This page provides instructions for how to connect NFSv3 clients.
Before you begin
Install NFS client tools based on your Linux distribution type to prepare your client:
RedHat
Run the following command:
sudo yum install -y nfs-utils
SuSe
Run the following command:
sudo yum install -y nfs-utils
Debian
Run the following command:
sudo apt-get install nfs-common
Ubuntu
Run the following command:
sudo apt-get install nfs-common
Volume access control using export policies
Volume access control in NFSv3 and NFSv4.1 is based on the client's IP address.
The volume's export policy contains export rules. Each rule is a comma-separated
list of IPs or network CIDRs which define Allowed Clients enabled to mount
the volume. A rule also defines the type of access the clients have such as
Read & Write or Read Only. As an additional security measure, NFS
servers remap access from root user (UID=0) to nobody (UID=65535), which
makes root an unprivileged user while accessing the files on the volume. When
you enable Root Access to On in the respective export rule, the root
user stays root. The order of export rules is relevant.
We recommend the following best practices for export policies:
Order the export rules from most specific to least specific.
Export only to the trusted clients, such as specific clients or CIDRs with the trusted clients.
Limit the root access to a small group of trusted administration clients.
| Rule | Allowed clients | Access | Root access | Description |
|---|---|---|---|---|
| 1 | 10.10.5.3,
10.10.5.9 |
Read & Write | On | Administration clients. Root user stays root and can manage
all the file permissions. |
| 2 | 10.10.5.0/24 | Read & Write | Off | All other clients from 10.10.5.0/24 network are allowed to mount,
but root access gets mapped to nobody. |
| 3 | 10.10.6.0/24 | Read-Only | Off | Another network is allowed to read data from the volume, but
no writes. |
After a client mounts a volume, the file level access determines what a user is allowed to do. For more information, see NFS file-level access control for UNIX-style volumes.
Connect NFSv3 clients
Use the following instructions to connect NFSv3 clients using either the Google Cloud console or Google Cloud CLI:
Console
Go to the NetApp Volumes page in the Google Cloud console.
Click Volumes.
Click Show more.
Select Mount instructions.
Follow the mount instructions shown in the Google Cloud console.
Identify the mount command and use the mount options unless your workload has specific mount option requirements. If your application doesn't use locks or you didn't configure your clients to enable NSM communication, we recommend that you add the
nolockmount option.
gcloud
Look up the mount instructions for a volume:
gcloud netapp volumes describe VOLUME_NAME \ --project=PROJECT_ID \ --location=LOCATION \ --format="value(mountOptions.instructions)"
Replace the following information:
VOLUME_NAME: the name of the volume.PROJECT_ID: the name of the project the volume is in.LOCATION: the location of the volume.
For more information on additional optional flags, see Google Cloud SDK documentation on volumes.
Connect Linux to LDAP
If you are using NFSv3 extended groups, you might need to configure your client to use Active Directory as LDAP name service for user and group information as well. Use the following resources to configure LDAP:
What's next
Connect NFSv4.1 clients.