Krausmueller.de

NetApp vFiler DR with Data ONTAP Simulator Part 8: Create shares on vFiler

5 min read netapp

This article is part of a series.

In this article a CIFS and a NFS share are created. Unfortunately shares on a vFiler cannot be configured in OnCommand System Manager. Instead the console or SSH has to be used. SSH must be set up first in order to directly connect to the vFiler. You can do so from a session on the first simulator (netapp01). It is possible to run commands on the vFiler from here with vfiler run <name of the vFiler> <command>.

netapp01> vfiler run vfiler01 secureadmin setup ssh

===== vfiler01
SSH Setup
---------
Determining if SSH Setup has already been done before...no

SSH server supports both ssh1.x and ssh2.0 protocols.

SSH server needs two RSA keys to support ssh1.x protocol. The host key is
generated and saved to file /vol/vol_vfiler01/etc/sshd/ssh_host_key during setup. The server
key is re-generated every hour when SSH server is running.

SSH server needs a RSA host key and a DSA host key to support ssh2.0 protocol.
The host keys are generated and saved to /vol/vol_vfiler01/etc/sshd/ssh_host_rsa_key and
/vol/vol_vfiler01/etc/sshd/ssh_host_dsa_key files respectively during setup.

SSH Setup will now ask you for the sizes of the host and server keys.
 For ssh1.0 protocol, key sizes must be between 384 and 2048 bits.
 For ssh2.0 protocol, key sizes must be between 768 and 2048 bits.
 The size of the host and server keys must differ by at least 128 bits.

Please enter the size of host key for ssh1.x protocol [768] :
Please enter the size of server key for ssh1.x protocol [512] :
Please enter the size of host keys for ssh2.0 protocol [768] :

You have specified these parameters:
        host key size = 768 bits
        server key size = 512 bits
        host key size for ssh2.0 protocol = 768 bits
Is this correct? [yes]

Setup will now generate the host keys. It will take a minute.
After Setup is finished the SSH server will start automatically.

netapp01> Wed Feb 17 20:15:16 CET [vfiler01@netapp01:secureadmin.ssh.setup.passed:info]: SSH setup is done and ssh2 is enabled. Host keys are stored in /vol/vol_vfiler01/etc/sshd/ssh_host_key, /vol/vol_vfiler01/etc/sshd/ssh_host_rsa_key, and /vol/vol_vfiler01/etc/sshd/ssh_host_dsa_key.

netapp01> vfiler run vfiler01 secureadmin status

===== vfiler01
ssh2    - active
ssh1    - inactive

Now you can login to the vFiler via SSH and run commands. Of course you can also skip configuring SSH on the vFiler and run all commands with vfiler run … from the host running the vFiler (in this case netapp01).

The next step is to configure a CIFS share. If you haven’t already set up CIFS when creating the vFiler (see part 6) you have to do so now. In this series the vFiler is not joined to an active directory domain. Instead local users on the vFiler are used for permission to the shares (option 3 during the setup).

vfiler01@netapp01> cifs setup
....

This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]: n
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]: 1
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
        The default name for this CIFS server is 'VFILER'.
Would you like to change this name? [n]: n
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 3
What is the name of the Workgroup? [WORKGROUP]: WORKGROUP
CIFS - Starting SMB protocol...
        It is recommended that you create the local administrator account
        (VFILER01\administrator) for this filer.
Do you want to create the VFILER01\administrator account? [y]: y
Enter the new password for VFILER01\administrator:
Retype the password:
Welcome to the WORKGROUP Windows(R) workgroup
vfiler01@netapp01> Wed Feb 17 21:41:06 CET [vfiler01@netapp01:cifs.startup.local.succeeded:info]: CIFS: CIFS local server is running.

To access the share you can use VFILER01\administrator created a moment ago, or create a new user:

vfiler01@netapp01> useradmin user add user01 -g Guests
New password:
Retype new password:
User <user01> added.
vfiler01@netapp01> Wed Feb 17 21:49:18 CET [vfiler01@netapp01:useradmin.added.deleted:info]: The user 'user01' has been added.

After CIFS is set up the share can be configured. First you create a qtree and afterwards the share.

vfiler01@netapp01> qtree create /vol/vol_vfiler01/q_cifs
vfiler01@netapp01> qtree security /vol/vol_vfiler01/q_cifs ntfs
vfiler01@netapp01> qtree status
Volume   Tree     Style Oplocks  Status
-------- -------- ----- -------- ---------
vol_vfiler01          unix  enabled  normal
vol_vfiler01 q_cifs   ntfs  enabled  normal
vfiler01@netapp01> cifs shares -add cifs01 /vol/vol_vfiler01/q_cifs
vfiler01@netapp01> cifs shares
Name         Mount Point                         Description
----         -----------                         -----------
ETC$         /vol/vol_vfiler01/etc               Remote Administration
                        ** priv access only **
HOME         /vol/vol_vfiler01/home              Default Share
                        everyone / Full Control
C$           /                                   Remote Administration
                        ** priv access only **
cifs01       /vol/vol_vfiler01/q_cifs
                        everyone / Full Control

You can access the share via \\192.168.2.68\cifs01. In this series limiting the access rights to the share is not necessary. Everyone has full access.

To configure the NFS share a qtree is created as well. In this example the share is accessible from all hosts of the network 192.168.2.0/24.

vfiler01@netapp01> qtree create /vol/vol_vfiler01/q_nfs
vfiler01@netapp01> qtree security /vol/vol_vfiler01/q_cifs unix
vfiler01@netapp01> qtree status
Volume   Tree     Style Oplocks  Status
-------- -------- ----- -------- ---------
vol_vfiler01          unix  enabled  normal
vol_vfiler01 q_cifs   ntfs  enabled  normal
vol_vfiler01 q_nfs    unix  enabled  normal
vfiler01@netapp01> exportfs -p rw=192.168.2.0/24,root=192.168.2.0/24 /vol/vol_vfiler01/q_nfs
vfiler01@netapp01> exportfs
/vol/vol_vfiler01/q_nfs   -sec=sys,rw=192.168.2.0/24,root=192.168.2.0/24
/vol/vol_vfiler01 -sec=sys,rw,anon=0,nosuid

On a linux host you can now mount the NFS share.

hostname:~# mount 192.168.2.68:/vol/vol_vfiler01/q_nfs /media/cdrom

All articles of the series
Part 1: Download of the files needed
Part 2: Configuration of the first simulator
Part 3: Configuration of the second simulator
Part 4: Create an aggregate and volume
Part 5: DNS Configuration
Part 6: Create vFiler and configure vFiler DR
Part 7: Synchronous vFiler DR
Part 8: Create shares on vFiler
Part 9: Planned Failover
Part 10: Disaster Failover