ubuntu16.04挂载_如何在Ubuntu 20.04上设置NFS挂载

ubuntu16.04挂载

介绍 (Introduction)

NFS, or Network File System, is a distributed file system protocol that allows you to mount remote directories on your server. This lets you manage storage space in a different location and write to that space from multiple clients. NFS provides a relatively standard and performant way to access remote systems over a network and works well in situations where the shared resources must be accessed regularly.

NFS或网络文件系统是一种分布式文件系统协议,可让您在服务器上安装远程目录。 这使您可以在其他位置管理存储空间,并从多个客户端写入该空间。 NFS提供了一种相对标准和高性能的方法,可以通过网络访问远程系统,并且在必须定期访问共享资源的情况下可以很好地工作。

In this guide, we’ll go over how to install the software needed for NFS functionality on Ubuntu 20.04, configure two NFS mounts on a server and client, and mount and unmount the remote shares.

在本指南中,我们将介绍如何在Ubuntu 20.04上安装NFS功能所需的软件,如何在服务器和客户端上配置两个NFS挂载以及如何挂载和卸载远程共享。

先决条件 (Prerequisites)

We will use two servers in this tutorial, with one sharing part of its filesystem with the other. To follow along, you will need:

在本教程中,我们将使用两台服务器,其中一台与另一台共享文件系统的一部分。 要继续进行,您将需要:

  • Two Ubuntu 20.04 servers. Each of these should have a non-root user with sudo privileges, a firewall set up with UFW, and private networking, if it’s available to you.

    两台Ubuntu 20.04服务器。 其中的每一个都应具有一个具有sudo特权的非root用户,使用UFW设置的防火墙以及专用网络(如果可用)。

    • For assistance setting up a non-root user with sudo privileges and a firewall, follow our Initial Server Setup with Ubuntu 20.04 guide.

      要获得设置具有sudo特权和防火墙的非root用户的帮助,请遵循我们的《 Ubuntu 20.04初始服务器设置》指南。

    • If you’re using DigitalOcean Droplets for your server and client, you can read more about setting up a private network in our documentation on How to Create a VPC.

      如果您将DigitalOcean Droplets用于服务器和客户端,则可以在我们有关如何创建VPC的文档中阅读有关设置专用网络的更多信息。

Throughout this tutorial, we refer to the server that shares its directories as the host and the server that mounts these directories as the client. You will need to know the IP address for both. Be sure to use the private network address, if available.

在本教程中,我们将共享其目录的服务器称为主机 ,将安装这些目录的服务器称为client 。 您将需要知道两者的IP地址。 确保使用专用网络地址(如果有)。

Throughout this tutorial we will refer to these IP addresses by the placeholders host_ip and client_ip. Please substitute as needed.

在本教程中,我们将通过占位符host_ipclient_ip引用这些IP地址。 请根据需要替换。

步骤1 —下载和安装组件 (Step 1 — Downloading and Installing the Components)

We’ll begin by installing the necessary components on each server.

我们将从在每台服务器上安装必要的组件开始。

在主机上 (On the Host)

On the host server, install the nfs-kernel-server package, which will allow you to share your directories. Since this is the first operation that you’re performing with apt in this session, refresh your local package index before the installation:

主机服务器上,安装nfs-kernel-server软件包,这将允许您共享目录。 由于这是您在此会话中使用apt执行的第一项操作,因此请在安装前刷新本地软件包索引:

  • sudo apt update

    sudo apt更新
  • sudo apt install nfs-kernel-server

    sudo apt安装nfs-kernel-server

Once these packages are installed, switch to the client server.

一旦安装了这些软件包,请切换到客户端服务器。

在客户端上 (On the Client)

On the client server, we need to install a package called nfs-common, which provides NFS functionality without including any server components. Again, refresh the local package index prior to installation to ensure that you have up-to-date information:

客户端服务器上,我们需要安装一个名为nfs-common的软件包,该软件包提供NFS功能而不包含任何服务器组件。 同样,在安装之前刷新本地软件包索引,以确保您具有最新信息:

  • sudo apt update

    sudo apt更新
  • sudo apt install nfs-common

    sudo apt安装nfs-common

Now that both servers have the necessary packages, we can start configuring them.

既然两个服务器都有必要的软件包,我们就可以开始配置它们了。

步骤2 —在主机上创建共享目录 (Step 2 — Creating the Share Directories on the Host)

We’re going to share two separate directories, with different configuration settings, in order to illustrate two key ways that NFS mounts can be configured with respect to superuser access.

我们将共享两个具有不同配置设置的单独目录,以说明可以针对超级用户访问配置NFS挂载的两种关键方式。

Superusers can do anything anywhere on their system. However, NFS-mounted directories are not part of the system on which they are mounted, so by default, the NFS server refuses to perform operations that require superuser privileges. This default restriction means that superusers on the client cannot write files as root, reassign ownership, or perform any other superuser tasks on the NFS mount.

超级用户可以在系统上的任何位置执行任何操作。 但是,挂载NFS的目录不是挂载它们的系统的一部分,因此默认情况下,NFS服务器拒绝执行需要超级用户特权的操作。 此默认限制意味着客户端上的超级用户不能以root用户身份写入文件,重新分配所有权或在NFS装载上执行任何其他超级用户任务。

Sometimes, however, there are trusted users on the client system who need to perform these actions on the mounted file system but who have no need for superuser access on the host. You can configure the NFS server to allow this, although it introduces an element of risk, as such a user could gain root access to the entire host system.

但是,有时, 客户端系统上有一些受信任的用户需要在已挂载的文件系统上执行这些操作,而无需在主机上进行超级用户访问。 您可以配置NFS服务器允许这样做,虽然它引入了风险因素,因为这样的用户可能获得对整个主机系统的root访问权限。

示例1:导出通用安装座 (Example 1: Exporting a General Purpose Mount)

In the first example, we’ll create a general-purpose NFS mount that uses default NFS behavior to make it difficult for a user with root privileges on the client machine to interact with the host using those client superuser privileges. You might use something like this to store files which were uploaded using a content management system or to create space for users to easily share project files.

在第一个例子,我们将创建一个通用的NFS挂载使用默认NFS行为,使其难以与客户端机器上的root权限的用户使用这些客户端超级用户权限的主机交互。 您可能会使用类似的东西来存储使用内容管理系统上传的文件,或者为用户创建空间以轻松共享项目文件。

First, make the share directory:

首先,创建共享目录:

  • sudo mkdir /var/nfs/general -p

    须藤mkdir / var / nfs / general -p

Since we’re creating it with sudo, the directory is owned by the host’s root user:

由于我们使用sudo创建目录,因此该目录归主机root用户所有:

  • ls -la /var/nfs/general

    ls -la / var / nfs / general

   
   
Output
drwxr-xr-x 2 root root 4096 May 14 18:36 .

NFS will translate any root operations on the client to the nobody:nogroup credentials as a security measure. Therefore, we need to change the directory ownership to match those credentials.

NFS会将客户端上的任何操作转换为nobody:nogroup凭据,以此作为一种安全措施。 因此,我们需要更改目录所有权以匹配这些凭据。

  • sudo chown nobody:nogroup /var/nfs/general

    sudo chown没有人:nogroup / var / nfs / general

You’re now ready to export this directory.

现在您可以导出该目录了。

示例2:导出主目录 (Example 2: Exporting the Home Directory)

In our second example, the goal is to make user home directories stored on the host available on client servers, while allowing trusted administrators of those client servers the access they need to conveniently manage users.

在我们的第二个示例中,目标是使存储在主机上的用户主目录在客户端服务器上可用,同时允许那些客户端服务器的受信任管理员访问它们以方便地管理用户。

To do this, we’ll export the /home directory. Since it already exists, we don’t need to create it. We won’t change the permissions, either. If we did, it could lead to a range of issues for anyone with a home directory on the host machine.

为此,我们将导出/home目录。 由于它已经存在,所以我们不需要创建它。 我们也不会更改权限。 如果这样 ,对于主机上带有主目录的任何人,这可能会导致一系列问题。

步骤3 —在主机服务器上配置NFS导出 (Step 3 — Configuring the NFS Exports on the Host Server)

Next, we’ll dive into the NFS configuration file to set up the sharing of these resources.

接下来,我们将深入研究NFS配置文件以设置这些资源的共享。

On the host machine, open the /etc/exports file in your text editor with root privileges:

主机上,以root用户权限在文本编辑器中打开/etc/exports文件:

  • sudo nano /etc/exports

    须藤nano / etc / exports

The file has comments showing the general structure of each configuration line. The syntax is as follows:

该文件的注释显示了每个配置行的一般结构。 语法如下:

/etc/exports
/ etc / exports
directory_to_share    client(share_option1,...,share_optionN)

We’ll need to create a line for each of the directories that we plan to share. Be sure to change the client_ip placeholder shown here to your actual IP address:

我们需要为我们计划共享的每个目录创建一行。 确保将此处显示的client_ip占位符更改为您的实际IP地址:

/etc/exports
/ etc / exports
/var/nfs/general    client_ip(rw,sync,no_subtree_check)
/home               client_ip(rw,sync,no_root_squash,no_subtree_check)

Here, we’re using the same configuration options for both directories with the exception of no_root_squash. Let’s take a look at what each of these options mean:

在这里,我们对两个目录使用相同的配置选项,但no_root_squash除外。 让我们看一下这些选项的含义:

  • rw: This option gives the client computer both read and write access to the volume.

    rw :此选项为客户端计算机提供对该卷的读写访问权限。

  • sync: This option forces NFS to write changes to disk before replying. This results in a more stable and consistent environment since the reply reflects the actual state of the remote volume. However, it also reduces the speed of file operations.

    sync :此选项强制NFS在回复之前将更改写入磁盘。 由于答复反映了远程卷的实际状态,因此这将导致更稳定和一致的环境。 但是,这也会降低文件操作的速度。

  • no_subtree_check: This option prevents subtree checking, which is a process where the host must check whether the file is actually still available in the exported tree for every request. This can cause many problems when a file is renamed while the client has it opened. In almost all cases, it is better to disable subtree checking.

    no_subtree_check :此选项可防止子树检查,这是主机必须检查每个请求文件在导出树中是否仍然实际可用的过程。 在客户端打开文件后重命名文件时,这可能会导致许多问题。 在几乎所有情况下,最好禁用子树检查。

  • no_root_squash: By default, NFS translates requests from a root user remotely into a non-privileged user on the server. This was intended as security feature to prevent a root account on the client from using the file system of the host as root. no_root_squash disables this behavior for certain shares.

    no_root_squash :默认情况下,NFS将来自root用户的请求远程转换为服务器上的非特权用户。 此功能旨在作为安全功能,防止客户端上的root帐户将主机的文件系统用作rootno_root_squash对某些共享禁用此行为。

When you are finished making your changes, save and close the file. Then, to make the shares available to the clients that you configured, restart the NFS server with the following command:

完成更改后,保存并关闭文件。 然后,要使共享可用于您配置的客户端,请使用以下命令重新启动NFS服务器:

  • sudo systemctl restart nfs-kernel-server

    sudo systemctl重新启动nfs-kernel-server

Before you can actually use the new shares, however, you’ll need to be sure that traffic to the shares is permitted by firewall rules.

但是,在实际使用新共享之前,您需要确保防火墙规则允许到共享的通信。

步骤4 —调整主机上的防火墙 (Step 4 — Adjusting the Firewall on the Host)

First, let’s check the firewall status to see if it’s enabled and, if so, to see what’s currently permitted:

首先,让我们检查防火墙状态以查看其是否已启用,如果已启用,请查看当前允许的内容:

  • sudo ufw status

    sudo ufw状态

   
   
Output
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)

On our system, only SSH traffic is being allowed through, so we’ll need to add a rule for NFS traffic.

在我们的系统上,仅允许SSH通信通过,因此我们需要为NFS通信添加规则。

With many applications, you can use sudo ufw app list and enable them by name, but nfs is not one of those. However, because ufw also checks /etc/services for the port and protocol of a service, we can still add NFS by name. Best practice recommends that you enable the most restrictive rule that will still allow the traffic you want to permit, so rather than enabling traffic from just anywhere, we’ll be specific.

在许多应用程序中,您可以使用sudo ufw app list并按名称启用它们,但是nfs并不是其中之一。 但是,由于ufw还检查/etc/services端口和协议,因此我们仍然可以按名称添加NFS。 最佳做法建议您启用限制性最强的规则,该规则仍将允许您要允许的流量,因此,我们将针对具体情况,而不是仅从任何地方启用流量。

Use the following command to open port 2049 on the host, being sure to substitute your client IP address:

使用以下命令在主机上打开端口2049 ,确保替换您的客户端 IP地址:

  • sudo ufw allow from client_ip to any port nfs

    sudo ufw允许从client_ip到任何端口nfs

You can verify the change by typing:

您可以通过键入以下内容来验证更改:

  • sudo ufw status

    sudo ufw状态

You should see traffic allowed from port 2049 in the output:

您应该在输出中看到端口2049允许的流量:


   
   
Output
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 2049 ALLOW 203.0.113.24 OpenSSH (v6) ALLOW Anywhere (v6)

This confirms that UFW will only allow NFS traffic on port 2049 from our client machine.

这确认UFW将仅允许来自客户端计算机的端口2049上的NFS通信。

步骤5 —在客户端上创建挂载点和挂载目录 (Step 5 — Creating Mount Points and Mounting Directories on the Client)

Now that the host server is configured and serving its shares, we’ll prepare our client.

现在已经配置了主机服务器并为其提供服务,我们将准备客户端

In order to make the remote shares available on the client, we need to mount the directories on the host that we want to share to empty directories on the client.

为了使远程共享在客户端上可用,我们需要将要共享的主机上的目录挂载到客户端上的空目录。

Note: If there are files and directories in your mount point, they will become hidden as soon as you mount the NFS share. To avoid the loss of important files, be sure that if you mount in a directory that already exists that the directory is empty.

注意:如果挂载点中有文件和目录,则在挂载NFS共享后它们将被隐藏。 为避免重要文件丢失,请确保如果安装在已经存在的目录中,则该目录为空。

We’ll create two directories for our mounts:

我们将为安装创建两个目录:

  • sudo mkdir -p /nfs/general

    须藤mkdir -p / nfs / general
  • sudo mkdir -p /nfs/home

    须藤mkdir -p / nfs / home

Now that we have a location to put the remote shares and we’ve opened the firewall, we can mount the shares using the IP address of our host server:

现在我们有了放置远程共享的位置,并且已经打开了防火墙,我们可以使用主机服务器的IP地址安装共享了:

  • sudo mount host_ip:/var/nfs/general /nfs/general

    须藤安装host_ip :/ var / nfs / general / nfs / general

  • sudo mount host_ip:/home /nfs/home

    须藤安装host_ip :/ home / nfs / home

These commands will mount the shares from the host computer onto the client machine. You can double-check that they mounted successfully in several ways. You can check this with a mount or findmnt command, but df -h provides a more readable output:

这些命令会将共享从主机安装到客户端计算机上。 您可以通过多种方式再次检查它们是否成功安装。 您可以使用mountfindmnt命令进行检查,但是df -h提供了更具可读性的输出:

  • df -h

    df -h

   
   
Output
Filesystem Size Used Avail Use% Mounted on udev 474M 0 474M 0% /dev tmpfs 99M 936K 98M 1% /run /dev/vda1 25G 1.8G 23G 8% / tmpfs 491M 0 491M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 491M 0 491M 0% /sys/fs/cgroup /dev/vda15 105M 3.9M 101M 4% /boot/efi tmpfs 99M 0 99M 0% /run/user/1000 10.132.212.247:/var/nfs/general 25G 1.8G 23G 8% /nfs/general 10.132.212.247:/home 25G 1.8G 23G 8% /nfs/home

Both of the shares we mounted appear at the bottom. Because they were mounted from the same file system, they show the same disk usage. To see how much space is actually being used under each mount point, use the disk usage command du and the path of the mount. The -s flag provides a summary of usage rather than displaying the usage for every file. The -h prints human-readable output.

我们安装的两个份额都显示在底部。 因为它们是从同一文件系统挂载的,所以它们显示相同的磁盘使用率。 要查看每个安装点下实际使用了多少空间,请使用磁盘使用命令du和安装路径。 -s标志提供使用情况的摘要,而不是显示每个文件的使用情况。 -h打印人类可读的输出。

For example:

例如:

  • du -sh /nfs/home

    du -sh / nfs / home

   
   
Output
36K /nfs/home

This shows us that the contents of the entire home directory is using only 36K of the available space.

这向我们显示了整个主目录的内容仅使用了36K的可用空间。

第6步-测试NFS访问 (Step 6 — Testing NFS Access)

Next, let’s test access to the shares by writing something to each of them.

接下来,让我们通过向共享中的每一个写入内容来测试对共享的访问。

示例1:通用共享 (Example 1: The General Purpose Share)

First, write a test file to the /var/nfs/general share:

首先,将测试文件写入/var/nfs/general共享:

  • sudo touch /nfs/general/general.test

    sudo touch /nfs/general/general.test

Then, check its ownership:

然后,检查其所有权:

  • ls -l /nfs/general/general.test

    ls -l /nfs/general/general.test

   
   
Output
-rw-r--r-- 1 nobody nogroup 0 Aug 1 13:31 /nfs/general/general.test

Because we mounted this volume without changing NFS’s default behavior and created the file as the client machine’s root user via the sudo command, ownership of the file defaults to nobody:nogroup. client superusers won’t be able to perform typical administrative actions, like changing the owner of a file or creating a new directory for a group of users, on this NFS-mounted share.

因为我们在不更改NFS缺省行为的情况下挂载了该卷,并通过sudo命令将其创建为客户机的root用户,所以该文件的所有权默认为nobody:nogroup客户端超级用户将无法在此NFS挂载的共享上执行典型的管理操作,例如更改文件所有者或为一组用户创建新目录。

示例2:主目录共享 (Example 2: The Home Directory Share)

To compare the permissions of the General Purpose share with the Home Directory share, create a file in /nfs/home the same way:

要将通用共享的权限与主目录共享的权限进行比较,请以相同的方式在/nfs/home创建一个文件:

  • sudo touch /nfs/home/home.test

    须藤触摸/nfs/home/home.test

Then look at the ownership of the file:

然后查看文件的所有权:

  • ls -l /nfs/home/home.test

    ls -l /nfs/home/home.test

   
   
Output
-rw-r--r-- 1 root root 0 Aug 1 13:32 /nfs/home/home.test

We created home.test as root using the sudo command, exactly the same way we created the general.test file. However, in this case it is owned by root because we overrode the default behavior when we specified the no_root_squash option on this mount. This allows our root users on the client machine to act as root and makes the administration of user accounts much more convenient. At the same time, it means we don’t have to give these users root access on the host.

我们使用sudo命令以root身份创建了home.test ,与创建general.test文件的方式完全相同。 但是,在这种情况下,它是由root拥有的,因为当我们在此挂载上指定no_root_squash选项时,我们将覆盖默认行为。 这使我们在客户端计算机上的root用户可以充当root用户 ,并使用户帐户的管理更加方便。 同时,这意味着我们不必授予这些用户对主机的 root访问权限。

步骤7 —在引导时挂载远程NFS目录 (Step 7 — Mounting the Remote NFS Directories at Boot)

We can mount the remote NFS shares automatically at boot by adding them to /etc/fstab file on the client.

通过将远程NFS共享添加到客户端上的/etc/fstab文件中,我们可以在启动时自动挂载它们。

Open this file with root privileges in your text editor:

在文本编辑器中以root特权打开此文件:

  • sudo nano /etc/fstab

    须藤nano / etc / fstab

At the bottom of the file, add a line for each of our shares. They will look like this:

在文件底部,为我们的每个份额添加一行。 它们将如下所示:

/etc/fstab
/ etc / fstab
. . .
host_ip:/var/nfs/general    /nfs/general   nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0
host_ip:/home               /nfs/home      nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

Note: You can find more information about the options we are specifying here in the NFS man page. You can access this by running the following command:

注意:您可以在NFS手册页中找到有关我们在此处指定的选项的更多信息。 您可以通过运行以下命令来访问它:

  • man nfs

    男人nfs

The client will automatically mount the remote partitions at boot, although it may take a few moments to establish the connection and for the shares to be available.

客户端会在启动时自动挂载远程分区,尽管建立连接并使共享可用可能需要一些时间。

步骤8 —卸载NFS远程共享 (Step 8 — Unmounting an NFS Remote Share)

If you no longer want the remote directory to be mounted on your system, you can unmount it by moving out of the share’s directory structure and unmounting, like this:

如果您不再希望在系统上挂载远程目录,则可以通过移出共享的目录结构并进行卸载来进行卸载,如下所示:

  • cd ~

    光盘〜
  • sudo umount /nfs/home

    须藤umount / nfs / home
  • sudo umount /nfs/general

    须藤umount / nfs / general

Take note that the command is named umount not unmount as you may expect.

请注意,该命令名为umount not unmount正如您所期望的那样。

This will remove the remote shares, leaving only your local storage accessible:

这将删除远程共享,仅保留本地存储可访问:

  • df -h

    df -h

   
   
Output
Filesystem Size Used Avail Use% Mounted on udev 474M 0 474M 0% /dev tmpfs 99M 936K 98M 1% /run /dev/vda1 25G 1.8G 23G 8% / tmpfs 491M 0 491M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 491M 0 491M 0% /sys/fs/cgroup /dev/vda15 105M 3.9M 101M 4% /boot/efi tmpfs 99M 0 99M 0% /run/user/1000

If you also want to prevent them from being remounted on the next reboot, edit /etc/fstab and either delete the line or comment it out by placing a # character at the beginning of the line. You can also prevent auto-mounting by removing the auto option, which will allow you to still mount it manually.

如果您还想防止它们在下次重新启动时重新安装,请编辑/etc/fstab并删除该行或通过在该行的开头放置#字符将其注释掉。 您也可以通过删除auto选项来防止自动挂载,这将使您仍然可以手动挂载它。

结论 (Conclusion)

In this tutorial, we created an NFS host and illustrated some key NFS behaviours by creating two different NFS mounts, which we shared with a NFS client.

在本教程中,我们创建了一个NFS主机,并通过创建两个不同的NFS挂载(与NFS客户端共享)来说明了一些关键的NFS行为。

If you’re looking to implement NFS in production, it’s important to note that the protocol itself is not encrypted. In cases where you’re sharing over a private network, this may not be a problem. In other cases, a VPN or some other type of encrypted tunnel will be necessary to protect your data.

如果要在生产中实现NFS,请务必注意,协议本身未加密。 在通过专用网络共享的情况下,这可能不是问题。 在其他情况下,将需要VPN或某种其他类型的加密隧道来保护您的数据。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-20-04

ubuntu16.04挂载

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值