NFS backup
-
Hello,
I'm new to Zen Orchestra backup. I have setup NFS share on my Asustor NAS.
When I tried to setp remote settings, I'm get this error belowommand failed with exit code 32: mount -o -t nfs x.x.x.x:7005:/zen vm backup /run/xo-server/mounts/7d3e7540-fca4-4bd5-aa90-5eaae93fd1a4
mount.nfs: access denied by server while mounting x.x.x.x:7005:/zen vm backup.
I gave zen orchestra user access to the NFS share.Any help would be appreciated
-
@momofhlp I suspect it is a UID/GID mapping or permissions problem.
Mount the share manually no-root-squash. run a backup on that share. see what UID/GID xo expects you to use. Then set up an nfsshare for only that matching UID/GID and all should be good.
it is easiest to set it up wrong security wise with NFSv3 but easiest to make it work. Once it works, go back and switch to nfs4.1. read and weep. https://www.truenas.com/community/threads/nfs-sys-security-option.86501/old nfs (v3) has little or no security. nfs4,1 has SYS for slightly better security. NFS4.2 + kerb5 has best security but a learning curve like:
|
|
|
|only much much steeper. a better nfs security solution is nfs via stunnel
see:- https://www.linuxjournal.com/content/encrypting-nfsv4-stunnel-tls
- https://bobcares.com/blog/nfsv4-encryption-with-stunnel-tls/
- historical: https://www.stunnel.org/mailman3/hyperkitty/list/stunnel-users@stunnel.org/thread/7FVHLCPSDHL2S6KQ7DBN24HLPSX4SHWV/
- other implementation details https://github.com/chadgeary/tls_nfs/tree/master/playbook
- another imp. https://forge.puppet.com/modules/simp/nfs/readme
I should turn this info into a package for xcp-ng.