クライアントがどのエクスポートポリシールールにも一致しない場合、NFSエクスポートをマウントできません
環境
- ONTAP 9
- NFS
- CVO
問題
- NFSクライアントはエクスポートされたボリュームまたはqtreeをマウントできません
- Client error:
Permission deniedand/oraccess denied by server while mountingand/ormount.nfs: Operation not permitted[root@client1 ~]# mount 10.1.2.3:/vol1 /mnt -v
mount.nfs: timeout set for Fri Mar 12 01:11:48 2021
mount.nfs: trying text-based options 'vers=4.1,addr=10.1.2.3,clientaddr=10.3.4.5'
mount.nfs: mount(2): Operation not permitted
mount.nfs: trying text-based options 'addr=10.1.2.3'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.1.2.3 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.1.2.3 prog 100005 vers 3 prot UDP port 635
mount.nfs: mount(2): Permission denied
mount.nfs: Operation not permitted[root@client1 ~]# mount 10.1.2.3:/vol1 /mnt
mount.nfs: access denied by server while mounting 10.1.2.3:/vol1
- export-policy check-accessコマンドを実行すると、クライアントが
Rule Index 0で拒否されたことが表示されます
例 ボリューム:
::*> export-policy check-access -vserver vs_name -volume vol_name -client-ip 10.41.xx.xxx -authentication-method sys -protocol nfs3 -access-type read-write
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------- ---------- --------- ---------- ------ ----------
/ default svm_root volume 11 read
/oracle oracle_policy oracle volume 0 denied
2 entries were displayed.
例 qtree:
::> export-policy check-access -vserver shruti -volume test_asa -client-ip 10.216.41.xx -authentication-method sys -protocol nfs3 -access-type read-write -qtree test_asa_qtree
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ test1 shru_svm_root
volume 1 read
/test_asa default test_asa volume 5 read
/test_asa/test_asa_qtree qtree_policy
test_asa_qtree
qtree 0 denied
3 entries were displayed.