Add NFS Security operation

<operation-name>

Specifies the name of the operation: append-export-rule

Yes

<arguments>

Specifies a list of arguments that is required for this operation

Yes

<targets>

Contains the parent XML element for the <target> element, which specifies the dynamic targets

Conditional; required if the adapter configuration is empty in Grid Manager

<target>

Contains the child XML <targets> element, which specifies the dynamic targets

Using dynamic targets, you can define connection information for a remote host in an adapter request. This capability enables you to configure an adapter in Grid Manager by specifying configuration information in an adapter request.

This XML element can have <host>, <user-name>, <password>, <protocol>, and <port> as its child elements.

Conditional; required if <targets> is present in the adapter request

<host>

Specifies the host name or IP address of the server on which NetApp DataFabric Manager is running

Conditional; required if <targets> is present in the adapter request

<user-name>

Specifies the user name required to log on to the NetApp DataFabric Manager

Conditional; required if <targets> is present in the adapter request

<password>

Specifies the password that corresponds to the <user-name>

The <password> element can contain an encryption-type attribute. The encryption-type attribute indicates whether the password specified is encrypted.

Valid values for encryption-type attribute: Base64, Plain (default)

Conditional; required if <targets> is present in the adapter request

<protocol>

Specifies the communication protocol used by the adapter

Valid values: http (default), https

No

<port>

Specifies the port on which NetApp DataFabric Manager is enabled

Default values: 8088 (http), 8488 (https)

No

<target>

Specifies the child XML element of the <arguments> element

You can use this element to specify the connection information for a DFM server. You can use a comma-separated list of configuration names, which executes the request simultaneously on all DFM servers identified by the configuration names.

Valid values:

• The values specified for the <target> XML element must be the same as the values that have been specified for the name attribute of the <config> element in the Grid Manager adapter configuration.
• You can provide "ALL" as the value. In this case, the request is executed on all the DFM servers defined in the Grid Manager adapter configuration.
• You can specify multiple comma-separated names to allow for simultaneous execution of requests across multiple DFM servers.
• You can skip this element. In this case, the request is executed on the first defined Grid Manager adapter configuration.
• You can leave this element empty. In this case, the request is executed on the first defined Grid Manager adapter configuration.

  Note

  If you specify a request-level dynamic target by using <targets>, the request ignores this element.

No

<target-host>

Specifies the hostname or IP of the target storage or filer

Yes

<persistent>

Modifies the etc/exports file to append the rule for a permanent change (The new rule still takes effect immediately)

Valid values: true, false (default)

No

<verbose>

Returns a list of directories that were appended

Errors during the append are recorded in the 'results' field error and 'loaded-pathnames' contain the pathnames that are successfully appended.

Valid values: true, false (default)

No

<actual-pathname>

Specifies the pathname inside of the filer that is being exported

The default for this is the value in the <pathname>.

No

<pathname>

Specifies the directory name or file to export

Yes

<anonymous-access-user>

All hosts with this user-id or user name have root access to this directory

No

<disable-setuid>

Causes the server file system to silently ignore any attempt to enable the setuid or setgid mode bits.

Valid values: true, false (default)

No

<read-only>

Specifies an array of hostnames, which only have read privileges for all the security flavors found in the sec-flavor list

No

<read-write>

Species an array of hostnames, which have read and write privileges for all the security flavors found in the sec-flavor list

Any hostname in read-only must not be in read-write also. By default, if no read-only or read-write hosts are given, then read-write contains a hostname of all-hosts.

No

<root>

Specifies an array of hostnames, which have roots with the read-write or read-only privileges

No

<exports-hostname-info>

Specifies the structure containing information pertaining to a host

No

<all-hosts>

Provides access rights for this rule to all the hosts

A hostname of 'all-hosts' must exist as the only non-negated element in a hostname array. Valid values: true, false (default)

No

<name>

A hostname can be in ONE of the following formats

If <all-hosts> is TRUE, the name must not have a value.

machine-name: Alphanumeric string based on DNS.
netgroup: Alphanumeric string describing a group of machine names

• IP: An IPV4 address in dotted decimal format AAA.BBB.CCC.DDD
• IPv6: An IPv6 address in RFC 2732 format [AAAA:BBBB::GGGG]
• IPv4 subnet: [network] subnet [netmask] netmask
• IPv4/v6-subnet: IP/numbits.
  
  The IP is a subnet number and the numbits specifies the size of the subnet by the number of leading bits of the netmask.
• dns: A DNS domain. An alphanumeric starting with a '.'

No

<negate>

Specifies whether to apply the rule to every host apart from the current rule

Used most commonly when adding a group minus a few hosts. Valid values: true, false (default)

No

<sec-flavor>

Contains the list of security flavors

No

<sec-flavor-info>

Specifies a list of possible security flavors this rule supports

Default security: sys

No

<flavor>

Represents one security flavor

Current possible values can be found using the nfs-get-supported-sec-flavors operation.

Valid values: none, sys, Krb5, Krb5i, Krb5p

No