/etc/exports missing in Cobia

[MenalausKhan]

I upgraded a fully functional TrueNAS Scale 22.12.4.2 instance to 23.10.0.1. The upgrade process was unexceptional, and the system returned online without issue. Unfortunately, however, the upgrade seems to have wholly borked NFS connections and /etc/exports is missing. NFS is running and publishing allowed protocols, but every incoming connection request gets a "Permission denied." I tried every combination I could think of:

• Restart the service
• Restart the server
• Try connecting with NFS off -- got "Connection refused"as expected
• Created a new dataset and shared it
• Access a share with multiple protocols (SMB & NFS) and NFS-alone
• Without and without allowed hosts or networks
• Wide-open permissions on dataset being shared
• Testing with only NFS3 or only NFS4, or both -- got "Protocol not supported", as expected

None of it mattered; the result was always the same:

# sudo mount -t nfs scaleserver:/mnt/tank/test /tmp/test -vvv
mount.nfs: timeout set for Sat Nov 18 03:02:37 2023
mount.nfs: trying text-based options 'vers=4.2,addr=scaleip,clientaddr=clientip'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=scaleip,clientaddr=clientip'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'vers=4,addr=scaleip,clientaddr=clientip'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'addr=scaleip'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying scaleip prog 100003 vers 3 prot TCP port 2049
mount.nfs: portmap query retrying: RPC: Program/version mismatch
mount.nfs: prog 100003, trying vers=3, prot=17
mount.nfs: portmap query failed: RPC: Program not registered
mount.nfs: access denied by server while mounting scaleserver:/mnt/tank/test

For now I've reverted to 22.12 (don't upgrade your pool flags right away kids!) where /etc/exports is updated and NFS connections "just work."

 

[NugentS]

Are you editing /etc/exports?
If so - you shouldn't. You should be setting up NFS Shares in the GUI

 

[MenalausKhan]

No. All the NFS shares are defined exclusively in the GUI. I was just checking the contents of the file to debug the issue and noticed that in Cobia /etc/exports isn't even there/getting written, whereas in Bluefin it is.

 

[Kris Moore]

Get us a bug ticket with debug file so we can look. We're not seeing this issue elsewhere, might be some specific config that is preventing /etc/exports from being created in your case, but we need full logs to look.

 

[MenalausKhan]

Hey @Kris Moore I finally had some time and retried the upgrade, sadly with the same result. Filed NAS-125621.

 

[anodos]

Hey @Kris Moore I finally had some time and retried the upgrade, sadly with the same result. Filed NAS-125621.

It looks like you have an export referencing a user "minio" that doesn't exist in Cobia and so we refuse to generate the exports file.

 

[MenalausKhan]

Thanks anodos. I updated the share that was using the minio user and confirmed NFS starts now. Does seem strange though that a user previously built-in to the system would cause an issue like this when used in a different context. At least it is working now. Thanks you!

 

[anodos]

Thanks anodos. I updated the share that was using the minio user and confirmed NFS starts now. Does seem strange though that a user previously built-in to the system would cause an issue like this when used in a different context. At least it is working now. Thanks you!

Right, it's a service account for a service that was removed. The account isn't necessarily there to be used as a mapall / maproot parameter for NFS. We currently don't restrict what people place in those fields, you can use builtin or even service accounts for software packages, but the latter shouldn't be relied on as a stable configuration. That said in SCALE we have added "wheel" and "nobody" groups to aid users who are migrating from Core to SCALE, but the cases where we're adding new builtin users / groups will always be carefully considered and minimized.

We will improve visibility of this sort of misconfiguration on upgrade so that it's easier to self-service (which is the direction that your ticket is taking).