111尤误、2049端口是固定的,其他端口每次啟動(dòng)都會(huì)隨機(jī)生成结缚,所以要啟用防火墻损晤,就需要將所有的端口固定。
配置NFS端口
1.修改/etc/nfs.conf文件红竭,將以下port的屬性都打開尤勋,且改為固定值
[root@localhost ~]# vim /etc/nfs.conf
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改這個(gè)文件后啟動(dòng)NFS(見下節(jié))并執(zhí)行:
[root@anolis8 ~]# systemctl restart rpcbind.service
[root@anolis8 ~]# systemctl restart nfs-server.service
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59718 nlockmgr
100021 3 udp 59718 nlockmgr
100021 4 udp 59718 nlockmgr
100021 1 tcp 35823 nlockmgr
100021 3 tcp 35823 nlockmgr
100021 4 tcp 35823 nlockmgr
會(huì)發(fā)現(xiàn)nlockmgr這個(gè)服務(wù)的端口并不是上面修改的值(30002),這時(shí)候就要執(zhí)行以下命令:
cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf # 設(shè)置nlockmgr服務(wù)端口為30002
[root@anolis8 ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#socket的監(jiān)聽隊(duì)列的長度
net.core.somaxconn= 2048
#允許分配所有無理內(nèi)存
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
# 刷新配置
[root@anolis8 ~]# sysctl -p
net.core.somaxconn = 2048
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59718 nlockmgr
100021 3 udp 59718 nlockmgr
100021 4 udp 59718 nlockmgr
100021 1 tcp 35823 nlockmgr
100021 3 tcp 35823 nlockmgr
100021 4 tcp 35823 nlockmgr
[root@anolis8 ~]# systemctl restart nfs-server.service
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 30002 nlockmgr
100021 3 udp 30002 nlockmgr
100021 4 udp 30002 nlockmgr
100021 1 tcp 30002 nlockmgr
100021 3 tcp 30002 nlockmgr
100021 4 tcp 30002 nlockmgr
- 注意這個(gè)端口值不要和上面/etc/nfs.conf文件的標(biāo)簽下的除 [lockd]下的其他port使用相同值茵宪,否則無法啟動(dòng)NFS
2.配置安全組規(guī)則
如果是阿里云或者其他帶有安全組的云服務(wù)器最冰,則需要配置一下安全組的規(guī)則,將NFS使用到的端口放行眉厨。
即上面設(shè)置的固定端口都需要放行锌奴,主要TCP和UDP需要分開放行。除了設(shè)置的幾個(gè)固定端口憾股,還需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
參考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行這些端口鹿蜀,會(huì)在客戶端掛載時(shí): 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 報(bào)錯(cuò):mount.nfs: Connection timed out
放開以上指定的端口箕慧,tcp和udp都要放開。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新啟動(dòng)服務(wù)器茴恰,重啟服務(wù)以上配置的端口不能生效颠焦,所以選擇重啟服務(wù)器。
[root@localhost ~]#reboot
4.NFS服務(wù)端配置
修改exports文件
[root@anolis8 ~]# vim /etc/exports
添加如下內(nèi)容
/data/test 192.168.100.91(rw,sync,all_squash)
/data 10.0.20.10(rw,sync,all_squash) 10.0.20.11(rw,sync,all_squash) 10.0.20.13(rw,sync,all_squash) 10.0.20.14(rw,sync,all_squash) 10.0.20.15(rw,sync,all_squash) 10.0.20.18(rw,sync,all_squash) 10.0.20.19(rw,sync,all_squash)
內(nèi)容格式說明:
NFS共享的目錄 NFS客戶端地址1(參數(shù)1,參數(shù)2,...) 客戶端地址2(參數(shù)1,參數(shù)2,...)
ro:目錄只讀
rw:目錄讀寫
sync:將數(shù)據(jù)同步寫入內(nèi)存緩沖區(qū)與磁盤中往枣,效率低伐庭,但可以保證數(shù)據(jù)的一致性
async:將數(shù)據(jù)先保存在內(nèi)存緩沖區(qū)中,必要時(shí)才寫入磁盤
all_squash:將遠(yuǎn)程訪問的所有普通用戶及所屬組都映射為匿名用戶或用戶組(nobody)
no_all_squash:與all_squash取反(默認(rèn)設(shè)置)
root_squash:將root用戶及所屬組都映射為匿名用戶或用戶組(默認(rèn)設(shè)置)
no_root_squash:如果你想要開放客戶端使用 root 身份來操作服務(wù)器的文件系統(tǒng)分冈,那么這里就得要開 no_root_squash才行
anonuid=xxx:將遠(yuǎn)程訪問的所有用戶都映射為匿名用戶圾另,并指定該用戶為本地用戶(UID=xxx)
anongid=xxx:將遠(yuǎn)程訪問的所有用戶組都映射為匿名用戶組賬戶
創(chuàng)建共享目錄
[root@anolis8 ~]# mkdir -p /data/test
[root@anolis8 ~]# chown nobody.nobody /data/test #為目錄授權(quán)
重新加載NFS配置(exports文件)
[root@anolis8 ~]# exportfs -rv
exporting 192.168.100.91:/data/test
客戶端服務(wù)器配置
192.168.100.91
環(huán)境準(zhǔn)備:
關(guān)閉防火墻及selinux
# 防火墻
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已經(jīng)關(guān)閉,需要重啟系統(tǒng)才能永久生效
-
安裝NFS
[root@localhost ~]# rpm -qa nfs-utils rpcbind #查看是否安裝
[root@localhost ~]# yum install -y nfs-utils rpcbind # 安裝nfs雕沉,rpcbind
#啟動(dòng)rpcbind.service
[root@localhost ~]# systemctl start rpcbind.service
[root@localhost ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-12-22 01:17:55 CST; 3s ago
Docs: man:rpcbind(8)
Main PID: 13172 (rpcbind)
Tasks: 1 (limit: 23664)
Memory: 1.5M
CGroup: /system.slice/rpcbind.service
└─13172 /usr/bin/rpcbind -w -f
12月 22 01:17:55 localhost.localdomain systemd[1]: Starting RPC Bind...
12月 22 01:17:55 localhost.localdomain systemd[1]: Started RPC Bind.
#rpcbind命令在哪
[root@localhost ~]# which rpcbind
/usr/sbin/rpcbind
#查看rpc
[root@localhost ~]# lsof -i :111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 102u IPv4 90837 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 103u IPv4 90838 0t0 UDP *:sunrpc
systemd 1 root 104u IPv6 90839 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 105u IPv6 90840 0t0 UDP *:sunrpc
rpcbind 13172 rpc 4u IPv4 90837 0t0 TCP *:sunrpc (LISTEN)
rpcbind 13172 rpc 5u IPv4 90838 0t0 UDP *:sunrpc
rpcbind 13172 rpc 6u IPv6 90839 0t0 TCP *:sunrpc (LISTEN)
rpcbind 13172 rpc 7u IPv6 90840 0t0 UDP *:sunrpc
查看nfs服務(wù)向rpc注冊的端口信息
[root@localhost ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
設(shè)置rpcbind是否開機(jī)啟動(dòng)
[root@localhost ~]# systemctl enable rpcbind.service
3.啟動(dòng)NFS服務(wù)
centos7下nfs服務(wù)名稱是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服務(wù)名稱是/usr/lib/systemd/system/nfs-server.service
#啟動(dòng)服務(wù)集乔,查看狀態(tài)
[root@localhost ~]# systemctl status nfs-server.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@localhost ~]# systemctl start nfs-server.service
[root@localhost ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Thu 2022-12-22 17:01:39 CST; 4s ago
Process: 14174 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
Process: 14162 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 14160 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 14174 (code=exited, status=0/SUCCESS)
12月 22 17:01:39 localhost.localdomain systemd[1]: Starting NFS server and services...
12月 22 17:01:39 localhost.localdomain systemd[1]: Started NFS server and services.
設(shè)置nfs開機(jī)啟動(dòng)
[root@localhost ~]# systemctl enable nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服務(wù)啟動(dòng)時(shí)會(huì)隨機(jī)使用端口向RPC服務(wù)進(jìn)行注冊坡椒,共享存儲(chǔ)開啟了多個(gè)端口,除了111倔叼、2049端口是固定的,其他端口每次啟動(dòng)都會(huì)隨機(jī)生成丈攒,所以要啟用防火墻,就需要將所有的端口固定肥印。
配置NFS端口
1.修改/etc/nfs.conf文件识椰,將以下port的屬性都打開绝葡,且改為固定值
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改這個(gè)文件后啟動(dòng)NFS(見下節(jié))并執(zhí)行:
[root@localhost ~]# systemctl restart rpcbind.service
[root@localhost ~]# systemctl restart nfs-server.service
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 46098 nlockmgr
100021 3 udp 46098 nlockmgr
100021 4 udp 46098 nlockmgr
100021 1 tcp 35393 nlockmgr
100021 3 tcp 35393 nlockmgr
100021 4 tcp 35393 nlockmgr
會(huì)發(fā)現(xiàn)nlockmgr這個(gè)服務(wù)的端口并不是上面修改的值(30002)深碱,這時(shí)候就要執(zhí)行以下命令:
[root@localhost ~]# cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
[root@localhost ~]# sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
[root@localhost ~]# sysctl -p
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59952 nlockmgr
100021 3 udp 59952 nlockmgr
100021 4 udp 59952 nlockmgr
100021 1 tcp 37209 nlockmgr
100021 3 tcp 37209 nlockmgr
100021 4 tcp 37209 nlockmgr
[root@localhost ~]# systemctl restart nfs-server.service
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 30002 nlockmgr
100021 3 udp 30002 nlockmgr
100021 4 udp 30002 nlockmgr
100021 1 tcp 30002 nlockmgr
100021 3 tcp 30002 nlockmgr
100021 4 tcp 30002 nlockmgr
- 注意這個(gè)端口值不要和上面/etc/nfs.conf文件的標(biāo)簽下的除 [lockd]下的其他port使用相同值,否則無法啟動(dòng)NFS
2.配置安全組規(guī)則
如果是阿里云或者其他帶有安全組的云服務(wù)器藏畅,則需要配置一下安全組的規(guī)則敷硅,將NFS使用到的端口放行。
即上面設(shè)置的固定端口都需要放行愉阎,主要TCP和UDP需要分開放行绞蹦。除了設(shè)置的幾個(gè)固定端口,還需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
參考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行這些端口榜旦,會(huì)在客戶端掛載時(shí): 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 報(bào)錯(cuò):mount.nfs: Connection timed out
放開以上指定的端口幽七,tcp和udp都要放開。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新啟動(dòng)服務(wù)器溅呢,重啟服務(wù)以上配置的端口不能生效澡屡,所以選擇重啟服務(wù)器猿挚。
[root@localhost ~]#reboot
4.掛載目錄
查看可掛載目錄
[root@localhost ~]# showmount -e 192.168.100.86
Export list for 192.168.100.86:
/data/test 192.168.100.91
新建本地目錄
[root@localhost]# mkdir /data
掛載服務(wù)器目錄到本機(jī)目錄
[root@localhost ~]# mount -t nfs 192.168.100.86:/data/test /data
[root@localhost ~]# df -h
文件系統(tǒng) 容量 已用 可用 已用% 掛載點(diǎn)
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
測試
在目錄中新建文件,在各服務(wù)器上查看該目錄內(nèi)是否同步出現(xiàn)驶鹉,編輯文件绩蜻,測試各服務(wù)器是否可以同步寫入信息。
[root@localhost ~]# echo "6666"> /data/1.txt
[root@localhost ~]# ll /data/
總用量 4
-rw-r--r--. 1 nobody nobody 5 12月 22 10:28 1.txt
[root@anolis8 ~]# cat /data/test/1.txt
6666
[root@anolis8 ~]# echo "7777" >> /data/test/1.txt
[root@anolis8 ~]# cat /data/test/1.txt
6666
7777
[root@localhost ~]# cat /data/1.txt
6666
7777
- 編輯/etc/fstab室埋,開機(jī)自動(dòng)掛載
[root@localhost ~]# vim /etc/fstab
# 在結(jié)尾添加如下一行
192.168.100.86:/data/test /data nfs defaults 0 0
[root@localhost ~]# umount /data
[root@localhost ~]# df -h
文件系統(tǒng) 容量 已用 可用 已用% 掛載點(diǎn)
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
[root@localhost ~]# mount -a
[root@localhost ~]# df -h
文件系統(tǒng) 容量 已用 可用 已用% 掛載點(diǎn)
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
重啟系統(tǒng)測試
[root@localhost ~]# reboot
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(anolist8-web) at 10:34:34.
Type `help' to learn how to use Xshell prompt.
[c:\~]$
Connecting to 192.168.100.91:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Wed Dec 21 18:04:42 2022 from 192.168.100.52
[root@localhost ~]# df -h
文件系統(tǒng) 容量 已用 可用 已用% 掛載點(diǎn)
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
tmpfs 374M 0 374M 0% /run/user/0
mount -a
其中-a參數(shù)的含義是:
-a, –all mount all filesystems mentioned in fstab
參考文獻(xiàn):https://blog.csdn.net/qq_46237915/article/details/121162542
1.NFS的客戶端中:nfsstat -m
中的vers=4.0確定NFS版本是4办绝。
2.NFS服務(wù)器中:nfsstat -s
中的Server nfs v4確定NFS版本的確是4
