NFS Configuration Power Guide ONTAP® 9 Sixth edition (July 2021) © Copyright Lenovo 2018, 2021. LIMITED AND RESTRICTED RIGHTS NOTICE: If data or software is delivered pursuant to a General Services Administration (GSA) contract, use, reproduction, or disclosure is subject to restrictions set forth in Contract No. GS-35F-05925 Contents Chapter 1. Deciding whether to use the Verifying permissions for Kerberos NFS Configuration Power Guide. 1 configuration . 33 Creating an NFS Kerberos realm Chapter 2. NFS configuration configuration . 34 workflow . 3 Configuring NFS Kerberos permitted encryption types. 35 Assessing physical storage requirements . 4 Enabling Kerberos on a data LIF . 36 Assessing networking requirements . 4 Deciding where to provision new NFS storage Chapter 4. Adding storage capacity capacity. 5 to an NFS-enabled SVM . 39 Worksheet for gathering NFS configuration information . 5 Creating an export policy . 39 Adding a rule to an export policy . 39 Chapter 3. Configuring NFS access Creating a volume or qtree storage container . 43 to an SVM . 13 Creating a volume . 43 Creating an SVM . 13 Creating a qtree . 44 Verifying that the NFS protocol is enabled on the Securing NFS access using export policies . 45 SVM . 14 Managing the processing order of export Opening the export policy of the SVM root rules . 45 volume . 14 Assigning an export policy to a volume . 45 Creating an NFS server . 15 Assigning an export policy to a qtree . 46 Creating a LIF . 17 Verifying NFS client access from the cluster . 47 Enabling DNS for host-name resolution . 19 Testing NFS access from client systems . 47 Configuring name services . 20 Configuring the name service switch table . 20 Chapter 5. Where to find additional Configuring local UNIX users and groups . 21 information. 49 Working with netgroups . 24 Creating an NIS domain configuration . 26 Appendix A. Contacting Support . 51 Using LDAP . 26 Appendix B. Notices. 53 Using Kerberos with NFS for strong security . 33 Trademarks . 54 © Copyright Lenovo 2018, 2021 i ii NFS Configuration Power Guide Chapter 1. Deciding whether to use the NFS Configuration Power Guide This guide describes how to use ONTAP 9 CLI commands to configure NFS client access to files contained in a new volume or qtree in a new or existing storage virtual machine (SVM). It includes examples and advanced configuration options. You should use this guide if you want to configure access to a volume or qtree in the following way: • You want to use any version of NFS currently supported by ONTAP: NFSv3, NFSv4, NFSv4.1, NFSv4.2, or NFSv4.1 with pNFS. • You want to use the command-line interface (CLI), not ThinkSystem Storage Manager for DM Series or an automated scripting tool. You can use the NFS Configuration Express Guide and other Express Guides to support configuration with Storage Manager, and OnCommand Workflow Automation for automated scripting support. • You want to use best practices, not explore every available option. Details about command syntax are available from CLI help and ONTAP man pages. • You do not want to read a lot of conceptual background. Additional information about ONTAP technology and interaction with external services is available in the Lenovo Information Library. • UNIX file permissions will be used to secure the new volume. • You have cluster administrator privileges, not SVM administrator privileges. If this guide is not suitable for your situation, you should see the following documentation instead: • NFS express configuration guide • ONTAP Command man pages • NFS File Access Reference Guide • Network Management Guide © Copyright Lenovo 2018, 2021 1 2 NFS Configuration Power Guide Chapter 2. NFS configuration workflow Configuring NFS involves assessing physical storage and networking requirements, and then choosing a workflow that is specific to your goal—configuring NFS access to a new or existing SVM, or adding a volume or qtree to an existing SVM that is already fully configured for NFS access. © Copyright Lenovo 2018, 2021 3 Assessing physical storage requirements Before provisioning NFS storage for clients, you must ensure that there is sufficient space in an existing aggregate for the new volume. If there is not, you can add disks to an existing aggregate or create a new aggregate of the desired type. Step 1. Display available space in existing aggregates: storage aggregate show If there is an aggregate with sufficient space, record its name in the worksheet. Example cluster::> storage aggregate show Aggregate Size Available Used% State #Vols Nodes RAID Status --------- -------- --------- ----- ------- ------ ------ ----------- aggr_0 239.0GB 11.13GB 95% online 1 node1 raid_dp, normal aggr_1 239.0GB 11.13GB 95% online 1 node1 raid_dp, normal aggr_2 239.0GB 11.13GB 95% online 1 node2 raid_dp, normal aggr_3 239.0GB 11.13GB 95% online 1 node2 raid_dp, normal aggr_4 239.0GB 238.9GB 95% online 5 node3 raid_dp, normal aggr_5 239.0GB 239.0GB 95% online 4 node4 raid_dp, normal 6 entries were displayed. Step 2. If there are no aggregates with sufficient space, add disks to an existing aggregate by using the ssttoorraaggee aaggggrreeggaattee aadddd--ddiisskkss command, or create a new aggregate by using the ssttoorraaggee aaggggrreeggaattee ccrreeaattee command. Assessing networking requirements Before providing NFS storage to clients, you must verify that networking is correctly configured to meet the NFS provisioning requirements. Before you begin The following cluster networking objects must be configured: • Physical and logical ports • Broadcast domains • Subnets (if required) • IPspaces (as required, in addition to the default IPspace) • Failover groups (as required, in addition to the default failover group for each broadcast domain) • External firewalls Step 1. Display the available physical and virtual ports: network port show • When possible, you should use the port with the highest speed for the data network. • All components in the data network must have the same MTU setting for best performance. 4 NFS Configuration Power Guide Step 2. If you are planning to use a subnet name to allocate the IP address and network mask value for a LIF, verify that the subnet exists and has sufficient addresses available: network subnet show Subnets contain a pool of IP addresses that belong to the same layer 3 subnet. Subnets are created by using the nneettwwoorrkk ssuubbnneett ccrreeaattee command. Step 3. Display available IPspaces: network ipspace show You can use the default IPspace or a custom IPspace. Step 4. If you want to use IPv6 addresses, verify that IPv6 is enabled on the cluster: network options ipv6 show If required, you can enable IPv6 by using the nneettwwoorrkk ooppttiioonnss iippvv66 mmooddiiffyy command. Deciding where to provision new NFS storage capacity Before you create a new NFS volume or qtree, you must decide whether to place it in a new or existing SVM, and how much configuration the SVM requires. This decision determines your workflow. If you want to provision a volume or qtree on a new SVM, or on an existing SVM that has NFS enabled but not configured, complete the steps in both “Configuring NFS access to an SVM” and “Adding NFS storage to an NFS-enabled SVM”. Chapter 3 “Configuring NFS access to an SVM” on page 13 Chapter 4 “Adding NFS storage to an NFS-enabled SVM” on page 39 You might choose to create a new SVM if one of the following is true: – You are enabling NFS on a cluster for the first time. – You have existing SVMs in a cluster in which you do not want to enable NFS support. – You have one or more NFS-enabled SVMs in a cluster, and you want another NFS server in an isolated namespace (multi-tenancy scenario). You should also choose this option to provision storage on an existing SVM that has NFS enabled but not configured. This might be the case if you created the SVM for SAN access or if no protocols were enabled when the SVM was created. After enabling NFS on the SVM, proceed to provision a volume or qtree. If you want to provision a volume or qtree on an existing SVM that is fully configured for NFS access, complete the steps in “Adding NFS storage to an NFS-enabled SVM ”. Chapter 4 “Adding NFS storage to an NFS-enabled SVM” on page 39 Worksheet for gathering NFS configuration information The NFS configuration worksheet enables you to collect the required information to set up NFS access for clients. You should complete one or both sections of the worksheet depending on the decision you made about where to provision storage: • If you are configuring NFS access to an SVM, you should complete both sections. Chapter 2. NFS configuration workflow 5 “Configuring NFS access to an SVM ” on page 6 “Adding storage capacity to an NFS-enabled SVM ” on page 10 • If you are adding storage capacity to an NFS-enabled SVM, you should complete only the second section. “Adding storage capacity to an NFS-enabled SVM ” on page 10 See the command man pages for details about the parameters. Configuring NFS access to an SVM Parameters for creating an SVM You supply these values with the vvsseerrvveerr ccrreeaattee command if you are creating a new SVM. Field Description Your value -vserver A name you supply for the new SVM that is either a fully qualified domain name (FQDN) or follows another convention that enforces unique SVM names across a cluster. -aggregate The name of an aggregate in the cluster with sufficient space for new NFS storage capacity. -rootvolume A unique name you supply for the SVM root volume. -rootvolume-security-style Use the UNIX security style for the SVM. unix -language Use the default language setting in this C.UTF-8 workflow. ipspace IPspaces are distinct IP address spaces in which (storage virtual machines (SVMs)) reside. Parameters for creating an NFS server You supply these values with the vvsseerrvveerr nnffss ccrreeaattee command when you create a new NFS server and specify supported NFS versions.