Configuring NIM with NFS V4

Introduction

Starting with AIX 6.1, NIM allows you to specify NFS settings on a resource level. This means that all resources in your NIM environment can be converted to NFSv4 compatible resources and completely switch your NIM Master to NFSv4.

NFS attribute can be set to all commonly used NIM resources (lpp_source, SPOT, mksysb, bosinst_data, script) but cannot be set on any other NIM object. NFS settings cannot be separated on a per machine/network/ground level.

Using NFSv4 in your environment provides multiple advantages, such as improved network performance, increased security, firewall configuration (NFSv4 uses single TCP connection to Port 2049 and eliminates the need for having a wide range of ports opened). Another advantage to using NFSv4 is that all exports can be mounted together in a directory tree structure as a part of a pseudo-filesystem, instead of having to mount all exports separately.

This technote will cover how to enable NFSv4 on your NIM Master, how to convert your NIM resources to be NFSv4 compatible, and how to create new resources with the NFSv4 attribute.

Requirements

1. Mush have an NFS v4 Domain Name. To verify:
# chnfsdom

If there is no Domain Name set, you need to set it with:
# chnfsdom <domain name>

2. Must have the nfsrgyd daemon active. To verify:
# lssrc –s nfsrgyd
Subsystem         Group               PID              Status
nfsrgyd                  nfs               14877168        active

If the subsystem is inactive, you can start it with:

# startsrc –s nfsrgyd
0513-059 The nfsrgyd Subsystem has been started. Subsystem PID is 14877168.

Note: You need to have an NFS domain setup before starting the nfsrgyd daemon.

Changing your NIM Master to NFSv4

The first step in migrating your NIM environment to NFSv4 is to first enable NFSv4 on your NIM Master.

First of all, in order to use NFSv4, you must inform the NIM Master which NFS domain the local nfsd uses. You can use the chnfsdom command to determine if one exists, and if not, set one up.

Once that’s determinted, you need to add the information to your NIM Master definition:

# nim –o change –a nfs_domain=<NFS domain name> master

Note: The above command does not only populate the NIM ODM, but it also calls the # chnfsdom <NFS domain name> command afterwards and overwrites the actual NFS Domain name. You need to check carefully for any spelling errors before executing the NIM command if you want to specify an existent NFS domain.

Keep in mind that if your NIM Master is configured to use NFS v4, you can only use NFS v4 compliant NIM resources.

Working with NFSv4 NIM resources

Every NIM resource in your NFSv4 environment needs to be nfs_vers enabled. The first time that you configure NFSv4 on your NIM Master, you will need to add the nfs_vers=4 attribute to all of your existing NIM resources:

NFSv3 lpp_source:

# lsnim -l 7100_05_00_lpp
7100_05_00_lpp:
class       = resources
type        = lpp_source
arch        = power
Rstate      = ready for use
prev_state  = ready for use
location    = /export/lpp_source/7100_05_00_lpp
simages     = yes
alloc_count = 0
server      = master

You can change the NFS version of the NIM resource with:
# nim -o change -a nfs_sec=sys -a nfs_vers=4 <NIM resource>

You can then confirm by running the # lsnim -l command again:

NFSv4 lpp_source:

# lsnim -l NFSlpp
NFSlpp:
class       = resources
type        = lpp_source
arch        = power
Rstate      = ready for use
prev_state  = unavailable for use
nfs_vers    = 4
location    = /export/lpp_source/7100_05_00_lpp
alloc_count = 0
server      = master

You need to change the version on all of your existing NIM resources.

Once all of your NIM resources are changed to NFSv4, you can use the “-a nfs_vers=4”, together with the “nim –o define” command to define NFSv4 NIM resources.

# nim -o define -t lpp_source -a location=/export/lpp_source/<lpp_source name> -a nfs_vers=4 -a server=master -a source=/dev/cd0 -a packages=all <lpp_source name>

# nim –o define –t spot –a server=master –a source=<lpp_source or mksysb> -a location=/export/spot/<name of spot> -a nfs_vers=4 –a auto_expand=yes <SPOT name>

# nim –o define –t mksysb –a mk_image=yes –a mksysb_flags=”-i” –a source=<NIM Client> -a location=/export/mksysb/<mksysb name> -a nfs_vers=4 –a server=master <mksysb name>

These options are available in all smitty menus as well. The two attributes you need to change are:
 NFS Client Security Method
 NFS Version Access

Example with SPOT resource creation:

* Resource Name                                      [spot_7231]
* Resource Type                                       spot
* Server of Resource                                 [master
  Source of Install Images                           [L_72_03_01]
* Location of Resource                               [/export/spot/spot_7231
  NFS Client Security Method                         [sys]
  NFS Version Access                                 [4]  
  EXPAND file systems if space needed?                yes
  Comments                                           [NFSv4 SPOT]

  installp Flags
  PREVIEW only? (install operation will NOT occur)    no
  COMMIT software updates?                            no
  SAVE replaced files?                                yes
  AUTOMATICALLY install requisite software?           yes  
  OVERWRITE same or newer versions?                   no  
  VERIFY install and check file sizes?                no