Software Development Kit (SDK) and API Discussions

how to set NFS RO or RW to NULL with nfs-exportfs-modify-rule-2; all-hosts = false?

chris_algar

I am using to manage the NFS export permissions on 7-mode filers, mostly 8.2.x from a perl client.

 

To do this we include NaElements of type "export-hostsname-info" with a string of 'all-hosts' => 'true', or "name" => "hostname or netgroup".

 

In code this looks like:

 

for my $host (@{$args{read_only}}) {
    my $read_only_host = NetAppApi::NaElement->new("exports-hostname-info");
    if ($host eq 'all-hosts') {
        $read_only_host->child_add_string("all-hosts", 'true');
 
    } else {
    $read_only_host->child_add_string("name", $host);
    }

    $read_only_rule->child_add($read_only_host);

}
 
This works well for setting a new value for root=, rw= and ro=,  unless I want to undefine root, rw or ro. For example, I have a requirement to make an export RO for a data migration.  That is to change this:
 
/vol/myvol/myqtree  -sec=sys,ro=fpolicy,rw,root=fpolicy,anon=6001
 
to:
 
/vol/myvol/myqtree  -sec=sys,ro,root=fpolicy,anon=6001
 
updating RO to 'all-hosts' => 'true' is simple.  But what do I use to remove the existing rw? all-hosts is descibed as a boolean, but sending 'all-hosts' => 'false' raises an error.
 
The current read-write returned by fetching the security rule-info-2 for the export shows this for read-write:
 


   bless( {
            'content' => '',
            'name' => 'read-write',
             'children' => [
                                     bless( {
                                                 'content' => '',
                                                 'name' => 'exports-hostname-info',
                                                 'children' => [
                                                                      bless( {
                                                                                   'content' => 'true',
                                                                                   'name' => 'all-hosts',
                                                                                   'children' => [],
                                                                                   'attrvals' => [],
                                                                                   'attrkeys' => []
                                                                                }, 'NetAppApi::NaElement' )
                                                                  ],

 
 
But if I send this as an update I get an error:
 
   bless( {
            'content' => '',
            'name' => 'read-write',
             'children' => [
                                     bless( {
                                                 'content' => '',
                                                 'name' => 'exports-hostname-info',
                                                 'children' => [
                                                                      bless( {
                                                                                   'content' => 'false',
                                                                                   'name' => 'all-hosts',
                                                                                   'children' => [],
                                                                                   'attrvals' => [],
                                                                                   'attrkeys' => []
                                                                                }, 'NetAppApi::NaElement' )
                                                                  ],
 
 
Debug: Response $VAR1 = bless( {
               'content' => '',
               'name' => 'results',
               'children' => [],
               'attrvals' => [
                                    'failed',
                                    '13114',
                                   'Error no valid name found with exports-hostname-info. '
                                  ],

which in my code would be something like:
 
} elsif ($host eq 'no-hosts') {
     $read_write_host->child_add_string("all-hosts", 'false')
 
I have confirmed that setting read-write => 'somethingthatdoesnotexit' is a workaround for my RO use case, but it results in an export entry of:
 
/vol/myvol/myqtree  -sec=sys,ro,rw=somethingthatdoesnotexit,root=fpolicy,anon=6001
 
rather than the format that I would like:
 
/vol/myvol/myqtree  -sec=sys,ro,root=fpolicy,anon=6001
 
(and introduces an issue if someone ever made  ahost of that name!).
 
any advice on how to remove rw,ro or root with this method?
 
Thanks,
 
Chris
 
 
3 REPLIES 3

mpittman

Perform a modify without the "read-write" element to remove it from the existing entry like below.

<?xml version="1.0" encoding="UTF-8"?>
<netapp  xmlns="http://www.netapp.com/filer/admin" version="1.31">
  <nfs-exportfs-modify-rule-2>
    <persistent>true</persistent>
    <rule>
      <exports-rule-info-2>
        <pathname>/vol/myvol/myqtree</pathname>
        <security-rules>
          <security-rule-info>
            <anon>6001</anon>
            <read-only>
              <exports-hostname-info>
                <all-hosts>true</all-hosts>
              </exports-hostname-info>
            </read-only>
            <root>
              <exports-hostname-info>
                <name>fpolicy</name>
              </exports-hostname-info>
            </root>
            <sec-flavor>
              <sec-flavor-info>
                <flavor>sys</flavor>
              </sec-flavor-info>
            </sec-flavor>
          </security-rule-info>
        </security-rules>
      </exports-rule-info-2>
    </rule>
  </nfs-exportfs-modify-rule-2>
</netapp>

 

Before:

/vol/myvol/myqtree      -sec=sys,ro=fpolicy,rw,root=fpolicy,anon=6001

 

After:

/vol/myvol/myqtree      -sec=sys,ro,root=fpolicy,anon=6001

chris_algar

 

I found that this only works if I am specifying a RO component in the same update. I my use case I am attempting to undef rw and then set ro in sequential calls.

 

setting rw=’undef’ (or calling nfs-exportfs-modify-rule-2 with no rw component) does not work if read-only=’undef’, even though the API call returns success (which is not good, a bug?).It returns sucess but leave the rw export to all-hosts.

 

In my example the export does not have ro defined at all.

 

I also cannot set read-only = ‘all-hosts’ first, I get a reasonable error.

 

Unable to update nfs_export /vol/nyn197f2v2/cda_test246,

Both 'read-write' and 'read-only' have 'all-hosts' true.

 

so I can set ro to a temporary value of a host that does not exist, set rw to undef, then set ro to all-hosts in separate calls.

 

$nfs_export = $nfs_export->set_read_only(['unicorns']);   # does not exist

$nfs_export = $nfs_export->set_read_write();                   # does this drop clients?

$nfs_export = $nfs_export->set_read_only(['all-hosts']);   # all read-only now

 

I could hide the temp host and all-hosts in my API by substituting on 'undef' and '*'. Or I will have to modify my API to handle these as a single call.

 

I'm not a fan of returing sucess when a default was applied rather than the instruction in the ReST call.

mpittman
Modifying your API to make a single call sounds like the best approach.
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public