网络文件系统

##samba 服务简介
1、smb协议
smb（Server Messages Block，信息服务块）是一种在局域网上共享文件和打印机的一种通信协议，它为局域网内的不同操作系统的计算机之间提供文件及打印机等资源的共享服务。SMB 协议是客户机/服务器型协议，客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。

2、ftp 服务 与 samba 服务对比
（1）ftp 的优缺点：
优点：文件传输、应用层协议、可跨平台
缺点：只能实现文件传输，无法实现文件系统挂载；无法直接修改服务器端文件
（2）Samba 的特性：
使用 smb/cifs 协议、可跨平台、可实现文件系统挂载、可实现服务器端修改文件

##samba基本信息
服务启动脚本 smb.service
主配置目录 /etc/samba
主配置文件 /etc/samba/samba.conf
安全上下文 samba_share_t
端口 139 445
安装包 samba samba-common
##samba的安装与启用
安装：

dnf install samba samba-common samba-client -y

启动：

systemctl enable --now smb.service 
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload 

测试：
smbclient -L //172.25.254.74

##samba用户的建立（必须是本地用户）

useradd -s /sbin/nologin -M lcf
smbpasswd -a lcf 添加
pdbedit -L 查看

pdbedit -x westos 删除

##samba用户访问家目录
selinux开启时：
setsebool -P samba_enable_home_dirs on

windows下：
\172.25.254.74 访问
net use 查看记录
net use * /del 删除记录

linux下：
smbclient //172.25.254.74/westos -U lcf

###samba服务共享目录

mkdir /westosdir
touch /westosdir/1
chmod 777 /westosdir
semanage fcontext -a -t samba_share_t '/westosdir(/.*)?'
restorecon -RvvF /westosdir/
vim /etc/samba/smb.conf

systemctl restart smb

测试：
smbclient //172.25.254.174/westosdir -U lcf
or
mount //172.25.254.174/westosdir /mnt/ -o username=lcf,password=123

smbclient -L //172.25.254.74 -U lcf 查看共享目录名单

###samba用户访问/mnt
因为系统也要进入mnt目录修改里面的内容 因此 不能修改家目录的安全上下文

vim /etc/samba/smb.conf

systemctl restart smb.service
setsebool -P samba_export_all_rw on

可以读写 /mnt 共享目录

########samba的控制访问
hosts deny = 172.25.254.74
hosts allow = 172.25.254.74
写在单独共享时只对此目录生效
写在这些目录外面时对samba整体生效
eg:


###samba的常用配置
; writable = yes 可写
; write list = +westos 指定组可写
; valid users = @westos 指定访问组
; browseable = no 是否隐藏共享

; map to guest = bad user 写到global设定中
; guest ok = yes 允许匿名用户访问
; admin users ch= lcf 指定此共享的超级用户身份

###samba的多用户挂载
没有用过用户验证的人也可以访问samba服务
客户端：
dnf install cifs-utils -y
vim westossmb

username=westos
password=123

mount -o credentials=/root/westossmb,sec=ntlmssp,multiuser //172.25.254.74/westosdir /mnt/

#credentials=/root/westossmb 指定认证文件
#sec=ntlmssp 指定认证类型
#multiuser 支持多dnf

su - westos
ls /mnt
permission denied

cifscreds add -u lcf 172.25.254.74
password:

ls /mnt 即可查看

当遇到 key has expired
则
cifscreds add -u lcf -d 172.25.254.74
OR
cifscreds clearall 解决

####autofs+samba
在客户端实现字的自动挂载卸载 的软件
dnf install autofs.x86_64
配置方式：
vim /etc/auto.master

/misc   /etc/auto.misc
/- /etc/auto.samba (挂载目录的上一个目录)

vim /etc/auto.samba

samba（/westos） -fstype=cifs,multiuser,sec=ntlmssp,credentials=/root/westossmb 😕/172.25.254.174/westosdir

vim /etc/autofs.conf

systemctl enable --now autofs.service
systemctl start autofs.service
测试：

cd /westos/
df
cd
3s后
df
卸载掉
###NFS
服务端：
systemctl start nfs-server.service
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload

测试：
showmount -e 172.25.254.174

#nfs配置
服务端：
vim /etc/exports
共享目录 共享对象（共享参数）

/westosdir	*（ro）

exportfs -rv

测试：
客户端：
mount 172.25.254.174:/westosdir /mnt

#nfs配置参数
anonuid=1000，anongid=1000 指定用户身份
sync 更改生成后同步数据到服务器
async 实时同步数据到服务器
no_root_squash root用户挂载不转换身份
eg:
/westosdir *(ro) 172.25.254.0/24(rw.anonuid=1000,anongid=1001,async)

/westosdir *(ro) 172.25.254.0/24(rw,no_root_squash,async)

####nfs+autofs
mkdir /westosdir/westos{1…5}
vim /etc/auto.master

vim /etc/auto.nfs

nfs	172.25.254.74:/westosdir
or
*       -rw,vers=3      172.25.254.174:/westosdir/&

systemctl restart autofs.service

####iscsi
服务端：
fdisk /dev/vdb

dnf install targetcli -y
systemctl enable --now target

firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --reload

客户端：
dnf install iscsi-initiator-utils.x86_64
vim /etc/iscsi/initiatorname.iscsi

systemctl restart iscsid
iscsiadm -m discovery -t st -p 172.25.254.174

iscsiadm -m node -T iqn.2021-06.org.westos:strage1 -p 172.25.254.74 -l #login
(iscsiadm -m node -T iqn.2021-06.org.westos:strage1 -p 172.25.254.74 -u #logout
iscsiadm -m node -T iqn.2021-06.org.westos:strage1 -p 172.25.254.74 -o delete #delete)

fdisk /dev/sda
mkfs.xfs /dev/sda1
mount /dev/sda1 /mnt/

when u want to uninstall
in server:clearconfig confirm=true

[root@a ~]# targetcli
targetcli shell version 2.1.51
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ............................................................... [...]
  o- backstores .................................................... [...]
  | o- block ........................................ [Storage Objects: 1]
  | | o- westos-storage1 ....... [/dev/vdb1 (5.0GiB) write-thru activated]
  | |   o- alua ......................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ............. [ALUA state: Active/optimized]
  | o- fileio ....................................... [Storage Objects: 0]
  | o- pscsi ........................................ [Storage Objects: 0]
  | o- ramdisk ...................................... [Storage Objects: 0]
  o- iscsi .................................................. [Targets: 1]
  | o- iqn.2021-06.org.westos:strage1 .......................... [TPGs: 1]
  |   o- tpg1 ..................................... [no-gen-acls, no-auth]
  |     o- acls ................................................ [ACLs: 1]
  |     | o- iqn.2021-06.org.westos:westoskey ........... [Mapped LUNs: 1]
  |     |   o- mapped_lun0 ............. [lun0 block/westos-storage1 (rw)]
  |     o- luns ................................................ [LUNs: 1]
  |     | o- lun0 . [block/westos-storage1 (/dev/vdb1) (default_tg_pt_gp)]
  |     o- portals .......................................... [Portals: 1]
  |       o- 0.0.0.0:3260 ........................................... [OK]
  o- loopback ............................................... [Targets: 0]
/> help

GENERALITIES
============
This is a shell in which you can create, delete and configure
configuration objects.

The available commands depend on the current path or target
path you want to run a command in: different path have
different sets of available commands, i.e. a path pointing at
an iscsi target will not have the same availaible commands as,
say, a path pointing at a storage object.

The prompt that starts each command line indicates your
current path. Alternatively (useful if the prompt displays
an abbreviated path to save space), you can run the
pwd command to display the complete current path.

Navigating the tree is done using the cd command. Without
any argument, cd will present you with the full objects
tree. Just use arrows to select the destination path, and
enter will get you there. Please try help cd for navigation
tips.

COMMAND SYNTAX
==============
Commands are built using the following syntax:

[TARGET_PATH] COMMAND_NAME [OPTIONS]

The TARGET_PATH indicates the path to run the command from.
If ommited, the command will be run from your current path.

The OPTIONS depend on the command. Please use help
COMMAND to get more information.


AVAILABLE COMMANDS
==================
The following commands are available in the
current path:

  - bookmarks action [bookmark] 
  - cd [path] 
  - clearconfig [confirm] 
  - exit 
  - get [group] [parameter...] 
  - help [topic] 
  - ls [path] [depth] 
  - pwd 
  - refresh 
  - restoreconfig [savefile] [clear_existing] [target] [storage_object] 
  - saveconfig [savefile] 
  - sessions [action] [sid] 
  - set [group] [parameter=value...] 
  - status 
  - version 
/> clearconfig confirm=true
All configuration cleared
/> 

---

[root@b ~]# tree /var/lib/iscsi/
/var/lib/iscsi/
├── ifaces
├── isns
├── nodes
├── send_targets
│ └── 172.25.254.74,3260
│ └── st_config
├── slp
└── static