Simplest Enterprise Continuous Integration Solutions

Saturday, February 5, 2011

Enterprise Linux - NFS Configuration

Export the file system (i.e. /home) from the linux64-server (IP address 10.3.20.100) host and mount it on linux64-client1 (IP address 10.3.20.201) and linux64-client2 (IP address 10.3.20.202)
  • NFS Server
Make sure nfslock, nfs, portmap are installed and daemons are running.
Verify filesystems
[root@linux64-server ~]# cat /proc/filesystems
nodev   sysfs
nodev   rootfs
nodev   bdev
nodev   proc
nodev   cgroup
nodev   cpuset
nodev   tmpfs
nodev   binfmt_misc
nodev   debugfs
nodev   securityfs
nodev   sockfs
nodev   usbfs
nodev   pipefs
nodev   anon_inodefs
nodev   inotifyfs
nodev   devpts
        ext3
        ext4
nodev   ramfs
nodev   hugetlbfs
        iso9660
nodev   mqueue
nodev   rpc_pipefs
nodev   autofs
nodev   nfsd
Verify portmap tcp/udp port
[root@linux64-server ~]# cat /etc/services | grep 111
sunrpc          111/tcp         portmapper      # RPC 4.0 portmapper TCP
sunrpc          111/udp         portmapper      # RPC 4.0 portmapper UDP
nfsd-status     1110/tcp                        # Cluster status info
Verify nfsd tcp/udp port
[root@linux64-server ~]# cat /etc/services | grep 2049
nfs             2049/tcp        nfsd
nfs             2049/udp        nfsd
Verify nfs functioning
[root@linux64-server ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    649  status
    100024    1   tcp    652  status
    100011    1   udp    980  rquotad
    100011    2   udp    980  rquotad
    100011    1   tcp    983  rquotad
    100011    2   tcp    983  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  52604  nlockmgr
    100021    3   udp  52604  nlockmgr
    100021    4   udp  52604  nlockmgr
    100021    1   tcp  34614  nlockmgr
    100021    3   tcp  34614  nlockmgr
    100021    4   tcp  34614  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp   1003  mountd
    100005    1   tcp   1006  mountd
    100005    2   udp   1003  mountd
    100005    2   tcp   1006  mountd
    100005    3   udp   1003  mountd
    100005    3   tcp   1006  mountd
Server exports file

By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.
If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.
[root@linux64-server ~]# cat /etc/exports

/home 10.3.20.201(rw,sync) 10.3.23.202(rw,sync)

[root@linux64-server ~]# exportfs -a

Start daemons

[root@linux64-server ~]# chkconfig nfslock on
[root@linux64-server ~]# service nfslock start
Starting NFS statd:                                        [  OK  ]
[root@linux64-server ~]# chkconfig portmap on
[root@linux64-server ~]# service portmap start
Starting portmapper:                                       [  OK  ]
[root@linux64-server ~]# chkconfig nfs on [root@linux64-server ~]# service nfs restart
Shutting down NFS mountd:                                  [  OK  ]
Shutting down NFS daemon:                                  [  OK  ]
Shutting down NFS quotas:                                  [  OK  ]
Shutting down NFS services:                                [  OK  ]
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
  • NFS Client
Make sure netfs, nfslock, portmap are installed and daemons are running.

[root@linux64-client1 ~]# chkconfig nfslock on
[root@linux64-client1 ~]# service nfslock start 
Starting NFS statd:                                        [  OK  ]
[root@linux64-client1 ~]# chkconfig portmap on
[root@linux64-client1 ~]# service portmap start
Starting portmapper:                                       [  OK  ]
[root@linux64-client1 ~]# chkconfig netfs on
[root@linux64-client1 ~]# service netfs start
Mounting other filesystems:                                [  OK  ]
[root@linux64-client1 ~]# mv /home /home.save
[root@linux64-client1 ~]mkdir /home
Manual mount
[root@linux64-client1 ~]# mount 10.3.20.100:/home /home
[root@linux64-client1 ~]# umount /home
Configure /etc/fstab automount
[root@linux64-client1 ~]# echo "10.3.20.100:/home /home nfs defaults 0 0" >> /etc/fstab
[root@linux64-client1 ~]# mount -a
[root@linux64-client1 ~]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
10.3.20.100:/home on /home type nfs (rw,addr=10.3.20.100)

No comments:

Post a Comment