Managing NFS through the Integrated Admin Web Portal

Jump to Section

   Enabling and disabling NFS Service and Export Management

   NFS Export Configuration

Enabling and disabling NFS Service and NFS Export Management

Nexfs can optionally directly manage and configure the NFS server. You can choose if Nexfs should configure the NFS server "NFS Export Mgmt" and if Nexfs should also manage "NFS Start/Stop" the Linux NFS server.

NFS Service and Export management can both be enabled and disabled from the Services -> Service Management tab under the "Nexfs Configuration" section of the Admin Console.

Note: The standard Linux NFS server must be installed on the Nexfs Server. 

nexfs admin enable services.jpg

NFS Export Configuration using the Integrated Webconsole

NFS Exports

nexfs admin portal nfs exports.jpg

NFS Exports are configured in the NFS section in the Admin Portal.

NFS Export Configuration Fields

Export (X The next available Export ID is automatically assigned when a Export is created)

The folder/directory/bucket from within the Nexfs file structure to be exported 

Clients

The NFS clients  who can access the export.
Can be a single host, netgroup, or IP networks, wildcards for client names are supported. 


Single Host
You may specify a host either by an abbreviated name recognized be the resolver, the fully qualified domain name, an IPv4 address, or an IPv6 address. IPv6 addresses must not be inside square brackets in /etc/exports lest they be confused with character-class wildcard matches.

Netgroups
NIS netgroups may be given as @group. Only the host part of each netgroup members is consider in checking for membership. Empty host parts or those containing a single dash (-) are ignored.

Wildcards
Machine names may contain the wildcard characters * and ?, or may contain character class lists within [square brackets]. This can be used to make the exports file more compact; for instance, *.cs.foo.edu matches all hosts in the domain cs.foo.edu. As these characters also match the dots in a domain name, the given pattern will also match all hosts within any subdomain of cs.foo.edu.

IP networks
You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified in dotted-decimal format, or as a contiguous mask length. For example, either '/255.255.252.0' or '/22' appended to the network base IPv4 address results in identical subnetworks with 10 bits of host. IPv6 addresses must use a contiguous mask length and must not be inside square brackets to avoid confusion with character-class wildcards. Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail.

Access

If the export can be mounted read-only or read-write.

Mappings

AnonymousUID
Explicitly set the uid of the anonymous account

AnonymousGID
Explicitly set the gid of the anonymous account

SquashMode
 
root_squash

Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive, such as user bin or group staff

  no_root_squash

Turn off root squashing
 

   all_squash

Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc

Security

sys (Default)
Basic Linux host system security (no cryptographic security)

krb5
The export supports krb5 security (authentication only)

krb5i
The export supports krb5i security (integrity protection)

krb5p
The export supports krb5p security (privacy protection)

 

Advanced

Subtree Check
Enables or disables subtree checking. The system must check a subdirectory of the filesystem exported, but when the whole filesystem is not export for each NFS request, the server must check not only that the accessed file is in the appropriate filesystem (which is easy) but also that it is in the exported tree (which is harder)

Secure Locks
When not set the NFS server is not required to enforce authentication of locking requests. Normally the NFS server will require a lock request to hold a credential for a user who has read access to the file. Without this set those access checks will not be performed.

No wdelay
When enabled performance can improve by allowing the NFS server to send multiple related write requests to Nexfs in a single operation, but performance can also be reduced if the NFS server receives small unrelated write requests. Note: async must also be disabled on the export for this feature to activate

 

Root Export (NFSv4)

(NFSv4 Only) Make this export the NFSv4 Root export, only one export can be the root export 


Async
This option allows the NFS server to reply to requests before change have been committed to storage. Using this option may improve performance, but can cause data to be lost or corrupted if the server is uncleanly restarted or crashed

Export Enabled
Make the export available for clients to mount

To CREATEExport

1. Click on the "Add Export" button at the bottom of the Export List is to be created for, a new blank Lun will be created 

2  a. Manually Enter the Path to use for the LUN storage, or

    b. Click on the folder icon to the left of the Path field then select (or create) a new directory or bucket to be exported.

3. Configure any other required export settings

4. Click on the "Save Exports" button at the bottom the of list of Exports 

To MODIFY a Export

Make any changes required such as changing the exported path, client access, mappings etc, accounts etc, then click on the "Save" button at the bottom the of list of Exports

To DELETE a Export

To delete an export click not he "delete" button to the bottom right of the export to be removed.