Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Root Volume Export Policy Rule and Mounting Volumes, QTrees, Folders Directly

AMARCIONEK1
‎2016-08-04 12:33 PM
4,557 Views

Two questions:

 

1. We would like to have the root volume have the default export-policy rule of no access, but define indepedent rules on non-root volumes. Is this possible? Here is the output of finding out the policy on vol00 if the default policy has no rules vs. has a read rule:

 

No Rules:

 

check-access -vserver svm1 -volume vol00 -client-ip 192.168.20.50 -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default svm1_root volume 1 denied

 

 

Read Rule:

 

check-access -vserver svm1 -volume vol00 -client-ip 192.168.20.50 -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default svm1_root volume 1 read
/vol00 all_access vol00 volume 1 read-write

 

 

2. We would like to be able to mount the /vol00 directly. But when we do a showmount command, this is all we see:

 

Export list for 192.168.21.74:
/ (everyone)

 

I don't understand how to set /vol00 to show up and be mountable.

0 Kudos
View By:
3 REPLIES 3

aborzenkov
‎2016-08-04 09:19 PM
4,524 Views
1. That's not possible. Patent cannot be more restrictive than child (it can, but then child is simply not accessible).

2. That's normal. You still can mount each volume and qtree individually as long as volume has junction point (I.e. is mounted in a namespace).
0 Kudos

AMARCIONEK1
‎2016-08-08 10:35 AM
In response to aborzenkov
4,493 Views

Thank you for the response.   I have an access policy with client specification 0.0.0.0/0, all access protocols enabled, and access details are r/w across the board and superuser access is enabled. Basically, the most wide open I can think to do it. But when I try to mount a volume, I get access denied:

 

sudo mount 192.168.21.74:/vol00 /mnt/na
mount.nfs: access denied by server while mounting 192.168.21.74:/vol00

 

Also, is there any way to have any explicit exports show up in a showmount -e command?  

0 Kudos

aborzenkov
‎2016-08-08 11:43 PM
In response to AMARCIONEK1
4,466 Views

Policy is per-volume. vol00 should be assigned export policy that allows client access. In 8.3 you can enable listing exported volumes with showmount -e; setting is per SVM.

0 Kudos
All Community Forums
Public