0

I'm on a problem and I hope for some help?

I have a server with 5 network interfaces. One is running PPPoE from a bridged modem and gets the external IP. I'm using firewalld and dnsmasq to share that connection to the other 4 ports and devices on my network, all works fine.

I am now trying to put a virtual machine on the host, using libvirt/KVM. That works, and I have created a machine with a 512MB virtual disk for boot, and a separate 5GB disk for root. My aim is though, to move the 5GB root to an NFS root, so the VM boots off its/boot disk and pivots to an NFS root on the host. However, each time I try to mount NFS from host to client it fails, access is denied. However, from any machine elsewhere on the network it mounts.

Can I not NFS mount from host to client? Am I doing something wrong?

My reason for doing this is my host is running root (and a couple of other disks) on a nvme or SATA SSD disks with the f2fs filesystem. I'd rather the client could use the f2fs filesystem via NFS directly on the host, so the host f2fs driver can balance the wear on the SSD's, rather than a big lump of a virtual disk formatted to another FS sitting on the host's disks. It makes sense to me that if the root for the client is hosted on the f2fs filesystem directly rather than a raw disk image it will improve wear on the SSD? I'll take the NFS hit (negligible) if it means I'm being kinder to the chips, and hosting NFS over virtio (quick?!)

Has anyone done this? Any tips? Am I mad?

All machines, virtual or physical, get unique IPs from dnsmasq. I can ping from a virtual to a host, and ping google from virtual. I just cannot access the NFS shares!

Thanks,

Ian

djdomi
  • 1,599
  • 3
  • 12
  • 19
Bon
  • 1
  • 1
  • Please provide your `/etc/exports` file from the host and also describe the network configuration (how do you connect a VM to the network, which addresses do you have on the host, in the VM and on machines where it works and so on). // You may also get rid of the boot volume, by configuring a PXE boot infrastructure. – Nikita Kipriyanov Sep 11 '21 at 19:07
  • How is authentication taking place? Is root squash enabled? Do the users and groups who are accessing it have the same UID and GID on the server and the client? – Nasir Riley Sep 11 '21 at 19:45
  • @NikitaKipriyanov The export from the host is : /NFSroot/OpenVPN 10.1.0.171/24(rw,sync,fsid=0,no_subtree_check,insecure) 171 i the address the client is attached to, and it is locked in dnsmasq settings. Everything (physical and virtual) on internal is on subnet 10.1.0. I would like the VM to boot of it's own /boot volume and pivot to nfs root? – Bon Sep 11 '21 at 20:34
  • @NasirRiley I believe so, but I will check. However everything mounting externally works, it is the client machines in KVM that will not work. I have everything from Windows, Ubuntu, SuSE, and Android all able to mount externally. Internal stuff will not bridge. – Bon Sep 11 '21 at 20:39
  • @NikitaKipriyanov I have one extternal physical card which is bridged to opwnwrt modem. That card gets the external ip address. Firewalld and fail2ban lock that external up tight. It is in the 'external' domain on firewalld. My 4 internal physical ports are 'internal' on firewalld, masqueraded to the external over a br0 bridge. I want to ad a virtual interface to that br0 now, for the virtual machine so it may access the internet global and the local, as all other physical machines do. – Bon Sep 11 '21 at 20:42
  • @Bon I understand that but the issue isn't that it isn't mounted. The issue is the permission denied error which indicates that the users and/or groups on the client don't have permissions which could be due to either them just not being there on the server or the UID and GID not being the same on both. – Nasir Riley Sep 12 '21 at 01:41
  • Which NFS version do you use? NFSv3 is *tricky* to enable in the firewall, due to its port mapping architecture. – Nikita Kipriyanov Sep 12 '21 at 12:57

0 Answers0