error path does not have a whitelisted parent.

[bogdanro]

Hi, trying to get nfs exports working on a 3 node proxmox cluster but I'm getting the following error:

linstor-gateway --loglevel debug nfs create --resource=nfstest2 --service-ip=192.168.20.250/24 --allowed-ips=192.168.20.0/24 --resource-group=data1 --size=2G

DEBU[0000] curl -X 'GET' -H 'Accept: application/json' 'http://localhost:3370/v1/files?content=true&limit=0&offset=0'
DEBU[0000] {"name":"data1","select_filter":{}}
DEBU[0000] curl -X 'POST' -d '{"name":"data1","select_filter":{}}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/resource-groups'
DEBU[0000] Status code not within 200 to 400, but 500 (Internal Server Error)
DEBU[0000] {"resource_definition":{"name":"nfstest2","props":{"DrbdOptions/Resource/auto-promote":"yes","DrbdOptions/Resource/on-no-quorum":"io-error","DrbdOptions/Resource/quorum":"majority","FileSystem/Type":"ext4"},"resource_group_name":"data1"}}
DEBU[0000] curl -X 'POST' -d '{"resource_definition":{"name":"nfstest2","props":{"DrbdOptions/Resource/auto-promote":"yes","DrbdOptions/Resource/on-no-quorum":"io-error","DrbdOptions/Resource/quorum":"majority","FileSystem/Type":"ext4"},"resource_group_name":"data1"}}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/resource-definitions'
DEBU[0000] {"volume_definition":{"volume_number":1,"size_kib":2097152}}
DEBU[0000] curl -X 'POST' -d '{"volume_definition":{"volume_number":1,"size_kib":2097152}}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/resource-definitions/nfstest2/volume-definitions'
DEBU[0000] {"select_filter":{}}
DEBU[0000] curl -X 'POST' -d '{"select_filter":{}}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/resource-definitions/nfstest2/autoplace'
DEBU[0002] {"override_props":{"DrbdOptions/Resource/auto-promote":"no"}}
DEBU[0002] curl -X 'PUT' -d '{"override_props":{"DrbdOptions/Resource/auto-promote":"no"}}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/resource-definitions/nfstest2'
DEBU[0008] curl -X 'GET' -H 'Accept: application/json' 'http://localhost:3370/v1/resource-definitions/nfstest2'
DEBU[0008] curl -X 'GET' -H 'Accept: application/json' 'http://localhost:3370/v1/view/resources?limit=0&offset=0&resources=nfstest2'
DEBU[0010] {"path":"/etc/drbd-reactor.d/linstor-gateway-nfs-nfstest2.toml","content":"W1twcm9tb3Rlcl1dCiAgaWQgPSAibmZzLW5mc3Rlc3QyIgogIFtwcm9tb3Rlci5yZXNvdXJjZXNdCiAgICBbcHJvbW90ZXIucmVzb3VyY2VzLm5mc3Rlc3QyXQogICAgICBzdGFydCA9IFsib2NmOmhlYXJ0YmVhdDpGaWxlc3lzdGVtIGZzXzEgZGV2aWNlPS9kZXYvZHJiZC9ieS1yZXMvbmZzdGVzdDIvMSBkaXJlY3Rvcnk9L3Nydi9nYXRld2F5LWV4cG9ydHMvbmZzdGVzdDIgZnN0eXBlPWV4dDQgcnVuX2ZzY2s9bm8iLCAib2NmOmhlYXJ0YmVhdDpleHBvcnRmcyBleHBvcnRfMV8wIGNsaWVudHNwZWM9MTkyLjE2OC4yMC4wLzI0IGRpcmVjdG9yeT0vc3J2L2dhdGV3YXktZXhwb3J0cy9uZnN0ZXN0MiBmc2lkPTFkNWM4ZWMxLTQzNmYtNTk5YS05MDM1LTgzMThmMTA0NTNiNyBvcHRpb25zPXJ3IHdhaXRfZm9yX2xlYXNldGltZV9vbl9zdG9wPTEiLCAib2NmOmhlYXJ0YmVhdDpJUGFkZHIyIHNlcnZpY2VfaXAgY2lkcl9uZXRtYXNrPTI0IGlwPTE5Mi4xNjguMjAuMjUwIl0KICAgICAgcnVubmVyID0gInN5c3RlbWQiCiAgICAgIG9uLWRyYmQtZGVtb3RlLWZhaWx1cmUgPSAicmVib290LWltbWVkaWF0ZSIKICAgICAgc3RvcC1zZXJ2aWNlcy1vbi1leGl0ID0gdHJ1ZQogICAgICB0YXJnZXQtYXMgPSAiQmluZHNUbyIK"}
DEBU[0010] curl -X 'PUT' -d '{"path":"/etc/drbd-reactor.d/linstor-gateway-nfs-nfstest2.toml","content":"W1twcm9tb3Rlcl1dCiAgaWQgPSAibmZzLW5mc3Rlc3QyIgogIFtwcm9tb3Rlci5yZXNvdXJjZXNdCiAgICBbcHJvbW90ZXIucmVzb3VyY2VzLm5mc3Rlc3QyXQogICAgICBzdGFydCA9IFsib2NmOmhlYXJ0YmVhdDpGaWxlc3lzdGVtIGZzXzEgZGV2aWNlPS9kZXYvZHJiZC9ieS1yZXMvbmZzdGVzdDIvMSBkaXJlY3Rvcnk9L3Nydi9nYXRld2F5LWV4cG9ydHMvbmZzdGVzdDIgZnN0eXBlPWV4dDQgcnVuX2ZzY2s9bm8iLCAib2NmOmhlYXJ0YmVhdDpleHBvcnRmcyBleHBvcnRfMV8wIGNsaWVudHNwZWM9MTkyLjE2OC4yMC4wLzI0IGRpcmVjdG9yeT0vc3J2L2dhdGV3YXktZXhwb3J0cy9uZnN0ZXN0MiBmc2lkPTFkNWM4ZWMxLTQzNmYtNTk5YS05MDM1LTgzMThmMTA0NTNiNyBvcHRpb25zPXJ3IHdhaXRfZm9yX2xlYXNldGltZV9vbl9zdG9wPTEiLCAib2NmOmhlYXJ0YmVhdDpJUGFkZHIyIHNlcnZpY2VfaXAgY2lkcl9uZXRtYXNrPTI0IGlwPTE5Mi4xNjguMjAuMjUwIl0KICAgICAgcnVubmVyID0gInN5c3RlbWQiCiAgICAgIG9uLWRyYmQtZGVtb3RlLWZhaWx1cmUgPSAicmVib290LWltbWVkaWF0ZSIKICAgICAgc3RvcC1zZXJ2aWNlcy1vbi1leGl0ID0gdHJ1ZQogICAgICB0YXJnZXQtYXMgPSAiQmluZHNUbyIK"}
' -H 'Accept: application/json' -H 'Content-Type: application/json' 'http://localhost:3370/v1/files/%2Fetc%2Fdrbd-reactor.d%2Flinstor-gateway-nfs-nfstest2.toml'
DEBU[0012] curl -X 'GET' -H 'Accept: application/json' 'http://localhost:3370/v1/files?content=true&limit=0&offset=0'
DEBU[0012] curl -X 'POST' -H 'Accept: application/json' 'http://localhost:3370/v1/resource-definitions/nfstest2/files/%2Fetc%2Fdrbd-reactor.d%2Flinstor-gateway-nfs-nfstest2.toml'
DEBU[0013] Status code not within 200 to 400, but 500 (Internal Server Error)
Error: failed to start resources: failed to detach reactor configuration: error attaching file to resource: Message: '(Node: 'prox02') The path /etc/drbd-reactor.d/linstor-gateway-nfs-nfstest2.toml does not have a whitelisted parent. Allowed parent directories: []'; Reports: '[61ED9BD0-85651-000004]' next error: Message: 'Modification of resource definition 'nfstest2' failed due to an unknown exception.'; Details: 'Resource definition: nfstest2'; Reports: '[61ED99AB-00000-000002]'

Error message: (Node: 'prox02') The path /etc/drbd-reactor.d/linstor-gateway-nfs-nfstest2.toml does not have a whitelisted parent. Allowed parent directories: []

ErrorReport-61ED99AB-00000-000002.log

Not sure what I'm doing wrong.

Thank you!

[chrboe]

Try to run the linstor-gateway check-health command. It will give you a hint about this.

tl;dr:

$ cat /etc/linstor/linstor_satellite.toml
[files]
  allowExtFiles = ["/etc/systemd/system", "/etc/systemd/system/linstor-satellite.d", "/etc/drbd-reactor.d"]

on all satellite nodes.

Don't forget to systemctl restart linstor-satellite.

I agree that there is probably a better way to document this, I'll think about that.