Can someone please explain why this isn't working?
I created a file export in my ecs ui with the following options
Export Path: /ns1/nfsbucket/
Under export host options i did this:
Export host: IP of the client
Write Transfer Policy: Sync
Authentication: I didn't select anything here
Mounting Directories: Allow
From my client I get this:
[nfsclient ~]$ showmount -e ecsnode
Export list for ecsnode:
[nfsclient ~]$ sudo mount -t nfs -o vers=3 -o rw,async ecsnode:/ns1/nfsbucket/ /nfsshare/
mount.nfs: access denied by server while mounting ecsnode:/ns1/nfsbucket/
I feel like I'm missing where I should link the user to the bucket. Does anyone have any good setup instructions for mounting nfs?
Hi, I have a couple ideas for you ... Also, when you file system enabled your bucket, what name did you use for default bucket group? In my recommendations below, I'll assume you used the name defaultgroup1. By specifying the default bucket group name at time of bucket creation, a "custom group" acl is created on that bucket that we can use to map anongid in your mount command.
In ECS, under the the File configuration menu, you'll see a user/group mapping button. This is where you can map your Unix user and group id to the object user and group in ECS. Lets assume your object user name is objectuser1. You can then use these names in your export configuration so that the mapping will take place when you mount the export anonymously using anonid ang anongid. I think this is what we should try first. So in your user/group mapping, create a user mapping of the bucket owner objectuser1 to a unix user id (for example lets use 10000) and then also create a group mapping to the defaultgroup1 and group id 20000. Then, go back to your export and edit the AnonUser (objectuser1), AnonGroup (defaultgroup1) and RootSquash (objectuser1). Also, set the Authentication to Sys.
Once all this is done, you can try your mount again and specify the anonuid, anongid. Not sure if you have an option to set sec=sys (maybe only needed when mounting from windows box)?
Give that a shot and let me know how things shake out.
This is good information. I've completed all the steps for ecs. Do you know the syntax for the mount command in linux. I keep getting an incorrect mount option error. For the life of me I can't get these options to work either manually or in the fstab file.
Let me start by saying I'm new to Linux. My background is in windows. I'm also new to NFS. I tell you this so you don't gloss over something you assume I know about.
I'm pretty confused at this point, but I'll try to tell you everything I've done.
I've tried manually mounting with various options. I've done some searching on the web to find the options and I now understand the anonuid and anongid aren't client options. At least I think that's the case.
So that's why this command was getting invalid option error. I also tried various combinations of these options in the fstab file.
mount -t nfs -v -o vers=3,rw,anonuid=nfsuser01,anongid=nfsgroup1 10.44.236.56:/ns001/bucket001/test/ /nfsshare/
I moved on to only options I know exist and I came up with this command.
mount -t nfs -v -o vers=3,rw 10.44.236.56:/ns001/bucket001/test/ /nfsshare
I get an access denied error on this one. I did more looking online.
I found information on this file /etc/idmapd.conf so I commented out these lines and changed the user info to match the information in ecs.
Nobody-User = nfsuser01
Nobody-Group = nfsgroup1
Still got an access denied error.
I tried changing the passwd file from
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
nfsuser01:x:65534:65534:Anonymous NFS nfsuser01:/var/lib/nfs:/sbin/nologin
and I tried this as well:
nfsuser01:x:10000:20000:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
I got the same access denied and I'm not really sure what I'm doing in this file but I feel like I'm on to something here.
I'd like to point out the I'm using the vers=3 option because when I leave that out it tells me that it's not a supported version. I really think I'm not fully understanding how the permissions work.
I too am also a Windows guy and much less familiar with Linux ... However, I have been able to get the NFS stuff working pretty consistently so I'm confident we'll get you up and running.
Yes, you must specify NFS version 3 when mounting exports configured in ECS. You don't need to modify idmapd.conf or passwd files. We should be able to mount the export by simply passing command line arguments.
In my testing this morning, I did encounter an error when trying to mount an empty sub folder. Once I placed an object into the sub folder (using Cyberduck), I was then able to mount the sub folder successfully. Can you try creating/mounting at the bucket level first?
Here's what my exports look like:
[root@localhost april]# showmount -e 10.1.89.51
Export list for 10.1.89.51:
And here is my mount command:
[root@localhost sub1]# mount -t nfs -o sec=sys -o vers=3 -o proto=tcp 10.1.83.51:/ben_namespace/ben_bucket_april /mnt/april
After the mount is created, I can switch to that directory (/mnt/april) and create a text file in that directory, read the data back and show permissions on the file. As you can see, it's picking up my anonuid and anongid from my export configuration in ECS. I mapped my object user to 10000 and my default bucket group to 1001.
[root@localhost april]# echo "test data in file from centos." > test.txt
[root@localhost april]# cat test.txt
test data in file from centos.
[root@localhost april]# ls -la
drwxrwxrwx. 3 10000 10001 96 Apr 18 12:26 .
drwxrw-rwx. 3 10000 10001 96 Apr 18 11:40 sub1
-rw-r--r--. 1 10000 10001 31 Apr 18 12:26 test.txt
Can you try this and let me know if it works?
Ok so this is where I am at.
I noticed that in your post that when you ran the showmount command it return the path followed by a * also I was using the user and group names in the export instead of the ID number. The later was probably the cause of my problems.
I recreated my export using the ID number and a wildcard for the export host. It looks like my attachment.
So now I run the following command and it mounts! I add the rw option to it because when I try to do anything inside the share I get permission denied.
Here's what that looks like.
[root@ric1pdvcsmgt02 /]# mount -t nfs -o sec=sys,vers=3,proto=tcp,rw 10.44.236.56:/ns1/nfsbucket /nfsshare/
[root@ric1pdvcsmgt02 /]# cd /nfsshare/
[root@ric1pdvcsmgt02 nfsshare]# ls -al
drwx---rwx. 3 bin 2147483647 96 Apr 18 13:00 .
-rwxrwx---. 1 bin 20000 0 Apr 18 12:59 file.txt
[root@ric1pdvcsmgt02 nfsshare]# cat file.txt
cat: file.txt: Permission denied
Am I using the right option in the rootsquash field? Any idea what I'm missing here?
I'm going over the settings again and this is how my bucket is configured. Is this group correct? Is there anyway you could share some screen shots of your working configuration?
Can you also send a screenshot of your user/group mappings? By looking at your ls -la command results, I think you're missing the correct user mapping. You'll want to map the object user that is the bucket owner to 10000. When you run ls -la, you should be seeing 10000 in the listing for uid.
How do I map the bucket owner to the 10000 ID. I thought nfs users and object users were different. I don't have a nfsuser01 account created as an object user.
So are saying that I need to create a nfsuser01 under the users tab and make that the bucket owner. Then create the nfsuser with the same name and map it to 10000?