Actually – I forgot we have a firewall rule. Switching to IP address allows the ECCO_PD (as well as the other) mount to work.
-Jeff
From: Solomon Boulos <boulos@waymo.com>
Reply-To: "boulos@waymo.com" <boulos@waymo.com>
Date: Monday, March 22, 2021 at 10:12 AM
To: "Becker, Jeffrey C. (ARC-TN)[InuTeq, LLC]" <jeffrey.c.becker@nasa.gov>
Cc: Frank Filz <ffilzlnx@mindspring.com>, "support@lists.nfs-ganesha.org" <support@lists.nfs-ganesha.org>
Subject: Re: [EXTERNAL] Re: [NFS-Ganesha-Support] Resend: Ganesha PROXY export getting released during Ganesha initialization
You need to be able to mount from that box actually (that’s effectively what the proxy is doing, it’s a client).
Can add -v? So mount -v -t nfs4 ... (/mnt/foo is writeable and owned by you, right?)
On Mon, Mar 22, 2021 at 09:59 Becker, Jeffrey C. (ARC-TN)[InuTeq, LLC] <jeffrey.c.becker@nasa.gov> wrote:
Didn’t work:
# mount -t nfs4 service88:/srv/rex/exports/ECCO_PD /mnt/foo
mount.nfs4: access denied by server while mounting service88:/srv/rex/exports/ECCO_PD
However, I tried with one of the other directories that is working with Ganesha, and that failed the same way. Should I try the mount on a server where Ganesha is not running?
-Jeff
From: Solomon Boulos <boulos@google.com>
Date: Monday, March 22, 2021 at 9:39 AM
To: "Becker, Jeffrey C. (ARC-TN)[InuTeq, LLC]" <jeffrey.c.becker@nasa.gov>
Cc: Frank Filz <ffilzlnx@mindspring.com>, "support@lists.nfs-ganesha.org" <support@lists.nfs-ganesha.org>
Subject: [EXTERNAL] Re: [NFS-Ganesha-Support] Resend: Ganesha PROXY export getting released during Ganesha initialization
Can you attempt an explicit mount on the command line with that path?
On Mon, Mar 22, 2021 at 09:07 Becker, Jeffrey C. (ARC-TN)[InuTeq, LLC] via Support <support@lists.nfs-ganesha.org> wrote:
Sorry about the font – is this better? Daniel G. noted that the directory seems to be missing. Not sure why since export was properly set up. Thanks.
-Jeff
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
My config and log (with DEBUG on) is below. Yes we did not change anything except for adding a bind mount for /ecco (which triggered this). Thanks.
-Jeff
ganesha:~ # cat /etc/ganesha/ganesha.conf
###################################################
#
# Ganesha Config Example
#
# This is a commented example configuration file for Ganesha. It is not
# complete, but only has some common configuration options. See the man pages
# for complete documentation.
#
###################################################
## These are core parameters that affect Ganesha as a whole.
NFS_CORE_PARAM {
## Allow NFSv3 to mount paths with the Pseudo path, the same as NFSv4,
## instead of using the physical paths.
mount_path_pseudo = true;
## Configure the protocols that Ganesha will listen for. This is a hard
## limit, as this list determines which sockets are opened. This list
## can be restricted per export, but cannot be expanded.
Protocols = 4;
## Configure RPC timeout to a long time
RPC_Idle_Timeout_S = 3600;
}
## Configure NFSv4
NFSv4 {
Allow_Numeric_Owners = true;
Only_Numeric_Owners = true;
}
## These are defaults for exports. They can be overridden per-export.
## EXPORT_DEFAULTS {
## Access type for clients. Default is None, so some access must be
## given either here or in the export itself.
## Access_Type = RW;
## }
## Configure settings for the object handle cache
CACHEINODE {
## The point at which object cache entries will start being reused.
Entries_HWMark = 100000;
}
## Configure exports
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1001;
## Exported path (mandatory)
Path = /srv/rex/exports/BD_public_datasets;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /BD_public;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1002;
## Exported path (mandatory)
Path = /srv/rex/exports/ECCO_PD;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /ecco;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1003;
## Exported path (mandatory)
Path = /srv/rex/exports/QuAIL;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /quail;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1004;
## Exported path (mandatory)
Path = /srv/rex/exports/legacygcmdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /legacygcm;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1005;
## Exported path (mandatory)
Path = /srv/rex/exports/data_nasa_gov_nas_storage;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /openinnovation;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1006;
## Exported path (mandatory)
Path = /srv/rex/exports/geonexdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /geonex;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1007;
## Exported path (mandatory)
Path = /srv/rex/exports/PlutoGCM;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /PlutoGCM;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1008;
## Exported path (mandatory)
Path = /srv/rex/exports/spinglasseigendata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /private;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1009;
## Exported path (mandatory)
Path = /srv/rex/exports/smodedata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /smode;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1010;
## Exported path (mandatory)
Path = /srv/rex/exports/fv3gcmdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /fv3gcm;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1011;
## Exported path (mandatory)
Path = /srv/rex/exports/velahalosdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /velahalos;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1012;
## Exported path (mandatory)
Path = /srv/rex/exports/carboncycledata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /carboncycle;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1013;
## Exported path (mandatory)
Path = /srv/rex/exports/hmidata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /hmi;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1014;
## Exported path (mandatory)
Path = /srv/rex/exports/vizdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /viz;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1015;
## Exported path (mandatory)
Path = /srv/rex/exports/venusdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /venus;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1016;
## Exported path (mandatory)
Path = /srv/rex/exports/fun3ddata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /fun3d;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1017;
## Exported path (mandatory)
Path = /srv/rex/exports/co2fluxdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /co2flux;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1018;
## Exported path (mandatory)
Path = /srv/rex/exports/heliodata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /helio;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1019;
## Exported path (mandatory)
Path = /srv/rex/exports/sphdynpcdata;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /sphdynpc;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 129.99.10.106,129.99.10.107,198.9.3.97,198.9.3.98;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1020;
## Exported path (mandatory)
Path = /srv/rex/exports/vizpublic;
## Pseudo Path (required for NFSv4 or if mount_path_pseudo = true)
Pseudo = /vizpub;
## Restrict the protocols that may use this export. This cannot allow
## access that is denied in NFS_CORE_PARAM.
#Protocols = 3,4;
## Access type for clients. Default is None, so some access must be
## given. It can be here, in the EXPORT_DEFAULTS, or in a CLIENT block
Access_Type = RO;
## Whether to squash various users.
Squash = root_squash;
## Allowed security types for this export
#Sectype = sys,krb5,krb5i,krb5p;
## Exporting FSAL
FSAL {
Name = PROXY;
Srv_Addr = 10.2.21.11;
}
CLIENT
{
Clients = 198.9.3.97,198.9.3.98,129.99.240.20;
}
}
EXPORT
{
## Export Id (mandatory, each EXPORT must have a unique Export_Id)
Export_Id = 1021;
## Exported path (mandatory)
Path = /srv/rex/exports/titanwrf1d