Last updated
Last updated
Using the CLI, you can:
Configure the NFS cluster level
Configure the NFS export level (permissions)
The global configuration filesystem is a shared location for persistent cluster-wide NFSv4, S3, and SMB-W protocol configurations. It is recommended to allocate 100 GB to support future system expansions.
Use the following command line to set the configuration filesystem:
weka nfs global-config set --config-fs <config-fs>
Command: weka nfs interface-group add
Use the following command line to add an interface group:
weka nfs interface-group add <name> <type> [--subnet subnet] [--gateway gateway] [--allow-manage-gids allow-manage-gids]
The parameter allow-manage-gids
determines the type of NFS stack. The default value of this parameter is on
, which sets the NFS-W stack.
Example
weka nfs interface-group add nfsw NFS --subnet 255.255.255.0 --gateway 10.0.1.254
Notes:
Do not mount the same filesystem by containers residing in interface groups with different values of the allow-manage-gids.
As a best practice, it is recommended to have only one of the following protocol containers, NFS, SMB, or S3, installed on the same server. Starting from version 4.2, setting more than one additional protocol to the existing POSIX is not allowed.
Parameters
Commands:
weka nfs interface-group port add
weka nfs interface-group port delete
Use the following command lines to add or delete an interface group port:
weka nfs interface-group port add <name> <container-id> <port>
weka nfs interface-group port delete <name> <container-id> <port>
Example
The following command line adds the interface enp2s0
on the Frontend container-id 3
to the interface group named nfsw
.
weka nfs interface-group port add nfsw 3 enp2s0
Parameters
Commands:
weka nfs interface-group ip-range add
weka nfs interface-group ip-range delete
Use the following command lines to add/delete an interface group IP:
weka nfs interface-group ip-range add <name> <ips>
weka nfs interface-group ip-range delete <name> <ips>
Example
The following command line adds IPs in the range 10.0.1.101
to 10.0.1.118
to the interface group named nfsw
.
weka nfs interface-group ip-range add nfsw 10.0.1.101-118
Parameters
Note: Cloud environments do not support interface group IPs.
The mountd service receives requests from clients to mount to the NFS server. In NFS-W, it is possible to set it explicitly rather than have it randomly selected on each server startup. This allows an easier setup of the firewalls to allow that port.
Use the following command lines to set and view the mountd configuration:
weka nfs global-config set --mountd-port <mountd-port>
weka nfs global-config show
The legacy NFS protocol uses the AUTH_SYS protocol to authenticate clients and grant them access to network resources. This protocol is limited to 16 security groups. Therefore, it truncates the group list to 16 if a user is in more than 16 groups. This can cause an access failure for authorized users.
To ignore the groups passed by the NFS protocol and resolve the user's groups external to the protocol, configure the WEKA system as follows:
Procedure
Set up the relevant servers to retrieve the user's group-IDs information. See the following procedure. (This task does not involve the WEKA management.)
Command: weka nfs client-group
Use the following command lines to add/delete a client access group:
weka nfs client-group add <name>
weka nfs client-group delete <name>
Parameters
Command: weka nfs rules
Use the following command lines to add/delete a client group DNS:
weka nfs rules add dns <name> <dns>
weka nfs rules delete dns <name> <dns>
Parameters
Command: weka nfs rules
Use the following command lines to add/delete a client group IP:
weka nfs rules add ip <name> <ip>
weka nfs rules delete ip <name> <ip>
Parameters
Command: weka nfs permission
Use the following command lines to add/update/delete NFS permissions:
weka nfs permission add <filesystem> <group> [--path path] [--permission-type permission-type] [--squash squash] [--anon-uid anon-uid] [--anon-gid anon-gid] [--obs-direct obs-direct] [--manage-gids manage-gids] [--privileged-port privileged-port]
weka nfs permission update <filesystem> <group> [--path path] [--permission-type permission-type] [--squash squash] [--anon-uid anon-uid] [--anon-gid anon-gid] [--obs-direct obs-direct] [--manage-gids manage-gids] [--privileged-port privileged-port] [--supported-versions supported-versions]
weka nfs permission delete <filesystem> <group> [--path path]
Parameters
Ensure the interface group supports the external group-IDs resolution. When , ensure that the allow-manage-gids
option is set to on
(default value).
for external group-IDs resolution by setting the manage-gids
option to on
.