I have installed and used showmount plug-in in the past.But it does not work on new cluster and SVM'sI guess I forgeting a step..I am asuming it is using ssh/http/https connection?I see a difference in the ports between working and notAm I correct? Do I need to enable some services? Now working PORT STATE SERVICE 111/tcp open rpcbind2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
Working PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind443/tcp open https2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt" network interface show -firewall-policy mgmt
Why and How it happened I have no idea?Can someone recommend if that is right?How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes iluhes@yahoo.com wrote:
I have installed and used showmount plug-in in the past.But it does not work on new cluster and SVM'sI guess I forgeting a step..I am asuming it is using ssh/http/https connection?I see a difference in the ports between working and notAm I correct? Do I need to enable some services? Now working PORT STATE SERVICE 111/tcp open rpcbind2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
Working PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind443/tcp open https2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
You don't use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
data
dns allow 0.0.0.0/0
http deny 0.0.0.0/0
https deny 0.0.0.0/0
mountd deny 0.0.0.0/0
ndmp allow 0.0.0.0/0
ntp deny 0.0.0.0/0
rsh deny 0.0.0.0/0
snmp deny 0.0.0.0/0
ssh deny 0.0.0.0/0
telnet deny 0.0.0.0/0
10 entries were displayed.
::> firewall policy show -policy mgmt
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
mgmt
dns allow 0.0.0.0/0
http allow 0.0.0.0/0
https allow 0.0.0.0/0
mountd allow 0.0.0.0/0
ndmp allow 0.0.0.0/0
ntp allow 0.0.0.0/0
rsh deny 0.0.0.0/0
snmp allow 0.0.0.0/0
ssh allow 0.0.0.0/0
telnet deny 0.0.0.0/0
10 entries were displayed.
Vserver management LIF should use data protocol of "none" and a firewall policy of "mgmt".
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data"This is what I wrote in previous email it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt" network interface show -firewall-policy mgmt
Why and How it happened I have no idea? SVM for NFS has one LIF: should it be considered "Data" or "mgmt"Why one setup has at mgmt and one for data?I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" Justin.Parisi@netapp.com wrote:
You don’t use data LIFs for showmount plugin. You use a vserver management LIF for it. Management LIFs use management firewall policies, which allow http/https/ssh traffic. ::> firewall policy show -policy data (system services firewall policy show)Policy Service Action IP-List---------------- ---------- ------ --------------------data dns allow 0.0.0.0/0 http deny 0.0.0.0/0 https deny 0.0.0.0/0 mountd deny 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp deny 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp deny 0.0.0.0/0 ssh deny 0.0.0.0/0 telnet deny 0.0.0.0/010 entries were displayed. ::> firewall policy show -policy mgmt (system services firewall policy show)Policy Service Action IP-List---------------- ---------- ------ --------------------mgmt dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 mountd allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet deny 0.0.0.0/010 entries were displayed. Vserver management LIF should use data protocol of “none” and a firewall policy of “mgmt”. HTTP/HTTPS is needed to run the ZAPI calls for the tool. From: Iluhes iluhes@yahoo.com Reply-To: Iluhes iluhes@yahoo.com Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.net" Toasters@teaparty.net Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt" network interface show -firewall-policy mgmt
Why and How it happened I have no idea?Can someone recommend if that is right?How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes iluhes@yahoo.com wrote:
I have installed and used showmount plug-in in the past.But it does not work on new cluster and SVM'sI guess I forgeting a step..I am asuming it is using ssh/http/https connection?I see a difference in the ports between working and notAm I correct? Do I need to enable some services? Now working PORT STATE SERVICE 111/tcp open rpcbind2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
Working PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind443/tcp open https2049/tcp open nfs4045/tcp open lockd10000/tcp open snet-sensor-mgmt
Only way it happens is if you create it that way or change it. :)
It's fine to leave it as is, provided you are ok with opening up those ports on your data LIFs (and to share traffic with HTTP/HTTPS).
If you want more security, create a vserver management LIF and use that for showmount.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 8:12 PM To: Justin Parisi <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com>, "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data" This is what I wrote in previous email
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
SVM for NFS has one LIF: should it be considered "Data" or "mgmt" Why one setup has at mgmt and one for data? I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote:
You don't use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- data dns allow 0.0.0.0/0 http deny 0.0.0.0/0 https deny 0.0.0.0/0 mountd deny 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp deny 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp deny 0.0.0.0/0 ssh deny 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
::> firewall policy show -policy mgmt (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- mgmt dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 mountd allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
Vserver management LIF should use data protocol of "none" and a firewall policy of "mgmt".
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
The only real difference between “mgmt” and “data” is default firewall policy associated with interface. You can always create custom policy and assign it to interface to fine tune it. The real question is - which ports need to open on LIF.
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Iluhes Sent: Wednesday, March 04, 2015 4:13 AM To: Parisi, Justin; Toasters Subject: Re: showmount plugin for CMOD
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data" This is what I wrote in previous email
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
SVM for NFS has one LIF: should it be considered "Data" or "mgmt" Why one setup has at mgmt and one for data? I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote:
You don’t use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- data dns allow 0.0.0.0/0 http deny 0.0.0.0/0 https deny 0.0.0.0/0 mountd deny 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp deny 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp deny 0.0.0.0/0 ssh deny 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
::> firewall policy show -policy mgmt (system services firewall policy show) Policy Service Action IP-List ---------------- ---------- ------ -------------------- mgmt dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 mountd allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh deny 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet deny 0.0.0.0/0 10 entries were displayed.
Vserver management LIF should use data protocol of “none” and a firewall policy of “mgmt”.
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Reply-To: Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> Date: Tuesday, March 3, 2015 at 6:44 PM To: "Toasters@teaparty.netmailto:Toasters@teaparty.net" <Toasters@teaparty.netmailto:Toasters@teaparty.net> Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea? Can someone recommend if that is right? How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.commailto:iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past. But it does not work on new cluster and SVM's I guess I forgeting a step.. I am asuming it is using ssh/http/https connection? I see a difference in the ports between working and not Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE 111/tcp open rpcbind 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 2049/tcp open nfs 4045/tcp open lockd 10000/tcp open snet-sensor-mgmt
-
Borzenkov, Andrei -
Iluhes -
Parisi, Justin