This is an old revision of the document!
Table of Contents
AIX: Mount a filesystem on NFS v4
http://aix4admins.blogspot.com/2011/05/server-computer-that-makes-its-file.html
https://www.ibm.com/support/pages/aix-nfs-authentication-root-user
- On the source host, check the domain:
[root@nfsserver]/root# chnfsdom Current local domain: mydom
- On the target host, set the domain, and start NFSv4 daemon:
[root@labotest]/root# chnfsdom Current local domain: N/A [root@labotest]/root# chnfsdom mydom [root@labotest]/root# chnfsdom Current local domain: mydom [root@labotest]/root# cat /etc/nfs/local_domain mydom [root@labotest]/root# startsrc -g nfs 0513-029 The biod Subsystem is already active. Multiple instances are not supported. 0513-059 The nfsd Subsystem has been started. Subsystem PID is 66142. 0513-059 The rpc.mountd Subsystem has been started. Subsystem PID is 20447570. 0513-059 The nfsrgyd Subsystem has been started. Subsystem PID is 39715266. 0513-059 The gssd Subsystem has been started. Subsystem PID is 55509106. 0513-029 The rpc.lockd Subsystem is already active. Multiple instances are not supported. 0513-029 The rpc.statd Subsystem is already active. Multiple instances are not supported.
- On the source host, export a filestem for NFS V3 and V4 (if not specified = v3):
[root@nfsserver]/root# vi /etc/exports /nfs_test -vers=3:4 [root@nfsserver]/root# exportfs -va
- On the target host, mount the NFSv4 exported filesystem:
[root@labotest]/root# mount -o vers=4,soft,intr nfsserver:/nfs_test /mnt [root@labotest]/root# mount | grep /mnt nfsserver /nfs_test /mnt nfs4 Oct 28 17:19 vers=4,soft,intr
On client ports used for NFSv4:
- nfsserver:2049
- clientnfs: 1022-1023
Restrict access
[root@labotest]/root# cat /etc/exports /Tech/test1 -vers=4,sec=sys:krb5p:krb5i:krb5:dh,rw,access=10.1.199.35,root=10.1.199.35
Required Tuning to Mount Linux NFSv4 export
# For NFS with Linux, add the following settings
nfso portcheck 1 (not sure) nfso nfs_use_reserved_ports 1
nfs -po <param>=<value>
Commands to export/unexport on AIX server
Example to unexport
[root@nfsserver]/root# rmnfsexp -d /export/mksysb
Example to export
[root@nfsserver]/root# mknfsexp -d /export/mksysb -v 3,4 -S sys,krb5p,krb5i,krb5,dh -r aixn*,aixa*,aixb* -t rw
Open the /etc/filesystems file on labotest with a text editor.
/mksysb: dev = "/export/mksysb" vfs = nfs nodename = nfsserver mount = true options = bg,soft,intr,vers=4,sec=sys account = false
NFSv4 error
gssd error in syslog
[root@aix01]/var/log/syslog# grep gss warning.log /var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663584]: /usr/lib/drivers/krb5.ext: No such file or directory /var/adm/syslog/warning.log:Feb 1 09:21:04 aix01 daemon:err|error gssd[15663586]: /usr/lib/drivers/krb5.ext: No such file or directory
[root@aix01]/export/aix73_exp/installp/ppc# lssrc -g nfs Subsystem Group PID Status biod nfs 30867940 active nfsd nfs 23921040 active rpc.mountd nfs 7406062 active nfsrgyd nfs 19399068 active rpc.lockd nfs 9175414 active rpc.statd nfs 32309574 active gssd nfs inoperative
Install the missing krb5.ext module, you can find the package modcrypt.base.6.1.0.4.I into expansion pack
[root@aix01]/export/softs# restore -Tqvf /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I New volume on /export/aix73_exp/installp/ppc/modcrypt.base.6.1.0.4.I: ... 0 ./usr/lpp/modcrypt.base 4334 ./usr/lpp/modcrypt.base/liblpp.a 406327 ./usr/ccs/lib/libmodcrypt.a 175022 ./usr/lib/drivers/krb5.ext 5999 ./usr/include/xcrypt.h
Too many levels of symbolic links
Error while trying to export
root@ds:/root# cat /etc/exports /export/aix72 -vers=3:4
root@ds:/root# exportfs -va error: Too many levels of symbolic links
First chek if you have symbolic link into you directory
find /export/aix72 -type l
In symbolic link exist, remove it, else:
This problem is more common when using a NFS filesystem (v3 or v4) over an filesystems backend and with a lot of files in the same directory (more than 50000).
The problem is related to the readdir function of the readdir API, that uses the readdir cookie to quickly locate a file inside a directory. The NFS server uses this API while communicating with filesystem backends.
The “readdir loop” problem seems to be fairly widely known. Try to upgrade your OS, and reboot.
Mount as nobody
Export NFSv4
[root@aixnfssrv01]/root> cat /etc/exports /repository -vers=3:4,sec=sys,root=aix*:lnx*:ocp*,rw [root@aixnfssrv01]/root> chnfsdom Current local domain: mydom1
With good domain
[root@aixclientnfs01] /root> chnfsdom mydom1 [root@aixclientnfs01] /root> stopsrc -g nfs [root@aixclientnfs01] /root> startsrc -g nfs [root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt [root@aixclientnfs01] /> ls -l / | grep mnt 4 drwxr-xr-x 22 root system 4096 Mar 1 16:59 mnt
With bad domain
[root@aixclientnfs01] /root> chnfsdom mydom2 [root@aixclientnfs01] /root> stopsrc -g nfs [root@aixclientnfs01] /root> startsrc -g nfs [root@aixclientnfs01] /root> mount -o vers=4 aixnfssrv01:/repository /mnt [root@aixclientnfs01] /> ls -l / | grep mnt 4 drwxr-xr-x 22 nobody nobody 4096 Mar 1 16:59 mnt
you can have multiple domains: chnfsdom mydom1,mydom2
Perforamance
If you have a dédicated VLAN for NFS, you can use MTU 9000. All devices must set the MTU to 9000 and network ports to 9216.
