mmnfs command
Manages NFS exports and configuration.
Synopsis
mmnfs config list [--exportdefs][-Y]
or
mmnfs config change Option=Value:Option=Value1,Value2:Option=Value...
[--force]
or
mmnfs export list [-Y] [{--nfsdefs Path}|{--nfsdefs-match Path}]
or
mmnfs export load ExportCFGFile
or
mmnfs export add Path [--client "ClientOption[;ClientOption...]"]
[--pseudo Path][--dry-run]
or
mmnfs export remove Path [--force]
or
mmnfs export change Path {--nfsadd "ClientOption[;ClientOption...]"|
--nfsremove Client[,Client...]|
--nfschange "ClientOption[;ClientOption...]"}
[--nfsposition {PositionIndex | Client}]
[--dry-run]
Availability
Available on all IBM Storage Scale editions.
Description
Use the mmnfs export commands to add, change, list, load, or remove NFS export declarations for IP addresses on nodes that are configured as CES types.
Use the mmnfs config commands to list and change NFS configuration.
The protocol functions provided in this command, or any similar command, are generally referred to as CES (Cluster Export Services). For example, protocol node and CES node are functionally equivalent terms.
Parameters
- export
- Manages the NFS export configuration for the cluster with one of the following actions:
- add
- Creates a new configuration file for the NFS server in case it does not yet exist. If there is
already an export configuration file, then it is extended with the provided additional export
parameters. This export configuration file is used by the NFS server to create an NFS export for the
Path so that clients can connect to it. If there is already an existing export
for the Path then an error is shown. Each export configuration set has internally
its own unique identifier number. This number is automatically incremented for each added export.
The mmnfs export add command attempts to add the new export also to
running NFS server instances, and can fail if one or more instances are not running. This is not a
critical issue, because the configuration changes are made in the repository and are applied later
when restarting the NFS server instance.
The authentication method must be established before an NFS export can be defined.
The export Path must be an existing path in the GPFS file system.Note: The paths that are not within the GPFS file system cannot be exported using the commands.Creating nested exports (such as /path/to/folder and /path/to/folder/subfolder) is not recommended because doing so might lead to serious issues in data consistency. Remove the higher-level export that prevents the NFSv4 client from descending through the NFSv4 virtual file system path. In case nested exports cannot be avoided, ensure that the export with the common path, called as the top-level export, has all the permissions for this NFSv4 client. Also NFSv4 client that mounts the parent (/path/to/folder) export does not see the child export subtree (/path/to/folder/inside/subfolder) unless the same client is explicitly allowed to access the child export as well.
- --client {ClientOption[;ClientOption...]}
- Declares the client-specific settings. You can specify a list of one or more client definitions.
To avoid incorrect parsing by the interpreter, put quotation marks around the argument list. For a
list of client definitions that can be specified with the --client option,
see List of supported client options for
the mmnfs export {add | change}
command.Note:
The sequence of client definitions does matter and the first match determines the effective access.
Therefore, some export configuration commands might allow multiple client declarations, and they have separators to distinguish them.
The following separators can be used:- Colon to separate multiple allowed values for a specified attribute. For example, the key/value pair "Protocols=3:4" allows the NFS protocols v3 and v4 to be declared for an export.
- Comma to separate key/value pairs within a client declaration list and a Semicolon
to separate client declaration lists.
For example:
--client "192.0.2.0/20(Access_Type=RW,Protocols=3:4); \ 198.51.100.0/20(Access_Type=RO,Protocols=3:4,Transports=TCP:UDP)"
Note: NFS service restarts after the first export creation.Note: To take advantage of the GPFS independent fileset features such as quotas, snapshots, and data management, the export paths can be made from GPFS filesets (either dependent or independent).- --pseudo
- Specifies the path name the NFSv4 client uses to locate the directory in the server's file
system tree.Note: This option is applicable to NFSv4 mounts only.
- remove
- Removes the requested export from the configuration file and also from running NFS server
instances, and might fail if one or more instances are not running.Note: This command does not remove data.
The --force option is not used.
- change
- Modifies an existing export configuration for the export that is specified by
Path, if the export exists. If the export does not exist, then an error is shown.
Note: Only client-related attributes are modified by this command, but not the basic export settings such as path.
The --nfsposition flag can be only used together with either --nfsadd or --nfschange. It cannot be used stand-alone or together with --nfsremove. When --nfsadd and --nfsremove are given on the same command line, then the remove procedure is run first internally.
- --nfsadd {ClientOption[;ClientOption...]}
- Adds a new client declaration for the specified Path. You can list one or more client definitions. To avoid incorrect parsing by the interpreter, put quotation marks around the argument list. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command.
- --nfsremove {Client[,Client...]}
- Removes the NFS client that is specified by Client from the export
configuration for the Path. Client can be a single client
specifier, or a comma-separated list of client specifiers. If a client is the only one within a
client declaration section in the configuration file, then this client section is removed.
Note: When the last client within a client declaration is removed, then the export section is also removed.
- --nfschange {ClientOption[;ClientOption...]}
- Modifies an existing client declaration for the specified Path. You can
specify a list of one or more client definitions. To avoid incorrect parsing by the interpreter, put
quotation marks around the argument list. For a list of client definitions that can be specified
with the --client option, see
List of supported client options for the mmnfs
export {add | change} command. If a client specifier declared in
ClientOption matches a client declaration section, which has further NFS clients
that are assigned, then this section is split into a section containing that client specifier
together with the modified attributes, and a section with the remaining client specifiers and their
original attributes.
The --nfsposition option can be used to locate this modified entry.
- --nfsposition {PositionIndex | Client}
- This option can be used only together with --nfsadd or
--nfschange. It reorders the client declaration section within the export
declaration file. The sequence of client entries can be important when there are different client
sections affecting the same NFS client. For example, NFS position can be important when defining
export attributes for a specific NFS client, and '*' for all NFS clients, given the same export
path.
The first match in the sequence determines the effective access.
- PositionIndex
- This must be an unsigned numeric value, and it indicates the absolute sequence number after reordering the client declarations. The indexing is zero-based. 0 means the top of the list, 1 means the second entry, and so on. Any number higher than the number of existing entries indicates the end-of-list position.
- Client
- The reference client specifier to indicate the new position of the current client entry. The modified client entry is placed at the location where the Client reference declaration is, and that section is ordered below next to the modified client section.
- list
- Lists the declared
exports and clients. The sequence of rows in the output for a given path reflects also the
sequence of the internal client declaration list for each exported path. The sequence of client
declarations within an export can be reordered using the mmnfs export
change
Path with the --nfschange and
--nfsposition options. The output can be formatted human readable
(default) or machine readable.
- --nfsdefs Path
- Lists the export configuration details for the specified Path.
- -Y
- Displays the command output in a parseable format with a colon (:) as a field
delimiter. Each column is described by a header.Note: Fields that have a colon (:) are encoded to prevent confusion. For the set of characters that might be encoded, see the command documentation of mmclidecode. Use the mmclidecode command to decode the field.
- --nfsdefs-match Path
- Lists the export configuration details of all export paths, which contain the specified string.
- load
- Overwrites (deletes) all existing NFS export declarations in the repository, if any. The export
declarations are fetched from a file provided to the load operation, which could contain a larger
number of export declarations. Some basic format checks are done during export load. After loading
export declarations from a file, the NFS service is restarted across all the nodes in the cluster.
- ExportCFGFile
- The file name for the new exports declarations. This file is loaded and stored in the repository to be published on all CES nodes running the NFS server. This load procedure can be used to load a set of export declarations and that removes any previous configuration. The NFS servers are restarted in order to apply the changes.
List of supported client options for the mmnfs export {add | change} command:
- ACCESS_TYPE
- Allowed values are none, RW, RO, MDONLY, and MDONLY_RO. The default value is none.
- PROTOCOLS
- Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3, and NFSv4. The default value is 3,4.
- TRANSPORTS
- Allowed values are TCP and UDP. The default value is TCP.
- ANONYMOUS_UID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- ANONYMOUS_GID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- SECTYPE
- Allowed values are none, sys, krb5, krb5i, and krb5p. The default value is sys.
- PRIVILEGEDPORT
- Allowed values are true and false. The default value is false.
- MANAGE_GIDS=true
- In this configuration, NFS server discards the list of GIDs passed via the RPC and fetch the group information. For getting the group list, the server uses the default authentication configured on the system (CES node). So, depending on the configuration, the list is obtained by using (/etc/passwd + /etc/groups) or from LDAP or from AD. To reach AD and get the list of GIDs, the client must use sec=krb5, else NFS server is not able to get the list from AD.
- MANAGE_GIDS=false
- NFS server uses list of GIDs passed by RPC.
- SQUASH
- Allowed values are root, root_squash, all, all_squash, allsquash, no_root_squash, none, and noidsquash. The default value is root_squash.
- NFS_COMMIT
- Allowed values are true and false. The default value is
false.Important: Use NFS_COMMIT very carefully because it changes the behavior of how transmitted data is committed on the server side to NFS v2 like sync-mode on every write action.
- CLIENTS
- Allowed values are IP addresses in IPv4 or IPv6 notations, hostnames, netgroups, or * for all. A netgroup name must not start with a numeric character and otherwise must only contain underscore and/or hyphens ("[a-zA-Z_][0-9a-zA-Z_\- .]*"). The default value is *.
- config
- Manages NFS configuration for a CES cluster:
- list
- Displays the NFS configuration parameters and their values. This command also displays all the
default export configurations. This is used as the defaults by the mmnfs export
add command if no other client attributes are specified. The output can be formatted
to be human readable or machine readable.
- --exportdefs
- If this option is specified, the command displays the default export configuration parameters.
- -Y
- Displays the command output in a parseable format with a colon (:) as a field
delimiter. Each column is described by a header.Note: Fields that have a colon (:) are encoded to prevent confusion. For the set of characters that might be encoded, see the command documentation of mmclidecode. Use the mmclidecode command to decode the field.
- change
- Modifies the NFS configuration parameters. NFS is restarted across all the nodes on which NFS is running, when this command is executed. Only some configuration options can be modified by this command.
Exit status
- 0
- Successful completion.
- nonzero
- A failure has occurred.
Security
You must have root authority to run the mmnfs command.
The node on which the command is issued must be able to execute remote shell commands on any other CES node in the cluster without the use of a password and without producing any extraneous messages. For more information, see Requirements for administering a GPFS file system.
Examples
- To create an NFS export (using a netgroup), issue this
command:
The system displays output similar to this:# mmnfs export add /mnt/gpfs0/netgrouppath \ --client "@netgroup(Access_Type=RO,Squash=allsquash)"
The NFS export was created successfully.
Note: To specify an NFS client, use an IP address in IPv4 or IPv6 notation, hostname, netgroup, or * for all. - To create an NFS export (using a client IP), issue this
command:
The system displays output similar to this:# mmnfs export add /mnt/gpfs0/netgrouppath --client "192.0.2.0/20(Access_Type=RW)"
The NFS export was created successfully.
- To add a client definition, issue these
commands:
The system displays output similar to this:# mmnfs export list --nfsdefs /gpfs/fs1/export_1
Now add a client definition that is more restrictive to a different client, 198.51.100.10, by issuing the command:Path Delegations Clients Access_Type Protocols Transports Squash Anonymous_uid Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids NFS_Commit ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- /gpfs/fs1/export_1 none 192.0.2.8 RW 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE none FALSE FALSE
# mmnfs export change /gpfs/fs1/export_1 \ --nfsadd "198.51.100.10(Access_Type=MDONLY,Squash=allsquash)"
The system displays output similar to this:# mmnfs export list
Now add a client definition that is very permissive but we want it to be last on the list so that the more restrictive attributes for client 192.0.2.8 take precedence for that one client, by issuing the command:Path Delegations Clients ------------------------------------------------ /gpfs/fs1/controller none * /gpfs/fs1/export_1 none 192.0.2.8 /gpfs/fs1/export_1 none 198.51.100.10
# mmnfs export change /gpfs/fs1/export_1 \ --nfsadd "192.0.2.0/20(Access_Type=RW,Squash=no_root_squash)" --nfsposition 4
The system displays output similar to this:# mmnfs export list --nfsdefs /gpfs/fs1/export_1
Add multiple client definitions, by issuing the following command:Path Delegations Clients Access Protocols Transports Squash Anonymous Anonymous SecType Privileged Default Manage_Gids NFS_Commit _Type _uid _gid Port Delegation ---------------------------------------------------------------------------------------------------------------------------------------------------------------- /gpfs/fs1/export_1 none 192.0.2.8 RW 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE none FALSE FALSE /gpfs/fs1/export_1 none 198.51.100.10 MDONLY 3,4 TCP allsquash -2 -2 SYS FALSE none FALSE FALSE /gpfs/fs1/export_1 none 192.0.2.0/20 RW 3,4 TCP no_root_squash -2 -2 SYS FALSE none FALSE FALSE
The system displays output similar to this:mmnfs export change /gpfs/fs1/export_1 \ --nfsadd "198.51.100.10,192.0.2.8,192.0.2.0/20(Access_Type=ro,Protocols=3,Squash=ROOT_SQUASH)"
Path Delegations Clients Access Protocols Transports Squash Anonymous Anonymous Sec Privileged Default Manage NFS Pseudo _Type _uid _gid Type Port Delegations _Gids _Commit Path ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- /gpfs/fs1/export_1 NONE 9.47.91.67,192.0.2.8,192.0.2.0/20 RO 3 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /ibm/fs1/e
- To remove an NFS export, issue this
command:
The system displays output similar to this:# mmnfs export change /mnt/gpfs0/somepath --nfsremove "1.2.3.1"
The NFS export was changed successfully.
Note: This command removes a single client definition, for the IP "1.2.3.1", from the NFS export. If this is the last client definition for the export, then the export is also removed. - To modify an NFS export, issue this
command:
The system displays output similar to this:# mmnfs export change /mnt/gpfs0/p1 \ --nfschange "203.0.113.2(Access_Type=RO)" --nfsposition 0
The NFS export was changed successfully.
- To list the NFS configuration, issue this command:
The system displays output similar to this:# mmnfs config list
NFS Ganesha Configuration: ========================== NFS_PROTOCOLS: 3,4 NFS_PORT: 2049 MNT_PORT: 0 NLM_PORT: 0 RQUOTA_PORT: 0 LEASE_LIFETIME: 60 GRACE_PERIOD: 90 DOMAINNAME: VIRTUAL1.COM DELEGATIONS: Disabled ========================== STATD Configuration ========================== STATD_PORT: 0 ========================== CacheInode Configuration ========================== ENTRIES_HWMARK: 1500000 ========================== Export Defaults ========================== ACCESS_TYPE: NONE PROTOCOLS: 3,4 TRANSPORTS: TCP ANONYMOUS_UID: -2 ANONYMOUS_GID: -2 SECTYPE: SYS PRIVILEGEDPORT: FALSE MANAGE_GIDS: FALSE SQUASH: ROOT_SQUASH NFS_COMMIT: FALSE ========================== Log Configuration ========================== LOG_LEVEL: EVENT ========================== Idmapd Configuration ========================== LOCAL-REALMS: LOCALREALM DOMAIN: LOCALDOMAIN ==========================
NFS Kerberos Configuration ========================== NFS_KERBEROS: DISABLED ==========================
Note:For NFS kerberos set to enabled, the output looks similar to following as shown:
NFS Kerberos Configuration ========================= NFS_KERBEROS: ENABLED KEYTABPATH: /var/mmfs/etc/krb5_scale.keytab
- To change STATD_PORT configuration, issue this command (When a port is assigned, STATD is
started on the given port):
The system displays output similar to this:# mmnfs config change STATD_PORT=32765
NFS Configuration successfully changed. NFS server restarted on all NFS nodes on which NFS server is running.
- To list NFS exports, issue this command:
The system displays output similar to this:# mmnfs export list
Path Delegations Clients --------------------------------------------- /gpfs/fs1/controller none * /gpfs/fs1/export_1 none * /gpfs/fs1/export_2 none *
- To list NFS exports pertaining to /mnt/gpfs0/p1, issue this
command:
The system displays output similar to this:# mmnfs export list --nfsdefs /mnt/gpfs0/p1
Path Delegations Clients Access_ Protocols Transports Squash Anonymous Anonymous SecType Privileged Default MANAGE NFS Type _uid _gid Port Delegations _Gids _Commit --------------------------------------------------------------------------------------------------------------------------------------------------- /mnt/gpfs0/p1 none 203.0.113.2 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE none FALSE FALSE /mnt/gpfs0/p1 none * RW 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE none FALSE FALSE /mnt/gpfs0/p1 none 203.0.113.1 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE none FALSE FALSE
- To list export configuration details for the path /gpfs/gpfs1/export1, issue
this command:
The system displays output similar to this:# mmnfs export list --nfsdefs /gpfs/gpfs1/export1
Path Deleg. Clients Access_Type Protocols Transports Squash Anon_uid Anon_gid SecType PrivPort DefDeleg Manage_Gids NFS_Commit ------------------------------------------------------------------------------------------------------------------------------------------------------------ /gpfs/gpfs1/export1 NONE c49f04n10 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE * RW 3 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE c49f04n12 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE c49f04n11 NONE 3,4 TCP NO_ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE
- To list export configuration details for all paths that contain the string -
/gpfs/gpfs1/export1, issue this
command:
The system displays output similar to this:# mmnfs export list --nfsdefs-match /gpfs/gpfs1/export1
Path Deleg. Clients Access_Type Protocols Transports Squash Anon_uid Anon_gid SecType PrivPort DefDeleg Manage_Gids NFS_Commit ------------------------------------------------------------------------------------------------------------------------------------------------------------ /gpfs/gpfs1/export1 NONE c49f04n10 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE * RW 3 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE c49f04n12 RO 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export1 NONE c49f04n11 NONE 3,4 TCP NO_ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/gpfs1/export11NONE * NONE 3,4 TCP ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE
- To list exports of a specific fileset, issue this
command:
The system displays output similar to this:# mmnfs export list -n /gpfs/FS1/fset_io
Path Delegations Clients Access_Type Protocols Transports Squash Anonymous_uid Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids NFS_Commit ------------------------------------------------------------------------------------------------------------------------------------------------------------------ /gpfs/FS1/fset_io NONE @host.linux RW 3,4 TCP NO_ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE /gpfs/FS1/fset_io NONE @host.hsn61_linux RW 3,4 TCP NO_ROOT_SQUASH -2 -2 SYS FALSE NONE FALSE FALSE
- To enable a specific minor version of NFS, issue the following commands:
- Only NFS 4.0
# mmnfs config change MINOR_VERSIONS=0
- NFS 4.0 and 4.1
# mmnfs config change MINOR_VERSIONS=0,1
- Only NFS 4.0
- To enable the UTF8 validation, issue this
command:
# mmnfs config change ENFORCE_UTF8_VALIDATION=true
See also
Location
/usr/lpp/mmfs/bin