[gpfsug-discuss] CES NFS export

Erika Goncalves goncalves.erika at gene.com
Fri May 11 22:55:42 BST 2018 

I'm new on the Forum (hello to everyone!!)


Quick question related to Chetan mail,

How is the procedure when you have more than one domain?

Make sure NFSv4 ID Mapping value matches on client and server.

On server side (i.e. CES nodes); you can set as below:

$ mmnfs config change IDMAPD_DOMAIN=test.com

On client side (e.g. RHEL NFS client); one can set it using Domain
attribute in /etc/idmapd.conf file.

$ egrep ^Domain /etc/idmapd.conf
Domain = test.com
[root at rh73node2 2018_05_07-13:31:11 ~]$
$ service nfs-idmap restart


It is possible to configure the IDMAPD_DOMAIN to support more than one?

Thanks!


--

*E**rika Goncalves*

SSF Agile Operations

Global IT Infrastructure & Solutions (GIS)

Genentech - A member of the Roche Group

+1 (650) 529 5458

goncalves.erika at gene.com


*Confidentiality Note: *This message is intended only for the use of the
named recipient(s) and may contain confidential and/or proprietary
information. If you are not the intended recipient, please contact the
sender and delete this message. Any unauthorized use of the information
contained in this message is prohibited.

On Mon, May 7, 2018 at 1:08 AM, Chetan R Kulkarni <chetkulk at in.ibm.com>
wrote:

> Make sure NFSv4 ID Mapping value matches on client and server.
>
> On server side (i.e. CES nodes); you can set as below:
>
> $ mmnfs config change IDMAPD_DOMAIN=test.com
>
> On client side (e.g. RHEL NFS client); one can set it using Domain
> attribute in /etc/idmapd.conf file.
>
> $ egrep ^Domain /etc/idmapd.conf
> Domain = test.com
> [root at rh73node2 2018_05_07-13:31:11 ~]$
> $ service nfs-idmap restart
>
> Please refer following link for the details:
> https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.
> 0/com.ibm.spectrum.scale.v5r00.doc/b1ladm_authconsidfornfsv4access.htm
>
> Thanks,
> Chetan.
>
> [image: Inactive hide details for "Yaron Daniel" ---05/07/2018 10:46:32
> AM---Hi If you want to use NFSv3 , define only NFSv3 on the exp]"Yaron
> Daniel" ---05/07/2018 10:46:32 AM---Hi If you want to use NFSv3 , define
> only NFSv3 on the export.
>
> From: "Yaron Daniel" <YARD at il.ibm.com>
> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> Date: 05/07/2018 10:46 AM
>
> Subject: Re: [gpfsug-discuss] CES NFS export
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> ------------------------------
>
>
>
> Hi
>
> If you want to use NFSv3 , define only NFSv3 on the export.
> In case you work with NFSv4 - you should have "DOMAIN\user" all the way -
> so this way you will not get any user mismatch errors, and see permissions
> like nobody.
>
>
>
> Regards
> ------------------------------
>
> *Yaron Daniel* 94 Em Ha'Moshavot Rd
> *Storage Architect* Petach Tiqva, 49527
> *IBM Global Markets, Systems HW Sales* Israel
> Phone: +972-3-916-5672
> Fax: +972-3-916-5672
> Mobile: +972-52-8395593
> e-mail: yard at il.ibm.com
> *IBM Israel* <http://www.ibm.com/il/he/>
>
> [image: IBM Storage Strategy and Solutions v1][image: IBM Storage
> Management and Data Protection v1] [image: Related image]
>
>
>
> From: Jagga Soorma <jagga13 at gmail.com>
> To: gpfsug-discuss at spectrumscale.org
> Date: 05/07/2018 06:05 AM
> Subject: Re: [gpfsug-discuss] CES NFS export
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> ------------------------------
>
>
>
> Looks like this is due to nfs v4 and idmapd domain not being
> configured correctly.  I am going to test further and reach out if
> more assistance is needed.
>
> Thanks!
>
> On Sun, May 6, 2018 at 6:35 PM, Jagga Soorma <jagga13 at gmail.com> wrote:
> > Hi Guys,
> >
> > We are new to gpfs and have a few client that will be mounting gpfs
> > via nfs.  We have configured the exports but all user/group
> > permissions are showing up as nobody.  The gateway/protocol nodes can
> > query the uid/gid's via centrify without any issues as well as the
> > clients and the perms look good on a client that natively accesses the
> > gpfs filesystem.  Is there some specific config that we might be
> > missing?
> >
> > --
> > # mmnfs export list --nfsdefs /gpfs/datafs1
> > Path          Delegations Clients
> > Access_Type Protocols Transports Squash         Anonymous_uid
> > Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids
> > NFS_Commit
> > ------------------------------------------------------------
> ------------------------------------------------------------
> ------------------------------------------------------------
> -----------------------
> > /gpfs/datafs1 NONE        {nodenames} RW          3,4       TCP
> > ROOT_SQUASH    -2            -2            SYS     FALSE          NONE
> >               TRUE        FALSE
> > /gpfs/datafs1 NONE        {nodenames}           RW          3,4
> > TCP        NO_ROOT_SQUASH -2            -2            SYS     FALSE
> >       NONE               TRUE        FALSE
> > /gpfs/datafs1 NONE       {nodenames}      RW          3,4       TCP
> >     ROOT_SQUASH    -2            -2            SYS     FALSE
> > NONE               TRUE        FALSE
> > --
> >
> > On the nfs clients I see this though:
> >
> > --
> > # ls -l
> > total 0
> > drwxrwxr-t 3 nobody nobody 4096 Mar 20 09:19 dir1
> > drwxr-xr-x 4 nobody nobody 4096 Feb  9 17:57 dir2
> > --
> >
> > Here is our mmnfs config:
> >
> > --
> > # mmnfs config list
> >
> > NFS Ganesha Configuration:
> > ==========================
> > NFS_PROTOCOLS: 3,4
> > NFS_PORT: 2049
> > MNT_PORT: 0
> > NLM_PORT: 0
> > RQUOTA_PORT: 0
> > NB_WORKER: 256
> > LEASE_LIFETIME: 60
> > DOMAINNAME: VIRTUAL1.COM
> > DELEGATIONS: Disabled
> > ==========================
> >
> > STATD Configuration
> > ==========================
> > STATD_PORT: 0
> > ==========================
> >
> > CacheInode Configuration
> > ==========================
> > ENTRIES_HWMARK: 1500000
> > ==========================
> >
> > Export Defaults
> > ==========================
> > ACCESS_TYPE: NONE
> > PROTOCOLS: 3,4
> > TRANSPORTS: TCP
> > ANONYMOUS_UID: -2
> > ANONYMOUS_GID: -2
> > SECTYPE: SYS
> > PRIVILEGEDPORT: FALSE
> > MANAGE_GIDS: TRUE
> > SQUASH: ROOT_SQUASH
> > NFS_COMMIT: FALSE
> > ==========================
> >
> > Log Configuration
> > ==========================
> > LOG_LEVEL: EVENT
> > ==========================
> >
> > Idmapd Configuration
> > ==========================
> > LOCAL-REALMS: LOCALDOMAIN
> > DOMAIN: LOCALDOMAIN
> > ==========================
> > --
> >
> > Thanks!
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> *http://gpfsug.org/mailman/listinfo/gpfsug-discuss*
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=3k9qWcL7UfySpNVW2J8S1XsIekUHTHBBYQhN7cPVg3Q&s=844KFrfpsN6nT-DKV6HdfS8EEejdwHuQxbNR8cX2cyc&e=>
>
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.
> org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_
> iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=
> 3k9qWcL7UfySpNVW2J8S1XsIekUHTHBBYQhN7cPVg3Q&s=844KFrfpsN6nT-
> DKV6HdfS8EEejdwHuQxbNR8cX2cyc&e=
>
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15633834.gif
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15884206.jpg
Type: image/jpeg
Size: 11294 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15750750.gif
Type: image/gif
Size: 5093 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15967392.gif
Type: image/gif
Size: 4746 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15858665.gif
Type: image/gif
Size: 4557 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15657152.gif
Type: image/gif
Size: 4376 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180511/d22c2702/attachment-0005.gif>

More information about the gpfsug-discuss mailing list