Scribd
Upload
49 views

NFS Configuration Express Guide: Ontap 9

Uploaded by

Tiger Black
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
49 views

NFS Configuration Express Guide: Ontap 9

Uploaded by

Tiger Black
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

ONTAP® 9

NFS Configuration Express Guide

August 2019 | 215-11172_2019-08_en-us


[email protected]

Updated for ONTAP 9.5


Table of Contents | 3

Contents
Deciding whether to use this guide ............................................................. 4
NFS configuration workflow ....................................................................... 5
Creating an aggregate .................................................................................................. 5
Deciding where to provision the new volume ............................................................. 6
Creating a new NFS-enabled SVM ............................................................. 7
Creating a new SVM with an NFS volume and export ............................................... 7
Opening the export policy of the SVM root volume (Creating a new NFS-
enabled SVM) ...................................................................................................... 11
Configuring LDAP (Creating a new NFS-enabled SVM) ......................................... 12
Verifying NFS access from a UNIX administration host .......................................... 14
Configuring and verifying NFS client access (Creating a new NFS-enabled
SVM) ................................................................................................................... 15
Configuring NFS access to an existing SVM ............................................ 17
Adding NFS access to an existing SVM ................................................................... 17
Opening the export policy of the SVM root volume(Configuring NFS access to
an existing SVM) ................................................................................................. 19
Configuring LDAP (Configuring NFS access to an existing SVM ) ........................ 20
Verifying NFS access from a UNIX administration host .......................................... 23
Configuring and verifying NFS client access (Configuring NFS access to an
existing SVM) ..................................................................................................... 24
Adding an NFS volume to an NFS-enabled SVM ................................... 26
Creating and configuring a volume ........................................................................... 26
Creating an export policy for the volume .................................................................. 27
Verifying NFS access from a UNIX administration host .......................................... 29
Configuring and verifying NFS client access (Adding an NFS volume to an
NFS-enabled SVM) ............................................................................................. 30
Where to find additional information ....................................................... 32
Copyright .................................................................................................... 33
Trademark .................................................................................................. 34
How to send comments about documentation and receive update
notifications ............................................................................................ 35
4

Deciding whether to use the NFS Configuration


Express Guide
This guide describes how to quickly set up NFS access to a new volume on either a new or existing
storage virtual machine (SVM).
You should use this guide if you want to configure access to a volume in the following way:

• NFS access will be through NFSv3, not NFSv4 or NFSv4.1.

• You want to use best practices, not explore every available option.

• You do not want to read a lot of conceptual background.

• You want to use OnCommand System Manager, not the ONTAP command-line interface or an
automated scripting tool.
Cluster management using System Manager
• Your data network uses the default IPspace, the default broadcast domain, and the default failover
group.
If your data network is flat, using these default objects ensures that LIFs will fail over correctly in
the event of a link failure. If you are not using the default objects, you should refer to the Network
Management Guide for information on how to configure LIF path failover.
• UNIX file permissions will be used to secure the new volume.

• LDAP, if used, is provided by Active Directory.

If this guide is not suitable for your situation, you should see the following documentation instead:

• NFS management
• NetApp Technical Report 4067: NFS Best Practice and Implementation Guide
• NetApp Technical Report 4073: Secure Unified Authentication
• NetApp Technical Report 3580: NFSv4 Enhancements and Best Practices Guide: Data ONTAP
Implementation
• NetApp Technical Report 4379: Name Services Best Practices Guide
• NetApp Documentation: OnCommand Workflow Automation (current releases)
OnCommand Workflow Automation enables you to run prepackaged workflows that automate
management tasks such as the workflows described in Express Guides.
5

NFS configuration workflow


Configuring NFS involves optionally creating an aggregate and then choosing a workflow that is
specific to your goal—creating a new NFS-enabled SVM, configuring NFS access to an existing
SVM, or simply adding an NFS volume to an existing SVM that is already fully configured for NFS
access.

Creating an aggregate
If you do not want to use an existing aggregate, you can create a new aggregate to provide physical
storage to the volume which you are provisioning.

About this task


If you have an existing aggregate that you want to use for the new volume, you can skip this
procedure.

Steps

1. Enter the URL https://IP-address-of-cluster-management-LIF in a web browser and


log in to System Manager using your cluster administrator credential.
6 | NFS Configuration Express Guide

2. Navigate to the Aggregates window.

3. Click Create.

4. Follow the instructions on the screen to create the aggregate using the default RAID-DP
configuration, and then click Create.

Result
The aggregate is created with the specified configuration and added to the list of aggregates in the
Aggregates window.

Deciding where to provision the new volume


Before you create a new NFS volume, you must decide whether to place it in an existing storage
virtual machine (SVM), and, if so, how much configuration the SVM requires. This decision
determines your workflow.

Choices

• If you want to provision a volume on a new SVM, create a new NFS-enabled SVM.
Creating a new NFS-enabled SVM
You must choose this option if NFS is not enabled on an existing SVM.

• If you want to provision a volume on an existing SVM on which NFS is enabled but not
configured, configure NFS access on the existing SVM.
Configuring NFS access on an existing SVM
You should choose this option if you created the SVM for SAN access by using the relevant
Express Guide.

• If you want to provision a volume on an existing SVM that is fully configured for NFS access,
add an NFS volume to the NFS-enabled SVM.
Adding an NFS volume to an NFS-enabled SVM
7

Creating a new NFS-enabled SVM


Setting up an NFS-enabled SVM involves creating the new SVM with an NFS volume and export,
opening the default export policy of the SVM root volume and then verifying NFS access from a
UNIX administration host. You can then configure NFS client access.

Steps
1. Creating a new SVM with an NFS volume and export on page 7
2. Opening the export policy of the SVM root volume (Creating a new NFS-enabled SVM) on page
11
3. Configuring LDAP (Creating a new NFS-enabled SVM) on page 12
4. Verifying NFS access from a UNIX administration host on page 14
5. Configuring and verifying NFS client access (Creating a new NFS-enabled SVM) on page 15

Creating a new SVM with an NFS volume and export


You can use a wizard that guides you through the process of creating the storage virtual machine
(SVM), configuring Domain Name System (DNS), creating a data logical interface (LIF), enabling
NFS, optionally configuring NIS, and then creating and exporting a volume.

Before you begin

• Your network must be configured and the relevant physical ports must be connected to the
network.

• You must know which of the following networking components the SVM will use:

◦ The node and the specific port on that node where the data logical interface (LIF) will be
created

◦ The subnet from which the data LIF's IP address will be provisioned, or optionally the specific
IP address you want to assign to the data LIF

◦ NIS information, if your site uses NIS for name services or name mapping

• The subnet must be routable to all external servers required for services such as Network
Information Service (NIS), Lightweight Directory Access Protocol (LDAP), Active Directory
(AD), and DNS.

• Any external firewalls must be appropriately configured to allow access to network services.

• The time on the AD domain controllers, clients, and SVM must be synchronized to within five
minutes of each other.

Steps

1. Navigate to the SVMs window.

2. Click Create.

3. In the Storage Virtual Machine (SVM) Setup dialog box, create the SVM:

a. Specify a unique name for the SVM.


The name must either be a fully qualified domain name (FQDN) or follow another convention
that ensures unique names across a cluster.
8 | NFS Configuration Express Guide

b. Select all the protocols that you have licenses for and that you will eventually use on the
SVM, even if you do not want to configure all the protocols immediately.
If CIFS access is required eventually, you must select CIFS now so that CIFS and NFS clients
can share the same data LIF.

c. Keep the default language setting, C.UTF-8.


This language is inherited by the volume that you create later, and a volume's language cannot
be changed.

d. Optional: If you enabled the CIFS protocol, change the security style to UNIX.
Selecting the CIFS protocol sets the security style to NTFS by default.

e. Optional: Select the root aggregate to contain the SVM root volume.
The aggregate that you select for the root volume does not determine the location of the data
volume. The aggregate for the data volume is selected automatically when you provision
storage in a later step.

f. Optional: In the DNS Configuration area, ensure that the default DNS search domain and
name servers are the ones that you want to use for this SVM.

g. Click Submit & Continue.

The SVM is created, but protocols are not yet configured.


Creating a new NFS-enabled SVM | 9

4. In the Data LIF Configuration section of the Configure CIFS/NFS protocol page, specify the
details of the LIF that clients will use to access data:

a. Assign an IP address to the LIF automatically from a subnet you specify or manually enter the
address.

b. Click Browse and select a node and port that will be associated with the LIF.

5. If the NIS Configuration area is collapsed, expand it.

6. If your site uses NIS for name services or name mapping, specify the domain and IP addresses of
the NIS servers.

7. Create and export a volume for NFS access:

a. For Export Name, type a name that will be both the export name and the beginning of the
volume name.

b. Specify a size for the volume that will contain the files.

You do not have to specify the aggregate for the volume because it is automatically located on
the aggregate with the most available space.

c. In the Permission field, click Change, and specify an export rule that gives NFSv3 access to a
UNIX administration host, including Superuser access.
10 | NFS Configuration Express Guide

Example
You can create a 10 GB volume named Eng, export it as Eng, and add a rule that gives the
“admin_host” client full access to the export, including Superuser access.

8. Click Submit & Continue.


The following objects are created:

• A data LIF named after the SVM with the suffix “_nfs_lif1”

• An NFS server

• A volume that is located on the aggregate with the most available space and has a name that
matches the name of the export and ends in the suffix “_NFS_volume”

• An export for the volume

• An export policy with the same name as the export

9. For all other protocol configuration pages that are displayed, click Skip and configure the
protocol later.

10. When the SVM Administration page is displayed, configure or defer configuring a separate
administrator for this SVM:

• Click Skip and configure an administrator later if required.

• Enter the requested information and then click Submit & Continue.

11. Review the Summary page, record any information you might require later and then click OK.
NFS clients need to know the IP address of the data LIF.
Creating a new NFS-enabled SVM | 11

Result
A new SVM is created with an NFS server containing a new volume that is exported for an
administrator.

Opening the export policy of the SVM root volume (Creating


a new NFS-enabled SVM)
You must add a rule to the default export policy to allow all clients access through NFSv3. Without
such a rule, all NFS clients are denied access to the storage virtual machine (SVM) and its volumes.

About this task


You should specify all NFS access as the default export policy, and later restrict access to individual
volumes by creating custom export policies for individual volumes.

Steps

1. Navigate to the SVMs window.

2. Click the SVM Settings tab.

3. In the Policies pane, click Export Policies.

4. Select the export policy named default, which is applied to the SVM root volume.

5. In the lower pane, click Add.

6. In the Create Export Rule dialog box, create a rule that opens access to all clients for NFS
clients:

a. In the Client Specification field, enter 0.0.0.0/0 so that the rule applies to all clients.

b. Retain the default value as 1 for the rule index.

c. Select NFSv3.

d. Clear all the check boxes except the UNIX check box under Read-Only.

e. Click OK.
12 | NFS Configuration Express Guide

Result
NFSv3 clients can now access any volumes created on the SVM.

Configuring LDAP (Creating a new NFS-enabled SVM)


If you want the storage virtual machine (SVM) to get user information from Active Directory-based
Lightweight Directory Access Protocol (LDAP), you must create an LDAP client, enable it for the
SVM, and give LDAP priority over other sources of user information.

Before you begin

• The LDAP configuration must be using Active Directory (AD).


If you use another type of LDAP, you must use the command-line interface (CLI) and other
documentation to configure LDAP.
NetApp Technical Report 4073: Secure Unified Authentication
• You must know the AD domain and servers, as well as the following binding information: the
authentication level, the Bind user and password, the base DN, and the LDAP port.

Steps

1. Navigate to the SVMs window.

2. Select the required SVM

3. Click the SVM Settings tab.

4. Set up an LDAP client for the SVM to use:

a. In the Services pane, click LDAP Client.

b. In the LDAP Client Configuration window, click Add.

c. In the General tab of the Create LDAP Client window, type the name of the LDAP client
configuration, such as vs0client1.

d. Add either the AD domain or the AD servers.

e. Click Binding, and specify the authentication level, the Bind user and password, the base DN,
and the port.
Creating a new NFS-enabled SVM | 13

f. Click Save and Close.

A new client is created and available for the SVM to use.

5. Enable the new LDAP client for the SVM:

a. In the navigation pane, click LDAP Configuration.

b. Click Edit.

c. Ensure that the client you just created is selected in LDAP client name.

d. Select Enable LDAP client, and click OK.

The SVM uses the new LDAP client.

6. Give LDAP priority over other sources of user information, such as Network Information Service
(NIS) and local users and groups:

a. Navigate to the SVMs window.

b. Select the SVM and click Edit.

c. Click the Services tab.

d. Under Name Service Switch, specify LDAP as the preferred name service switch source for
the database types.

e. Click Save and Close.


14 | NFS Configuration Express Guide

LDAP is the primary source of user information for name services and name mapping on this
SVM.

Verifying NFS access from a UNIX administration host


After you configure NFS access to storage virtual machine (SVM), you should verify the
configuration by logging in to an NFS administration host and reading data from and writing data to
the SVM.

Before you begin

• The client system must have an IP address that is allowed by the export rule you specified earlier.

• You must have the login information for the root user.

Steps

1. Log in as the root user to the client system.

2. Enter cd /mnt/ to change the directory to the mount folder.

3. Create and mount a new folder using the IP address of the SVM:

a. Enter mkdir /mnt/folder to create a new folder.

b. Enter mount -t nfs -o nfsvers=3,hard IPAddress:/volume_name /mnt/folder


to mount the volume at this new directory.

c. Enter cd folder to change the directory to the new folder.


Creating a new NFS-enabled SVM | 15

Example
The following commands create a folder named test1, mount the vol1 volume at the 192.0.2.130
IP address on the test1 mount folder, and change to the new test1 directory:

host# mkdir /mnt/test1


host# mount -t nfs -o nfsvers=3,hard 192.0.2.130:/vol1 /mnt/test1
host# cd /mnt/test1

4. Create a new file, verify that it exists, and write text to it:
a. Enter touch filename to create a test file.

b. Enter ls -l filename to verify that the file exists.

c. Enter cat >filename, type some text, and then press Ctrl+D to write text to the test file.

d. Enter cat filename to display the content of the test file.

e. Enter rm filename to remove the test file.

f. Enter cd .. to return to the parent directory.

Example

host# touch myfile1


host# ls -l myfile1
-rw-r--r-- 1 root root 0 Sep 18 15:58 myfile1
host# cat >myfile1
This text inside the first file
host# cat myfile1
This text inside the first file
host# rm -r myfile1
host# cd ..

Result
You have confirmed that you have enabled NFS access to the SVM.

Configuring and verifying NFS client access (Creating a new


NFS-enabled SVM)
When you are ready, you can give select clients access to the share by setting UNIX file permissions
on a UNIX administration host and adding an export rule in System Manager. Then you should test
that the affected users or groups can access the volume.

Steps

1. Decide which clients and users or groups will be given access to the share.

2. On a UNIX administration host, use the root user to set UNIX ownership and permissions on the
volume.

3. In System Manager, add rules to the export policy to permit NFS clients to access the share.

a. Select the storage virtual machine (SVM), and click SVM Settings.

b. In the Policies pane, click Export Policies.

c. Select the export policy with the same name as the volume.
16 | NFS Configuration Express Guide

d. In the Export Rules tab, click Add, and specify a set of clients.

e. Select 2 for the Rule Index so that this rule executes after the rule that allows access to the
administration host.

f. Select NFSv3.

g. Specify the access details that you want, and click OK.

Example
You can give full read/write access to clients by typing the subnet 10.1.1.0/24 as the Client
Specification, and selecting all the access check boxes except Allow Superuser Access.

4. On a UNIX client, log in as one of the users who now has access to the volume, and verify that
you can mount the volume and create a file.
17

Configuring NFS access to an existing SVM


Adding access for NFS clients to an existing SVM involves adding NFS configurations to the SVM,
opening the export policy of the SVM root volume, optionally configuring LDAP, and verifying NFS
access from a UNIX administration host. You can then configure NFS client access.

Steps
1. Adding NFS access to an existing SVM on page 17
2. Opening the export policy of the SVM root volume(Configuring NFS access to an existing SVM)
on page 19
3. Configuring LDAP (Configuring NFS access to an existing SVM ) on page 20
4. Verifying NFS access from a UNIX administration host on page 23
5. Configuring and verifying NFS client access (Configuring NFS access to an existing SVM) on
page 24

Adding NFS access to an existing SVM


Adding NFS access to an existing SVM involves creating a data LIF, optionally configuring NIS,
provisioning a volume, exporting the volume, and configuring the export policy.

Before you begin

• You must know which of the following networking components the SVM will use:

◦ The node and the specific port on that node where the data logical interface (LIF) will be
created

◦ The subnet from which the data LIF's IP address will be provisioned, or optionally the specific
IP address you want to assign to the data LIF

• Any external firewalls must be appropriately configured to allow access to network services.

• The NFS protocol must be allowed on the SVM.


This is the case if you created the SVM while following another Express Guide to configure a
SAN protocol.

Steps

1. Navigate to the area where you can configure the protocols of the SVM:

a. Select the SVM that you want to configure.

b. In the Details pane, next to Protocols, click NFS.

2. In the Configure NFS protocol dialog box, create a data LIF.

a. Assign an IP address to the LIF automatically from a subnet you specify or manually enter the
address.

b. Click Browse and select a node and port that will be associated with the LIF.
18 | NFS Configuration Express Guide

3. If your site uses NIS for name services or name mapping, specify the domain and IP addresses of
the NIS servers and select the database types for which you want to add the NIS name service
source.

If NIS services are not available, do not attempt to configure it. Improperly configured NIS
services can cause datastore access issues.

4. Create and export a volume for NFS access:

a. For Export Name, type a name that will be both the export name and the beginning of the
volume name.

b. Specify a size for the volume that will contain the files.

You do not have to specify the aggregate for the volume because it is automatically located on
the aggregate with the most available space.

c. In the Permission field, click Change, and specify an export rule that gives NFSv3 access to a
UNIX administration host, including Superuser access.
Configuring NFS access to an existing SVM | 19

Example
You can create a 10 GB volume named Eng, export it as Eng, and add a rule that gives the
“admin_host” client full access to the export, including Superuser access.

5. Click Submit & Close, and then click OK.

Opening the export policy of the SVM root


volume(Configuring NFS access to an existing SVM)
You must add a rule to the default export policy to allow all clients access through NFSv3. Without
such a rule, all NFS clients are denied access to the storage virtual machine (SVM) and its volumes.

About this task


You should specify all NFS access as the default export policy, and later restrict access to individual
volumes by creating custom export policies for individual volumes.

Steps

1. Navigate to the SVMs window.

2. Click the SVM Settings tab.

3. In the Policies pane, click Export Policies.

4. Select the export policy named default, which is applied to the SVM root volume.

5. In the lower pane, click Add.


20 | NFS Configuration Express Guide

6. In the Create Export Rule dialog box, create a rule that opens access to all clients for NFS
clients:

a. In the Client Specification field, enter 0.0.0.0/0 so that the rule applies to all clients.

b. Retain the default value as 1 for the rule index.

c. Select NFSv3.

d. Clear all the check boxes except the UNIX check box under Read-Only.

e. Click OK.

Result
NFSv3 clients can now access any volumes created on the SVM.

Configuring LDAP (Configuring NFS access to an existing


SVM )
If you want the storage virtual machine (SVM) to get user information from Active Directory-based
Lightweight Directory Access Protocol (LDAP), you must create an LDAP client, enable it for the
SVM, and give LDAP priority over other sources of user information.

Before you begin

• The LDAP configuration must be using Active Directory (AD).


If you use another type of LDAP, you must use the command-line interface (CLI) and other
documentation to configure LDAP.
NetApp Technical Report 4073: Secure Unified Authentication
• You must know the AD domain and servers, as well as the following binding information: the
authentication level, the Bind user and password, the base DN, and the LDAP port.

Steps

1. Navigate to the SVMs window.


Configuring NFS access to an existing SVM | 21

2. Select the required SVM

3. Click the SVM Settings tab.

4. Set up an LDAP client for the SVM to use:

a. In the Services pane, click LDAP Client.

b. In the LDAP Client Configuration window, click Add.

c. In the General tab of the Create LDAP Client window, type the name of the LDAP client
configuration, such as vs0client1.

d. Add either the AD domain or the AD servers.

e. Click Binding, and specify the authentication level, the Bind user and password, the base DN,
and the port.

f. Click Save and Close.


A new client is created and available for the SVM to use.

5. Enable the new LDAP client for the SVM:

a. In the navigation pane, click LDAP Configuration.

b. Click Edit.

c. Ensure that the client you just created is selected in LDAP client name.
22 | NFS Configuration Express Guide

d. Select Enable LDAP client, and click OK.

The SVM uses the new LDAP client.

6. Give LDAP priority over other sources of user information, such as Network Information Service
(NIS) and local users and groups:

a. Navigate to the SVMs window.

b. Select the SVM and click Edit.

c. Click the Services tab.

d. Under Name Service Switch, specify LDAP as the preferred name service switch source for
the database types.

e. Click Save and Close.

LDAP is the primary source of user information for name services and name mapping on this
SVM.
Configuring NFS access to an existing SVM | 23

Verifying NFS access from a UNIX administration host


After you configure NFS access to storage virtual machine (SVM), you should verify the
configuration by logging in to an NFS administration host and reading data from and writing data to
the SVM.

Before you begin

• The client system must have an IP address that is allowed by the export rule you specified earlier.
• You must have the login information for the root user.

Steps

1. Log in as the root user to the client system.

2. Enter cd /mnt/ to change the directory to the mount folder.

3. Create and mount a new folder using the IP address of the SVM:
a. Enter mkdir /mnt/folder to create a new folder.

b. Enter mount -t nfs -o nfsvers=3,hard IPAddress:/volume_name /mnt/folder


to mount the volume at this new directory.
c. Enter cd folder to change the directory to the new folder.

Example
The following commands create a folder named test1, mount the vol1 volume at the 192.0.2.130
IP address on the test1 mount folder, and change to the new test1 directory:

host# mkdir /mnt/test1


host# mount -t nfs -o nfsvers=3,hard 192.0.2.130:/vol1 /mnt/test1
host# cd /mnt/test1

4. Create a new file, verify that it exists, and write text to it:

a. Enter touch filename to create a test file.

b. Enter ls -l filename to verify that the file exists.

c. Enter cat >filename, type some text, and then press Ctrl+D to write text to the test file.

d. Enter cat filename to display the content of the test file.

e. Enter rm filename to remove the test file.

f. Enter cd .. to return to the parent directory.

Example

host# touch myfile1


host# ls -l myfile1
-rw-r--r-- 1 root root 0 Sep 18 15:58 myfile1
host# cat >myfile1
This text inside the first file
24 | NFS Configuration Express Guide

host# cat myfile1


This text inside the first file
host# rm -r myfile1
host# cd ..

Result
You have confirmed that you have enabled NFS access to the SVM.

Configuring and verifying NFS client access (Configuring


NFS access to an existing SVM)
When you are ready, you can give select clients access to the share by setting UNIX file permissions
on a UNIX administration host and adding an export rule in System Manager. Then you should test
that the affected users or groups can access the volume.

Steps

1. Decide which clients and users or groups will be given access to the share.

2. On a UNIX administration host, use the root user to set UNIX ownership and permissions on the
volume.

3. In System Manager, add rules to the export policy to permit NFS clients to access the share.

a. Select the storage virtual machine (SVM), and click SVM Settings.

b. In the Policies pane, click Export Policies.

c. Select the export policy with the same name as the volume.

d. In the Export Rules tab, click Add, and specify a set of clients.

e. Select 2 for the Rule Index so that this rule executes after the rule that allows access to the
administration host.

f. Select NFSv3.

g. Specify the access details that you want, and click OK.

Example
You can give full read/write access to clients by typing the subnet 10.1.1.0/24 as the Client
Specification, and selecting all the access check boxes except Allow Superuser Access.
Configuring NFS access to an existing SVM | 25

4. On a UNIX client, log in as one of the users who now has access to the volume, and verify that
you can mount the volume and create a file.
26

Adding an NFS volume to an NFS-enabled SVM


Adding an NFS volume to an NFS-enabled SVM involves creating and configuring a volume,
creating an export policy, and verifying access from a UNIX administration host. You can then
configure NFS client access.

Before you begin


NFS must be completely set up on the SVM.

Steps
1. Creating and configuring a volume on page 26
2. Creating an export policy for the volume on page 27
3. Verifying NFS access from a UNIX administration host on page 29
4. Configuring and verifying NFS client access (Adding an NFS volume to an NFS-enabled SVM)
on page 30

Creating and configuring a volume


You must create a FlexVol volume to contain your data. You can optionally change the volume's
default security style, which is inherited from the security style of the root volume. You can also
optionally change the volume's default location in the namespace, which is at the root volume of the
storage virtual machine (SVM).

Steps

1. Navigate to the Volumes window.

2. Click Create > Create FlexVol.


The Create Volume dialog box is displayed.

3. If you want to change the default name, which ends in a date and time stamp, specify a new name,
such as vol1.

4. Select an aggregate for the volume.

5. Specify the size of the volume.

6. Click Create.
Any new volume created in System Manager is mounted by default at the root volume using the
volume name as the junction name. NFS clients use the junction path and the junction name when
mounting the volume.

7. Optional: If you do not want the volume to be located at the root of the SVM, modify the place of
the new volume in the existing namespace:

a. Navigate to the Namespace window.

b. Select the SVM from the drop-down menu.

c. Click Mount.

d. In the Mount Volume dialog box, specify the volume, the name of its junction path, and the
junction path on which you want the volume mounted.
Adding an NFS volume to an NFS-enabled SVM | 27

e. Verify the new junction path in the Namespace window.

Example
If you want to organize certain volumes under a main volume named “data”, you can move the
new volume “vol1” from the root volume to the “data” volume.

8. Review the volume's security style and change it, if necessary:

a. In the Volume window, select the volume you just created, and click Edit.
The Edit Volume dialog box is displayed, showing the volume's current security style, which
is inherited from the security style of the SVM root volume.

b. Make sure the security style is UNIX.

Creating an export policy for the volume


Before any NFS clients can access a volume, you must create an export policy for the volume, add a
rule that permits access by an administration host, and apply the new export policy to the volume.

Steps

1. Navigate to the SVMs window.

2. Click the SVM Settings tab.

3. Create a new export policy:

a. In the Policies pane, click Export Policies and then click Create.

b. In the Create Export Policy window, specify a policy name.

c. Under Export Rules, click Add to add a rule to the new policy.
28 | NFS Configuration Express Guide

4. In the Create Export Rule dialog box, create a rule that allows an administrator full access to the
export through all protocols:

a. Specify the IP address or client name, such as admin_host, from which the exported volume
will be administered.

b. Select NFSv3.

c. Ensure that all Read/Write access details are selected, as well as Allow Superuser Access.

d. Click OK and then click Create.

The new export policy is created, along with its new rule.

5. Apply the new export policy to the new volume so that the administrator host can access the
volume:

a. Navigate to the Namespace window.

b. Select the volume and click Change Export Policy.

c. Select the new policy and click Change.

Related tasks
Verifying NFS access from a UNIX administration host on page 14
Adding an NFS volume to an NFS-enabled SVM | 29

Verifying NFS access from a UNIX administration host


After you configure NFS access to storage virtual machine (SVM), you should verify the
configuration by logging in to an NFS administration host and reading data from and writing data to
the SVM.

Before you begin

• The client system must have an IP address that is allowed by the export rule you specified earlier.
• You must have the login information for the root user.

Steps

1. Log in as the root user to the client system.

2. Enter cd /mnt/ to change the directory to the mount folder.

3. Create and mount a new folder using the IP address of the SVM:
a. Enter mkdir /mnt/folder to create a new folder.

b. Enter mount -t nfs -o nfsvers=3,hard IPAddress:/volume_name /mnt/folder


to mount the volume at this new directory.
c. Enter cd folder to change the directory to the new folder.

Example
The following commands create a folder named test1, mount the vol1 volume at the 192.0.2.130
IP address on the test1 mount folder, and change to the new test1 directory:

host# mkdir /mnt/test1


host# mount -t nfs -o nfsvers=3,hard 192.0.2.130:/vol1 /mnt/test1
host# cd /mnt/test1

4. Create a new file, verify that it exists, and write text to it:

a. Enter touch filename to create a test file.

b. Enter ls -l filename to verify that the file exists.

c. Enter cat >filename, type some text, and then press Ctrl+D to write text to the test file.

d. Enter cat filename to display the content of the test file.

e. Enter rm filename to remove the test file.

f. Enter cd .. to return to the parent directory.

Example

host# touch myfile1


host# ls -l myfile1
-rw-r--r-- 1 root root 0 Sep 18 15:58 myfile1
host# cat >myfile1
This text inside the first file
30 | NFS Configuration Express Guide

host# cat myfile1


This text inside the first file
host# rm -r myfile1
host# cd ..

Result
You have confirmed that you have enabled NFS access to the SVM.

Configuring and verifying NFS client access (Adding an NFS


volume to an NFS-enabled SVM)
When you are ready, you can give select clients access to the share by setting UNIX file permissions
on a UNIX administration host and adding an export rule in System Manager. Then you should test
that the affected users or groups can access the volume.

Steps

1. Decide which clients and users or groups will be given access to the share.

2. On a UNIX administration host, use the root user to set UNIX ownership and permissions on the
volume.

3. In System Manager, add rules to the export policy to permit NFS clients to access the share.

a. Select the storage virtual machine (SVM), and click SVM Settings.

b. In the Policies pane, click Export Policies.

c. Select the export policy with the same name as the volume.

d. In the Export Rules tab, click Add, and specify a set of clients.

e. Select 2 for the Rule Index so that this rule executes after the rule that allows access to the
administration host.

f. Select NFSv3.

g. Specify the access details that you want, and click OK.

Example
You can give full read/write access to clients by typing the subnet 10.1.1.0/24 as the Client
Specification, and selecting all the access check boxes except Allow Superuser Access.
Adding an NFS volume to an NFS-enabled SVM | 31

4. On a UNIX client, log in as one of the users who now has access to the volume, and verify that
you can mount the volume and create a file.
32

Where to find additional information


After you have successfully tested NFS client access, you can perform advanced NFS configuration
or add SAN access. When protocol access is complete, you should protect the root volume of SVM.
There are express guides, comprehensive guides, and technical reports to help you achieve these
goals.

NFS configuration
You can further configure NFS access using the following comprehensive guides and technical
reports:

• NFS management
Describes how to configure and manage file access using the NFS protocol.

• NetApp Technical Report 4067: NFS Best Practice and Implementation Guide
Serves as an NFSv3 and NFSv4 operational guide and provides an overview of ONTAP operating
system with a focus on NFSv4.

• NetApp Technical Report 4379: Name Services Best Practices Guide


Provides a comprehensive list of best practices, limits, recommendations, and considerations
when configuring LDAP, NIS, DNS, and local user and group files for authentication purposes.

• NetApp Technical Report 4073: Secure Unified Authentication


Explains how to configure ONTAP for use with UNIX-based Kerberos version 5 (krb5) servers
for NFS storage authentication and Windows Server Active Directory (AD) as the KDC and
Lightweight Directory Access Protocol (LDAP) identity provider.

• NetApp Technical Report 3580: NFSv4 Enhancements and Best Practices Guide: Data ONTAP
Implementation
Describes the best practices that should be followed while implementing NFSv4 components on
AIX, Linux, or Solaris clients attached to systems running ONTAP.

Root volume protection


After configuring protocols on the SVM, you should ensure that its root volume is protected:

• Data protection
Describes how to create a load-sharing mirror to protect the SVM root volume, which is a
NetApp best practice for NAS-enabled SVMs. Also describes how to quickly recover from
volume failures or losses by promoting the SVM root volume from a load-sharing mirror
33

Copyright
Copyright © 2019 NetApp, Inc. All rights reserved. Printed in the U.S.
No part of this document covered by copyright may be reproduced in any form or by any means—
graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an
electronic retrieval system—without prior written permission of the copyright owner.
Software derived from copyrighted NetApp material is subject to the following license and
disclaimer:
THIS SOFTWARE IS PROVIDED BY NETAPP "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
NetApp reserves the right to change any products described herein at any time, and without notice.
NetApp assumes no responsibility or liability arising from the use of products described herein,
except as expressly agreed to in writing by NetApp. The use or purchase of this product does not
convey a license under any patent rights, trademark rights, or any other intellectual property rights of
NetApp.
The product described in this manual may be protected by one or more U.S. patents, foreign patents,
or pending applications.
Data contained herein pertains to a commercial item (as defined in FAR 2.101) and is proprietary to
NetApp, Inc. The U.S. Government has a non-exclusive, non-transferrable, non-sublicensable,
worldwide, limited irrevocable license to use the Data only in connection with and in support of the
U.S. Government contract under which the Data was delivered. Except as provided herein, the Data
may not be used, disclosed, reproduced, modified, performed, or displayed without the prior written
approval of NetApp, Inc. United States Government license rights for the Department of Defense are
limited to those rights identified in DFARS clause 252.227-7015(b).
34

Trademark
NETAPP, the NETAPP logo, and the marks listed on the NetApp Trademarks page are trademarks of
NetApp, Inc. Other company and product names may be trademarks of their respective owners.
http://www.netapp.com/us/legal/netapptmlist.aspx
35

How to send comments about documentation and


receive update notifications
You can help us to improve the quality of our documentation by sending us your feedback. You can
receive automatic notification when production-level (GA/FCS) documentation is initially released or
important changes are made to existing production-level documents.
If you have suggestions for improving this document, send us your comments by email.
[email protected]
To help us direct your comments to the correct division, include in the subject line the product name,
version, and operating system.
If you want to be notified automatically when production-level documentation is released or
important changes are made to existing production-level documents, follow Twitter account
@NetAppDoc.
You can also contact us in the following ways:

• NetApp, Inc., 1395 Crossman Ave., Sunnyvale, CA 94089 U.S.

• Telephone: +1 (408) 822-6000

• Fax: +1 (408) 822-4501

• Support telephone: +1 (888) 463-8277

You might also like