This is one of the more common issues we see when troubleshooting NFS access.  The SVM root volume needs read access to the host for traverse.  I would create a root policy with read any and none for read/write and none for superuser as part of your SVM creation.  You could allow read to 0.0.0.0/0 for all hosts since only specific hosts will have access to volumes mounted to root, or allow specific hosts or a subnet...whatever makes sense for security.

Also, if using LS mirrors for SVM root protection (I prefer using DP if there is a snapmirror license) then make sure to update the LS mirrors so clients get the updated permission.


From: Daniel Taylor <Daniel_Taylor@ajg.com>
To: "toasters@teaparty.net" <toasters@teaparty.net>
Sent: Wednesday, April 5, 2017 6:20 AM
Subject: NFS Export Policy

Hello,
 
We have an volume with an export policy applied:
 
volA = policy1
 
The policy has client match rules for the ESXi hosts.
 
However when we try and add this volume to an ESXi host we get an error saying mount request denied. 
 
If we add a rule to the default export policy within the same SVM the volume is then added without issue. 
 
Similarly if we apply ‘policy1’  to the root volume in the associated SVM we are able to mount ‘volA’ on the ESXi hosts.
 
Doesn’t this kind of defeat the object of having an export policy associated with the volume if the underlying root volume controls the export access? Or is this a bug?
 
We are running 9.1P1.
 
Thanks
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters