Skip to main content
Pure Technical Services

Configuring Automatic Directory Policies For NFS Datastores

Currently viewing public documentation. Please login to access the full scope of documentation.

KP_Ext_Announcement.png

In order to enable virtual machine (VM) granular management and reporting with FlashArray-backed NFS datastores on vSphere, automatic directory (autodir) policies can be created on a FlashArray. This allows each VM to be backed by it's own managed directory visible to the FlashArray it resides on.

Requirements

Recommended Reading

Depending on the needs of the deployment and environment, follow either the GUI or CLI steps. Currently, CLI steps are required for autodir deployments so the GUI section also has a couple of CLI steps.

Because automatic directory polices can create and destroy objects without intervention on the FlashArray, reviewing the limits document for FA File is a recommended step. The row worth consideration in this context is Managed Directories per array.

FlashArray GUI Steps

FlashArray GUI Steps

The first step is to create a new file system (or use an existing one). In the FlashArray UI, navigate to Storage > File Systems and clock on the plus sign to create a new File System.

clipboard_e55de6ed79e004e71a55736c8cfcfb116.png

Next, give it a friendly name and optionally choose a pod to put it in. A file system should go into a pod if it is desired to enable replication for the file system now or in the future. A file system can only go into a fully empty pod or one with a file system already in it.

clipboard_e2515aaf030cdbe8110f5e01ab90a2a88.png

You may choose to export this entire file system or subdivide it into separate exports. To sub-divide, continue on. To export the entire file system, skip to the next section.

To subdivide a file system, create a new directory on it. Click the plus sign in the Directories panel. 

clipboard_e55123a8f3134b5a9314126bf64ed1e7d.png

Choose a file system, a name, and a path. The path and name do not have to be the same.

clipboard_ec77dbc9f09ba6c107be9f08fab5336ad.png

The next step is to create an export policy. There is a default policy that can be used or you can create your own. To create your own, click on the Policies tab and click the plus sign in the Export Policies panel.

clipboard_eb41f7e3fe8795891e3a6c28042fa053b.png

Give the policy a name, a type, and optionally a pod if you want this policy to be able to be applied to exports in a certain pod.

clipboard_e5ae4046bdff7ab3975df0ac76644ab77.png

Click on the export policy and then click on the plus sign in the Rules panel.

ExportPolicyRules1.png

This input requires a few things:

  1. Client. Enter in the IPs, CIDR, domain suffix or range of ESXi vmkernel addresses you want to be able to access anything through this policy. Default configuration is anything (an asterisk).
  2. Access. VMware NFS requires no-root-squash.
  3. Permission. Read/Write or Read Only. Choose one depending on the use case (backup or running VMs). To create and run VMs, make it RW.

ExportPolicyRules2.png

The next step is to associate the policy with a directory so the directory can be mounted. Click on the Members panel under the policy or under File Systems > Directory Export click the plus sign. Either option will provide this feature.

clipboard_e7fde83b874cec677bd64ddfb58897bdb.png

Choose the directory and give it an export name. This is what VMware will use to mount and address the datastore.

clipboard_e6bc8501013feadd75880c4dbe0a64090.png

 

 

Next, connect to the FlashArray for command line interface (CLI) access via SSH with an array admin account. Create a new autodir policy with the desired policy name (ad-test-policy in this example). 

pureuser@flasharray-x50-1> purepolicy autodir create ad-test-policy
Name            Type     Enabled
ad-test-policy  autodir  True

Map the autodir policy from the previous step to the directory in the file system from the first step.

pureuser@flasharray-x50-1> purepolicy autodir add --dir VMware-FS01:root ad-test-policy
Name            Type     Member            Member Type
ad-test-policy  ad-test  VMware-FS01:root  directory

FlashArray CLI Steps

FlashArray CLI Steps

Connect to the FlashArray for command line interface (CLI) access via SSH with an array admin account. Create the file system with the desired name (ad-test in this example):

pureuser@flasharray-x50-1> purefs create ad-test
Name     Created
ad-test  2023-04-14 10:18:31 PDT

Create an NFS policy so that the file system that was just created can be connected to the hosts with the desired export name (ad-test-export in this example). 

pureuser@flasharray-x50-1> purepolicy nfs create ad-test-export
Name            Type  Enabled  User Mapping Enabled
ad-test-export  nfs   True     True

This command can vary based on the deployment. For NFS on vSphere, VMware requires no root squash (--no-root-squash). Specific to this example, read and write access (--rw) for any host that connects to the FA File virtual interface (*) are the rules being added.

Choose read/write or read-only depending on the use case. To create and run VMs, set it to --rw. If the use doesn't need read/write access (like backups), --ro is an option.

Host access to this NFS directory is controlled through the --client option. Enter in the IPs, CIDR, domain suffix or range of ESXi vmkernel addresses that should be able to access anything through this policy. Default configuration is anything (*).

pureuser@flasharray-x50-1> purepolicy nfs rule add ad-test-export --no-root-squash --rw --client *
Name  Policy          Client  Access          Permission  Anonuid  Anongid
r_72  ad-test-export  *       no-root-squash  rw          65534    65534

Next, map the directory export rule modified in the previous step to the directory in the file system from the first step. The :root after the file system name indicates the directory level desired to map the export rule to; in this case, the root directory (/).

pureuser@flasharray-x50-1> purepolicy nfs add ad-test-export --dir ad-test:root --export-name ad-test
Name            Type  Member        Member Type  Export Name
ad-test-export  nfs   ad-test:root  directory    ad-test

Create a new autodir policy with the desired policy name (ad-test-policy in this example).

pureuser@flasharray-x50-1> purepolicy autodir create ad-test-policy
Name            Type     Enabled
ad-test-policy  autodir  True

Map the autodir policy from the previous step to the directory in the file system from the first step.

pureuser@flasharray-x50-1> purepolicy autodir add --dir ad-test:root ad-test-policy
Name            Type     Member        Member Type
ad-test-policy  ad-test  ad-test:root  directory

OPTIONAL: If quotas are desired for the file system just created, create a quota policy with the desired quota name (ad-test-quota in this example).

pureuser@flasharray-x50-1> purepolicy quota create ad-test-quota
Name           Type   Enabled
ad-test-quota  quota  True

OPTIONAL: Set the rules for the quota created in the previous step.

pureuser@flasharray-x50-1> purepolicy quota rule add ad-test-quota --quota-limit 214748364800 --enforced
Name  Policy         Quota Limit  Notifications  Enforced
r_3   ad-test-quota  200.00G      none           True

OPTIONAL: Map the quota created earlier to the autodir enabled directory.

pureuser@flasharray-x50-1> purepolicy quota add --dir ad-test:root ad-test-quota
Name           Type   Member        Member Type
ad-test-quota  quota  ad-test:root  directory