The only real difference between “mgmt” and “data” is default firewall policy associated with interface. You can always create custom policy and assign it to interface to fine tune it. The real question is - which ports need to open on LIF.
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Iluhes Sent: Wednesday, March 04, 2015 4:13 AM To: Parisi, Justin; Toasters Subject: Re: showmount plugin for CMOD
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data" This is what I wrote in previous email
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
SVM for NFS has one LIF: should it be considered "Data" or "mgmt" Why one setup has at mgmt and one for data? I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote:
You don’t use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- data dns allow 0.0.0.0/0 http deny 0.0.0.0/0 https deny 0.0.0.0/0 mountd deny 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp deny 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp deny 0.0.0.0/0 ssh deny 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
::> firewall policy show -policy mgmt (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- mgmt dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 mountd allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
Vserver management LIF should use data protocol of “none” and a firewall policy of “mgmt”.
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt