dancaps
1 Copper

nfs export question

Can someone please explain why this isn't working?

I created a file export in my ecs ui with the following options

Export Path: /ns1/nfsbucket/

Under export host options i did this:

Export host: IP of the client

Permissions: Read/Write

Write Transfer Policy: Sync

Authentication: I didn't select anything here

Mounting Directories: Allow

AnonUser: blank

AnonGroup: blank

RootSquash: blank


From my client I get this:

[nfsclient ~]$ showmount -e ecsnode

Export list for ecsnode:

/ns1/nfsbucket ecsnode

[nfsclient ~]$ sudo mount -t nfs -o vers=3 -o rw,async ecsnode:/ns1/nfsbucket/ /nfsshare/

mount.nfs: access denied by server while mounting ecsnode:/ns1/nfsbucket/

I feel like I'm missing where I should link the user to the bucket. Does anyone have any good setup instructions for mounting nfs?

Tags (2)
0 Kudos
25 Replies

Re: nfs export question

Hi, I have a couple ideas for you ...  Also, when you file system enabled your bucket, what name did you use for default bucket group?  In my recommendations below, I'll assume you used the name defaultgroup1.  By specifying the default bucket group name at time of bucket creation, a "custom group" acl is created on that bucket that we can use to map anongid in your mount command.

In ECS, under the the File configuration menu, you'll see a user/group mapping button.  This is where you can map your Unix user and group id to the object user and group in ECS.  Lets assume your object user name is objectuser1.  You can then use these names in your export configuration so that the mapping will take place when you mount the export anonymously using anonid ang anongid.  I think this is what we should try first.  So in your user/group mapping, create a user mapping of the bucket owner objectuser1 to a unix user id (for example lets use 10000) and then also create a group mapping to the defaultgroup1 and group id 20000.  Then, go back to your export and edit the AnonUser (objectuser1), AnonGroup (defaultgroup1) and RootSquash (objectuser1).  Also, set the Authentication to Sys.

Once all this is done, you can try your mount again and specify the anonuid, anongid.  Not sure if you have an option to set sec=sys (maybe only needed when mounting from windows box)?

Give that a shot and let me know how things shake out.

-Ben

0 Kudos
dancaps
1 Copper

Re: nfs export question

This is good information. I've completed all the steps for ecs. Do you know the syntax for the mount command in linux. I keep getting an incorrect mount option error. For the life of me I can't get these options to work either manually or in the fstab file.

0 Kudos

Re: nfs export question

Can you post the commands you've tried thus far so I can see what you're doing?

-Ben

0 Kudos
dancaps
1 Copper

Re: nfs export question

Let me start by saying I'm new to Linux. My background is in windows. I'm also new to NFS. I tell you this so you don't gloss over something you assume I know about.

I'm pretty confused at this point, but I'll try to tell you everything I've done.

I've tried manually mounting with various options. I've done some searching on the web to find the options and I now understand the anonuid and anongid aren't client options. At least I think that's the case.

So that's why this command was getting invalid option error. I also tried various combinations of these options in the fstab file.

mount -t nfs -v -o vers=3,rw,anonuid=nfsuser01,anongid=nfsgroup1 10.44.236.56:/ns001/bucket001/test/ /nfsshare/

I moved on to only options I know exist and I came up with this command.

mount -t nfs -v -o vers=3,rw 10.44.236.56:/ns001/bucket001/test/ /nfsshare

I get an access denied error on this one. I did more looking online.


I found information on this file /etc/idmapd.conf so I commented out these lines and changed the user info to match the information in ecs.

[Mapping]

Nobody-User = nfsuser01

Nobody-Group = nfsgroup1

Still got an access denied error.

I tried changing the passwd file from

nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

to this:

nfsuser01:x:65534:65534:Anonymous NFS nfsuser01:/var/lib/nfs:/sbin/nologin

and I tried this as well:

nfsuser01:x:10000:20000:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

I got the same access denied and I'm not really sure what I'm doing in this file but I feel like I'm on to something here.

I'd like to point out the I'm using the vers=3 option because when I leave that out it tells me that it's not a supported version. I really think I'm not fully understanding how the permissions work.

0 Kudos

Re: nfs export question

I too am also a Windows guy and much less familiar with Linux ...  However, I have been able to get the NFS stuff working pretty consistently so I'm confident we'll get you up and running.


Yes, you must specify NFS version 3 when mounting exports configured in ECS.  You don't need to modify idmapd.conf or passwd files.  We should be able to mount the export by simply passing command line arguments.

In my testing this morning, I did encounter an error when trying to mount an empty sub folder.  Once I placed an object into the sub folder (using Cyberduck), I was then able to mount the sub folder successfully.  Can you try creating/mounting at the bucket level first?

Here's what my exports look like:

[root@localhost april]# showmount -e 10.1.89.51

Export list for 10.1.89.51:

/ben_namespace/ben_bucket_nfs2       *

/ben_namespace/ben_bucket_nfs        *

/ben_namespace/ben_bucket_april      *

/ben_namespace/ben_bucket_nfs4       *

/ben_namespace/ben_bucket_nfs3       *

/ben_namespace/ben_bucket_april/sub1 *

/ben_namespace/ben_gotham_nfs        *

And here is my mount command:

[root@localhost sub1]# mount -t nfs -o sec=sys -o vers=3 -o proto=tcp 10.1.83.51:/ben_namespace/ben_bucket_april /mnt/april

After the mount is created, I can switch to that directory (/mnt/april) and create a text file in that directory, read the data back and show permissions on the file.  As you can see, it's picking up my anonuid and anongid from my export configuration in ECS.  I mapped my object user to 10000 and my default bucket group to 1001.

[root@localhost april]# echo "test data in file from centos." > test.txt

[root@localhost april]# cat test.txt

test data in file from centos.

[root@localhost april]# ls -la

total 2

drwxrwxrwx. 3 10000 10001 96 Apr 18 12:26 .

drwxrw-rwx. 3 10000 10001 96 Apr 18 11:40 sub1

-rw-r--r--. 1 10000 10001 31 Apr 18 12:26 test.txt

Can you try this and let me know if it works?

-Ben

0 Kudos
dancaps
1 Copper

Re: nfs export question

Ok so this is where I am at.

I noticed that in your post that when you ran the showmount command it return the path followed by a * also I was using the user and group names in the export instead of the ID number. The later was probably the cause of my problems.

I recreated my export using the ID number and a wildcard for the export host. It looks like my attachment.

ecs.JPG.jpg

So now I run the following command and it mounts! I add the rw option to it because when I try to do anything inside the share I get permission denied.

Here's what that looks like.

[root@ric1pdvcsmgt02 /]# mount -t nfs -o sec=sys,vers=3,proto=tcp,rw 10.44.236.56:/ns1/nfsbucket /nfsshare/

[root@ric1pdvcsmgt02 /]# cd /nfsshare/

[root@ric1pdvcsmgt02 nfsshare]# ls -al

total 1

drwx---rwx. 3 bin 2147483647 96 Apr 18 13:00 .

-rwxrwx---. 1 bin      20000  0 Apr 18 12:59 file.txt

[root@ric1pdvcsmgt02 nfsshare]# cat file.txt

cat: file.txt: Permission denied

Am I using the right option in the rootsquash field? Any idea what I'm missing here?

0 Kudos
dancaps
1 Copper

Re: nfs export question

I'm going over the settings again and this is how my bucket is configured. Is this group correct? Is there anyway you could share some screen shots of your working configuration?

ecs.JPG.jpg

0 Kudos

Re: nfs export question

Can you also send a screenshot of your user/group mappings?  By looking at your ls -la command results, I think you're missing the correct user mapping.  You'll want to map the object user that is the bucket owner to 10000.  When you run ls -la, you should be seeing 10000 in the listing for uid.

-Ben

0 Kudos
dancaps
1 Copper

Re: nfs export question

How do I map the bucket owner to the 10000 ID. I thought nfs users and object users were different. I don't have a nfsuser01 account created as an object user.

mappings.JPG.jpg

bucket.JPG.jpg

So are saying that I need to create a nfsuser01 under the users tab and make that the bucket owner. Then create the nfsuser with the same name and map it to 10000?

0 Kudos