Tuesday, June 11, 2013

Access Nutanix NFS from a different NFS client

Nutanix NFS can be exported to a non-nutanix NFS client on different subnet.

1. Whitelist NFS datastore onNutanix 

ncli> cluster add-to-nfs-whitelist  ip-subnet-masks=10.1.59.210/255.255.255.255

where 10.1.59.210 is non-Nutanix NFS client.

2. Verify that NFS datastore exported correctly - run this command on Nutanix Controller VM

showmount -e
Export list for TEST-13SM35190018-1-CVM:
/TEST-CTR1 10.3.177.28,10.3.177.27,10.3.177.26,10.3.177.25,10.1.59.210/255.255.255.255,192.168.5.0/255.255.255.128


3. Nutanix Centos is stig compliant, we have iptables to prevent accessing Nutanix CVM from another subnet. So here are the iptable rules to allow NFS access. Run these commands on Controller VM ( this is needed only if Nutanix CVM and NFS client are in
different subnets)
Open Port mapper:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 111  -j ACCEPT"; done
Open NFS/Mountd port:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 2049 -j ACCEPT"; done
Save the rules:

sudo iptables-save
 /etc/init.d/iptables save

4. Mount it on remote .210 client (NFS client) 

10.1.59.210:~$ sudo mount 10.3.177.29:/TEST-CTR1 /mnt
esxi: esxcfg-nas -a  -o 10.3.1.177.29 -s /TEST-CTR1 NTNX-Datastore

5. This KB might be useful as well

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007352