Configuring an NFS server to share a filesystem_CentOS 7 Server Deployment Cookbook-QQ阅读女生青春网

上QQ阅读APP看书，第一时间看更新

Configuring an NFS server to share a filesystem

Network File System (NFS) is a protocol for a distributed filesystem. That is, we can store files to a directory on a remote server and clients can mount the share. The remote directory will appear to the client as if it were local, although all data saved to it resides on the server. This recipe shows you how to configure NFS on a server and expose the storage as a network share. (The next recipe will show you how to configure NFS on a client.)

Getting ready

This recipe requires a CentOS system with a working network connection. You'll also need administrative privileges provided by logging in with the root account.

How to do it...

Follow these steps to set up an NFS server:

Install the nfs-utils and libnfsidmap packages:
```
yum install nfs-utils libnfsidmap
```
Create a globally accessible directory which will serve as the root of the file share:
```
mkdir -m 777 /var/nfsshare
```
Open /etc/exports and add the following entry to mark the directory for export by NFS. When done, save and close the file:
```
/var/nfsshare 192.168.56.0/24(rw,sync,root_squash)
```
The exports file is very picky. Make sure there's no space between the network and the parenthesized options as well as no spaces around the commas that separate the options.
Start the necessary services and register them so that they will start when the server boots:
```
 systemctl start rpcbind nfs-server
 systemctl enable rpcbind nfs-server 
```

Open ports 111, 2048, and 2049 in the firewall to allow traffic through:

firewall-cmd --permanent --zone public --add-service rpc-bind
firewall-cmd --permanent --zone public --add-service mountd
firewall-cmd --permanent --zone public --add-service nfs
firewall-cmd --reload

How it works...

In this recipe, you learned how to set up a shared network directory using NFS. After installing the appropriate packages, we created the shared directory, registered it to be exported, and started the necessary system services.

/etc/exports is the configuration file that manages which filesystems are exported and how. We added an entry that identified the directory we want to export, followed by which clients they are exported to and the options that govern how the export will be treated:

/var/nfsshare 192.168.56.0/24(rw,sync,root_squash)

In the example, we make the share available to 192.168.56.0/24, in other words, any host on the network. Alternatively, you can share the directory a single host or a range of hosts. An entry that shares the directory with a specific host looks like the following:

/var/nfsshare 192.168.56.101(rw,sync,root_squash)

The rw++ option allows both read and write access to the share. sync flushes any changes to a file immediately to disk. While writing to disk might make access to the file slower at times, the delay won't be noticeable unless your system is under high load, and it would seem like a fair trade-off for the safety that immediate flushes provide in the event of a crash.

NFS will effectively squash the root user's ownership when root_squash is provided by changing the owner to nfsnobody. This is a security measure that mitigates the risk of a root user on the client system attempting to write a file to the share with root ownership (otherwise a malicious user could store a file and mark it executable where it might be run with root privileges). If you want to squash the ownership of all files to nfsnobdy, you can use the all_squash option.

NFS relies on a few other services, which is why we also enabled rpcbind and opened firewall ports for rpcbind and mountd. NFS works on top of the Remote Procedure Call (RPC) protocol, and rcpind is responsible for mapping the RPC-based services to their ports. An incoming connection from a client first hits the rpcbind service, providing an RPC identifier. Rpcbind resolves the identifier to a particular service (NFS in this case) and redirects the client to the appropriate port. There, mountd handles the request to determine whether the requested share is exported and whether the client is allowed to access it.