Linux nfs server oracle

This chapter includes information about managing the Network File System (NFS) in Oracle Linux 9 , including tasks for configuring, administering, and using NFS.

For information about local file system management in Oracle Linux, see Oracle Linux 9: Managing Local File Systems.

About NFS

NFS (Network File System) is a distributed file system that enables a client system to access files over a network as though the files were on local storage.

An NFS server can share directory hierarchies in its local file systems with remote client systems over an IP-based network. After an NFS server exports a directory, NFS clients mount this directory, provided that the clients have been granted the appropriate permissions. To the client systems, the directory appears as if it were a local directory. The benefits of using NFS include centralized storage provisioning, improved data consistency, and reliability.

Supported Versions of NFS

The following versions of NFS are supported in Oracle Linux 9 :

NFS version 3 (NFSv3), specified in RFC 1813.
NFS version 4 (NFSv4), specified in RFC 7530.
NFS version 4 minor version 1 (NFSv4.1), specified in RFC 5661.
NFS version 4 minor version 2 (NFSv4.2), specified in RFC 7862 .

NFSv3 provides safe, asynchronous writes and efficient error handling. NFSv3 also supports 64-bit file sizes and offsets, which enable clients to access more than 2 GB of file data.

NFSv3 relies on Remote Procedure Call (RPC) services, which are controlled by the rpcbind service. The rpcbind service responds to requests for an RPC service and then sets up connections for the requested service. In addition, separate services are used to handle locking and mounting protocols, as configuring a firewall to cope with the various ports that are used by all these services can be complex and error-prone.

In previous Oracle Linux releases, NFSv3 was able to also use the User Datagram Protocol (UDP). However, beginning from Oracle Linux 8, NFS over UDP is no longer supported. Further, UDP is disabled in the NFS server by default in this release.

NFSv4 is capable of working through firewalls, as well as the Internet. Also, NFSv4 does not require the rpcbind service. In addition, NFSv4 supports access Control Lists (ACLs), and uses stateful operations.

NFSv4 requires the Transmission Control Protocol (TCP) running over an IP network. As mentioned, NFSv4 does not use rpcbind ; as such, the NFS server listens on TCP port 2049 for service requests. The mounting and locking protocols are also integrated into the NFSv4 protocol, which means that separate services are also not required for these protocols. These refinements make firewall configuration for NFSv4 no more difficult than for a service such as HTTP.

Читайте также: Кали linux на флешку

Note that in Oracle Linux 9 , NFS clients attempt to mount by using NFSv4.2 (the default version), but fall back to NFSv4.1 when the server does not support NFSv4.2. The mount later falls back to NFSv4.0 and then to NFSv3.

About NFS Services

In Oracle Linux 9 , NFS versions rely on Remote Procedure Calls (RPC) between clients and servers. To share or mount NFS file systems, the following required services work together, depending on which version of NFS is implemented. Note that all of these services are started automatically:

Server kernel module that services requests for shared NFS file systems.

Service that accepts port reservations from local RPC services, which are made available or advertised so that the corresponding remote RPC services can access them and also hat the client is allowed to access it.

Process that is used by an NFS server to process mount requests from NFSv3 clients. The service checks that the requested NFS share is currently exported by the NFS server.

Process that enables explicit NFS versions and protocols the server advertises to be defined.

Kernel thread that runs on both clients and servers. The lockd process implements the Network Lock Manager (NLM) protocol, which enables NFSv3 clients to lock files on the server. The daemon is started automatically whenever the NFS server is run and whenever an NFS file system is mounted.

Process that implements the Network Status Monitor (NSM) RPC protocol, which notifies NFS clients when an NFS server is restarted without being gracefully brought down. The rpc-statd service is automatically started by the nfs-server service. This service does not require configuration by the user and is not used with NFSv4.

Process that provides NFSv4 client and server upcalls, which map between on-the-wire NFSv4 names (strings in the form of user@domain) and local UIDs and GIDs. Note that for the idmapd process to function with NFSv4, you must configure the /etc/idmapd.conf file. Note that only NFSv4 uses the rpc-idmapd process.

The mounting and locking protocols are incorporated into the NFSv4 protocol. Also, the server listens on TCP port 2049. For this reason, NFSv4 does not need to interact with the rpcbind , lockd , and rpc-statd services. However, the nfs-mountd service is still required to set up exports on the NFS server; but, the service is not involved in any over-the-wire operations.

The rpc-idmapd service only handles upcalls from the kernel and is not itself directly involved in any over-the-wire operations. The service, however, might make naming service calls, which do result in over-the-wire lookups.

Configuring an NFS Server

You can configure an NFS server in Oracle Linux in the following ways:

By editing the /etc/exports file manually. Exports can also be added to files that you create in the /etc/exports.d directory.
By using the exportfs command.

Читайте также: Linux tail команда grep

Configuring an NFS Server by Editing the /etc/exports File

The following steps describe how to configure an NFS server by editing the /etc/exports file.

You can also add exports to files that you create in the /etc/exports.d directory in a similar fashion.

sudo dnf install nfs-utils

/var/folder 192.0.2.102(rw,async) /usr/local/apps *(all_squash,anonuid=501,anongid=501,ro) /var/projects/proj1 192.168.1.0/24(ro) mgmtpc(rw)

Only the client system with the IP address 192.0.2.102 can mount the /var/folder directory with read and write permissions. All writes to the disk are asynchronous. Therefore, the server does not wait for write requests to be written to disk before responding to further requests from the client.
As indicated by the wildcard (*), all of the clients can mount the /usr/local/apps directory as read-only. All connecting users, including root users, are mapped to the local, unprivileged user with UID 501 and GID 501.
All of the clients on the 192.168.1.0/24 subnet can mount the /var/projects/proj1 directory as read-only. However, the client system named mgmtpc can mount the directory with read-write permissions.

For more information, see the exports(5) manual page.

sudo firewall-cmd --permanent --zone=zone --add-service=nfs

Edit the /etc/nfs.conf file to create port settings for handling network mount requests and status monitoring. Additionally, set the TCP port on which the network lock manager should listen, for example:

# Ports that various services should listen on. [mountd] port = 892 [statd] port = 662 [lockd] port = 32803

sudo firewall-cmd --permanent --zone=zone --add-port=2049/tcp --add-port=111/tcp --add-port=32803/tcp --add-port=892/tcp --add-port=662/tcp

sudo systemctl enable --now nfs-server

Export list for host01.mydom.com /var/folder 192.0.2.102 /usr/local/apps * /var/projects/proj1 192.168.1.0/24 mgmtpc

The showmount -a command displays all of the current clients and all of the file systems that the clients have mounted.

Note: To enable use of the showmount command from NFSv4 clients, specify a port number to the MOUNTD_PORT parameter in /etc/nfs.conf . Then, create a firewall rule to enable access to this TCP port.

Configuring an NFS Server by Using the exportfs Command

The exportfs command enables the administrator to export or unexport directories selectively, and eliminates the need to restart the NFS service. By providing the appropriate options, the exportfs command writes the exported file systems to the /var/lib/nfs/etab file. Changes to the list of exported file systems are effective immediately because the nfs-mountd service refers to the etab file for determining access privileges to a file system.

If used without any options, exportfs displays a list of currently exported file systems.

Options that you can specify with the exportfs command include the following:

Refreshes the list of exported directories in the /var/lib/nfs/etab file by incorporating any changes that were made to the list in the /etc/exports file.

Exports all of the file systems that are specified in the /etc/exports file. This option can be combined with other options, which determines the action the command performs.

Читайте также: Редактор кода linux mint

Unexports all of the shared directories.

The exportfs -ua command suspends NFS file sharing, but keeps all NFS services running. To re-enable NFS sharing, use the exportfs -r command.

Specifies a verbose logging, which displays information about the file systems that are being exported or unexported in greater detail.

For more information, see the exportfs(8) , exports(5) , and showmount(8) manual pages.

Mounting an NFS File System

sudo dnf install nfs-utils

sudo showmount -e host01.mydom.com

Export list for host01.mydom.com /var/folder 192.0.2.102 /usr/local/apps * /var/projects/proj1 192.168.1.0/24 mgmtpc

sudo mount -t nfs -r -o nosuid host01.mydoc.com:/usr/local/apps /apps

host01.mydoc.com:/usr/local/apps /apps nfs ro,nosuid 0 0

For more information, see the mount(8) , nfs(5) , and showmount(8) manual pages.

Источник