good way to share disk space and centralize /home directory on a dedicated server. Other popular use of NFS are mail storage and netboot from diskless workstations.
NFS briefing Share /home directory Mount /home directory Secure NFS Tuning NFS Notes References NFS briefingOn any platforms, in order to setup a NFS server, the following daemons must be start along with the export/share file: Requirement for NFS server:
[ Descriptions below are from the FreeBSD man page ]
portmap/rpcbind:
Portmap/rpcbind is a server that converts RPC program numbers into DARPA protocol port numbers. It must be running in order to make RPC calls.
mountd:
Mountd is the server for NFS mount requests from other client machines. It listens for service requests at the port indicated in the NFS server specification.
nfsd:
Nfsd runs on a server machine to service NFS requests from client machines. At least one nfsd must be running for a machine to operate as a server.
Optional for file locking (lockd+statd):
lockd:
Rpc.lockd is a daemon which provides file and record-locking services in an NFS environment.
FreeBSD, NetBSD and OpenBSD file locking is only supported on server side.
- statd:
Rpc.statd is a daemon which co-operates with rpc.statd daemons on other hosts to provide a status monitoring service. The daemon accepts requests from programs running on the local host (typically, rpc.lockd(8), the NFS file locking daemon) to monitor the status of spec- ified hosts. If a monitored host crashes and restarts, the remote daemon will notify the local daemon, which in turn will notify the local program(s) which requested the monitoring service. Conversely, if this host crashes and re-starts, when the rpc.statd re-starts, it will notify all of the hosts which were being monitored at the time of the crash.
Share /home directoryA. Lets export /home directory from NFS server ``nfsserver'' to NFS client ``nfsclient'' as read/write. This will restrict /home directory to nfsclient host only. The following data is assumed:
Partition: /homeNFS server hostname: nfsservernfsserver IP: 192.168.1.1NFS client hostname: nfsclientnfsclient IP: 192.168.1.2
FreeBSD1. Edit the export file /etc/exports and share /home to NFS client: /usr/home 192.168.1.2
Start portmap, mountd and nfsd:
# /usr/sbin/portmap# /sbin/mountd# /sbin/nfsd -tun 4
Start file locking: # /usr/sbin/rpc.lockd# /usr/sbin/rpc.statd
To enable NFS server after reboot, edit /etc/rc.conf and add: portmap_enable="YES"nfs_server_enable="YES"rpc_lockd_enable="YES"nfs_reserved_port_only="YES" # Provide NFS only on secure port
There's no line for statd because statd will be started automatically when nfs_server_enable="YES" NetBSD1. Edit the export file /etc/exports and share /home to NFS client: /home 192.168.1.2
Edit /etc/rc.conf to enable rpcbind, nfsd, lockd and statd. This will also enable NFS server after reboot:
rpcbind=YESnfs_server=YESlockd=YESstatd=YES
Start rpcbind, mountd and nfsd: # /etc/rc.d/rpcbind start# /etc/rc.d/mountd start# /etc/rc.d/nfsd start
Start file locking: # /etc/rc.d/nfslocking start
rpcbind is start with -l which will turn on libwrap. Therefore, edit /etc/hosts.allow and permit 192.168.1.2. rpcbind: 192.168.1.2
OpenBSD1. Edit the export file /etc/exports and share /home to NFS client: /home 192.168.1.2
OpenBSD mountd requires /var/db/mountdtab to pre-existed. This file will keep track of filesystems that are remotely mounted by NFS clients.
# :> /var/db/mountdtab
Start portmap, mountd and nfsd: # /usr/sbin/portmap# /sbin/mountd# /sbin/nfsd -tun 4
Start file locking: # /usr/sbin/rpc.lockd
OpenBSD doesn't have rpc.statd. To enable NFS server after reboot, edit /etc/rc.conf and change ``NO'' to ``YES'' for nfs_server and lockd:
nfs_server=YESlockd=YES
Linux1. Edit the export file /etc/exports and share /home to NFS client: /home 192.168.1.2(rw)
Start portmap, mountd, nfsd and quotad:
# /etc/init.d/portmap start# /etc/init.d/nfs start
Start file locking: # /etc/init.d/nfslock start
To enable NFS server after reboot, make sure S60nfs and S14nfslock scripts are available in their own directory: # /etc/rc3.d/S14nfslock# /etc/rc3.d/S60nfs
Solaris1. Edit the export file /etc/dfs/dfstab and share /home to NFS client. On Solaris, the home directory is /export/home. share -F nfs -o rw=nfsclient -d "/home" /export/home
Start rpcbind: # /etc/init.d/rpc start
Start mountd and nfsd: # /etc/init.d/nfs.server start
To enable NFS after reboot, make sure /etc/rc2.d/S71rpc and /etc/rc3.d/S15nfs.server scripts are available in their own directory. Mount /home directoryLets mount /home directory on NFS client ``nfsclient'' on startup: Note: If you're unable to mount with:
mount_nfs: rpcbind on server: RPC: Unable to send
It means the NFS server hostname is not in /etc/hosts. AIXEdit /etc/filesystems and add: /home: dev = "/home" vfs = nfs nodename = nfsserver mount = true options = rw account = false
HP-UX, FreeBSD, NetBSD, OpenBSD and LinuxEdit /etc/fstab and add: nfsserver:/home /home nfs rw 0 0
SolarisEdit /etc/vfstab and add: nfsserver:/home - /export/home nfs - yes -
Also, make sure script /etc/rc2.d/S73nfs.client is available to do proper client nfs mounting. Secure NFSPortmap/rcpbind need to run with libwrap or some sort to restrict RPC requests from trusted clients only. FreeBSDEdit /etc/hosts.allow and permit 192.168.1.2 and deny all other hosts. # Portmapper is used for all RPC services; protect your NFS!# (IP addresses rather than hostnames *MUST* be used here)portmap : 192.168.1.2/255.255.255.0 : allowportmap : ALL : deny
NetBSDEdit /etc/hosts.allow and permit 192.168.1.2. rpcbind: 192.168.1.2
and edit /etc/hosts.deny to deny all other hosts. ALL: ALL
OpenBSDOpenBSD does not have libwrap with portmap. LinuxEdit /etc/hosts.allow and permit 192.168.1.2 and deny all other hosts. portmap : 192.168.1.2
and edit /etc/hosts.deny to deny all other hosts. ALL: ALL
SolarisSolaris does not have libwrap and therefore, tcp_wrappers need to download and compile. Tuning NFSSome suggestions to tune client and server for performance: 1. If clients and servers are not on the same LAN or the network is overloaded, use TCP if possible.2. Increase read/write packet data size. Need to increase read/write value if experienced some error messages such as ``fragments dropped due to timeout'' while still mounting.3. Augment the number of NFS server daemons on a busy server.4. Bump up the number of kernel threads to serve asynchronous NFS I/O requests on the NFS client.
FreeBSD1. Use UDP. Only switch to TCP if client/server not on the same LAN or packets dropped.2. Edit /etc/fstab and on the 4th field which is the filesystem mount option, add -r=32768,-w=32768 after rw.3. The default NFS daemon is 4. Crank up to a high number by editting /etc/rc.conf and add: nfs_server_enable="YES"nfs_server_flags="-u -t -n 4"
Change 4 to a suitable number. 4. The default kernel threads to use for NFS client is 4. Increase to higher number by editing /etc/rc.conf and add:
nfs_client_enable="YES"nfs_client_flags="-n 4"
Change 4 to a suitable number. NetBSD1. Use UDP. Only switch to TCP if client/server is not on the same LAN or packets get dropped often.2. NetBSD/i386 read and write data size for packets default to 32k3. The default NFS daemon is 4. Crank up to a high number by editting /etc/rc.conf and add nfsd_flags="-6tun 4". Change 4 to a suitable number4. The default kernel threads to use for NFS client is 4. Increase to higher number by editing /etc/sysctl.conf and change the vfs.nfs.iothreads to a suitable number.
OpenBSD1. Use UDP. Only switch to TCP if client/server is not on the same LAN or packets get dropped often.2. Edit /etc/fstab and on the 4th field which is the filesystem mount options, add -r=32768,-w=32768 after rw. On OpenBSD 2.9/sparc, the max read/write size is 16k.3. The default NFS daemon is 4. Crank up to a high number by editting /etc/rc.conf and change 4 in nfsd_flags="-tun 4" to a suitable number.4. The default kernel threads to use for NFS client is 4. Increase to higher number by editing /etc/sysctl.conf and change the vfs.nfs.iothreads to a suitable number.
Linux1. Use UDP. Only switch to TCP if client/server is not on the same LAN or packets get dropped often.2. Edit /etc/fstab and on the 4th field which is the filesystem mount options, add rsize=32768,wsize=32768 after rw.3. The default NFS daemon is 8. Crank up to a high number by editting /etc/init.d/nfs and change 8:
# Number of servers to be started by defaultRPCNFSDCOUNT=8
to a suitable number. 4. Not sure if Linux has this feature to tune.
Solaris1. It depends on individual scenario2. Edit /etc/vfstab and on the last field which is the filesystem mount options, add rsize=32768,wsize=32768.3. The default NFS daemon is 16. Crank up to a high number by editting /etc/init.d/nfs.server and change the line /usr/lib/nfs/nfsd -a 16 to a suitable number.4. Not sure if Solaris has this feature to tune.
Notes1. Every time /etc/exports (*BSD) or /etc/dfs/dfstab is changed, mountd must be restarted to pick up new change(s) Restart mountd
FreeBSD, OpenBSD: # kill -1 `cat /var/run/mountd.pid`NetBSD: # /etc/rc.d/mountd restartSolaris: # unshareall; shareall
2. Display filesystems that are remotely mounted by NFS clients
Linux
$ cat /proc/fs/nfs/exports# Version 1.0# Path Client(Flags) # IPs/home 192.168.1.2(rw,root_squash,async,wdelay) # 192.168.1.2
OpenBSD
$ cat /var/db/mountdtabnfsclient.muine.org /home
Solaris $ cat /etc/rmtabnfsclient.muine.org:/export/home
or showmount -a
3. Some worthwhile miscellaneous mount options - Consider mouting with ``background'' with (-b for *BSD, bg for Linux and Solaris) instead of default foreground option in /etc/fstab. If there is a problem mounting to the server upon startup, this option will permit going to multiuser NFS and mounting will continue to mount in the background.
- Do not attempt to change mount option from default ``hard'' to ``soft'' as this can lead to file corruption and unexpected I/O errors. Using ``hard'' mount can lead to hung process if there is no response from the NFS server. Linux and Solaris have a mount option ``intr'' which will permit killing the hung process with keyboard interrupts.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment