Results 1 to 2 of 2

Thread: Exporting NFSv4.1/4.2 shares on Tumbleweed vs Leap and fsid=0

  1. #1

    Default Exporting NFSv4.1/4.2 shares on Tumbleweed vs Leap and fsid=0

    I'm running a few Leap and Tumbleweed machines in a freeIPA domain with
    kerberized NFSv4. My problem is that I cannot mount NFSv4.1/4.2 shares that
    are exported by Tumbleweed machines unless I specify a root via fsid=0, which
    is not necessary on Leap.

    Code:
    tumbleweed # cat /proc/fs/nfsd/versions
    -2 -3 +4 +4.1 +4.2
    
    tumbleweed # zypper if nfs-kernel-server
    ...
    Version        : 2.1.1-3.1
    
    tumbleweed # cat /etc/sysconfig/nfs
    ...
    NFS3_SERVER_SUPPORT="no"
    ...
    NFS4_SUPPORT="yes"
    ...
    NFS_SECURITY_GSS="yes"
    
    tumbleweed # cat /etc/nfs.conf
    ...
    vers4.1=yes
    vers4.2=yes
    ...
    
    tumbleweed # cat /etc/exports
    # cat /etc/exports
    /export/test    *.mydomain.com(rw,root_squash,sync,no_subtree_check,sec=krb5p)
    /export/test    127.0.0.1(rw,root_squash,sync,no_subtree_check,sec=krb5p)
    
    tumbleweed # exportfs -v
    /export/test    127.0.0.1(rw,sync,wdelay,hide,no_subtree_check,sec=krb5p,secure,root_squash,no_all_squash)
    /export/test    *.mydomain.com(rw,sync,wdelay,hide,no_subtree_check,sec=krb5p,secure,root_squash,no_all_squash)
    
    tumbleweed # mount -v -t nfs4 -o minorversion=2 127.0.0.2:/export/test /mnt
    mount.nfs4: timeout set for Tue Oct 10 16:12:55 2017
    mount.nfs4: trying text-based options 'minorversion=2,proto=tcp,vers=4,addr=127.0.0.2,clientaddr=127.0.0.1'
    mount.nfs4: mount(2): Operation not permitted
    
    tumbleweed # mount -v -t nfs4 127.0.0.2:/export/test /mnt
    mount.nfs4: timeout set for Tue Oct 10 16:14:29 2017
    mount.nfs4: trying text-based options 'proto=tcp,vers=4,addr=127.0.0.2,clientaddr=127.0.0.1'
    
    tumbleweed # mount | grep nfs
    nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
    sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
    127.0.0.2:/export/test on /mnt type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5p,clientaddr=127.0.0.1,local_lock=none,addr=127.0.0.2)
    Enabling debug output and looking up a mount attempt in journalctl gave me a
    hint that it is related to the file system root.

    Code:
    tumbleweed # rpcdebug -m nfs all
    Code:
    NFS: nfs mount opts='minorversion=2,proto=tcp,vers=4,addr=127.0.0.2,clientaddr=127.0.0.1'
    NFS:   parsing nfs mount option 'minorversion=2'
    NFS:   parsing nfs mount option 'proto=tcp'
    NFS:   parsing nfs mount option 'vers=4'
    NFS:   parsing nfs mount option 'addr=127.0.0.2'
    NFS:   parsing nfs mount option 'clientaddr=127.0.0.1'
    NFS: MNTPATH: '/export/test'
    ...
    nfs4_get_root: getcaps error = 1
    nfs_get_root: getattr error = 1
    <-- nfs_xdev_mount() = -1
    NFS: dentry_delete(/test, 32008c)
    NFS: dentry_delete(/export, 32008c)
    <-- nfs4_try_mount() = -1 [error]
    ...
    I also looked into the nfsd debug output, but there was only one line that
    looked suspicious.

    Code:
    tumbleweed # rpcdebug -m nfsd all
    Code:
    ...
    NFSD: warning: no callback path to client Linux NFSv4.2 tumbleweed: error -22
    ...
    So I changed the export options to

    Code:
    tumbleweed # cat /etc/exports
    /export/test -rw,root_squash,sync,no_subtree_check,sec=krb5p,fsid=0 127.0.0.1 *.mydomain.com
    
    tumbleweed # exportfs -v
    /export/test    127.0.0.1(rw,sync,wdelay,hide,no_subtree_check,fsid=0,sec=krb5p,secure,root_squash,no_all_squash)
    /export/test    *.mydomain.com(rw,sync,wdelay,hide,no_subtree_check,fsid=0,sec=krb5p,secure,root_squash,no_all_squash)
    and it works when mounting "/"

    Code:
    tumbleweed # mount -v -t nfs4 -o minorversion=2 127.0.0.2:/ /mnt
    mount.nfs4: timeout set for Wed Oct 11 13:15:15 2017
    mount.nfs4: trying text-based options 'minorversion=2,proto=tcp,vers=4,addr=127.0.0.2,clientaddr=127.0.0.1'
    
    tumbleweed # mount | grep nfs
    nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
    sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
    127.0.0.2:/ on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5p,clientaddr=127.0.0.1,local_lock=none,addr=127.0.0.2)
    On a Leap 42.3 machine, "it just works".

    Code:
    leap # cat /proc/fs/nfsd/versions
    -2 -3 +4 +4.1 +4.2
    
    leap # zypper if nfs-kernel-server
    ...
    Version        : 1.3.0-28.1
    ...
    
    leap # cat /etc/sysconfig/nfs
    ...
    NFS_SECURITY_GSS="yes"
    ...
    NFS3_SERVER_SUPPORT="no"
    ...
    NFS4_SUPPORT="yes"
    ...
    NFS4_SERVER_MINOR_VERSION="2"
    ...
    
    leap # cat /etc/exports
    /export/shared  *.mydomain.com(ro,root_squash,sync,no_subtree_check,sec=krb5p)
    
    leap # exportfs -v
    /export/shared    *.mydomain.com(rw,wdelay,root_squash,no_subtree_check,sec=krb5p,rw,secure,root_squash,no_all_squash)
    Mounting the Leap share on Tumbleweed.

    Code:
    tumbleweed # mount -t nfs4 -o minorversion=2 leap.mydomain.com:/export/shared /mnt
    mount.nfs4: timeout set for Tue Oct 10 16:21:54 2017
    mount.nfs4: trying text-based options 'minorversion=2,proto=tcp,vers=4,addr=xxx.xxx.xxx.xxx,clientaddr=xxx.xxx.xxx.xxx'
    
    tumbleweed # mount | grep nfs
    nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
    sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
    leap.mydomain.com:/export/shared on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5p,clientaddr=xxx.xxx.xxx.xxx,local_lock=none,addr=xxx.xxx.xxx.xxx)
    (The rw in mount output is wrong, it's actually not possible to write.)

    Why is the necessity of fsid=0 so inconsistent? On Leap it's not needed at all,
    on Tumbleweed it's required for NFSv4.1 and 4.2. Is there some option in the
    newer nfs-kernel-server version that I'm missing?
    Last edited by deano_ferrari; 11-Oct-2017 at 11:47. Reason: User request

  2. #2

    Default Re: Exporting NFSv4.1/4.2 shares on Tumbleweed vs Leap and fsid=0

    Late reply.

    I'm still not sure why the difference, but I think that the problem
    might be related to the export being located on an LVM volume. According
    to `man exports`:

    fsid=num|root|uuid
    NFS needs to be able to identify each filesystem that it exports.
    Normally it will use a UUID for the filesystem (if the filesystem has
    such a thing) or the device number of the device hold- ing the
    filesystem (if the filesystem is stored on the device).

    As not all filesystems are stored on devices, and not all filesystems
    have UUIDs, it is sometimes necessary to explicitly tell NFS how to
    identify a filesystem. This is done with the fsid= option.

    Other filesystems can be identified with a small integer, or a UUID
    which should contain 32 hex digits and arbitrary punctuation.

    Linux kernels version 2.6.20 and earlier do not understand the UUID
    setting so a small integer must be used if an fsid option needs to be
    set for such kernels. Setting both a small number and a UUID is
    supported so the same configuration can be made to work on old and new
    kernels alike.
    Though the logical volume does have an LV UUID (according to lvdisplay), so
    maybe it's something else entirely.

    My solution for now is to use fsid=1 (I didn't understand properly the use of
    non-zero/-root fsid back in October) for the export in question:

    Code:
    /export/test -rw,root_squash,sync,no_subtree_check,sec=krb5p,fsid=1 127.0.0.1 *.mydomain.com
    Any other non-zero fsid (e.g. an UUID in 32 hex digits as written in the man
    page) would work as well, but I currently don't see this needed in my use case.

    This allows me to mount the export with the full path

    Code:
    tumbleweed # mount -t nfs4 -o minorversion=2 127.0.0.2:/export/test /mnt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •