Hi folks,
we have a problem with automatic NIM NFS Export for mksysb when using machines with alias IP ...
Our environment:
1 NIM Master
2 NIM Clients
-> One is Production System with 2 IP Adresses (1 IP Adress is an alias IP !) and one Backup System. When the Backup System becomes Production system the alias IP is removed from the former production system and given to the Backup System.
All Systems are at AIX 5.3 TL5 CSP.
NIM Clients are located in the DMZ.
All firewall restrictions have been removed between NIM Master and NIM Clients.
Problem:
The NIM mksysb on our production NIM Client fails because of
problems with the automatic NIM Master NFS export / NIM Client NFS
mount.
We tried to recreate the NFS export and mount manually with a
different directory for testing purposes and found out that the
problem has something to do with the alias IP of the production
system.
If we create the NFS export like this:
Hosts & netgroups allowed client access "real IP"
Hosts allowed root access "real IP"
the mount on the client fails with the following message:
mount: 1831-011 access denied for rznim:/export
mount: 1831-008 giving up on:
rznim:/export
The file access permissions do not allow the specified action.
However if we change the export settings to the following:
Hosts & netgroups allowed client access "real IP","alias IP"
Hosts allowed root access "real IP","alias IP"
Everything works fine.
But now we have 2 problems with that:
1) The alias IP can switch between Production and Backup System, so it is important that the NFS Export uses the real IP and not the alias IP.
2) We have no idea how to tell the internal NIM mksysb mechanisms
to create the NFS export using the alias IP instead of the real
IP.
An interesting fact is, that the have several other machines also
using an alias IP adress where the NIM mksysb is running without
any problems. But we can't make out any differences between the
systems configuration ...
Any ideas ?
Is there any way to create an NFS export using only the real IP ?
What else could we do ?
Regards Thomas
we have a problem with automatic NIM NFS Export for mksysb when using machines with alias IP ...
Our environment:
1 NIM Master
2 NIM Clients
-> One is Production System with 2 IP Adresses (1 IP Adress is an alias IP !) and one Backup System. When the Backup System becomes Production system the alias IP is removed from the former production system and given to the Backup System.
All Systems are at AIX 5.3 TL5 CSP.
NIM Clients are located in the DMZ.
All firewall restrictions have been removed between NIM Master and NIM Clients.
Problem:
The NIM mksysb on our production NIM Client fails because of
problems with the automatic NIM Master NFS export / NIM Client NFS
mount.
We tried to recreate the NFS export and mount manually with a
different directory for testing purposes and found out that the
problem has something to do with the alias IP of the production
system.
If we create the NFS export like this:
Hosts & netgroups allowed client access "real IP"
Hosts allowed root access "real IP"
the mount on the client fails with the following message:
mount: 1831-011 access denied for rznim:/export
mount: 1831-008 giving up on:
rznim:/export
The file access permissions do not allow the specified action.
However if we change the export settings to the following:
Hosts & netgroups allowed client access "real IP","alias IP"
Hosts allowed root access "real IP","alias IP"
Everything works fine.
But now we have 2 problems with that:
1) The alias IP can switch between Production and Backup System, so it is important that the NFS Export uses the real IP and not the alias IP.
2) We have no idea how to tell the internal NIM mksysb mechanisms
to create the NFS export using the alias IP instead of the real
IP.
An interesting fact is, that the have several other machines also
using an alias IP adress where the NIM mksysb is running without
any problems. But we can't make out any differences between the
systems configuration ...
Any ideas ?
Is there any way to create an NFS export using only the real IP ?
What else could we do ?
Regards Thomas