Microsoft Virtualization Discussions

Get-NaNFSExport not returning correct SecurityRules

JACOB_WILLIAMS
4,547 Views

Is there a list available somewhere that details which commandlets provided by the Powershell toolkit are complete?  I know that there isn't 100% coverage for the entire API, however I'm trying to put something together to manage NFS exports for VMWare ESXi and the results that I'm getting are not what I expected.  I'm new to using the toolkit, but not to powershell.

I'm attempting to run the toolkit against a FAS3210 running DOT 8.0.2P3 7-Mode.

At this stage I'm attempting to simply get information about the existing NFS exports, in a manner that I can use for generating reports on configuration consistency.  The commandelt Get-NaNFSExport is not returning the security rules correctly.  Get-NaNFSExport is returning that ReadWrite has the value all-hosts and Root is not showing any value.  The actual configuration is that ReadWrite and root are both set to the same list of IP addresses.

1) Is this normal behaviour for this commandlet?

2) Is this normal for the combination of the version of DOT that we run and the operation of this commandlet?

3) Is there a list somewhere that I can see which commandlets are 100% complete and which are only partially complete?

Thanks,

Jacob

4 REPLIES 4

beam
4,547 Views

Hi Jacob,

All of the cmdlets included in the toolkit are complete.  Many of the cmdlets, including Get-NaNfsExport, return data directly from Data ONTAP APIs.

1) The cmdlet by default returns the exports loaded into memory.  You can use the -Persistent switch to see the entries from /etc/exports:

PS C:\Users\Administrator> help Get-NaNfsExport -Parameter Persistent

-Persistent

    Default value is false. If specified, the export entries that are present in the /etc/exports file are returned;

    otherwise, those loaded in memory are returned. This parameter is ignored if the Path parameter is provided.

    Required?                    false

    Position?                    named

    Default value                false

    Accept pipeline input?       false

    Accept wildcard characters?  false

2)  You can use Get-NaHelp to see which API a given cmdlet uses.  Get-NaNfsExport uses nfs-exportfs-list-rules-2.  Look into Invoke-NaSystemApi if you want to explore the XML structure returned by Data ONTAP.

3)  All of the cmdlets included in the toolkit are complete.  When APIs are updated, we try our best to update the cmdlets to reflect the changes.

Thanks,

Steven

JACOB_WILLIAMS
4,547 Views

Thanks for the response. 

you say that without the -Persistent parameter that the commandlet retrieves the exports loaded into memory.  I would have assumed that actively used exports that have existed across multiple reboots would exist in memory of the filer.  That being said, even using the -Persistent parameter I am still receiving incorrect results.

PS C:\Scripts\Powershell> $filer = "colona1b"

PS C:\Scripts\Powershell> $path = "/vol/NFSB_VM08R2_05"

PS C:\Scripts\Powershell> $cred = Get-Credential

PS C:\Scripts\Powershell> $na = Connect-NaController $filer -Credential:$cred

PS C:\Scripts\Powershell> $nfs_export = Get-NaNfsExport -Path:$path -Controller:$na -Persistent:$true

PS C:\Scripts\Powershell> $nfs_export.SecurityRules

       

Anon            :

Nosuid          : True

ReadOnly        :

ReadWrite       : {all-hosts}

Root            :

SecFlavor       : {sys}

NosuidSpecified : True

This is the same results I get without the -Persistent parameter.  Both ReadWrite and Root should be showing me a list of the 24 IP Addresses for our VM cluster hosts NFS vmkernel.

Could this be related to the version of OnTap that I am running?   Currently we are on 8.0.2P3 7-Mode.1

beam
4,547 Views

It could possibly be an issue with the version of ONTAP, but I have been unable to reproduce the issue.  What is the entry in /etc/exports that is causing the error (you can use Invoke-NaSsh "exportfs -q <path>")?  Do any of the exports show the correct security rules?

-Steven

JACOB_WILLIAMS
4,547 Views

running both the invoke-nassh command and connecting via ssh and running it on the filer return the same results:

colona1b> exportfs -q /vol/NFSB_VMPage_02

/vol/NFSB_VMPage_02     -sec=sys,(ruleid=1),rw,nosuid

I've been able to identify a difference between some of the exports.  Anything that I set up prior to using the Powershell toolkit to create and share volumes returns results as above.  Anything I created using the toolkit returns the correct information, even without needing to use the -Persistent parameter.

Initially I was using filerview to set up the exports.  I progressed from that onto using NFS to mount the rootvol and edit the file that way.  Now I'm trying to use the toolkit as I can automate all the way through to mounting the exports in the vmcluster. 

Close inspection of the /etc/exports lines for an old volume and a new one show that they are structured exactly the same and aside from the volname I can't see any differences in them that could potentially explain these results.

Public