mmnfs command
Manages NFS exports and configuration.
Synopsis
mmnfs export add Path [--client ClientOptions]
or
mmnfs export remove Path [--force]
or
mmnfs export change Path [--nfsadd ClientOptions]
[--nfschange ClientOptions]
or
mmnfs export list [--nfsdefs Path] [--raw]
or
mmnfs export load ExportCFGFile
or
mmnfs configuration list [--exportdefs] [--raw]
or
mmnfs configuration change "Option=Value:Option=Value1,Value2:Option=Value..."
Availability
Available with IBM Spectrum Scale™ Standard Edition or higher.
Description
Use the mmnfs export commands to add, change, list, load, or remove NFS export declarations for IP addresses on nodes that are configured as CES types.
Use the mmnfs configuration commands to list and change NFS configuration.
The protocol functions provided in this command, or any similar command, are generally referred to as CES (Cluster Export Services). For example, protocol node and CES node are functionally equivalent terms.
Parameters
- export
- Manages the NFS export configuration for the cluster with one
of the following actions:
- add
- Creates a new configuration file for the NFS server in case it
does not yet exist. If there is already an export configuration file,
then it is extended with the provided additional export parameters.
This export configuration file is used by the NFS server to create
an NFS export for the given Path so that clients
can connect to it. If there is already an existing export for the
given Path then an error is shown. Each export
configuration set has internally its own unique identifier number.
This number is automatically incremented for each added export. The mmnfs
export add command attempts to add the new export also
to running NFS server instances, and may fail if one or more instances
are not running. This is not a critical issue, since the configuration
changes have been made in the repository and will be applied later
when restarting the NFS server instance.
The authentication method must be established before an NFS export can be defined.
The export Path must be an existing path in the GPFS™ file system, which is intended to be exported or is already exported to external clients using the NFS protocol.Note: The paths which are not within the GPFS file system cannot be exported using the commands.Creating nested exports (such as /path/to/folder and /path/to/folder/subfolder) is strongly discouraged since this may lead to serious issues in data consistency. Be very cautious when creating and using nested exports.
Some export configuration commands may allow multiple client declarations, and therefore they have separators to distinguish them.
The following separators can be used:- Colon to separate multiple allowed values for a given attribute. For example, the key/value pair "Protocols=3:4" allows the NFS protocols v3 and v4 to be declared for an export.
- Comma to separate key/value pairs within a client declaration
list and a Semicolon to separate client declaration lists.
For example:
--client 192.0.2.0/20 (Access_Type=RW, Protocols=3:4);198.51.100.0/20 (Access_Type=RO,Protocols=3:4,Transports=TCP:UDP)
Note: To take advantage of the GPFS independent fileset features such as quotas, snapshots, and data management, the export paths can be made from GPFS filesets (either dependent or independent).- --client ClientOptions
- Declares the client specific settings. ClientOptions can be a list of one or more client definitions. It is advised to quote the argument list to avoid a wrong parsing by the interpreter. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command.
- remove
- Removes the requested export from the configuration file and also
from running NFS server instances, and may fail if one or more instances
are not running.Note: This command does not remove data.
The --force option is currently not used.
- change
- Modifies an existing export configuration for the export specified
by Path, if the export exists. If the export does
not exist, then an error is shown.Note: Only client-related attributes are modified by this command, but not the basic export settings such as path.
The --nfsposition flag can be only used together with either --nfsadd or --nfschange. It cannot be used standalone or together with --nfsremove. When --nfsadd and --nfsremove are given on the same command line, then the remove procedure is executed first internally.
Note: An export change will cause a restart of the NFS server.- --nfsadd ClientOptions
- Adds a new client declaration for the specified Path. ClientOptions can be a list of one or more client definitions. It is advised to quote the argument list to avoid a wrong parsing by the interpreter. For a list of client definitions that can be specified with the --client option, see List of supported client options for the mmnfs export {add | change} command.
- list
- Lists the declared exports based on the entries in the configuration
file stored in the repository. The sequence of rows in the output
for a given path reflects also the sequence of the internal client
declaration list for each exported path. The sequence of client declarations
within an export can be reordered using the mmnfs export
change Path with the --nfschange and --nfsposition options.
The output can be formatted human readable (default) or machine readable.
- --nfsdefs Path
- Lists the export configuration details for the specified Path. Without this option the mmnfs export list command shows a table with some basic configuration settings for all declared exports.
- --raw
- The output of the mmnfs export list command can be in a tabular form (human readable, default) or in a list of colon separated values in a machine readable format. Use the --raw option to create the machine readable output.
- load
- Overwrites (deletes) all existing NFS export declarations in the
repository, if any. The export declarations are fetched from a file
provided to the load operation, which could contain a larger number
of export declarations. Some basic format checks are done during export
load. After loading export declarations from a file, the NFS service
is restarted across all the nodes in the cluster.
- ExportCFGFile
- The file name for the new exports declarations. This file is loaded and stored in the repository to be published on all CES nodes running the NFS server. This load procedure can be used to load a set of export declarations and that will remove any previous configuration. The NFS servers are restarted in order to apply the changes.
List of supported client options for the mmnfs export {add | change} command:
- ACCESS_TYPE
- Allowed values are none, RW, RO, MDONLY, and MDONLY_RO. The default value is none.
- PROTOCOLS
- Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
- TRANSPORTS
- Allowed values are TCP and UDP. The default value is TCP.
- ANONYMOUS_UID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- ANONYMOUS_GID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- SECTYPE
- Allowed values are none, sys, krb5, krb5i, and krb5p. The default value is sys.
- PRIVILEGEDPORT
- Allowed values are true and false. The default value is false.
- MANAGE_GIDS
- Allowed values are true and false. The default value is false.
- SQUASH
- Allowed values are root, root_squash, all, all_squash, allsquash, no_root_squash, none , and noidsquash. The default value is root_squash.
- NFS_COMMIT
- Allowed values are true and false.
The default value is false.Important: Use NFS_COMMIT very carefully because it changes the behavior of how transmitted data is committed on the server side to a NFS v2 like sync-mode on every write action.
- CLIENTS
- Allowed values are IP addresses in IPv4 or IPv6 notations, or * for all. The default value is *.
- configuration
- Manages NFS configuration for a CES cluster:
- list
- Displays the NFS configuration parameters and their values. This
command also displays all the default export configurations. This
is used as the defaults by the mmnfs export add command
if no other client attributes are specified. The output can be formatted
to be human readable or machine readable.
- --exportdefs
- If this option is specified, the command displays the default export configuration parameters.
- --raw
- The command output can be in a tabular form (human readable, default) or in a list of colon separated values in a machine readable format. Use the --raw option to create the machine readable output.
- change
- Modifies the NFS configuration parameters. NFS is restarted across all the nodes on which NFS is running, when this command is executed. Only some configuration options can be modified by this command.
-
The configuration options that can be modified and their allowed values are as follows:
- NFS_PROTOCOLS
- Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
- NFS_PORT
- Specifies the port where the NFS server will start. Allowed values are between 0 and 65535. The default value is 0.
- MNT_PORT
- Specifies the port for the NFSv3 Mount protocol. Allowed values are between 0 and 65535. The default value is 0.
- NLM_PORT
- Specifies the NLM port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
- RQUOTA_PORT
- Specifies the RQUOTA port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
- STATD_PORT
- Specifies the STATD port for NFSv3. Allowed values are between 0 and 65535. The default value is 0.
- SHORT_FILE_HANDLE
- Allowed values are True or False. The default value is False.
- Set this flag to True when using VMware NFS clients.
- LEASE_LIFETIME
- Allowed values are between 0 and 120. The default value is 60.
- DOMAIN_NAME
- String. The default value is "localdomain".
- IDMAPD_DOMAIN
- Domain name in ID Mapd,String. The default value is localdomain.
- LOCAL_REALMS
- Local Realm in ID Mapd configuration. The default value is localdomain.
- LOG_LEVEL
- Allowed values are NULL, FATAL, MAJ, CRIT, WARN, EVENT, INFO , DEBUG, MID_DEBUG, and FULL_DEBUG. The default value is EVENT.
- ENTRIES_HWMARK
- The high water mark for NFS cache entries. Beyond this point, NFS will try to evict some objects from its cache. The default is 1500000.
Note: Specifying a port number in the NFS service configuration with the value of '0' means that the service is picking a port number dynamically. This port number might change across service restarts. If a firewall is to be established between the NFS server and the NFS clients, specific port number can be configured via the command to establish discrete firewall rules. Note that the NFS_PORT 2049 is a well known and established convention as NFS servers and clients typically expect this port number. If the NFS_PORT is changed to another value, ensure that the clients are also informed accordingly about this port value (depending on the client platform and type of client). Changing the NFS service port numbers impacts existing clients and a remount of the client is required.The export defaults that can be set are:
- ACCESS_TYPE
- Allowed values are none, RW, RO, MDONLY,
and MDONLY_RO. The default value is none.Note: Changing this option to any value other than none will expose data to all NFS clients that can access your network, even if the export is created using add --client ClientOptions to limit that clients access. All clients, even if not declared with the --client in the mmnfs export add, will have access to the data. The global value will apply to an unseen *, even if showmount -e CESIP does not display it. Use caution if you change it in this global definition.
- ANONYMOUS_UID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- ANONYMOUS_GID
- Allowed values are between -2147483648 and 4294967295. The default value is -2.
- MANAGE_GIDS
- Allowed values are true and false. The default value is false.
- NFS_COMMIT
- Allowed values are true and false.
The default value is false.Important: Use NFS_COMMIT very carefully because it changes the behavior of how transmitted data is committed on the server side to a NFS v2 like sync-mode on every write action.
- PRIVILEGEDPORT
- Allowed values are true and false. The default value is false.
- PROTOCOLS
- Allowed values are 3, 4, NFS3, NFS4, V3, V4, NFSv3 , and NFSv4. The default value is 3,4.
- SECTYPE
- Allowed values are none, sys, krb5, krb5i, and krb5p. The default value is sys.
- SQUASH
- Allowed values are root, root_squash, all, all_squash, allsquash, no_root_squash, none ,
and noidsquash. The default value is root_squash.Note: Changing this option to no_root_squash will expose data to root on all NFS clients, even if the export is created using add --client ClientOptions to limit the root access of that client.
- TRANSPORTS
- Allowed values are TCP and UDP. The default value is TCP.
Exit status
- 0
- Successful completion.
- nonzero
- A failure has occurred.
Security
You must have root authority to run the mmnfs command.
The node on which the command is issued must be able to execute remote shell commands on any other CES node in the cluster without the use of a password and without producing any extraneous messages. For more information, see Requirements for administering a file system in IBM Spectrum Scale: Administration and Programming Reference.
Examples
- To create an NFS export (using a netgroup), issue this command:
The system displays output similar to this:mmnfs export add /mnt/gpfs0/netgrouppath \ --client "@netgroup(Access_Type=RO,Squash=allsquash)"
The NFS export was created successfully.
Note: Instead of a netgroup, a client IP address can also be declared, like --client "1.2.3.4". - To create an NFS export (using a client IP), issue this command:
The system displays output similar to this:mmnfs export add /mnt/gpfs0/netgrouppath --client "192.0.2.0/20 (Access_Type=RW)"
The NFS export was created successfully.
- To add a client definition, issue these commands:
The system displays output similar to this:mmnfs export list --nfsdefs /gpfs/fs1/export_1
Now add a client definition that will be more restrictive to a different client, 198.51.100.10, by issuing the command:Path Delegations Clients Access_Type Protocols Transports Squash Anonymous_uid Anonymous_gid SecType PrivilegedPort Export_id DefaultDelegation Manage_Gids NFS_Commit ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- /gpfs/fs1/export_1 none 192.0.2.8 RO 3,4 TCP ROOT_SQUASH -2 -2 sys false 3 none false false
mmnfs export change /gpfs/fs1/export_1 \ --nfsadd "198.51.100.10 (Access_Type=MDONLY,Squash=allsquash)"
The system displays output similar to this:mmnfs export list
Now add a client definition that will be very permissive but we want it to be last on the list so that the more restrictive attributes for client 192.0.2.8 will take precedence for that one client, by issuing the command:Path Delegations Clients ------------------------------------------------ /gpfs/fs1/controller none * /gpfs/fs1/export_1 none 192.0.2.8 /gpfs/fs1/export_1 none 198.51.100.10
mmnfs export change /gpfs/fs1/export_1 \ --nfsadd "192.0.2.0/20(Access_Type=RW,Squash=no_root_squash)" --nfsposition 4
The system displays output similar to this:mmnfs export list --nfsdefs /gpfs/fs1/export_1
Path Delegations Clients Access Protocols Transports Squash Anonymous Anonymous SecType Privileged Export_id Default Manage_Gids NFS_Commit _Type _uid _gid Port Delegation -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- /gpfs/fs1/export_1 none 192.0.2.8 RO 3,4 TCP ROOT_SQUASH -2 -2 sys false 3 none false false /gpfs/fs1/export_1 none 198.51.100.10 MDONLY 3,4 TCP allsquash -2 -2 sys false 3 none false false /gpfs/fs1/export_1 none 192.0.2.0/20 RW 3,4 TCP no_root_squash -2 -2 sys false 3 none false false
Note: mmnfs export change will restart NFS services on all CES nodes in the cluster. - To remove an NFS export, issue this command:
The system displays output similar to this:mmnfs export change /mnt/gpfs0/somepath --nfsremove "1.2.3.1"
[ OK ].12: Stopping ganesha.nfsd: [ OK ] [ OK ].11: Stopping ganesha.nfsd: [ OK ] 203.0.113.12: Starting ganesha.nfsd: [ OK ] 203.0.113.11: Starting ganesha.nfsd: [ OK ]
Note: This command only removes a single client definition of the export. It does not remove the NFS export. It removes the client definition for the IP "1.2.3.1." - To modify an NFS export, issue this command:
The system displays output similar to this:mmnfs export change /mnt/gpfs0/p1 \ --nfschange "203.0.113.2(access_type=RO)" --nfsposition "*"
[ OK ].12: Stopping ganesha.nfsd: [ OK ] [ OK ].11: Stopping ganesha.nfsd: [ OK ] 203.0.113.12: Starting ganesha.nfsd: [ OK ] 203.0.113.11: Starting ganesha.nfsd: [ OK ]
- To list NFS exports, issue this command:
The system displays output similar to this:mmnfs export list
Path Delegations Clients --------------------------------------------- /gpfs/fs1/controller none * /gpfs/fs1/export_1 none * /gpfs/fs1/export_2 none *
- To list NFS exports, issue this command:
The system displays output similar to this:mmnfs export list --nfsdefs /mnt/gpfs0/p1
Path Delegations Clients Access_ Protocols Transports Squash Anonymous Anonymous SecType Privileged Export Default Type _uid _gid Port _id Delegation ------------------------------------------------------------------------------------------------------------------------------------------- /mnt/gpfs0/p1 none 203.0.113.2 RO 3,4 TCP root_squash -2 -2 sys false 1 none /mnt/gpfs0/p1 none * RW 3,4 TCP root_squash -2 -2 sys false 1 none /mnt/gpfs0/p1 none 203.0.113.1 RO 3,4 TCP root_squash -2 -2 sys false 1 none
- To list all NFS configuration, issue this command:
The system displays output similar to this:mmnfs configuration list
NFS Ganesha Configuration: ========================== NFS_PROTOCOLS: 3,4 NFS_PORT: 2049 MNT_PORT: 0 NLM_PORT: 0 RQUOTA_PORT: 0 LEASE_LIFETIME: 60 DOMAINNAME: VIRTUAL1.COM DELEGATIONS: Disabled ============================ STATD Configuration ======================== STATD_PORT: 0 ======================== Export Defaults =============== ACCESS_TYPE: NONE PROTOCOLS: 3,4 TRANSPORTS: TCP ANONYMOUS_UID: -2 ANONYMOUS_GID: -2 SECTYPE: SYS PRIVILEGEDPORT: FALSE MANAGE_GIDS: FALSE SQUASH: ROOT_SQUASH NFS_COMMIT: FALSE Log Configuration ================= DEFAULT_LOG_LEVEL: EVENT
- To change STATD_PORT configuration, issue this command (When a
port is assigned, STATD is started on the given port):
The system displays output similar to this:mmnfs configuration change STATD_PORT=32765
NFS Ganesha Configuration: ========================== NFS_PROTOCOLS: 3,4 NFS_PORT: 2049 MNT_PORT: 0 NLM_PORT: 0 RQUOTA_PORT: 0 LEASE_LIFETIME: 60 DOMAINNAME: VIRTUAL1.COM DELEGATIONS: Disabled ============================ STATD Configuration ======================== STATD_PORT: 32765 ============================ Export Defaults =============== ACCESS_TYPE: NONE PROTOCOLS: 3,4 TRANSPORTS: TCP ANONYMOUS_UID: -2 ANONYMOUS_GID: -2 SECTYPE: SYS PRIVILEGEDPORT: FALSE MANAGE_GIDS: FALSE SQUASH: ROOT_SQUASH NFS_COMMIT: FALSE Log Configuration ================= DEFAULT_LOG_LEVEL: EVENT
mmnfs
mmnfs [ -I ] Command
mmnfs -I
mmnfs -I>