Distributed File Systems: - Objectives - Contents
Distributed File Systems: - Objectives - Contents
Objectives
to understand Unix network file sharing
Contents
Installing NFS
How To Get NFS Started
The /etc/exports File
Activating Modifications The Exports File
NFS And DNS
Configuring The NFS Client
Other NFS Considerations
Practical
to share and mount NFS file systems
Summary
NFS/DFS: An Overview
Unix distributed filesystems are used to
centralise administration of disks
provide transparent file sharing across a network
Restrictions of NFS
stateless open architecture
Unix filesystem semantics not guaranteed
No access to remote special files (devices, etc.)
Restricted locking
file locking is implemented through a separate lock daemon
Version 4 is coming:
File locking and mounting are integrated in the NFS daemon and operate
on a single, well known TCP port, making network security easier
Support for the bundling of requests from each client provides more
efficient processing by the NFS server.
File locking is mandatory, whereas before it was optional
Nfs (rpc.nfsd)
Starts the RPC processes needed to serve shared NFS file systems
Listens to TCP or UDP port 2049 (port can vary)
The nfs daemon needs to be run on the NFS server only.
Nfslock (rpc.mountd)
Used to allow NFS clients to lock files on the server via RPC processes.
Neogated port UDP/TCP port
The nfslock daemon needs to be run on both the NFS server and client
netfs
Allows RPC processes run on NFS clients to mount NFS filesystems on the
server.
The nfslock daemon needs to be run on the NFS client only.
nfsd
MOUNT
statd
lockd
NFS
client
XDR
server
RPC
RPC
RPC depend
depend on
on PORTMAP
PORTMAP which
which is
is on
on both
both client
client and
and
server
server
## rpm
rpm ivh
ivh
http://ftp.sunet.se/pub/os/Linux/distributions/suse/suse/i386/9.3/suse/i586/portm
http://ftp.sunet.se/pub/os/Linux/distributions/suse/suse/i386/9.3/suse/i586/portm
ap-5beta-733.i586.rpm
ap-5beta-733.i586.rpm
## rpm
rpm ivh
ivh
http://ftp.sunet.se/pub/os/Linux/distributions/suse/suse/i386/9.3/suse/i586/nfs-u
http://ftp.sunet.se/pub/os/Linux/distributions/suse/suse/i386/9.3/suse/i586/nfs-u
tils-1.0.7-3.i586.rpm
tils-1.0.7-3.i586.rpm
## insserv
insserv portmap
portmap
## insserv
insserv nfsserver
nfsserver
## rcportmap
rcportmap start
start
## rcnfsserver
rcnfsserver start
start
## rpcinfo
localhost
rpcinfo -p
-pport
localhost
program vers proto
program vers proto
port
100000
2
tcp
111
100000
2
tcp
111
100000
2
udp
111
100000
2
udp
111
100003
2
udp
2049
100003
2
udp
2049
100003
3
udp
2049
100003
3
udp
2049
100227
3
udp
2049
100227
3
udp
2049
100003
2
tcp
2049
100003
2
tcp
2049
100003
3
tcp
2049
100003
3
tcp
2049
100227
3
tcp
2049
100227
3
tcp
2049
100024
1
udp
1034
100024
1
udp
1034
100021
1
udp
1034
100021
1
udp
1034
vers proto
port
portmapper program
vers proto
port
portmapper program
100021
4
udp
1034
portmapper
100021
4
udp
1034
portmapper
100024
1
tcp
1029
nfs
100024
1
tcp
1029
nfs
100021
1
tcp
1029
nfs
100021
1
tcp
1029
nfs
100021
3
tcp
1029
nfs_acl
100021
3
tcp
1029
nfs_acl
100021
4
tcp
1029
nfs
100021
4
tcp
1029
nfs
100005
1
udp
835
nfs
100005
1
udp
835
nfs
100005
1
tcp
838
nfs_acl
100005
1
tcp
838
nfs_acl
100005
2
udp
835
status
100005
2
udp
835
status
100005
2
tcp
838
nlockmgr
100005
2
tcp
838
nlockmgr
100005
3
udp
835
100005
3
udp
835
100005
3
tcp
838
100005
3
tcp
838
nlockmgr
nlockmgr
status
status
nlockmgr
nlockmgr
nlockmgr
nlockmgr
nlockmgr
nlockmgr
mountd
mountd
mountd
mountd
mountd
mountd
mountd
mountd
mountd
mountd
mountd
mountd
## insserv
insserv portmap
portmap
## rcportmap
rcportmap start
start
port
port
111 portmapper
111 portmapper
111 portmapper
111 portmapper
Note! There can be more services running dependent on your system setup
or shortly netfs(d)
or shortly nfslock(d)
failed:
failed:server
serverisis
down.
down.
ro
rw
ro read
read only
only access
access
rw read
read and
and write
write access
access
sync
write
when
requested
wdelay
wait
for
sync
sync
write when requested wdelay wait for sync
hide
dont
hide dont show
show subdirs
subdirs that
that is
is exported
exported of
of other
other export
export
no_all_squash
remote
uids
&
gids
become
equal
of
no_all_squash remote uids & gids become equal of client
client
root_squash
remote
root
uid
become
anonymous
on
the
root_squash remote root uid become anonymous on the client
client
no_root_squash
remote
root
equals
to
local
root
user
no_root_squash
remote
root in
equals
to local
root user
Wesquash_uids
share the home
directory
v verbose
mode
remote
uids
&
gids
are
threated
squash_uids remote uids & gids are threated as
as identity
identity nobody
nobody
## exportfs
exportfs v
v -o
-o rw,squash_uids=0-499,squash_gids=0-499
rw,squash_uids=0-499,squash_gids=0-499 rosies:/home
rosies:/home
exporting
rosies:/home
rw
=
Read
Write
(default)
exporting rosies:/home
squash_uids, squash_gids = make user and group ids specified
to be squashed to user with identity nobody
directory is shared to host rosies only
## showmount
showmount a
a localhost
localhost
All
mount
points
All mount points on
on server:
server:
*,192.168.1.0/24:/home
*,192.168.1.0/24:/home
*:/home
*:/home
*:/install/suse9.3
*:/install/suse9.3
rosies:*
rosies:*
rosies:*,192.168.1.0/24
rosies:*,192.168.1.0/24
/home
192.168.1.0/24(rw,wdelay,root_squash)
/exports/network-install/SuSE/9.3
/exports/network-install/SuSE/9.3
<world>(ro,wdelay,root_squash)
<world>(ro,wdelay,root_squash)
/install/suse9.3
/install/suse9.3
<world>(ro,wdelay,root_squash)
<world>(ro,wdelay,root_squash)
*(ro,sync)
*(ro,sync)
192.168.0.0/24(rw,sync)
192.168.0.0/24(rw,sync)
*.my-site.com(rw,sync)
*.my-site.com(rw,sync)
192.168.0.203/32(rw,sync)
192.168.0.203/32(rw,sync)
*(ro,sync)
*(ro,sync)
192.168.0.0/24(map_static=/etc/squash.map,rw,sync)
192.168.0.0/24(map_static=/etc/squash.map,rw,sync)
*.my-site.com(rw,sync)
*.my-site.com(rw,sync)
192.168.0.203/32(rw,sync)
192.168.0.203/32(rw,sync)
## nfsstat
nfsstat -s
-s
Client statistics
Server
Server nfs
nfs v3:
v3:
null
getattr
setattr
lookup
null
getattr
setattr
lookup
00
0%
15
31%
0
0%
0
0% 15
31% 0
0% 0
read
write
create
mkdir
read
write
create
mkdir
00
0%
0
0%
0
0%
0
0% 0
0% 0
0% 0
remove
rmdir
rename
link
remove
rmdir
rename
link
00
0%
0%
0%
0% 00
0% 00
0% 00
fsstat
fsinfo
pathconf
fsstat
fsinfo
pathconf commit
commit
17
35%
33%
0%
17
35% 16
16
33% 00
0% 00
access
readlink
access
readlink
0%
0
0%
0
0%
0% 0
0% 0
0%
symlink
mknod
symlink
mknod
0%
0%
0%
0% 00
0% 00
0%
readdir
readdirplus
readdir
readdirplus
0%
0%
0%
0% 00
0% 00
0%
0%
0%
1k-blocks
1k-blocks
192.168.0.10:/install/suse9.3
192.168.0.10:/install/suse9.3
Used
UsedAvailable
AvailableUse%
Use%Mounted
Mountedon
on
79366688
79366688 58235488
58235488 21131200
21131200 74%
74%/mnt/a
/mnt/a
retrans
retrans authrefrsh
authrefrsh
00
00
All
Allmount
mountpoints
pointson
on192.168.1.60:
192.168.1.60:
*,192.168.1.0/24:/home
*,192.168.1.0/24:/home
*:/home
*:/home
*:/install/suse9.3
*:/install/suse9.3
192.168.0.2:*
192.168.0.2:*
/mnt/nethome
nfs
soft,intr,nfsvers=3
Options
Options
soft,nfsvers=3
soft,nfsvers=3
Dump
Dump
00
FSCK
FSCK
00
mount a
NFS security
NFS is inherently insecure
NFS can be run in encrypted mode which encrypts data over the network
AFS more appropriate for security conscious sites
NFS Hanging
Run NFS on a reliable network
Avoid having NFS servers that NFS mount each other's
filesystems or directories
Always use the sync option whenever possible
Mission critical computers shouldn't rely on an NFS server
to operate
Dont have NFS shares in search path
Nesting Exports
NFS doesn't allow you to export directories that are subdirectories of directories
that have already been exported unless they are on different partitions.
NFSSHELL
This is a hacker tool, it can hack some NFS
Invented by Leendert van Doom
## insserv
insserv autofs
autofs
MOUNT-OPTIONS
-ro
-ro
LOCATION
server:/usr/doc
server:/usr/doc
/etc/auto.direct
/etc/auto.direct
/etc/auto.home
/etc/auto.home
-ro,soft
-ro,soft
Direct Maps are used to define NFS filesystems that are mounted on different
servers or that all don't start with the same prefix.
server:/home/peter
server:/home/peter
akvarius:/home/bob
akvarius:/home/bob
iss:/home/bunny
iss:/home/bunny
Indirect Maps define directories that can be mounted under the same mount
point. Like users home directories.
bigboy:/home/&
bigboy:/home/&
In the example below, the key is *, meaning that automounter will attempt to
mount any attempt to enter the /home directory. But what's the value of the
ampersand? It is actually assigned the value of the key that triggered the access
to the /etc/auto.home file. If the access was for /home/peter, then the ampersand
is interpreted to mean peter, and server:/home/peter is mounted. If access was
for /home/kalle, then akvarius:/home/kalle would be mounted.
Summary
Unix supports file sharing across a network
NFS is the most popular system and allows
Unix to share files with other O/S
Servers share directories across the network
using the share command
Permanent shared drives can be configured
into /etc/fstab
Clients use mount to access shared drives
Use mount and exportfs to look at distributed
files/catalogs