Q: How does VSC 6.2 Create NFS Exports for VMware?

If for whatever reason, you don’t have access to the NetApp Virtual Storage Console for VMware, but still want to export a volume over NFS from your Clustered Data ONTAP system to VMware, this information might be useful to know.

Starting with only a default export policy on the SVM (8.3.2), and no rules, VSC 6.2P1 exports a volume to vSphere 6.0 like below (just showing one ESX host)


cluster::> set d

cluster1::*> export-policy show -instance

    Vserver: svm1
Policy Name: default
  Policy ID: 42949672961

cluster1::*> export-policy rule show -instance

                                    Vserver: svm1
                                Policy Name: default
                                 Rule Index: 1
                            Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: 192.168.0.51
                             RO Access Rule: sys
                             RW Access Rule: sys
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true
                 NTFS Unix Security Options: fail
         Vserver NTFS Unix Security Options: use_export_policy
                      Change Ownership Mode: restricted
              Vserver Change Ownership Mode: use_export_policy

cluster1::*> volume show -fields policy,unix-permissions

vserver     volume policy unix-permissions
----------- ------ ------ ----------------
cluster1-01 vol0   -      ------------
cluster1-02 vol0   -      ------------
svm1        DATASTORE1 default ---rwxr-xr-x
svm1        svm1_root default ---rwxr-xr-x


Image: VSC 6.2P1 NetApp Datastore Provisioning Wizard - Ready to complete

Q: How do we do this from the Clustershell without VSC?

We’re going to do something a little different here and create a separate export-policy for our ESX cluster, also remembering that the SVM root volume needs to be exported read only, and that there’s likely to be load-sharing mirrors protecting the SVM root volume.

‌‌
volume create -vserver svm1 -volume DATASTORE1 -junction-path /DATASTORE1 -size 150g -space-guarantee none -aggregate aggr1_02 -security-style unix -unix-permissions 755 -snapshot-policy none -percent-snapshot-space 0 -autosize-mode off

vserver export-policy create -vserver svm1 -policyname EXP_READONLY

vserver export-policy rule create -vserver svm1 -policyname EXP_READONLY -ruleindex 1 -protocol any -clientmatch 0.0.0.0/0 -rorule any -rwrule never -anon 65534 -superuser none -allow-suid true -allow-dev true -ntfs-unix-security-ops fail -chown-mode restricted

volume modify -vserver svm1 -volume svm1_root -policy EXP_READONLY

vserver export-policy create -vserver svm1 -policyname EXP_ESXCLU1

vserver export-policy rule create -vserver svm1 -policyname EXP_ESXCLU1 -ruleindex 1 -protocol nfs -clientmatch 192.168.0.51 -rorule sys -rwrule sys -anon 65534 -superuser sys -allow-suid true -allow-dev true

volume modify -vserver svm1 -volume DATASTORE1 -policy EXP_ESXCLU1

snapmirror update-ls-set svm1:svm1_root


Note: To keep the output brief, the above has only one host, for more hosts add more rules.

Image: Testing provisioning new datastore without using the VSC

Note: 192.168.0.134 is the local (on the same node as the volume) NFS LIF on the SVM.

Comments