Transcript Unix System Admin
Distributed File Systems
• • •
Objectives
–
to understand Unix network file sharing Contents
– – – – – – –
Installing NFS How To Get NFS Started The /etc/exports File Activating Modifications The Exports File NFS And DNS Configuring The NFS Client Other NFS Considerations Practical
–
to share and mount NFS file systems
•
Summary
DFS: An Overview
• •
Unix distributed filesystems are used to
– –
centralise administration of disks provide transparent file sharing across a network Three main systems:
– –
NFS: Network File Systems developed by Sun Microsystems 1984 AFS: Andrew Filesystem developed by Carnegie-Mellon University
•
Unix NFS packages usually include client and server components
– – –
A DFS server shares local files on the network A DFS client mounts shared files locally a Unix system can be a client, server or both depending on which commands are executed
Overview of NFS
• • • •
Developed by Sun Microsystems 1984 Independent of operating system, network, and transport protocols.
•
Now available on many platforms including:
–
Linux, Windows, OS/2, MVS, VMS, AIX, HP UX….
Restrictions of NFS
– – –
stateless open architecture Unix filesystem semantics not guaranteed No access to remote special files (devices, etc.) Restricted locking
–
file locking is implemented through a separate lock daemon
The NFS Protocol Stack
statd lockd biod client NFS MOUNT XDR RPC statd lockd mountd nfsd server
TRANSPORT, NETWORK, LINK & PHYSICAL LAYERS
The NFS Client
• • • •
NFS clients access network shared directories using the mount command NFS mount options:
rw/ro hard bg intr
read-write (default) or read-only retry mount operation until server responds (default) or
soft
try mount once and allow to timeout
retrans
& transmission and timeout parameters for soft mounted operations
timeout
after first mount failure, retry mount in the background allow operations on filesystems to be interrupted with signals Use
/etc/fstab
a02:/tmp
to make NFS mounts permanent
/mnt/nethome nfs soft 0
0
Manually mounting
/tmp
a02: as
/mnt/nethome
on local host from
# #
hostname a01 mount –o rw,soft -t nfs a02:/tmp /mnt/nethome
Exercise - Using mount with NFS
•
What command will mount
/usr/share
local mount point
/usr/share
?
from
mash4077
on the
•
#
How do I check what filesystems are mounted locally?
•
#
Make a static mount in a01 ”/mnt/nethome” of exported ”a02:/tmp” in /etc/fstab:
•
Manually mount exported a02:/usr/share as read only on a01:
#
The NFS Server Solaris type’s
• •
The
share
network command is used to share directories on the
– –
any directory can be exported subdirectories of an exported directory may not be exported unless they are on a different disk
–
parents of an exported directory may not be exported unless they are on a different disk
–
only local filesystems can be exported Share options:
ro/rw rw=
host
[
:
host
]...
ro=
host
:
[
host
]...
root=
host
:
[
host
]...
anon=-1
share readonly or read/write (default) for all clients allow only the named hosts to write, no access to others readonly access to the named hosts, no access to others allow root access from named hostsonly deny access to unknown users
#
share -F nfs -o ro=rosies /home/hawkeye
More on Shared Directories
• • •
Add a line to
/etc/dfs/dfstab
to share a directory permanent
– –
each line in this file is simply the share command required commands in this file are executed by the
nfs
script in
/etc/init.d
Use
unshare
to stop sharing a directory
•
Use
dfshares
–
to look at your shared resources can specify other hosts on command line Use
dfmounts
–
to look at who has mounted your shares can specify other hosts on command line
#
dfshares
RESOURCE SERVER ACCESS TRANSPORT /home/hawkeye mash4077 #
dfmounts
RESOURCE SERVER PATHNAME CLIENTS /home/hawkeye mash4077 /home/hawkeye rosies
Exercise - Sharing Directories
•
Write down the commands to do the following?
#
share /usr/share readonly for all clients
#
share /etc readonly for rosies and tokyo and read/write for seoul
#
list the files containing the permanent shares
# #
two commands showing what your host has shared
#
check who has mounted your shared directories
#
check who has mounted directories on rosies
NFS under BSD systems
• • • •
NFS uses different commands for BSD systems Mount directories using Share directories using
mount exportfs
as for SVR4 Permanently share directories using
/etc/exports
– –
one line per shared directory use
access=
host
instead of
ro=
host
•
Look at network shares using
showmount
# #
cat /etc/exports
/home/hawkeye ro=rosies /etc rw=seoul,access=rosies,tokyo
exportfs -a
#
showmount -e
export list for mash4077: /home/hawkeye rosies /etc seoul,rosies,tokyo
Installing NFS, RedHat Linux
•
Check if NFS is installed with
rpm
#
rpm -qa | grep nfs
redhat-config-nfs-1.1.3-1 nfs-utils-1.0.1-3.9
•
Check if RPC portmap package installed
rpm
#
rpm -qa | grep portmap
portmap-4.0-57
How To Get NFS Started
• •
Activate the 3 nessesary servers for NFS at boot
– NFS server demon – NFS file locking – RPC portmap #
chkconfig --level 35 nfs on
#
chkconfig --level 35 nfslock on
#
chkconfig --level 35 portmap on Start the
–
NFS
With
sysconfig
server
#
service nfs start
•
Check that ther services for NFS is running with
rpcinfo
#
rpcinfo -p localhost program vers proto port 100000 100000 100003 100003 100021 100021 100021 100005 100005 100005 100005 100005 100005 1 2 2 3 3 2 2 2 3 1 3 4 1 tcp udp udp udp udp udp udp udp tcp udp tcp udp tcp 111 111 2049 2049 1024 1024 1024 1042 2342 1042 2342 1042 2342 portmapper portmapper nfs nfs nlockmgr nlockmgr nlockmgr mountd mountd mountd mountd mountd mountd
The /etc/exports File, static shares
•
Sample exports file
# cat
/etc/exports /data/files /home /data/test /data/database *(ro,sync) 192.168.0.0/24(rw,sync) *.my-site.com(rw,sync) 192.168.0.203/32(rw,sync)
•
Some options in exports file
ro read only access sync write when requested wdelay wait for sync hide dont show subdirs that is exported of other export
no_all_squash rw
read and write access remote uid’s & gid’s become equal of client
root_squash
remote root uid become anonymous on the client
no_root_squash
remote root equals to local root user
• •
Squash changes remote identity to selectable local identity RedHat uses another format in /etc/exports than BSD system’s
Activating Modifications The Exports File
•
Re-reading all entries in /etc/exports file
– When no directories have been exported to NFS, then the "
exportfs -a
" command is used:
#
exportfs -a
•
After adding share(s) to /etc/exports file
– When adding a share you can use the "
exportfs -r
" command to export only the new entries:
#
exportfs -r
•
Deleting, Moving Or Modifying A Share
– In this case it is best to temporarily unmount the NFS directories using the "
exportfs -ua
" command followed by the "
exportfs -a
" command.
#
exportfs -ua
#
exportfs -a
•
Termporary export
/usr/src
to host 192.168.0.10
#
exportfs 192.168.0.10/usr/src –o rw
Configuring The NFS Client
•
Ensure Portmap Is Running
– Clients need portmap only to be running #
rpcinfo -p localhost
•
If not, start portmap
# /etc/init.d/portmap start
•
Temporary mount nfs shares on client
#
mkdir /mnt/nethome
#
mount –t nfs 192.168.0.10:/home /mnt/nethome
•
umount temporaty mounted nfs shares on client
#
umount /mnt/nethome
•
Show exported shares on server
# show
mount --exports 192.168.0.10
Mount ”nfs-shares” at boot in client
•
Make entries in /etc/fstab
#/etc/fstab #Directory MountPoint Type 192.168.0.10:/data/files /mnt/nfs nfs
•
Some
/etc/fstab
mount options
Options soft auto mount this when mount –a is used defaults (rw suid dev exec auto nouser async)
user
allow regular users to mount/umount
sync soft
use syncron I/O most safe skip mount if server not responding
hard
try until server responds
retry
=minutes
bg
/
fg
retry mounting in background or foreground
Dump 0 FSCK
0
•
Mount all unmounted
– If you made changes on live system in fstab, you can mount all unmounted filesystem with: mount –a
NFS security
• •
NFS is inherently insecure
– –
NFS can be run in encrypted mode which encrypts data over the network AFS more appropriate for security conscious sites User IDs must be co-ordinated across all platforms
– –
UIDs and not user names are used to control file access mismatched user id's cause access and security problems
•
Fortunately root access is denied by default
–
over NFS root is mapped to user
nobody # # #
mount | grep "/share"
mail:/share on /share
id
uid=555(hawkeye) gid=501(hawkeye)
touch /tmp/hawkeye
#
ssh mail ls -l /tmp/hawkeye
-rwxr-xr-x 2 soonlee sonlee 0 Jan 11 11:21 /share/hawkeye
NFS Hanging
•
Run NFS on a reliable network
•
Avoid having NFS servers that NFS mount each other's filesystems or directories
•
Always use the sync option whenever possible
•
Mission critical computers shouldn't rely on an NFS server to operate
•
Dont have NFS shares in search path
NFS Hanging continued
•
File Locking
– Known issues exist, test your applications carefullý
•
Nesting Exports
– NFS doesn't allow you to export directories that are subdirectories of directories that have already been exported unless they are on different partitions.
•
Limiting "root" Access
– no_root_squash
•
Restricting Access to the NFS server
– You can add user named "nfsuser" on the NFS client to let this user squash access for all other users on that client
Other DFS Systems
•
RFS: Remote File Sharing
– – – –
developed by AT&T to address problems with NFS stateful system supporting Unix filesystem semantics uses same SVR4 commands as NFS, just use
rfs
as file type standard in SVR4 but not found in many other systems
•
AFS: Andrew Filesystem
– – – – – – –
developed as a research project at Carnegie-Mellon University now distributed by a third party (Transarc Corporation) available for most Unix platforms and PCs running DOS, OS/2, Windows uses its own set of commands remote systems access through a common interface (the
/afs
directory) supports local data caching and enhanced security using Kerberos fast gaining popularity in the Unix community
Summary
• • • •
Unix supports file sharing across a network NFS is the most popular system and allows Unix to share files with other O/S
• •
Servers share directories across the network using the
share
command Permanent shared drives can be configured into
/etc/fstab
Clients use
mount
to access shared drives Use
mount
and
exportfs
files/catalogs to look at distributed