For the record, TR-4067 covers export policies on page 27, if you’re interested.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

 

Hey,

 

here’s what I always do for new SVMs:

 

Add this rule to the default policy and only have this rule in it:

 

vserver export-policy rule create -vserver SVMNAME -policyname default -clientmatch 0/0 -rorule none -rwrule never  -protocol nfs -anon 65535 -allow-suid true -superuser none -allow-dev true

 

Add a new policy for the volume in question:

 

vserver export-policy create -vserver SVMNAME -policyname POLICYNAME

 

Add rules for each client which should have access to this volume:

 

vserver export-policy rule create -vserver SVMNAME -policyname POLICYNAME -protocol nfs -rorule any -rwrule any -superuser any -anon 0 -clientmatch CLIENTIPMASK

 

Best,

 

 

 

Hello,

 

We have an volume with an export policy applied:

 

volA = policy1

 

The policy has client match rules for the ESXi hosts.

 

However when we try and add this volume to an ESXi host we get an error saying mount request denied. 

 

If we add a rule to the default export policy within the same SVM the volume is then added without issue. 

 

Similarly if we apply ‘policy1’  to the root volume in the associated SVM we are able to mount ‘volA’ on the ESXi hosts.

 

Doesn’t this kind of defeat the object of having an export policy associated with the volume if the underlying root volume controls the export access? Or is this a bug?

 

We are running 9.1P1.

 

Thanks