[gpfsug-discuss] CES NFS export
Chetan R Kulkarni
chetkulk at in.ibm.com
Mon May 7 09:08:33 BST 2018
Make sure NFSv4 ID Mapping value matches on client and server.
On server side (i.e. CES nodes); you can set as below:
$ mmnfs config change IDMAPD_DOMAIN=test.com
On client side (e.g. RHEL NFS client); one can set it using Domain
attribute in /etc/idmapd.conf file.
$ egrep ^Domain /etc/idmapd.conf
Domain = test.com
[root at rh73node2 2018_05_07-13:31:11 ~]$
$ service nfs-idmap restart
Please refer following link for the details:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/com.ibm.spectrum.scale.v5r00.doc/b1ladm_authconsidfornfsv4access.htm
Thanks,
Chetan.
From: "Yaron Daniel" <YARD at il.ibm.com>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 05/07/2018 10:46 AM
Subject: Re: [gpfsug-discuss] CES NFS export
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Hi
If you want to use NFSv3 , define only NFSv3 on the export.
In case you work with NFSv4 - you should have "DOMAIN\user" all the way -
so this way you will not get any user mismatch errors, and see permissions
like nobody.
Regards
Yaron 94 Em
Daniel Ha'Moshavot Rd
Storage Petach Tiqva,
Architect 49527
IBM Israel
Global
Markets,
Systems
HW Sales
Phone: +972-3-916-5672
Fax: +972-3-916-5672
Mobile: +972-52-8395593
e-mail: yard at il.ibm.com
IBM
Israel
IBM Storage Strategy and Solutions v1IBM Storage Management and Data
Protection v1 Related image
From: Jagga Soorma <jagga13 at gmail.com>
To: gpfsug-discuss at spectrumscale.org
Date: 05/07/2018 06:05 AM
Subject: Re: [gpfsug-discuss] CES NFS export
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Looks like this is due to nfs v4 and idmapd domain not being
configured correctly. I am going to test further and reach out if
more assistance is needed.
Thanks!
On Sun, May 6, 2018 at 6:35 PM, Jagga Soorma <jagga13 at gmail.com> wrote:
> Hi Guys,
>
> We are new to gpfs and have a few client that will be mounting gpfs
> via nfs. We have configured the exports but all user/group
> permissions are showing up as nobody. The gateway/protocol nodes can
> query the uid/gid's via centrify without any issues as well as the
> clients and the perms look good on a client that natively accesses the
> gpfs filesystem. Is there some specific config that we might be
> missing?
>
> --
> # mmnfs export list --nfsdefs /gpfs/datafs1
> Path Delegations Clients
> Access_Type Protocols Transports Squash Anonymous_uid
> Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids
> NFS_Commit
>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> /gpfs/datafs1 NONE {nodenames} RW 3,4 TCP
> ROOT_SQUASH -2 -2 SYS FALSE NONE
> TRUE FALSE
> /gpfs/datafs1 NONE {nodenames} RW 3,4
> TCP NO_ROOT_SQUASH -2 -2 SYS FALSE
> NONE TRUE FALSE
> /gpfs/datafs1 NONE {nodenames} RW 3,4 TCP
> ROOT_SQUASH -2 -2 SYS FALSE
> NONE TRUE FALSE
> --
>
> On the nfs clients I see this though:
>
> --
> # ls -l
> total 0
> drwxrwxr-t 3 nobody nobody 4096 Mar 20 09:19 dir1
> drwxr-xr-x 4 nobody nobody 4096 Feb 9 17:57 dir2
> --
>
> Here is our mmnfs config:
>
> --
> # mmnfs config list
>
> NFS Ganesha Configuration:
> ==========================
> NFS_PROTOCOLS: 3,4
> NFS_PORT: 2049
> MNT_PORT: 0
> NLM_PORT: 0
> RQUOTA_PORT: 0
> NB_WORKER: 256
> LEASE_LIFETIME: 60
> DOMAINNAME: VIRTUAL1.COM
> DELEGATIONS: Disabled
> ==========================
>
> STATD Configuration
> ==========================
> STATD_PORT: 0
> ==========================
>
> CacheInode Configuration
> ==========================
> ENTRIES_HWMARK: 1500000
> ==========================
>
> Export Defaults
> ==========================
> ACCESS_TYPE: NONE
> PROTOCOLS: 3,4
> TRANSPORTS: TCP
> ANONYMOUS_UID: -2
> ANONYMOUS_GID: -2
> SECTYPE: SYS
> PRIVILEGEDPORT: FALSE
> MANAGE_GIDS: TRUE
> SQUASH: ROOT_SQUASH
> NFS_COMMIT: FALSE
> ==========================
>
> Log Configuration
> ==========================
> LOG_LEVEL: EVENT
> ==========================
>
> Idmapd Configuration
> ==========================
> LOCAL-REALMS: LOCALDOMAIN
> DOMAIN: LOCALDOMAIN
> ==========================
> --
>
> Thanks!
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=3k9qWcL7UfySpNVW2J8S1XsIekUHTHBBYQhN7cPVg3Q&s=844KFrfpsN6nT-DKV6HdfS8EEejdwHuQxbNR8cX2cyc&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0012.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15633834.gif
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0013.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15657152.gif
Type: image/gif
Size: 4376 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0014.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15750750.gif
Type: image/gif
Size: 5093 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0015.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15967392.gif
Type: image/gif
Size: 4746 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0016.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15858665.gif
Type: image/gif
Size: 4557 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0017.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15884206.jpg
Type: image/jpeg
Size: 11294 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180507/6f964017/attachment-0002.jpg>
More information about the gpfsug-discuss
mailing list