Sunday, 16 November 2014

Examples of 7MTT 1.4 Translating NFS Exports

Below are some outputs of a test migration from 8.1.3 7-Mode to 8.2.1P1 Cluster-Mode. The intention of the experiment was to see how 7MTT handles the following exports (the colour-coding is used throughout this post):

NAFAS1*> rdfile /vol/NA01V1_vol0/etc/exports
/vol/NA01V1_vol0        -sec=sys,rw,anon=0,nosuid
/vol/NA01V1_vol1        -sec=sys,rw
/vol/NA01V1_vol2/QTREE1 -sec=sys,rw=SERVER1.domain.com:10.20.30.40
/vol/NA01V1_vol2/QTREE2 -sec=sys,rw=SERVER1.domain.com:10.20.30.40,root=SERVER2.domain.com:20.30.40.50
/vol/NA01V1_vol3/QTREE1 -sec=sys,rw=SERVER3.domain.com:30.30.30.30,root=SERVER3.domain.com:30.30.30.30

The migration was run using 7MTT 1.4 CLI with the following commands:

transition credentials add -h NAFAS1 -u root
transition credentials add -h NACLU1 -u admin
transition create -s NAFAS1_NA01V1 -t standalone -n NAFAS1 -c 192.168.168.101 -f NA01V1 -h NACLU1 -v SVM1
transition volumepair add -s NAFAS1_NA01V1 -v NA01V1_vol0 -c SVM1_vol0 -g aggr1
transition volumepair add -s NAFAS1_NA01V1 -v NA01V1_vol1 -c SVM1_vol1 -g aggr1
transition volumepair add -s NAFAS1_NA01V1 -v NA01V1_vol2 -c SVM1_vol2 -g aggr1
transition volumepair add -s NAFAS1_NA01V1 -v NA01V1_vol3 -c SVM1_vol3 -g aggr1
transition schedule add -s NAFAS1_NA01V1 -n SUNDAY -d 0 -b 0:0 -e 2:0
transition start -s NAFAS1_NA01V1
# ::> snapmirror initialize -destination-path SVM1:SVM1_vol* # ClusterShell!!!
transition precutover -s NAFAS1_NA01V1 -m rw_test

Note: Another part of the experiment was mapping 7-Mode volumes to different named CDOT volumes!

Starting off with a pretty pristine new SVM called SVM1, below are the results.

NACLU1::> volume show -fields policy
vserver volume      policy
------- ------      ------
SVM1    SVM1_root   default
SVM1    SVM1_vol0   SVM12
SVM1    SVM1_vol1   SVM11
SVM1    SVM1_vol2   transition_readonly
SVM1    SVM1_vol3   transition_readonly

NACLU1::> qtree show -fields export-policy
vserver volume    qtree    export-policy
------- --------- -----    -------------
SVM1    SVM1_root ""       default
SVM1    SVM1_vol0 ""       SVM12
SVM1    SVM1_vol1 ""       SVM11
SVM1    SVM1_vol1 QTREE1   SVM11
SVM1    SVM1_vol1 QTREE2   SVM11
SVM1    SVM1_vol1 QTREE3   SVM11
SVM1    SVM1_vol1 QTREE4   SVM11
SVM1    SVM1_vol1 QTREE5   SVM11
SVM1    SVM1_vol2 ""       transition_readonly
SVM1    SVM1_vol2 QTREE1   SVM14
SVM1    SVM1_vol2 QTREE2   SVM13
SVM1    SVM1_vol2 QTREE3   transition_readonly
SVM1    SVM1_vol2 QTREE4   transition_readonly
SVM1    SVM1_vol2 QTREE5   transition_readonly
SVM1    SVM1_vol3 ""       transition_readonly
SVM1    SVM1_vol3 QTREE1   SVM10
SVM1    SVM1_vol3 QTREE2   transition_readonly
SVM1    SVM1_vol3 QTREE3   transition_readonly
SVM1    SVM1_vol3 QTREE4   transition_readonly
SVM1    SVM1_vol3 QTREE5   transition_readonly

NACLU1::> export-policy show
Vserver          Policy Name
---------------  -------------------
SVM1             SVM10
SVM1             SVM11
SVM1             SVM12
SVM1             SVM13
SVM1             SVM14
SVM1             default
SVM1             transition_readonly

NACLU1::> export-policy rule show -policyname * -instance

                                    Vserver: SVM1
                                Policy Name: SVM10
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: SERVER3.domain.com
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM10
                                 Rule Index: 2
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 30.30.30.30
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM11
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM12
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 0
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: false
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM13
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: SERVER2.domain.com
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM13
                                 Rule Index: 2
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 20.30.40.50
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM13
                                 Rule Index: 3
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: SERVER1.domain.com
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM13
                                 Rule Index: 4
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 10.20.30.40
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM14
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: SERVER1.domain.com
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: SVM14
                                 Rule Index: 2
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 10.20.30.40
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: default
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

                                    Vserver: SVM1
                                Policy Name: transition_readonly
                                 Rule Index: 1
                            Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: any
                             RW Access Rule: never
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

NACLU1::> volume show -fields junction-path
vserver volume      junction-path
------- ------      -------------
CLU1N1  vol0        -
SVM1    SVM1_root   /
SVM1    SVM1_vol0   /vol/NA01V1_vol0
SVM1    SVM1_vol1   /vol/NA01V1_vol1
SVM1    SVM1_vol2   /vol/NA01V1_vol2
SVM1    SVM1_vol3   /vol/NA01V1_vol3

Note: Notice that the junction path retains the old volume name!

The interesting thing to notice is that, if a server is defined after:

rw => Superuser Security Types = none (Server 1)
root => Superuser Security Types = sys (Server 2)
rw & root => Superuser Security Types = sys (Server 3)

No comments:

Post a Comment