Re: showmount plugin for CMOD

You don't use data LIFs for showmount plugin.

You use a vserver management LIF for it.

Management LIFs use management firewall policies, which allow http/https/ssh traffic.

::> firewall policy show -policy data

(system services firewall policy show)

Policy Service Action IP-List

---------------- ---------- ------ --------------------

data

dns allow 0.0.0.0/0

http deny 0.0.0.0/0

https deny 0.0.0.0/0

mountd deny 0.0.0.0/0

ndmp allow 0.0.0.0/0

ntp deny 0.0.0.0/0

rsh deny 0.0.0.0/0

snmp deny 0.0.0.0/0

ssh deny 0.0.0.0/0

telnet deny 0.0.0.0/0

10 entries were displayed.

::> firewall policy show -policy mgmt

(system services firewall policy show)

Policy Service Action IP-List

---------------- ---------- ------ --------------------

mgmt

dns allow 0.0.0.0/0

http allow 0.0.0.0/0

https allow 0.0.0.0/0

mountd allow 0.0.0.0/0

ndmp allow 0.0.0.0/0

ntp allow 0.0.0.0/0

rsh deny 0.0.0.0/0

snmp allow 0.0.0.0/0

ssh allow 0.0.0.0/0

telnet deny 0.0.0.0/0

10 entries were displayed.

Vserver management LIF should use data protocol of "none" and a firewall policy of "mgmt".

HTTP/HTTPS is needed to run the ZAPI calls for the tool.

From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD

it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under

network interface show -firewall-policy data

And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"

network interface show -firewall-policy mgmt

Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?

On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:

I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?

Now working

PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt

Working

PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt