25_Linux Basics - NFS Service

Log Rotation:

1. Introduction to NFS#

NFS (Network File System) allows different machines and operating systems to share files over a network. NFS can mount remote computer disks locally, allowing file read and write operations as if accessing local disks.

Prerequisites: Disable selinux
Disable iptables

1. Install
[root@cPen_A lianxi]# yum install nfs-utils
--------------------------------------------------------------------------------------------
2. Modify the configuration file /etc/exports
[root@cPen_A lianxi]# vim /etc/exports        # Note: Configuration file
/opt/www 192.168.255.0/24(rw,no_root_squash)                
# Note: 192.168.255.0/24 shared, rw permission read and write, no_root_squash treats remote root users as local root users, i.e., does not restrict root.
First, create the /opt/www directory and create an index.html file under it with the content "this is test nfs".
Then add the exports configuration, NFS configuration: vim /etc/exports
Add the following line:
 /opt/www 192.168.255.0/24(rw)
Indicates sharing the /opt/www directory, allowing hosts in the 192.168.255.0/24 subnet to access my local /opt/www directory via NFS.
The options in parentheses () indicate options, rw means read and write.

Activate configuration:
exportfs -a or restart the service

[root@cPen_A opt]# cd /opt
[root@cPen_A opt]# mkdir www
[root@cPen_A opt]# cd www
[root@cPen_A www]# vim index.html
this is test nfs
[root@cPen_A www]# pwd
/opt/www

# Note: /opt is the directory for additional packages.
--------------------------------------------------------------------------------------------
3. Start the NFS service
[root@cPen_A www]# service nfs start        # Note: Start the service
[root@cPen_A www]# showmount -e            # Note: Check if it can connect
Export list for cPen_A:
/opt/www 192.168.255.0/24
# Note: Under centos8, start [root@cPen_B ~]# service nfs-server start
---------------------------------------------------------------
NFS connection check
You can first self-test on the server side to see if it can connect.
Command: showmount [-ae] [hostname | IP]
-a: Display the current host and client NFS connection sharing status.
-e: Display the directory data shared by a certain host's /etc/exports.
---------------------------------------------------------------
4. Test on another machine
If a return appears, it indicates ok.
[root@cPen_C ~]# showmount -e 192.168.255.28    # Note: Specify the IP address of the machine to analyze
Export list for 192.168.255.28:                    # Note: If this situation appears, it indicates that it can connect, and connectivity is not an issue.
 /opt/www 192.168.255.0/24

5. Mount network files
On another machine
[root@cPen_C ~]# mkdir /mnt2
[root@cPen_C ~]# mount -t nfs 192.168.255.28:/opt/www /mnt2        # Note: Mount network files
[root@cPen_C ~]# df            # Note: Use the df command to check disk mount status (this is a network disk mount).
192.168.255.28:/opt/www 17811456 2165760 15645696   13% /mnt2

[root@cPen_C ~]# cd /mnt2
[root@cPen_C mnt2]# ls
index.html
[root@cPen_C mnt2]# cat index.html 
this is test nfs
[root@cPen_C mnt2]# ls
index.html
[root@cPen_A ~]# cd /opt/www/                    # Note: Server A host operation
[root@cPen_A www]# touch index2.html            # Note: Server operation
[root@cPen_C mnt2]# ls
index2.html  index.html
[root@cPen_C mnt2]# mkdir index2.html
mkdir: cannot create directory "index2.html": Permission denied
# Note: Client C does not have permission to operate on server A files.
# If there is no permission, set no_root_squash in /etc/exports, and it can be operated.
no_root_squash treats remote root users as local root users, i.e., does not restrict root.
# Note: Let the server recognize the remote root user as the local root user.
# Note: After modifying the configuration file, you need to use exportfs -a to activate the configuration; then remount (first unmount, then remount).

# Example: Unmount
[root@cPen_C mnt2]# cd ..            # Note: Exit the mnt2 directory first, otherwise it will report busy.
[root@cPen_C /]# umount /mnt2        # Note: Then unmount.

# After modifying the configuration file, you need to use exportfs -a to activate.
# Remount:
    First exit the /mnt2 directory, then execute:
    umount /mnt2
    Then execute the mount.

2. rpcbind and nfs#

Before starting nfs, ensure that the rpcbind service is already started.
When nfs starts, it will register a port with the rpcbind service, which will return a port for nfs to use.
You can use
rpcinfo -p command to check if the nfs port has been registered successfully.
rpcbind is like a landlord, and nfs is a tenant.

Note: NFS cannot start its own port; rpcbind registers the port for nfs.#

Note: Ensure rpcbind is up before nfs starts.#

[root@cPen_A www]# rpcinfo -p # Note: rpcbind starts port 2049 for nfs.
100003 3 tcp 2049 nfs

A: 192.168.0.73 nfs Real Machine
B: 192.168.0.79 Proxy Machine + Real Machine
C: 192.168.0.53 Real Machine

Prerequisites:
All three hosts have nginx installed, and one of them has the nfs service enabled.
The nfs service is enabled on machine A, and the website directory is stored in /opt/www. B and C can mount A's /opt/www directory locally.
After configuring the nfs service on machine A, enable the nfs service, and then execute on machines A and C:
[root@cPen_B ~]# mount -t nfs 192.168.0.73:/opt/www /opt/www
[root@cPen_C ~]# mount -t nfs 192.168.0.73:/opt/www /opt/www

Machine B becomes the proxy machine.
Step 1: Start port 8080.
Modify the nginx configuration on machines A, B, and C to start port 8080, binding the domain name www.sc.com.
# Note: Configuration file directory: /etc/nginx
# Note: Enter the /etc/nginx/conf.d directory and create sc.conf.
Enter the following content:
[root@cPen_A ~]# cd /etc/nginx/
[root@cPen_A nginx]# cd conf.d/
[root@cPen_A conf.d]# vim sc.conf        # Note: The suffix must be .conf, automatically loaded to read this configuration file.
server {
    listen  8080;                        # Note: Listen on port 8080.
    server_name  www.sc.com;            # Note: Specify the domain name.

    root /opt/www;                        # Note: Specify the website home directory, default to look for index.html in the home directory.

}
[root@cPen_A conf.d]# nginx -t            # Note: Perform syntax check.
[root@cPen_A conf.d]# nginx -s reload        # Note: Activate configuration.
[root@cPen_A conf.d]# lsof -i:8080        # Note: Port 8080 is up.
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   3193  root    6u  IPv4  50354      0t0  TCP *:webcache (LISTEN)
nginx   3194 nginx    6u  IPv4  50354      0t0  TCP *:webcache (LISTEN)
nginx   3195 nginx    6u  IPv4  50354      0t0  TCP *:webcache (LISTEN)

Use lsof -i:8080 to check if the port is started.
Use curl -H "Host: www.sc.com" http://192.168.0.73:8080 to check if the returned content is consistent.
Access port 8080 of 192.168.0.68 using the domain name www.sc.com.
[root@cPen_A ~]# curl -H "Host: www.sc.com" http://192.168.0.73:8080
this is test nfs
# Note: The content returned by the three machines is the same, all are this is test nfs.

--------------------------------------------------------------------------------------------
# Note: Add reverse proxy on machine B.
Perform load balancing on machine B: forward requests to other machines (proxy forwarding) (high availability).
[root@cPen_B conf.d]# vim sc.conf 
server {
    listen  8080;
    server_name  www.sc.com;    

    root /opt/www;

}

upstream sc {                        # Note: Proxy forwarding, naming upstream as sc.
    server 192.168.0.73:8080;
    server 192.168.0.53:8080;
    server 192.168.0.79:8080;
}
# Note: Virtual host, allowing different domain names to do different things.
server {                            
    listen  80;
    server_name  www.sc.com;        

    root /opt/www;

    location / {                        # Note: Accessing the / directory of the website will be forwarded to sc.
        proxy_set_header Host $host;    # Note: Header information, if not added, it may become the address of machine B.
        # Note: Ensure that the header host field information sent by the client and the header host field of the forwarded packet remain consistent.
        proxy_pass http://sc;            # Note: Set the backend proxy server.
    }
}

server {
    listen  80;
    server_name  www.sc1.com;

    root /usr/share/www;

    location / {
        proxy_set_header Host $host;
        proxy_pass http://sc;
    }
}

# Note: When outputting www.sc.com, the request will have the packet storing the host header information: www.sc.com. After receiving this packet on port 80, it knows to forward it to port 8080. Machine B helps you request the 8080 ports of A, B, and C.
# Note: The client initiates a request to www.sc.com, the host header information is www.sc.com (the header information carried by the request packet), machine B hands it to the corresponding server for processing, requesting machine B's port 80 for processing, forwarding to port 8080. When machine B receives the packet, it hands it to the server for processing. At this time, the header information of the packet initiated by A may be the IP address of B (not www.sc.com), and the server_name of port 8080 will fail to forward if it does not have B's IP address. Therefore, proxy_set_header Host $host keeps their header information consistent.

--------------------------------------------------------------------------------------------
# Activate configuration
[root@cPen_B conf.d]# nginx -t
[root@cPen_B conf.d]# nginx -s reload

--------------------------------------------------------------------------------------------
# Then access port 80 multiple times to check if the returned content is consistent, and check if each machine's /var/log/nginx/access.log log has new requests coming in. tail -f /var/log/nginx/access.log

[root@cPen_B conf.d]# curl -H "Host: www.sc.com" http://192.168.0.79
this is test nfs
# Note: Proxy forwarding, accessing port 80, forwarding to port 8080, distributed to 3 machines for execution (load balancing).

[root@cPen_C conf.d]# tail -f /var/log/nginx/access.log     # Note: On machine C, machine B helps request.
192.168.0.79 - - [01/Dec/2020:17:21:54 +0800] "GET / HTTP/1.0" 200 17 "-" "curl/7.61.1" "-"
# Note: Average distribution to 3 machines, default round-robin.

Note: You can use killall nginx to kill all.#

Note: 404 Not Found, 403 Forbidden.#

Note: Swap A and B to B and A.#

nginx proxy machine + real machine

A

nginx real machine

B nfs

nginx real machine

C

Client accesses www.sc.com to access the 80 port of machine A nginx proxy (proxy means forwarding).
Machine A returns to handle its own 8080 or the 8080 of machine B, or the 8080 of machine C.
Load balancing: 20,000 people access the 80 port of machine A, the 80 port will not handle requests, just proxy forwarding, hand over to its own 8080 for processing, or the 8080 of machine B, or the 8080 of machine C. The pages returned by machines A, B, and C must remain consistent.
Mount the /opt/www directory of machine B to A and C (to maintain file consistency, all changes are made to the nfs of machine B).

Note: Network issues#

Bridge mode VMnet0 Same subnet

NAT mode VMnet8 Same subnet