Nutanix NFS can be exported to a non-nutanix NFS client on different subnet.
1. Whitelist NFS datastore onNutanix
ncli> cluster add-to-nfs-whitelist ip-subnet-masks=10.1.59.210/255.
where 10.1.59.210 is non-Nutanix NFS client.
2. Verify that NFS datastore exported correctly - run this command on Nutanix Controller VM
showmount -e
Export list for TEST-13SM35190018-1-CVM:
/TEST-CTR1 10.3.177.28,10.3.177.27,10.3.177.26,10.3.177.25,10.1.59.210/255.255.255.255,192.168.5.0/255.255.255.128
3. Nutanix Centos is stig compliant, we have iptables to prevent accessing Nutanix CVM from another subnet. So here are the iptable rules to allow NFS access. Run these commands on Controller VM ( this is needed only if Nutanix CVM and NFS client are in
different subnets)
Open Port mapper:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 111 -j ACCEPT"; done
Open NFS/Mountd port:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 2049 -j ACCEPT"; done
Save the rules:
sudo iptables-save
/etc/init.d/iptables save
4. Mount it on remote .210 client (NFS client)
10.1.59.210:~$ sudo mount 10.3.177.29:/TEST-CTR1 /mnt
esxi: esxcfg-nas -a -o 10.3.1.177.29 -s /TEST-CTR1 NTNX-Datastore
5. This KB might be useful as well
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007352
1. Whitelist NFS datastore onNutanix
ncli> cluster add-to-nfs-whitelist ip-subnet-masks=10.1.59.210/255.
where 10.1.59.210 is non-Nutanix NFS client.
2. Verify that NFS datastore exported correctly - run this command on Nutanix Controller VM
showmount -e
Export list for TEST-13SM35190018-1-CVM:
/TEST-CTR1 10.3.177.28,10.3.177.27,10.3.177.26,10.3.177.25,10.1.59.210/255.255.255.255,192.168.5.0/255.255.255.128
3. Nutanix Centos is stig compliant, we have iptables to prevent accessing Nutanix CVM from another subnet. So here are the iptable rules to allow NFS access. Run these commands on Controller VM ( this is needed only if Nutanix CVM and NFS client are in
different subnets)
Open Port mapper:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 111 -j ACCEPT"; done
Open NFS/Mountd port:
for i in `svmips`; do ssh $i "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 2049 -j ACCEPT"; done
Save the rules:
sudo iptables-save
/etc/init.d/iptables save
4. Mount it on remote .210 client (NFS client)
10.1.59.210:~$ sudo mount 10.3.177.29:/TEST-CTR1 /mnt
esxi: esxcfg-nas -a -o 10.3.1.177.29 -s /TEST-CTR1 NTNX-Datastore
5. This KB might be useful as well
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007352
No comments:
Post a Comment