mmnfs command

Manages NFS exports and configuration.

Synopsis

mmnfs export add Path [--client ClientOptions]

mmnfs export remove Path [--force]

mmnfs export change Path [--nfsadd ClientOptions]
                           [--nfsremove {Client[,Client...]}]
                           [--nfschange ClientOptions]
                           [--nfsposition {PositionIndex | Client}]

mmnfs export list [--nfsdefs Path] [-Y]

mmnfs export load ExportCFGFile

mmnfs configuration list [--exportdefs] [-Y]

mmnfs configuration change "Option=Value:Option=Value1,Value2:Option=Value..."

Availability

Available with IBM Spectrum Scale™ Standard Edition or higher.

Description

Use the mmnfs export commands to add, change, list, load, or remove NFS export declarations for IP addresses on nodes that are configured as CES types.

Use the mmnfs configuration commands to list and change NFS configuration.

The protocol functions provided in this command, or any similar command, are generally referred to as CES (Cluster Export Services). For example, protocol node and CES node are functionally equivalent terms.

Parameters

export

Manages the NFS export configuration for the cluster with one of the following actions:

add

Creates a new configuration file for the NFS server in case it does not yet exist. If there is already an export configuration file, then it is extended with the provided additional export parameters. This export configuration file is used by the NFS server to create an NFS export for the Path so that clients can connect to it. If there is already an existing export for the Path then an error is shown. Each export configuration set has internally its own unique identifier number. This number is automatically incremented for each added export. The mmnfs export add command attempts to add the new export also to running NFS server instances, and may fail if one or more instances are not running. This is not a critical issue, since the configuration changes have been made in the repository and will be applied later when restarting the NFS server instance.

The authentication method must be established before an NFS export can be defined.

The export Path must be an existing path in the GPFS™ file system, which is intended to be exported or is already exported to external clients using the NFS protocol.

Note: The paths which are not within the GPFS file system cannot be exported using the commands.

Creating nested exports (such as /path/to/folder and /path/to/folder/subfolder) is strongly discouraged since this might lead to serious issues in data consistency. Be very cautious when creating and using nested exports.

Start of change If there is a need to have nested exports (such as /path/to/folder and /path/to/folder/inside/subfolder), NFSv4 client that mounts the parent (/path/to/folder) export will not be able to see the child export subtree (/path/to/folder/subfolder) unless the same client is explicitly allowed to access the child export as well. This is okay as long as the client uses only NFSv4 mounts. End of change

Some export configuration commands may allow multiple client declarations, and therefore they have separators to distinguish them.

The following separators can be used:

Colon to separate multiple allowed values for a given attribute. For example, the key/value pair "Protocols=3:4" allows the NFS protocols v3 and v4 to be declared for an export.
Comma to separate key/value pairs within a client declaration list and a Semicolon to separate client declaration lists.
For example:
```
--client "192.0.2.0/20(Access_Type=RW,Protocols=3:4); \
198.51.100.0/20(Access_Type=RO,Protocols=3:4,Transports=TCP:UDP)"
```

Note: To take advantage of the GPFS independent fileset features such as quotas, snapshots, and data management, the export paths can be made from GPFS filesets (either dependent or independent).

--client ClientOptions: Declares the client specific settings. ClientOptions can be a list of one or more client definitions. To avoid incorrect parsing by the interpreter, quote the argument list. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command.

remove

Removes the requested export from the configuration file and also from running NFS server instances, and may fail if one or more instances are not running.

Note: This command does not remove data.

The --force option is currently not used.

change

Modifies an existing export configuration for the export specified by Path, if the export exists. If the export does not exist, then an error is shown.

Note: Only client-related attributes are modified by this command, but not the basic export settings such as path.

The --nfsposition flag can be only used together with either --nfsadd or --nfschange. It cannot be used standalone or together with --nfsremove. When --nfsadd and --nfsremove are given on the same command line, then the remove procedure is executed first internally.

Note: The mmnfs export change will restart NFS services on all CES nodes on which the NFS server is currently running.

--nfsadd ClientOptions

Adds a new client declaration for the specified Path. ClientOptions can be a list of one or more client definitions. To avoid incorrect parsing by the interpreter, quote the argument list. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command.

--nfsremove {Client[,Client...]}

Removes the NFS client specified by Client from the export configuration for the Path. Client can be a single client specifier, or a comma-separated list of client specifiers. If a client is the only one within a client declaration section in the configuration file, then this client section is removed.

Note: When the last client within a client declaration is removed, then the export section is also removed.

--nfschange ClientOptions

Modifies an existing client declaration for the specified Path. ClientOptions can be a list of one or more client definitions. To avoid incorrect parsing by the interpreter, quote the argument list. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command. If a client specifier declared in ClientOptions matches a client declaration section, which has further NFS clients assigned, then this section is split into a section containing that client specifier together with the modified attributes, and a section with the remaining client specifiers and their original attributes.

The --nfsposition option can be used to locate this modified entry.

--nfsposition {PositionIndex | Client}

This option can be used only together with --nfsadd or --nfschange. It reorders the client declaration section within the export declaration file. The sequence of client entries can be important when there are different client sections affecting the same NFS client. For example, NFS position can be important when defining export attributes for a specific NFS client, and '*' for all NFS clients, given the same export path.

PositionIndex: This must be an unsigned numeric value, and it indicates the absolute sequence number after reordering the client declarations. The indexing is zero-based. 0 means the top of the list, 1 means the second entry, and so on. Any number higher than the number of existing entries indicates the end-of-list position.
Client: The reference client specifier to indicate the new position of the current client entry. The modified client entry will be placed at the location where the Client reference declaration is, and that section is ordered below next to the modified client section.

list

Lists the declared exports based on the entries in the configuration file stored in the repository. The sequence of rows in the output for a given path reflects also the sequence of the internal client declaration list for each exported path. The sequence of client declarations within an export can be reordered using the mmnfs export change Path with the --nfschange and --nfsposition options. The output can be formatted human readable (default) or machine readable.

--nfsdefs Path: Lists the export configuration details for the specified Path. Without this option the mmnfs export list command shows a table with some basic configuration settings for all declared exports.
--nfsdefs String -Y: Lists the export configuration details, in machine readable format, for all export paths that contain the specified String.
-Y: The output of the mmnfs export list command can be in a tabular form (human readable, default) or in a list of colon separated values in a machine readable format. Use the -Y option to create the machine readable output.
--nfsdefs String -Y: Lists the export configuration details, in machine readable format, for all export paths that contain the specified String.

load

Overwrites (deletes) all existing NFS export declarations in the repository, if any. The export declarations are fetched from a file provided to the load operation, which could contain a larger number of export declarations. Some basic format checks are done during export load. After loading export declarations from a file, the NFS service is restarted across all the nodes in the cluster.

ExportCFGFile: The file name for the new exports declarations. This file is loaded and stored in the repository to be published on all CES nodes running the NFS server. This load procedure can be used to load a set of export declarations and that will remove any previous configuration. The NFS servers are restarted in order to apply the changes.

List of supported client options for the mmnfs export {add | change} command:

ACCESS_TYPE: Allowed values are none, RW, RO, MDONLY, and MDONLY_RO. The default value is none.
PROTOCOLS: Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
TRANSPORTS: Allowed values are TCP and UDP. The default value is TCP.
ANONYMOUS_UID: Allowed values are between -2147483648 and 4294967295. The default value is -2.
ANONYMOUS_GID: Allowed values are between -2147483648 and 4294967295. The default value is -2.
SECTYPE: Allowed values are none, sys, krb5, krb5i, and krb5p. The default value is sys.
PRIVILEGEDPORT: Allowed values are true and false. The default value is false.
MANAGE_GIDS: Allowed values are true and false. The default value is false.
SQUASH: Allowed values are root, root_squash, all, all_squash, allsquash, no_root_squash, none , and noidsquash. The default value is root_squash.
NFS_COMMIT: Allowed values are true and false. The default value is false.
Important: Use NFS_COMMIT very carefully because it changes the behavior of how transmitted data is committed on the server side to a NFS v2 like sync-mode on every write action.
CLIENTS: Allowed values are IP addresses in IPv4 or IPv6 notations, hostnames, netgroups, or * for all. A netgroup name must not start with a numeric character and otherwise must only contain only underscores ("[a-zA-Z_][0-9a-zA-Z_]*"). The default value is *.

configuration

Manages NFS configuration for a CES cluster:

list

Displays the NFS configuration parameters and their values. This command also displays all the default export configurations. This is used as the defaults by the mmnfs export add command if no other client attributes are specified. The output can be formatted to be human readable or machine readable.

--exportdefs: If this option is specified, the command displays the default export configuration parameters.

-Y: The command output can be in a tabular form (human readable, default) or in a list of colon separated values in a machine readable format. Use the -Y option to create the machine readable output.

change

Modifies the NFS configuration parameters. NFS is restarted across all the nodes on which NFS is running, when this command is executed. Only some configuration options can be modified by this command.

The configuration options that can be modified and their allowed values are as follows:

NFS_PROTOCOLS: Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
MNT_PORT: Specifies the port for the NFSv3 Mount protocol. Allowed values are between 0 and 65535. The default value is 0.
NLM_PORT: Specifies the NLM port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
RQUOTA_PORT: Specifies the RQUOTA port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
STATD_PORT: Specifies the STATD port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
SHORT_FILE_HANDLE: Allowed values are True or False. The default value is False.; Set this flag to True when using VMware NFS clients.
LEASE_LIFETIME: Allowed values are between 0 and 120. The default value is 60.
DOMAINNAME: String. The default value is the "host's fully-qualified DNS domain name".
IDMAPD_DOMAIN: String. Domain in the ID Mapd configuration. The default value is the host's fully-qualified DNS domain name.
LOCAL REALMS: String. Local-Realms in the ID Mapd configuration. The default value is the host's default realm name.
LOG_LEVEL: Allowed values are NULL, FATAL, MAJ, CRIT, WARN, EVENT, INFO , DEBUG, MID_DEBUG, and FULL_DEBUG. The default value is EVENT.
ENTRIES_HWMARK: The high water mark for NFS cache entries. Beyond this point, NFS will try to evict some objects from its cache. The default is 1500000.

Note: Specifying a port number in the NFS service configuration with the value of '0' means that the service is picking a port number dynamically. This port number might change across service restarts. If a firewall is to be established between the NFS server and the NFS clients, specific port number can be configured via the command to establish discrete firewall rules. Note that the NFS_PORT 2049 is a well known and established convention as NFS servers and clients typically expect this port number. Changing the NFS service port numbers impacts existing clients and a remount of the client is required.

The export defaults that can be set are:

ACCESS_TYPE: Allowed values are none, RW, RO, MDONLY, and MDONLY_RO. The default value is none.
Note: Changing this option to any value other than none will expose data to all NFS clients that can access your network, even if the export is created using add --client ClientOptions to limit that clients access. All clients, even if not declared with the --client in the mmnfs export add, will have access to the data. The global value will apply to an unseen *, even if showmount -e CESIP does not display it. Use caution if you change it in this global definition.
ANONYMOUS_UID: Allowed values are between -2147483648 and 4294967295. The default value is -2.
ANONYMOUS_GID: Allowed values are between -2147483648 and 4294967295. The default value is -2.
MANAGE_GIDS: Allowed values are true and false. The default value is false.
NFS_COMMIT: Allowed values are true and false. The default value is false.
Important: Use NFS_COMMIT very carefully because it changes the behavior of how transmitted data is committed on the server side to a NFS v2 like sync-mode on every write action.
PRIVILEGEDPORT: Allowed values are true and false. The default value is false.
PROTOCOLS: Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
SECTYPE: Allowed values are none, sys, krb5, krb5i, and krb5p. The default value is sys.
SQUASH: Allowed values are root, root_squash, all, all_squash, allsquash, no_root_squash, none , and noidsquash. The default value is root_squash.
Note: Changing this option to no_root_squash will expose data to root on all NFS clients, even if the export is created using add --client ClientOptions to limit the root access of that client.
TRANSPORTS: Allowed values are TCP and UDP. The default value is TCP.

If export defaults are set, then new exports that are created will pick up the export default values.

Exit status

0: Successful completion.
nonzero: A failure has occurred.

Security

You must have root authority to run the mmnfs command.

The node on which the command is issued must be able to execute remote shell commands on any other CES node in the cluster without the use of a password and without producing any extraneous messages. For more information, see Requirements for administering a GPFS file system.

Examples

To create an NFS export (using a netgroup), issue this command:
```
mmnfs export add /mnt/gpfs0/netgrouppath \
--client "@netgroup(Access_Type=RO,Squash=allsquash)"
```
The system displays output similar to this:
```
The NFS export was created successfully.
```
Note: Instead of a netgroup, a client IP address can also be declared, like --client "1.2.3.4".

To create an NFS export (using a client IP), issue this command: Start of change

mmnfs export add /mnt/gpfs0/netgrouppath --client "192.0.2.0/20(Access_Type=RW)"

The system displays output similar to this:

The NFS export was created successfully.

To add a client definition, issue these commands:

mmnfs export list --nfsdefs /gpfs/fs1/export_1

The system displays output similar to this:

Path              Delegations  Clients  Access_Type Protocols Transports Squash  Anonymous_uid Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids NFS_Commit
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/gpfs/fs1/export_1   none      192.0.2.8    RW        3,4      TCP        ROOT_SQUASH   -2            -2        SYS     FALSE          none              FALSE       FALSE

Now add a client definition that will be more restrictive to a different client, 198.51.100.10, by issuing the command: Start of change

mmnfs export change /gpfs/fs1/export_1 \
--nfsadd "198.51.100.10(Access_Type=MDONLY,Squash=allsquash)"

mmnfs export list

The system displays output similar to this:

Path                        Delegations    Clients
------------------------------------------------
/gpfs/fs1/controller        none           *
/gpfs/fs1/export_1          none           192.0.2.8
/gpfs/fs1/export_1          none           198.51.100.10

Now add a client definition that will be very permissive but we want it to be last on the list so that the more restrictive attributes for client 192.0.2.8 will take precedence for that one client, by issuing the command:

mmnfs export change /gpfs/fs1/export_1 \
--nfsadd "192.0.2.0/20(Access_Type=RW,Squash=no_root_squash)" --nfsposition 4

mmnfs export list --nfsdefs /gpfs/fs1/export_1

The system displays output similar to this:

Path               Delegations Clients    Access Protocols Transports Squash         Anonymous Anonymous SecType Privileged  Default    Manage_Gids NFS_Commit
                                            _Type                                      _uid      _gid              Port                 Delegation
----------------------------------------------------------------------------------------------------------------------------------------------------------------
/gpfs/fs1/export_1   none      192.0.2.8      RW       3,4       TCP     ROOT_SQUASH      -2       -2        SYS     FALSE    none        FALSE       FALSE
/gpfs/fs1/export_1   none      198.51.100.10  MDONLY   3,4       TCP     allsquash        -2       -2        SYS     FALSE    none        FALSE       FALSE
/gpfs/fs1/export_1   none      192.0.2.0/20   RW       3,4       TCP     no_root_squash   -2       -2        SYS     FALSE    none        FALSE       FALSE

Note:

The mmnfs export change will restart NFS services on all CES nodes on which the NFS server is currently running. End of change

To remove an NFS export, issue this command:

mmnfs export change /mnt/gpfs0/somepath  --nfsremove "1.2.3.1"

The system displays output similar to this: Start of change

192.168.80.131:  Redirecting to /bin/systemctl stop nfs-ganesha.service
192.168.80.135:  Redirecting to /bin/systemctl stop nfs-ganesha.service
192.168.80.131:  Redirecting to /bin/systemctl start nfs-ganesha.service
192.168.80.135:  Redirecting to /bin/systemctl start nfs-ganesha.service
NFS Configuration successfully changed. NFS server restarted on all NFS
nodes on which NFS server is running.

Note:

This command removes a single client definition, for the IP "1.2.3.1", from the NFS export. If this is the last client definition for the export, then the export is also removed. End of change

To modify an NFS export, issue this command:

mmnfs export change  /mnt/gpfs0/p1 \
--nfschange "203.0.113.2(Access_Type=RO)" --nfsposition 0

The system displays output similar to this: Start of change

192.168.80.131: Redirecting to /bin/systemctl stop nfs-ganesha.service
192.168.80.135: Redirecting to /bin/systemctl stop nfs-ganesha.service
192.168.80.131: Redirecting to /bin/systemctl start nfs-ganesha.service
192.168.80.135: Redirecting to /bin/systemctl start nfs-ganesha.service
NFS Configuration successfully changed. NFS server restarted on all NFS
nodes on which NFS server is running.

To list NFS exports, issue this command:

mmnfs export list

The system displays output similar to this:

Path                 Delegations    Clients
---------------------------------------------
/gpfs/fs1/controller none           *
/gpfs/fs1/export_1   none           *
/gpfs/fs1/export_2   none           *

To list NFS exports, issue this command:

mmnfs export list --nfsdefs /mnt/gpfs0/p1

The system displays output similar to this: Start of change

Path           Delegations Clients     Access_ Protocols Transports Squash      Anonymous Anonymous  SecType  Privileged Default   MANAGE  NFS
                                       Type                                      _uid      _gid                  Port    Delegations  _Gids _Commit
---------------------------------------------------------------------------------------------------------------------------------------------------
/mnt/gpfs0/p1  none        203.0.113.2 RO      3,4       TCP        ROOT_SQUASH  -2        -2         SYS      FALSE      none     FALSE    FALSE
/mnt/gpfs0/p1  none        *           RW      3,4       TCP        ROOT_SQUASH  -2        -2         SYS      FALSE      none     FALSE    FALSE
/mnt/gpfs0/p1  none        203.0.113.1 RO      3,4       TCP        ROOT_SQUASH  -2        -2         SYS      FALSE      none     FALSE    FALSE

To list the NFS configuration, issue this command:

mmnfs configuration list

The system displays output similar to this: Start of change

   NFS Ganesha Configuration:
   ==========================
   NFS_PROTOCOLS: 3,4       
   NFS_PORT: 2049           
   MNT_PORT: 0              
   NLM_PORT: 0              
   RQUOTA_PORT: 0           
   SHORT_FILE_HANDLE: FALSE 
   LEASE_LIFETIME: 60       
   DOMAINNAME: VIRTUAL1.COM 
   DELEGATIONS: Disabled    
   ==========================

   STATD Configuration
   ==========================
   STATD_PORT: 0
   ==========================

   CacheInode Configuration
   ==========================
   ENTRIES_HWMARK: 1500000
   ==========================

   Export Defaults
   ==========================
   ACCESS_TYPE: NONE
   PROTOCOLS: 3,4
   TRANSPORTS: TCP
   ANONYMOUS_UID: -2
   ANONYMOUS_GID: -2
   SECTYPE: SYS
   PRIVILEGEDPORT: FALSE
   MANAGE_GIDS: FALSE
   SQUASH: ROOT_SQUASH
   NFS_COMMIT: FALSE
   ==========================

   Log Configuration
   ==========================
   LOG_LEVEL: EVENT
   ==========================

   Idmapd Configuration
   ==========================
   LOCAL-REALMS: LOCALREALM
   DOMAIN: LOCALDOMAIN
   ==========================

To change STATD_PORT configuration, issue this command (When a port is assigned, STATD is started on the given port):
```
mmnfs configuration change STATD_PORT=32765
```
The system displays output similar to this:
```
NFS Configuration successfully changed. NFS server restarted on all NFS nodes 
on which NFS server is running.
```

Note: The mmnfs command has an interactive mode that provides some prompting as follows:

mmnfs

mmnfs [ -I ] Command

mmnfs -I

mmnfs -I>

Location

/usr/lpp/mmfs/bin

mmnfs command

Synopsis

Availability

Description

Parameters

Exit status

Security

Examples

See also

Location