Hệ điều hành - Network file system

Đặng Thanh Bình Network File System Contents • How It Works • NFS Client Configuration • autofs • Common NFS Mount Options • Starting and Stopping NFS • NFS Server Configuration • Securing NFS • NFS and portmap • Using NFS over TCP Introduction • A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. • This enables system administrators to consolidate resources onto centralized servers on the network. • This chapter focuses on fundamental NFS concepts and supplemental information HOW IT WORKS How It Works • Three versions of NFS: – NFS version 2 (NFSv2) is older and is widely supported. – NFS version 3 (NFSv3) has more features, including 64bit file handles, Safe Async writes and more robust error handling. – NFS version 4 (NFSv4) works through firewalls and on the Internet, no longer requires portmapper, supports ACLs, and utilizes stateful operations How It Works • All versions of NFS can use Transmission Control Protocol (TCP) running over an IP network, with NFSv4 requiring it. • NFSv2 and NFSv3 can use the User Datagram Protocol (UDP) running over an IP network to provide a stateless network. • NFSv4 has no interaction with portmapper, rpc.mountd, rpc.lockd, and rpc.statd, since protocol support has been incorporated into the v4 protocol. How It Works • TCP is the default transport protocol for NFS under Red Hat Enterprise Linux. • UDP can be used for compatibility purposes as needed, but is not recommended for wide usage. • All the RPC/NFS daemon have a '-p' command line option that can set the port, making firewall configuration easier. Working Procedure • Firstly, the client is granted access by TCP wrappers • Secondly, the NFS server refers to its configuration file, /etc/exports, to determine whether the client is allowed to access any of the exported file systems. • Once access is granted, all file and directory operations are available to the user. Notes • In order for NFS to work with a default installation of Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 2049 must be configured. • The NFS initialization script and rpc.nfsd process now allow binding to any specified port during system start up. Required Services • nfs: NFS server • nfslock: a mandatory service that starts the appropriate RPC processes to allow NFS clients to lock files on the server • portmap: accepts port reservations from local RPC services Required Services • The following RPC processes facilitate NFS services – rpc.mountd – rpc.nfsd – rpc.lockd – rpc.statd – rpc.rquotad – rpc.idmapd NFS CLIENT CONFIGURATION Mounting on the Client Side • NFS shares are mounted on the client side using the mount command mount -t -o : – : nfs for NFSv2 or NFSv3, nfs4 for NFSv4. – : a comma separated list of options for NFS – : remote host – : remote directory being mounted – : local directory where the remote file system is to be mounted Mounting on the Client Side • Mounting remote file systems automatically at boot time – Edit the /etc/fstab file – Use autofs service Using /etc/fstab • The general syntax for the line in /etc/fstab is as follows: server:/usr/local/pub /pub nfs rsize=8192,wsize=8192,timeo=14,intr – The mount point /pub must exist on the client machine before this command can be executed. – After adding this line to /etc/fstab on the client system, type the command mount /pub at a shell prompt – The mount point /pub is mounted from the server Using /etc/fstab • The /etc/fstab file is referenced by the netfs service at boot time • Lines referencing NFS shares have the same effect as manually typing the mount command during the boot process. • A sample /etc/fstab line to mount an NFS export : 0 0 AUTOFS autofs • Kernel-based automount utility • Components of an automounter: – A kernel module that implements a file system – A user-space daemon performing all other functions • autofs uses /etc/auto.master (master map) as its default primary configuration file • This can be changed to use another supported network source and name using the autofs configuration (in /etc/sysconfig/autofs) in conjunction with Name Service Switch mechanism autofs Configuration • Configuration file: /etc/auto.master • Lists autofs-controlled mount points on the system, and their corresponding configuration files or network sources known as automount maps. • The format of the master map is as follows: – mount-point is the autofs mount point e.g /home. – map-name is the name of a map source which contains a list of mount points, and the file system location from which those mount points should be mounted autofs Configuration • Map file structure: [] • Samples: autofs • Run autofs • View the status of the automount daemon COMMON NFS MOUNT OPTIONS Mount Options • fsid=num – Forces the file handle and file attributes settings on the wire to be num • hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft) • noacl — Turns off all ACL processing • nolock — Disables file locking Mount Options • nosuid — Disables set-user-identifier or set- group-identifier bits • noexec — Prevents execution of binaries on mounted file systems • tcp — Specifies for the NFS mount to use the TCP protocol. • udp — Specifies for the NFS mount to use the UDP protocol Mount Options • Using soft mounts is not recommended as they can generate I/O errors in very congested networks or when using a very busy server. STARTING AND STOPPING NFS Starting and Stopping NFS • To run an NFS server, the portmap service must be running. • To verify that portmap is active, type Starting and Stopping NFS • /sbin/service nfs start • /sbin/service nfs stop • /sbin/service nfs restart • Only restart nfs if it is currently running – /sbin/service nfs condrestart • Reload the NFS server configuration file without restarting the service – /sbin/service nfs reload NFS SERVER CONFIGURATION Configuration File • NFS configuration file: /etc/exports • Structure of a line for an exported file system: () ()... – : the directory being exported – : host or network to which the export is being shared – : options for that host or network Configuration File • Specifying host names: – Single host • Fully Qualified Domain Name, hostname, or IP address –Wildcards: * or ? • Should not be used with IP addresses; however, it is possible for them to work accidentally if reverse DNS lookups fail • Tend to be more exact than expected – *.example.com as a wildcard allows sales.example.com to access an exported file system, but not bob.sales.example.com – *.example.com and *.*.example.com must be specified to allow both Configuration File • Specifying host names: – IP networks – netgroups — Permits an NIS netgroup name, written as @, to be used Configuration File • Sample of the simplest form of /etc/exports: /exported/directory bob.example.com • Cause no options specified, default options are applied, including: