Đang tải... (xem toàn văn)
Bài giảng Quản trị Linux này trình bày kiến thức về Network File System. Nội dung chính trong chương này gồm có: How It Works, NFS client configuration, autofs, common NFS mount options, starting and stopping NFS, NFS server configuration, securing NFS, NFS and portmap, using NFS over TCP.
Đặng Thanh Bình Network File System Contents • • • • • • • • • How It Works NFS Client Configuration autofs Common NFS Mount Options Starting and Stopping NFS NFS Server Configuration Securing NFS NFS and portmap Using NFS over TCP Introduction • A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally • This enables system administrators to consolidate resources onto centralized servers on the network • This chapter focuses on fundamental NFS concepts and supplemental information HOW IT WORKS How It Works • Three versions of NFS: – NFS version (NFSv2) is older and is widely supported – NFS version (NFSv3) has more features, including 64bit file handles, Safe Async writes and more robust error handling – NFS version (NFSv4) works through firewalls and on the Internet, no longer requires portmapper, supports ACLs, and utilizes stateful operations How It Works • All versions of NFS can use Transmission Control Protocol (TCP) running over an IP network, with NFSv4 requiring it • NFSv2 and NFSv3 can use the User Datagram Protocol (UDP) running over an IP network to provide a stateless network • NFSv4 has no interaction with portmapper, rpc.mountd, rpc.lockd, and rpc.statd, since protocol support has been incorporated into the v4 protocol How It Works • TCP is the default transport protocol for NFS under Red Hat Enterprise Linux • UDP can be used for compatibility purposes as needed, but is not recommended for wide usage • All the RPC/NFS daemon have a '-p' command line option that can set the port, making firewall configuration easier Working Procedure • Firstly, the client is granted access by TCP wrappers • Secondly, the NFS server refers to its configuration file, /etc/exports, to determine whether the client is allowed to access any of the exported file systems • Once access is granted, all file and directory operations are available to the user Notes • In order for NFS to work with a default installation of Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 2049 must be configured • The NFS initialization script and rpc.nfsd process now allow binding to any specified port during system start up Required Services • nfs: NFS server • nfslock: a mandatory service that starts the appropriate RPC processes to allow NFS clients to lock files on the server • portmap: accepts port reservations from local RPC services autofs Configuration • Configuration file: /etc/auto.master • Lists autofs-controlled mount points on the system, and their corresponding configuration files or network sources known as automount maps • The format of the master map is as follows: – mount-point is the autofs mount point e.g /home – map-name is the name of a map source which contains a list of mount points, and the file system location from which those mount points should be mounted autofs Configuration • Map file structure: • Samples: [] autofs • Run autofs • View the status of the automount daemon COMMON NFS MOUNT OPTIONS Mount Options • fsid=num – Forces the file handle and file attributes settings on the wire to be num • hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft) • noacl — Turns off all ACL processing • nolock — Disables file locking Mount Options • nosuid — Disables set-user-identifier or setgroup-identifier bits • noexec — Prevents execution of binaries on mounted file systems • tcp — Specifies for the NFS mount to use the TCP protocol • udp — Specifies for the NFS mount to use the UDP protocol Mount Options • Using soft mounts is not recommended as they can generate I/O errors in very congested networks or when using a very busy server STARTING AND STOPPING NFS Starting and Stopping NFS • To run an NFS server, the portmap service must be running • To verify that portmap is active, type Starting and Stopping NFS • /sbin/service nfs start • /sbin/service nfs stop • /sbin/service nfs restart • Only restart nfs if it is currently running – /sbin/service nfs condrestart • Reload the NFS server configuration file without restarting the service – /sbin/service nfs reload NFS SERVER CONFIGURATION Configuration File • NFS configuration file: /etc/exports • Structure of a line for an exported file system: () () – : the directory being exported – : host or network to which the export is being shared – : options for that host or network Configuration File • Specifying host names: – Single host • Fully Qualified Domain Name, hostname, or IP address – Wildcards: * or ? • Should not be used with IP addresses; however, it is possible for them to work accidentally if reverse DNS lookups fail • Tend to be more exact than expected – *.example.com as a wildcard allows sales.example.com to access an exported file system, but not bob.sales.example.com – *.example.com and *.*.example.com must be specified to allow both Configuration File • Specifying host names: – IP networks – netgroups — Permits an NIS netgroup name, written as @, to be used Configuration File • Sample of the simplest form of /etc/exports: /exported/directory bob.example.com • Cause no options specified, default options are applied, including: ... Introduction • A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally • This enables system administrators... follows: – mount-point is the autofs mount point e.g /home – map-name is the name of a map source which contains a list of mount points, and the file system location... 0 AUTOFS autofs • Kernel-based automount utility • Components of an automounter: – A kernel module that implements a file system – A user-space daemon performing