Closed Smithx10 closed 1 year ago
This is actually intentional.
The issue is that an NFS resource in the context of LINSTOR Gateway maps to an ocf:heartbeat:nfsserver
resource agent, and that can only be started once per node.
You may now ask yourself why we cannot just implement a "volume add" command, like we do for the other technologies, and have multiple NFS exports that way.
Unfortunately, that is also not easily possible because of the way LINSTOR treats new volumes. You don't want to know the details (trust me :smile:), but essentially it is not trivial to execute an mkfs
-- which we need for NFS -- right after a new volume was added to a DRBD resource.
So, the intended way of having multiple NFS exports is to just create subdirectories and mount those. For example:
(on some cluster node)
[root@gateway-30 ~]# linstor-gateway nfs create example 192.168.122.222/24 1G
Created export 'example' at 192.168.122.222:/srv/gateway-exports/example
(on the node where the NFS server was created)
[root@gateway-31 ~]# mkdir /srv/gateway-exports/example/test{1,2}
(on the NFS client)
# mount -t nfs 192.168.122.222:/srv/gateway-exports/example/test1 /mnt/mynfs/
Of course, your bug report is still absolutely valid because we completely failed to document this. I will make sure to highlight this design decision in the documentation.
One of the use cases we had was for multi-tenancy for our Cloud. We'd like to have ACL per export.
I don't think we can use the NFC ACL with subdir right?
We enjoy Linstor-Gateway for making it simple to configure Reactor :)
To confirm it's safe to have multiple exports and this is just a problem with how to provision and configure the NFS exports?
If / Until Linstor is patched in order to execute the mkfs predictably we will have to manually do what the Linstor Gateway is doing?
I just stumbled upon this again; sorry for the delay here.
Yes, it is safe to have multiple exports in principle. The problem is in automatically creating the file system using LINSTOR. If you were to create the file systems yourself, there should be no issue.
I actually suspect setting ACLs on subdirectories works just fine, but I have not personally tried it.
I will close this issue for now since it is not an "issue" with LINSTOR Gateway per se (though I recognize that the current behavior is confusing). We are working on making this clearer, at least through documentation...
Just a note....
Luckily for us, we are deploying the client protocols over a switch fabric that we manage.
We decided to just create a larger cidr block that is non routable network, and just use the address space as needed.
It appears that in the create function here: https://github.com/LINBIT/linstor-gateway/blob/master/pkg/nfs/nfs.go#L60 we may be erroneously checking for duplicates. (depending the intention) I've added comments to the below code block.