Open the export policy of the SVM root volume
Suggest changes
PDFs
The default export policy of the SVM root volume must include a rule to allow all clients open access through NFS. Without such a rule, all NFS clients are denied access to the SVM and its volumes.
When a new SVM is created, a default export policy (called default) is created automatically for the root volume of the SVM. You must create one or more rules for the default export policy before clients can access data on the SVM.
You should verify that access is open to all NFS clients in the default export policy, and later restrict access to individual volumes by creating custom export policies for individual volumes or qtrees.
-
If you are using an existing SVM, check the default root volume export policy:
vserver export-policy rule showThe command output should be similar to the following:
cluster::> vserver export-policy rule show -vserver vs1.example.com -policyname default -instance Vserver: vs1.example.com Policy Name: default Rule Index: 1 Access Protocol: nfs Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0 RO Access Rule: any RW Access Rule: any User ID To Which Anonymous Users Are Mapped: 65534 Superuser Security Types: any Honor SetUID Bits in SETATTR: true Allow Creation of Devices: trueIf such a rule exists that allows open access, this task is complete. If not, proceed to the next step.
-
Create an export rule for the SVM root volume:
vserver export-policy rule create -vserver vserver_name -policyname default -ruleindex 1 -protocol nfs -clientmatch 0.0.0.0/0 -rorule any ‑rwrule any -superuser anyIf the SVM will only contain volumes secured by Kerberos, you can set the export rule options
-rorule,-rwrule, and-superuserfor the root volume tokrb5orkrb5i. For example:-rorule krb5i -rwrule krb5i -superuser krb5i -
Verify rule creation by using the
vserver export-policy rule showcommand.
Any NFS client can now access any volume or qtree created on the SVM.