2018-02-01 03:36 AM
I am using to manage the NFS export permissions on 7-mode filers, mostly 8.2.x from a perl client.
To do this we include NaElements of type "export-hostsname-info" with a string of 'all-hosts' => 'true', or "name" => "hostname or netgroup".
In code this looks like:
2018-02-23 04:59 AM - edited 2018-02-24 05:28 PM
Perform a modify without the "read-write" element to remove it from the existing entry like below.
<?xml version="1.0" encoding="UTF-8"?> <netapp xmlns="http://www.netapp.com/filer/admin" version="1.31"> <nfs-exportfs-modify-rule-2> <persistent>true</persistent> <rule> <exports-rule-info-2> <pathname>/vol/myvol/myqtree</pathname> <security-rules> <security-rule-info> <anon>6001</anon> <read-only> <exports-hostname-info> <all-hosts>true</all-hosts> </exports-hostname-info> </read-only> <root> <exports-hostname-info> <name>fpolicy</name> </exports-hostname-info> </root> <sec-flavor> <sec-flavor-info> <flavor>sys</flavor> </sec-flavor-info> </sec-flavor> </security-rule-info> </security-rules> </exports-rule-info-2> </rule> </nfs-exportfs-modify-rule-2> </netapp>
2018-03-01 02:37 AM
I found that this only works if I am specifying a RO component in the same update. I my use case I am attempting to undef rw and then set ro in sequential calls.
setting rw=’undef’ (or calling nfs-exportfs-modify-rule-2 with no rw component) does not work if read-only=’undef’, even though the API call returns success (which is not good, a bug?).It returns sucess but leave the rw export to all-hosts.
In my example the export does not have ro defined at all.
I also cannot set read-only = ‘all-hosts’ first, I get a reasonable error.
Unable to update nfs_export /vol/nyn197f2v2/cda_test246,
Both 'read-write' and 'read-only' have 'all-hosts' true.
so I can set ro to a temporary value of a host that does not exist, set rw to undef, then set ro to all-hosts in separate calls.
$nfs_export = $nfs_export->set_read_only(['unicorns']); # does not exist
$nfs_export = $nfs_export->set_read_write(); # does this drop clients?
$nfs_export = $nfs_export->set_read_only(['all-hosts']); # all read-only now
I could hide the temp host and all-hosts in my API by substituting on 'undef' and '*'. Or I will have to modify my API to handle these as a single call.
I'm not a fan of returing sucess when a default was applied rather than the instruction in the ReST call.