Is a file sharing protocol used to share file with multiple servers by doing an export from server. Clients can be restricted based on hostname, IP address..
Configuration file - /etc/exports
Port Number - By default NFS uses 2049 TCP port.
Default Protocol – TCP
File Syntax /etc/exports - <dir Path> <Permission details>
Export and Mount Options
1) Export options (To be used in server while exporting the folder)
Sample - /var *(rw,ro,sync,no_root_squash,all_squash)
1) Export options (To be used in server while exporting the folder)
Sample - /var *(rw,ro,sync,no_root_squash,all_squash)
a) ro: The directory is shared read only; the client
machine will not be able to write to it. This is the default.
b) rw: The client machine will have read and write access
to the directory.
c) root_squash: Any file request made by user
root on the client machine is treated as if it is made by user nobody on the
server. ( UID of user nobody is referred on server and not on client)
d) no_root_squash : If this option is used , then root on
the client machine will have the same level of access to the files on the
system as root on the server.
e) all_squash - Will be mounted with ananymous user id 65534
f) no_subtree_check : If only part of a volume is
exported, a routine called subtree checking verifies that a file that is
requested from the client is in the appropriate part of the volume. If the
entire volume is exported, disabling this check will speed up transfers.
g) sync : Replies to the NFS request only after all data
has been written to disk. This is much safer than async, and is the default in
all nfs-utils versions after 1.0.0.
h) async : Replies to requests before the data is written
to disk. This improves performance, but results in lost data if the server goes
down.
i) no_wdelay : NFS has an optimization algorithm that
delays disk writes if NFS deduces a likelihood of a related write request soon
arriving. This saves disk writes and can speed performance
j) wdelay : Negation of no_wdelay , this is default
h) nohide : Normally, if a server exports two filesystems one of which is mounted on the other, then the client will have to mount both filesystems explicitly to get access to them. If it just mounts the parent, it will see an empty directory at the place where the other filesystem is mounted. That filesystem is “hidden”. Setting the nohide option on a filesystem causes it not to be hidden, and an appropriately authorised client will be able to move from the parent to that filesystem without noticing the change.
i) hide : Negation of nohide This is the default
2) Mount Options ( To be used in client while mounting the exported directory )
Beyond mounting a file system via NFS on a remote host, a number of different options can be specified at the time of the mount that can make it easier to use. These options can be used with manual mount commands, /etc/fstab settings, and autofs.
The following are options commonly used for NFS mounts:
hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online if the host serving the exported file system is unavailable, or if it should report an error (soft).
If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified.
If soft, is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported.
intr — Allows NFS requests to be interrupted if the server goes down or cannot be reached.
nfsvers=2 or nfsvers=3 — Specifies which version of the NFS protocol to use.
nolock — Disables file locking. This setting is occasionally required when connecting to older NFS servers.
noexec — Prevents execution of binaries on mounted file systems. This is useful if the system is mounting a non-Linux file system via NFS containing incompatible binaries.
nosuid — Disables set-user-identifier or set-group-identifier bits. This prevents remote users from gaining higher privileges by running a setuid program.
rsize=8192 and wsize=8192 — These settings speed up NFS communication for reads (rsize) and writes (wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when changing these values; some older Linux kernels and network cards do not work well with larger block sizes.
tcp — Specifies for the NFS mount to use the TCP protocol instead of UDP.
mount 192.168.0.102:/data /mnt -o timeo=5,retrans=4
List of Commands
To Check the Shared directory from Client
showmount –e <Server IP>
exportfs – While executed in server. Lists all the
exported directories in the Server.
Running NFS Behind a Firewall
NFS requires rpcbind, which dynamically assigns ports
for RPC services and can cause problems for configuring firewall rules. To
allow clients to access NFS shares behind a firewall, edit the
/etc/sysconfig/nfs configuration file to control which ports the required RPC
services run on.
The /etc/sysconfig/nfs may not exist by default on all
systems. If it does not exist, create it and add the following variables,
replacing port with an unused port number (alternatively, if the file exists,
un-comment and change the default entries as required):
MOUNTD_PORT=port
Controls which TCP and UDP port mountd (rpc.mountd)
uses.
STATD_PORT=port
Controls which TCP and UDP port status (rpc.statd)
uses.
LOCKD_TCPPORT=port
Controls which TCP port nlockmgr (lockd) uses.
LOCKD_UDPPORT=port
Controls which UDP port nlockmgr (lockd) uses.
If NFS fails to start, check /var/log/messages.
Normally, NFS will fail to start if you specify a port number that is already
in use. After editing /etc/sysconfig/nfs, restart the NFS service using service
nfs restart. Run the rpcinfo -p command to confirm the changes.
To configure a firewall to allow NFS, perform the following
steps:
Configure a firewall to allow NFS
Allow TCP and UDP port 2049 for NFS.
Allow TCP and UDP port 111 (rpcbind/sunrpc).
Allow the TCP and UDP port specified with
MOUNTD_PORT="port"
Allow the TCP and UDP port specified with
STATD_PORT="port"
Allow the TCP port specified with
LOCKD_TCPPORT="port"
Allow the UDP port specified with
LOCKD_UDPPORT="port"
Note
To allow NFSv4.0 callbacks to pass through firewalls
set /proc/sys/fs/nfs/nfs_callback_tcpport and allow the server to connect to
that port on the client.
‘/etc/sysconfig/nfs‘ is the file through which we can fix ports for RQUOTAD_PORT, MOUNTD_PORT, LOCKD_TCPPORT, LOCKD_UDPPORT and STATD_PORT
What is the difference between Hard mount & Soft
mount in nfs ?
Soft Mount : Consider we have mounted a NFS share
using ‘soft mount’ . When a program or application requests a file from the NFS
filesystem, NFS client daemons will try to retrieve the data from the NFS
server. But, if it doesn’t get any response from the NFS server (due to any
crash or failure of NFS server), the NFS client will report an error to the
process on the client machine requesting the file access. The advantage of this
mechanism is “fast responsiveness” as it doesn’t wait for the NFS server to
respond. But, the main disadvantage of this method is data corruption or loss
of data. So, this is not a recommended option to use.
Hard Mount : Suppose we have mounted the NFS share using hard mount, it will repeatedly retry to contact the server. Once the server is back online the program will continue to execute undisturbed from the state where it was during server crash. We can use the mount option “intr” which allows NFS requests to be interrupted if the server goes down or cannot be reached. Hence the recommended settings are hard and intr options.
How to check iostat of nfs mount points ?
Ans: Using command ‘nfsiostat‘ we can list iostat of
nfs mount points. Use the below command :
# nfsiostat <interval> <count> <mount_point>
<interval> : specifies the amount of time in
seconds between each report. The first report contains statistics for the time
since each file system was mounted. Each subsequent report contains statistics
collected during the interval since the previ-ous report.
<count> : If the <count> parameter is
specified, the value of <count> determines the number of reports
generated at seconds apart. if the interval parameter is specified without the
<count> parameter, the command generates reports continuously.
<mount_point> : If one or more <mount
point> names are specified, statistics for only these mount points will be
displayed. Otherwise, all NFS mount points on the client are listed.
How to reexport all the directories of ‘/etc/exports’ file ?
Using the command ‘ exportfs -r ‘ , we can
reexport or refresh entries of ‘/etc/exports’ file without restarting nfs
service
To check Version
To check Version
The nfsstat -c program will
show you the NFS version actually being used.
If you run rpcinfo -p
{server} you will see all the versions of all the RPC programs that the server
supports. On my system I get this output:
$ rpcinfo -p localhost
program vers proto port
100000
2 tcp 111
portmapper
100000
2 udp 111
portmapper
100003
2 tcp 2049
nfs
100003
3 tcp 2049
nfs
100003
4 tcp 2049
nfs
100003
2 udp 2049
nfs
100003
3 udp 2049
nfs
100003
4 udp 2049
nfs ...
No comments:
Post a Comment