RHEL 8にNFS Serverをインストールしてみました。
CentOS 7の記事を参考にしましたがファイルが変わったり、ファイアウォールの設定が分かりにくかったり(^^;
環境
・Red Hat Enterprise Linux release 8.5 (Ootpa)
・Kernel 4.18.0-348.7.1.el8_5.x86_64
・subscription登録済
- nfs serverインストール
- 自動起動の設定
- NFS Server起動
- 共有フォルダ作成
- 共有設定
- 設定ファイルの編集
- NFS Server再起動
- Firewallの許可設定
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@rhel8 ~]# dnf info nfs-utils Name : nfs-utils Epoch : 1 Version : 2.3.3 Release : 46.el8 Architecture : x86_64 Size : 1.5 M Source : nfs-utils-2.3.3-46.el8.src.rpm Repository : @System From repo : rhel-8-for-x86_64-baseos-rpms Summary : NFS utilities and supporting clients and daemons for the kernel NFS server URL : http://linux-nfs.org/ License : MIT and GPLv2 and GPLv2+ and BSD Description : The nfs-utils package provides various utilities for use with NFS : clients and servers. [root@rhel8 ~]# dnf install nfs-utils |
1 2 |
[root@rhel8 ~]# systemctl enable nfs-server Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service -> /usr/lib/systemd/system/nfs-server.service. |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@rhel8 ~]# systemctl start nfs-server [root@rhel8 ~]# systemctl status nfs-server * nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled) Drop-In: /run/systemd/generator/nfs-server.service.d `-order-with-mounts.conf Active: active (exited) since Sun 2021-12-24 15:14:18 +03; 7s ago Process: 5161 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy > Process: 5150 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS) Process: 5148 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Main PID: 5161 (code=exited, status=0/SUCCESS) Dec 24 15:14:18 rhel8.rootlinks.net systemd[1]: Starting NFS server and services... Dec 24 15:14:18 rhel8.rootlinks.net systemd[1]: Started NFS server and services. |
取り合えず誰でも読み書きできる共有フォルダを作成しました。
1 2 3 4 5 6 |
[root@rhel8 ~]# mkdir /share [root@rhel8 ~]# ls -ld /share drwxr-xr-x. 2 root root 6 Dec 26 15:12 /share [root@rhel8 ~]# chmod 777 /share/ [root@rhel8 ~]# ls -ld /share/ drwxrwxrwx. 2 root root 6 Dec 26 15:12 /share/ |
/shareを共有します。
1 2 3 4 5 6 7 8 9 10 |
[root@rhel8 ~]# ls -l /etc/exports -rw-r--r--. 1 root root 0 Sep 10 2018 /etc/exports [root@rhel8 ~]# cat /etc/exports [root@rhel8 ~]# vi /etc/exports [root@rhel8 ~]# cat /etc/exports /share 192.168.1.0/24(rw,no_root_squash) [root@rhel8 ~]# exportfs -v /share 192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash) |
Firewallが有効な場合はnfsの動作ポートを固定(通常は動的)にして、そのポートを許可する必要があります。
How to configure a system as an NFSv3 server which sits behind a firewall with NFS clients outside of the firewall?
https://access.redhat.com/solutions/3258
How can I configure a system as an NFSv4 server which sits behind a firewall with NFS clients outside the firewall?
https://access.redhat.com/solutions/221933
RHEL 8から設定ファイルが/etc/nfs.confに変更になりました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
[root@rhel8 ~]# cat /etc/nfs.conf # # This is a general configuration for the # NFS daemons and tools # [general] # pipefs-directory=/var/lib/nfs/rpc_pipefs # [exportfs] # debug=0 # [gssd] # verbosity=0 # rpc-verbosity=0 # use-memcache=0 # use-machine-creds=1 use-gss-proxy=1 # avoid-dns=1 # limit-to-legacy-enctypes=0 # context-timeout=0 # rpc-timeout=5 # keytab-file=/etc/krb5.keytab # cred-cache-directory= # preferred-realm= # set-home=1 # upcall-timeout=30 # cancel-timed-out-upcalls=0 # [lockd] # port=0 # udp-port=0 # [mountd] # debug=0 # manage-gids=n # descriptors=0 # port=0 # threads=1 # reverse-lookup=n # state-directory-path=/var/lib/nfs # ha-callout= # [nfsdcld] # debug=0 # storagedir=/var/lib/nfs/nfsdcld # [nfsdcltrack] # debug=0 # storagedir=/var/lib/nfs/nfsdcltrack # [nfsd] # debug=0 # threads=8 # host= # port=0 # grace-time=90 # lease-time=90 # tcp=y # vers2=n # vers3=y # vers4=y # vers4.0=y # vers4.1=y # vers4.2=y # rdma=n # rdma-port=20049 # [statd] # debug=0 # port=0 # outgoing-port=0 # name= # state-directory-path=/var/lib/nfs/statd # ha-callout= # no-notify=0 # [sm-notify] # debug=0 # force=0 # retry-time=900 # outgoing-port= # outgoing-addr= # lift-grace=y # [root@rhel8 ~]# grep port /etc/nfs.conf [exportfs] # port=0 # udp-port=0 # port=0 # port=0 # rdma-port=20049 # port=0 # outgoing-port=0 # outgoing-port= [root@rhel8 ~]# vi /etc/idmapd.conf [root@rhel8 ~]# vi /etc/nfs.conf [root@rhel8 ~]# cat /etc/nfs.conf # # This is a general configuration for the # NFS daemons and tools # [general] # pipefs-directory=/var/lib/nfs/rpc_pipefs # [exportfs] # debug=0 # [gssd] # verbosity=0 # rpc-verbosity=0 # use-memcache=0 # use-machine-creds=1 use-gss-proxy=1 # avoid-dns=1 # limit-to-legacy-enctypes=0 # context-timeout=0 # rpc-timeout=5 # keytab-file=/etc/krb5.keytab # cred-cache-directory= # preferred-realm= # set-home=1 # upcall-timeout=30 # cancel-timed-out-upcalls=0 # [lockd] # port=0 # udp-port=0 # [mountd] # debug=0 # manage-gids=n # descriptors=0 # port=0 # threads=1 # reverse-lookup=n # state-directory-path=/var/lib/nfs # ha-callout= # [nfsdcld] # debug=0 # storagedir=/var/lib/nfs/nfsdcld # [nfsdcltrack] # debug=0 # storagedir=/var/lib/nfs/nfsdcltrack # [nfsd] # debug=0 # threads=8 # host= # port=0 # grace-time=90 # lease-time=90 # tcp=y # vers2=n # vers3=y # vers4=y # vers4.0=y # vers4.1=y # vers4.2=y # rdma=n # rdma-port=20049 # [statd] # debug=0 # port=0 # outgoing-port=0 # name= # state-directory-path=/var/lib/nfs/statd # ha-callout= # no-notify=0 # [sm-notify] # debug=0 # force=0 # retry-time=900 # outgoing-port= # outgoing-addr= # lift-grace=y # |
ポートを設定します。現在は下記のポートで動作しています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@rhel8 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 45410 status 100024 1 tcp 57071 status 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100021 1 udp 43077 nlockmgr 100021 3 udp 43077 nlockmgr 100021 4 udp 43077 nlockmgr 100021 1 tcp 41747 nlockmgr 100021 3 tcp 41747 nlockmgr 100021 4 tcp 41747 nlockmgr |
1 2 3 4 5 6 7 8 9 10 11 |
[root@rhel8 ~]# vi /etc/nfs.conf [lockd] port=32803 udp-port=32769 [mountd] port=892 [statd] port=662 |
NFS Serverを再起動して動作ポートを確認します。ここでSELinuxが有効になっていると設定が反映されませんので注意。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@rhel8 ~]# systemctl restart nfs-server [root@rhel8 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 662 status 100024 1 tcp 662 status 100005 1 tcp 892 mountd 100005 2 tcp 892 mountd 100005 3 tcp 892 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@rhel8 ~]# firewall-cmd --permanent --add-service=rpc-bind success [root@rhel8 ~]# firewall-cmd --permanent --add-service=nfs success [root@rhel8 ~]# firewall-cmd --permanent --add-port=892/udp success [root@rhel8 ~]# firewall-cmd --permanent --add-port=892/tcp success [root@rhel8 ~]# firewall-cmd --permanent --add-port=662/udp success [root@rhel8 ~]# firewall-cmd --permanent --add-port=662/tcp success [root@rhel8 ~]# firewall-cmd --permanent --add-port=32803/tcp success [root@rhel8 ~]# firewall-cmd --permanent --add-port=32769/udp success [root@rhel8 ~]# firewall-cmd --reload success [root@rhel8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client nfs rpc-bind ssh ports: 892/udp 892/tcp 662/udp 662/tcp 32803/tcp 32769/udp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
最低限の設定が終わったので次回はUbuntu 20のNFS Clientの設定をしてみます。