配置NFS共享存储并固定端口
服务端服务器配置
环境准备:
关闭防火墙及selinux
# 防火墙
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已经关闭,需要重启系统才能永久生效
1.安装服务端 ip:192.168.100.86
[root@anolis8 ~]# rpm -qa nfs-utils rpcbind           #查看是否安装
[root@anolis8 ~]# yum install -y nfs-utils rpcbind
Repository epel is listed more than once in the configuration
上次元数据过期检查:0:36:34 前,执行于 2022年12月20日 星期二 15时58分09秒。
依赖关系解决。
============================================================================================================================================================================
 软件包                                        架构                               版本                                             仓库                                大小
============================================================================================================================================================================
安装:
 nfs-utils                                     x86_64                             1:2.3.3-51.0.1.an8                               BaseOS                             503 k
 rpcbind                                       x86_64                             1.2.5-8.an8                                      BaseOS                              69 k
安装依赖关系:
 gssproxy                                      x86_64                             0.8.0-20.an8                                     BaseOS                             118 k
 keyutils                                      x86_64                             1.5.10-9.an8                                     BaseOS                              65 k
 libverto-libevent                             x86_64                             0.3.0-5.el8                                      BaseOS                              15 k
 python3-pyyaml                                x86_64                             3.12-12.el8                                      BaseOS                             192 k
 quota                                         x86_64                             1:4.04-14.an8                                    BaseOS                             213 k
 quota-nls                                     noarch                             1:4.04-14.an8                                    BaseOS                              94 k
事务概要
============================================================================================================================================================================
安装  8 软件包
总下载:1.2 M
安装大小:3.8 M
下载软件包:
(1/8): libverto-libevent-0.3.0-5.el8.x86_64.rpm                                                                                              90 kB/s |  15 kB     00:00    
(2/8): gssproxy-0.8.0-20.an8.x86_64.rpm                                                                                                     491 kB/s | 118 kB     00:00    
(3/8): nfs-utils-2.3.3-51.0.1.an8.x86_64.rpm                                                                                                2.1 MB/s | 503 kB     00:00    
(4/8): python3-pyyaml-3.12-12.el8.x86_64.rpm                                                                                                1.2 MB/s | 192 kB     00:00    
(5/8): keyutils-1.5.10-9.an8.x86_64.rpm                                                                                                     160 kB/s |  65 kB     00:00    
(6/8): rpcbind-1.2.5-8.an8.x86_64.rpm                                                                                                       701 kB/s |  69 kB     00:00    
(7/8): quota-4.04-14.an8.x86_64.rpm                                                                                                         1.0 MB/s | 213 kB     00:00    
(8/8): quota-nls-4.04-14.an8.noarch.rpm                                                                                                     268 kB/s |  94 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计                                                                                                                                        1.6 MB/s | 1.2 MB     00:00     
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
  准备中  :                                                                                                                                                             1/1 
  运行脚本: rpcbind-1.2.5-8.an8.x86_64                                                                                                                                  1/8 
  安装    : rpcbind-1.2.5-8.an8.x86_64                                                                                                                                  1/8 
  运行脚本: rpcbind-1.2.5-8.an8.x86_64                                                                                                                                  1/8 
  安装    : quota-nls-1:4.04-14.an8.noarch                                                                                                                              2/8 
  安装    : quota-1:4.04-14.an8.x86_64                                                                                                                                  3/8 
  安装    : python3-pyyaml-3.12-12.el8.x86_64                                                                                                                           4/8 
  安装    : libverto-libevent-0.3.0-5.el8.x86_64                                                                                                                        5/8 
  安装    : gssproxy-0.8.0-20.an8.x86_64                                                                                                                                6/8 
  运行脚本: gssproxy-0.8.0-20.an8.x86_64                                                                                                                                6/8 
  安装    : keyutils-1.5.10-9.an8.x86_64                                                                                                                                7/8 
  运行脚本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64                                                                                                                         8/8 
  安装    : nfs-utils-1:2.3.3-51.0.1.an8.x86_64                                                                                                                         8/8 
  运行脚本: nfs-utils-1:2.3.3-51.0.1.an8.x86_64                                                                                                                         8/8 
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
  验证    : gssproxy-0.8.0-20.an8.x86_64                                                                                                                                1/8 
  验证    : keyutils-1.5.10-9.an8.x86_64                                                                                                                                2/8 
  验证    : libverto-libevent-0.3.0-5.el8.x86_64                                                                                                                        3/8 
  验证    : nfs-utils-1:2.3.3-51.0.1.an8.x86_64                                                                                                                         4/8 
  验证    : python3-pyyaml-3.12-12.el8.x86_64                                                                                                                           5/8 
  验证    : quota-1:4.04-14.an8.x86_64                                                                                                                                  6/8 
  验证    : quota-nls-1:4.04-14.an8.noarch                                                                                                                              7/8 
  验证    : rpcbind-1.2.5-8.an8.x86_64                                                                                                                                  8/8 
已安装:
  gssproxy-0.8.0-20.an8.x86_64 keyutils-1.5.10-9.an8.x86_64   libverto-libevent-0.3.0-5.el8.x86_64 nfs-utils-1:2.3.3-51.0.1.an8.x86_64 python3-pyyaml-3.12-12.el8.x86_64
  quota-1:4.04-14.an8.x86_64   quota-nls-1:4.04-14.an8.noarch rpcbind-1.2.5-8.an8.x86_64          
完毕!
- 无论客户端,服务端,需要使用NFS,必须安装RPC服务。NFS的RPC服务,在Centos5下名为portmap,Centos6下名称为rpcbind。Centos7下名称为rpcbind。anolis8下名称为rpcbind.service。
2。启动rpcbind服务
- 查看服务状态
[root@anolis8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:rpcbind(8)
- 如果不知道rpcbind命令在哪
[root@anolis8 ~]# which rpcbind
/usr/bin/rpcbind
- 启动rpc服务
[root@anolis8 ~]# systemctl restart rpcbind.service
[root@anolis8 ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-12-21 10:20:40 CST; 5s ago
     Docs: man:rpcbind(8)
 Main PID: 20777 (rpcbind)
    Tasks: 1 (limit: 24888)
   Memory: 1.5M
   CGroup: /system.slice/rpcbind.service
           └─20777 /usr/bin/rpcbind -w -f
12月 21 10:20:40 anolis8 systemd[1]: Starting RPC Bind...
12月 21 10:20:40 anolis8 systemd[1]: Started RPC Bind.
- 查看rpc
[root@anolis8 ~]# lsof -i :111
-bash: lsof: 未找到命令
[root@anolis8 ~]# yum install lsof
Repository epel is listed more than once in the configuration
上次元数据过期检查:4:13:35 前,执行于 2022年12月21日 星期三 06时12分30秒。
依赖关系解决。
============================================================================================================================================================================
 软件包                               架构                                   版本                                              仓库                                    大小
============================================================================================================================================================================
安装:
 lsof                                 x86_64                                 4.93.2-1.0.1.an8                                  BaseOS                                 131 k
事务概要
============================================================================================================================================================================
安装  1 软件包
总下载:131 k
安装大小:212 k
确定吗?[y/N]: y
下载软件包:
lsof-4.93.2-1.0.1.an8.x86_64.rpm                                                                                                            646 kB/s | 131 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计                                                                                                                                        630 kB/s | 131 kB     00:00     
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
  准备中  :                                                                                                                                                             1/1 
  安装    : lsof-4.93.2-1.0.1.an8.x86_64                                                                                                                                1/1 
  运行脚本: lsof-4.93.2-1.0.1.an8.x86_64                                                                                                                                1/1 
/sbin/ldconfig: /etc/ld.so.conf.d/kernel-ml-6.0.0-1.el8.elrepo.x86_64.conf:6: hwcap directive ignored
  验证    : lsof-4.93.2-1.0.1.an8.x86_64                                                                                                                                1/1 
已安装:
  lsof-4.93.2-1.0.1.an8.x86_64                                                                                                                                              
完毕!
[root@anolis8 ~]# lsof -i :111
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd     1 root   58u  IPv4  35868      0t0  TCP *:sunrpc (LISTEN)
systemd     1 root   59u  IPv4  35869      0t0  UDP *:sunrpc 
systemd     1 root   61u  IPv6  35870      0t0  TCP *:sunrpc (LISTEN)
systemd     1 root   63u  IPv6  35871      0t0  UDP *:sunrpc 
rpcbind 20777  rpc    4u  IPv4  35868      0t0  TCP *:sunrpc (LISTEN)
rpcbind 20777  rpc    5u  IPv4  35869      0t0  UDP *:sunrpc 
rpcbind 20777  rpc    6u  IPv6  35870      0t0  TCP *:sunrpc (LISTEN)
rpcbind 20777  rpc    7u  IPv6  35871      0t0  UDP *:sunrpc 
[root@anolis8 ~]# netstat -lntup|grep rpcbind
[root@anolis8 ~]# 
- 查看nfs服务向rpc注册的端口信息
[root@anolis8 ~]# rpcinfo -p localhost
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
- 设置rpcbind是否开机启动
[root@anolis8 ~]# systemctl enable rpcbind.service
3.启动NFS服务
centos7下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
#启动服务,查看状态
[root@anolis8 ~]# systemctl start nfs-server.service 
[root@anolis8 ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
   Active: active (exited) since Wed 2022-12-21 14:11:13 CST; 8s ago
  Process: 21698 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
  Process: 21685 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 21683 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 21698 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 24888)
   Memory: 0B
   CGroup: /system.slice/nfs-server.service
12月 21 14:11:13 anolis8 systemd[1]: Starting NFS server and services...
12月 21 14:11:13 anolis8 systemd[1]: Started NFS server and services.
设置nfs开机启动
[root@anolis8 ~]# systemctl enable nfs-server.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服务启动时会随机使用端口向RPC服务进行注册,共享存储开启了多个端口,除了111、2049端口是固定的,其他端口每次启动都会随机生成,所以要启用防火墙,就需要将所有的端口固定。
配置NFS端口
1.修改/etc/nfs.conf文件,将以下port的属性都打开,且改为固定值
[root@localhost ~]# vim /etc/nfs.conf
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改这个文件后启动NFS(见下节)并执行:
[root@anolis8 ~]# systemctl restart rpcbind.service 
[root@anolis8 ~]# systemctl restart nfs-server.service 
[root@anolis8 ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  47506  status
    100024    1   tcp  38351  status
    100005    1   udp  30003  mountd
    100005    1   tcp  30003  mountd
    100005    2   udp  30003  mountd
    100005    2   tcp  30003  mountd
    100005    3   udp  30003  mountd
    100005    3   tcp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  59718  nlockmgr
    100021    3   udp  59718  nlockmgr
    100021    4   udp  59718  nlockmgr
    100021    1   tcp  35823  nlockmgr
    100021    3   tcp  35823  nlockmgr
    100021    4   tcp  35823  nlockmgr
会发现nlockmgr这个服务的端口并不是上面修改的值(30002),这时候就要执行以下命令:
cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf # 设置nlockmgr服务端口为30002
[root@anolis8 ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#socket的监听队列的长度
net.core.somaxconn= 2048
#允许分配所有无理内存
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
 # 刷新配置
[root@anolis8 ~]# sysctl -p
net.core.somaxconn = 2048
vm.overcommit_memory = 1
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@anolis8 ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  47506  status
    100024    1   tcp  38351  status
    100005    1   udp  30003  mountd
    100005    1   tcp  30003  mountd
    100005    2   udp  30003  mountd
    100005    2   tcp  30003  mountd
    100005    3   udp  30003  mountd
    100005    3   tcp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  59718  nlockmgr
    100021    3   udp  59718  nlockmgr
    100021    4   udp  59718  nlockmgr
    100021    1   tcp  35823  nlockmgr
    100021    3   tcp  35823  nlockmgr
    100021    4   tcp  35823  nlockmgr
[root@anolis8 ~]# systemctl restart nfs-server.service 
[root@anolis8 ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  47506  status
    100024    1   tcp  38351  status
    100005    1   udp  30003  mountd
    100005    1   tcp  30003  mountd
    100005    2   udp  30003  mountd
    100005    2   tcp  30003  mountd
    100005    3   udp  30003  mountd
    100005    3   tcp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  30002  nlockmgr
    100021    3   udp  30002  nlockmgr
    100021    4   udp  30002  nlockmgr
    100021    1   tcp  30002  nlockmgr
    100021    3   tcp  30002  nlockmgr
    100021    4   tcp  30002  nlockmgr
- 注意这个端口值不要和上面/etc/nfs.conf文件的标签下的除 [lockd]下的其他port使用相同值,否则无法启动NFS
2.配置安全组规则
如果是阿里云或者其他带有安全组的云服务器,则需要配置一下安全组的规则,将NFS使用到的端口放行。
即上面设置的固定端口都需要放行,主要TCP和UDP需要分开放行。除了设置的几个固定端口,还需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
参考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行这些端口,会在客户端挂载时: 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 报错:mount.nfs: Connection timed out
放开以上指定的端口,tcp和udp都要放开。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新启动服务器,重启服务以上配置的端口不能生效,所以选择重启服务器。
 [root@localhost ~]#reboot
4.NFS服务端配置
修改exports文件
[root@anolis8 ~]# vim /etc/exports
添加如下内容
/data/test 192.168.100.91(rw,sync,all_squash)
/data 10.0.20.10(rw,sync,all_squash) 10.0.20.11(rw,sync,all_squash) 10.0.20.13(rw,sync,all_squash) 10.0.20.14(rw,sync,all_squash) 10.0.20.15(rw,sync,all_squash) 10.0.20.18(rw,sync,all_squash) 10.0.20.19(rw,sync,all_squash)
内容格式说明:
NFS共享的目录 NFS客户端地址1(参数1,参数2,...) 客户端地址2(参数1,参数2,...)
ro:目录只读
rw:目录读写
sync:将数据同步写入内存缓冲区与磁盘中,效率低,但可以保证数据的一致性
async:将数据先保存在内存缓冲区中,必要时才写入磁盘
all_squash:将远程访问的所有普通用户及所属组都映射为匿名用户或用户组(nobody)
no_all_squash:与all_squash取反(默认设置)
root_squash:将root用户及所属组都映射为匿名用户或用户组(默认设置)
no_root_squash:如果你想要开放客户端使用 root 身份来操作服务器的文件系统,那么这里就得要开 no_root_squash才行
anonuid=xxx:将远程访问的所有用户都映射为匿名用户,并指定该用户为本地用户(UID=xxx)
anongid=xxx:将远程访问的所有用户组都映射为匿名用户组账户
创建共享目录
[root@anolis8 ~]# mkdir -p /data/test
[root@anolis8 ~]#  chown nobody.nobody  /data/test  #为目录授权
重新加载NFS配置(exports文件)
[root@anolis8 ~]# exportfs -rv
exporting 192.168.100.91:/data/test
客户端服务器配置
192.168.100.91
环境准备:
关闭防火墙及selinux
# 防火墙
systemctl disable firewalld
systemctl stop firewalld
#selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
##信息:selinux已经关闭,需要重启系统才能永久生效
- 
安装NFS
[root@localhost ~]# rpm -qa nfs-utils rpcbind             #查看是否安装
[root@localhost ~]# yum install -y nfs-utils rpcbind     # 安装nfs,rpcbind
#启动rpcbind.service
[root@localhost ~]# systemctl start rpcbind.service
[root@localhost ~]# systemctl status rpcbind.service -l
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-12-22 01:17:55 CST; 3s ago
     Docs: man:rpcbind(8)
 Main PID: 13172 (rpcbind)
    Tasks: 1 (limit: 23664)
   Memory: 1.5M
   CGroup: /system.slice/rpcbind.service
           └─13172 /usr/bin/rpcbind -w -f
12月 22 01:17:55 localhost.localdomain systemd[1]: Starting RPC Bind...
12月 22 01:17:55 localhost.localdomain systemd[1]: Started RPC Bind.
#rpcbind命令在哪
[root@localhost ~]# which rpcbind
/usr/sbin/rpcbind
#查看rpc
[root@localhost ~]# lsof -i :111
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd     1 root  102u  IPv4  90837      0t0  TCP *:sunrpc (LISTEN)
systemd     1 root  103u  IPv4  90838      0t0  UDP *:sunrpc 
systemd     1 root  104u  IPv6  90839      0t0  TCP *:sunrpc (LISTEN)
systemd     1 root  105u  IPv6  90840      0t0  UDP *:sunrpc 
rpcbind 13172  rpc    4u  IPv4  90837      0t0  TCP *:sunrpc (LISTEN)
rpcbind 13172  rpc    5u  IPv4  90838      0t0  UDP *:sunrpc 
rpcbind 13172  rpc    6u  IPv6  90839      0t0  TCP *:sunrpc (LISTEN)
rpcbind 13172  rpc    7u  IPv6  90840      0t0  UDP *:sunrpc
查看nfs服务向rpc注册的端口信息
[root@localhost ~]# rpcinfo -p localhost
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
设置rpcbind是否开机启动
    [root@localhost ~]# systemctl enable rpcbind.service
3.启动NFS服务
centos7下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
anolis8下nfs服务名称是/usr/lib/systemd/system/nfs-server.service
#启动服务,查看状态
[root@localhost ~]# systemctl status nfs-server.service
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@localhost ~]# systemctl start nfs-server.service
[root@localhost ~]# systemctl status nfs-server.service -l
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
   Active: active (exited) since Thu 2022-12-22 17:01:39 CST; 4s ago
  Process: 14174 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
  Process: 14162 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 14160 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 14174 (code=exited, status=0/SUCCESS)
12月 22 17:01:39 localhost.localdomain systemd[1]: Starting NFS server and services...
12月 22 17:01:39 localhost.localdomain systemd[1]: Started NFS server and services.
设置nfs开机启动
[root@localhost ~]# systemctl enable nfs-server.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
配置固定端口
NFS服务启动时会随机使用端口向RPC服务进行注册,共享存储开启了多个端口,除了111、2049端口是固定的,其他端口每次启动都会随机生成,所以要启用防火墙,就需要将所有的端口固定。
配置NFS端口
1.修改/etc/nfs.conf文件,将以下port的属性都打开,且改为固定值
... ...
[lockd]
port=30002
udp-port=30002
#
[mountd]
# debug=0
# manage-gids=n
# descriptors=0
port=30003
# threads=1
# reverse-lookup=n
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
# debug=0
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
# debug=0
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
# debug=0
# threads=8
# host=
port=30006
# grace-time=90
# lease-time=90
# tcp=y
# vers2=n
# vers3=y
# vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
# rdma=n
# rdma-port=20049
#
[statd]
# debug=0
port=30004
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
... ...
修改这个文件后启动NFS(见下节)并执行:
[root@localhost ~]# systemctl restart rpcbind.service 
[root@localhost ~]# systemctl restart nfs-server.service 
[root@localhost ~]# rpcinfo -p
 program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  49614  status
    100024    1   tcp  34249  status
    100005    1   udp  30003  mountd
    100005    2   udp  30003  mountd
    100005    3   udp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  46098  nlockmgr
    100021    3   udp  46098  nlockmgr
    100021    4   udp  46098  nlockmgr
    100021    1   tcp  35393  nlockmgr
    100021    3   tcp  35393  nlockmgr
    100021    4   tcp  35393  nlockmgr
会发现nlockmgr这个服务的端口并不是上面修改的值(30002),这时候就要执行以下命令:
[root@localhost ~]# cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
[root@localhost ~]# sed -i '$a fs.nfs.nlm_tcpport=30002\nfs.nfs.nlm_udpport=30002' /etc/sysctl.conf
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.nfs.nlm_tcpport=30002
fs.nfs.nlm_udpport=30002
[root@localhost ~]# sysctl -p
fs.nfs.nlm_tcpport = 30002
fs.nfs.nlm_udpport = 30002
[root@localhost ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  49614  status
    100024    1   tcp  34249  status
    100005    1   udp  30003  mountd
    100005    2   udp  30003  mountd
    100005    3   udp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  59952  nlockmgr
    100021    3   udp  59952  nlockmgr
    100021    4   udp  59952  nlockmgr
    100021    1   tcp  37209  nlockmgr
    100021    3   tcp  37209  nlockmgr
    100021    4   tcp  37209  nlockmgr
[root@localhost ~]# systemctl restart nfs-server.service
[root@localhost ~]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  49614  status
    100024    1   tcp  34249  status
    100005    1   udp  30003  mountd
    100005    2   udp  30003  mountd
    100005    3   udp  30003  mountd
    100003    3   tcp  30006  nfs
    100003    4   tcp  30006  nfs
    100227    3   tcp  30006  nfs_acl
    100021    1   udp  30002  nlockmgr
    100021    3   udp  30002  nlockmgr
    100021    4   udp  30002  nlockmgr
    100021    1   tcp  30002  nlockmgr
    100021    3   tcp  30002  nlockmgr
    100021    4   tcp  30002  nlockmgr
- 注意这个端口值不要和上面/etc/nfs.conf文件的标签下的除 [lockd]下的其他port使用相同值,否则无法启动NFS
2.配置安全组规则
如果是阿里云或者其他带有安全组的云服务器,则需要配置一下安全组的规则,将NFS使用到的端口放行。
即上面设置的固定端口都需要放行,主要TCP和UDP需要分开放行。除了设置的几个固定端口,还需要放行以下端口:
udp 111
tcp 111
udp 4046
tcp 2049
参考:https://blog.csdn.net/fhqsse220/article/details/45668057?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_aggregation-1-45668057.pc_agg_rank_aggregation&utm_term=nfs%E6%8C%82%E8%BD%BD%E9%9C%80%E8%A6%81%E5%BC%80%E9%80%9A%E7%9A%84%E7%AB%AF%E5%8F%A3&spm=1000.2123.3001.4430
如果不放行这些端口,会在客户端挂载时: 使用 mount 10.12.13.11:/vol/lft_jjmk /mnt 报错:mount.nfs: Connection timed out
放开以上指定的端口,tcp和udp都要放开。
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/tcp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=111/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=2049/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30002/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30003/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30004/udp --permanent
[root@localhost ~]#firewall-cmd --zone=public --add-port=30006/udp --permanent
3.重新启动服务器,重启服务以上配置的端口不能生效,所以选择重启服务器。
 [root@localhost ~]#reboot
4.挂载目录
查看可挂载目录
[root@localhost ~]# showmount -e 192.168.100.86
Export list for 192.168.100.86:
/data/test 192.168.100.91
新建本地目录
[root@localhost]# mkdir /data
挂载服务器目录到本机目录
[root@localhost ~]# mount -t nfs 192.168.100.86:/data/test  /data
[root@localhost ~]# df -h
文件系统                   容量  已用  可用 已用% 挂载点
devtmpfs                   1.9G     0  1.9G    0% /dev
tmpfs                      1.9G     0  1.9G    0% /dev/shm
tmpfs                      1.9G  8.7M  1.9G    1% /run
tmpfs                      1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/ao-root         46G  2.0G   44G    5% /
/dev/sda1                  976M  161M  749M   18% /boot
tmpfs                      374M     0  374M    0% /run/user/0
192.168.100.86:/data/test   46G  4.2G   41G   10% /data
测试
在目录中新建文件,在各服务器上查看该目录内是否同步出现,编辑文件,测试各服务器是否可以同步写入信息。
[root@localhost ~]# echo "6666"> /data/1.txt
[root@localhost ~]# ll /data/
总用量 4
-rw-r--r--. 1 nobody nobody 5 12月 22 10:28 1.txt
[root@anolis8 ~]# cat /data/test/1.txt 
6666
[root@anolis8 ~]# echo "7777" >> /data/test/1.txt 
[root@anolis8 ~]# cat /data/test/1.txt 
6666
7777
[root@localhost ~]# cat /data/1.txt 
6666
7777
- 编辑/etc/fstab,开机自动挂载
[root@localhost ~]# vim /etc/fstab
# 在结尾添加如下一行
192.168.100.86:/data/test   /data  nfs    defaults    0 0 
[root@localhost ~]# umount /data
[root@localhost ~]# df -h
文件系统             容量  已用  可用 已用% 挂载点
devtmpfs             1.9G     0  1.9G    0% /dev
tmpfs                1.9G     0  1.9G    0% /dev/shm
tmpfs                1.9G  8.7M  1.9G    1% /run
tmpfs                1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/ao-root   46G  2.0G   44G    5% /
/dev/sda1            976M  161M  749M   18% /boot
tmpfs                374M     0  374M    0% /run/user/0
[root@localhost ~]# mount -a
[root@localhost ~]# df -h
文件系统                   容量  已用  可用 已用% 挂载点
devtmpfs                   1.9G     0  1.9G    0% /dev
tmpfs                      1.9G     0  1.9G    0% /dev/shm
tmpfs                      1.9G  8.7M  1.9G    1% /run
tmpfs                      1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/ao-root         46G  2.0G   44G    5% /
/dev/sda1                  976M  161M  749M   18% /boot
tmpfs                      374M     0  374M    0% /run/user/0
192.168.100.86:/data/test   46G  4.2G   41G   10% /data
重启系统测试
[root@localhost ~]# reboot
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(anolist8-web) at 10:34:34.
Type `help' to learn how to use Xshell prompt.
[c:\~]$ 
Connecting to 192.168.100.91:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Wed Dec 21 18:04:42 2022 from 192.168.100.52
[root@localhost ~]# df -h
文件系统                   容量  已用  可用 已用% 挂载点
devtmpfs                   1.9G     0  1.9G    0% /dev
tmpfs                      1.9G     0  1.9G    0% /dev/shm
tmpfs                      1.9G  8.7M  1.9G    1% /run
tmpfs                      1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/ao-root         46G  2.0G   44G    5% /
/dev/sda1                  976M  161M  749M   18% /boot
192.168.100.86:/data/test   46G  4.2G   41G   10% /data
tmpfs                      374M     0  374M    0% /run/user/0
mount -a    
其中-a参数的含义是:
-a, –all mount all filesystems mentioned in fstab
参考文献:https://blog.csdn.net/qq_46237915/article/details/121162542
1.NFS的客户端中:nfsstat -m
中的vers=4.0确定NFS版本是4。
2.NFS服务器中:nfsstat -s
中的Server nfs v4确定NFS版本的确是4