Nfs (Français)
From ArchWiki
i18n |
---|
English |
Français |
Italiano |
Русский |
Česky |
简体中文 |
Contents |
Objectif
L'objectif de cet article est de mettre en place un serveur nfs pour partager des fichiers à travers un réseau.
Paquets requis
Les paquets requis à la fois pour le serveur et le client sont minimes.
Vous aurez seulement besoin d'installer:
- core/rpcbind (ou core/portmap qui a été remplacé)
- core/nfs-utils
Comme les paquets se trouvent dans le dépôt [core], ils seront inclus par défaut dans les nouvelles installations d'Arch.
Configurer le serveur
Vous pouvez maintenant modifier votre configuration et démarrer les démons. Vous devez être root pour exécuter les commandes suivantes.
Fichiers
/etc/exports
Ce fichier (/etc/exports) définit les différents partages sur le serveur NFS, et leurs droits d'accès.
Quelques exemples:
/files *(ro,sync) ; Accès en lecture seul pour tout le monde /files 192.168.0.100(rw,sync) ; Accès en lecture-écriture pour le client dont l'ip est 192.168.0.100 /files 192.168.1.1/24(rw,sync) ; Accès en lecture-écriture pour tout les clients du réseau 192.168.1.0
Si vous effectuez des changement dans le fichier /etc/exports après le démarrage du démon, vous pouvez les faire prendre en compte par la commande suivante:
exportfs -r
Si vous décidez de rendre votre partage NFS public et accéssible en écriture, vous pouvez utiliser l'option all_squash en combinaison avec les options anonuid et anongid. For example, to set the privileges for the user nobody in the group nobody, you can do the following: Par exemple, pour définir les privilèges pour l'utilisateur nobody du groupe nobody, vous pouvez effectuer les opérations suivantes:
; Read-write access to a client on 192.168.0.100, with rw access for the user 99 with gid 99 /files 192.168.0.100(rw,sync,all_squash,anonuid=99,anongid=99))
Cela signifie aussi que si vous voulez un accès en écriture à ce répertoire, l'utilisateur nobody.nobody doit être le propriétaire du répertoire partagé:
chown -R nobody.nobody /files
Full details on the exports file are provided by the exports man page.
/etc/conf.d/nfs-common.conf
Edit this file to pass appropriate run-time options to nfsd, mountd, statd, and sm-notify. The default Arch NFS init scripts require the --no-notify option for statd, as follows:
STATD_OPTS="--no-notify"
Others may be left at the provided defaults, or changed according to your requirements. Please refer to the relevant man pages for full details.
/etc/hosts.allow
To allow network access to the nfs server you should edit /etc/hosts.allow.
The following example opens these services to anyone:
nfsd: ALL rpcbind: ALL mountd:ALL
This is a very insecure way of allowing host access. To get better control over who is allowed to access the daemons hosts.deny should be everyone, and hosts.allow should specifically allow certain people. In this example, 192.168.0.101 should be the IP address of the person(s) allowed to access it. The numbers after the '/' is not a netmask!
nfsd: 192.168.0.101/255.255.255.255 rpcbind: 192.168.0.101/255.255.255.255 mountd: 192.168.0.101/255.255.255.255
This examples enables access for anyone on that network
nfsd: 192.168.0.0/255.255.255.0 rpcbind: 192.168.0.0/255.255.255.0 mountd: 192.168.0.0/255.255.255.0
For finer control, read the hosts_access(5) man page.
Daemons
You can now start the server with the following commands:
/etc/rc.d/rpcbind start (or: /etc/rc.d/portmap start) /etc/rc.d/nfs-common start (or: /etc/rc.d/nfslock start) /etc/rc.d/nfs-server start (or: /etc/rc.d/nfsd start)
Please note that they must be started in that order.
To start the server at boot time, add these daemons to the DAEMONS array in /etc/rc.conf.
Setting up the client
Files
/etc/conf.d/nfs
Edit this file to pass appropriate run-time options to statd - the remaining options are for server use only. Do NOT use the --no-notify option on the client side, unless you are fully aware of the consequences of doing so.
Please refer to the statd man page for full details.
/etc/hosts.allow
You'll need to allow rpcbind for the server's ip
rpcbind: 192.168.0.100/255.255.255.255
Daemons
Start the portmap and nfslock daemons:
/etc/rc.d/rpcbind start (or: /etc/rc.d/portmap start) /etc/rc.d/nfs-common start (or: /etc/rc.d/nfslock start)
Please note that they must be started in that order OR start only nfs-common, as rpcbind will be started as a dependency.
To start the daemons at boot time, add them to the DAEMONS array in /etc/rc.conf.
Then just mount as normal:
mount server:/files /files
NOTE: Unlike CIFS shares or rsync, NFS exports must be called by the full path on the server. Example: if /home/fred/music is defined in /etc/exports on server ELROND, you must call
mount ELROND:/home/fred/music /mnt/point
instead of just using
mount ELROND:music /mnt/point
or you will get mount.nfs: access denied by server while mounting
Auto-mount on boot
If you want to mount on boot, make sure network, rpcbind (portmap), nfs-common (nfslock) and netfs are in the DAEMONS array in /etc/rc.conf. Make sure the order is this one. It's better not to put any '@' in front of them (although you could safely use @netfs). For instance :
DAEMONS=(... network rpcbind nfs-common @netfs ...)
or
DAEMONS=(... network portmap nfslock @netfs ...)
Add an appropriate line in /etc/fstab, for example:
server:/files /files nfs defaults 0 0
If you wish to specify a packet size for read and write packets, specify them in your fstab entry. The values listed below are the defaults if none are specified:
server:/files /files nfs rsize=32768,wsize=32768 0 0
Read the nfs man page for further information, including all available mount options.
Troubleshooting
Unreliable performance, slow data transfer, and/or high load when using NFS and gigabit
This is a result of the default packetsize used by NFS, which causes significant fragmentation on gigabit networks. You can modify this behavior by the rsize and wsize mount parameters. Using rsize=32768,wsize=32768 should suffice. Please note that this problem does not occur on 100Mb networks, due to the lower packet transfer speed.
Note: Default value for NFS4 is 32768. Maximum is 65536. Increase from default in increments of 1024 until maximum transfer rate is achieved.
Portmap daemon fails to start at boot
Make sure you place portmap BEFORE netfs in the daemons array in /etc/rc.conf .
Nfsd fails to start with "nfssvc: No such device"
Make sure the nfs and nfsd modules are loaded in the kernel.
Nfsd seems to work, but I can't connect from MacOS X clients
When trying to connect from a MacOS X client, you'll see that everything is ok at logs, but MacOS X refuses to mount your NFS share. You have to add insecure option to your share and re-run exportfs -r.
Links & References
- See also Avahi, a Zeroconf implementation which allows automatic discovery of NFS shares.
- HOWTO: Diskless network boot NFS root
- Very helpful
- If you are setting up the Archlinux NFS server for use by Windows clients through Microsoft's SFU, you will save a lot of time and hair-scratching by looking at this forum post first !
- Microsoft Services for Unix NFS Client info
- Unix interoperability and Windows Vista Prerequisites to connect to NFS with Vista