XCP-ng - mount.nfs: access denied by server while mounting
-
This is a new discovery during the Solved "NFS ISO: Cannot read property 'Export' of undefined" in creating a NFS Remote for backups.
Since I'm using openSUSE Leap 15.4 as a SR and Backups, I posted on there forum "XCP-ng - mount.nfs: access denied by server while mounting" first to get the solution and it was solved moments later, and to my delight
it was a very simple fix, so I'm posting here just in case anyone else has this problem.Leap was denying access for XCP-ng backup test, everything on Leap was configured correctly, but I had to remove the Port number on the XCP-ng Remote setting and now it works.
-
@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:
Can you show the incorrect and the correct config used to make it even more clear?
openSUSE 15.4 NFS Setup:
Permission for /run/media/XCP-ng/WebServer/Production (Note: this is a mounted internal HD)
drwxrwxr-x 2 root nobody 4096 Jul 22 21:38 ProductionFolder settings in /etc/export
/run/media/XCP-ng/WebServer/Production 10.60.70.0/24(rw,root_squash,sync,no_subtree_check) 10.70.70.0/24(rw,root_squash,sync,no_subtree_check)To make sure the proper NFS RPC-based services are enabled for rpcbind, use the following
command: sudo rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 55952 status 100024 1 tcp 43101 status 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 57533 nlockmgr 100021 3 udp 57533 nlockmgr 100021 4 udp 57533 nlockmgr 100021 1 tcp 39073 nlockmgr 100021 3 tcp 39073 nlockmgr 100021 4 tcp 39073 nlockmgrIf one of the NFS services does not start up correctly, rpcbind will be unable to map RPC requests from clients for that service to the correct port.
To allow clients to access NFS shares behind a firewall, configure the firewall by running the following commands on the NFS server:
firewall-cmd --permanent --add-service mountd firewall-cmd --permanent --add-service rpc-bind firewall-cmd --permanent --add-service nfs firewall-cmd --permanent --add-port=<mountd-port>/tcp firewall-cmd --permanent --add-port=<mountd-port>/udp firewall-cmd --reloadNote: I used firewall-config to do the port settings.
XCP-ng / Remote Settings:
New file system remote
Type- NFS
- Backup Production Wev Servers
- ..
- 10.60.70.15
- leave port empty
- /run/media/XCP-ng/WebServer/Production
- ..
Note: Make sure you can do this on both systems
[19:48 xcp-pro ~]# showmount --exports 10.60.70.15 Export list for 10.60.70.15: .. ... /run/media/XCP-ng/WebServer/Production 10.70.70.0/24,10.60.70.0/24 ... .. .@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:
Thanks for the feedback!
For sure, anytime to help make XCP-ng the best!
-
Can you show the incorrect and the correct config used to make it even more clear?
Thanks for the feedback!
-
@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:
Can you show the incorrect and the correct config used to make it even more clear?
openSUSE 15.4 NFS Setup:
Permission for /run/media/XCP-ng/WebServer/Production (Note: this is a mounted internal HD)
drwxrwxr-x 2 root nobody 4096 Jul 22 21:38 ProductionFolder settings in /etc/export
/run/media/XCP-ng/WebServer/Production 10.60.70.0/24(rw,root_squash,sync,no_subtree_check) 10.70.70.0/24(rw,root_squash,sync,no_subtree_check)To make sure the proper NFS RPC-based services are enabled for rpcbind, use the following
command: sudo rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 55952 status 100024 1 tcp 43101 status 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 57533 nlockmgr 100021 3 udp 57533 nlockmgr 100021 4 udp 57533 nlockmgr 100021 1 tcp 39073 nlockmgr 100021 3 tcp 39073 nlockmgr 100021 4 tcp 39073 nlockmgrIf one of the NFS services does not start up correctly, rpcbind will be unable to map RPC requests from clients for that service to the correct port.
To allow clients to access NFS shares behind a firewall, configure the firewall by running the following commands on the NFS server:
firewall-cmd --permanent --add-service mountd firewall-cmd --permanent --add-service rpc-bind firewall-cmd --permanent --add-service nfs firewall-cmd --permanent --add-port=<mountd-port>/tcp firewall-cmd --permanent --add-port=<mountd-port>/udp firewall-cmd --reloadNote: I used firewall-config to do the port settings.
XCP-ng / Remote Settings:
New file system remote
Type- NFS
- Backup Production Wev Servers
- ..
- 10.60.70.15
- leave port empty
- /run/media/XCP-ng/WebServer/Production
- ..
Note: Make sure you can do this on both systems
[19:48 xcp-pro ~]# showmount --exports 10.60.70.15 Export list for 10.60.70.15: .. ... /run/media/XCP-ng/WebServer/Production 10.70.70.0/24,10.60.70.0/24 ... .. .@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:
Thanks for the feedback!
For sure, anytime to help make XCP-ng the best!
-
O olivierlambert marked this topic as a question on
-
O olivierlambert has marked this topic as solved on
-
Thanks a lot!