Dell Unity:使用 Netgroup 的 NFS 主機無法連線至 NFS 共用。(Dell 可修正)
Summary: NFS 主機無法透過「Netgroup」連線至 Unity NFS 共用,但 NFS 在使用明確的 Unity NAS Server IP 位址或主機名稱時可正常運作,不會發生任何問題。當相同的主機嘗試透過「netgroup」連線至 Unity NFS 共用時,會導致伺服器沒有回應:RPC: 逾時且無法存取 NFS 共用
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
在將 Unity 升級至 Unity 版本後實作 netgroups: 4.0.1.8404134
NFS 主機無法透過「netgroups」存取 Unity NFS 共用。 相同的 NFS 主機可透過 Unity NAS Server IP 位址或透過 Unity NAS Server 的「主機名稱」直接連接至 Unity NFS 共用,但是,如果相同的 NFS 主機嘗試透過「netgroup」連接至 Unity NAS Server NFS 共用,則會導致無法存取 Unity NFS 共用。
Unity Unisphere GUI 的「警示」區段中會出現警示:「為 NAS 伺服器設定的網路資訊服務 (NIS) 無法提供使用者對應資訊,且未回應。檢查NIS伺服器的可用性,並確保用於伺服器的功能變數名稱和位址準確無誤。
可透過 Unity CLI 檢視和觀察到類似的警示:21:08:58 root@(none) spa:/home/service> uemcli /event/alert/hist show
Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
1: ID = alert_804
Time = 2016-09-26 21:07:59.088
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
2: ID = alert_803
Time = 2016-09-26 21:07:44.102
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
3: ID = alert_802
Time = 2016-09-26 21:07:29.174
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
檢查 rpc.d 是否正在 Unity NAS 伺服器上執行,表示 rpc.mountd, rpc,nfsd, 和 rpc.portmapper 正在運行。root@spa:/cores/service>/sbin/rpcinfo -p 10.#.#.##
program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100003 4 tcp 2049 nfs
100005 1 udp 1234 mountd
100005 2 udp 1234 mountd
100005 3 udp 1234 mountd
100005 1 tcp 1234 mountd
100005 2 tcp 1234 mountd
100005 3 tcp 1234 mountd
100003 3 tcp 2049 nfs
100021 4 tcp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 2 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100024 1 tcp 4000 status
100003 3 udp 2049 nfs
100021 4 udp 4001 nlockmgr
100021 1 udp 4001 nlockmgr
100021 2 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100024 1 udp 4000 status
536870914 2 tcp 4658
536870914 2 udp 4658
824395111 1 udp 39850
824395111 1 tcp 50600
102660 1 tcp 37185
102660 1 udp 52008
同樣,從 NFS 主機檢查指向 Unity NAS 伺服器的「rpc.d」狀態時,也指出rpc.mountd, rpc,nfsd, 和 rpc.portmapper 正在 Unity NAS 伺服器上執行bash-2.03# rpcinfo -p 10.#.#.#0
program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100003 4 tcp 2049 nfs
100005 1 udp 1234 mountd
100005 2 udp 1234 mountd
100005 3 udp 1234 mountd
100005 1 tcp 1234 mountd
100005 2 tcp 1234 mountd
100005 3 tcp 1234 mountd
100003 3 tcp 2049 nfs
100021 4 tcp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 2 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100024 1 tcp 4000 status
100003 3 udp 2049 nfs
100021 4 udp 4001 nlockmgr
100021 1 udp 4001 nlockmgr
100021 2 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100024 1 udp 4000 status
536870914 2 tcp 4658
536870914 2 udp 4658
824395111 1 udp 39850
824395111 1 tcp 50600
102660 1 tcp 37185
102660 1 udp 52008
NFS 主機可透過 Unity 的 IP 位址和 Unity NAS Server 主機名稱成功連接 (掛接) 至 Unity NAS Server NFS 共用,但在使用者嘗試透過「netgroup」將 NFS 主機連接至 Unity NAS 共用後失敗並顯示: bash-2.03# showmount -e 10.#.#.#0
export list for 10.#.#.#0:
/steventestfs (everyone)
stevetestshare (everyone)
/tejasshare n#-e###-a##,10.#.#.##1/255.255.255.255,10.#.#.##/255.255.255.255
bash-2.03# mount 10.#.#.#0:/tejasshare /mwtest/
nfs mount: 10.#.#.#0:/tejasshare: server not responding : RPC: Timed out
nfs mount: retrying: /mwtest
nfs mount: 10.#.#.#0:/tejasshare: server not responding : RPC: Timed out
Cause
Unity 以「host.byaddr」的形式丟棄合法的 YP MATCH 回應。 Unity 使用嚴格的內部「防火牆」,該防火牆會丟棄網路數據包。 當 NIS 伺服器的來源連接埠使用不同的連接埠值,而不是它在「PORTMAP」要求中傳回的連接埠值時,Unity NAS Server 容器不允許 NIS 伺服器傳送資料報。
Unity 的預設內部防火牆原則為 如果沒有匹配的規則,則刪除。因此,任何隨機埠都非常符合“-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT”規則。
Resolution
目前正在開發 Unity 軟體修正程式。目前正在透過 AR 編號 858778 進行追蹤。請聯絡 Dell-EMC 技術支援部門,以取得「程式碼修正」的更新資訊。
與此同時,我們有一個解決方法。 因應措施需要變更 IP 鏈。
連線至 Unity,然後注入 Root。
在客戶方塊新增規則以接受來自 NIS 伺服器的任何 UDP 封包。 添加規則后,NIS 應該可以工作。這不是一個真正的永久解決方案,而是一個解決方法,檢查AR編號858778軟體修復。
若要新增:iptables -A IN_DATA -p udp -s <ip address of the NIS server> -j ACCEPT
對每個 NIS 伺服器 IP 位址執行上述命令,然後您可以確認 netgroup 正常工作,然後可以執行以下命令進行刪除。
若要刪除:iptables -D IN_DATA -p udp -s <ip address of the NIS server> -j ACCEPT
範例: root@spa:/cores/service>iptables -S IN_DATA
-N IN_DATA
-A IN_DATA -p tcp -m tcp --dport 445 -j ACCEPT
....
-A IN_DATA -i eve_br0 -p udp -m multiport --dports 22 -j ACCEPT
-A IN_DATA -s 10.#.#.##/32 -p udp -j ACCEPT
-A IN_DATA -s 10.#.#.##/32 -p udp -j ACCEPT
Affected Products
Dell EMC Unity FamilyProducts
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity FamilyArticle Properties
Article Number: 000055193
Article Type: Solution
Last Modified: 17 Feb 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.