文件存储详解

协议端口
NFS 3.0TCP/UDP 111,892和TCP/UDP 2049
NFS 4.0TCP/UDP 2049
CIFS/SMB445
NFS服务端口:2049,其余功能的端口随机选择小于1024的端口
RPC的功能是指定每个NFS功能所对应的port number,并通知客户端
Here are the ports that need to be opened: 
-TCP port 2049: The default port of NFS server listening. UDP port 2049: The default port of NFS server listening. 
-TCP/UDP port 111: RPC binding port is used to establish connections between clients and servers.

单纯NFS服务端至少需要两个daemon:
  • rpc.nfsd
    最主要的 NFS 伺服器服務提供者。這個 daemon 主要的功能就是在管理用戶端是否能夠使用服务器文件系统挂载信息等, 其中還包含這個登入者的 ID 的判別喔!
  • rpc.mountd
    這個 daemon 主要的功能,則是在管理 NFS 的檔案系統哩!當用戶端順利的通過 rpc.nfsd 而登入伺服器之後,在他可以使用 NFS 伺服器提供的檔案之前,還會經過檔案使用權限 (就是那個 -rwxrwxrwx 與 owner, group 那幾個權限啦) 的認證程序!他會去讀 NFS 的設定檔 /etc/exports 來比對用戶端的權限,當通過這一關之後用戶端就可以取得使用 NFS 檔案的權限啦!(註:這個也是我們用來管理 NFS 分享之目錄的使用權限與安全設定的地方哩!)

    • 实现:
    NFS启动时随机选择的端口会注册到RPC,RPC固定使用port 111监听客户端请求
    注意:
    不管客户端还是服务端,使用NFS时需要先启动RPC
    RPC重新启动,所管理的所有服务都要重新启动,RPC Server包括:NIS、NFS等
    RPC:Remote Procedure Call
    If we need to run a function on a remote computer and wait for the result? This pattern is commonly known as Remote Procedure Call or RPC
     
    主机挂载文件系统前要安装:
    # yum install nfs-utils(主程序)
    没安装nfs-utils挂载时会报错:
    # mount -t nfs -o vers=4.0,noresvport 172.16.32.14:/ /mnt/
    mount: wrong fs type, bad option, bad superblock on 172.16.32.14:/,
           missing codepage or helper program, or other error
           (for several filesystems (e.g. nfs, cifs) you might
           need a /sbin/mount.<type> helper program)

           In some cases useful info is found in syslog - try
           dmesg | tail or so.

    exportfs用在NFS Server端,而showmount主要用在Client端。
    showmount:
    showmount queries the mount daemon on a remote host for information about the state of the NFS server on that machine.  With no options showmount lists the set of clients who are mounting from that host.  The output from showmount is designed to appear as though it were processed through ``sort -u''.
    OPTIONS
        -a or --all
        List both the client hostname or IP address and mounted directory in host:dir format. This info should not be considered  reliable.  See  the  notes  on rmtab in rpc.mountd(8).
        -d or --directories
        List only the directories mounted by some client.
        -e or --exports
        Show the NFS server's export list.
    SFS Turbo





    Linux挂载命令:

    mount -t nfs -o vers=3,nolock 192.168.0.204:/ /mnt/sfs_turbo

    (使用nfs版本由客户端在挂载时指定)

    NFS 3.0 挂载根目录:

    sudo mount -t nfs -o vers=3,nolock,proto=tcp,noresvport 172.16.16.9:/buimuf6x/ /localfolder

    NFS 4.0 挂载根目录:

    sudo mount -t nfs -o vers=4.0,noresvport 172.16.16.9:/ /localfolder

    云服务器无法访问不在同一VPC下的文件系统,请选择与云服务器相同的VPC。

    # mount -t nfs 192.168.233.137:/tmp /home/nfs/public/
    # df -h
    Filesystem            Size  Used Avail Use% Mounted on
    ....
    192.168.233.137:/tmp   22G   17G  5.8G  75% /home/nfs/public  
    ==>22G为整个主机文件系统的大小
    安全性:
    一般来说NFS仅对内部网络开放,不对因特网开放,如有特殊需求可以跨不同网络,但防火墙特别难搞。
    为保证能正常使用文件系统,我们默认帮您开通安全组的111、445、2049、2051、2052、20048端口。
    所有文件存储都是内网访问?
    可以跨AZ(可用区),不可以跨region(区域)
    [root@VM-0-12-centos ~]# mount -t nfs -o vers=3,nolock,proto=tcp,noresvport 172.16.16.9:/buimuf6x/ /mnt/
    mount.nfs: Connection timed out

    可以查看已挂载文件系统的inode:


    blkidlsblk不会显示文件存储的系统:


    RPC:
    # rpcinfo -p localhost  //查看目前主机的rpc状态
       program vers proto   port  service
        100000    4   tcp    111  portmapper
        100005    1   udp  20048  mountd
        100024    1   udp  54117  status
        100003    3   tcp   2049  nfs
        100227    3   tcp   2049  nfs_acl
        100021    1   udp  44579  nlockmgr
    # rpcinfo -t localhost nfs  //检查TCP数据包所在的软件版本
    program 100003 version 3 ready and waiting
    program 100003 version 4 ready and waiting
    # systemctl status rpcbind  //查看rpc服务状态
    ● rpcbind.service - RPC Bind
       Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
       Active: active (running) since Sun 2023-11-19 19:37:29 CST; 1 months 18 days ago
         Docs: man:rpcbind(8)
     Main PID: 522 (rpcbind)
        Tasks: 1 (limit: 11861)
       Memory: 1.1M
       CGroup: /system.slice/rpcbind.service
               └─522 /usr/bin/rpcbind -w -f

    Nov 19 19:37:29 iZ7xv761vd3tpun6w137opZ systemd[1]: Starting RPC Bind...
    Nov 19 19:37:29 iZ7xv761vd3tpun6w137opZ systemd[1]: Started RPC Bind.

    NVMe
    NVMe 技术带来出众的存储空间、速度和兼容性。由于 NVMe 利用 PCIe 插槽,它传输的数据量是同等 SATA 产品的 25 倍。除了更多数据,NVMe 命令的速度是 AHCI 驱动程序命令的 2 倍。此外,NVMe 的每秒输入/输出操作 (IOPS) 超过 100 万,是 AHCI 硬盘的 900%。得益于自身的兼容性,NVMe 还直接与系统 CPU 通信,具有惊人的速度。NVMe 硬盘兼容所有主要的操作系统,无论外形尺寸如何。
    NVME LogoNVMe (Non-Volatile Memory Express) 是一种通信接口和驱动程序,可充分利用 PCIe 提供的更高带宽。它旨在提高性能和效率,同时让广泛的企业级系统和客户端系统实现互操作。NVMe 专为 SSD 设计,利用高速 PCIe 插槽在存储接口和系统 CPU 之间进行通信,不存在外形尺寸限制。
    NVMe 协议利用类似高性能处理器架构的并行、低延迟基础介质数据通道。相比 SAS 和 SATA 协议,这大幅提升了性能并降低了延迟。NVMe可以支持多个 I/O 队列,最多可达 64000 个,而每个队列包含 64000 个条目。相比采 AHCI(高级主控接口)等传统驱动程序的旧存储模型,NVMe 让输入/输出任务可以更快地传输更多数据。由于 NVMe专为 SSD 设计,它最终将成为新的行业标准。

    文件存储与本地存储IO对比:
    [root@VM-32-16-centos ~]# dd if=/dev/zero of=/mnt/loopdev bs=1M count=128
    128+0 records in
    128+0 records out
    134217728 bytes (134 MB) copied, 0.938318 s, 143 MB/s
    [root@VM-32-16-centos ~]# dd if=/dev/zero of=./loopdev bs=1M count=128
    128+0 records in
    128+0 records out
    134217728 bytes (134 MB) copied, 0.0425636 s, 3.2 GB/s
    通用标准型存储吞吐上限(MiB/s) = MIN{300, MAX{0.1×已使用存储容量(GiB)+100, 0.1×已绑定存储资源包存储量(GiB)+100}}, 吞吐将以 5MiB/s 为刻度动态调整。

    Is NFS v3 encrypted?
    NFSv2 and NFSv3 traditionally passed data insecurely. All versions of NFS now have the ability to authenticate (and optionally encrypt) ordinary file system operations using Kerberos. Under NFSv4 all operations can use Kerberos; under v2 or v3, file locking and mounting still do not use it.
       3.    Server Procedures  . . . . . . . . . . . . . . . . . . . .  27
   3.1     General comments on attributes . . . . . . . . . . . . .  29
   3.2     General comments on filenames  . . . . . . . . . . . . .  30
   3.3.0   NULL: Do nothing . . . . . . . . . . . . . . . . . . . .  31
   3.3.1   GETATTR: Get file attributes . . . . . . . . . . . . . .  32
   3.3.2   SETATTR: Set file attributes . . . . . . . . . . . . . .  33
   3.3.3   LOOKUP: Lookup filename  . . . . . . . . . . . . . . . .  37
   3.3.4   ACCESS: Check access permission  . . . . . . . . . . . .  40
   3.3.5   READLINK: Read from symbolic link  . . . . . . . . . . .  44
   3.3.6   READ: Read from file . . . . . . . . . . . . . . . . . .  46
   3.3.7   WRITE: Write to file . . . . . . . . . . . . . . . . . .  49
   3.3.8   CREATE: Create a file  . . . . . . . . . . . . . . . . .  54
   3.3.9   MKDIR: Create a directory  . . . . . . . . . . . . . . .  58
   3.3.10  SYMLINK: Create a symbolic link  . . . . . . . . . . . .  61
   3.3.11  MKNOD: Create a special device . . . . . . . . . . . . .  63
   3.3.12  REMOVE: Remove a file  . . . . . . . . . . . . . . . . .  67
   3.3.13  RMDIR: Remove a directory  . . . . . . . . . . . . . . .  69
   3.3.14  RENAME: Rename a file or directory . . . . . . . . . . .  71
   3.3.15  LINK: Create link to an object . . . . . . . . . . . . .  74
   3.3.16  READDIR: Read From directory . . . . . . . . . . . . . .  76
   3.3.17  READDIRPLUS: Extended read from directory  . . . . . . .  80
   3.3.18  FSSTAT: Get dynamic file system information  . . . . . .  84
   3.3.19  FSINFO: Get static file system information . . . . . . .  86
   3.3.20  PATHCONF: Retrieve POSIX information . . . . . . . . . .  90
   3.3.21  COMMIT: Commit cached data on a server to stable storage  92

    Amazon EFS实战:
    Create a directory efs that you will use as the file system mount point using the following command: 
    [ec2-user@ip-172-31-40-71 ~]$ sudo mkdir efs
    [ec2-user@ip-172-31-40-71 ~]$ sudo mount -t efs -o tls fs-097d6f3878d3b54a3:/ /home/ec2-user/efs
    mount: /home/ec2-user/efs: unknown filesystem type 'efs'.
    没有安装客户端报错,安装客户端:
    [ec2-user@ip-172-31-40-71 ~]$ which amzn-efs-utils
    /usr/bin/which: no amzn-efs-utils in (/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin)
    [ec2-user@ip-172-31-40-71 ~]$ sudo yum install amazon-efs-utils
    挂载:
    [ec2-user@ip-172-31-40-71 ~]$ sudo mount -t efs -o tls fs-097d6f3878d3b54a3.efs.us-east-1.amazonaws.com efs/
    Mount attempt 1/3 failed due to timeout after 15 sec, wait 0 sec before next attempt.
    Mount attempt 2/3 failed due to timeout after 15 sec, wait 0 sec before next attempt.
    MountTarget使用的默认安全组没放通ECS实例,使用新的安全组后挂载:
    [ec2-user@ip-172-31-40-71 ~]$ telnet fs-097d6f3878d3b54a3.efs.us-east-1.amazonaws.com 2049
    Trying 172.31.34.51...   ==>智能解析为同一个AZ的挂载目标(MountTarget
    Connected to fs-097d6f3878d3b54a3.efs.us-east-1.amazonaws.com.
    Escape character is '^]'.
    ^]
    telnet> quit
    Connection closed.
    [ec2-user@ip-172-31-40-71 ~]$ sudo mount -t efs -o tls fs-097d6f3878d3b54a3.efs.us-east-1.amazonaws.com efs/
    [ec2-user@ip-172-31-40-71 ~]$ df -h
    Filesystem      Size  Used Avail Use% Mounted on
    ....
    127.0.0.1:/     8.0E     0  8.0E   0% /home/ec2-user/efs
    可以改变挂载的文件系统的属主:
    [ec2-user@ip-172-31-40-71 ~]$ sudo chown -R ec2-user:ec2-user efs/
    MountPoint是指本地主机上的接入点

    umount(卸载文件系统)
          -l, --lazy
                  Lazy unmount.  Detach the filesystem from the file hierarchy now, and clean up all references to this filesystem as soon as it is not busy anymore.
                  A system reboot would be expected in near future if you're going to use this option for network filesystem or local filesystem with submounts.  The recommended  use-case  for  umount  -l  is to prevent hangs on shutdown due to an unreachable network share where a normal umount will hang due to a downed server or a network partition. Remounts of the share will not be possible.
                umount -l 的推荐用例是防止由于无法访问的网络共享而导致关机时挂起,而正常的 umount 将由于服务器宕机或网络分区而挂起。 股份的重新分配将是不可能的。
          -f, --force

    rsync同步文件
    [root@ali-ecs ~]# df -h
    Filesystem                                         Size  Used Avail Use% Mounted on
    ....
    28ea2249762-dxx83.cn-guangzhou.nas.aliyuncs.com:/   10P     0   10P   0% /mnt/nfs
    28010548b35-atw42.cn-guangzhou.nas.aliyuncs.com:/   10P     0   10P   0% /mnt/nfs2
    [root@ali-ecs ~]# rsync -av /mnt/nfs/* /mnt/nfs2/
    sending incremental file list
    alertmanager.yml
    welcome.html
    3a40/

    sent 1,963 bytes  received 62 bytes  4,050.00 bytes/sec
    total size is 1,749  speedup is 0.86
    [root@ali-ecs ~]# ll /mnt/nfs2/
    total 9
    drwxr-xr-x 2 root root 4096 Apr 14 23:45 3a40
    -rw-r--r-- 1 root root 1733 Jan  7 16:28 alertmanager.yml
    -rw-r--r-- 1 root root   16 Jan  7 16:28 welcome.html
    [root@ali-ecs ~]# ll /mnt/nfs
    total 9
    drwxr-xr-x 2 root root 4096 Apr 14 23:45 3a40
    -rw-r--r-- 1 root root 1733 Jan  7 16:28 alertmanager.yml
    -rw-r--r-- 1 root root   16 Jan  7 16:28 welcome.html
    -a:相当于-rlptgoD

    Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.

    encryption at rest:静态数据加密

    Static encryption, also known as encryption at rest, is a data security technique that encrypts data while it is stored in a persistent location, such as a hard drive, solid-state drive (SSD), or cloud storage. This means that the data is encrypted before it is written to the storage medium and remains encrypted until it is decrypted for use.

    Benefits of Static Encryption:

    1. Data Protection: Static encryption protects sensitive data from unauthorized access if the storage device is stolen, lost, or compromised. Even if an attacker gains physical possession of the storage medium, they cannot read the encrypted data without the decryption key.

    2. Compliance: Static encryption can help organizations comply with data privacy regulations and industry standards that mandate data protection, such as HIPAA, PCI DSS, and GDPR.

    3. Reduced Risk of Data Breaches: Static encryption reduces the risk of data breaches that occur due to unauthorized access to stored data. This can protect sensitive information like financial records, personal data, and intellectual property.

    Common Static Encryption Methods:

    1. File-Level Encryption: Encrypts individual files and directories, allowing granular control over which data is encrypted.

    2. Full Disk Encryption (FDE): Encrypts the entire storage device, including the operating system and all data, providing comprehensive protection.

    3. Device Encryption: Encrypts the storage device itself, ensuring that data remains encrypted even if the device is removed from the system.


    Lifecycle management
    Transition into Infrequent Access (IA):
    30 day(s) since last access
    Transition into Archive:
    90 day(s) since last access
    Transition into Standard:
    None

    生命周期管理
    转换为“不频繁访问(IA)”:
    自上次访问后 30 天
    转换为“归档”:
    自上次访问后 90 天
    转换为“标准”:


    如何统计NAS文件系统的目录数:

    1、
    $ find /home/vbird -type d | wc -l
    3454
    2、
    # tree -d /mnt/nfs | tail -1
    1 directory

    设置开机挂载:
    $ cat /etc/fstab 
    #
    UUID=d7065661-d719-42af-b64d-1e5665ccf2c2     /           xfs    defaults,noatime  1   1
    UUID=5143-9327        /boot/efi       vfat    defaults,noatime,uid=0,gid=0,umask=0077,shortname=winnt,x-systemd.automount 0 2

    #fs-097d6f3878d3b54a3:/ /home/ec2-user/efs efs _netdev,noresvport,tls,iam,accesspoint=fsap-0b85eca14b605e181 0 0
    fs-097d6f3878d3b54a3:/ /home/ec2-user/efs efs _netdev,noresvport,tls,iam 0 0
    Test the fstab entry by using the mount command with the 'fake' option along with the 'all' and 'verbose' options.
    $ sudo mount -fav
    /                        : ignored
    /boot/efi                : already mounted
    /home/ec2-user/efs is already mounted, please run 'mount' command to verify
    /home/ec2-user/efs       : successfully mounted








    评论

    发表评论

    此博客中的热门博文

    码率单位

    Feature Bandwidth Traffic Throughput Definition Maximum data transfer rate Actual data being transmitted Actual data transfer rate achieved Measure Capacity (bps) Data volume (bytes or packets) Transfer rate (bps) Static vs. Dynamic Static (connection property) Dynamic (varies over time) Dynamic (affected by network conditions) Impact on Performance Determines potential data transfer speed Affects network congestion and utilization Measures actual network performance 表格一览: 名称 符号 b/s B/s 示例 比特每秒 b/s 1 1/8 字节每秒 B/s 8 1 千比特每秒 kb/s 1000 = 10^3 125 = 10^3/8 二进制千比特每秒 Kib/s 1024 = 2^10 128 = 2^10/8 千字节每秒 kB/s 8000 = 8*10^3 1000 = 10^3 二进制千字节每秒 KiB/s 8192 = 8*2^10 1024 = 2^10 k 与 Ki k 与 Ki 分别表示 kilo-(千) 与 kibi-(二进制千) 。作为前缀使用时, k 表示 1,000,Ki 表示1,024 ,因为“Ki”来源于它在计算机方面 2^10 = 1,024 的使用。不幸的是,人们常常错误地用 K 代替 Ki。此外,不知晓其中微妙差别的广大公众,常常不加区别地使用“Kbps”与“Kibps”,造成了混乱。总之,使用“Kibps”通常是正确的。 The bit rate is expressed in the unit bit per second (symbol: bit/s), often in conjunction with an SI prefix such as kilo (1...
    阅读全文

    Process vs. Thread

    图片
      A process is an executing instance of a program with its own memory and resources, while  a thread is the smallest unit of execution within a process that can run concurrently with other threads in the same process .  Processes are isolated with separate address spaces and require system-provided inter-process communication to share data, whereas threads share the process's memory and resources, allowing for faster communication and context switching.   Process vs. Thread Process: An independent program in execution.  Has its own separate memory address space.  Carries more state information and resources (like open files and system handles).  Data sharing requires Inter-Process Communication (IPC) mechanisms.  Considered a "heavyweight" unit of execution due to resource overhead for creation and context switching.  Thread: A subset of a process , executing within the process's context.  Shares the process's address space, memory, and ...
    阅读全文

    日志文件系统

    图片
    Journaling filesystem 基本原理 更新文件系统以反映文件和目录的更改通常需要许多单独的写入操作。这使得写入之间可能发生中断(例如电源故障或系统崩溃),从而使数据结构处于无效的中间状态。[1] 例如,删除 Unix 文件系统上的文件涉及三个步骤:[7] 删除其目录条目。(Removing its directory entry.) 将索引节点释放到空闲索引节点池中。(Releasing the inode to the pool of free inodes.) 将所有磁盘块返回到空闲磁盘块池。(Returning all disk blocks to the pool of free disk blocks.) 如果在步骤1之后和步骤2之前发生崩溃,就会出现孤立的inode,从而导致存储泄漏;如果在步骤2和步骤3之间发生崩溃,则该文件先前使用的块将无法用于新文件,从而有效地减少了文件系统的存储容量。重新安排步骤也无济于事。如果步骤 3 在步骤 1 之前,则它们之间的崩溃可能允许文件的块重新用于新文件,这意味着部分删除的文件将包含另一个文件的部分内容,并且对任一文件的修改都会显示在两个文件中。另一方面,如果步骤 2 在步骤 1 之前,则它们之间的崩溃将导致文件无法访问,尽管该文件看起来存在。 检测此类不一致并从中恢复通常需要完整地检查其数据结构,例如通过 fsck (文件系统检查器)等工具。[2] 这通常必须在下次安装文件系统以进行读写访问之前完成。如果文件系统很大并且 I/O 带宽相对较小,则这可能会花费很长时间,并且如果它阻止系统的其余部分恢复联机,则会导致更长的停机时间。 为了防止这种情况,日志文件系统分配一个特殊区域——日志——在其中记录它将提前进行的更改。崩溃后,恢复只需从文件系统读取日志并重播该日志中的更改,直到文件系统再次保持一致。因此,这些更改被认为是原子的(不可整除),因为它们要么成功(最初成功或在恢复期间完全重播),要么根本不重播(被跳过,因为它们在之前尚未完全写入日志)发生崩溃)。  JFS(1990)->NTFS(1993)->XFS(1994)->Apple HFS Plus(1998)->ext3(2001)->ext4(2008) ext和ext2文件系统不是日志文件系统 日誌式檔...
    阅读全文