Cannot mount NFS share via NLB IP?
Hi everybody.
I have install and configure Highly Available NFS Server with Pacemaker & DRBD with 2 node so everything is work fine i can test fail over between 2 node. But i want to use NLB for serve traffic from client also i create NLB and point NLB to backend server (2 node) via allow TCP port 2049 and i created A record to NLB IP, then i tried test mount nfs share from other node (e.g. server1) the result is fail. follow as below,
~# mount -t nfs -v -o proto=tcp,port=2049 nfs.demo.com:/mnt/k8sdata/tgt /tmp
mount.nfs: timeout set for Mon Aug 17 09:15:38 2020
mount.nfs: trying text-based options 'proto=tcp,port=2049,vers=4.2,addr=139.xx.xx.1,clientaddr=172.xx.xx.1'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting nfs.demo.com:/mnt/k8sdata/tgt
Remark: I quite sure it's not permission problem because when i tried mount nfs share direct to NFS IP server (e.g. mount -t nfs -v -o proto=tcp,port=2049 nfs1:/mnt/k8sdata/tgt /tmp >> It's work fine.
Please let me know if you have any suggest may i do mistake something
Thanks.
4 Replies
rgerke
Linode Staff
This is a tough one, so I did some digging around online for you to see if I could find something that would at the very least send you in the right direction.
Without being able to see your entire configuration, I can offer some suggestions. The first is this thread from linuxquestions.org - it suggests changing the netmask. Check it out:
mount.nfs: mount(2): Permission denied - only for one host
Some other suggestions are offered here:
This should give you a good place to start. Feel free to report any successes or failures here, and I'll add some tags to this post to make it more visible to other members of the Linode Community as well.
With NFS, do you have to specify the mounting server’s IPs in the exports file?
Requests through a NodeBalancer will appear to come from a private IP range, not the server or NodeBalancer’s IPs.
From this article:
NodeBalancers all have private IP addresses in the 192.168.255.0/24 range. It’s important to note that while their public IP address is persistent, the private IP address will change. When configuring a firewall or other network restriction on back-end Linodes, be sure to allow the entire 192.168.255.0/24 range and not a specific IP address.
Thanks for respond.
Andysh >> With NFS, do you have to specify the mounting server’s IPs in the exports file? >>> It's correct IP clients we need to use mount NFS.
Example:
Server Info: NFS1 (192.168.10.11), NFS2 (192.168.10.12) and i have load balance (NLB is Public IP: eg. 172.104.11.100) also in loadbalancer i allow port tcp 2049 to NFS1 and NFS2
Client If: cln1 (192.168.10.13) >> this ip have configure in exports list in NFS (NFS1, NFS2) already.
In that time NFS active server is NFS1 ((192.168.10.11) so when i tried mount nfs share direct to NFS server like "mount -t nfs -o proto=tcp,port=2049 192.168.10.11:/mnt/k8sdata /tmp" so everything is work fine. But i want to mount via NLB because if NFS1 down client will still access nfs share by NFS2 automatic.
But when i tried "mount -t nfs -o proto=tcp,port=2049 172.104.11.100:/mnt/k8sdata /tmp" it's not working and show result "mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 172.104.11.100:/mnt/k8sdata/tgt"
I thing NLB cannot route to backend. somebody have any idea. please help.
Thanks.