Examples of ONTAP export policies
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
You can review example export policies to better understand how export policies work in ONTAP.
Sample ONTAP implementation of a 7-Mode export
The following example shows a 7-Mode export as it appears in the /etc/export
file:
/vol/vol1 -sec=sys,ro=@readonly_netgroup,rw=@readwrite_netgroup1: @readwrite_netgroup2:@rootaccess_netgroup,root=@rootaccess_netgroup
To reproduce this export as a clustered export policy, you have to create an export policy with three export rules, and then assign the export policy to the volume vol1.
Rule | Element | Value |
---|---|---|
Rule 1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rule 2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rule 3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
Create an export policy called exp_vol1:
vserver export-policy create -vserver NewSVM -policyname exp_vol1
-
Create three rules with the following parameters to the base command:
-
Base command:
vserver export-policy rule create -vserver NewSVM -policyname exp_vol1
-
Rule parameters:
-clientmatch @readonly_netgroup -ruleindex 1 -protocol nfs -rorule sys -rwrule never -superuser none
-clientmatch @rootaccess_netgroup -ruleindex 2 -protocol nfs -rorule sys -rwrule sys -superuser sys
-clientmatch @readwrite_netgroup1,@readwrite_netgroup2 -ruleindex 3 -protocol nfs -rorule sys -rwrule sys -superuser none
-
-
Assign the policy to the volume vol1:
volume modify -vserver NewSVM -volume vol1 -policy exp_vol1
Sample consolidation of 7-Mode exports
The following example shows a 7-Mode /etc/export
file that includes one line for each of 10 qtrees:
/vol/vol1/q_1472 -sec=sys,rw=host1519s,root=host1519s /vol/vol1/q_1471 -sec=sys,rw=host1519s,root=host1519s /vol/vol1/q_1473 -sec=sys,rw=host1519s,root=host1519s /vol/vol1/q_1570 -sec=sys,rw=host1519s,root=host1519s /vol/vol1/q_1571 -sec=sys,rw=host1519s,root=host1519s /vol/vol1/q_2237 -sec=sys,rw=host2057s,root=host2057s /vol/vol1/q_2238 -sec=sys,rw=host2057s,root=host2057s /vol/vol1/q_2239 -sec=sys,rw=host2057s,root=host2057s /vol/vol1/q_2240 -sec=sys,rw=host2057s,root=host2057s /vol/vol1/q_2241 -sec=sys,rw=host2057s,root=host2057s
In ONTAP, one of two policies is needed for each qtree: one with a rule including -clientmatch host1519s
, or one with a rule including -clientmatch host2057s
.
-
Create two export policies called exp_vol1q1 and exp_vol1q2:
-
vserver export-policy create -vserver NewSVM -policyname exp_vol1q1
-
vserver export-policy create -vserver NewSVM -policyname exp_vol1q2
-
-
Create a rule for each policy:
-
vserver export-policy rule create -vserver NewSVM -policyname exp_vol1q1 -clientmatch host1519s -rwrule sys -superuser sys
-
vserver export-policy rule create -vserver NewSVM -policyname exp_vol1q2 -clientmatch host1519s -rwrule sys -superuser sys
-
-
Apply the policies to the qtrees:
-
volume qtree modify -vserver NewSVM -qtree-path /vol/vol1/q_1472 -export-policy exp_vol1q1
-
[next 4 qtrees…]
-
volume qtree modify -vserver NewSVM -qtree-path /vol/vol1/q_2237 -export-policy exp_vol1q2
-
[next 4 qtrees…]
-
If you need to add additional qtrees for those hosts later, you would use the same export policies.