https://vitux.com/install-nfs-server-and-client-on-ubuntu/
https://help.ubuntu.com/community/SettingUpNFSHowTo
quick start:
nfs目錄提供方即為nfs server,一下配置server:
1、安裝 NFS Kernel Server
sudo apt install nfs-kernel-server
2、創建被共用的文件夾
sudo mkdir -p /mnt/sharedfolder
我們希望所有客戶端都能訪問該目錄,所以將通過以下命令刪除被共用文件夾的權限限制:
sudo chown -R nobody:nogroup /mnt/sharedfolder sudo chmod -R 777 /mnt/sharedfolder
3、配置文件夾被公用時的權限,在文件 /etc/exports 里添加:
/mnt/sharedfolder clientIP(rw,sync,no_subtree_check)
如果要添加多個ip,則:
/mnt/sharedfolder client1IP(rw,sync,no_subtree_check) /mnt/sharedfolder client2IP(rw,sync,no_subtree_check)
如果要添加某個子網的所有ip,則:
/mnt/sharedfolder subnetIP/24(rw,sync,no_subtree_check)
rw,sync,no_subtree_check 的意思:
rw: 客戶端具有讀寫權限;
sync: 實時將變化寫進磁盤,即文件一改變就sync,然后對端就立即可以使用新的文件;
no_subtree_check: 子目錄放行;
4、正式共享文件夾:
sudo exportfs -a
為了讓配置起效,可能需要:
sudo systemctl restart nfs-kernel-server
5、server 的防火牆部分開放給 client:
格式如下:
sudo ufw allow from [clientIP or clientSubnetIP] to any port nfs
示例:
sudo ufw allow from 192.168.100/24 to any port nfs
你可以檢查view一下防火牆的設置:
sudo ufw status
1、client 的配置:
安裝 NFS Common client:
sudo apt-get install nfs-common
2、client 預先為目錄創建掛載點:
sudo mkdir -p /mnt/sharedfolder_client
3、掛載:
格式:
sudo mount serverIP:/exportFolder_server /mnt/mountfolder_client
示例:
sudo mount 192.168.100.5:/mnt/sharedfolder /mnt/sharedfolder_client
結束,現在文件夾已經公用了。
附加說明:
1、In order for the ID names to be automatically mapped, both the client and server require the /etc/idmapd.conf file to have the same contents with the correct domain names. Furthermore, this file should have the following lines in the Mapping section:
[Mapping] Nobody-User = nobody Nobody-Group = nogroup
2、There are three configuration files that relate to an NFS server: /etc/default/nfs-kernel-server, /etc/default/nfs-common and /etc/exports.
(The only important option in /etc/default/nfs-kernel-server for now is NEED_SVCGSSD. It is set to "no" by default, which is fine, because we are not activating NFSv4 security this time.)
解決 mount.nfs: access denied by server while mounting 問題:
問題表現:
# mount -t nfs x.x.x.x:/share /mnt mount.nfs: access denied by server while mounting x.x.x.x:/share
You can try running the mount command with the verbose option to get an detailed error on the issue.
# mount -t nfs -vvvv server.example.com:/share /mnt mount.nfs: timeout set for Fri Mar 9 17:56:57 2018 mount.nfs: trying text-based options 'vers=4.1,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4.0,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'addr=x.x.x.x' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying x.x.x.x prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying x.x.x.x prog 100005 vers 3 prot UDP port 300 mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting server.example.com:/share
Solution
This is a generic issue with NFS mounting at client and can occur due to many issues. Below are some of the most commonly occuring issues.
1. Try mounting with NFSv3
Sometimes the NFS server may only support NFSv3 connections. By default the mount command uses NFSv4, which may result is the error. To avoid this specify the NFSv3 while mounting the share.
# mount -t nfs -o nfsvers=3 x.x.x.x:/share /mnt
2. Check /etc/exports for correct share options
Ensure /etc/exports is properly referring to the correct NFS client information for providing access. Some NFS servers require NFS client name to be resolvable to IP, thus it should be resolvable via DNS or specified in /etc/hosts of the NFS server.. The format of the /etc/exports file is:
dir client1 (options) [client2(options)...]
Client options include (defaults are listed first):
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.
Example :
# vi /etc/exports /test nfs_client(rw)
3. Check NFS server permissions
– There could be issue with the NFS server sharing the NFS share. Try mounting the problematic share on another NFS client, to rule out the possibility of issue at NFS server.
– Set the permission as (ro,no_root_squash,sync) for nfs export on server end and run command:
# exportfs -r
Then try to mount the NFS share directory. If specifying the NFS client in /etc/exports by domain or hostname ensure the domain name maps to the correct IP, an incorrect entry in /etc/hosts for example could cause access to be denied.
4. Using tcpdump
In very rare cases, you may have to use the tcpdump to capture tcpdump of the mount operation. Run the below command first to start capturing the network packets. In another terminal start the NFS mount operation.
# tcpdump -s0 -i [eth#] host [nfs_server_ip] -w /tmp/tcpdump.pcap
解決 nfs服務器消失而導致下次nfs client掛載不上 的問題:
在client上執行:
umount -f -l /mnt/myfolder
-f Force unmount (in case of an unreachable NFS system). (Requires kernel 2.1.116 or later.)
-l Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore. (Requires kernel 2.4.11 or later.)
-f also exists on Solaris and AIX.