透過 SmartConnect 掛接 NFSv4 別名 區域名稱失敗,並顯示 mount.nfs:不允許操作。
Riepilogo: 透過 SmartConnect 完整網域名稱掛接 NFSv4 別名失敗,並顯示 mount.nfs:不允許操作。
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
在極端情況下,透過 SmartConnect 完整網域名稱 (FQDN) 掛接 NFSv4 別名失敗,並顯示「mount.nfs:不允許操作」。
NFSv4 用戶端掛載 NFS 匯出完整資料路徑時沒有此類問題。
NFSv4 Kerberos 用戶端掛接具有 Kerberos 安全性類型 (krb5 | krb5i | krb5p) 的 NFS 匯出則沒有此類問題。
NFSv3 用戶端沒有此類問題。
下面是實驗室重現中的一個範例:
- nfs 用戶端已使用有效的 gss 工單進行 kerberos。
- 建立僅限 Unix 規格的 NFS 匯出,並建立資料路徑的 NFS 別名。
- 透過 FQDN:Alias 搭配 NFSv4 使用 gss 用戶端掛接
tcr-1# isi nfs settings global view NFS Service Enabled: Yes NFSv3 Enabled: Yes NFSv3 RDMA Enabled: No NFSv4 Enabled: Yes v4.0 Enabled: Yes v4.1 Enabled: No v4.2 Enabled: No Rquota Enabled: No
tcr-1# isi nfs aliases list Zone Name Path ---------------------------------- System /aliases01 /ifs/data/pod-db ---------------------------------- Total: 1
tcr-1# isi nfs exports view 5 ID: 5 Zone: System Paths: /ifs/data/pod-db Description: Clients: - Root Clients: - Read Only Clients: - Read Write Clients: - All Dirs: No Block Size: 8.00k Can Set Time: Yes Case Insensitive: No Case Preserving: Yes Chown Restricted: No Commit Asynchronous: No Directory Transfer Size: 128.00k Encoding: DEFAULT Link Max: 32767 Map Lookup UID: No Map Retry: Yes Map Root Enabled: False User: nobody Primary Group: - Secondary Groups: - Map Non Root Enabled: False User: nobody Primary Group: - Secondary Groups: - Map Failure Enabled: False User: nobody Primary Group: - Secondary Groups: - Map Full: Yes Max File Size: 8192.00P Name Max Size: 255 No Truncate: No Read Only: No Readdirplus: Yes Readdirplus Prefetch: 10 Return 32Bit File IDs: No Read Transfer Max Size: 1.00M Read Transfer Multiple: 512 Read Transfer Size: 128.00k Security Type: unix Setattr Asynchronous: No Snapshot: - Symlinks: Yes Time Delta: 1.0 ns Write Datasync Action: datasync Write Datasync Reply: datasync Write Filesync Action: filesync Write Filesync Reply: filesync Write Unstable Action: unstable Write Unstable Reply: unstable Write Transfer Max Size: 1.00M Write Transfer Multiple: 512 Write Transfer Size: 512.00k
透過 SC 區域 (FQDN) 掛接 NFS 別名失敗,並顯示「不允許操作」:
[root@centos8test ~] mount -t nfs -o vers=4 tcr-nfs.gz.local:/aliases01 /mnt/test -vvvv mount.nfs: timeout set for Wed Apr 10 10:19:32 2024 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.1.64,clientaddr=192.168.1.41' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.1.64,clientaddr=192.168.1.41' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,addr=192.168.1.64,clientaddr=192.168.1.41' mount.nfs: mount(2): Operation not permitted mount.nfs: Operation not permitted掛接相同的 NFS 匯出完整資料路徑有效:
[root@centos8test ~]# mount -t nfs -o vers=4 tcr-nfs.gz.local:/ifs/data/pod-db /mnt/test -vvvv mount.nfs: timeout set for Wed Apr 10 10:23:46 2024 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.1.66,clientaddr=192.168.1.41' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.1.66,clientaddr=192.168.1.41' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,addr=192.168.1.66,clientaddr=192.168.1.41' [root@centos8test ~]# nfsstat -m /mnt/test from tcr-nfs.gz.local:/ifs/data/pod-db Flags: rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.41,local_lock=none,addr=192.168.1.66
Causa
從擷取到的網路追蹤來看,PowerScale OneFS 節點不會回覆 SECINFO 呼叫 的值 ,但實際上目標匯出UNIX_AUTH風格。
$ tshark -r nfsv4-gss.pcap -Y frame.number==196 -O nfs Frame 196: 194 bytes on wire (1552 bits), 194 bytes captured (1552 bits) Ethernet II, Src: VMware_9b:17:92 (00:50:56:9b:17:92), Dst: VMware_9b:f4:2b (00:50:56:9b:f4:2b) Internet Protocol Version 4, Src: 192.168.1.64, Dst: 192.168.1.41 Transmission Control Protocol, Src Port: 2049, Dst Port: 960, Seq: 2493, Ack: 3217, Len: 128 Remote Procedure Call, Type:Reply XID:0xc95e46e7 Network File System [Program Version: 4] [V4 Procedure: COMPOUND (1)] GSS Data, Ops(2): PUTFH SECINFO Length: 36 GSS Sequence Number: 3 Status: NFS4_OK (0) Tag: <EMPTY> length: 0 contents: <EMPTY> Operations (count: 2) Opcode: PUTFH (22) Status: NFS4_OK (0) Opcode: SECINFO (33) Status: NFS4_OK (0) Flavors Info no values [Main Opcode: SECINFO (33)] GSS Checksum: 0000001c040405ffffffffff000000000014cf198b8963d34b9f04f3a39b04fc GSS Token Length: 28 GSS-API Generic Security Service Application Program Interface krb5_blob: 040405ffffffffff000000000014cf198b8963d34b9f04f3a39b04fc krb5_tok_id: KRB_TOKEN_CFX_GetMic (0x0404) krb5_cfx_flags: 0x05, AcceptorSubkey, SendByAcceptor .... .1.. = AcceptorSubkey: Set .... ..0. = Sealed: Not set .... ...1 = SendByAcceptor: Set krb5_filler: ffffffffff krb5_cfx_seq: 1363737 krb5_sgn_cksum: 8b8963d34b9f04f3a39b04fc在此 nfsv4 別名掛接案例中發現 NFS 缺陷 PSCALE-219044。
Risoluzione
工程部門正在調查根本原因,並確定修正應能解決所有問題。
PowerScale OneFS Isilon 端尚無因應措施,若要解決此問題,請在用戶端手動新增「sys」掛接選項。
PowerScale OneFS Isilon 端尚無因應措施,若要解決此問題,請在用戶端手動新增「sys」掛接選項。
Proprietà dell'articolo
Numero articolo: 000224305
Tipo di articolo: Solution
Ultima modifica: 23 mag 2024
Versione: 2
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.