Docker / NFS bug

[wbk30]

Just manually upgraded to Bluefin from Angelfish and noticed an interesting bug. When trying to start a docker container that uses host mounts that are also shared through NFS, the container will fail to start

Error: Error response from daemon: invalid volume specification: '/mnt/Dataset/ChildDataset:/ChildDataset': Invalid mount path. /mnt/Dataset/ChildDataset. Following service(s) uses this path: `NFS Share`.

Workaround is to disable all affected NFS shares then start the docker container then re-enable the NFS shares and everything works happily

 

[morganL]

Just manually upgraded to Bluefin from Angelfish and noticed an interesting bug. When trying to start a docker container that uses host mounts that are also shared through NFS, the container will fail to start

Error: Error response from daemon: invalid volume specification: '/mnt/Dataset/ChildDataset:/ChildDataset': Invalid mount path. /mnt/Dataset/ChildDataset. Following service(s) uses this path: `NFS Share`.

Workaround is to disable all affected NFS shares then start the docker container then re-enable the NFS shares and everything works happily

Nice catch and work-around.

Please report-a-bug and report back the bug-id.

 

[wbk30]

Report created: NAS-118221

 

[rs_taylor]

Same thing happens for SMB Shares

 

[cberg18]

Also happens for CloudSync Tasks

 

[Mixel]

I can confirm these SMB issues. Have filed a bug report, Nas-118229.

 

[anodos]

I can confirm these SMB issues. Have filed a bug report, Nas-118229.

This is not a bug. Path validation for host paths was missing in early SCALE versions, it has been added, but I believe there is an option to disable host path validation for free / home users (or there will be).

 

[Mixel]

Well, it is a bug. When you enter a valid path, it wont work when you have smb shares enabled in services. If you shutdown smb share services, you can start th app again.

Regarding validating folders, i havent seen that option anywhere. Maybe thats defined within the app package itself?

 

[rs_taylor]

Well, it is a bug. When you enter a valid path, it wont work when you have smb shares enabled in services. If you shutdown smb share services, you can start th app again.

Regarding validating folders, i havent seen that option anywhere. Maybe thats defined within the app package it

If not a bug then its a stupid, ill thougt out feature.

 

[truecharts]

This is not a bug. Path validation for host paths was missing in early SCALE versions, it has been added, but I believe there is an option to disable host path validation for free / home users (or there will be).

There is a related, and ix-confirmed, bug though: the same validation should not be blocking snapshots/replication combined with apps.
But that's actively being worked on.

If not a bug then its a stupid, ill thougt out feature.

There are a lot of issues related to combining shares and App related storage. We've recieved very many of those. Primarily the often used ACL's are causing issues due to inherent incompatibility. So we completely understand why, for stability and data safety, iX is going to default to disable those.
While the "override this validation" option is not available in the GUI yet, iX is indeed, like @anodos stated, is working on a disable feature which is already available in the CLI

As a workaround, you can mount NFS shares instead of hostPath on our Apps :)

 

[mndsm]

Can someone please provide the CLI command to disable this check?

 

[shimian5]

Can someone please provide the CLI command to disable this check?

enter the cli with 'cli'

'app kubernetes update validate_host_path=false'

 

[sstruke]

enter the cli with 'cli'

'app kubernetes update validate_host_path=false'

Thank you

 

[truecharts]

enter the cli with 'cli'

'app kubernetes update validate_host_path=false'

It should be part of the GUI now with BETA 2.
That being said: We want to advice users that when 22.12 releases, we will not offer official support to anyone having that flag set.

 

[dlsniper]

enter the cli with 'cli'

'app kubernetes update validate_host_path=false'

Thank you! I just upgraded to 22.12 RC1 from 22.04 and I noticed my container wouldn't start because the NFS service uses one of the mounts.

I don't understand the purpose of this feature. What does it try to achieve?

 

[sstruke]

Thank you! I just upgraded to 22.12 RC1 from 22.04 and I noticed my container wouldn't start because the NFS service uses one of the mounts.

I don't understand the purpose of this feature. What does it try to achieve?

Open apps.... setings... Advanced Settings: then uncheck Validate host path

 

[soleous]

Thank you! I just upgraded to 22.12 RC1 from 22.04 and I noticed my container wouldn't start because the NFS service uses one of the mounts.

I don't understand the purpose of this feature. What does it try to achieve?

I've also come across this today and am curious about what this is trying to achieve.

It's also happening with replication services but I don't see a JIRA ticket for that.

 

[truecharts]

I've also come across this today and am curious about what this is trying to achieve.

It's also happening with replication services but I don't see a JIRA ticket for that.

It should not be happening with replication on RC1.

The goal has been described a few times by now:
TLDR: (data) security reasons...

 

[Evan Richardson]

22.12 released version has this issue still,, had to use the work around to get a k3s pod to start.

 

[Patrick M. Hausen]

Just curious, because I use mostly CORE and jails - how is one supposed to manage a ton of files via SMB share and then access that dataset from an app like Nextcloud or Photoprism? Like a jail mount used as external storage in Nextcloud for example.