AFM Network File System version 4 support

AFM supports NFSv3 and NFSv4 protocols for communication between the home and the AFM cache. An NFS client must be enabled on the AFM gateway node to replicate data between the home and cache on the gateway node.

NFSv4 support

The AFM gateway node must mount the remote exports by using NFSv3 or NFSv4. AFM does not differentiate between an actual NFS version on mounted remote exports except where ACLs from a third-party file system are migrated by using NFSv4. NFSv4 is more secure and improves the replication performance even on a high latency network.

You can specify an NFS version for the gateway node by changing the afmNFSVersion parameter value at the cluster level. When this value is set, AFM communicates between the home and the cache clusters by using specified versions for all NFS targeted filesets on the file systems. The default value of this parameter is 3. The allowed values of the afmNFSVersion parameter are listed in the following table:
NFS service NFS version
Kernel NFS 3, 4.1, 4.2
CES NFS 3, 4.1
You can change an existing value of the afmNFSVersion parameter by issuing the following command:
# mmchconfig afmNFSVersion=4.1 -i
The new NFS version takes effect immediately.

Migrating existing AFM filesets with an old NFS version as a target

After the afmNFSVersion value is changed from 3 to 4, migrate existing AFM filesets with NFS targets by setting NFSv3 to NFSv4. Complete the following steps on all AFM filesets to change an NFS version on all file systems:
  1. Check the existing NFS version on all file systems.
    # mmlsconfig afmNFSVersion
    A sample output is as follows:
    afmNFSVersion 3
  2. Change the NFS version to 4.1 on all file systems.
    # mmchconfig afmNFSVersion=4.1 -i
  3. Stop all AFM filesets, which are using NFS as a target.
    # mmafmctl fs1 stop -j afmNFSFileset1
  4. Start all AFM filesets, which are using NFS as a target.
    # mmafmctl fs1 start -j afmNFSFileset1

    An AFM fileset is enabled to work with NFSv4 exports from the home server.

    Restriction: AFM filesets can use NFSv3 or NFSv4. You cannot set both NFS versions simultaneously for a cluster.
For more information about the afmNFSVersion parameter, see the mmchconfig command. For more information, see Enabling AFM Network File System version 4.

Migrating NFSv4 ACL from a third-party file server

After the NFSv4 is configured on a cluster, AFM can also download the NFSv4 ACLs of the files or directories from a third-party file server (non GPFS) to an IBM Storage Scale AFM fileset. AFM can sync both data and NFSv4 ACLs from the third-party file server to the AFM cache. After the migration is complete, you can convert this cache to a GPFS file system by disabling AFM or you can replicate AFM cache data to another target.

For the migration of NFS v4 ACLs from a non GPFS or a third-party file server, configure the afmSyncNFSv4ACL parameter on the cache. This parameter must be set when home is a non GPFS home or a third-party file server. This parameter is a cluster level parameter.
# mmchconfig afmSyncNFSv4ACL=yes -i
# mmlsconfig afmSyncNFSv4ACL
AFM pulls the NFS v4 ACLs of files or directories from the non GPFS or third-party file server.

NFSv4 ACL conversion examples

  1. Display ACL that is set on an external file system on the home.
    # getfacl /ext4/dir1/1.txt
    A sample output is as follows:
    getfacl: Removing leading '/' from absolute path names
# file: ext4/dir1/1.txt
# owner: root
# group: root
user::rw-
user:user12:rwx
group::r--
group:user12:rwx
mask::rwx
other::r--
  2. A single writer AFM mode fileset is created and data is cached. Check the directory contents.
    # cd /gpfs/gpfs1/sw1
    # ls -l
    A sample output is as follows:
    total 0
-rw-rwxr--+ 1 root root 3 Apr
-rw-rwxr--+ 1 root root 3 Apr
8 15:08 1.txt
8 15:08 2.txt
  3. Display NFSV4 ACL on the cache by issuing the getfacl command.
    # getfacl 1.txt
    A sample output is as follows:
    # file: 1.txt
# owner: root
# group: root
user::rw-
user:user12:rwx
group::r--
mask::rwx
group:user12:rwx
other::r--
  4. Display NFSV4 ACL on the cache by issuing the mmgetacl command.
    # mmgetacl -k nfs4 1.txt
    A sample output is as follows:
    #NFSv4 ACL
#owner:root
#group:root
special:owner@:--x-:deny
(-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL (-)READ_ATTR
(-)READ_NAMED
(-)DELETE
(X)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:owner@:rw-c:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (X)CHOWN
(-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR
(X)WRITE_NAMED
user:user12:rwx-:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
group:user12:rwx-:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:group@:r---:allow
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:everyone@:r---:allow
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED