nfs export question

Hi, I have a couple ideas for you ...  Also, when you file system enabled your bucket, what name did you use for default bucket group?  In my recommendations below, I'll assume you used the name defaultgroup1.  By specifying the default bucket group name at time of bucket creation, a "custom group" acl is created on that bucket that we can use to map anongid in your mount command.

In ECS, under the the File configuration menu, you'll see a user/group mapping button.  This is where you can map your Unix user and group id to the object user and group in ECS.  Lets assume your object user name is objectuser1.  You can then use these names in your export configuration so that the mapping will take place when you mount the export anonymously using anonid ang anongid.  I think this is what we should try first.  So in your user/group mapping, create a user mapping of the bucket owner objectuser1 to a unix user id (for example lets use 10000) and then also create a group mapping to the defaultgroup1 and group id 20000.  Then, go back to your export and edit the AnonUser (objectuser1), AnonGroup (defaultgroup1) and RootSquash (objectuser1).  Also, set the Authentication to Sys.

Once all this is done, you can try your mount again and specify the anonuid, anongid.  Not sure if you have an option to set sec=sys (maybe only needed when mounting from windows box)?

Give that a shot and let me know how things shake out.

-Ben

This is good information. I've completed all the steps for ecs. Do you know the syntax for the mount command in linux. I keep getting an incorrect mount option error. For the life of me I can't get these options to work either manually or in the fstab file.

Can you post the commands you've tried thus far so I can see what you're doing?

-Ben

Let me start by saying I'm new to Linux. My background is in windows. I'm also new to NFS. I tell you this so you don't gloss over something you assume I know about.

I'm pretty confused at this point, but I'll try to tell you everything I've done.

I've tried manually mounting with various options. I've done some searching on the web to find the options and I now understand the anonuid and anongid aren't client options. At least I think that's the case.

So that's why this command was getting invalid option error. I also tried various combinations of these options in the fstab file.

mount -t nfs -v -o vers=3,rw,anonuid=nfsuser01,anongid=nfsgroup1 10.44.236.56:/ns001/bucket001/test/ /nfsshare/

I moved on to only options I know exist and I came up with this command.

mount -t nfs -v -o vers=3,rw 10.44.236.56:/ns001/bucket001/test/ /nfsshare

I get an access denied error on this one. I did more looking online.

I found information on this file /etc/idmapd.conf so I commented out these lines and changed the user info to match the information in ecs.

[Mapping]

Nobody-User = nfsuser01

Nobody-Group = nfsgroup1

Still got an access denied error.

I tried changing the passwd file from

nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

to this:

nfsuser01:x:65534:65534:Anonymous NFS nfsuser01:/var/lib/nfs:/sbin/nologin

and I tried this as well:

nfsuser01:x:10000:20000:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

I got the same access denied and I'm not really sure what I'm doing in this file but I feel like I'm on to something here.

I'd like to point out the I'm using the vers=3 option because when I leave that out it tells me that it's not a supported version. I really think I'm not fully understanding how the permissions work.

I too am also a Windows guy and much less familiar with Linux ...  However, I have been able to get the NFS stuff working pretty consistently so I'm confident we'll get you up and running.

Yes, you must specify NFS version 3 when mounting exports configured in ECS.  You don't need to modify idmapd.conf or passwd files.  We should be able to mount the export by simply passing command line arguments.

In my testing this morning, I did encounter an error when trying to mount an empty sub folder.  Once I placed an object into the sub folder (using Cyberduck), I was then able to mount the sub folder successfully.  Can you try creating/mounting at the bucket level first?

Here's what my exports look like:

[root@localhost april]# showmount -e 10.1.89.51

Export list for 10.1.89.51:

/ben_namespace/ben_bucket_nfs2       *

/ben_namespace/ben_bucket_nfs        *

/ben_namespace/ben_bucket_april      *

/ben_namespace/ben_bucket_nfs4       *

/ben_namespace/ben_bucket_nfs3       *

/ben_namespace/ben_bucket_april/sub1 *

/ben_namespace/ben_gotham_nfs        *

And here is my mount command:

[root@localhost sub1]# mount -t nfs -o sec=sys -o vers=3 -o proto=tcp 10.1.83.51:/ben_namespace/ben_bucket_april /mnt/april

After the mount is created, I can switch to that directory (/mnt/april) and create a text file in that directory, read the data back and show permissions on the file.  As you can see, it's picking up my anonuid and anongid from my export configuration in ECS.  I mapped my object user to 10000 and my default bucket group to 1001.

[root@localhost april]# echo "test data in file from centos." > test.txt

[root@localhost april]# cat test.txt

test data in file from centos.

[root@localhost april]# ls -la

total 2

drwxrwxrwx. 3 10000 10001 96 Apr 18 12:26 .

drwxrw-rwx. 3 10000 10001 96 Apr 18 11:40 sub1

-rw-r--r--. 1 10000 10001 31 Apr 18 12:26 test.txt

Can you try this and let me know if it works?

-Ben

I'm going over the settings again and this is how my bucket is configured. Is this group correct? Is there anyway you could share some screen shots of your working configuration?

Ok so this is where I am at.

I noticed that in your post that when you ran the showmount command it return the path followed by a * also I was using the user and group names in the export instead of the ID number. The later was probably the cause of my problems.

I recreated my export using the ID number and a wildcard for the export host. It looks like my attachment.

So now I run the following command and it mounts! I add the rw option to it because when I try to do anything inside the share I get permission denied.

Here's what that looks like.

[root@ric1pdvcsmgt02 /]# mount -t nfs -o sec=sys,vers=3,proto=tcp,rw 10.44.236.56:/ns1/nfsbucket /nfsshare/

[root@ric1pdvcsmgt02 /]# cd /nfsshare/

[root@ric1pdvcsmgt02 nfsshare]# ls -al

total 1

drwx---rwx. 3 bin 2147483647 96 Apr 18 13:00 .

-rwxrwx---. 1 bin      20000  0 Apr 18 12:59 file.txt

[root@ric1pdvcsmgt02 nfsshare]# cat file.txt

cat: file.txt: Permission denied

Am I using the right option in the rootsquash field? Any idea what I'm missing here?

Can you also send a screenshot of your user/group mappings?  By looking at your ls -la command results, I think you're missing the correct user mapping.  You'll want to map the object user that is the bucket owner to 10000.  When you run ls -la, you should be seeing 10000 in the listing for uid.

-Ben

How do I map the bucket owner to the 10000 ID. I thought nfs users and object users were different. I don't have a nfsuser01 account created as an object user.

So are saying that I need to create a nfsuser01 under the users tab and make that the bucket owner. Then create the nfsuser with the same name and map it to 10000?

Or, like you mentioned, create a new object user nfsuser01, create and new bucket and make that user the owner.  Then, create another export for that namespace that uses the new bucket and try to mount it.

I still can't get this to work. I've been able to mount the export but when I try to create a file I get permission denied. I know I'm missing something small here. Could you do me a favor and basically write the steps, maybe even screenshot the pages? I've tried to do it from scratch and these are the steps I'm doing.

1. Create an object user named nfs_user. I generate a s3 password for this user.

2. Create a bucket named nfs_bucket and make nfs_user the owner. I also enable file system. I put a group that hasn't been defined anywhere named nfs_group and assign it read, write and execute. I make the retention 1 second.

3. I go to file --> user/ group mapping and create a new user with the same name as the object user I created earlier and assign it an id of 30001

4. I go to file --> user/ group mapping and create a new group with the same name as the group I used earlier during bucket creation and assign it an id of 30002

5. I go to file --> exports and create a new export. I select the nfs_bucket I created in step 2.

6. I add an export host. I add * to the export host field, I select Read/Write for permissions, I select Sys for authentication, I allow mounting directories for anonuser I enter the nfs_user id I created of 30001, for anongroup I add the nfs_group id I created of 30002 and for rootsquash I add the nfs_user id of 30001.

At this point I would expect it to be working. I go to the linux client and run this.

[root@localhost /]# showmount -e 10.44.236.56

Export list for 10.44.236.56:

/ns1/test_nfs   *

/ns1/nfs_bucket *

/ns1/nfs_test2  *

[root@localhost /]# mount -t nfs -o vers=3,sec=sys,proto=tcp 10.44.236.56:/ns1/nfs_bucket /nfsshare/

[root@localhost /]# ls -al /nfsshare/

total 1

drwxrwxrwx. 3 30001 30002 96 Apr 20 10:36 .

[root@localhost /]# touch /nfsshare/file1

touch: cannot touch ‘/nfsshare/file1’: Permission denied

[root@localhost /]#

What step am I missing here?

Everything looks okay except your export host should look like this:

If you still have permissions after changing the AnonUser, AnonGroup and RootSquash, can you try mounting just to your bucket instead of down into a sub directory?  So your mount command would be mount -t nfs -o vers=3,sec=sys,proto=tcp 10.44.236.56:/ns1/nfs_bucket

So check this out. I changed the users and groups in my export to the name instead of the ID and now I can create directories but I get this weird I/O error when I try and put a file in there.

[root@localhost /]# mount -t nfs -o vers=3,sec=sys,proto=tcp,async 10.44.236.56:/ns1/nfs_bucket /nfsshare/

[root@localhost /]# cd /nfsshare/

[root@localhost nfsshare]# ls -al

total 1

drwxrwxrwx. 3 30001 30002 96 Apr 20 18:00 .

[root@localhost nfsshare]# mkdir test_dir

[root@localhost nfsshare]# touch test_file

touch: cannot touch ‘test_file’: Remote I/O error

[root@localhost nfsshare]# ls -al

total 1

drwxrwxrwx. 3 30001 30002 96 Apr 20 18:02 .

drwxr-xr-x. 3 30001 30002 96 Apr 20 18:02 test_dir

Also I am mounting the nfs_bucket. The last part "/nfsshare/" is the location I'm mounting to.

Any ideas on the I/O error?

Hmm ...  I'm starting to run out of ideas.  Did you chmod 777 nfsshare before running the mount command?  After you run the mount command, don't create and sub directories.  Instead, try to just echo 'test data in test file' > test.txt right in the root of /nfsshare.  Then, run ls -la.  Finally, run cat text.txt.  Can you paste all that back to me so I can see?

-Ben