以CentOS Linux release 7.9.2009 (Core)为基础部署环境
1)关闭防火墙和selinux 或者 配置iptable策略(二选一)
1.1)关闭防火墙和selinux# systemctl stop firewalld.service# systemctl disable firewalld.service# firewall-cmd --statenot running关闭selinux # setenforce 0# getenforcePermissive永久禁用# vi /etc/selinux/configSELINUX=disabled# reboot1.2) 如果不想关闭防火墙那么配置iptables放行策略。# iptables -I INPUT -s XX.XX.XX.XX -p tcp -m multiport --dport 111,2149,21048 -j ACCEPT;# iptables -I INPUT -s XX.XX.XX.XX -p udp -m multiport --dport 111,2149,21048 -j ACCEPT;然后添加到/etc/rc.d/rc.local文件中,使得nfs服务器重启后放行策略仍然能够生效# vi /etc/rc.d/rc.local....iptables -I INPUT -s XX.XX.XX.XX -p tcp -m multiport --dport 111,2149,21048 -j ACCEPT;iptables -I INPUT -s XX.XX.XX.XX -p udp -m multiport --dport 111,2149,21048 -j ACCEPT;...# chmod +x /etc/rc.d/rc.local另:删除对应的iptables策略命令iptables -D INPUT -s XX.XX.XX.XX -p tcp -m multiport --dport 111,2149,21048 -j ACCEPT;iptables -D INPUT -s XX.XX.XX.XX -p udp -m multiport --dport 111,2149,21048 -j ACCEPT;
2)安装nfs,(联网了直接yum装,没联网使用提供的rpm包安装)
2.1)rpm包安装,将提供的nfs.tar.gz上传到机器的某个目录,比如/home,然后cd /home目录,进行解压# tar zxvf nfs.tar.gz进入解压后的目录,如:cd /home/nfs,执行:# yum localinstall *.rpm -y2.2)yum 安装# yum -y install nfs-utils3)创建nfs共享目录,并将权限给到tomcat# useradd tomcat 首先创建一个名为tomcat用户,堡垒机已经有了就不需要创建了# id tomcat 获取tomcat的uid和gid,后面配置nfs的/etc/exports文件需要用到uid=995(tomcat) gid=993(tomcat) groups=993(tomcat)创建共享目录并给权限# mkdir -p /opt/nfs/yunanbao# chown -R tomcat:tomcat /opt/nfs/yunanbao 4)编辑/etc/exports文件# vi /etc/exports/opt/nfs/yunanbao XX.XX.XX.XX(rw,sync,all_squash,anonuid=995,anongid=993))anonuid和anongid分别为之前id tomcat输出的 uid 和 gid注意,这里如果堡垒机(客户端)是HA的话,把主节节点ip都配上,如:/opt/nfs/songchen XX.XX.XX.XX(rw,sync,all_squash,anonuid=995,anongid=993)) XX.XX.XX.XX(rw,sync,all_squash,anonuid=995,anongid=993))。也可以使用ip网段进行挂载配置,如:/opt/nfs/songchen XX.XX.XX.XX(rw,sync,all_squash,anonuid=995,anongid=993))5)若需要自定义nfsd端口和mountd端口,编辑/etc/sysconfig/nfs文件# vi /etc/sysconfig/nfsRPCNFSDARGS="-p 2149"..MOUNTD_PORT=210486)配置生效# exportfs -rvexporting XX.XX.XX.XX:/opt/nfs/yunanbao 7)查看生效# exportfs 8)启动rpcbind、nfs服务# systemctl restart rpcbind && systemctl enable rpcbind# systemctl restart nfs && systemctl enable nfs 9)查看 RPC 服务的注册状况,看到有portmapper和nfs,说明服务启动好了# rpcinfo -p localhost 10)在服务器或进行showmount测试。# showmount -e XX.XX.XX.XXExport list for XX.XX.XX.XX:/opt/nfs/songchen XX.XX.XX.XX #############################################################################如果可以,最好到后台手动尝试挂载NFS,看是否挂载成功:[root@localhost ~]# mount -t nfs XX.XX.XX.XX:/opt/nfs/songchen /opt/nfs/songchen[root@localhost ~]# touch /opt/nfs/songchen/nfs-test[root@localhost ~]# echo "hello world" >> /opt/nfs/songchen/nfs-test去nfs服务器看是否存在/opt/nfs/songchen/nfs-test及其中的内容[root@nfs-server ~]# cat /opt/nfs/songchen/nfs-test最后在堡垒机进行卸载[root@localhost ~]# umount /opt/nfs/songchen#############################################################################修改完配置文件,使用从新生效:exportfs -arv
