[gpfsug-discuss] export nfs share on gpfs with no authentication

Chetan R Kulkarni chetkulk at in.ibm.com
Thu Sep 21 06:33:53 BST 2017



Hi Jonathon,

I can configure file userdefined authentication with only NFS
enabled/running on my test setup (SMB was disabled).

Please check if following steps help fix your issue:

1> remove existing file auth if any
/usr/lpp/mmfs/bin/mmuserauth service remove --data-access-method file

2> disable smb service
/usr/lpp/mmfs/bin/mmces service disable smb
/usr/lpp/mmfs/bin/mmces service list -a

3> configure userdefined file auth
/usr/lpp/mmfs/bin/mmuserauth service create --data-access-method file
--type userdefined

4> if above fails retry mmuserauth in debug mode as below and please share
error log /tmp/userdefined.log. Also share spectrum scale version you are
running with.
export DEBUG=1; /usr/lpp/mmfs/bin/mmuserauth service create
--data-access-method file --type userdefined > /tmp/userdefined.log 2>&1;
unset DEBUG
/usr/lpp/mmfs/bin/mmdiag --version

5> if mmuserauth succeeds in step 3> above; you also need to correct your
mmnfs cli command as below. You missed to type in Access_Type= and Squash=
in client definition.
mmnfs export add /gpfs/summit/scratch --client 'login*.rc.int.colorado.edu
(Access_Type=rw,Squash=root_squash);dtn*.rc.int.colorado.edu
(Access_Type=rw,Squash=root_squash)'

Thanks,
Chetan.



From:	Jonathon A Anderson <jonathon.anderson at colorado.edu>
To:	gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:	09/21/2017 12:25 AM
Subject:	Re: [gpfsug-discuss] export nfs share on gpfs with no
            authentication
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



I shouldn't need SMB for authentication if I'm only using userdefined
authentication, though.

________________________________________
From: gpfsug-discuss-bounces at spectrumscale.org
<gpfsug-discuss-bounces at spectrumscale.org> on behalf of Sobey, Richard A
<r.sobey at imperial.ac.uk>
Sent: Wednesday, September 20, 2017 2:23:37 AM
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] export nfs share on gpfs with no
authentication

This sounded familiar to a problem I had to do with SMB and NFS. I've
looked, and it's a different problem, but at the time I had this response.

"That would be the case when Active Directory is configured for
authentication. In that case the SMB service includes two aspects: One is
the actual SMB file server, and the second one is the service for the
Active Directory integration. Since NFS depends on authentication and id
mapping services, it requires SMB to be running."

I suspect the last paragraph is relevant in your case.

HTH

Richard

-----Original Message-----
From: gpfsug-discuss-bounces at spectrumscale.org [
mailto:gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of Jonathon A
Anderson
Sent: 20 September 2017 06:13
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] export nfs share on gpfs with no
authentication

Returning to this thread cause I'm having the same issue as Ilan, above.

I'm working on setting up CES in our environment after finally getting a
blocking bugfix applied. I'm making it further now, but I'm getting an
error when I try to create my export:


---
[root at sgate2 ~]# mmnfs export add /gpfs/summit/scratch --client
'login*.rc.int.colorado.edu(rw,root_squash);dtn*.rc.int.colorado.edu
(rw,root_squash)'
mmcesfuncs.sh: Current authentication: none is invalid.
This operation can not be completed without correct Authentication
configuration.
Configure authentication using:   mmuserauth
mmnfs export add: Command failed. Examine previous error messages to
determine cause.
---


When I try to configure mmuserauth, I get an error about not having SMB
active; but I don't want to configure SMB, only NFS.


---
[root at sgate2 ~]# /usr/lpp/mmfs/bin/mmuserauth service create
--data-access-method file --type userdefined
: SMB service not enabled. Enable SMB service first.
mmcesuserauthcrservice: Command failed. Examine previous error messages to
determine cause.
---

How can I configure NFS exports with mmnfs without having to enable SMB?

~jonathon
________________________________________
From: gpfsug-discuss-bounces at spectrumscale.org
<gpfsug-discuss-bounces at spectrumscale.org> on behalf of Varun Mittal3
<varun.mittal at in.ibm.com>
Sent: Tuesday, July 25, 2017 9:44:24 PM
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] export nfs share on gpfs with no
authentication

Sorry a small typo:
mmuserauth service create --data-access-method file --type userdefined


Best regards,
Varun Mittal
Cloud/Object Scrum @ Spectrum Scale
ETZ, Pune

[Inactive hide details for Varun Mittal3---26/07/2017 09:12:27 AM---Hi Did
you try to run this command from a CES designated nod]Varun
Mittal3---26/07/2017 09:12:27 AM---Hi Did you try to run this command from
a CES designated node ?

From: Varun Mittal3/India/IBM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 26/07/2017 09:12 AM
Subject: Re: [gpfsug-discuss] export nfs share on gpfs with no
authentication

________________________________


Hi

Did you try to run this command from a CES designated node ?

If no, then try executing the command from a CES node:
mmuserauth service create --data-access-type file --type userdefined

Best regards,
Varun Mittal
Cloud/Object Scrum @ Spectrum Scale
ETZ, Pune


[Inactive hide details for Ilan Schwarts ---25/07/2017 10:22:26 AM---Hi,
While trying to add the userdefined auth, I receive err]Ilan Schwarts
---25/07/2017 10:22:26 AM---Hi, While trying to add the userdefined auth, I
receive error that SMB

From: Ilan Schwarts <ilan84 at gmail.com>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 25/07/2017 10:22 AM
Subject: Re: [gpfsug-discuss] export nfs share on gpfs with no
authentication
Sent by: gpfsug-discuss-bounces at spectrumscale.org
________________________________



Hi,

While trying to add the userdefined auth, I receive error that SMB
service not enabled.
I am currently working on a spectrum scale cluster, and i dont have
the SMB package, I am waiting for it.. is there a way to export NFSv3
using the spectrum scale tools without SMB package ?
[root at LH20-GPFS1 ~]# mmuserauth service create --type userdefined
: SMB service not enabled. Enable SMB service first.
mmcesuserauthcrservice: Command failed. Examine previous error
messages to determine cause.


I exported the NFS via /etc/exports and than ./exportfs -a .. It works
fine, I was able to mount the gpfs export from another machine.. this
was my work-around since the spectrum scale tools failed to export
NFSv3

On Mon, Jul 24, 2017 at 7:35 PM,  <valdis.kletnieks at vt.edu> wrote:
> On Mon, 24 Jul 2017 13:36:41 +0300, Ilan Schwarts said:
>> Hi,
>> I have gpfs with 2 Nodes (redhat).
>> I am trying to create NFS share - So I would be able to mount and
>> access it from another linux machine.
>
>> While trying to create NFS (I execute the following):
>> [root at LH20-GPFS1 ~]# mmnfs export add /fs_gpfs01 -c "*
>> Access_Type=RW,Protocols=3:4,Squash=no_root_squash)"
>
> You can get away with little to no authentication for NFSv3, but
> not for NFSv4.  Try with Protocols=3 only and
>
> mmuserauth service create --type userdefined
>
> that should get you Unix-y NFSv3 UID/GID support and "trust what the NFS
> client tells you".  This of course only works sanely if each NFS export
is
> only to a set of machines in the same administrative domain that manages
their
> UID/GIDs.  Exporting to two sets of machines that don't coordinate their
> UID/GID space is, of course, where hilarity and hijinks ensue....
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
>
https://urldefense.proofpoint.com/v2/url?u=http-3A__secure-2Dweb.cisco.com_1w-2Dldlm8bq5oYiMuHk7N1T32DW18VkxjnfkMWDjdpiBv1WJToz9PCO1zVyGvWIVP3-2DfNVoZ49ioTlOwQoRbyC-5FMjpoBPlD3jfpV-5FknuzViyRNZiyliSGH9rx5nGVvTLSPrjIwzvUIZDadCuNXgM-5FjYCVBE2RsDpg8o4LCjJv9QIZPbyHlKrkoQ0sNGXOZPYT7gxpo8sVjoxKQbOgQzkDnPMQoa2a8miTP19fLkB5HqV5cJv3U-2DVs-5FqLtyJGVsrSgLu2wQoDMxymVwm5mcRWO6MYfl4-5FMtVXKzQRwQqemODDjSa5my7zl98vobN-5Fui-2DcRwCYeVbOwEd57CjaYRzKcBu6Dbd2TmGar7JUNWVtg1dZPTv6uothD6V4g0Q0MuXZsBICzfxbjXI9WlB3Tiu3ty0oxenYrM8yxE-2DCl57VhmV4KlY18EHMFncfLtRkk9cTHtfrEjiXBROhCuvEeqhrYT6A_http-253A-252F-252Fgpfsug.org-252Fmailman-252Flistinfo-252Fgpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=VqyIekg3Wtz0ukw-QSXsEXOoi5rZ0gnMeIPyFNGpllA&s=DNgplGZ30awqnvnd4Ju39pzv3rlk18Kf6NGe7iDX4Mk&e=

>



--


-
Ilan Schwarts
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__secure-2Dweb.cisco.com_1w-2Dldlm8bq5oYiMuHk7N1T32DW18VkxjnfkMWDjdpiBv1WJToz9PCO1zVyGvWIVP3-2DfNVoZ49ioTlOwQoRbyC-5FMjpoBPlD3jfpV-5FknuzViyRNZiyliSGH9rx5nGVvTLSPrjIwzvUIZDadCuNXgM-5FjYCVBE2RsDpg8o4LCjJv9QIZPbyHlKrkoQ0sNGXOZPYT7gxpo8sVjoxKQbOgQzkDnPMQoa2a8miTP19fLkB5HqV5cJv3U-2DVs-5FqLtyJGVsrSgLu2wQoDMxymVwm5mcRWO6MYfl4-5FMtVXKzQRwQqemODDjSa5my7zl98vobN-5Fui-2DcRwCYeVbOwEd57CjaYRzKcBu6Dbd2TmGar7JUNWVtg1dZPTv6uothD6V4g0Q0MuXZsBICzfxbjXI9WlB3Tiu3ty0oxenYrM8yxE-2DCl57VhmV4KlY18EHMFncfLtRkk9cTHtfrEjiXBROhCuvEeqhrYT6A_http-253A-252F-252Fgpfsug.org-252Fmailman-252Flistinfo-252Fgpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=VqyIekg3Wtz0ukw-QSXsEXOoi5rZ0gnMeIPyFNGpllA&s=DNgplGZ30awqnvnd4Ju39pzv3rlk18Kf6NGe7iDX4Mk&e=






_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__secure-2Dweb.cisco.com_1w-2Dldlm8bq5oYiMuHk7N1T32DW18VkxjnfkMWDjdpiBv1WJToz9PCO1zVyGvWIVP3-2DfNVoZ49ioTlOwQoRbyC-5FMjpoBPlD3jfpV-5FknuzViyRNZiyliSGH9rx5nGVvTLSPrjIwzvUIZDadCuNXgM-5FjYCVBE2RsDpg8o4LCjJv9QIZPbyHlKrkoQ0sNGXOZPYT7gxpo8sVjoxKQbOgQzkDnPMQoa2a8miTP19fLkB5HqV5cJv3U-2DVs-5FqLtyJGVsrSgLu2wQoDMxymVwm5mcRWO6MYfl4-5FMtVXKzQRwQqemODDjSa5my7zl98vobN-5Fui-2DcRwCYeVbOwEd57CjaYRzKcBu6Dbd2TmGar7JUNWVtg1dZPTv6uothD6V4g0Q0MuXZsBICzfxbjXI9WlB3Tiu3ty0oxenYrM8yxE-2DCl57VhmV4KlY18EHMFncfLtRkk9cTHtfrEjiXBROhCuvEeqhrYT6A_http-253A-252F-252Fgpfsug.org-252Fmailman-252Flistinfo-252Fgpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=VqyIekg3Wtz0ukw-QSXsEXOoi5rZ0gnMeIPyFNGpllA&s=DNgplGZ30awqnvnd4Ju39pzv3rlk18Kf6NGe7iDX4Mk&e=

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__secure-2Dweb.cisco.com_1w-2Dldlm8bq5oYiMuHk7N1T32DW18VkxjnfkMWDjdpiBv1WJToz9PCO1zVyGvWIVP3-2DfNVoZ49ioTlOwQoRbyC-5FMjpoBPlD3jfpV-5FknuzViyRNZiyliSGH9rx5nGVvTLSPrjIwzvUIZDadCuNXgM-5FjYCVBE2RsDpg8o4LCjJv9QIZPbyHlKrkoQ0sNGXOZPYT7gxpo8sVjoxKQbOgQzkDnPMQoa2a8miTP19fLkB5HqV5cJv3U-2DVs-5FqLtyJGVsrSgLu2wQoDMxymVwm5mcRWO6MYfl4-5FMtVXKzQRwQqemODDjSa5my7zl98vobN-5Fui-2DcRwCYeVbOwEd57CjaYRzKcBu6Dbd2TmGar7JUNWVtg1dZPTv6uothD6V4g0Q0MuXZsBICzfxbjXI9WlB3Tiu3ty0oxenYrM8yxE-2DCl57VhmV4KlY18EHMFncfLtRkk9cTHtfrEjiXBROhCuvEeqhrYT6A_http-253A-252F-252Fgpfsug.org-252Fmailman-252Flistinfo-252Fgpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=VqyIekg3Wtz0ukw-QSXsEXOoi5rZ0gnMeIPyFNGpllA&s=DNgplGZ30awqnvnd4Ju39pzv3rlk18Kf6NGe7iDX4Mk&e=


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=VqyIekg3Wtz0ukw-QSXsEXOoi5rZ0gnMeIPyFNGpllA&s=AliY037R_W1y8Ym6nPI1XDP2yCq47JwtTPhj9IppwOM&e=




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170921/70c1faaf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170921/70c1faaf/attachment.gif>


More information about the gpfsug-discuss mailing list