Dell EMC Unity: How to configure NIS/Netgroup for NFS export on Unity (User Correctable)

           

   Article Number:     491638                                   Article Version: 8     Article Type:    How To 
   

 


Product:

 

Unity Family,Unity Hybrid,Unity Hybrid flash,UnityVSA

 

Instructions:

 

 

Prerequisite:   

         
  1.         Configure netgroup for NFS shares on Unity.      
  2.      
  3.         Use NIS server for netgroup->host name resolution. This KB uses CentOS 6.2's native NIS server for test. Other NIS server should have its owner configuration method, but the theory should be the same.     
  4.      
  5.         The network port for NIS/NFS/RPC is allowed.     
  6.    
   
    NIS/Negroup in Unity.   
    Unity works with NIS server for netgroup->host name resolution , The working mechanism is as below. (Please refer attached tcpdump NIS.cap more more detail)   
         
  1.         When NFS client tries to mount NFS shares on Unity, Unity gets the IP address of NFS client.     
  2.      
  3.         Unity sends "YP match call" to NIS server with NFS client IP address to NIS server, and NIS server replies "YP match reply" with the host name.     
  4.      
  5.         If NIS server doesn't have correct host name entry (on step 2), Unity sends DNS PTR query to DNS server, query the PTR record of host name.     
  6.      
  7.         Unity sends "YP match call" to NIS server with NFS client host name to NIS server and NIS server replies "YP match call" with the netgroup name.     
  8.    
   
    Local/Netgroup in Unity:   
         
  •         Unity supports defining the netgroup in local netgroup file from Unity OE 4.1.x     
  •    
   
         
  1.         When NFS client tries to mount NFS shares on Unity, Unity gets the IP address of NFS client.     
  2.      
  3.         Unity tried to match IP address with  the host name in local hosts within nas server.     
  4.      
  5.         If local hosts file doesn't have correct host name entry (on step 2), Unity sends DNS PTR query to DNS server, query the PTR record of host name.     
  6.      
  7.         Unity tried to match host name with  the host name in local netgroup within nas server.     
  8.    
   
         
  •         Unity does NOT support local netgroup file before Unity OE 4.1.x     
  •    
   
    Procedure (Define netgroup in NIS server):   
    Step 1 - Configuration on Unity   
         
  1.         In Hosts menu, add a Netgroup Test1 with netgroup “mfgnasroot”     
  2.    
   
      User-added image   
   
    Note   
         
  •         The define "Netgroup" name “mfgnasroot” must match the netgroup name in NIS server.     
  •      
  •         Do NOT use “_” in Netgroup name,  Having “_” in the netgroup name may cause some issues.     
  •    
   
         
  1.         Navigate to "File -> NAS Servers -> NAS server Properties -> Naming Services-LDAP/NIS" and add a NIS server with "celerra" define as the "NIS Domain" as shown in below screenshot.     
  2.    
   
      User-added image   
   
         
  1.         In "File -> NFS Shares -> Share Properties -> Host Access" add netgroup Test with root privilege     
  2.    
   
      User-added image   
   
   
    Step 2 - Configuration on NIS server (I use CentOS6.2 & its native NIS software as NIS server)   
         
  1.         Confirm the packets below are installed.     
  2.    
   
      # rpm -qa|egrep -i "^yp|^rpc"     
      ypserv-2.19-22.el6.x86_64     
      ypbind-1.20.4-29.el6.x86_64     
      yp-tools-2.9-12.el6.x86_64     
      rpcbind-0.2.0-8.el6.x86_64   
   
         
  1.         Define NIS domain name     
  2.    
   
      # cat /etc/sysconfig/network     
      NETWORKING=yes     
      HOSTNAME=nis.vnx.com     
      GATEWAY=xxx.xxx.xxx.xxx     
      NISDOMAIN=celerra   
   
         
  1.         Add the hostname and its IP address in "/etc/hosts" (blue colour), ypinit uses "/etc/hosts" file to build YP database.     
  2.    
   
      # cat /etc/hosts     
      127.0.0.1localhost localhost.localdomain localhost4 localhost4.localdomain4     
      ::1localhost localhost.localdomain localhost6 localhost6.localdomain6     
      xxx.xxx.xxx.xxx 5700CS139.vnx.com     
      xxx.xxx.xxx.xxx VNX5400_107.vnx.com     
      xxx.xxx.xxx.xxx nis.vnx.com nis   
   
         
  1.         Add the hostname in "/etc/netgroup" file and add the NIS domain name as shown below (NFS mount would fail if the NIS domain field is left as blank)     
  2.    
   
      # cat /etc/netgroup     
      mfgnasroot (5700CS139.vnx.com,,celerra) (VNX5400_107.vnx.com,,celerra)   
   
         
  1.         Confirm ypbind, ypserver and rpcbind services are running.     
  2.    
   
      # service ypbind status     
      ypbind (pid16711) is running...     
     
      # service ypserv status     
      ypserv (pid16758) is running...     
     
      # service rpcbind status     
      rpcbind (pid1274) is running...   
   
         
  1.         Initialise YP database.     
  2.    
   
      # /usr/lib64/yp/ypinit -m     
      At this point, we have to construct a list of the hosts which will run NIS servers.nis.vnx.com is in the list of NIS server hosts. Continue adding hostname for the other hosts, one hostname entry per line and when completed with the list, type a <control D>.     
     
      next host to add:nis.vnx.com     
      next host to add:     
     
      The current list of NIS servers looks like this:     
            
      nis.vnx.com     
            
      Is this correct?[y/n: y]y     
      We need a few minutes to build the databases...     
      Building /var/yp/celerra/ypservers...     
      Running /var/yp/Makefile...     
      gmake[1]: Entering directory `/var/yp/celerra'     
      Updating passwd.byname...     
      Updating passwd.byuid...     
      Updating group.byname...     
      Updating group.bygid...     
      Updating hosts.byname...     
      Updating hosts.byaddr...     
      Updating rpc.byname...     
      Updating rpc.bynumber...     
      Updating services.byname...     
      Updating services.byservicename...     
      Updating netid.byname...     
      Updating protocols.bynumber...     
      Updating protocols.byname...     
      Updating mail.aliases...     
      Updating netgroup...     
      Updating netgroup.byhost...     
      Updating netgroup.byuser...     
      gmake[1]: Leaving directory `/var/yp/celerra'     
            
      nis.vnx.com has been set up as a NIS master server.     
            
      Now you can run ypinit -s nis.vnx.com on all slave server.   
   
    Test         
          Mount NFS share from a host which does not belong to netgroup mfgnasroot, access deny.
   
      [root@nis ~]# mount xxx.xxx.xxx.xxx:/Test /mnt     
      mount.nfs: access denied by server while mounting xxx.xxx.xxx.xxx:/Test   
   
      Mount NFS share from a host which belongs to netgroup mfgnasroot, access success.    
   
      [root@5700CS139 nasadmin]# mount xxx.xxx.xxx.xxx:/Test /mnt       
        [root@5700CS139 nasadmin]# cd /mnt       
        [root@5700CS139 mnt]# touch 139
     
            
      [root@VNX5400_107 nasadmin]# mount xxx.xxx.xxx.xxx:/Test /mnt       
        [root@VNX5400_107 nasadmin]# cd /mnt       
        [root@VNX5400_107 mnt]# touch 107
   
   
      Procedure (Define netgroup in local file):     
      Step 1 - Configuration on Unity     
           
  1.           In Hosts menu, add a Netgroup Eric1 with netgroup “mfgnasroot”       
  2.      
     
        User-added image     
     
      Note     
           
  •           The define "Netgroup" name “mfgnasroot” must match the netgroup name in local file netgroup.       
  •        
  •           Do NOT use “_” in Netgroup name,  Having “_” in the netgroup name may cause some issues.       
  •      
     
           
  1.           Navigate to "File -> NAS Servers -> NAS server Properties -> Naming Services-Local Files". Please retrieve the current hosts file & netgroup file; Update them with Notepad++; Save them in Unix format; Upload them in the final.       
  2.      
     
        User-added image       
        Example of hosts file:       
        # The hosts file contains a list of IP addresses with their corresponding hostnames.       
        #       
        # Each line of the hosts file defines a host and has the format:       
        #   IP_address hostname aliases       
        # where:       
        # - IP_address is the host's IP address.       
        # - hostname is the official name of the host.       
        # - aliases provides for name changes, alternate spellings, shorter hostnames, or generic hostnames (for example, localhost).       
        #       
        # Fields are separated by any number of blanks or tab characters or both.       
        #       
        xxx.xxx.xxx.xxx    opennms.vnx.com opennms       
        xxx.xxx.xxx.xxx  vnx5400-1cs0.vnx.com    vnx5400-1cs0       
        xxx.xxx.xxx.xxx   vnx5400-1cs1.vnx.com    vnx5400-1cs1       
       
        Example of netgroup file:       
        # The netgroup file contains a list of network group names with the list of hostnames for hosts belonging to the group.       
        # In addition to mapping hosts to network groups, it also maps users to network groups.       
        #       
        # Each line of the netgroup file defines a group and has the format:       
        #   groupname member1 member2 ...       
        #       
        # Each member is either the name of another group or indicates specific hosts, users, and domains, referred to as a triple, as follows:       
        #   (hostname,username,domainname)       
        #       
        # Any of the triple's three fields can be blank, meaning all the values in that field are included.       
        # A dash (-) in any of the fieldsmeans there are no valid values.       
        # For example, the following line defines a group called ouruniverse that consists of all hosts and users in the NIS domain ourdomain.       
        #   ouruniverse (,,ourdomain)       
        #       
        # The following lines define a group called ourhosts that includes all of the hosts but none of the users in the domain,       
        # and a group called ourusers that includes all users but no hosts.       
        #     ourhosts (,-,ourdomain)       
        #     ourusers (-,,ourdomain)       
        #       
        # The following line defines a group called ouruniverse that consists of two hosts hostatlanta and hostboston.       
        #   ouruniverse (hostatlanta,,),(hostboston,,)       
        #       
        # Note: IP addresses are not allowed.       
        #       
        # A netgroup file can include as many lines as required; however, each line must be less than 1 KB in length.       
        # If necessary, a line can be continued on another line by using the backslash (\) as a continuation character.       
        # A triple, however, cannot be split across two lines.       
        #       
        # Note: If you use a backslash (\) as a continuation character, it must be the last character on the line. It cannot be followed by spaces.       
        mfgnasroot (opennms,,vnx.com),(vnx5400-1cs1,,vnx.com),(vnx5400-1cs0,,vnx.com)     
     
           
  1.           In "File -> NFS Shares -> Share Properties -> Host Access" add netgroup Eric1 with root privilege       
  2.      
     
        User-added image     
     
     
     
      Test           
            Mount NFS share from a host which does not belong to netgroup mfgnasroot, access deny.
     
        [root@VNX5400-1CS0 ~]# mount xxx.xxx.xxx.xxx:/unity_nfs /mnt         
          mount: xxx.xxx.xxx.xxx: /unity_nfs failed, reason given by server: Permission denied
     
     
        Mount NFS share from a host which belongs to netgroup mfgnasroot, access success.      
     
        [root@opennms ~]# mount xxx.xxx.xxx.xxx:/unity_nfs /mnt         
          [root@opennms ~]# umount /mnt         
          [root@opennms ~]# mount xxx.xxx.xxx.xxx:/unity_nfs /mnt         
          [root@opennms ~]# cd /mnt         
          [root@opennms mnt]# touch opennms         
          [root@opennms mnt]# ll         
          total 102528         
          -rw-r--r-- 1 root root 104857600 Jun 12 23:51 emctest         
          drwxr-xr-x 6 root root      8192 Jun 13 02:42 eric         
          drwxr-xr-x 2 root root      8192 Jun  5 06:11 lost+found         
          -rw-r--r-- 1 root root         0 Jul 13  2017 opennms
     
     
          
                                                                                                                             

 

 

Notes:

 

 

   

         
  •         Do not use "_" in netgroup name when adding a netgroup on Unity GUI. Otherwise an error message of "failed invalid DNS name..." will be returned.      
  •      
  •         For multiple IP addresses in netgroup, create host/subnet entries in Host menu if one needs to define IP addresses/range for NFS share.     
  •