配置NFS共享存储并固定端口
服务端服务器配置
环境准备:
关闭防火墙及selinux
# 防火墙
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已经关闭,需要重启系统才能永久生效
1.安装服务端 ip:192.168.100.86
[root@anolis8 ~]# rpm -qa nfs-utils rpcbind #查看是否安装
[root@anolis8 ~]# yum install -y nfs-utils rpcbind
Repository epel is listed more than once in the configuration
上次元数据过期检查:0:36:34 前,执行于 2022年12月20日 星期二 15时58分09秒。
依赖关系解决。
============================================================================================================================================================================
软件包 架构 版本 仓库 大小
============================================================================================================================================================================
安装:
nfs-utils x86_64 1:2.3.3-51.0.1.an8 BaseOS 503 k
rpcbind x86_64 1.2.5-8.an8 BaseOS 69 k
安装依赖关系:
gssproxy x86_64 0.8.0-20.an8 BaseOS 118 k
keyutils x86_64 1.5.10-9.an8 BaseOS 65 k
libverto-libevent x86_64 0.3.0-5.el8 BaseOS 15 k
python3-pyyaml x86_64 3.12-12.el8 BaseOS 192 k
quota x86_64 1:4.04-14.an8 BaseOS 213 k
quota-nls noarch 1:4.04-14.an8 BaseOS 94 k
事务概要
============================================================================================================================================================================
安装 8 软件包
总下载:1.2 M
安装大小:3.8 M
下载软件包:
(1/8): libverto-libevent-0.3.0-5.el8.x86_64.rpm 90 kB/s | 15 kB 00:00
(2/8): gssproxy-0.8.0-20.an8.x86_64.rpm 491 kB/s | 118 kB 00:00
(3/8): nfs-utils-2.3.3-51.0.1.an8.x86_64.rpm 2.1 MB/s | 503 kB 00:00
(4/8): python3-pyyaml-3.12-12.el8.x86_64.rpm 1.2 MB/s | 192 kB 00:00
(5/8): keyutils-1.5.10-9.an8.x86_64.rpm 160 kB/s | 65 kB 00:00
(6/8): rpcbind-1.2.5-8.an8.x86_64.rpm 701 kB/s | 69 kB 00:00
(7/8): quota-4.04-14.an8.x86_64.rpm 1.0 MB/s | 213 kB 00:00
(8/8): quota-nls-4.04-14.an8.noarch.rpm 268 kB/s | 94 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计 1.6 MB/s | 1.2 MB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
运行脚本: rpcbind-1.2.5-8.an8.x86_64 1/8
安装 : rpcbind-1.2.5-8.an8.x86_64 1/8
运行脚本: rpcbind-1.2.5-8.an8.x86_64 1/8
安装 : quota-nls-1:4.04-14.an8.noarch 2/8
安装 : quota-1:4.04-14.an8.x86_64 3/8
安装 : python3-pyyaml-3.12-12.el8.x86_64 4/8
安装 : libverto-libevent-0.3.0-5.el8.x86_64 5/8
安装 : gssproxy-0.8.0-20.an8.x86_64 6/8
运行脚本: gssproxy-0.8.0-20.an8.x86_64 6/8
安装 : keyutils-1.5.10-9.an8.x86_64 7/8
运行脚本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
安装 : nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
运行脚本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64 8/8
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
验证 : gssproxy-0.8.0-20.an8.x86_64 1/8
验证 : keyutils-1.5.10-9.an8.x86_64 2/8
验证 : libverto-libevent-0.3.0-5.el8.x86_64 3/8
验证 : nfs-utils-1:2.3.3-51.0.1.an8.x86_64 4/8
验证 : python3-pyyaml-3.12-12.el8.x86_64 5/8
验证 : quota-1:4.04-14.an8.x86_64 6/8
验证 : quota-nls-1:4.04-14.an8.noarch 7/8
验证 : rpcbind-1.2.5-8.an8.x86_64 8/8
已安装:
gssproxy-0.8.0-20.an8.x86_64 keyutils-1.5.10-9.an8.x86_64 libverto-libevent-0.3.0-5.el8.x86_64 nfs-utils-1:2.3.3-51.0.1.an8.x86_64 python3-pyyaml-3.12-12.el8.x86_64
quota-1:4.04-14.an8.x86_64 quota-nls-1:4.04-14.an8.noarch rpcbind-1.2.5-8.an8.x86_64
完毕!
- 无论客户端,服务端,需要使用NFS,必须安装RPC服务。NFS的RPC服务,在Centos5下名为portmap,Centos6下名称为rpcbind。Centos7下名称为rpcbind。anolis8下名称为rpcbind.service。
2。启动rpcbind服务
- 查看服务状态
[root@anolis8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:rpcbind(8)
- 如果不知道rpcbind命令在哪
[root@anolis8 ~]# which rpcbind
/usr/bin/rpcbind
- 启动rpc服务
[root@anolis8 ~]# systemctl restart rpcbind.service
[root@anolis8 ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-12-21 10:20:40 CST; 5s ago
Docs: man:rpcbind(8)
Main PID: 20777 (rpcbind)
Tasks: 1 (limit: 24888)
Memory: 1.5M
CGroup: /system.slice/rpcbind.service
└─20777 /usr/bin/rpcbind -w -f
12月 21 10:20:40 anolis8 systemd[1]: Starting RPC Bind...
12月 21 10:20:40 anolis8 systemd[1]: Started RPC Bind.
- 查看rpc
[root@anolis8 ~]# lsof -i :111
-bash: lsof: 未找到命令
[root@anolis8 ~]# yum install lsof
Repository epel is listed more than once in the configuration
上次元数据过期检查:4:13:35 前,执行于 2022年12月21日 星期三 06时12分30秒。
依赖关系解决。
============================================================================================================================================================================
软件包 架构 版本 仓库 大小
============================================================================================================================================================================
安装:
lsof x86_64 4.93.2-1.0.1.an8 BaseOS 131 k
事务概要
============================================================================================================================================================================
安装 1 软件包
总下载:131 k
安装大小:212 k
确定吗?[y/N]: y
下载软件包:
lsof-4.93.2-1.0.1.an8.x86_64.rpm 646 kB/s | 131 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计 630 kB/s | 131 kB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : lsof-4.93.2-1.0.1.an8.x86_64 1/1
运行脚本: lsof-4.93.2-1.0.1.an8.x86_64 1/1
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
验证 : lsof-4.93.2-1.0.1.an8.x86_64 1/1
已安装:
lsof-4.93.2-1.0.1.an8.x86_64
完毕!
[root@anolis8 ~]# lsof -i :111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 58u IPv4 35868 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 59u IPv4 35869 0t0 UDP *:sunrpc
systemd 1 root 61u IPv6 35870 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 63u IPv6 35871 0t0 UDP *:sunrpc
rpcbind 20777 rpc 4u IPv4 35868 0t0 TCP *:sunrpc (LISTEN)
rpcbind 20777 rpc 5u IPv4 35869 0t0 UDP *:sunrpc
rpcbind 20777 rpc 6u IPv6 35870 0t0 TCP *:sunrpc (LISTEN)
rpcbind 20777 rpc 7u IPv6 35871 0t0 UDP *:sunrpc
[root@anolis8 ~]# netstat -lntup|grep rpcbind
[root@anolis8 ~]#
- 查看nfs服务向rpc注册的端口信息
[root@anolis8 ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
- 设置rpcbind是否开机启动
[root@anolis8 ~]# systemctl enable rpcbind.service
3.启动NFS服务
centos7下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
#启动服务,查看状态
[root@anolis8 ~]# systemctl start nfs-server.service
[root@anolis8 ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Wed 2022-12-21 14:11:13 CST; 8s ago
Process: 21698 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
Process: 21685 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 21683 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 21698 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 24888)
Memory: 0B
CGroup: /system.slice/nfs-server.service
12月 21 14:11:13 anolis8 systemd[1]: Starting NFS server and services...
12月 21 14:11:13 anolis8 systemd[1]: Started NFS server and services.
设置nfs开机启动
[root@anolis8 ~]# systemctl enable nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服务启动时会随机使用端口向RPC服务进行注册,共享存储开启了多个端口,除了111、2049端口是固定的,其他端口每次启动都会随机生成,所以要启用防火墙,就需要将所有的端口固定。
配置NFS端口
1.修改/etc/nfs.conf文件,将以下port的属性都打开,且改为固定值
[root@localhost ~]# vim /etc/nfs.conf
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改这个文件后启动NFS(见下节)并执行:
[root@anolis8 ~]# systemctl restart rpcbind.service
[root@anolis8 ~]# systemctl restart nfs-server.service
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59718 nlockmgr
100021 3 udp 59718 nlockmgr
100021 4 udp 59718 nlockmgr
100021 1 tcp 35823 nlockmgr
100021 3 tcp 35823 nlockmgr
100021 4 tcp 35823 nlockmgr
会发现nlockmgr这个服务的端口并不是上面修改的值(30002),这时候就要执行以下命令:
cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf # 设置nlockmgr服务端口为30002
[root@anolis8 ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#socket的监听队列的长度
net.core.somaxconn= 2048
#允许分配所有无理内存
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
# 刷新配置
[root@anolis8 ~]# sysctl -p
net.core.somaxconn = 2048
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59718 nlockmgr
100021 3 udp 59718 nlockmgr
100021 4 udp 59718 nlockmgr
100021 1 tcp 35823 nlockmgr
100021 3 tcp 35823 nlockmgr
100021 4 tcp 35823 nlockmgr
[root@anolis8 ~]# systemctl restart nfs-server.service
[root@anolis8 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47506 status
100024 1 tcp 38351 status
100005 1 udp 30003 mountd
100005 1 tcp 30003 mountd
100005 2 udp 30003 mountd
100005 2 tcp 30003 mountd
100005 3 udp 30003 mountd
100005 3 tcp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 30002 nlockmgr
100021 3 udp 30002 nlockmgr
100021 4 udp 30002 nlockmgr
100021 1 tcp 30002 nlockmgr
100021 3 tcp 30002 nlockmgr
100021 4 tcp 30002 nlockmgr
- 注意这个端口值不要和上面/etc/nfs.conf文件的标签下的除 [lockd]下的其他port使用相同值,否则无法启动NFS
2.配置安全组规则
如果是阿里云或者其他带有安全组的云服务器,则需要配置一下安全组的规则,将NFS使用到的端口放行。
即上面设置的固定端口都需要放行,主要TCP和UDP需要分开放行。除了设置的几个固定端口,还需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
参考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行这些端口,会在客户端挂载时: 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 报错:mount.nfs: Connection timed out
放开以上指定的端口,tcp和udp都要放开。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新启动服务器,重启服务以上配置的端口不能生效,所以选择重启服务器。
[root@localhost ~]#reboot
4.NFS服务端配置
修改exports文件
[root@anolis8 ~]# vim /etc/exports
添加如下内容
/data/test 192.168.100.91(rw,sync,all_squash)
/data 10.0.20.10(rw,sync,all_squash) 10.0.20.11(rw,sync,all_squash) 10.0.20.13(rw,sync,all_squash) 10.0.20.14(rw,sync,all_squash) 10.0.20.15(rw,sync,all_squash) 10.0.20.18(rw,sync,all_squash) 10.0.20.19(rw,sync,all_squash)
内容格式说明:
NFS共享的目录 NFS客户端地址1(参数1,参数2,...) 客户端地址2(参数1,参数2,...)
ro:目录只读
rw:目录读写
sync:将数据同步写入内存缓冲区与磁盘中,效率低,但可以保证数据的一致性
async:将数据先保存在内存缓冲区中,必要时才写入磁盘
all_squash:将远程访问的所有普通用户及所属组都映射为匿名用户或用户组(nobody)
no_all_squash:与all_squash取反(默认设置)
root_squash:将root用户及所属组都映射为匿名用户或用户组(默认设置)
no_root_squash:如果你想要开放客户端使用 root 身份来操作服务器的文件系统,那么这里就得要开 no_root_squash才行
anonuid=xxx:将远程访问的所有用户都映射为匿名用户,并指定该用户为本地用户(UID=xxx)
anongid=xxx:将远程访问的所有用户组都映射为匿名用户组账户
创建共享目录
[root@anolis8 ~]# mkdir -p /data/test
[root@anolis8 ~]# chown nobody.nobody /data/test #为目录授权
重新加载NFS配置(exports文件)
[root@anolis8 ~]# exportfs -rv
exporting 192.168.100.91:/data/test
客户端服务器配置
192.168.100.91
环境准备:
关闭防火墙及selinux
# 防火墙
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已经关闭,需要重启系统才能永久生效
-
安装NFS
[root@localhost ~]# rpm -qa nfs-utils rpcbind #查看是否安装
[root@localhost ~]# yum install -y nfs-utils rpcbind # 安装nfs,rpcbind
#启动rpcbind.service
[root@localhost ~]# systemctl start rpcbind.service
[root@localhost ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-12-22 01:17:55 CST; 3s ago
Docs: man:rpcbind(8)
Main PID: 13172 (rpcbind)
Tasks: 1 (limit: 23664)
Memory: 1.5M
CGroup: /system.slice/rpcbind.service
└─13172 /usr/bin/rpcbind -w -f
12月 22 01:17:55 localhost.localdomain systemd[1]: Starting RPC Bind...
12月 22 01:17:55 localhost.localdomain systemd[1]: Started RPC Bind.
#rpcbind命令在哪
[root@localhost ~]# which rpcbind
/usr/sbin/rpcbind
#查看rpc
[root@localhost ~]# lsof -i :111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 102u IPv4 90837 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 103u IPv4 90838 0t0 UDP *:sunrpc
systemd 1 root 104u IPv6 90839 0t0 TCP *:sunrpc (LISTEN)
systemd 1 root 105u IPv6 90840 0t0 UDP *:sunrpc
rpcbind 13172 rpc 4u IPv4 90837 0t0 TCP *:sunrpc (LISTEN)
rpcbind 13172 rpc 5u IPv4 90838 0t0 UDP *:sunrpc
rpcbind 13172 rpc 6u IPv6 90839 0t0 TCP *:sunrpc (LISTEN)
rpcbind 13172 rpc 7u IPv6 90840 0t0 UDP *:sunrpc
查看nfs服务向rpc注册的端口信息
[root@localhost ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
设置rpcbind是否开机启动
[root@localhost ~]# systemctl enable rpcbind.service
3.启动NFS服务
centos7下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
#启动服务,查看状态
[root@localhost ~]# systemctl status nfs-server.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@localhost ~]# systemctl start nfs-server.service
[root@localhost ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Thu 2022-12-22 17:01:39 CST; 4s ago
Process: 14174 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
Process: 14162 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 14160 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 14174 (code=exited, status=0/SUCCESS)
12月 22 17:01:39 localhost.localdomain systemd[1]: Starting NFS server and services...
12月 22 17:01:39 localhost.localdomain systemd[1]: Started NFS server and services.
设置nfs开机启动
[root@localhost ~]# systemctl enable nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服务启动时会随机使用端口向RPC服务进行注册,共享存储开启了多个端口,除了111、2049端口是固定的,其他端口每次启动都会随机生成,所以要启用防火墙,就需要将所有的端口固定。
配置NFS端口
1.修改/etc/nfs.conf文件,将以下port的属性都打开,且改为固定值
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改这个文件后启动NFS(见下节)并执行:
[root@localhost ~]# systemctl restart rpcbind.service
[root@localhost ~]# systemctl restart nfs-server.service
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 46098 nlockmgr
100021 3 udp 46098 nlockmgr
100021 4 udp 46098 nlockmgr
100021 1 tcp 35393 nlockmgr
100021 3 tcp 35393 nlockmgr
100021 4 tcp 35393 nlockmgr
会发现nlockmgr这个服务的端口并不是上面修改的值(30002),这时候就要执行以下命令:
[root@localhost ~]# cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
[root@localhost ~]# sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
[root@localhost ~]# sysctl -p
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 59952 nlockmgr
100021 3 udp 59952 nlockmgr
100021 4 udp 59952 nlockmgr
100021 1 tcp 37209 nlockmgr
100021 3 tcp 37209 nlockmgr
100021 4 tcp 37209 nlockmgr
[root@localhost ~]# systemctl restart nfs-server.service
[root@localhost ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 49614 status
100024 1 tcp 34249 status
100005 1 udp 30003 mountd
100005 2 udp 30003 mountd
100005 3 udp 30003 mountd
100003 3 tcp 30006 nfs
100003 4 tcp 30006 nfs
100227 3 tcp 30006 nfs_acl
100021 1 udp 30002 nlockmgr
100021 3 udp 30002 nlockmgr
100021 4 udp 30002 nlockmgr
100021 1 tcp 30002 nlockmgr
100021 3 tcp 30002 nlockmgr
100021 4 tcp 30002 nlockmgr
- 注意这个端口值不要和上面/etc/nfs.conf文件的标签下的除 [lockd]下的其他port使用相同值,否则无法启动NFS
2.配置安全组规则
如果是阿里云或者其他带有安全组的云服务器,则需要配置一下安全组的规则,将NFS使用到的端口放行。
即上面设置的固定端口都需要放行,主要TCP和UDP需要分开放行。除了设置的几个固定端口,还需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
参考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行这些端口,会在客户端挂载时: 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 报错:mount.nfs: Connection timed out
放开以上指定的端口,tcp和udp都要放开。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新启动服务器,重启服务以上配置的端口不能生效,所以选择重启服务器。
[root@localhost ~]#reboot
4.挂载目录
查看可挂载目录
[root@localhost ~]# showmount -e 192.168.100.86
Export list for 192.168.100.86:
/data/test 192.168.100.91
新建本地目录
[root@localhost]# mkdir /data
挂载服务器目录到本机目录
[root@localhost ~]# mount -t nfs 192.168.100.86:/data/test /data
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
测试
在目录中新建文件,在各服务器上查看该目录内是否同步出现,编辑文件,测试各服务器是否可以同步写入信息。
[root@localhost ~]# echo "6666"> /data/1.txt
[root@localhost ~]# ll /data/
总用量 4
-rw-r--r--. 1 nobody nobody 5 12月 22 10:28 1.txt
[root@anolis8 ~]# cat /data/test/1.txt
6666
[root@anolis8 ~]# echo "7777" >> /data/test/1.txt
[root@anolis8 ~]# cat /data/test/1.txt
6666
7777
[root@localhost ~]# cat /data/1.txt
6666
7777
- 编辑/etc/fstab,开机自动挂载
[root@localhost ~]# vim /etc/fstab
# 在结尾添加如下一行
192.168.100.86:/data/test /data nfs defaults 0 0
[root@localhost ~]# umount /data
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
[root@localhost ~]# mount -a
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
tmpfs 374M 0 374M 0% /run/user/0
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
重启系统测试
[root@localhost ~]# reboot
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(anolist8-web) at 10:34:34.
Type `help' to learn how to use Xshell prompt.
[c:\~]$
Connecting to 192.168.100.91:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Wed Dec 21 18:04:42 2022 from 192.168.100.52
[root@localhost ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/ao-root 46G 2.0G 44G 5% /
/dev/sda1 976M 161M 749M 18% /boot
192.168.100.86:/data/test 46G 4.2G 41G 10% /data
tmpfs 374M 0 374M 0% /run/user/0
mount -a
其中-a参数的含义是:
-a, –all mount all filesystems mentioned in fstab
参考文献:https://blog.csdn.net/qq_46237915/article/details/121162542
1.NFS的客户端中:nfsstat -m
中的vers=4.0确定NFS版本是4。
2.NFS服务器中:nfsstat -s
中的Server nfs v4确定NFS版本的确是4