This section explains how to use the
qq nfs_add_export command.Example
To Configure Required Authentication Modes for Different Hosts
In the following example, we configure three export restrictions.
- The first export restriction allows only the specified hosts to use any authentication mode to access the NFS export.
- The second export restriction allows all hosts matching the wildcard pattern that use the
@KRB5authentication mode to access the NFS export. - The third export restriction allows any hosts that use the
@KRB5Pauthentication mode to access the NFS export.
{
"restrictions" : [
{
"read_only" : true,
"host_restrictions" : ["203.0.113.0", "203.0.113.0/24"],
"required_authentication_mode": "AUTHENTICATION_MODE_NONE",
"user_mapping" : "root",
"map_to_user": {
"id_type" : "LOCAL_USER",
"id_value" : "500"
}
},{
"read_only" : false,
"host_restrictions" : [ "*.example.com" ],
"required_authentication_mode": "AUTHENTICATION_MODE_KRB5",
"user_mapping" : "none"
},{
"read_only" : true,
"host_restrictions" : [],
"required_authentication_mode": "AUTHENTICATION_MODE_KRB5P",
"user_mapping" : "all",
"map_to_user" :{
"id_type" : "NFS_UID",
"id_value" : "500"
},
"map_to_group": {
"id_type" : "NFS_GID",
"id_value" : "501"
}
}
]
}
Description
Add a new NFS export
Usage
qq nfs_add_export [-h] --export-path EXPORT_PATH --fs-path FS_PATH [--tenant-id TENANT_ID] [--description DESCRIPTION] (--no-restrictions | --restrictions JSON_FILE_PATH)
[--create-fs-path] [--fields-to-present-as-32-bit FIELD [FIELD ...]]
Flags
| Flag Name | Required | Description |
|---|---|---|
--export-path
|
Yes | NFS Export path |
--fs-path
|
Yes | File system path |
--tenant-id
|
No | ID of the tenant to add the export to |
--description
|
No | Description of this export |
--no-restrictions
|
No | Specify no restrictions for this export. |
--restrictions
|
No |
Path to local file containing the restrictions in JSON format.
host_restrictions is a comma separated list of:
IPs| IP ranges | hostnames | wildcarded hostnames
required_authentication_mode can be:
"AUTHENTICATION_MODE_NONE" | "AUTHENTICATION_MODE_KRB5" | "AUTHENTICATION_MODE_KRB5I" |
"AUTHENTICATION_MODE_KRB5P"
kerberos security flavors:
KRB5: basic KRB5I: auth Integrity KRB5P: Privacy
user_mapping can be:
"none" | "root" | "all"
map_to_user can be:
"{ "id_type": "LOCAL_USER", "id_value": " |
--create-fs-path
|
No | Creates the specified file system path if it does not exist |
--fields-to-present-as-32-bit
|
No | Fields that are forced to fit in 32 bits for the export, to support legacy clients and applications. Choices are: ['FILE_IDS', 'FILE_SIZES', 'FS_SIZE', 'NONE'] FILE_IDS: will hash file IDs (inode numbers), which can be observed by "stat", and is also necessary for some deprecated linux system calls (e.g. to list a directory) to work. FS_SIZE: saturates the available, used, and total capacity reported to tools like "df" to 4GiB. FILE_SIZES: saturates the reported size of individual files to 4GiB, and should be used with caution as it could cause application misbehavior in the handling of larger files. NONE: explicitly specifies no 32 bit mapping. |