W E K A
4.2
4.44.34.24.14.03.14
4.2
4.44.34.24.14.03.14
  • WEKA v4.2 documentation
    • Documentation revision history
  • WEKA System Overview
    • Introduction
      • WEKA system functionality features
      • Converged WEKA system deployment
      • Optimize redundancy in WEKA deployments
    • SSD capacity management
    • Filesystems, object stores, and filesystem groups
    • WEKA networking
    • Data lifecycle management
    • WEKA client and mount modes
    • WEKA containers architecture overview
    • Glossary
  • Planning and Installation
    • Prerequisites and compatibility
    • WEKA cluster installation on bare metal servers
      • Plan the WEKA system hardware requirements
      • Obtain the WEKA installation packages
      • Install the WEKA cluster using the WMS with WSA
      • Install the WEKA cluster using the WSA
      • Manually install OS and WEKA on servers
      • Manually prepare the system for WEKA configuration
        • Broadcom adapter setup for WEKA system
        • Enable the SR-IOV
      • Configure the WEKA cluster using the WEKA Configurator
      • Manually configure the WEKA cluster using the resource generator
      • Perform post-configuration procedures
      • Add clients
    • WEKA installation on AWS
      • WEKA installation on AWS using Terraform
        • Terraform-AWS-WEKA module description
        • Deployment on AWS using Terraform
        • Required services and supported regions
        • Supported EC2 instance types using Terraform
        • WEKA cluster auto-scaling in AWS
        • Detailed deployment tutorial: WEKA on AWS using Terraform
      • WEKA installation on AWS using the Cloud Formation
        • Self-service portal
        • CloudFormation template generator
        • Deployment types
        • AWS Outposts deployment
        • Supported EC2 instance types using Cloud Formation
        • Add clients
        • Auto scaling group
        • Troubleshooting
    • WEKA installation on Azure
    • WEKA installation on GCP
      • WEKA project description
      • GCP-WEKA deployment Terraform package description
      • Deployment on GCP using Terraform
      • Required services and supported regions
      • Supported machine types and storage
      • Auto-scale instances in GCP
      • Add clients
      • Troubleshooting
  • Getting Started with WEKA
    • Manage the system using the WEKA GUI
    • Manage the system using the WEKA CLI
      • WEKA CLI hierarchy
      • CLI reference guide
    • Run first IOs with WEKA filesystem
    • Getting started with WEKA REST API
    • WEKA REST API and equivalent CLI commands
  • Performance
    • WEKA performance tests
      • Test environment details
  • WEKA Filesystems & Object Stores
    • Manage object stores
      • Manage object stores using the GUI
      • Manage object stores using the CLI
    • Manage filesystem groups
      • Manage filesystem groups using the GUI
      • Manage filesystem groups using the CLI
    • Manage filesystems
      • Manage filesystems using the GUI
      • Manage filesystems using the CLI
    • Attach or detach object store buckets
      • Attach or detach object store bucket using the GUI
      • Attach or detach object store buckets using the CLI
    • Advanced data lifecycle management
      • Advanced time-based policies for data storage location
      • Data management in tiered filesystems
      • Transition between tiered and SSD-only filesystems
      • Manual fetch and release of data
    • Mount filesystems
      • Mount filesystems from multiple clusters on a single client
      • Manage authentication across multiple clusters with connection profiles
    • Snapshots
      • Manage snapshots using the GUI
      • Manage snapshots using the CLI
    • Snap-To-Object
      • Manage Snap-To-Object using the GUI
      • Manage Snap-To-Object using the CLI
    • Quota management
      • Manage quotas using the GUI
      • Manage quotas using the CLI
  • Additional Protocols
    • Additional protocol containers
    • Manage the NFS protocol
      • Supported NFS client mount parameters
      • Manage NFS networking using the GUI
      • Manage NFS networking using the CLI
    • Manage the S3 protocol
      • S3 cluster management
        • Manage the S3 service using the GUI
        • Manage the S3 service using the CLI
      • S3 buckets management
        • Manage S3 buckets using the GUI
        • Manage S3 buckets using the CLI
      • S3 users and authentication
        • Manage S3 users and authentication using the CLI
        • Manage S3 service accounts using the CLI
      • S3 rules information lifecycle management (ILM)
        • Manage S3 lifecycle rules using the GUI
        • Manage S3 lifecycle rules using the CLI
      • Audit S3 APIs
        • Configure audit webhook using the GUI
        • Configure audit webhook using the CLI
        • Example: How to use Splunk to audit S3
      • S3 supported APIs and limitations
      • S3 examples using boto3
    • Manage the SMB protocol
      • Manage SMB using the GUI
      • Manage SMB using the CLI
  • Operation Guide
    • Alerts
      • Manage alerts using the GUI
      • Manage alerts using the CLI
      • List of alerts and corrective actions
    • Events
      • Manage events using the GUI
      • Manage events using the CLI
      • List of events
    • Statistics
      • Manage statistics using the GUI
      • Manage statistics using the CLI
      • List of statistics
    • Insights
    • System congestion
    • Security management
      • Obtain authentication tokens
      • KMS management
        • Manage KMS using the GUI
        • Manage KMS using the CLI
      • TLS certificate management
        • Manage the TLS certificate using the GUI
        • Manage the TLS certificate using the CLI
      • CA certificate management
        • Manage the CA certificate using the GUI
        • Manage the CA certificate using the CLI
      • Account lockout threshold policy management
        • Manage the account lockout threshold policy using GUI
        • Manage the account lockout threshold policy using CLI
      • Manage the login banner
        • Manage the login banner using the GUI
        • Manage the login banner using the CLI
    • User management
      • Manage users using the GUI
      • Manage users using the CLI
    • Organizations management
      • Manage organizations using the GUI
      • Manage organizations using the CLI
      • Mount authentication for organization filesystems
    • Expand and shrink cluster resources
      • Add a backend server
      • Expand specific resources of a container
      • Shrink a cluster
    • Background tasks
      • Manage background tasks using the GUI
      • Manage background tasks using the CLI
    • Upgrade WEKA versions
  • Billing & Licensing
    • License overview
    • Classic license
  • Monitor the WEKA Cluster
    • Deploy monitoring tools using the WEKA Management Station (WMS)
    • WEKA Home - The WEKA support cloud
      • Local WEKA Home overview
      • Deploy Local WEKA Home v3.0 or higher
      • Deploy Local WEKA Home v2.x
      • Explore cluster insights and statistics
      • Manage alerts and integrations
      • Enforce security and compliance
      • Optimize support and data management
    • Set up the WEKAmon external monitoring
    • Set up the SnapTool external snapshots manager
  • Support
    • Get support for your WEKA system
    • Diagnostics management
      • Traces management
        • Manage traces using the GUI
        • Manage traces using the CLI
      • Protocols debug level management
        • Manage protocols debug level using the GUI
        • Manage protocols debug level using the CLI
      • Diagnostics data management
  • Best Practice Guides
    • WEKA and Slurm integration
      • Avoid conflicting CPU allocations
    • Storage expansion best practice
  • Appendices
    • WEKA CSI Plugin
      • Deployment
      • Storage class configurations
      • Tailor your storage class configuration with mount options
      • Dynamic and static provisioning
      • Launch an application using WEKA as the POD's storage
      • Add SELinux support
      • NFS transport failback
      • Upgrade legacy persistent volumes for capacity enforcement
      • Troubleshooting
    • Convert cluster to multi-container backend
    • Create a client image
Powered by GitBook
On this page
  • Configure the NFS cluster level
  • Set the NFS configuration filesystem
  • Create interface groups
  • Set interface group ports
  • Set interface group IPs
  • Configure the service mountd port
  • Configure user groups resolution
  • Configure the NFS export level (permissions)
  • Define client access groups
  • Manage client access groups' rules
  • Manage NFS client permissions
  1. Additional Protocols
  2. Manage the NFS protocol

Manage NFS networking using the CLI

This page describes how to configure the NFS networking using the CLI.

Using the CLI, you can:

  • Configure the NFS cluster level

    • Set the global configuration filesystem

    • Create interface groups

    • Set interface group ports

    • Set interface group IPs

    • Configure the service mountd port

    • Configure user groups resolution when using the legacy NFS

  • Configure the NFS export level (permissions)

    • Define client access groups

    • Manage client access groups

    • Manage NFS client permissions

Configure the NFS cluster level

Set the NFS configuration filesystem

NFSv4 requires a persistent cluster-wide configuration filesystem for the protocol's internal operations.

Use the following command line to set the NFS configuration on the configuration filesystem:

weka nfs global-config set --config-fs <config-fs>

Parameters

Name
Value

config-fs*

Create interface groups

Command: weka nfs interface-group add

Use the following command line to add an interface group:

weka nfs interface-group add <name> <type> [--subnet subnet] [--gateway gateway] [--allow-manage-gids allow-manage-gids]

The parameter allow-manage-gids determines the type of NFS stack. The default value of this parameter is on, which sets the NFS-W stack.

Do not mount the same filesystem by containers residing in interface groups with different values of the allow-manage-gids.

Example

weka nfs interface-group add nfsw NFS --subnet 255.255.255.0 --gateway 10.0.1.254

Parameters

Name
Value
Default

name*

Unique interface group name.

type*

Group type. Can only be NFS.

subnet

The valid subnet mask in the 255.255.0.0 format.

255.255.255.255

gateway

Gateway valid IP.

255.255.255.255

allow-manage-gids

Allows the containers within this interface group to use manage-gids when set in exports.

With manage-gids, the list of group IDs received from the client is replaced by a list of group IDs determined by an appropriate lookup on the server. NFS-W: on

Legacy NFS: off

Each container can be set to be part of interface groups with the same value of allow-manage-gids.

on

Set interface group ports

Commands:

weka nfs interface-group port add

weka nfs interface-group port delete

Use the following command lines to add or delete an interface group port:

weka nfs interface-group port add <name> <container-id> <port>

weka nfs interface-group port delete <name> <container-id> <port>

Example

The following command line adds the interface enp2s0 on the Frontend container-id 3 to the interface group named nfsw.

weka nfs interface-group port add nfsw 3 enp2s0

Parameters

Name
Value

name*

Interface group name.

container-id*

Valid frontend container ID on which the port resides. You can obtain the container ID by running the weka cluster container command.

port*

Valid port's device. Maximum 14 characters. Example: eth1.

Set interface group IPs

Commands:

weka nfs interface-group ip-range add

weka nfs interface-group ip-range delete

Use the following command lines to add/delete an interface group IP:

weka nfs interface-group ip-range add <name> <ips>

weka nfs interface-group ip-range delete <name> <ips>

Example

The following command line adds IPs in the range 10.0.1.101 to 10.0.1.118 to the interface group named nfsw.

weka nfs interface-group ip-range add nfsw 10.0.1.101-118

Parameters

Name
Value

name*

Interface group name

ips*

Valid IP range

Configure the service mountd port

The mountd service receives requests from clients to mount to the NFS server. In NFS-W, it is possible to set it explicitly rather than have it randomly selected on each server startup. This allows an easier setup of the firewalls to allow that port.

Use the following command lines to set and view the mountd configuration:

weka nfs global-config set --mountd-port <mountd-port>

weka nfs global-config show

Configure user groups resolution

NFS-W can authenticate more than 16 user groups, but it requires the external resolution of the user's groups, which means associating users with their respective group-IDs outside of the NFS protocol.

Configuring more than 16 user groups is not supported with the legacy NFS.

Procedure

  1. Configure interface groups:

    • Ensure that the allow-manage-gids option is set to on (default value). See Create interface groups.

  2. Configure NFS client permissions:

    • Set the manage-gids option to on for the NFS client to enable external group-IDs resolution. See Set the NFS client permissions.

  3. Set up servers for group-IDs retrieval:

    • Configure relevant servers to retrieve user group-IDs information. This task is specific to NFS-W and does not involve WEKA management. See the following procedure.

Set up the servers to retrieve user's group-IDs information

For the servers that are part of the interface group, set the servers to retrieve the user's group-IDs information in any method that is part of the environment.

You can also set the group resolution by joining the AD and Kerberos domains or using LDAP with a read-only user.

Configure the sssd on the server to serve as a group IDs provider. For example, you can configure the sssd directly using LDAP or as a proxy to a different nss group IDs provider.

Example: set sssd directly for nss services using LDAP with a read-only user

[sssd]
services = nss
config_file_version = 2
domains = LDAP

[domain/LDAP]
id_provider = ldap
ldap_uri = ldap://ldap.example.com
ldap_search_base = dc=example,dc=com

# The DN used to search the ldap directory with. 
ldap_default_bind_dn = cn=ro_admin,ou=groups,dc=example,dc=com

# The password of the bind DN.
ldap_default_authtok = password

If you use another method than the sssd but with a different provider, configure an sssd proxy on each relevant server. The proxy is used for the WEKA container to resolve the groups by any method defined on the server.

To configure sssd proxy on a server, use the following:

# install sssd
yum install sssd

# set up a proxy for WEKA in /etc/sssd/sssd.conf
[sssd]
services = nss
config_file_version = 2
domains = proxy_for_weka

[nss]
[domain/proxy_for_weka]
id_provider = proxy
auth_provider = none
 
# the name of the nss lib to be proxied, e.g., ldap, nis, winbind, vas4, etc.
proxy_lib_name = ldap

All users must be present and resolved in the method used in the sssd for the group's resolution. In the above example, using an LDAP-only provider, local users (such as a local root) absent in LDAP do not receive their groups resolved and are denied. For such users or applications, add the LDAP user.

Configure the NFS export level (permissions)

Define client access groups

Command: weka nfs client-group

Use the following command lines to add/delete a client access group:

weka nfs client-group add <name>

weka nfs client-group delete <name>

Parameters

Name
Value

name*

Valid group name.

Manage client access groups' rules

Clients are part of groups when their IP address or DNS hostname match the rules of that group. Similar to IP routing rules, clients are matched to client groups according to the most specific matching rule.

Command: weka nfs rules

Add DNS-based client group rules

Use the following command lines to add a rule that causes a client to be part of a client group based on its DNS hostname:

weka nfs rules add dns <name> <dns>

Example

weka nfs rules add dns client-group1 hostname.example.com

Delete DNS-based client group rules

Use the following command lines to delete a rule that causes a client to be part of a client group based on its DNS hostname:

weka nfs rules delete dns <name> <dns>

Example

weka nfs rules delete dns client-group1 hostname.example.com

Parameters

Name
Value

name*

Valid client group name.

dns*

DNS rule with *?[] wildcard rules.

Add IP-based client group rules

Command: weka nfs rules

Use the following command lines to add or delete a rule which causes a client to be part of a client group based on its IP and subnet mask (both CIDR and standard subnet mask formats are supported for enhanced flexibility):

weka nfs rules add ip <name> <ip>

Examples

weka nfs rules add ip client-group1 192.168.114.0/8 weka nfs rules add ip client-group2 172.16.0.0/255.255.0.0

Delete IP-based client group rules

weka nfs rules delete ip <name> <ip>

Examples

weka nfs rules delete ip client-group1 192.168.114.0/255.255.255.0 weka nfs rules delete ip client-group2 172.16.0.0/16

Parameters

Name
Value

name*

Valid client group name.

ip*

Valid IP address with subnet mask.

Both CIDR and standard subnet mask formats are supported for enhanced flexibility.

CIDR format: 1.1.1.1/16

Standard format: 1.1.1.1/255.255.0.0

Manage NFS client permissions

Command: weka nfs permission

Use the following command lines to add NFS permissions:

weka nfs permission add <filesystem> <group> [--path path] [--permission-type permission-type] [--squash squash] [--anon-uid anon-uid] [--anon-gid anon-gid] [--obs-direct obs-direct] [--manage-gids manage-gids] [--privileged-port privileged-port] [--supported-versions supported-versions]

Use the following command lines to update NFS permissions:

weka nfs permission update <filesystem> <group> [--path path] [--permission-type permission-type] [--squash squash] [--anon-uid anon-uid] [--anon-gid anon-gid] [--obs-direct obs-direct] [--manage-gids manage-gids] [--privileged-port privileged-port] [--supported-versions supported-versions]

Use the following command lines to delete NFS permissions:

weka nfs permission delete <filesystem> <group> [--path path]

Parameters

Name
Value
Default

filesystem*

Existing filesystem name. A filesystem with Required Authentication set to ON cannot be used for NFS client permissions.

group*

Existing client group name.

path

The root of the valid share path.

/

permission-type

Permission type. Possible values: ro (read-only), rw (read-write)

rw

squash

Squashing type. Possible values: none , root, all all is only applicable for NFS-W. Otherwise, it is treated as root.

none

anon-uid*

Anonymous user ID. Relevant only for root squashing. Possible values: 1 to 65535.

65534

anon-gid*

Anonymous user group ID. Relevant only for root squashing. Possible values: 1 to 65535.

65534

obs-direct

on

manage-gids

Sets external group IDs resolution.

The list of group IDs received from the client is replaced by a list determined by an appropriate lookup on the server. This option is only applicable in NFS-W. Possible values: on, off.

off

privileged-port

Sets the share only to be mounted via privileged ports (1-1024), usually allowed by the root user. This option is only applicable in NFS-W. Possible values: on, off.

off

supported-versions

A comma-separated list of supported NFS versions. Possible values: v3, v4. v4 is only applicable in NFS-W.

v3

PreviousManage NFS networking using the GUINextManage the S3 protocol

Last updated 23 days ago

The predefined filesystem name for maintaining the persisting cluster-wide protocols' configurations. Verify that the filesystem is already created. If not, create it. For details, see

See . Possible values: on, off.

Object-store Direct Mount
#dedicated-filesystem-requirement-for-persistent-protocol-configurations