Export polices are used to restrict the NFS/CIFS access to the volumes to clients that match specific parameters. Export polices contains one or more rules that process each client access request . A Vserver can contain multiple export polices and each volume can be associate with desired export polices to provide the access to the clients. By default each Vserver with flex volume has a default export policy that contains no rules. When you create a Vserver with FlexVol volume, the SVM(Vserver) automatically creates a default export policy called “default” for the root volume of the Vserver. You must create one or more rules for the default export policy before clients can access data on the Vserver. Alternatively, you can create a custom export policy with rules. You can modify and rename the default export policy, but you cannot delete the default export policy.
You must have VServer and Volumes to assign the export policy.
Let’s create the new export policy and assign to the existing volumes.
1. Login to the cluster LIF as admin user.
2. List the existing data Vserver.
NetUA::> vserver show -type data
Admin Root Name Name
Vserver Type State Volume Aggregate Service Mapping
----------- ------- --------- ---------- ---------- ------- -------
infisvm data running infisvm_ NetUA01_ file file
root aggr2
ua_vs1 data running ua_vs1_ NetUA01_ file file
root aggr1
2 entries were displayed.
NetUA::>
3.List the data volumes from the existing data Vserver.
NetUA::> volume show -vserver ua_vs1,infisvm -type RW
Vserver Volume Aggregate State Type Size Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
infisvm bigvol1 - online RW 2GB 1.90GB 5%
infisvm infisvm_root NetUA01_aggr2
online RW 20MB 18.87MB 5%
ua_vs1 ua_vs1_root NetUA01_aggr1
online RW 20MB 18.88MB 5%
ua_vs1 uavol1 NetUA01_aggr1
online RW 100MB 94.87MB 5%
4 entries were displayed.
NetUA::>
4. Check the existing export policy. “infisvm” policies are created during the Vserver creation since it’s hosting infinite volume.
NetUA::> export-policy show
(vserver export-policy show)
Vserver Policy Name
--------------- -------------------
infisvm default
infisvm repos_namespace_export_policy
infisvm repos_restricted_export_policy
infisvm repos_root_readonly_export_policy
ua_vs1 default
5 entries were displayed.
NetUA::>
5. Let’s create the new export policy for Vserver “ua_vs1” .
NetUA::> export-policy create -vserver ua_vs1 -policyname uavspol1
(vserver export-policy create)
NetUA::>
NetUA::> export-policy show -vserver ua_vs1
(vserver export-policy show)
Vserver Policy Name
--------------- -------------------
ua_vs1 default
ua_vs1 uavspol1
2 entries were displayed.
NetUA::>
6. Create the new rule for “uavspol1” policy.
NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 0.0.0.0/0.0 -rorule any -rwrule any -allow-suid true
(vserver export-policy rule create)
NetUA::> export-policy rule show -vserver ua_vs1
(vserver export-policy rule show)
Policy Rule Access Client RO
Vserver Name Index Protocol Match Rule
------------ --------------- ------ -------- --------------------- ---------
ua_vs1 uavspol1 1 any 0.0.0.0/0.0 any
NetUA::>
To create the rule for specific host , use the following command .
NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 192.168.0.150 -rorule any -rwrule any -allow-suid true
(vserver export-policy rule create)
NetUA::> export-policy rule show -vserver ua_vs1 (vserver export-policy rule show)
Policy Rule Access Client RO
Vserver Name Index Protocol Match Rule
------------ --------------- ------ -------- --------------------- ---------
ua_vs1 uavspol1 1 any 0.0.0.0/0.0 any
ua_vs1 uavspol1 2 any 192.168.0.150 any
2 entries were displayed.
NetUA::>
You can add N-number of clients by adding rules.
7. Apply the policy to the Vserver ua_vs1’s volumes.
NetUA::> vol show -vserver ua_vs1 -type rw
(volume show)
Vserver Volume Aggregate State Type Size Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
ua_vs1 ua_vs1_root NetUA01_aggr1
online RW 20MB 18.88MB 5%
ua_vs1 uavol1 NetUA01_aggr1
online RW 100MB 94.86MB 5%
2 entries were displayed.
NetUA::>
NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume uavol1
(volume modify)
Volume modify successful on volume: uavol1
NetUA::>
These following information required to mount the volume on NFS clients .
Find the “ua_vs1” LIF IP address to mount the volume on NFS client.
NetUA::> net int show -vserver ua_vs1
(network interface show)
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home
----------- ---------- ---------- ------------------ ------------- ------- ----
ua_vs1
uadata1 up/up 192.168.0.123/24 NetUA-01 e0c true
NetUA::>
Find the junction path for volume uavol1.
NetUA::> volume show -vserver ua_vs1 -volume uavol1 -fields junction-path
vserver volume junction-path
------- ------ -------------
ua_vs1 uavol1 /uavol1_new
NetUA::>
Mount the Volume on Linux Client:
1.Login to the linux host.
2.Try to mount the uavol1 volume.
root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1
mount.nfs: access denied by server while mounting 192.168.0.123:/uavol1_new
root@uacloud:~#
Error: mount.nfs: access denied by server while mounting XXX.XXX.XXX.XXX:/volume_name.
Most of the time , you will face this issue when you are not setting the policy to the Vserver root volume.
Just login to the Cluster LIF as admin and set the policy for Vserver root volume too.
NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume ua_vs1_root
(volume modify)
Volume modify successful on volume: ua_vs1_root
NetUA::>
NetUA::> volume show -vserver ua_vs1 -volume ua_vs1_root -fields policy
vserver volume policy
------- ----------- --------
ua_vs1 ua_vs1_root uavspol1
NetUA::>
Try to mount the volume “uavol1” again.
root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1
root@uacloud:~# df -h /uavol1
Filesystem Size Used Avail Use% Mounted on
192.168.0.123:/uavol1_new 95M 128K 95M 1% /uavol1
root@uacloud:~#
Success!!! We have successfully mounted the volume on Linux host.
No comments:
Post a Comment