Comments (6)
Shivang44
commented on June 7, 2024
1
Hey thanks for checking in! Your explanation makes sense, but unfortunately we decided to just use the nfs-server-provisioner helm chart that provisions a nfs-server for us in our kubernetes cluster so we don't have to think about it haha. Thanks so much for checking in and responding so quickly! Hopefully your comment above can help somebody else.
from docker-nfs-server.
ehough
commented on June 7, 2024
You're close! In Docker's bridge networking, your container will never see the 192.168.0.0/24 address space; instead it will only see addresses in the 172.17.0.0/16 (by default) range. Since your export only allows mounts from 192.168.1.111, the server will essentially never permit a mount.
If you really want to use IP-based authorization, you have two choices. Your first option would be to change the allowed IPs to 172.17.0.0/16 (or event just *). e.g.
docker run \
-e NFS_EXPORT_0='/nfs/share 172.17.0.0/16(rw,no_subtree_check)' \
-v /home/shivang/share:/nfs/share \
--cap-add SYS_ADMIN \
-p 2049:2049 \
erichough/nfs-server
The second option would be to use --network host to ditch the bridge network entirely.
IMHO, if user authentication/authorization is a requirement, you should instead activate Kerberos. It's a pain to set up, but it's quite effective once in place.
If you still have trouble mounting, please post the output of mount -v -o nfsvers=4 ... and we should be able to figure it out.
from docker-nfs-server.
ehough
commented on June 7, 2024
Checking in. Were you able to get things working?
from docker-nfs-server.
monsterooo
commented on June 7, 2024
Hi @ehough .
Does --network host support mac system?
I started a service
docker run \
-v `pwd`/shared:/shared \
-v `pwd`/exports.txt:/etc/exports:ro \
-v /lib/modules:/lib/modules:ro \
--cap-add SYS_ADMIN \
--cap-add SYS_MODULE \
--network=host \
-e NFS_LOG_LEVEL=DEBUG \
--name nsf-demo \
erichough/nfs-server
==================================================================
SETTING UP ...
==================================================================
----> log level set to DEBUG
----> will use 2 rpc.nfsd server thread(s) (1 thread per CPU)
----> /etc/exports is bind-mounted
----> kernel module nfs is loaded
----> kernel module nfsd is loaded
----> setup complete
==================================================================
STARTING SERVICES ...
==================================================================
----> mounting rpc_pipefs filesystem onto /var/lib/nfs/rpc_pipefs
mount: mount('rpc_pipefs','/var/lib/nfs/rpc_pipefs','rpc_pipefs',0x00008000,'(null)'):0
----> mounting nfsd filesystem onto /proc/fs/nfsd
mount: mount('nfsd','/proc/fs/nfsd','nfsd',0x00008000,'(null)'):0
----> starting rpcbind
----> starting exportfs
exporting *:/shared
----> starting rpc.mountd on port 32767
----> starting rpc.statd on port 32765 (outgoing from port 32766)
----> starting rpc.nfsd on port 2049 with 2 server thread(s)
rpc.nfsd: knfsd is currently down
rpc.nfsd: Writing version string to kernel: -2 +3 +4 +4.1 +4.2
rpc.nfsd: Created AF_INET TCP socket.
rpc.nfsd: Created AF_INET UDP socket.
rpc.nfsd: Created AF_INET6 TCP socket.
rpc.nfsd: Created AF_INET6 UDP socket.
----> all services started normally
==================================================================
SERVER STARTUP COMPLETE
==================================================================
----> list of enabled NFS protocol versions: 4.2, 4.1, 4, 3
----> list of container exports:
----> /shared *(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,fsid=0,anonuid=65534,anongid=65534,sec=sys,rw,insecure,no_root_squash,no_all_squash)
----> list of container ports that should be exposed:
----> 111 (TCP and UDP)
----> 2049 (TCP and UDP)
----> 32765 (TCP and UDP)
----> 32767 (TCP and UDP)
==================================================================
READY AND WAITING FOR NFS CLIENT CONNECTIONS
==================================================================
Statd service already running!
But my connection fails on mac system
showmount -e 192.168.3.39
showmount: Cannot retrieve info from host: 192.168.3.39: RPC failed:: RPC: Unable to send; errno = Bad file descriptor
Thank you for your time
from docker-nfs-server.
ehough
commented on June 7, 2024
Hello @monsterooo,
Does --network host support mac system?
You should be able to mount from a mac without any trouble. Looks like the reason that the mount failed is that you simply forgot to open up the appropriate ports on the container. Check out step 4 "Expose the server ports" in the README.
If you still having trouble after opening up the ports, please open a new issue and we'll dig a little deeper to figure out what's going on.
from docker-nfs-server.
wyujie
commented on June 7, 2024
Hi, my host has 2 IPs: 172.17.0.16 and 192.168.0.2
I can mount with:
mount -t nfs 172.17.0.16:/shares ./shares
But fail with:
mount -t nfs 192.168.0.2:/shares. ./shares
I cannot use --net host for some reason, is there any other solution?
from docker-nfs-server.
Related Issues (20)
- mount.nfs: access denied by server while mounting 172.17.0.2:/mnt/nfstest/ HOT 1
- example of docker-compose.yml HOT 3
- directory does not support NFS HOT 5
- the showmount get stucked and outputs nothing
- Creating own Image from Dockerfile wont work HOT 3
- Error while mounting nfs in a pod
- Reduce RAM/Memory resources HOT 2
- No privs to container, how to mount before starting? HOT 3
- Vulnerabilities in Docker image erichough/nfs-server:2.2.1
- Kubernetes example? HOT 1
- rpcbind.target need to be disabled and stopped before start nfs-server container
- Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/exec: no such file or directory: unknown HOT 2
- Accessing the share from an external device
- 2: Unsupported version HOT 1
- aarch64 Support
- Is there anyway update /etc/exports outside without restart nfs container HOT 1
- ERROR: missing CAP_SYS_ADMIN via docker-compose HOT 7
- kernel module nfs is missing HOT 1
- Documentation update needed for describing binding export folders through environment variables
- PUTROOTFH Status: NFS4ERR_NOENT
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nfs-server.