Differences

This shows you the differences between two versions of the page.

--- aix:aix_nfsv4 [2021/11/11 14:46]
manu
+++ aix:aix_nfsv4 [2024/02/26 09:43] (current)
manu
@@ Line 93: / Line 93: @@
 ===== NFSv4 error =====
+==== gssd error in syslog ====
+<cli prompt='#'>
+[root@aix01]/var/log/syslog# grep gss warning.log
+/var/adm/syslog/warning.log:Feb  1 09:21:04 aix01 daemon:err|error gssd[15663584]: /usr/lib/drivers/krb5.ext: No such file or directory
+/var/adm/syslog/warning.log:Feb  1 09:21:04 aix01 daemon:err|error gssd[15663586]: /usr/lib/drivers/krb5.ext: No such file or directory
+</cli>
+<cli prompt='#'>
+[root@aix01]/export/aix73_exp/installp/ppc# lssrc -g nfs
+Subsystem         Group            PID          Status
+ biod             nfs              30867940     active
+ nfsd             nfs              23921040     active
+ rpc.mountd       nfs              7406062      active
+ nfsrgyd          nfs              19399068     active
+ rpc.lockd        nfs              9175414      active
+ rpc.statd        nfs              32309574     active
+ gssd             nfs                           inoperative
+</cli>
+Install the missing krb5.ext module, you can find the package **modcrypt.base.6.1.0.4.I** into expansion pack
+<cli prompt='#'>
+[root@aix01]/export/softs# restore -Tqvf /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I
+New volume on /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I:
+...
+./usr/lpp/modcrypt.base
+./usr/lpp/modcrypt.base/liblpp.a
+./usr/ccs/lib/libmodcrypt.a
+./usr/lib/drivers/krb5.ext
+./usr/include/xcrypt.h
+</cli>
 ==== Too many levels of symbolic links ====
@@ Line 116: / Line 147: @@
 The "readdir loop" problem seems to be fairly widely known. Try to upgrade your OS, and reboot.
+==== Mount as nobody ====
+Export NFSv4
+<cli prompt='>'>
+[root@aixnfssrv01]/root> cat /etc/exports
+/repository -vers=3:4,sec=sys,root=aix*:lnx*:ocp*,rw
+[root@aixnfssrv01]/root> chnfsdom
+Current local domain: mydom1
+</cli>
+With good domain
+<cli prompt='>'>
+[root@aixclientnfs01] /root> chnfsdom mydom1
+[root@aixclientnfs01] /root> stopsrc -g nfs
+[root@aixclientnfs01] /root> startsrc -g nfs
+[root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt
+[root@aixclientnfs01] /> ls -l /   | grep mnt
+drwxr-xr-x   22 root     system         4096 Mar  1 16:59 mnt
+</cli>
+With bad domain
+<cli prompt='>'>
+[root@aixclientnfs01] /root> chnfsdom mydom2
+[root@aixclientnfs01] /root> stopsrc -g nfs
+[root@aixclientnfs01] /root> startsrc -g nfs
+[root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt
+[root@aixclientnfs01] /> ls -l /   | grep mnt
+drwxr-xr-x   22 nobody   nobody         4096 Mar  1 16:59 mnt
+</cli>
+FIXME you can have multiple domains: chnfsdom mydom1,mydom2
+===== Performance =====
+If you have a dédicated VLAN for NFS, you can use MTU 9000. All devices must set the MTU to 9000 and network ports to 9216.
+Best proctice for AIX LPAR:
+  * Processing Units: **1.0**
+  * network options
+<cli prompt='#'>
+# no -p -o tcp_sendspace=524288
+# no -p -o tcp_recvspace=524288
+</cli>
+  * nfs options
+<cli prompt='#'>
+[root@testh]/root# nfso -L
+NAME                      CUR    DEF    BOOT   MIN    MAX    UNIT           TYPE
+     DEPENDENCIES
+--------------------------------------------------------------------------------
+nfs_max_read_size         512K   64K    512K   512    512K   Bytes             D
+--------------------------------------------------------------------------------
+nfs_max_write_size        512K   64K    512K   512    512K   Bytes             D
+--------------------------------------------------------------------------------
+nfs_rfc1323               1      1      1      0      1      On/Off            D
+</cli>
+  * enable largesend
+      jumbo_frames    yes
+      large_receive   yes
+      large_send      yes
+<cli prompt='#'>
+[root@testh]/root# lsattr -El ent3
+chksum_offload  yes              Request checksum offload                         True
+jumbo_frames    yes              Request jumbo frames                             True
+large_receive   yes              Request Rx TCP segment aggregation               True
+large_send      yes              Request Tx TCP segment offload                   True
+...
+[root@testh]/root# lsattr -El en3
+...
+mtu           9000            Maximum IP Packet Size for This Device        True
+mtu_bypass    on              Enable/Disable largesend for virtual Ethernet True
+state         up              Current Interface Status                      True
+</cli>
+For info, largesend 'll send packet 64k, that 'll be split on VIOS side (hypervisor), when analyse packet, checksum for 64k return FFFF bad checksum, it normal.
+Example of mount options:
+  # mount -o bg,hard,intr,rsize=131072,wsize=131072,timeo=1200,vers=4,sec=sys nfssrv:/nfspath /mnt
+===== NFS ERROR =====
+  * **Mount error**
+<code>
+NFS lookup failed for server : rpc error 7 (RPC: 1832-010 Authentication error) errno 5
+</code>
+Try:
+<cli prompt='#'>
+# nfso -p -o portcheck=1
+# nfso -p -o nfs_use_reserved_ports=1
+</cli>
+  * **Set range ports for NFS**
+Normally, The usage of NFS ports will be dynamically in AIX.... If you would like to set the port ranges,
+The NFS_PORT_RANGE environment variable can be used to limit the source port of network calls the client makes to the server. If used, this environment variable should be added to the **/etc/environment** file. The format of the environment variable is as follows:
+  NFS_PORT_RANGE=udp[4000-5000]:tcp[7000-8000]

wiki

User Tools

Site Tools

Differences

Page Tools