RE: XCP-ng - mount.nfs: access denied by server while mounting

@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:

Can you show the incorrect and the correct config used to make it even more clear?

openSUSE 15.4 NFS Setup:

Permission for /run/media/XCP-ng/WebServer/Production (Note: this is a mounted internal HD)

drwxrwxr-x 2 root nobody 4096 Jul 22 21:38 Production

Folder settings in /etc/export

/run/media/XCP-ng/WebServer/Production 10.60.70.0/24(rw,root_squash,sync,no_subtree_check) 10.70.70.0/24(rw,root_squash,sync,no_subtree_check)

To make sure the proper NFS RPC-based services are enabled for rpcbind, use the following

command: sudo rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  55952  status
    100024    1   tcp  43101  status
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    3   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100003    3   udp   2049  nfs
    100227    3   udp   2049  nfs_acl
    100021    1   udp  57533  nlockmgr
    100021    3   udp  57533  nlockmgr
    100021    4   udp  57533  nlockmgr
    100021    1   tcp  39073  nlockmgr
    100021    3   tcp  39073  nlockmgr
    100021    4   tcp  39073  nlockmgr

If one of the NFS services does not start up correctly, rpcbind will be unable to map RPC requests from clients for that service to the correct port.

To allow clients to access NFS shares behind a firewall, configure the firewall by running the following commands on the NFS server:

firewall-cmd --permanent --add-service mountd
firewall-cmd --permanent --add-service rpc-bind
firewall-cmd --permanent --add-service nfs
firewall-cmd --permanent --add-port=<mountd-port>/tcp
firewall-cmd --permanent --add-port=<mountd-port>/udp
firewall-cmd --reload

Note: I used firewall-config to do the port settings.

XCP-ng / Remote Settings:

New file system remote
Type

• NFS
• Backup Production Wev Servers
• ..
• 10.60.70.15
• leave port empty
• /run/media/XCP-ng/WebServer/Production
• ..

Note: Make sure you can do this on both systems

[19:48 xcp-pro ~]# showmount --exports 10.60.70.15
Export list for 10.60.70.15:
..
...
/run/media/XCP-ng/WebServer/Production  10.70.70.0/24,10.60.70.0/24
...
..
.

@olivierlambert said in XCP-ng - mount.nfs: access denied by server while mounting:

Thanks for the feedback!

For sure, anytime to help make XCP-ng the best!

This is a new discovery during the Solved "NFS ISO: Cannot read property 'Export' of undefined" in creating a NFS Remote for backups.

Since I'm using openSUSE Leap 15.4 as a SR and Backups, I posted on there forum "XCP-ng - mount.nfs: access denied by server while mounting" first to get the solution and it was solved moments later, and to my delight it was a very simple fix, so I'm posting here just in case anyone else has this problem.

Leap was denying access for XCP-ng backup test, everything on Leap was configured correctly, but I had to remove the Port number on the XCP-ng Remote setting and now it works.

@olivierlambert said in NFS ISO: Cannot read property 'Export' of undefined:

Let's consider this thread fixed by adding the correct NFS configuration on the server side and create a new one describing your issue.

@ravenet said in Manually Mount A HD When Needed From XCP-ng?:

You can script mount and umount commands as part of jobs or as part of backup jobs.

Hang on, the recent post deals with Settings / Remotes, got off track by watching "Tutorial: Configuring Backups For XCP NG Using Xen Orchestra 2021" but, in doing so the posted change correct the initial problem, so I'm able to create a SR / {VDI, ISO} NFS.

So now dealing with the Remotes configuration, I would like to fix this so I can can configure for backups. Do I need to create a new post or can we continue from here?

Update: well I have mounts showing in XCP-ng, I needed to add rpc-bind and mountd to Leaps firewall, however I need to fix the permission because its being denied:

remote.test
{
  "id": "ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce"
}
{
  "shortMessage": "Command failed with exit code 32: mount -o  -t nfs 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab /run/xo-server/mounts/ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce",
  "command": "mount -o  -t nfs 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab /run/xo-server/mounts/ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce",
  "escapedCommand": "mount -o \"\" -t nfs \"10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab\" \"/run/xo-server/mounts/ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce\"",
  "exitCode": 32,
  "stdout": "",
  "stderr": "mount.nfs: access denied by server while mounting 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab",
  "failed": true,
  "timedOut": false,
  "isCanceled": false,
  "killed": false,
  "message": "Command failed with exit code 32: mount -o  -t nfs 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab /run/xo-server/mounts/ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce
mount.nfs: access denied by server while mounting 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab",
  "name": "Error",
  "stack": "Error: Command failed with exit code 32: mount -o  -t nfs 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab /run/xo-server/mounts/ed6bc7d7-8e3f-4d01-a57e-a9865a72c8ce
mount.nfs: access denied by server while mounting 10.60.70.45:2049:/run/media/Backup-I/XCP-ng-lab
    at makeError (/opt/xo/xo-builds/xen-orchestra-202207160304/node_modules/execa/lib/error.js:60:11)
    at handlePromise (/opt/xo/xo-builds/xen-orchestra-202207160304/node_modules/execa/index.js:118:26)
    at NfsHandler._sync (/opt/xo/xo-builds/xen-orchestra-202207160304/@xen-orchestra/fs/src/_mount.js:64:7)"
}

Folder permission on Leap:

chown -R nobody: /run/media/Backup-I/XCP-ng-lab/
chmod -R 777 /run/media/Backup-I/XCP-ng-lab/

@olivierlambert said in NFS ISO: Cannot read property 'Export' of undefined:

showmount --exports <NFS SERVER IP>

From XCP-ng:

clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)

From XCP-ng - AlmaLinux VM:

clnt_create: RPC: Unable to receive

From NFS Server on Leap 15.4:

Export list for 10.60.70.45:
/home/nasheayahu/Downloads/Iso/Pop!_OS              10.70.70.0/24,10.60.70.0/24
/home/nasheayahu/Downloads/Iso/RHEL                 10.70.70.0/24,10.60.70.0/24
/home/nasheayahu/Downloads/Iso/MX-Linux             10.70.70.0/24,10.60.70.0/24
/home/nasheayahu/Downloads/Iso/AlmaLinux-9.0-x86_64 10.70.70.0/24,10.60.70.0/24

Just an update: I am able to get SMB working, but I would like to have NFS ISO as well...

Running the latest openSUSE Leap 15.4 as my IT Workstation to manage both my XCO-ng servers, etc,... and my NFS exports file look like this for one of the NFS ISO I'm trying to configure is:

/home/nasheayahu/Downloads/Iso/RHEL	10.60.70.0/24(ro,root_squash,sync,no_subtree_check) 10.70.70.0/24(ro,root_squash,sync,no_subtree_check)

and idmapd.conf

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = kohanyim.com

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

is there anything else I need to check to get this working?

Can you manually mount a HD and I also have a Insignia Dual Drive Docking Station that I only want to mount a HD when I need it, specially when I want to do a backup and store the drive offline.

The Docking Station is on and HD's are listed in Removable storage, so It that possible, if so can you link me the documentation to show me how?

Correct, I made changes to pfSense to be my DHCP and DNS Resolver, so had to make that change to the NFS Settings to reflect the Domain Name.

Thanks for your help!...

I'm able to ping, ssh connect from the CLI in the consel of XOA, why am I getting this error?

[13:51 xcp-ng ~]# ping nfs.kohanyim.com
PING nfs.kohanyim.com (192.168.1.164) 56(84) bytes of data.
64 bytes from NFS.kohanyim.com (192.168.1.164): icmp_seq=1 ttl=64 time=0.241 ms
64 bytes from NFS.kohanyim.com (192.168.1.164): icmp_seq=2 ttl=64 time=0.310 ms
64 bytes from NFS.kohanyim.com (192.168.1.164): icmp_seq=3 ttl=64 time=0.165 ms
64 bytes from NFS.kohanyim.com (192.168.1.164): icmp_seq=4 ttl=64 time=0.220 ms
64 bytes from NFS.kohanyim.com (192.168.1.164): icmp_seq=5 ttl=64 time=0.243 ms

[16:24 xcp-ng ~]# showmount -e 192.168.1.164
clnt_create: RPC: Program not registered
[16:24 xcp-ng ~]# showmount -e nfs.kohanyim.com
clnt_create: RPC: Program not registered

[19:29 xcp-ng ~]# ssh administrator@nfs.kohanyim.com
The authenticity of host 'nfs.kohanyim.com (192.168.1.164)' can't be established.
ECDSA key fingerprint is SHA256:J+qwou8zk+ciHChOpXoOsUtZadpYQ0Pz96SBt0644/Q.
ECDSA key fingerprint is MD5:a2:6d:29:7a:f0:dc:88:58:d4:71:1b:8e:a3:d5:f8:e3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nfs.kohanyim.com,192.168.1.164' (ECDSA) to the list of known hosts.
Password: 
Last login: Sat Oct 31 13:43:01 2020 from 192.168.1.101
Have a lot of fun...
administrator@NFS:~>

Cancel that! I found the keys icon for sending the combo just above console.....

Host OS: Ubuntu Studio 20.10

Just installed Windows Server, the CTL+ATL+Delete is not being captured. Can't remote in until I change the settings. How do you send the combination from the XOA Consel?

Thanks!...

Cancel that, I found out how to save the Config and import through Settings/Remotes/Config...

I initially created some remotes site with the Deployed XOA, but since then I compiled and installed the Source version. Do I have to recreate the remotes again or how can I import them from the other?