Dell Unity:利用网络组的 NFS 主机无法连接到 NFS 共享。(戴尔可纠正)
Summary: NFS 主机无法通过“网络组”连接到 Unity NFS 共享,但是,在使用显式 Unity NAS 服务器 IP 地址或主机名时,NFS 正常工作,没有问题。当相同的主机尝试通过“网络组”连接到 Unity NFS 共享时,这会导致服务器无响应:RPC: 超时并失去对 NFS 共享的访问权限
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
将 Unity 升级到 Unity 版本后实施的网络组: 4.0.1.8404134
NFS 主机无法通过“netgroups”访问 Unity NFS 共享。 同一 NFS 主机能够通过 Unity NAS 服务器 IP 地址或通过 Unity NAS 服务器“主机名”直接连接到 Unity NFS 共享,但是,如果同一 NFS 主机尝试通过“网络组”连接到 Unity NAS 服务器 NFS 共享,则会导致无法访问 Unity NFS 共享。
警报将显示在 Unity Unisphere GUI 的“alerts”部分中:“为 NAS 服务器配置的网络信息服务 (NIS) 无法提供用户映射信息,并且没有响应。请检查 NIS 服务器的可用性,并确保用于服务器的域名和地址准确无误。”
可以通过 Unity CLI 查看和观察到类似的警报:21:08:58 root@(none) spa:/home/service> uemcli /event/alert/hist show
Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
1: ID = alert_804
Time = 2016-09-26 21:07:59.088
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
2: ID = alert_803
Time = 2016-09-26 21:07:44.102
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
3: ID = alert_802
Time = 2016-09-26 21:07:29.174
Message = NAS server n125d061: There is no NIS server on-line for the domain nb-engr.
Description = "The Network Information Service (NIS) configured for the NAS server was unable to provide user mapping information and is not responding. Check the availability of the NIS server, and ensure that the domain name and addresses used for the server are accurate."
Severity = error
Acknowledged = no
检查 rpc.d 是否在 Unity NAS 服务器上运行,表明 rpc.mountd, rpc,nfsd, 和 rpc.portmapper 正在运行。root@spa:/cores/service>/sbin/rpcinfo -p 10.#.#.##
program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100003 4 tcp 2049 nfs
100005 1 udp 1234 mountd
100005 2 udp 1234 mountd
100005 3 udp 1234 mountd
100005 1 tcp 1234 mountd
100005 2 tcp 1234 mountd
100005 3 tcp 1234 mountd
100003 3 tcp 2049 nfs
100021 4 tcp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 2 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100024 1 tcp 4000 status
100003 3 udp 2049 nfs
100021 4 udp 4001 nlockmgr
100021 1 udp 4001 nlockmgr
100021 2 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100024 1 udp 4000 status
536870914 2 tcp 4658
536870914 2 udp 4658
824395111 1 udp 39850
824395111 1 tcp 50600
102660 1 tcp 37185
102660 1 udp 52008
从 NFS 主机(指向 Unity NAS 服务器)对“rpc.d”状态的类似检查也表明rpc.mountd, rpc,nfsd, 和 rpc.portmapper 正在 Unity NAS 服务器上运行bash-2.03# rpcinfo -p 10.#.#.#0
program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100003 4 tcp 2049 nfs
100005 1 udp 1234 mountd
100005 2 udp 1234 mountd
100005 3 udp 1234 mountd
100005 1 tcp 1234 mountd
100005 2 tcp 1234 mountd
100005 3 tcp 1234 mountd
100003 3 tcp 2049 nfs
100021 4 tcp 4001 nlockmgr
100021 1 tcp 4001 nlockmgr
100021 2 tcp 4001 nlockmgr
100021 3 tcp 4001 nlockmgr
100024 1 tcp 4000 status
100003 3 udp 2049 nfs
100021 4 udp 4001 nlockmgr
100021 1 udp 4001 nlockmgr
100021 2 udp 4001 nlockmgr
100021 3 udp 4001 nlockmgr
100024 1 udp 4000 status
536870914 2 tcp 4658
536870914 2 udp 4658
824395111 1 udp 39850
824395111 1 tcp 50600
102660 1 tcp 37185
102660 1 udp 52008
NFS 主机能够通过 Unity 的 IP 地址和 Unity NAS 服务器主机名成功连接(装载)到 Unity NAS 服务器 NFS 共享,但在用户尝试通过“netgroup”将 NFS 主机连接到 Unity NAS 共享后,它失败并显示: bash-2.03# showmount -e 10.#.#.#0
export list for 10.#.#.#0:
/steventestfs (everyone)
stevetestshare (everyone)
/tejasshare n#-e###-a##,10.#.#.##1/255.255.255.255,10.#.#.##/255.255.255.255
bash-2.03# mount 10.#.#.#0:/tejasshare /mwtest/
nfs mount: 10.#.#.#0:/tejasshare: server not responding : RPC: Timed out
nfs mount: retrying: /mwtest
nfs mount: 10.#.#.#0:/tejasshare: server not responding : RPC: Timed out
Cause
Unity 以“host.byaddr”的形式删除 Legal YP MATCH 响应。 Unity 利用严格的内部“防火墙”来丢弃网络数据包。 当 NIS 服务器对其源端口使用的端口值与在“PORTMAP”请求中返回的端口值不同时,Unity NAS 服务器容器不允许 NIS 服务器发送数据报。
Unity 的默认内部防火墙策略是 如果没有匹配的规则,则丢弃。因此,任何随机端口都与“-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT”规则非常匹配。
Resolution
目前正在开发 Unity 软件修复程序。当前通过 AR 编号 858778 进行跟踪。有关“代码修复”的更新,请联系 Dell-EMC 技术支持。
同时,我们有一个解决方法。 该解决方法需要更改 IP 链。
连接到 Unity,然后注入 Root。
在客户框中添加规则,以接受来自 NIS 服务器的任何 UDP 数据包。 添加规则后,NIS 应该可以正常工作。这并不是一个真正的永久解决方案,而是一种解决方法,请检查 AR 编号858778以进行软件修复。
要添加:iptables -A IN_DATA -p udp -s <ip address of the NIS server> -j ACCEPT
为每个 NIS 服务器 IP 地址执行上述命令,然后您可以确认网络组正常工作,然后可以运行以下命令进行删除。
要删除:iptables -D IN_DATA -p udp -s <ip address of the NIS server> -j ACCEPT
示例: root@spa:/cores/service>iptables -S IN_DATA
-N IN_DATA
-A IN_DATA -p tcp -m tcp --dport 445 -j ACCEPT
....
-A IN_DATA -i eve_br0 -p udp -m multiport --dports 22 -j ACCEPT
-A IN_DATA -s 10.#.#.##/32 -p udp -j ACCEPT
-A IN_DATA -s 10.#.#.##/32 -p udp -j ACCEPT
Affected Products
Dell EMC Unity FamilyProducts
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity FamilyArticle Properties
Article Number: 000055193
Article Type: Solution
Last Modified: 17 Feb 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.