Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Start a New Post

Add NFS export permissions

james_willing
‎2011-03-23 08:19 PM

Hi,

Can anyone tell me if I am doing something wrong?

I am trying to add some more IPs to root & Read-write access on the NFS export (For a VMware datastore).

The command I am using is

Set-NaNfsExport -Path /vol/my_test -ReadWrite "192.168.0.1" -Root "192.168.0.1" -persistent -Controller (Connect-NaController -name mynetapp -Transient)

And everytime it overwrites the values in the readWrite and Root it nevver appends or adds to the list.

Is there anyway to do this?

Or am I just doing it workng?

0 Kudos
View By:
1 ACCEPTED SOLUTION

timothyn
NetApp Alumni
‎2011-03-24 08:45 AM

Unfortunately, Set-NaNfsExport will replace the permissions, and there is nothing to add permisions built in to the toolkit.  It's also not trivial because the input to Set-NaNfsExport & Add-NaNfsExport can't handle all of the permutations that Get-NaNfsExport can return (allow vs. deny, sys vs. user, multiple levels, etc).  But if you are creating all of your NFS exports with powershell (or you are using very simple one rule exports) then we can get pretty close.

*WARNING* this example could break existing exports if they are not configured by the toolkit.

Here's a very ugly function that will get the rules in a format that can be used by Set-NaNfsExport and eliminate rules that are not compatible:

#Expects the NFS Export info returned by Get-NaNfsExport
#Returns output that can be passed directly to Set-NaNfsExport
function getSimpleNfsExport ($export) {
    $exportParams = @{
        Path = $export.Pathname;
        ActualPath = $export.ActualPathname;
        Persistent = $false;
        ReadOnly = @($export.SecurityRules[0].ReadOnly |  ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        ReadWrite = @($export.SecurityRules[0].ReadWrite |  ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        Root = @($export.SecurityRules[0].Root | ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        NoSuid = $export.SecurityRules[0].NoSuid -eq $true;
        Anon = $export.SecurityRules[0].Anon;
        SecurityFlavors = $export.SecurityRules[0].SecFlavor[0].Flavor;
    }
    return $exportParams
}

Once you have that loaded or in your script you can do something like this:

PS C:\> $params = getSimpleNfsExport (Get-NaNfsExport /vol/testvol)
PS C:\> $params.ReadOnly += "10.61.169.80"
PS C:\> Set-NaNfsExport @params
PS C:\> getSimpleNfsExport (Get-NaNfsExport /vol/testvol)

Name                           Value                                                                                                     
----                           -----                                                                                                     
ReadWrite                      {all-hosts}                                                                                               
ReadOnly                       {10.61.169.3, 10.16.169.4, 10.61.169.80}                                                                                
Path                           /vol/testvol                                                                                              
NoSuid                         False                                                                                                     
Anon                                                                                                                                     
Persistent                     False                                                                                                     
ActualPath                                                                                                                               
Root                           {10.61.169.76}                                                                                            
SecurityFlavors                sys 

View solution in original post

3 REPLIES 3

skiser
‎2012-02-24 01:29 PM

I updated my volume creation script.  It has an NFS export function in it.  Check it out at https://communities.netapp.com/docs/DOC-23751

timothyn
NetApp Alumni
‎2011-03-24 08:45 AM

Unfortunately, Set-NaNfsExport will replace the permissions, and there is nothing to add permisions built in to the toolkit.  It's also not trivial because the input to Set-NaNfsExport & Add-NaNfsExport can't handle all of the permutations that Get-NaNfsExport can return (allow vs. deny, sys vs. user, multiple levels, etc).  But if you are creating all of your NFS exports with powershell (or you are using very simple one rule exports) then we can get pretty close.

*WARNING* this example could break existing exports if they are not configured by the toolkit.

Here's a very ugly function that will get the rules in a format that can be used by Set-NaNfsExport and eliminate rules that are not compatible:

#Expects the NFS Export info returned by Get-NaNfsExport
#Returns output that can be passed directly to Set-NaNfsExport
function getSimpleNfsExport ($export) {
    $exportParams = @{
        Path = $export.Pathname;
        ActualPath = $export.ActualPathname;
        Persistent = $false;
        ReadOnly = @($export.SecurityRules[0].ReadOnly |  ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        ReadWrite = @($export.SecurityRules[0].ReadWrite |  ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        Root = @($export.SecurityRules[0].Root | ?{$_} |
                    % { if ($_.AllHosts) {"all-hosts"} else {$_.Name} });
        NoSuid = $export.SecurityRules[0].NoSuid -eq $true;
        Anon = $export.SecurityRules[0].Anon;
        SecurityFlavors = $export.SecurityRules[0].SecFlavor[0].Flavor;
    }
    return $exportParams
}

Once you have that loaded or in your script you can do something like this:

PS C:\> $params = getSimpleNfsExport (Get-NaNfsExport /vol/testvol)
PS C:\> $params.ReadOnly += "10.61.169.80"
PS C:\> Set-NaNfsExport @params
PS C:\> getSimpleNfsExport (Get-NaNfsExport /vol/testvol)

Name                           Value                                                                                                     
----                           -----                                                                                                     
ReadWrite                      {all-hosts}                                                                                               
ReadOnly                       {10.61.169.3, 10.16.169.4, 10.61.169.80}                                                                                
Path                           /vol/testvol                                                                                              
NoSuid                         False                                                                                                     
Anon                                                                                                                                     
Persistent                     False                                                                                                     
ActualPath                                                                                                                               
Root                           {10.61.169.76}                                                                                            
SecurityFlavors                sys 

View solution in original post

james_willing
‎2011-03-24 02:20 PM
In response to timothyn

Thanks for that. Is there any plan to make the Set-NaNfsExport anymore friendly?

As it would a really great feature if you could add security rules using powershell, without overwriting the current settings..

It would work really well with ESX configuration scripts, being able to add new hosts to the NFS share and then mount it as part of a scripted setup.

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public