NetApp 7-mode – NFS overview

NFS is a stateless protocol which means that each request from client to server must contain all of necessary information to understand the request.

NFS is implemented using RPC (remote procedure call) protocol which have multiple procedures that define type of request. For example client send request to server for mount:
mount server:/vol/vol0 /mnt/vol0
This request is coming to PORT 111 of the server where portmapper is listening for RPC calls.Then daemon mountd returned port for registred mount service and allows to do a mount.

What information NFS server should provide?
– Resource list, which is storage objects.
– Identification, which is client/hosts IP address list.
– Authorization, which treat about permissions.

NFS Access Cache

In access cache you will find exports, NFS clients IP addresses , access and security type. Every 15 minutes cache entries are backup onto disks. Useful commands:

  • exportfs -c – adding entry to cache
  • exportfs -f – remove entry from cache

To see access cache statistics type:
nfsstat -d

NFS Exports

In 7-Mode Data ONTAP exports are managed as presented:
– Held in memory and used by mountd.
– Persistent defined in /etc/exports.
– Temporary, can be defined through command line and are located only in memory.

Identification:
– IP only.
– Host name resolution (name to IP): local /etc/hosts, NIS, DNS.
– Netgroup: /etc/netgroup, NIS, LDAP.
– IP subnet.
– DNS subdomains.

Important: Lookup order is defined in /etc/nsswitch.conf.

Netgroups
Netgroups definition is located in /etc/netgroup. For example:
trustedhosts (host1, ,) (host2, ,)
untrustedhosts (host1, ,) (host2, ,)
allhosts trustedhosts untrustedhosts

then to do export just go to /etc/export and add desired path with for example:
rw=trustedhosts

Authorization:
NFS v2,v3 clients host are given permission during the mount request from export definition (read only, read write), based on directory and/or file-level permission.

NFS configuration on Data ONTAP 7-Mode

If NFS is not configured then there are few steps.
1. Initial configuration for license and starting nfs daemon.
filer> license add
filer> nfs on
2. NFS configuration about desired options.
filer> options nfs.
3. Exports configuration and mount filesystem.

DNS:
Location for DNS configuration:
filer> /etc/resolv.conf

Exporting resources on Data ONTAP 7-Mode

Loading file to memory:
filer> exportfs -a -> reboot or nfs on/off
filer> exportfs -io rw=host1:host2 /vol/volx – exporting to memory only.

Exportable resources: volume, qtree, file.

Important: export must be in memory to be accessible.

Automatic exports

  • When nfs.export.auto-update is enabled then export will be created/removed automatically when volume is created, renamed or destroyed.
  • admin.hosts option determines the default mount permissions. If set, then auto-export grant RW permissions to machines defined in admin.hosts and deny all other hosts, if not it grant RW to all hosts.

Exports options

  • exportfs show all exports that are currently in memory.
  • exportfs -p add export to the /etc/exports and to memory.
  • exportfs -w [path] saves existed export in memory to file
  • exportfs -z [path] unexport an export from memory and removes it from file
  • exportfs -r reload exports from file
  • exportfs -u [path] unexport a specific export from memory
  • exportfs -s [path] verifies the actual path to which a volume is exported
  • exportfs -q [path] displays export options per file system path

Mounts

Mounts are used to attach a storage systems exported hierarchy to the targets filesystem hierarchy.

  • Requires a mount point, that is a directory.
  • Mounted by mount command, mount tables (/etc/fstab), automonters.

Automonter is a NFS program that mount file system on demand and unmount files if they are not accessed within a few minutes.

Mount process

1. Initial communication between host and server (portmap) as a service request.
2. Mount request send by client (for example /vol/vol0) and server respond with file handle for requested directory.
3. Operation on file using NFS protocol (x operation with y parameter) send by client. Server answer with result.

Mount configuration

  • Mount point creation:
    mkdir /nfsmount
  • Mount export from storage system
    mount :/vol/vol0/home /nfsmount
  • To see export list from storage system:
    showmount -e
  • To see list of clients mounting from the storage system:
    showmount -a

  • To see list of clients mounting from the storage system:
    showmount -a

  • For persistent mount do an entry in /etc/fstab.

There is nice way to check list of current mounts from storage system perspective:
filer> rdfile /etc/rmtab

NFS export parameters

  • The nosuid parameter disables set-user-identifier or set-group-identifier. This action prevents remote users from gaining higher priviliges by running setuid program.
  • sec=sys is a standard UNIX (AUTH_SYS) authentication. Data ONTAP checks the NFS credentials of all of the NFS users, applying the file access permissions specified for those users in the NFS server’s /etc/passwd. This is a default security style.

Leave a Reply

Your email address will not be published. Required fields are marked *