Subscribe

NFS Export Policy Issue

[ Edited ]

I've unfortunately discovered the following related to export polices.  If your export policy contains rules specific to a hostname that no longer resolves in your DNS...the next time a change is applied to that export-policy OR in my case, you perform a takeover in the midst of an NDU to a newer version of CDOT...the export policy fails to function.

 

So basically, all VALID hostnames in the export policy lose access to the mount.  Then as soon as you remove the offending rules from the export policy, access to the mount resumes on the valid hosts defined.

 

The symptom from the NFS client is all access being halted w/ a busy NFS mount status.  For example, simply running an 'ls' command on the mount halts your console activity indefinitely and it will free back up as soon as you delete the offending rules.

 

This is repeatable for me and I'm currently running version CDOT 8.2.3 on our FAS cluster.

 

Anyone else had this occur?  What are thoughts on this behavior?  I personally feel this is a BAD thing even though it does protect the security of the export.  It would have been a horrible story to tell if this had happened to a volume we use for our VMware NFS datastores.