Home / NetApp Clustered ONTAP / NetApp – Clustered DATA ONTAP – Configure Export policy – Part 13

NetApp – Clustered DATA ONTAP – Configure Export policy – Part 13

Export polices are used to restrict the NFS/CIFS access to the volumes to clients that match specific parameters. Export polices contains one or more rules that process each client access request . A Vserver can contain multiple export polices and each volume can be associate with desired export polices to provide the access to the clients.  By default each Vserver with flex volume has a default export policy that contains no rules.  When you create a Vserver with FlexVol volume, the SVM(Vserver) automatically creates a default export policy called “default” for the root volume of the Vserver. You must create one or more rules for the default export policy before clients can access data on the Vserver. Alternatively, you can create a custom export policy with rules. You can modify and rename the default export policy, but you cannot delete the default export policy.

You must have VServer and Volumes to assign the export policy.

 

Let’s create the new export policy and assign to the existing volumes.

1. Login to the cluster LIF as admin user.

2. List the existing data Vserver.

NetUA::> vserver show -type data
                    Admin     Root                  Name    Name
Vserver     Type    State     Volume     Aggregate  Service Mapping
----------- ------- --------- ---------- ---------- ------- -------
infisvm     data    running   infisvm_   NetUA01_   file    file
                              root       aggr2
ua_vs1      data    running   ua_vs1_    NetUA01_   file    file
                              root       aggr1
2 entries were displayed.

NetUA::>

 

3.List the data volumes from the existing data Vserver.

NetUA::> volume show -vserver ua_vs1,infisvm -type RW
Vserver   Volume       Aggregate    State      Type       Size  Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
infisvm   bigvol1      -            online     RW          2GB     1.90GB    5%
infisvm   infisvm_root NetUA01_aggr2
                                    online     RW         20MB    18.87MB    5%
ua_vs1    ua_vs1_root  NetUA01_aggr1
                                    online     RW         20MB    18.88MB    5%
ua_vs1    uavol1       NetUA01_aggr1
                                    online     RW        100MB    94.87MB    5%
4 entries were displayed.

NetUA::>

 

4. Check the existing export policy. “infisvm” policies are created during the Vserver creation  since it’s hosting infinite volume.

NetUA::> export-policy show
  (vserver export-policy show)
Vserver          Policy Name
---------------  -------------------
infisvm          default
infisvm          repos_namespace_export_policy
infisvm          repos_restricted_export_policy
infisvm          repos_root_readonly_export_policy
ua_vs1           default
5 entries were displayed.

NetUA::>

 

5. Let’s create the new export policy for Vserver “ua_vs1” .

NetUA::> export-policy create -vserver ua_vs1 -policyname uavspol1
  (vserver export-policy create)

NetUA::>
NetUA::> export-policy show -vserver ua_vs1
  (vserver export-policy show)
Vserver          Policy Name
---------------  -------------------
ua_vs1           default
ua_vs1           uavspol1
2 entries were displayed.

NetUA::>

 

6. Create the new rule for “uavspol1” policy.

NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 0.0.0.0/0.0 -rorule any -rwrule any -allow-suid true
  (vserver export-policy rule create)

NetUA::> export-policy rule show -vserver ua_vs1
  (vserver export-policy rule show)
             Policy          Rule    Access   Client                RO
Vserver      Name            Index   Protocol Match                 Rule
------------ --------------- ------  -------- --------------------- ---------
ua_vs1       uavspol1        1       any      0.0.0.0/0.0           any

NetUA::>

 

To create the rule for specific host , use the following command .

NetUA::> export-policy rule create -vserver ua_vs1 -policyname uavspol1 -clientmatch 192.168.0.150 -rorule any -rwrule any -allow-suid true
  (vserver export-policy rule create)

NetUA::> export-policy rule show -vserver ua_vs1                                                                                                       (vserver export-policy rule show)
             Policy          Rule    Access   Client                RO
Vserver      Name            Index   Protocol Match                 Rule
------------ --------------- ------  -------- --------------------- ---------
ua_vs1       uavspol1        1       any      0.0.0.0/0.0           any
ua_vs1       uavspol1        2       any      192.168.0.150         any
2 entries were displayed.

NetUA::>

You can add N-number of clients by adding rules.

 

7. Apply the policy to the Vserver ua_vs1’s volumes.

NetUA::> vol show -vserver ua_vs1 -type rw
  (volume show)
Vserver   Volume       Aggregate    State      Type       Size  Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
ua_vs1    ua_vs1_root  NetUA01_aggr1
                                    online     RW         20MB    18.88MB    5%
ua_vs1    uavol1       NetUA01_aggr1
                                    online     RW        100MB    94.86MB    5%
2 entries were displayed.

NetUA::> 
NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume uavol1
  (volume modify)

Volume modify successful on volume: uavol1
NetUA::>

These following information required to mount the volume on NFS clients .

 

Find the “ua_vs1” LIF IP address to mount the volume on NFS client.

NetUA::> net int show -vserver ua_vs1
  (network interface show)
            Logical    Status     Network            Current       Current Is
Vserver     Interface  Admin/Oper Address/Mask       Node          Port    Home
----------- ---------- ---------- ------------------ ------------- ------- ----
ua_vs1
            uadata1      up/up    192.168.0.123/24   NetUA-01      e0c     true

NetUA::>

 

Find the junction path for volume uavol1.

NetUA::> volume show -vserver ua_vs1 -volume uavol1 -fields junction-path
vserver volume junction-path
------- ------ -------------
ua_vs1  uavol1 /uavol1_new

NetUA::>

 

 

Mount the Volume on Linux Client:

1.Login to the linux host.

2.Try to mount the uavol1 volume.

root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1
mount.nfs: access denied by server while mounting 192.168.0.123:/uavol1_new
root@uacloud:~#

Error: mount.nfs: access denied by server while mounting XXX.XXX.XXX.XXX:/volume_name.

Most of the time , you will face this issue when you are not setting the policy to the Vserver root volume.

 

Just login to the Cluster LIF as admin and set the policy for Vserver root volume too.

NetUA::> vol modify -vserver ua_vs1 -policy uavspol1 -volume ua_vs1_root
  (volume modify)

Volume modify successful on volume: ua_vs1_root

NetUA::> 
NetUA::> volume show -vserver ua_vs1 -volume ua_vs1_root -fields policy
vserver volume      policy
------- ----------- --------
ua_vs1  ua_vs1_root uavspol1

NetUA::>

 

Try to mount the volume “uavol1”  again.

root@uacloud:~# mount -t nfs 192.168.0.123:/uavol1_new /uavol1
root@uacloud:~# df -h /uavol1
Filesystem                 Size  Used Avail Use% Mounted on
192.168.0.123:/uavol1_new   95M  128K   95M   1% /uavol1
root@uacloud:~#

Success!!! We have successfully mounted the volume on Linux host.

 

Hope this article is informative to you . Share it ! Comment it !! Be Sociable !!!

VMTURBO-CLOUD-CAPACITY

Leave a Reply

Your email address will not be published. Required fields are marked *