====== AIX: Mount a filesystem on NFS v4 ======
http://aix4admins.blogspot.com/2011/05/server-computer-that-makes-its-file.html
https://www.ibm.com/support/pages/aix-nfs-authentication-root-user
* On the source host, check the domain:
[root@nfsserver]/root# chnfsdom
Current local domain: mydom
* On the target host, set the domain, and start NFSv4 daemon:
[root@labotest]/root# chnfsdom
Current local domain: N/A
[root@labotest]/root# chnfsdom mydom
[root@labotest]/root# chnfsdom
Current local domain: mydom
[root@labotest]/root# cat /etc/nfs/local_domain
mydom
[root@labotest]/root# startsrc -g nfs
0513-029 The biod Subsystem is already active.
Multiple instances are not supported.
0513-059 The nfsd Subsystem has been started. Subsystem PID is 66142.
0513-059 The rpc.mountd Subsystem has been started. Subsystem PID is 20447570.
0513-059 The nfsrgyd Subsystem has been started. Subsystem PID is 39715266.
0513-059 The gssd Subsystem has been started. Subsystem PID is 55509106.
0513-029 The rpc.lockd Subsystem is already active.
Multiple instances are not supported.
0513-029 The rpc.statd Subsystem is already active.
Multiple instances are not supported.
* On the source host, export a filestem for NFS V3 and V4 (if not specified = v3):
[root@nfsserver]/root# vi /etc/exports
/nfs_test -vers=3:4
[root@nfsserver]/root# exportfs -va
* On the target host, mount the NFSv4 exported filesystem:
[root@labotest]/root# mount -o vers=4,soft,intr nfsserver:/nfs_test /mnt
[root@labotest]/root# mount | grep /mnt
nfsserver /nfs_test /mnt nfs4 Oct 28 17:19 vers=4,soft,intr
===== On client ports used for NFSv4: =====
* nfsserver:2049
* clientnfs: 1022-1023
===== Restrict access =====
[root@labotest]/root# cat /etc/exports
/Tech/test1 -vers=4,sec=sys:krb5p:krb5i:krb5:dh,rw,access=10.1.199.35,root=10.1.199.35
===== Required Tuning to Mount Linux NFSv4 export =====
# For NFS with Linux, add the following settings
nfso portcheck 1 (not sure)
nfso nfs_use_reserved_ports 1
nfs -po =
===== Commands to export/unexport on AIX server =====
Example to unexport
[root@nfsserver]/root# rmnfsexp -d /export/mksysb
Example to export
[root@nfsserver]/root# mknfsexp -d /export/mksysb -v 3,4 -S sys,krb5p,krb5i,krb5,dh -r aixn*,aixa*,aixb* -t rw
Open the /etc/filesystems file on labotest with a text editor.
/mksysb:
dev = "/export/mksysb"
vfs = nfs
nodename = nfsserver
mount = true
options = bg,soft,intr,vers=4,sec=sys
account = false
===== NFSv4 error =====
==== gssd error in syslog ====
[root@aix01]/var/log/syslog# grep gss warning.log
/var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663584]: /usr/lib/drivers/krb5.ext: No such file or directory
/var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663586]: /usr/lib/drivers/krb5.ext: No such file or directory
[root@aix01]/export/aix73_exp/installp/ppc# lssrc -g nfs
Subsystem Group PID Status
biod nfs 30867940 active
nfsd nfs 23921040 active
rpc.mountd nfs 7406062 active
nfsrgyd nfs 19399068 active
rpc.lockd nfs 9175414 active
rpc.statd nfs 32309574 active
gssd nfs inoperative
Install the missing krb5.ext module, you can find the package **modcrypt.base.6.1.0.4.I** into expansion pack
[root@aix01]/export/softs# restore -Tqvf /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I
New volume on /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I:
...
0 ./usr/lpp/modcrypt.base
4334 ./usr/lpp/modcrypt.base/liblpp.a
406327 ./usr/ccs/lib/libmodcrypt.a
175022 ./usr/lib/drivers/krb5.ext
5999 ./usr/include/xcrypt.h
==== Too many levels of symbolic links ====
Error while trying to export
root@ds:/root# cat /etc/exports
/export/aix72 -vers=3:4
root@ds:/root# exportfs -va
error: Too many levels of symbolic links
First chek if you have symbolic link into you directory
find /export/aix72 -type l
In symbolic link exist, remove it, else:
This problem is more common when using a NFS filesystem (v3 or v4) over an filesystems backend and with a lot of files in the same directory (more than 50000).
The problem is related to the readdir function of the readdir API, that uses the readdir cookie to quickly locate a file inside a directory. The NFS server uses this API while communicating with filesystem backends.
The "readdir loop" problem seems to be fairly widely known. Try to upgrade your OS, and reboot.
==== Mount as nobody ====
Export NFSv4
[root@aixnfssrv01]/root> cat /etc/exports
/repository -vers=3:4,sec=sys,root=aix*:lnx*:ocp*,rw
[root@aixnfssrv01]/root> chnfsdom
Current local domain: mydom1
With good domain
[root@aixclientnfs01] /root> chnfsdom mydom1
[root@aixclientnfs01] /root> stopsrc -g nfs
[root@aixclientnfs01] /root> startsrc -g nfs
[root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt
[root@aixclientnfs01] /> ls -l / | grep mnt
4 drwxr-xr-x 22 root system 4096 Mar 1 16:59 mnt
With bad domain
[root@aixclientnfs01] /root> chnfsdom mydom2
[root@aixclientnfs01] /root> stopsrc -g nfs
[root@aixclientnfs01] /root> startsrc -g nfs
[root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt
[root@aixclientnfs01] /> ls -l / | grep mnt
4 drwxr-xr-x 22 nobody nobody 4096 Mar 1 16:59 mnt
FIXME you can have multiple domains: chnfsdom mydom1,mydom2
===== Performance =====
If you have a dédicated VLAN for NFS, you can use MTU 9000. All devices must set the MTU to 9000 and network ports to 9216.
Best proctice for AIX LPAR:
* Processing Units: **1.0**
* network options
# no -p -o tcp_sendspace=524288
# no -p -o tcp_recvspace=524288
* nfs options
[root@testh]/root# nfso -L
NAME CUR DEF BOOT MIN MAX UNIT TYPE
DEPENDENCIES
--------------------------------------------------------------------------------
nfs_max_read_size 512K 64K 512K 512 512K Bytes D
--------------------------------------------------------------------------------
nfs_max_write_size 512K 64K 512K 512 512K Bytes D
--------------------------------------------------------------------------------
nfs_rfc1323 1 1 1 0 1 On/Off D
* enable largesend
jumbo_frames yes
large_receive yes
large_send yes
[root@testh]/root# lsattr -El ent3
chksum_offload yes Request checksum offload True
jumbo_frames yes Request jumbo frames True
large_receive yes Request Rx TCP segment aggregation True
large_send yes Request Tx TCP segment offload True
...
[root@testh]/root# lsattr -El en3
...
mtu 9000 Maximum IP Packet Size for This Device True
mtu_bypass on Enable/Disable largesend for virtual Ethernet True
state up Current Interface Status True
For info, largesend 'll send packet 64k, that 'll be split on VIOS side (hypervisor), when analyse packet, checksum for 64k return FFFF bad checksum, it normal.
Example of mount options:
# mount -o bg,hard,intr,rsize=131072,wsize=131072,timeo=1200,vers=4,sec=sys nfssrv:/nfspath /mnt
===== NFS ERROR =====
* **Mount error**
NFS lookup failed for server : rpc error 7 (RPC: 1832-010 Authentication error) errno 5
Try:
# nfso -p -o portcheck=1
# nfso -p -o nfs_use_reserved_ports=1
* **Set range ports for NFS**
Normally, The usage of NFS ports will be dynamically in AIX.... If you would like to set the port ranges,
The NFS_PORT_RANGE environment variable can be used to limit the source port of network calls the client makes to the server. If used, this environment variable should be added to the **/etc/environment** file. The format of the environment variable is as follows:
NFS_PORT_RANGE=udp[4000-5000]:tcp[7000-8000]