what is the best way to limit nfs shares to two IPs in a cluster environment

chickenjoy · 06-11-2018, 07:51 AM

I have searched the interwebs but couldn't get a working answer.

I want to create a nfs share to only 2 hosts, which i can easily do by:

Code:

cat /etc/exports
/data 1.1.1.1(rw,sync,no_root_squash) 1.1.1.2(rw,sync,no_root_squash)

in a cluster environment; the above file is not utilized anymore and instead it options should be set inside a cluster resource. But I don't know how i can add that as a resource without the need to create 2 individual resource for each IP address. The following will allow all IPs in the same subnet but I only want 2 specific IPs access.

Code:

pcs resource create nfs-root exportfs \
clientspec=1.1.1.1/255.255.255.0 \
options=rw,sync,no_root_squash \
directory=/data \
fsid=0 --group clustergrp

Appreciate if you can share any information that can help me solve this.

MensaWater · 06-11-2018, 09:52 AM

This suggests you have to add two separate client spec resource lines - one for each IP (example is subnets).

Alternativekly you might be able to change the netmask to 255.255.255.254 if the IPs are consecutive as you show. That would limit it to 2 IPs allowed in that subnet. That is to say the subnet you use in the export doesn't necessarily have to match the subnet of the server to which you're exporting.

chickenjoy · 06-12-2018, 08:32 AM

Quote:

Originally Posted by MensaWater

This suggests you have to add two separate client spec resource lines - one for each IP (example is subnets).

Alternativekly you might be able to change the netmask to 255.255.255.254 if the IPs are consecutive as you show. That would limit it to 2 IPs allowed in that subnet. That is to say the subnet you use in the export doesn't necessarily have to match the subnet of the server to which you're exporting.

thanks i saw this post as well. its the closest solution.