Adding a Client

Prerequisites

• You have obtained required data for configuring an NFS share.
• You have configured a DNS server or added the storage and service plane to an LDAP/NIS domain in advance if you want to add a client whose Type is Host and use a domain name. For details, see Configuring a DNS Server, Configuring an LDAP Domain, and Configuring an NIS Domain.
• You have created a network group name available on the LDAP or NIS server if you need to add a client whose Type is Network group.
• You have refreshed the cache of all storage nodes if you need to add a client whose Type is Network group. The CLI command for refreshing the cache is as follows:

  change nas_protocol ops lsid=0 module_name=auth cmd_str=update_namesrv_cache string_val0=?

Procedure

1. Choose Resources > Resources > Share > NFS Share.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click More on the right of a desired NFS share and select Add Client.

   The Add Client page is displayed.

   

   You can also click the path of the desired NFS share. On the page that is displayed, click Add in the Permission area.

4. Set client properties.

   Table 1 describes related parameters.

   Table 1 Client parameters

   Parameter	Description
   Type	Client type of the NFS share. NOTE: When a client is included in multiple share permissions, the priority of share authentication from high to low is in the following sequence: host name > IP address > network segment > wildcard > network group > *.
   Name or IP Address	When Type is set to Host, enter client host names (FQDNs are recommended), IP addresses, or IP address segments, or use the asterisk (*) to represent IP addresses of all clients. When Type is set to Network group, enter the network group names configured in the LDAP or NIS domain. NOTE: You can enter multiple host names, IP addresses, or network group names separated by semicolons (;), spaces, or carriage returns. A host name: Contains 1 to 255 letters, including letters, digits, hyphens (-), periods (.), and underscores (_). Must start with a letter or digit and cannot end with a hyphen (-) or underscore (_). Cannot contain a combination of a period and underscore (_. or ._), a combination of a period and hyphen (-. or .-), consecutive periods (..), or pure digits. For IP addresses: You can enter client IP addresses, client IP address segments, or an asterisk (*) to represent IP addresses of all clients. IPv4 addresses, IPv6 addresses, or the combination of IPv4 and IPv6 addresses are supported. The mask of an IPv4 address ranges from 1 to 32. The prefix of an IPv6 address ranges from 1 to 128. A network group name: Contains 1 to 254 characters. The value can contain only letters, digits, underscores (_), periods (.), and hyphens (-).
   UNIX Permission Level	Permission level for the UNIX client to access the NFS share. Possible options are: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
   Kerberos5 Permission	Permission level for the Kerberos5 client to access the NFS share. Possible options are: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
   Kerberos5i Permission	Permission level for the Kerberos5i client to access the NFS share. Possible options are: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.
   Kerberos5p Permission	Permission level for the Kerberos5p client to access the NFS share. Possible options are: Read-only: The client can only read files in the share. Read/Write: The client can read and write files in the share. None: No operation is allowed on the share. This parameter applies only to the scenario where the NFS Kerberos service is configured. NOTE: When a share is created for the audit log namespace, you cannot set the permission to Read/Write.

5. Modify advanced client parameters. Click Advanced.
   Table 2 describes related parameters.

   Table 2 Advanced client parameters

   Parameter	Description
   Write Mode	How the system writes data onto disks. Synchronous: The system writes data onto disks instantly. Asynchronous: The system writes data to the cache first. The asynchronous write mode delivers higher write performance. However, if the client and a mount node fail at the same time, data may be lost. NOTE: This parameter is displayed only when at least one of UNIX Permission Level, Kerberos5 Permission, Kerberos5i Permission, and Kerberos5p Permission is set to Read/Write.
   Permission Constraint	Whether to retain the user ID (UID) and group ID (GID) of a shared directory. all_squash: The UID and GID of a shared directory are mapped to user nobody, which is applicable to public directories. no_all_squash: retains the UID and GID of a shared directory.
   root Permission Constraint	Controls the root permission of the clients. root_squash: does not allow the clients to access the share as user root. Otherwise, the client will be mapped as an anonymous user. no_root_squash: allows the clients to access the share as user root that has full control and access permissions for shared directories. NOTE: If a VM needs to be created in the NFS share, select no_root_squash. Otherwise, the VM may run abnormally.
   Source Port Verification Constraint	Whether to enable source port verification. secure: allows the clients to access the NFS share using ports 1 to 1023. insecure: allows the clients to access the NFS share using any port.

6. Click OK.