[gpfsug-discuss] CES NFS export

Chetan R Kulkarni chetkulk at in.ibm.com
Mon May 7 09:08:33 BST 2018




Make sure NFSv4 ID Mapping value matches on client and server.

On server side (i.e. CES nodes); you can set as below:

  $ mmnfs config change IDMAPD_DOMAIN=test.com

On client side (e.g. RHEL NFS client); one can set it using Domain
attribute in /etc/idmapd.conf file.

  $ egrep ^Domain /etc/idmapd.conf
  Domain = test.com
  [root at rh73node2 2018_05_07-13:31:11 ~]$
  $ service nfs-idmap restart

Please refer following link for the details:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/com.ibm.spectrum.scale.v5r00.doc/b1ladm_authconsidfornfsv4access.htm

Thanks,
Chetan.



From:	"Yaron Daniel" <YARD at il.ibm.com>
To:	gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:	05/07/2018 10:46 AM
Subject:	Re: [gpfsug-discuss] CES NFS export
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



Hi

If you want to use NFSv3 , define only NFSv3 on the export.
In case you work with NFSv4 - you should have "DOMAIN\user" all the way -
so this way you will not get any user mismatch errors, and see permissions
like nobody.



Regards

                                                                                   
                                                                                   
                                                                                   
                                                                                   
                                                                                   
                                                                                   
                                                                                   
 Yaron                                                 94 Em                       
 Daniel                                               Ha'Moshavot Rd               
                                                                                   
 Storage                                               Petach Tiqva,               
 Architect                                            49527                        
                                                                                   
 IBM                                                   Israel                      
 Global                                                                            
 Markets,                                                                          
 Systems                                                                           
 HW Sales                                                                          
                                                                                   
                                                                                   
                                                                                   
 Phone:    +972-3-916-5672                                                         
                                                                                   
 Fax:      +972-3-916-5672                                                         
                                                                                   
 Mobile:   +972-52-8395593                                                         
                                                                                   
 e-mail:   yard at il.ibm.com                                                         
                                                                                   
 IBM                                                                               
 Israel                                                                            
                                                                                   
                                                                                   
                                                                                   
                                                                                   
                                                                                   




IBM Storage Strategy and Solutions v1IBM Storage Management and Data
Protection v1       Related image



From:        Jagga Soorma <jagga13 at gmail.com>
To:        gpfsug-discuss at spectrumscale.org
Date:        05/07/2018 06:05 AM
Subject:        Re: [gpfsug-discuss] CES NFS export
Sent by:        gpfsug-discuss-bounces at spectrumscale.org



Looks like this is due to nfs v4 and idmapd domain not being
configured correctly.  I am going to test further and reach out if
more assistance is needed.

Thanks!

On Sun, May 6, 2018 at 6:35 PM, Jagga Soorma <jagga13 at gmail.com> wrote:
> Hi Guys,
>
> We are new to gpfs and have a few client that will be mounting gpfs
> via nfs.  We have configured the exports but all user/group
> permissions are showing up as nobody.  The gateway/protocol nodes can
> query the uid/gid's via centrify without any issues as well as the
> clients and the perms look good on a client that natively accesses the
> gpfs filesystem.  Is there some specific config that we might be
> missing?
>
> --
> # mmnfs export list --nfsdefs /gpfs/datafs1
> Path          Delegations Clients
> Access_Type Protocols Transports Squash         Anonymous_uid
> Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids
> NFS_Commit
>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

> /gpfs/datafs1 NONE        {nodenames} RW          3,4       TCP
> ROOT_SQUASH    -2            -2            SYS     FALSE          NONE
>               TRUE        FALSE
> /gpfs/datafs1 NONE        {nodenames}           RW          3,4
> TCP        NO_ROOT_SQUASH -2            -2            SYS     FALSE
>       NONE               TRUE        FALSE
> /gpfs/datafs1 NONE       {nodenames}      RW          3,4       TCP
>     ROOT_SQUASH    -2            -2            SYS     FALSE
> NONE               TRUE        FALSE
> --
>
> On the nfs clients I see this though:
>
> --
> # ls -l
> total 0
> drwxrwxr-t 3 nobody nobody 4096 Mar 20 09:19 dir1
> drwxr-xr-x 4 nobody nobody 4096 Feb  9 17:57 dir2
> --
>
> Here is our mmnfs config:
>
> --
> # mmnfs config list
>
> NFS Ganesha Configuration:
> ==========================
> NFS_PROTOCOLS: 3,4
> NFS_PORT: 2049
> MNT_PORT: 0
> NLM_PORT: 0
> RQUOTA_PORT: 0
> NB_WORKER: 256
> LEASE_LIFETIME: 60
> DOMAINNAME: VIRTUAL1.COM
> DELEGATIONS: Disabled
> ==========================
>
> STATD Configuration
> ==========================
> STATD_PORT: 0
> ==========================
>
> CacheInode Configuration
> ==========================
> ENTRIES_HWMARK: 1500000
> ==========================
>
> Export Defaults
> ==========================
> ACCESS_TYPE: NONE
> PROTOCOLS: 3,4
> TRANSPORTS: TCP
> ANONYMOUS_UID: -2
> ANONYMOUS_GID: -2
> SECTYPE: SYS
> PRIVILEGEDPORT: FALSE
> MANAGE_GIDS: TRUE
> SQUASH: ROOT_SQUASH
> NFS_COMMIT: FALSE
> ==========================
>
> Log Configuration
> ==========================
> LOG_LEVEL: EVENT
> ==========================
>
> Idmapd Configuration
> ==========================
> LOCAL-REALMS: LOCALDOMAIN
> DOMAIN: LOCALDOMAIN
> ==========================
> --
>
> Thanks!
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss



_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=3k9qWcL7UfySpNVW2J8S1XsIekUHTHBBYQhN7cPVg3Q&s=844KFrfpsN6nT-DKV6HdfS8EEejdwHuQxbNR8cX2cyc&e=







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0012.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15633834.gif
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0013.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15657152.gif
Type: image/gif
Size: 4376 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0014.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15750750.gif
Type: image/gif
Size: 5093 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0015.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15967392.gif
Type: image/gif
Size: 4746 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0016.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15858665.gif
Type: image/gif
Size: 4557 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0017.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15884206.jpg
Type: image/jpeg
Size: 11294 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0002.jpg>


More information about the gpfsug-discuss mailing list