Linux直接挂载另一台机器的文件夹

问题：现在有6台生产环境，不能随意访问，必须有手机验证才能通过ssh或者sftp登录，查看日志比较不方便。想把日志同步到一台测试机上。这样可以不登录生产机来查看生产环境的日志文件。

思路：想安装rsync，但是如果实时同步的话，比较占用资源，同步慢的话，调查不方便；而且也没有太大必要保留两份日志文件。由于生产环境的cpu和带宽压力都不是很大，想用ssh直接进行挂载。于是查了查，可以通过shfs格式来进行挂载，结果生产机内核没有编译shfs模块，不打算做大动作更新内核了。考虑使用sshfs来实现。

实现：由于生产环境不连外网，所以不能通过Yum来安装，只能下载rpm包来实现。

下载了:

fuse-sshfs-3.4.0-1.fc30.x86_64.rpm

fuse3-3.2.3-16.fc30.x86_64.rpm

fuse-common-3.2.3-14.fc29.x86_64.rpm

安装的时候，提示错误

[root@xxxx db2inst1]# rpm -ivf fuse-common-3.2.3-14.fc29.x86_64.rpm
warning: fuse-common-3.2.3-14.fc29.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 429476b4: NOKEY
Preparing packages for installation...
fuse-common-3.2.3-14.fc29
[root@xxxx db2inst1]# rpm -ivf fuse3-3.2.3-16.fc30.x86_64.rpm
warning: fuse3-3.2.3-16.fc30.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID cfc659b9: NOKEY
error: Failed dependencies:
libc.so.6(GLIBC_2.14)(64bit) is needed by fuse3-3.2.3-16.fc30.x86_64

想升级GLIBC，发现生产环境没安装gcc。不想做这种级别的安装。

于是查看了一下现在的libc.so.6的版本，是(最高到GLIBC_2.12)

#strings /lib64/libc.so.6 | grep GLIBC
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_PRIVATE
[db2inst1@xxxx~]$

按照这个版本，下载了低版本的sshfs后安装成功。

fuse-sshfs-2.2-1.el6.rf.x86_64.rpm

fuse-2.7.4-8_12.el4.x86_64.rpm

[root@xxxx db2inst1]# rpm -ivf fuse-2.7.4-8_12.el4.x86_64.rpm
warning: fuse-2.7.4-8_12.el4.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 66534c2b: NOKEY
Preparing packages for installation...
package fuse-2.8.3-4.el6.x86_64 (which is newer than fuse-2.7.4-8_12.el4.x86_64) is already installed
file /bin/fusermount from install of fuse-2.7.4-8_12.el4.x86_64 conflicts with file from package fuse-2.8.3-4.el6.x86_64
file /bin/ulockmgr_server from install of fuse-2.7.4-8_12.el4.x86_64 conflicts with file from package fuse-2.8.3-4.el6.x86_64
file /etc/udev/rules.d/99-fuse.rules from install of fuse-2.7.4-8_12.el4.x86_64 conflicts with file from package fuse-2.8.3-4.el6.x86_64
file /sbin/mount.fuse from install of fuse-2.7.4-8_12.el4.x86_64 conflicts with file from package fuse-2.8.3-4.el6.x86_64
[root@xxxx db2inst1]# rpm -ivf fuse-sshfs-2.2-1.el6.rf.x86_64.rpm
warning: fuse-sshfs-2.2-1.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing packages for installation...

开始设置

先mount一下进行一下验证。

#sshfs tomcat@xxx.xxx.xxx.xxx:/app/apache-tomcat-8.5.31/logs/ app1
#ls app

能看到日志了，可以把其他的服务器都进行挂载，然后设置每次启动时，自动挂载的问题。

设置自启动：

写挂载脚本

#vi /etc/init.d/mountsshfs
#!/bin/sh

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
#
# Mount SSH file systems in /etc/sshfstab.
#
echo -n "Mounting SSH filesystems..."
if [ -f /etc/sshfstab ] ; then
( cat /etc/sshfstab ; echo ) | sed -e '/^#/d' -e '/^$/d' | (
while read host mount_point sshfs_options fuse_options
do
sshfs $host $mount_point -o $sshfs_options -o $fuse_options
done
)
fi
echo "done"

: exit 0

写卸载脚本

vi /etc/init.d/umountsshfs

#!/bin/sh

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

#
# Unmount SSH file systems in /etc/mtab.
#
echo -n "Unmounting SSH filesystems..."
if [ -f /etc/mtab ] ; then
( cat /etc/mtab ; echo ) | sed -e '/^#/d' -e '/^$/d' | (
while read host mount_point options
do
if echo $host | awk '{ if ( substr($0, 1, 6)
== "sshfs#" ) exit 0; else exit 1 }' ; then
umount $mount_point
fi
done
)
fi
echo "done"
: exit 0

挂载一览

#vi /etc/sshfstab
  tomcat@xxx.xxx.xxx.xxx:/app/apache-tomcat-8.5.31/logs /logs/app1 sshfs_sync default_permissions,allow_other,kernel_cache,hard_remove
  tomcat@xxx.xxx.xxx.xxx:/app/apache-tomcat-8.5.31/logs /logs/app2 sshfs_sync 

给挂载和卸载脚本追加ln

#cd /etc/rc0.d
#ln -s ../init.d/umountsshfs S15umountsshfs
cd /etc/rc6.d
#ln -s ../init.d/umountsshfs S15umountsshfs
#cd /etc/rc2.d
#ln -s ../init.d/mountsshfs S85mountsshfs
#cd /etc/rc3.d
#ln -s ../init.d/mountsshfs S85mountsshfs
#cd /etc/rc4.d
#ln -s ../init.d/mountsshfs S85mountsshfs
#cd /etc/rc5.d
#ln -s ../init.d/mountsshfs S85mountsshfs

设置免密登录

客户端设置

ssh-keygen -t rsa

使用默认的路径，密码设置为空

cat ~/.ssh/id_rsa.pub | ssh tomcat@xxx.xxx.xxx.xxx "cat - >>.ssh/authorized_keys"

输入密码后传输成功。

服务器端设置

由于默认没有.ssh这个路径，也直接执行

ssh-keygen -t rsa后生成路径后，再由客户端重新传输authorized_keys

然后客户端用

ssh tomcat@xxx.xxx.xxx.xxx 确认不需要密码直接进入。

然后整机重启，reboot now之后，验证OK~

踩过的坑：

1，免密不好用

把服务器端的.ssh目录和.ssh/authorized_keys 分别设置为700，600

2，提示警告，但是能连接上

reverse mapping checking getaddrinfo for bogon [xxx.xxx.xxx.xxx] failed - POSSIBLE BREAK-IN ATTEMPT!

把/etc/hosts里面的ip和机器名加上后解决。

3，设置后其他用户不能打开文件，追加sshfs的option属性：allow_other