AFM Network File System version 4 support
Network File System version 4 (NFSv4) is a stateful protocol. AFM uses an NFS client for replication. The client on an AFM gateway node can mount the exports by using either NFSv3 or NFSv4. AFM does not differentiate between an actual mount version except where ACLs from a third-party file system are migrated by using NFSv4. NFSv4 is more secure and improves the replication performance even on a high latency network. NFSv3 is not secure enough to use through firewalls.
By setting the afmNFSVersion parameter on a cluster, you can enable NFSv4 for the communication between the home and the cache. The default value of this parameter is 3. The allowed values for the afmNFSVersion parameter are 3, 4.1 and 4.2 for the kernel NFS server and 3 and 4.1 for the Ganesha NFS server. The NFS version can be changed by setting the afmNFSVersion value. For example, to change NFSv4 to NFSv3, use the mmchconfig afmNFSVersion = 3 -i command. This parameter can be set only at the cluster level. Thus, filesets can either use NFSv3 or NFSv4. Both versions cannot be run simultaneously in the cluster. For more information about the afmNFSVersion parameter, see mmchconfig command. For more information, see Enabling AFM Network File System version 4.
With the NFSv4 support, AFM can fetch the NFSv4 ACLs from third-party file server to an IBM Storage Scale AFM fileset. To enable the afmSyncNFSv4ACL parameter, see mmchconfig command.
NFSv4 ACL conversion examples
- Display ACL that is set on an external file system on the
home.
# getfacl /ext4/dir1/1.txtA sample output is as follows:getfacl: Removing leading '/' from absolute path names # file: ext4/dir1/1.txt # owner: root # group: root user::rw- user:user12:rwx group::r-- group:user12:rwx mask::rwx other::r-- - A single writer AFM mode fileset is created and data is cached. Check the directory
contents.
# cd /gpfs/gpfs1/sw1# ls -lA sample output is as follows:total 0 -rw-rwxr--+ 1 root root 3 Apr -rw-rwxr--+ 1 root root 3 Apr 8 15:08 1.txt 8 15:08 2.txt - Display NFSV4 ACL on the cache by issuing the getfacl
command.
# getfacl 1.txtA sample output is as follows:# file: 1.txt # owner: root # group: root user::rw- user:user12:rwx group::r-- mask::rwx group:user12:rwx other::r-- - Display NFSV4 ACL on the cache by issuing the mmgetacl
command.
# mmgetacl -k nfs4 1.txtA sample output is as follows:#NFSv4 ACL #owner:root #group:root special:owner@:--x-:deny (-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL (-)READ_ATTR (-)READ_NAMED (-)DELETE (X)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED special:owner@:rw-c:allow (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (X)CHOWN (-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED user:user12:rwx-:allow (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED group:user12:rwx-:allow (X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED special:group@:r---:allow (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED special:everyone@:r---:allow (X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (-)DELETE (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED