search

ehough / docker-nfs-server

A lightweight, robust, flexible, and containerized NFS server.
https://hub.docker.com/r/erichough/nfs-server/
GNU General Public License v3.0
693 stars 221 forks source link

Cannot mount nfs to client | mount.nfs: access denied by server while mounting 10.148.0.3:/shared #27

Open shinebayar-g opened 5 years ago

shinebayar-g commented 5 years ago

Hi, first of all thanks for the project. It looks very clean and on point.

I guess I deployed the project correctly.. Here is my config.

# exports.txt
/shared *(rw,sync,no_subtree_check,fsid=0,insecure,no_root_squash)

I've run AppArmor config and modified docker run command. Server starts correctly.

# docker run command
$: docker run -d --restart=always \
  -p 10.148.0.3:2049:2049 \
  -v /lib/modules:/lib/modules:ro \
  -v `pwd`/exports.txt:/etc/exports:ro \
  -v `pwd`/shared:/shared \
  --cap-add SYS_ADMIN \
  --cap-add SYS_MODULE \
  --security-opt apparmor=erichough-nfs \
  --name nfs \
  erichough/nfs-server:2.2.1
# server startup log
==================================================================
      SETTING UP ...
==================================================================
----> setup complete

==================================================================
      STARTING SERVICES ...
==================================================================
----> starting rpcbind
----> starting exportfs
----> starting rpc.mountd on port 32767
----> starting rpc.statd on port 32765 (outgoing from port 32766)
----> starting rpc.nfsd on port 2049 with 16 server thread(s)
----> all services started normally

==================================================================
      SERVER STARTUP COMPLETE
==================================================================
----> list of enabled NFS protocol versions: 4.2, 4.1, 4, 3
----> list of container exports:
---->   /shared *(rw,sync,no_subtree_check,fsid=0,insecure,no_root_squash)
----> list of container ports that should be exposed:
---->   111 (TCP and UDP)
---->   2049 (TCP and UDP)
---->   32765 (TCP and UDP)
---->   32767 (TCP and UDP)

==================================================================
      READY AND WAITING FOR NFS CLIENT CONNECTIONS
==================================================================

Now when I try to mount NFS server to test docker container like this I'm getting this error.

# docker run command of test container
$: docker run -dit \
  --cap-add SYS_ADMIN \
  --name test \
  ubuntu:16.04
$: docker exec -it test bash
$: mkdir /testing
$: mount -o rw 10.148.0.3:/shared /testing
mount.nfs: access denied by server while mounting 10.148.0.3:/shared

$: mount -vvv 10.148.0.3:/shared /testing
mount.nfs: timeout set for Wed Aug  7 12:01:15 2019
mount.nfs: trying text-based options 'vers=4,addr=10.148.0.3,clientaddr=172.17.0.19'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 10.148.0.3:/shared

What am I missing? Looks like #20 is kinda same.

Any how to use on client side docs would be super helpful :rocket:

shinebayar-g commented 5 years ago

Looks like passing --cap-add SYS_ADMIN on client docker container wasn't enough! Running with privileged fixed the issue.

docker run -dit \
  --privileged  \
  --name test \
  ubuntu:16.04
ehough commented 5 years ago

Sorry for the delayed response; I was sick pretty much all last week.

Thanks for your report. That's really interesting that you had to add --privileged to the client container to be able to mount. I'm going to try to reproduce this locally - stand by!

shinebayar-g commented 5 years ago

Wish you well sir.