9.1 共享文件系统
概述: 共享文件系统通常有两种方式:
基于文件共享,一种直接共享文件夹给client端,常见的技术有NFS(Network File System )和 SMB (Server Message Block)
基于block共享,即共享服务器端分配的磁盘给client端使用。
--------------------------------------------------------------------------------------------------------
测试环境
--------------------------------------------------------------------------------------------------------
9.1.1 基于文件共享
NFS 配置
服务端设置
安装包
libnfsidmap-0.25-9.el7.x86_64
nfs-utils-1.3.0-0.el7.x86_64
服务名: nfs
防火墙:
1. 安装包检查及安装
rpm -qa | grep -i nfs yum install nfs-utils-*
2. 启动服务nfs-server
systemctl restart nfs-server systemctl enable nfs-server systemctl status nfs-serve
3. 开启防火墙
rhel 7 firewall-cmd --permanent --add-service=nfs firewall-cmd --reload
4. 配置分享的文件
4.1. 创建分享的文件系统
mkdir /nfs
如果分享的用户有写权限,需要设置other 对共享文件夹有写权限
4.2. 配置共享文件
/etc/exports /nfs desktop0(rw) 保存退出后,使用命令检测是否成功 exportfs -r
客户端设置
配置/etc/fstab
192.168.56.12:/nfs /sharednfs nfs defaults 0 0
执行挂载
mount -a df -h mount 192.168.56.12:nfs /sharednfs
SMB (Server Message Block)
安装包
samba samba-client
服务 :smb
防火墙:
服务端设置
1. 安装包
yum install samba*
2. 启动服务
systemctl restart smb systemctl enable smb systemctl status smb
3. 开启防火墙
firewall-cmd --permanent --add-service=samba firewall-cmd --reload
4. 创建共享文件目录,及用户需求
mkdir /samba
5. 设置共享文件
5.1 添加共享配置
/etc/samba/smb.conf [samba_s0] path=/samba valid users=user0 write list=user1,user2 hosts allow=192.168.56.1 writable=no
5.2 执行命令testparm 检查配置是否存在语法错误
[root@localhost ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[samba_s0]" Loaded services file OK. “Loaded services file OK.” 表示everything is ok
5.3 将用户升级为samba用户,需要设置对应用户的登录密码
smbpasswd -a user0
[root@localhost ~]# smbpasswd -a user0 New SMB password: Retype new SMB password: Added user user0.
客户端设置
安装包 samba-client-3.6.23-45.el6_9.x86_64 cifs-utils-4.8.1-20.el6.x86_64 服务:N/A
1. 安装安装包
yum install samba-client yum install cifs*
2. 测试是否能够访问成功
2.1 测试是否mount 成功
[root@dpf01 ~]# mount -ousername=user0 //192.168.56.12/samba_s0 /samba Password:
2.2 测试是否有读权限
[root@dpf01 ~]# cd /samba [root@dpf01 samba]# ls ls: reading directory .: Permission denied
原因分析及解决方法
临时关闭 selinux, 测试成功
setenforce 0
接下来我们 fix ,在 server 端做如下操作
方法一:
[root@localhost ~]# semanage fcontext -a -t samba_share_t "/samba(/.*)?"
[root@localhost ~]# restorecon -R -v /samba
restorecon reset /samba context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@localhost ~]# ls -dZ /samba
drwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0 /samba
方法二: 通过查看配置文件 /etc/samba/smb.conf
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
# and groupadd family of binaries. Run the following command as the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
# directories. To share such directories and only allow read-only permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
9.1.2 基于 block 共享
ISSCI
1. 安装必要的安装包 2. 创建共享的磁盘
3. 配置ISSCI 服务端
服务端设置
要求的安装包
target
服务:target
防火墙:
1. 安装包
yum install target*
2. 启动服务
systemctl restart target systemctl enable target systemctl status target
3. 配置共享磁盘
targetcli [root@localhost RHEL-7.0 Server.x86_64]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb34 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. /> ls o- / ..................................................................................................................... [...] o- backstores .......................................................................................................... [...] | o- block .............................................................................................. [Storage Objects: 0] | o- fileio ............................................................................................. [Storage Objects: 0] | o- pscsi .............................................................................................. [Storage Objects: 0] | o- ramdisk ............................................................................................ [Storage Objects: 0] o- iscsi ........................................................................................................ [Targets: 0] o- loopback ..................................................................................................... [Targets: 0] /> /backstores> block/ create block0 /dev/sda5 Created block storage object block0 using /dev/sda5. cd .. /> ls o- / ..................................................................................................................... [...] o- backstores .......................................................................................................... [...] | o- block .............................................................................................. [Storage Objects: 1] | | o- block0 .................................................................. [/dev/sda5 (200.0MiB) write-thru deactivated] | o- fileio ............................................................................................. [Storage Objects: 0] | o- pscsi .............................................................................................. [Storage Objects: 0] | o- ramdisk ............................................................................................ [Storage Objects: 0] o- iscsi ........................................................................................................ [Targets: 0] o- loopback ..................................................................................................... [Targets: 0] /> iscsi/ create iqn.2017-11.com.example:remotedisk1 cd iscsi/iqn.2017-11.com.example:remotedisk1/tpg1/ acls/ create iqn.2017-11.com.example:192.168.56.1 luns/ create portals/ create 192.168.56.12 /> ls o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 1] | | o- block0 ........................................................................ [/dev/sda5 (200.0MiB) write-thru activated] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 1] | o- iqn.2017-11.com.example:remotedisk1 ............................................................................... [TPGs: 1] | o- tpg1 ............................................................................................... [no-gen-acls, no-auth] | o- acls .......................................................................................................... [ACLs: 1] | | o- iqn.2017-11.com.example:192.168.56.1 ................................................................. [Mapped LUNs: 1] | | o- mapped_lun0 ................................................................................ [lun0 block/block0 (rw)] | o- luns .......................................................................................................... [LUNs: 1] | | o- lun0 ....................................................................................... [block/block0 (/dev/sda5)] | o- portals .................................................................................................... [Portals: 1] | o- 192.168.56.12:3260 ............................................................................................... [OK] o- loopback ......................................................................................................... [Targets: 0] />
4. 防火墙设置
[root@localhost ~]# firewall-cmd --permanent --add-port=3260/tcp success [root@localhost ~]# firewall-cmd --reload success
客户端设置
1. 安装包
iscsi-initiator-utils
2. 启动服务
systemctl restart iscsid systemctl enable iscsid systemctl status iscsid
2. 设置配置文件
/etc/iscsi/initiatorname.iscsi
nitiatorName=iqn.2017-11.com.example:192.168.56.1
3. 发现共享 node
iscsiadm --mode discoverydb --type sendtargets --portal 192.168.56.12 --discover
[root@dpf01 ~]# iscsiadm --mode discoverydb --type sendtargets --portal 192.168.56.12 --discover Starting iscsid: [ OK ] 192.168.56.12:3260,1 iqn.2017-11.com.example:remotedisk1
4. login node
iscsiadm --mode node --targetname iqn.2017-11.com.example:remotedisk1 --portal 192.168.56.12:3260 --login
iscsiadm --mode node --targetname iqn.2001-05.com.doe:test --portal 192.168.1.1:3260 --logout
5. 配置/etc/fstab