Hi John,
There are default "certified" WFA commands in the "cm_storage" schema for creating export polices and rules. These are:
- Create export policy
- Create export rule
I posted some code which might be useful for you to delete export policy rules here:
http://community.netapp.com/t5/OnCommand-Storage-Management-Software-Discussions/OnCommand-WFA-Workflow-to-update-or-delete-export-rule-cdot/td-p/1256...
If you want to modify the WFA command for creating an export rule to specify additional input parameters then following code might be useful for you.
Param(
[Parameter(Mandatory=$True, HelpMessage="The Cluster name or IP address")]
[String]$Cluster,
[Parameter(Mandatory=$True, HelpMessage="The Export policy name")]
[String]$PolicyName,
[Parameter(Mandatory=$True, HelpMessage="The Client match")]
[String]$ClientMatch,
[Parameter(Mandatory=$True, HelpMessage="The Vserver name")]
[String]$VserverName,
[Parameter(Mandatory=$False, HelpMessage="The Rule index")]
[Int]$RuleIndex,
[Parameter(Mandatory=$True, HelpMessage="The Read only security flavor")]
[String]$RoRule,
[Parameter(Mandatory=$True, HelpMessage="The Read write security flavor")]
[String]$RwRule,
[Parameter(Mandatory=$False, HelpMessage="The Protocols")]
[String]$Protocol,
[Parameter(Mandatory=$False, HelpMessage="The Super user sec flavor")]
[String]$Superuser,
[Parameter(Mandatory=$False, HelpMessage="The User name or ID to which anonymous users are mapped")]
[String]$AnonymousUserId,
[Parameter(Mandatory=$False, HelpMessage="If specified, the NFS server will honor SetUID bits in SETATTR operation")]
[Bool]$EnableSetUid,
[Parameter(Mandatory=$False, HelpMessage="If specified, the NFS server will not allow creation of devices")]
[Bool]$DisableSetUid,
[Parameter(Mandatory=$False, HelpMessage="If specified, the NFS server will allow creation of devices")]
[Bool]$EnableDev,
[Parameter(Mandatory=$False, HelpMessage="If specified, the NFS server will not allow creation of devices")]
[Bool]$DisableDev,
[Parameter(Mandatory=$False, HelpMessage="Ignore or Fail unix security operations on NTFS volumes. Possible values are 'ignore', 'fail'. Default value is 'fail'")]
[ValidateSet("ignore","fail")]
[String]$NtfsUnixSecurityOps,
[Parameter(Mandatory=$False, HelpMessage="Change ownership mode. Possible values are 'restricted', 'unrestricted'. Default value is 'restricted'")]
[ValidateSet("restricted","unrestricted")]
[String]$ChownMode,
[Parameter(Mandatory=$False, HelpMessage="The maximum number of ZAPI retry attempts")]
[Int]$ZapiRetryCount
)
#'------------------------------------------------------------------------------
#'Ensure the input parameters are valid.
#'------------------------------------------------------------------------------
If($EnableSetUid -And $DisableSetUid){
Throw "The input parameters ""EnableSetUid"" and ""DisableSetUid"" are both provided. Please provide either parameter, not both parameters"
}
If($EnableDev -And $DisableDev){
Throw "The input parameters ""EnableDev"" and ""DisableDev"" are both provided. Please provide either parameter, not both parameters"
}
#'------------------------------------------------------------------------------
#'Connect to the cluster.
#'------------------------------------------------------------------------------
Connect-WFACluster $Cluster
#'------------------------------------------------------------------------------
#'Ensure the export policy exists.
#'------------------------------------------------------------------------------
[String]$command = "Get-NcExportPolicy -VserverContext $VserverName -Name $PolicyName "
If($ZapiRetryCount){
[String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-ErrorAction Stop"
Try{
$policy = Invoke-Expression -Command $command -ErrorAction Stop
Get-WFALogger -Info -Message "Executed Command`: $command"
Get-WFALogger -Info -Message "Enumerated Export Policy ""$PolicyName"" on vserver ""$VserverName"""
}Catch{
Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
Throw "Failed enumerating Export Policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Ensure the policy is created if it doesn't exist.
#'------------------------------------------------------------------------------
If(-Not($policy)){
Get-WFALogger -Info -Message "Creating Export Policy ""$PolicyName"" on vserver ""$VserverName"""
[String]$command = "New-NcExportPolicy -Name $PolicyName -VserverContext $VserverName "
If($ZapiRetryCount){
[String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-ErrorAction Stop"
Try{
Invoke-Expression -Command $command -ErrorAction Stop
Get-WFALogger -Info -Message "Executed Command`: $command"
Get-WFALogger -Info -Message "Created Export Policy ""$PolicyName"" on vserver ""$VserverName"""
}Catch{
Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
Throw "Failed creating Export Policy ""$PolicyName"" on vserver ""$VserverName"""
}
}
#'------------------------------------------------------------------------------
#'Enumerate the export policy rules to check if a rule for the client already exists.
#'------------------------------------------------------------------------------
If($policy){
$query = Get-NcExportRule -Template
$query.ClientMatch = $ClientMatch
$query.PolicyName = $PolicyName
$query.Vserver = $VserverName
$query.RoRule = $RoRule
$query.RwRule = $RwRule
If($Protocol){
$query.Protocol = $Protocol
}
Try{
$exportRules = Get-NcExportRule -Query $query -ErrorAction Stop
}Catch{
Get-WFALogger -Error -Message $("Failed enumerating export policy rules for policy ""$PolicyName"" on vserver ""$VserverName"". Error " + $_.Exception.Message)
Throw "Failed enumerating export policy rules for policy ""$PolicyName"" on vserver ""$VserverName"""
}
}
#'------------------------------------------------------------------------------
#'Exit if the export policy rule already exists.
#'------------------------------------------------------------------------------
If($exportRules){
Get-WFALogger -Info -Message "The client ""$ClientMatch"" is already exported in policy ""$PolicyName"" on vserver ""$VserverName"""
Exit 0
}Else{
Get-WFALogger -Info -Message "Creating export policy rule for client ""$ClientMatch"" in policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Set the command to create the export policy rule for the client.
#'------------------------------------------------------------------------------
[String]$command = "New-NcExportRule -Policy '$PolicyName' -ClientMatch '$ClientMatch' -ReadOnlySecurityFlavor $RoRule -ReadWriteSecurityFlavor $RwRule -VserverContext $VserverName "
If($RuleIndex){
[String]$command += "-Index $RuleIndex "
}
If($Protocol){
[String]$command += "-Protocol $Protocol "
}
If($Superuser){
[String]$command += "-SuperUserSecurityFlavor $Superuser "
}
If($AnonymousUserId){
[String]$command += "-Anon $AnonymousUserId "
}
If($EnableSetUid){
[String]$command += "-EnableSetUid "
}
If($DisableSetUid){
[String]$command += "-DisableSetUid "
}
If($EnableDev){
[String]$command += "-EnableDev "
}
If($DisableDev){
[String]$command += "-DisableDev "
}
If($NtfsUnixSecurityOps){
[String]$command += "-NtfsUnixSecurityOps $NtfsUnixSecurityOps "
}
If($ChownMode){
[String]$command += "-ChownMode $ChownMode "
}
If($ZapiRetryCount){
[String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-ErrorAction Stop"
#'------------------------------------------------------------------------------
#'Create the export policy rule for the client.
#'------------------------------------------------------------------------------
Try{
Invoke-Expression -Command $command -ErrorAction Stop
Get-WFALogger -Info -Message "Executed Command`: $command"
Get-WFALogger -Info -Message "Created policy rule in export policy ""$PolicyName"" on vserver ""$VserverName"""
}Catch{
Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
Throw "Failed creating policy rule in export policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
/Matt
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.