ONTAP Discussions
ONTAP Discussions
Hi all, I recently inherited an already configured AFF-A300. It already has some volumes, exported via NFS3 and they all work fine.
Today I tried to add a new volume via the Ontap system manager, but the mount fails:
# mount -v -t nfs vrc01n01b:/proj_rfip_hki /root/hki
mount.nfs: timeout set for Fri Dec 20 19:21:29 2024
mount.nfs: trying text-based options 'vers=4,addr=10.217.231.21,clientaddr=10.217.231.88'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=10.217.231.21'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.217.231.21 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.217.231.21 prog 100005 vers 3 prot UDP port 635
mount.nfs: mount(2): No such file or directory
mount.nfs: mounting vrc01n01b:/proj_rfip_hki failed, reason given by server: No such file or directory
To check the most obvious reasons:
> volume show -vserver vrcv01a -fields volume,node,junction-path,policy
vserver volume policy junction-path node
------- --------- ----------------------- ------------- ---------
vrcv01a proj_rfip_hki
clients /proj_rfip_hki
vrc01n01b
> vserver export-policy check-access -vserver vrcv01a -client-ip 10.217.231.88 -volume proj_rfip_hki -authentication-method sys -protocol nfs3 -access-type read
Policy Policy Rule Security
Path Policy Owner Owner Type Index Access Style
-------------------- ---------- --------- ---------- ---- ---------- ----------
/ default vrcv01a_rootvol
volume 2 read unix
/proj_rfip_hki clients proj_rfip_hki
volume 2 read unix
> export-policy access-cache show -node vrc01n01b -vserver vrcv01a -policy clients -address 10.217.231.88
Node: vrc01n01b
Vserver: vrcv01a
Policy Name: clients
IP Address: 10.217.231.88
Access Cache Entry Flags: has-usable-data
Result Code: 0
First Unresolved Rule Index: -
Unresolved Clientmatch: -
Number of Matched Policy Rules: 1
List of Matched Policy Rule Indexes: 2
Age of Entry: 741s
Access Cache Entry Polarity: positive
Time Elapsed since Last Use for Access Check: 407s
Time Elapsed since Last Update Attempt: 741s
Result of Last Update Attempt: 0
List of Client Match Strings: 10.217.231.0/25
From the client:
# showmount -e vrc01n01b
Export list for vrc01n01b:
/proj_rfip_hki (everyone)
So, volume is there, it is mounted, it has an export policy and the client is allowed to mount.
What am I missing? Is there anything like "exportfs -r" that I have to run?
Not sure if I missed it…how about
export-policy rule show -instance -vserver vserver
There it is
> export-policy rule show -instance -vserver vrcv01a
Vserver: vrcv01a
Policy Name: clients
Rule Index: 2
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.217.231.0/25
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: false
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: default
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: false
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: policy_10390_1707921307
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.217.231.0/25
RO Access Rule: any
RW Access Rule: none
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: false
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: policy_11210_1707920505
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.217.231.0/25
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Part 2
Vserver: vrcv01a
Policy Name: policy_11210_1707920505
Rule Index: 3
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: @vr.urania.intel.com
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: policy_29374_1725895138
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.217.231.0/25
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: policy_5716_1707922398
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: @adm_h_nasadm_fah_ivr
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: vrcv01a
Policy Name: policy_7612_1707915997
Rule Index: 1
Access Protocol: any
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.217.231.0/25
RO Access Rule: any
RW Access Rule: none
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: false
Allow Creation of Devices: true
8 entries were displayed.