Only way it happens is if you create it that way or change it. :)
It's fine to leave it as is, provided you are ok with opening up those ports on your data LIFs (and to share traffic with HTTP/HTTPS).
If you want more security, create a vserver management LIF and use that for showmount.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 8:12 PM To: Justin Parisi <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com>, "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data" This is what I wrote in previous email
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
SVM for NFS has one LIF: should it be considered "Data" or "mgmt" Why one setup has at mgmt and one for data? I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote:
You don't use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- data dns allow 0.0.0.0/0 http deny 0.0.0.0/0 https deny 0.0.0.0/0 mountd deny 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp deny 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp deny 0.0.0.0/0 ssh deny 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
::> firewall policy show -policy mgmt (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- mgmt dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 mountd allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
Vserver management LIF should use data protocol of "none" and a firewall policy of "mgmt".
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt