Network and Storage Protocols

NFS 4.1 (aka NFS4.1 aka NFSv4.1) Configuration for VMware vSphere 6.0 / ESXi 6.0

RCProAm
18,683 Views

I have run into a roadblok of sorts attempting to create an NFS 4.1 datastore in vSphere 6.0 on a NetApp FAS2552 running Clustered Data Ontap (CDOT) 8.3.2. NetApp seems to elude to NFS 4.1 in some documentation, however I have yet to find an actual configuration guide on how to configure NFS 4.1 for vSphere/ESXi 6.0 datastores. Similarly, the VMware compatibility matrix states that the combination of vSphere 6.0 and CDOT 8.3.2 supports NFS 4.1, but there is no guide from VMware specific to NetApp filers and NFS 4.1

 

Below is the relavent configuration I have on the NetApp CDOT 8.3.2 filer:

 

 

FAS2552::vserver nfs> show -vserver NFS41_SVM

                            Vserver: NFS41_SVM
                 General NFS Access: true
                             NFS v3: disabled
                           NFS v4.0: enabled
                       UDP Protocol: enabled
                       TCP Protocol: enabled
               Default Windows User:
                NFSv4.0 ACL Support: disabled
    NFSv4.0 Read Delegation Support: disabled
   NFSv4.0 Write Delegation Support: disabled
            NFSv4 ID Mapping Domain: defaultv4iddomain.com
NFSv4 Grace Timeout Value (in secs): 45
Preserves and Modifies NFSv4 ACL (and NTFS File Permissions in Unified Security Style): enabled
      NFSv4.1 Minor Version Support: enabled
                      Rquota Enable: disabled
       NFSv4.1 Parallel NFS Support: disabled
                NFSv4.1 ACL Support: disabled
               NFS vStorage Support: disabled
NFSv4 Support for Numeric Owner IDs: enabled
              Default Windows Group: -
    NFSv4.1 Read Delegation Support: disabled
   NFSv4.1 Write Delegation Support: disabled
                NFS Mount Root Only: enabled
                      NFS Root Only: disabled
Permitted Kerberos Encryption Types: des, des3, aes-128, aes-256
                  Showmount Enabled: disabled
Set the Protocol Used for Name Services Lookups for Exports: udp
        NFSv3 MS-DOS Client Support: disabled

 

 

FAS2552::vserver export-policy rule> show

             Policy          Rule    Access   Client                RO
Vserver      Name            Index   Protocol Match                 Rule
------------ --------------- ------  -------- --------------------- ---------
NFS41_SVM    ESXi_NFS41_Policy
                             1       nfs4     10.80.20.22           sys
NFS41_SVM    ESXi_NFS41_Policy
                             2       nfs4     10.80.20.21           sys

 

FAS2552::volume> show -vserver NFS41_SVM -volume vol3_nfs


                                   Vserver Name: NFS41_SVM
                                    Volume Name: vol3_nfs
                                 Aggregate Name: aggr1_sas_10K
                                    Volume Size: 125GB
                             Volume Data Set ID: 1037
                      Volume Master Data Set ID: 2159429313
                                   Volume State: online
                                    Volume Type: RW
                                   Volume Style: flex
                         Is Cluster-Mode Volume: true
                          Is Constituent Volume: false
                                  Export Policy: ESXi_NFS41_Policy
                                        User ID: 0
                                       Group ID: 0
                                 Security Style: unix
                               UNIX Permissions: ---rwxr-xr-x
                                  Junction Path: /vol3_nfs
                           Junction Path Source: RW_volume
                                Junction Active: true
                         Junction Parent Volume: NFS41_SVM_root
                                        Comment:
                                 Available Size: 100.00GB
                                Filesystem Size: 125GB

FAS2552::network interface> show -vserver NFS41_SVM
            Logical    Status     Network            Current       Current Is
Vserver     Interface  Admin/Oper Address/Mask       Node          Port    Home
----------- ---------- ---------- ------------------ ------------- ------- ----
NFS41_SVM
            NFS41_SVM_nfs_lif1
                         up/up    10.80.20.251/24    FAS2552A     a1a-20  true

 

 

And I see the following in the vmkernel.log on the VMware ESXi 6.0 host when attempting to mount the datastore via NFS 4.1 (without Kerberos):

 

2016-10-27T22:07:19.207Z cpu14:34284 opID=25ab9a7c)NFS41: NFS41_VSIMountSet:402: Mount server: 10.80.20.251, port: 2049, path: /vol3_nfs, label: NFS41-Datastore, security: 1 user: , options: <none>
2016-10-27T22:07:19.207Z cpu14:34284 opID=25ab9a7c)StorageApdHandler: 982: APD Handle  Created with lock[StorageApd-0x4306cb687140]
2016-10-27T22:07:19.208Z cpu6:33546)NFS41: NFS41ProcessClusterProbeResult:3865: Reclaiming state, cluster 0x4306cb688340 [13]
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)WARNING: NFS41: NFS41FSGetRootFH:4030: Lookup vol3_nfs failed for volume NFS41-Datastore: Permission denied
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)WARNING: NFS41: NFS41FSCompleteMount:3558: NFS41FSGetRootFH failed: Permission denied
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)WARNING: NFS41: NFS41FSDoMount:4168: First attempt to mount the filesystem failed: Permission denied
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)WARNING: NFS41: NFS41_FSMount:4412: NFS41FSDoMount failed: Permission denied
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)StorageApdHandler: 1066: Freeing APD handle 0x4306cb687140 []
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)StorageApdHandler: 1150: APD Handle freed!
2016-10-27T22:07:19.208Z cpu14:34284 opID=25ab9a7c)WARNING: NFS41: NFS41_VSIMountSet:410: NFS41_FSMount failed: Permission denied

 

Also the ESXi NFS vmkernel is on the same subnet and same VLAN as the NetApp SVM LIF. There are no IP connectivity issues and I have no problem mounting NFSv3 datastores from another SVM on the same FAS2552 filer. Here is a vmkping from the ESXi 6.0 host confirming no IP connectivity issue to the SVM:

 

[root@esxihost:/tmp] vmkping 10.80.20.251
PING 10.80.20.251 (10.80.20.251): 56 data bytes
64 bytes from 10.80.20.251: icmp_seq=0 ttl=255 time=0.164 ms
64 bytes from 10.80.20.251: icmp_seq=1 ttl=255 time=0.169 ms
64 bytes from 10.80.20.251: icmp_seq=2 ttl=255 time=0.166 ms

--- 10.80.20.251 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.164/0.166/0.169 ms

 

 

Would anyone happen to have any helpful tips resolving the "Permission denied" warnings, or be able to point me to any NetApp documentation that specifically details the NFS 4.1 cofiguration required in CDOT to allow connectivity from an ESXi 6.0 host?

 

Thank you in advance,

 

Ryan

14 REPLIES 14
Public