Ubuntu 1804 搭建NFS服务器
1、安装nfs-server 必须包
ywll@ywll-len:~$ sudo apt-get install nfs-server -y
[sudo] password for ywll:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'nfs-kernel-server' instead of 'nfs-server'
The following additional packages will be installed:
keyutils libnfsidmap2 libtirpc1 nfs-common rpcbind
Suggested packages:
open-iscsi watchdog
The following NEW packages will be installed:
keyutils libnfsidmap2 libtirpc1 nfs-common nfs-kernel-server rpcbind
0 upgraded, 6 newly installed, 0 to remove and 621 not upgraded.
Need to get 491 kB of archives.
After this operation, 1,703 kB of additional disk space will be used.
Get:1 http://mirrors.aliyun.com/ubuntu bionic/main amd64 keyutils amd64 1.5.9-9.2ubuntu2 [47.9 kB]
Get:2 http://mirrors.aliyun.com/ubuntu bionic/main amd64 libnfsidmap2 amd64 0.25-5.1 [27.2 kB]
Get:3 http://mirrors.aliyun.com/ubuntu bionic-security/main amd64 libtirpc1 amd64 0.2.5-1.2ubuntu0.1 [75.7 kB]
Get:4 http://mirrors.aliyun.com/ubuntu bionic/main amd64 rpcbind amd64 0.2.3-0.6 [40.6 kB]
Get:5 http://mirrors.aliyun.com/ubuntu bionic-security/main amd64 nfs-common amd64 1:1.3.4-2.1ubuntu5.3 [206 kB]
Get:6 http://mirrors.aliyun.com/ubuntu bionic-security/main amd64 nfs-kernel-server amd64 1:1.3.4-2.1ubuntu5.3 [93.8 kB]
Fetched 491 kB in 0s (2,296 kB/s)
Selecting previously unselected package keyutils.
(Reading database ... 130381 files and directories currently installed.)
Preparing to unpack .../0-keyutils_1.5.9-9.2ubuntu2_amd64.deb ...
Unpacking keyutils (1.5.9-9.2ubuntu2) ...
Selecting previously unselected package libnfsidmap2:amd64.
Preparing to unpack .../1-libnfsidmap2_0.25-5.1_amd64.deb ...
Unpacking libnfsidmap2:amd64 (0.25-5.1) ...
Selecting previously unselected package libtirpc1:amd64.
Preparing to unpack .../2-libtirpc1_0.2.5-1.2ubuntu0.1_amd64.deb ...
Unpacking libtirpc1:amd64 (0.2.5-1.2ubuntu0.1) ...
Selecting previously unselected package rpcbind.
Preparing to unpack .../3-rpcbind_0.2.3-0.6_amd64.deb ...
Unpacking rpcbind (0.2.3-0.6) ...
Selecting previously unselected package nfs-common.
Preparing to unpack .../4-nfs-common_1%3a1.3.4-2.1ubuntu5.3_amd64.deb ...
Unpacking nfs-common (1:1.3.4-2.1ubuntu5.3) ...
Selecting previously unselected package nfs-kernel-server.
Preparing to unpack .../5-nfs-kernel-server_1%3a1.3.4-2.1ubuntu5.3_amd64.deb ...
Unpacking nfs-kernel-server (1:1.3.4-2.1ubuntu5.3) ...
Setting up libnfsidmap2:amd64 (0.25-5.1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up keyutils (1.5.9-9.2ubuntu2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up libtirpc1:amd64 (0.2.5-1.2ubuntu0.1) ...
Processing triggers for systemd (237-3ubuntu10.3) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up rpcbind (0.2.3-0.6) ...
Created symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service → /lib/systemd/system/rpcbind.service.
Created symlink /etc/systemd/system/sockets.target.wants/rpcbind.socket → /lib/systemd/system/rpcbind.socket.
Setting up nfs-common (1:1.3.4-2.1ubuntu5.3) ...
Creating config file /etc/idmapd.conf with new version
Adding system user `statd' (UID 123) ...
Adding new user `statd' (UID 123) with group `nogroup' ...
Not creating home directory `/var/lib/nfs'.
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target.
Created symlink /etc/systemd/system/remote-fs.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target.
nfs-utils.service is a disabled or a static unit, not starting it.
Setting up nfs-kernel-server (1:1.3.4-2.1ubuntu5.3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /lib/systemd/system/nfs-server.service.
Job for nfs-server.service canceled.
Creating config file /etc/exports with new version
Creating config file /etc/default/nfs-kernel-server with new version
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for systemd (237-3ubuntu10.3) ...
2、设置NFS的共享目录
ywll@ywll-len:~$ sudo vim /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
/mnt/share *(rw,sync,no_subtree_check)
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
文件中的/mnt/share *(rw,sync,no_subtree_check) 是新增加的部分,可按照实际需要进行编写;内部的参数在后面会进行介绍;
3、在服务器系统上创建真实的共享目录
ywll@ywll-len:~$ sudo mkdir /mnt/share
4、修改目录的相关权限
ywll@ywll-len:~$ sudo chmod o+rw /mnt/share/
5、重启NFS server;
ywll@ywll-len:~$ sudo /etc/init.d/nfs-kernel-server restart
[ ok ....] Restarting nfs-kernel-server (via systemctl): nfs-kernel-server.service.
6、查看共享目录是否成功
ywll@ywll-len:~$ sudo exportfs
/mnt/share <world>
7、客户端测试
[root@localhost /]# mount -t nfs 192.168.101.67:/mnt/share /mnt/
[root@localhost mnt]# mount | grep /mnt
192.168.101.67:/mnt/share on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.107.117,local_lock=none,addr=192.168.101.67)
[root@localhost mnt]# touch 1
[root@localhost mnt]# rm -rf 1
[root@localhost mnt]# touch 1
[root@localhost mnt]# ll
total 0
-rw-r--r--. 1 nobody nobody 0 Jun 30 21:55 1
[root@localhost mnt]# rm -rf 1
[root@localhost mnt]# ll
total 0
8、exports 文件中的参数介绍
第一项:/mnt/share
指在NFS服务器上被用来共享的目录, 该目录会和客户端的某个目录同步
第二项: *
这个 * 指的是要绑定到 该目录(第一项中指定的)的客户端 IP。若设置为 * 则表示允许任何NFS客户端绑定到该目录;
可以设置单个的主机,如:192.168.1.10 表示仅允许IP 为 192.168.1.10的客户端绑定该目录;
特定ip地址的主机:192.168.1.10
特定子网中的所有主机:192.168.1.0/24 或 192.168.1.0/255.255.255.0
所有主机:*
第三项: rw
这里表示客户端对该共享目录的权限,
ro:共享目录只读;
rw:共享目录可读可写;
第四项: sync
sync:将数据同步写入内存缓冲区与磁盘中,效率低,但可以保证数据的一致性;
async:将数据先保存在内存缓冲区中,必要时才写入磁盘;
第五项: no_subtree_check
all_squash:所有访问用户都映射为匿名用户或用户组;
no_all_squash(默认):访问用户先与本机用户匹配,匹配失败后再映射为匿名用户或用户组;
root_squash(默认):将来访的root用户映射为匿名用户或用户组;
no_root_squash:来访的root用户保持root帐号权限;
subtree_check(默认) :若输出目录是一个子目录,则nfs服务器将检查其父目录的权限;
no_subtree_check :即使输出目录是一个子目录,nfs服务器也不检查其父目录的权限,这样可以提高效率;
其他可用项:
anonuid=<UID>:指定匿名访问用户的本地用户UID,默认为nfsnobody(65534);
anongid=<GID>:指定匿名访问用户的本地用户组GID,默认为nfsnobody(65534);
secure(默认):限制客户端只能从小于1024的tcp/ip端口连接服务器;
insecure:允许客户端从大于1024的tcp/ip端口连接服务器;
wdelay(默认):检查是否有相关的写操作,如果有则将这些写操作一起执行,这样可以提高效率;
no_wdelay:若有写操作则立即执行,应与sync配合使用;