AFM Network File System version 4 support

AFM supports NFSv3 and NFSv4 protocols for communication between the home and the AFM cache. An NFS client must be enabled on the AFM gateway node to replicate data between the home and cache on the gateway node.

NFSv4 support

The AFM gateway node must mount the remote exports by using NFSv3 or NFSv4. AFM does not differentiate between an actual NFS version on mounted remote exports except where ACLs from a third-party file system are migrated by using NFSv4. NFSv4 is more secure and improves the replication performance even on a high latency network.

You can specify an NFS version for the gateway node by changing the afmNFSVersion parameter value at the cluster level. When this value is set, AFM communicates between the home and the cache clusters by using specified versions for all NFS targeted filesets on the file systems. The default value of this parameter is 3. The allowed values of the afmNFSVersion parameter are listed in the following table:
NFS service NFS version
Kernel NFS 3, 4.1, 4.2
CES NFS 3, 4.1
You can change an existing value of the afmNFSVersion parameter by issuing the following command:
 mmchconfig afmNFSVersion=4.1 -i
The new NFS version takes effect immediately.

Enabling NFSv4 at the AFM fileset level

NFSv4 can be enabled at the cluster level or at the fileset level.

To enable a specific NFS version at the cluster level, set the value of afmNFSVersion parameter by issuing the following command:
 mmchconfig afmNFSVersion=4.1 -i

In this example, the configured NFS version is 4.1.

After the version is set, AFM uses the specified NFS version for communication between home or secondary and cache or primary sites for all the filesets across the file systems.

Configuring NFSv4 at the AFM fileset level

You can configure an individual AFM fileset to use NFSv4, so that AFM overrides the value set at cluster level in the afmNFSVersion parameter.

Configure afmNFSV4 to yes or no as needed.

  • To configure an individual AFM fileset to use NFSv4, set the afmNFSV4 parameter to yes:
    afmNFSV4=yes
    Note: With this configuration at fileset level, AFM ignores the afmNFSVersion value set at the cluster level and uses NFS v4.2 in the AFM fileset. If NFS v4.2 is not available, AFM uses NFS v4.1. If neither NFS v4.2 nor NFS v4.1 are available, the fileset is changed to the unmounted state.
  • To change this configuration, so that the AFM fileset uses the NFS version that is specified at cluster level, set the afmNFSV4 parameter to no:
    afmNFSV4=no
Example: Enabling NFSv4 during fileset creation
To enable NFSv4 on a specific fileset during the time of fileset creation, specify afmNFSV4=yes with the mmcrfileset command.
mmcrfileset fs1 testfset -p afmnfsv4=yes
...
Example: Enabling NFSv4 on an existing fileset
To enable NFSv4 on an existing fileset, follow these steps.
  1. Stop the fileset.
    mmafmctl fs1 stop -j <fileset name>
  2. Specify afmNFSV4=yes with the mmchfileset command.
    mmchfileset fs1 <fileset name> -p afmnfsv4=yes
  3. Restart the fileset.
    mmafmctl fs1 start -j <fileset name>
Example: Disabling NFSv4 on an existing fileset
  1. Stop the fileset.
    mmafmctl fs1 stop -j <fileset name>
  2. Specify afmNFSV4=yes with the mmchfileset command.
    mmchfileset fs1 <fileset name> -p afmnfsv4=no
  3. Restart the fileset.
    mmafmctl fs1 start -j <fileset name>

For more information, see NFSv4 support.

Migrating existing AFM filesets with an old NFS version as a target

After the afmNFSVersion value is changed from 3 to 4, migrate existing AFM filesets with NFS targets by setting NFSv3 to NFSv4. Complete the following steps on all AFM filesets to change an NFS version on all file systems:
  1. Check the existing NFS version on all file systems.
     mmlsconfig afmNFSVersion
    A sample output is as follows:
    afmNFSVersion 3
  2. Change the NFS version to 4.1 on all file systems.
     mmchconfig afmNFSVersion=4.1 -i
  3. Stop all AFM filesets, which are using NFS as a target.
     mmafmctl fs1 stop -j afmNFSFileset1
  4. Start all AFM filesets, which are using NFS as a target.
     mmafmctl fs1 start -j afmNFSFileset1

    An AFM fileset is enabled to work with NFSv4 exports from the home server.

    Restriction: AFM filesets can use NFSv3 or NFSv4. You cannot set both NFS versions simultaneously for a cluster.
For more information about the afmNFSVersion parameter, see the mmchconfig command. For more information, see Enabling AFM Network File System version 4.

Migrating NFSv4 ACL from a third-party file server

After the NFSv4 is configured on a cluster, AFM can also download the NFSv4 ACLs of the files or directories from a third-party file server (non-GPFS) to an IBM Storage Scale AFM fileset. AFM can sync both data and NFSv4 ACLs from the third-party file server to the AFM cache. After the migration is complete, you can convert this cache to a GPFS file system by disabling AFM or you can replicate AFM cache data to another target.

For the migration of NFS v4 ACLs from a non-GPFS or a third-party file server, configure the afmSyncNFSv4ACL parameter on the cache. This parameter must be set when home is a non-GPFS home or a third-party file server. This parameter is a cluster level parameter.
 mmchconfig afmSyncNFSv4ACL=yes -i
# mmlsconfig afmSyncNFSv4ACL
AFM pulls the NFS v4 ACLs of files or directories from the non-GPFS or third-party file server.

NFSv4 ACL conversion examples

  1. Display ACL that is set on an external file system on the home.
    # getfacl /ext4/dir1/1.txt
    A sample output is as follows:
    getfacl: Removing leading '/' from absolute path names
# file: ext4/dir1/1.txt
# owner: root
# group: root
user::rw-
user:user12:rwx
group::r--
group:user12:rwx
mask::rwx
other::r--
  2. A single writer AFM mode fileset is created and data is cached. Check the directory contents.
    # cd /gpfs/gpfs1/sw1
    # ls -l
    A sample output is as follows:
    total 0
-rw-rwxr--+ 1 root root 3 Apr
-rw-rwxr--+ 1 root root 3 Apr
8 15:08 1.txt
8 15:08 2.txt
  3. Display NFSV4 ACL on the cache by issuing the getfacl command.
    # getfacl 1.txt
    A sample output is as follows:
    # file: 1.txt
# owner: root
# group: root
user::rw-
user:user12:rwx
group::r--
mask::rwx
group:user12:rwx
other::r--
  4. Display NFSV4 ACL on the cache by issuing the mmgetacl command.
    # mmgetacl -k nfs4 1.txt
    A sample output is as follows:
    #NFSv4 ACL
#owner:root
#group:root
special:owner@:--x-:deny
(-)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (-)SYNCHRONIZE (-)READ_ACL (-)READ_ATTR
(-)READ_NAMED
(-)DELETE
(X)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:owner@:rw-c:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (X)CHOWN
(-)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR
(X)WRITE_NAMED
user:user12:rwx-:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
group:user12:rwx-:allow
(X)READ/LIST (X)WRITE/CREATE (X)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:group@:r---:allow
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED
special:everyone@:r---:allow
(X)READ/LIST (-)WRITE/CREATE (-)APPEND/MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR
(X)READ_NAMED
(-)DELETE
(-)DELETE_CHILD (-)CHOWN
(-)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR
(-)WRITE_NAMED