Subscribe

how to set NFS RO or RW to NULL with nfs-exportfs-modify-rule-2; all-hosts = false?

I am using to manage the NFS export permissions on 7-mode filers, mostly 8.2.x from a perl client.

 

To do this we include NaElements of type "export-hostsname-info" with a string of 'all-hosts' => 'true', or "name" => "hostname or netgroup".

 

In code this looks like:

 

for my $host (@{$args{read_only}}) {
    my $read_only_host = NetAppApi::NaElement->new("exports-hostname-info");
    if ($host eq 'all-hosts') {
        $read_only_host->child_add_string("all-hosts", 'true');
 
    } else {
    $read_only_host->child_add_string("name", $host);
    }

    $read_only_rule->child_add($read_only_host);

}
 
This works well for setting a new value for root=, rw= and ro=,  unless I want to undefine root, rw or ro. For example, I have a requirement to make an export RO for a data migration.  That is to change this:
 
/vol/myvol/myqtree  -sec=sys,ro=fpolicy,rw,root=fpolicy,anon=6001
 
to:
 
/vol/myvol/myqtree  -sec=sys,ro,root=fpolicy,anon=6001
 
updating RO to 'all-hosts' => 'true' is simple.  But what do I use to remove the existing rw? all-hosts is descibed as a boolean, but sending 'all-hosts' => 'false' raises an error.
 
The current read-write returned by fetching the security rule-info-2 for the export shows this for read-write:
 


   bless( {
            'content' => '',
            'name' => 'read-write',
             'children' => [
                                     bless( {
                                                 'content' => '',
                                                 'name' => 'exports-hostname-info',
                                                 'children' => [
                                                                      bless( {
                                                                                   'content' => 'true',
                                                                                   'name' => 'all-hosts',
                                                                                   'children' => [],
                                                                                   'attrvals' => [],
                                                                                   'attrkeys' => []
                                                                                }, 'NetAppApi::NaElement' )
                                                                  ],

 
 
But if I send this as an update I get an error:
 
   bless( {
            'content' => '',
            'name' => 'read-write',
             'children' => [
                                     bless( {
                                                 'content' => '',
                                                 'name' => 'exports-hostname-info',
                                                 'children' => [
                                                                      bless( {
                                                                                   'content' => 'false',
                                                                                   'name' => 'all-hosts',
                                                                                   'children' => [],
                                                                                   'attrvals' => [],
                                                                                   'attrkeys' => []
                                                                                }, 'NetAppApi::NaElement' )
                                                                  ],
 
 
Debug: Response $VAR1 = bless( {
               'content' => '',
               'name' => 'results',
               'children' => [],
               'attrvals' => [
                                    'failed',
                                    '13114',
                                   'Error no valid name found with exports-hostname-info. '
                                  ],

which in my code would be something like:
 
} elsif ($host eq 'no-hosts') {
     $read_write_host->child_add_string("all-hosts", 'false')
 
I have confirmed that setting read-write => 'somethingthatdoesnotexit' is a workaround for my RO use case, but it results in an export entry of:
 
/vol/myvol/myqtree  -sec=sys,ro,rw=somethingthatdoesnotexit,root=fpolicy,anon=6001
 
rather than the format that I would like:
 
/vol/myvol/myqtree  -sec=sys,ro,root=fpolicy,anon=6001
 
(and introduces an issue if someone ever made  ahost of that name!).
 
any advice on how to remove rw,ro or root with this method?
 
Thanks,
 
Chris
 
 

Re: how to set NFS RO or RW to NULL with nfs-exportfs-modify-rule-2; all-hosts = false?

[ Edited ]

Perform a modify without the "read-write" element to remove it from the existing entry like below.

<?xml version="1.0" encoding="UTF-8"?>
<netapp  xmlns="http://www.netapp.com/filer/admin" version="1.31">
  <nfs-exportfs-modify-rule-2>
    <persistent>true</persistent>
    <rule>
      <exports-rule-info-2>
        <pathname>/vol/myvol/myqtree</pathname>
        <security-rules>
          <security-rule-info>
            <anon>6001</anon>
            <read-only>
              <exports-hostname-info>
                <all-hosts>true</all-hosts>
              </exports-hostname-info>
            </read-only>
            <root>
              <exports-hostname-info>
                <name>fpolicy</name>
              </exports-hostname-info>
            </root>
            <sec-flavor>
              <sec-flavor-info>
                <flavor>sys</flavor>
              </sec-flavor-info>
            </sec-flavor>
          </security-rule-info>
        </security-rules>
      </exports-rule-info-2>
    </rule>
  </nfs-exportfs-modify-rule-2>
</netapp>

 

Before:

/vol/myvol/myqtree      -sec=sys,ro=fpolicy,rw,root=fpolicy,anon=6001

 

After:

/vol/myvol/myqtree      -sec=sys,ro,root=fpolicy,anon=6001

Re: how to set NFS RO or RW to NULL with nfs-exportfs-modify-rule-2; all-hosts = false?

 

I found that this only works if I am specifying a RO component in the same update. I my use case I am attempting to undef rw and then set ro in sequential calls.

 

setting rw=’undef’ (or calling nfs-exportfs-modify-rule-2 with no rw component) does not work if read-only=’undef’, even though the API call returns success (which is not good, a bug?).It returns sucess but leave the rw export to all-hosts.

 

In my example the export does not have ro defined at all.

 

I also cannot set read-only = ‘all-hosts’ first, I get a reasonable error.

 

Unable to update nfs_export /vol/nyn197f2v2/cda_test246,

Both 'read-write' and 'read-only' have 'all-hosts' true.

 

so I can set ro to a temporary value of a host that does not exist, set rw to undef, then set ro to all-hosts in separate calls.

 

$nfs_export = $nfs_export->set_read_only(['unicorns']);   # does not exist

$nfs_export = $nfs_export->set_read_write();                   # does this drop clients?

$nfs_export = $nfs_export->set_read_only(['all-hosts']);   # all read-only now

 

I could hide the temp host and all-hosts in my API by substituting on 'undef' and '*'. Or I will have to modify my API to handle these as a single call.

 

I'm not a fan of returing sucess when a default was applied rather than the instruction in the ReST call.

Re: how to set NFS RO or RW to NULL with nfs-exportfs-modify-rule-2; all-hosts = false?

Modifying your API to make a single call sounds like the best approach.