Export polices are used to restrict the NFS/CIFS access to the volumes to clients that match specific parameters. Export polices contains one or more rules that process each client access request . A Vserver can contain multiple export polices and each volume can be associate with desired export polices to provide the access to the clients. By default each Vserver with flex volume has a default export policy that contains no rules. When you create a Vserver with FlexVol volume, the SVM(Vserver) automatically creates a default export policy called “default” for the root volume of the Vserver. You must create one or more rules for the default export policy before clients can access data on the Vserver. Alternatively, you can create a custom export policy with rules. You can modify and rename the default export policy, but you cannot delete the default export policy.
You must have VServer and Volumes to assign the export policy.
Let’s create the new export policy and assign to the existing volumes.
1. Login to the cluster LIF as admin user.
2. List the existing data Vserver.
NetUA::> vserver show -type data Admin Root Name Name Vserver Type State Volume Aggregate Service Mapping ----------- ------- --------- ---------- ---------- ------- ------- infisvm data running infisvm_ NetUA01_ file file root aggr2 ua_vs1 data running ua_vs1_ NetUA01_ file file root aggr1 2 entries were displayed. NetUA::>
3.List the data volumes from the existing data Vserver.
NetUA::> volume show -vserver ua_vs1,infisvm -type RW Vserver Volume Aggregate State Type Size Available Used% --------- ------------ ------------ ---------- ---- ---------- ---------- ----- infisvm bigvol1 - online RW 2GB 1.90GB 5% infisvm infisvm_root NetUA01_aggr2 online RW 20MB 18.87MB 5% ua_vs1 ua_vs1_root NetUA01_aggr1 online RW 20MB 18.88MB 5% ua_vs1 uavol1 NetUA01_aggr1 online RW 100MB 94.87MB 5% 4 entries were displayed. NetUA::>
4. Check the existing export policy. “infisvm” policies are created during the Vserver creation since it’s hosting infinite volume.
NetUA::> export-policy show (vserver export-policy show) Vserver Policy Name --------------- ------------------- infisvm default infisvm repos_namespace_export_policy infisvm repos_restricted_export_policy infisvm repos_root_readonly_export_policy ua_vs1 default 5 entries were displayed. NetUA::>
5. Let’s create the new export policy for Vserver “ua_vs1” .
NetUA::> export-policy create -vserver ua_vs1 -policyname uavspol1 (vserver export-policy create) NetUA::> NetUA::> export-policy show -vserver ua_vs1 (vserver export-policy show) Vserver Policy Name --------------- ------------------- ua_vs1 default ua_vs1 uavspol1 2 entries were displayed. NetUA::>
6. Create the new rule for “uavspol1” policy.
NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 0.0.0.0/0.0 -rorule any -rwrule any -allow-suid true (vserver export-policy rule create) NetUA::> export-policy rule show -vserver ua_vs1 (vserver export-policy rule show) Policy Rule Access Client RO Vserver Name Index Protocol Match Rule ------------ --------------- ------ -------- --------------------- --------- ua_vs1 uavspol1 1 any 0.0.0.0/0.0 any NetUA::>
To create the rule for specific host , use the following command .
NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 192.168.0.150 -rorule any -rwrule any -allow-suid true (vserver export-policy rule create) NetUA::> export-policy rule show -vserver ua_vs1 (vserver export-policy rule show) Policy Rule Access Client RO Vserver Name Index Protocol Match Rule ------------ --------------- ------ -------- --------------------- --------- ua_vs1 uavspol1 1 any 0.0.0.0/0.0 any ua_vs1 uavspol1 2 any 192.168.0.150 any 2 entries were displayed. NetUA::>
You can add N-number of clients by adding rules.
7. Apply the policy to the Vserver ua_vs1’s volumes.
NetUA::> vol show -vserver ua_vs1 -type rw (volume show) Vserver Volume Aggregate State Type Size Available Used% --------- ------------ ------------ ---------- ---- ---------- ---------- ----- ua_vs1 ua_vs1_root NetUA01_aggr1 online RW 20MB 18.88MB 5% ua_vs1 uavol1 NetUA01_aggr1 online RW 100MB 94.86MB 5% 2 entries were displayed. NetUA::> NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume uavol1 (volume modify) Volume modify successful on volume: uavol1 NetUA::>
These following information required to mount the volume on NFS clients .
Find the “ua_vs1” LIF IP address to mount the volume on NFS client.
NetUA::> net int show -vserver ua_vs1 (network interface show) Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- ua_vs1 uadata1 up/up 192.168.0.123/24 NetUA-01 e0c true NetUA::>
Find the junction path for volume uavol1.
NetUA::> volume show -vserver ua_vs1 -volume uavol1 -fields junction-path vserver volume junction-path ------- ------ ------------- ua_vs1 uavol1 /uavol1_new NetUA::>
Mount the Volume on Linux Client:
1.Login to the linux host.
2.Try to mount the uavol1 volume.
root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1 mount.nfs: access denied by server while mounting 192.168.0.123:/uavol1_new root@uacloud:~#
Error: mount.nfs: access denied by server while mounting XXX.XXX.XXX.XXX:/volume_name.
Most of the time , you will face this issue when you are not setting the policy to the Vserver root volume.
Just login to the Cluster LIF as admin and set the policy for Vserver root volume too.
NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume ua_vs1_root (volume modify) Volume modify successful on volume: ua_vs1_root NetUA::> NetUA::> volume show -vserver ua_vs1 -volume ua_vs1_root -fields policy vserver volume policy ------- ----------- -------- ua_vs1 ua_vs1_root uavspol1 NetUA::>
Try to mount the volume “uavol1” again.
root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1 root@uacloud:~# df -h /uavol1 Filesystem Size Used Avail Use% Mounted on 192.168.0.123:/uavol1_new 95M 128K 95M 1% /uavol1 root@uacloud:~#
Success!!! We have successfully mounted the volume on Linux host.
Hope this article is informative to you . Share it ! Comment it !! Be Sociable !!!
Leave a Reply