http://www.cnblogs.com/hackerer/p/5221556.html
挺不错的参考文档
NFS服务器搭建:
服务器IP: 10.135.152.241
yum install rpcbind nfs-utils
# cat /etc/exports
/nfs_data 10.104.71.154(rw,no_root_squash,no_all_squash,sync)
#/nfs_data 172.16.1.0/24(rw,sync,all_squash)
# mkdir /nfs_data
# chown -R nfsnobody.nfsnobody /nfs_data
说明: 该用户在安装nfs时就创建好了
# /etc/init.d/rpcbind start
# /etc/init.d/nfs start
# /etc/init.d/nfs status/reload/stop/restart
启动命令加到/etc/rc.local
/etc/init.d/rpcbind start
/etc/init.d/nfs start
启动nfs可能会遇到的问题:
# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
[FAILED]
Starting NFS mountd: [FAILED]
Starting NFS daemon: rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused)
rpc.nfsd: unable to set any sockets for nfsd
[FAILED]
原因:
RH系操作系统在6.0版本号之后没有portmap服务控制rpc的启动。因为NFS和nfslock的启动须要向rpc进行注冊,rpc不启动的话就会报错。
解决方法:启动rpcbind&rpcidmap rpcbind是6.0版本号后默认的RPC服务,所以要先于nfs启动。假设不启动rpcidmap则会造成用户权限的映射错误,用户的权限看起来是一串数字。
# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
# /etc/init.d/rpcidmapd start
Starting RPC idmapd: [ OK ]
# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
# cat /var/lib/nfs/etab
/data001/data/sites/imgdsp.100msh.com 10.104.71.154(rw,sync,wdelay,hide,nocrossnfs_data,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,no_root_squash,no_all_squash)
/data001/data/sites/imgdsp.100msh.com 10.104.35.202(rw,sync,wdelay,hide,nocrossnfs_data,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,no_root_squash,no_all_squash)
10.135.152.241是NFS服务器地址
# showmount -e 10.135.152.241 <==挂载前首先检查有权限需要挂载的信息
Export list for 10.135.152.241:
/data 10.135.152.241/24 <---可以看到共享/data目录
本机做挂载测试
# mount -t nfs 10.135.152.241:/data /mnt ##将/data共享目录挂载到本地的/mnt目录
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 7.1G 1.5G 5.3G 22% /
tmpfs 279M 0 279M 0% /dev/shm
/dev/sda1 190M 36M 145M 20% /boot
10.135.152.241:/data 7.1G 1.5G 5.3G 22% /mnt
挂载nfs
# yum -y install nfs-utils rpcbind
# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
mount -t nfs 10.135.152.241:/nfs_data /nfs_data
可能会遇到的问题:
mount: wrong fs type, bad option, bad superblock on 10.135.152.241:/data/img,
missing codepage or helper program, or other error
(for several filesystems (e.g. nfs, cifs) you might
need a /sbin/mount.<type> helper program)
In some cases useful info is found in syslog - try
dmesg | tail or so
原因:
[root@web data]# ll /sbin/mount*
查看/sbin/mount.<type>文件,果然发现没有/sbin/mount.nfs的文件,安装nfs-utils即可
解决:
yum install nfs-utils
挂载成功后测试共享目录的读,写
mount挂载性能优化参数选项
(1)禁止更新目录及文件时间戳挂载
mount -t nfs -o noatime,nodiratime 10.135.152.241:/data
(2)安全加优化的挂载方式
mount -t nfs -o nosuid,noexec,nodev,noatime,nodiratime,intr,rsize=131072,wsize=131072 10.135.152.241:/nfs_data /mnt
(3)默认的挂载方式
mount -t nfs 10.135.152.241:/nfs_data /mnt
NFS内核优化
编辑/etc/sysctl.conf
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# sysctl -p
其他问题:
【LINUX】在redhat6系统中 当NFS启动后 rpc.svcgssd 状态还是STOP
[root@mytest Packages]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.7 (Santiago)
[root@mytest Packages]# service rpcbind status
rpcbind (pid 4744) is running...
[root@mytest Packages]# service nfs status
rpc.svcgssd is stopped -- 问题所在
rpc.mountd (pid 5733) is running...
nfsd (pid 5749 5748 5747 5746 5745 5744 5743 5742) is running...
rpc.rquotad (pid 5728) is running...
描述:如果NFS 配置为Kerberos 自动共享模式,该服务才会有用或者启动
原文如下:
This is an expected behaviour. rpc.svcgssd and rpc.gssd daemons only needs to be enabled if NFS is configured to to export shares via Kerberos authentication
NFS 默认是不配置Kerberos 共享 的
NFS service by default is not configured to export shares via Kerberos
Kerberos协议:(此处解释转载自http://www.jb51.net/article/94875.htm)
Kerberos协议主要用于计算机网络的身份鉴别(Authentication), 其特点是用户只需输入一次身份验证信息就可以凭借此验证获得的票据(ticket-granting ticket)访问多个服务,即SSO(Single Sign On)。由于在每个Client和Service之间建立了共享密钥,使得该协议具有相当的安全性。
在client上运行:
showmount -e cloud.squirrel.org
clnt_create: RPC: Port mapper failure - Unable to receive: errno 111 (Connection refused)
showmount -e 192.168.205.129
Export list for 192.168.205.129:
/export *
mount -t nfs cloud.squirrel.org:/export/primary /primarymount
mount.nfs: Connection timed out
mount -t nfs 192.168.205.129:/export/primary /primarymount
mount.nfs: access denied by server while mounting 192.168.205.129:/export/primary
到server去tail -200 /var/log/messages:
refused mount request from 192.168.205.1 for /export/primary (/export): illegal port 1024
已经快接近成功了,google了一下,说是server上nfs要加上一个insecure:
gedit /etc/exports
在原来的那一行上修改如下:
/export *(rw,async,insecure,no_root_squash)
然后:
exportfs -rv
service nfs restart
在client上重新
mount -t nfs 192.168.205.129:/export/primary /primarymount
没有提示,应该成功了,可以确认:
mount |grep primary
OK!