NFS介绍
- 1、NFS:Network File System 网络文件系统,基于内核的文件系统。Sun公司开发,通过使用NFS,用户和程序可以像访问本地文件一样访问远端系统上的文件,基于RPC(Remote Procedure Call Protocol远程过程调用)实现
- 2、RPC采用C/S模式。客户机请求程序调用进程发送一个有进程参数的调用信息到服务进程,然后等待应答信息。在服务器端,进程保持睡眠状态直到调用信息到达为止。当一个调用信息到达,服务器获得进程参数,计算结果,发送答复信息,然后等待下一个调用信息,最后,客户端调用进程接收答复信息,获得进程结果,然后调用执行继续进行
- 3、NFS优势:节省本地存储空间,将常用的数据,如home目录,存放在NFS服务器上且可以通过网络访问,本地终端将可减少自身存储空间的使用
如图1
NFS服务
软件包:nfs-utils
Kernel支持:nfs.ko
端口:2049(nfsd), 其它端口由portmap(111)分配
配置文件:/etc/exports,/etc/exports.d/*.exports
CentOS7不支持同一目录同时用nfs和samba共享,因为使用锁机制不同
相关软件包:rpcbind(必须),tcp_wrappers
CentOS6开始portmap进程由rpcbind代替
NFS服务主要进程:
rpc.nfsd 最主要的NFS进程,管理客户端是否可登录
rpc.mountd 挂载和卸载NFS文件系统,包括权限管理
rpc.lockd 非必要,管理文件锁,避免同时写出错
rpc.statd 非必要,检查文件一致性,可修复文件
日志:/var/lib/nfs/
配置防火墙,开放NFS服务
• 配置NFS使用固定端口
• vim /etc/sysconfig/nfs
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
• 防火墙除开放上述端口,还需开放TCP和UDP的111和2049共4个端口
[root@centos7:~]# updatedb
[root@centos7:~]# locate xfs.ko
/usr/lib/modules/3.10.0-862.el7.x86_64/kernel/fs/xfs/xfs.ko.xz
[root@centos7:~]# locate nfs.ko
/usr/lib/modules/3.10.0-862.el7.x86_64/kernel/drivers/xen/xenfs/xenfs.ko.xz
/usr/lib/modules/3.10.0-862.el7.x86_64/kernel/fs/nfs/nfs.ko.xzftp为应用级程序,机器认为网咯资源,可以显示在网络资源位置
NFS认为为本地资源,显示在本地磁盘,NFS和ftp及samba均为NAS,NFS服务的磁盘可以共享出来,以便其它机器挂载,windows不支持NFS
各版本表格
| NFS v2 | NFS v3 | NFS v4 |
|---|---|---|
| 只支持32位文件传输,最大文件数4G | 支持64位文件传输 | CentOS7默认很使用NFSv4版,实现伪根,辅助服务不需要,完全支持kerberos |
| 文件传输尺寸限制在8K | 没有文件尺寸限制 | |
| 无 | V3增加和完善了许多错误和成功信息的返回,对于服务器的设置和管理能带来很大好处 | 改进了INTERNET上的存取和执行效能 |
| 只提供了对UDP协议的支持,在一些高要求的网络环境中有很大限制 | 增加了对TCP传输协议的支持,有更好的I/O 写性能 | 只支持TCP传输 通过一个安全的带内系统,协商在服务器和客户端之间使用的安全性类型 使用字符串而不是整数来表示用户和组标识符 |
[root@centos7:~]# rpm -qi nfs-utils
Name : nfs-utils
Epoch : 1
Version : 1.3.0
Release : 0.54.el7
Architecture: x86_64
Install Date: Tue 15 May 2018 06:54:36 PM CST
Group : System Environment/Daemons
Size : 1076068
License : MIT and GPLv2 and GPLv2+ and BSD
Signature : RSA/SHA256, Wed 25 Apr 2018 07:29:44 PM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : nfs-utils-1.3.0-0.54.el7.src.rpm
Build Date : Fri 13 Apr 2018 03:52:29 AM CST
Build Host : x86-01.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://sourceforge.net/projects/nfs
Summary : NFS utilities and supporting clients and daemons for the kernel NFS server
Description :
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, which provides a much higher level of performance than the
traditional Linux NFS server used by most users.
This package also contains the showmount program. Showmount queries the
mount daemon on a remote host for information about the NFS (Network File
System) server on the remote host. For example, showmount can display the
clients which are mounted on that host.
This package also contains the mount.nfs and umount.nfs program.
[root@centos7:~]# mount.
mount.cifs mount.fuse mount.nfs mount.nfs4 #自动识别自动的文件系统#众多进程的综合,多个端口
[root@centos7:~]# rpm -ql nfs-utils
/etc/exports.d #共享文件
/etc/gssproxy/24-nfs-server.conf
/etc/modprobe.d/lockd.conf
/etc/nfs.conf
/usr/lib/systemd/system/nfs-server.service
/usr/sbin/exportfs
[root@centos7:~]# rpm -qf /etc/exports #主配置文件
setup-2.8.71-9.el7.noarch
[root@centos7:~]# rpm -ql setup
/etc/aliases
/etc/bashrc
/etc/csh.cshrc
/etc/csh.login
/etc/environment
/etc/exports
/etc/filesystems
/etc/fstab
/etc/group
**省略**
[root@centos7:~]# systemctl start nfs-server #启动服务
[root@centos7:~]# ss -ntul #多了几个端口
[root@centos7:~]# rpcinfo -p启动nfs-server会向rpcbind注册端口,nfs-server依赖rpcbind服务,centos6如果停止rpcbind服务,启动nfs-server会失败;centos7上由于systemd机制,只要启动nfs-server,会自动启动rpcbind的服务;rpcbind的端口是固定的111,客户端可以通过rpcbind查询nfs-server的多个动态端口;可以编辑nfs配置文件把端口固定下来,但不安全,不适合广域网使用,局域网使用
#重新加载配置文件,或者重启服务 systemctl restart nfs-server
[root@centos7:data]# exportfs -r
exportfs: No options for /data/ftp1 *: suggest *(sync) to avoid warning #同步写[root@centos7:~]# vim /etc/exports
/data/ftp1 *
[root@cos7-1:~]# showmount -e 192.168.31.7 #显示远程主机的共享文件
Export list for 192.168.31.7:
/data/ftp1 *
[root@cos7-1:~]# mount 192.168.31.7:/data/ftp1 /app
[root@cos7-1:~]# cd /app
[root@cos7-1:app]# ls
boot.iso nfs.txt
[root@cos7-1:app]# cat nfs.txt
nfsshare
[root@cos7-1:app]# echo dhy >> nfs.txt
-bash: nfs.txt: Read-only file system #只读文件系统
[root@cos7-1:app]# ll
total 45696
-rw------- 1 duck g3 46788608 Aug 18 12:43 boot.iso
-rw-r--r-- 1 root root 9 Aug 18 16:07 nfs.txt
[root@cos7-1:app]# mount
192.168.31.7:/data/ftp1 on /app type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.31.17,local_lock=none,addr=192.168.31.7)
[root@centos7:ftp1]# exportfs -v #取决于nfs服务端为只读
/data/ftp1 <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
[root@centos7:ftp1]# echo nfs2.txt > nfs2.txt
[root@centos7:ftp1]# vim /etc/exports
/data/ftp1 *
/data/ftp2 192.168.31.0/24(rw)
[root@centos7:ftp2]# echo ftp2 > nfs1.txt
[root@centos7:ftp2]# exportfs -r
exportfs: No options for /data/ftp1 *: suggest *(sync) to avoid warning
[root@centos7:ftp1]# exportfs -v
/data/ftp2 192.168.31.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
/data/ftp1 <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)[root@cos7-1:app]# showmount -e 192.168.31.7 #显示远程nfs服务的共享文件
Export list for 192.168.31.7:
/data/ftp1 *
/data/ftp2 192.168.31.0/24
[root@cos7-1:~]# mkdir /tmp/tmp1
[root@cos7-1:~]# mount 192.168.31.7:/data/ftp2 /tmp/tmp1
[root@cos7-1:tmp1]# echo dhy > nfs1.txt
-bash: nfs1.txt: Read-only file system
[root@cos7-1:tmp1]# touch f1
touch: cannot touch ‘f1’: Permission denied
[root@centos7:data]# ll
drwxr-xr-x 2 root root 22 Aug 18 16:27 ftp2
[root@centos7:data]# chmod 777 ftp2
[root@cos7-1:tmp1]# touch f1
[root@cos7-1:tmp1]# ll
total 4
-rw-r--r-- 1 nfsnobody nfsnobody 0 Aug 18 16:34 f1
-rw-r--r-- 1 root root 5 Aug 18 16:27 nfs1.txt
[root@cos7-1:tmp1]# echo dhy > nfs1.txt
-bash: nfs1.txt: Permission denied
[root@centos7:data]# setfacl -m u:nfsnobody:w /data/ftp2/nfs1.txt
[root@cos7-1:tmp1]# echo dhy > nfs1.txt[root@centos7:data]# vim /etc/exports
/data/ftp1 *
/data/ftp2 192.168.31.0/24(rw,no_root_squash) #root不压榨
[root@centos7:data]# exportfs -r
[root@centos7:data]# chmod 755 /data/ftp2
[root@cos7-1:tmp1]# touch f2
[root@cos7-1:tmp1]# ll
total 8
-rw-r--r-- 1 nfsnobody nfsnobody 4 Aug 18 16:35 f1
-rw-r--r-- 1 root root 0 Aug 18 16:43 f2 #本地用户创建文件对应身份为root
-rw-rw-r-- 1 root root 4 Aug 18 16:38 nfs1.txt[root@cos7-1:tmp1]# su - dhy
Last login: Sat Jul 28 21:35:38 CST 2018 from 192.168.31.7 on pts/1
[dhy@cos7-1:~]$ cd /tmp/tmp1/
[dhy@cos7-1:tmp1]$ ll
total 8
-rw-r--r-- 1 nfsnobody nfsnobody 4 Aug 18 16:35 f1
-rw-r--r-- 1 root root 0 Aug 18 16:43 f2
-rw-rw-r-- 1 root root 4 Aug 18 16:38 nfs1.txt
[dhy@cos7-1:tmp1]$ touch f3
touch: cannot touch ‘f3’: Permission denied
[root@centos7:data]# id dhy
uid=1000(dhy) gid=1000(dhy) groups=1000(dhy),10(wheel)
[root@centos7:data]# setfacl -m u:dhy:rwx ftp2
[dhy@cos7-1:tmp1]$ touch f3
[dhy@cos7-1:tmp1]$ id dhy #只要id相同即可
uid=1000(dhy) gid=1000(dhy) groups=1000(dhy),10(wheel)
[root@cos7-1:tmp1]# chmod 777 nfs1.txt
-rwxrwxrwx 1 root root 4 Aug 18 16:38 nfs1.txt要确认是远程主机nfs服务器中的用户权限共享时的身份与本地主机的身份关系
[root@centos7:data]# vim /etc/exports
/data/ftp2 192.168.31.0/24(ro,no_root_squash,all_squash) 192.168.31.17(rw)
#31.17主机可以读写
[root@centos7:data]# man exportfs
[root@centos7:data]# cat /etc/exports.d/a.exports #exprots后缀,等同于主配置文件
/data/ftp1 192.168.31.0/24(ro,no_root_squash,all_squash) 192.168.31.17(rw)
[root@centos7:data]# cat /etc/exports.d/a.exports
/data/ftp1 192.168.31.0/24(rw,no_root_squash,all_squash,anonuid=2000,anongid=2000)
#nfsnobody更改为id对应的2000 ,2000可以没有对应的用户名
#useradd -u 2000 nfsuser 实验
实验:把一个网站wordpress放在nfs服务器上,两台安装了apapche+fastcgi的主机,nfs服务把wordpress共享给两台apache服务器,这样两台apache服务器共用一个程序wordpress,可以看做负载均衡;另搭建一个dns服务器和数据库服务器;共5个主机。如图
1、dns服务
[root@dns ~ ]#yum install bind -y
[root@dns ~ ]#vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; #注释掉此行
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; #注释掉此行
[root@dns ~ ]#vim /etc/named.rfc1912.zones
zone "dhy.com" {
type master;
file "dhy.com.zone";
};
[root@dns ~ ]#cd /var/named
[root@dns named ]#vim dhy.com.zone
$TTL 1D
@ IN SOA dns1 admin.dhy.com. ( 1 1D 3H 1w 2D)
NS dns1
dns1 A 192.168.31.6
www A 192.168.31.7
www A 192.168.31.17
[root@dns named ]#ll
total 32
drwxrwx--- 2 named named 4096 Mar 23 2017 data
-rw-r--r-- 1 root root 131 Aug 18 18:22 dhy.com.zone
drwxrwx--- 2 named named 4096 Mar 23 2017 dynamic
-rw-r----- 1 root named 3171 Jan 11 2016 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Mar 23 2017 slaves
[root@dns named ]#chgrp named dhy.com.zone
[root@dns named ]#chmod 640 dhy.com.zone
[root@dns named ]#dig www.dhy.com @192.168.31.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.dhy.com @192.168.31.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8303
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.dhy.com. IN A
;; ANSWER SECTION:
www.dhy.com. 86400 IN A 192.168.31.17
www.dhy.com. 86400 IN A 192.168.31.7
;; AUTHORITY SECTION:
dhy.com. 86400 IN NS dns1.dhy.com.
;; ADDITIONAL SECTION:
dns1.dhy.com. 86400 IN A 192.168.31.6
;; Query time: 0 msec
;; SERVER: 192.168.31.6#53(192.168.31.6)
;; WHEN: Sat Aug 18 18:32:51 2018
;; MSG SIZE rcvd: 962、更改windows的dns,如图
更改dns服务器当另一个客户端如图
[root@dns named ]#service NetworkManager restart
Stopping NetworkManager daemon: [ OK ]
Setting network parameters... [ OK ]
Starting NetworkManager daemon: [ OK ]
[root@dns named ]#cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 127.0.0.1去火狐浏览器输入www.dhy.com 如图
3、安装apache和php的fastcgi
[root@fastcgi1:~]# yum install httpd
[root@fastcgi2:~]# yum install httpd
[root@fastcgi1:~]# yum install php-fpm php-mysql -y
[root@fastcgi2:~]# yum install php-fpm php-mysql -y
[root@fastcgi1:~]# cd /var/www/html
[root@fastcgi1:html]# rm -f index.php
[root@fastcgi1:html]# echo 192.168.31.7 fastcgi1 > index.html
[root@fastcgi2:~]# cd /var/www/html
[root@fastcgi2:html]# echo 192.168.31.17 fastcgi2 > index.html
[root@fastcgi1:html]# systemctl start httpd
[root@fastcgi2:html]# systemctl start httpd
[root@dns ~ ]#curl 192.168.31.7
192.168.31.7 fastcgi1
[root@dns ~ ]#curl 192.168.31.17
192.168.31.17 fastcgi2
[root@fastcgi1:html]# systemctl start php-fpm #9000端口开
[root@fastcgi2:html]# systemctl start php-fpm
[root@fastcgi1:html]# vim /etc/httpd/conf.d/fcgi.conf
proxyrequests off
proxypassmatch "^/(.*\.php)$" fcgi://127.0.0.1:9000/var/www/html/$1
[root@fastcgi1:html]# cat > index.php
<?php
phpinfo();
?>
[root@fastcgi1:html]# vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php index.html
[root@fastcgi2:html]# vim /etc/httpd/conf.d/fcgi.conf
proxyrequests off
proxypassmatch "^/(.*\.php)$" fcgi://127.0.0.1:9000/var/www/html/$1
[root@fastcgi2:html]# cat > index.php
<?php
phpinfo();
?>
[root@fastcgi2:html]# vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php index.html
[root@fastcgi1:html]# systemctl restart httpd
[root@fastcgi2:html]# systemctl restart httpd如图
4、mariadb数据库
[root@mariadb:~ ]# yum install mariadb-server
[root@mariadb:~ ]# systemctl start mariadb
[root@mariadb:~ ]# mysql -uroot -pcentos -e "create database wpdb;grant all on wpdb.* to wpuser@'192.168.31.7' identified by 'centos'";
[root@mariadb:~ ]# mysql -uroot -pcentos -e "grant all on wpdb.* to wpuser@'192.168.31.17' identified by 'centos'";
[root@mariadb:~ ]# mysql -uroot -pcentos -e "select user,host from mysql.user"
+---------+---------------+
| user | host |
+---------+---------------+
| root | 127.0.0.1 |
| phpuser | 192.168.31.% |
| wpuser | 192.168.31.17 |
| wpuser | 192.168.31.7 |
| root | ::1 |
| | cos7-2 |
| root | cos7-2 |
| | localhost |
| root | localhost |
+---------+---------------+5、NFS与wordpress
[root@NFS:~ ]# rz
[root@NFS:~ ]# mkdir /data/
[root@NFS:~ ]# tar xf wordpress-4.9.4-zh_CN.tar.gz -C /data
[root@NFS:~ ]# ll /data
total 4
drwxr-xr-x 5 nobody nfsnobody 4096 Feb 8 2018 wordpress
[root@centos7:data]# id apache
uid=48(apache) gid=48(apache) groups=48(apache)
[root@NFS:~ ]# vim /etc/exports.d/wordpress.exports
/data/wordpress 192.168.31.0/24(rw,all_squash,anonuid=48,anongid=48)
[root@NFS:~ ]# ll /data/
total 4
drwxr-xr-x 5 nobody nfsnobody 4096 Feb 8 2018 wordpress
[root@NFS:~ ]# ll /data/ -d
drwxr-xr-x 3 root root 23 Aug 18 19:33 /data/
[root@NFS:~ ]# useradd -u 48 apache
[root@NFS:~ ]# chown -R apache.apache /data/wordpress
[root@NFS:~ ]# ll /data/
total 4
drwxr-xr-x 5 apache apache 4096 Feb 8 2018 wordpress
[root@NFS:~ ]# cd /data/wordpress/
[root@NFS:/data/wordpress ]# cp wp-config-sample.php wp-config.php -p
[root@NFS:/data/wordpress ]# vim wp-config.php
define('DB_NAME', 'wpdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'centos');
/** MySQL主机 */
define('DB_HOST', '192.168.31.27');
[root@NFS:/data/wordpress ]# exportfs -r #加载配置文件
[root@NFS:/data/wordpress ]# exportfs -v #显示共享信息
/data/wordpress
192.168.31.0/24(rw,sync,wdelay,hide,no_subtree_check,anonuid=48,anongid=48,sec=sys,secure,root_squash,all_squash)
[root@NFS:/data/wordpress ]# systemctl start nfs-server #启动nfs服务
挂载
[root@fastcgi1:html]# vim /etc/fstab
UUID=fbe53d4c-ab79-4207-a4a7-e370854f796e / xfs defaults 0 0
UUID=38ac8148-66d5-47ee-bd6d-ce50ca048533 /boot xfs defaults 0 0
192.168.31.37:/data/wordpress /var/www/html/wordpress nfs defaults 0 0
[root@fastcgi1:html]# vim /etc/fstab
192.168.31.37:/data/wordpress /var/www/html/wordpress nfs defaults 0 0
[root@fastcgi1:html]# mount -a
mount.nfs: No route to host
[root@NFS:/data/wordpress ]# iptables -F #清空防火墙
[root@fastcgi1:html]# mount -a
[root@fastcgi2:html]# mount -a
1494
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
