aix:aix_nfsv4
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:aix_nfsv4 [2021/11/11 14:13] manu |
aix:aix_nfsv4 [2024/02/26 09:43] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== AIX: Mount a filesystem on NFS v4 ====== | ====== AIX: Mount a filesystem on NFS v4 ====== | ||
| + | |||
| + | http://aix4admins.blogspot.com/2011/05/server-computer-that-makes-its-file.html | ||
| + | |||
| + | https://www.ibm.com/support/pages/aix-nfs-authentication-root-user | ||
| + | |||
| * On the source host, check the domain: | * On the source host, check the domain: | ||
| Line 43: | Line 48: | ||
| </cli> | </cli> | ||
| - | === On client ports used for NFSv4: === | + | ===== On client ports used for NFSv4: ===== |
| * nfsserver:2049 | * nfsserver:2049 | ||
| * clientnfs: 1022-1023 | * clientnfs: 1022-1023 | ||
| - | === Restrict access === | + | ===== Restrict access ===== |
| <cli prompt='#'> | <cli prompt='#'> | ||
| Line 54: | Line 59: | ||
| </cli> | </cli> | ||
| - | === Required Tuning to Mount Linux NFSv4 export === | + | ===== Required Tuning to Mount Linux NFSv4 export ===== |
| Line 88: | Line 93: | ||
| ===== NFSv4 error ===== | ===== NFSv4 error ===== | ||
| + | |||
| + | ==== gssd error in syslog ==== | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/var/log/syslog# grep gss warning.log | ||
| + | /var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663584]: /usr/lib/drivers/krb5.ext: No such file or directory | ||
| + | /var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663586]: /usr/lib/drivers/krb5.ext: No such file or directory | ||
| + | </cli> | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/export/aix73_exp/installp/ppc# lssrc -g nfs | ||
| + | Subsystem Group PID Status | ||
| + | biod nfs 30867940 active | ||
| + | nfsd nfs 23921040 active | ||
| + | rpc.mountd nfs 7406062 active | ||
| + | nfsrgyd nfs 19399068 active | ||
| + | rpc.lockd nfs 9175414 active | ||
| + | rpc.statd nfs 32309574 active | ||
| + | gssd nfs inoperative | ||
| + | </cli> | ||
| + | |||
| + | Install the missing krb5.ext module, you can find the package **modcrypt.base.6.1.0.4.I** into expansion pack | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/export/softs# restore -Tqvf /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I | ||
| + | New volume on /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I: | ||
| + | ... | ||
| + | 0 ./usr/lpp/modcrypt.base | ||
| + | 4334 ./usr/lpp/modcrypt.base/liblpp.a | ||
| + | 406327 ./usr/ccs/lib/libmodcrypt.a | ||
| + | 175022 ./usr/lib/drivers/krb5.ext | ||
| + | 5999 ./usr/include/xcrypt.h | ||
| + | </cli> | ||
| ==== Too many levels of symbolic links ==== | ==== Too many levels of symbolic links ==== | ||
| Line 111: | Line 147: | ||
| The "readdir loop" problem seems to be fairly widely known. Try to upgrade your OS, and reboot. | The "readdir loop" problem seems to be fairly widely known. Try to upgrade your OS, and reboot. | ||
| + | |||
| + | ==== Mount as nobody ==== | ||
| + | |||
| + | Export NFSv4 | ||
| + | <cli prompt='>'> | ||
| + | [root@aixnfssrv01]/root> cat /etc/exports | ||
| + | /repository -vers=3:4,sec=sys,root=aix*:lnx*:ocp*,rw | ||
| + | |||
| + | [root@aixnfssrv01]/root> chnfsdom | ||
| + | Current local domain: mydom1 | ||
| + | </cli> | ||
| + | |||
| + | With good domain | ||
| + | <cli prompt='>'> | ||
| + | [root@aixclientnfs01] /root> chnfsdom mydom1 | ||
| + | [root@aixclientnfs01] /root> stopsrc -g nfs | ||
| + | [root@aixclientnfs01] /root> startsrc -g nfs | ||
| + | [root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt | ||
| + | [root@aixclientnfs01] /> ls -l / | grep mnt | ||
| + | 4 drwxr-xr-x 22 root system 4096 Mar 1 16:59 mnt | ||
| + | </cli> | ||
| + | |||
| + | With bad domain | ||
| + | <cli prompt='>'> | ||
| + | [root@aixclientnfs01] /root> chnfsdom mydom2 | ||
| + | [root@aixclientnfs01] /root> stopsrc -g nfs | ||
| + | [root@aixclientnfs01] /root> startsrc -g nfs | ||
| + | [root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt | ||
| + | [root@aixclientnfs01] /> ls -l / | grep mnt | ||
| + | 4 drwxr-xr-x 22 nobody nobody 4096 Mar 1 16:59 mnt | ||
| + | </cli> | ||
| + | |||
| + | FIXME you can have multiple domains: chnfsdom mydom1,mydom2 | ||
| + | |||
| + | ===== Performance ===== | ||
| + | |||
| + | If you have a dédicated VLAN for NFS, you can use MTU 9000. All devices must set the MTU to 9000 and network ports to 9216. | ||
| + | |||
| + | Best proctice for AIX LPAR: | ||
| + | * Processing Units: **1.0** | ||
| + | * network options | ||
| + | <cli prompt='#'> | ||
| + | # no -p -o tcp_sendspace=524288 | ||
| + | # no -p -o tcp_recvspace=524288 | ||
| + | </cli> | ||
| + | | ||
| + | * nfs options | ||
| + | <cli prompt='#'> | ||
| + | [root@testh]/root# nfso -L | ||
| + | NAME CUR DEF BOOT MIN MAX UNIT TYPE | ||
| + | DEPENDENCIES | ||
| + | -------------------------------------------------------------------------------- | ||
| + | nfs_max_read_size 512K 64K 512K 512 512K Bytes D | ||
| + | -------------------------------------------------------------------------------- | ||
| + | nfs_max_write_size 512K 64K 512K 512 512K Bytes D | ||
| + | -------------------------------------------------------------------------------- | ||
| + | nfs_rfc1323 1 1 1 0 1 On/Off D | ||
| + | </cli> | ||
| + | |||
| + | * enable largesend | ||
| + | |||
| + | jumbo_frames yes | ||
| + | large_receive yes | ||
| + | large_send yes | ||
| + | <cli prompt='#'> | ||
| + | [root@testh]/root# lsattr -El ent3 | ||
| + | chksum_offload yes Request checksum offload True | ||
| + | jumbo_frames yes Request jumbo frames True | ||
| + | large_receive yes Request Rx TCP segment aggregation True | ||
| + | large_send yes Request Tx TCP segment offload True | ||
| + | ... | ||
| + | | ||
| + | [root@testh]/root# lsattr -El en3 | ||
| + | ... | ||
| + | mtu 9000 Maximum IP Packet Size for This Device True | ||
| + | mtu_bypass on Enable/Disable largesend for virtual Ethernet True | ||
| + | state up Current Interface Status True | ||
| + | </cli> | ||
| + | |||
| + | For info, largesend 'll send packet 64k, that 'll be split on VIOS side (hypervisor), when analyse packet, checksum for 64k return FFFF bad checksum, it normal. | ||
| + | |||
| + | Example of mount options: | ||
| + | # mount -o bg,hard,intr,rsize=131072,wsize=131072,timeo=1200,vers=4,sec=sys nfssrv:/nfspath /mnt | ||
| + | |||
| + | ===== NFS ERROR ===== | ||
| + | |||
| + | * **Mount error** | ||
| + | <code> | ||
| + | NFS lookup failed for server : rpc error 7 (RPC: 1832-010 Authentication error) errno 5 | ||
| + | </code> | ||
| + | |||
| + | Try: | ||
| + | <cli prompt='#'> | ||
| + | # nfso -p -o portcheck=1 | ||
| + | # nfso -p -o nfs_use_reserved_ports=1 | ||
| + | </cli> | ||
| + | |||
| + | * **Set range ports for NFS** | ||
| + | |||
| + | Normally, The usage of NFS ports will be dynamically in AIX.... If you would like to set the port ranges, | ||
| + | |||
| + | The NFS_PORT_RANGE environment variable can be used to limit the source port of network calls the client makes to the server. If used, this environment variable should be added to the **/etc/environment** file. The format of the environment variable is as follows: | ||
| + | NFS_PORT_RANGE=udp[4000-5000]:tcp[7000-8000] | ||
| + | |||
aix/aix_nfsv4.1636636420.txt.gz · Last modified: 2021/11/11 14:13 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
