TrueNAS 13 NFS Exports question: how to share RO to all, RW to some IPs

[Jfs]

I've looked at previous questions about this same issue, but they're for older releases (9, 11) and it's not clear to me if this limitation is still in place, or if there's a way to work around it. I'm completely new to TrueNAS, deploying one at $WORK and testing alot before I go into production. We're basically moving a bunch of NFS volumes from a Netapp to TrueNAS datasets. They're mostly RO (ReadOnly) filesystems, which I want to export to three /24 blocks of addresses. Then I need to make those same datasets (shares) ReadWrite (RW) to a specific couple of IPs. Please excuse me if I'm using the wrong terminology, I come from a Netapp/Linux/Solaris background.

I've created a DataSet called 'group', and then under that I created a couple of new datasets called 'test1' and 'test2'.

For example, I want to share /mnt/tank/group/test1 with the following privs:

10.1.1.0/24 RO
10.1.2.0/24 RO
10.1.2.44/32 RW

But I can't seem to find a way to make this happen using the web interface. Since I'm coming from a Netapp background, I know I've got a lot to learn here on how things work.

I've looked at the threads titled:

NFS Share: RO to network, but RW to nodes
Share NFS rw to one host, but ro to all others.

And I then tried to setup a new RO share, but when I made the share be from the same filesystem I created (/mnt/tank/group/test1) it wouldn't let me create the share since it said the path was already exported.

Would it be smarter to just export /mnt/tank/group RO, and dis-allow mounts from sub-directories, then create specific exports at the next level down to make them read/write to just a subset of hosts? Hmm... I just tried this, and I cannot mount /mnt/tank/group/test2 even though I setup a share for /mnt/tank/group which is RO and has the 'All Dirs' option selected so I can mount sub-directories (filesets at the next level down) but it's not letting me.

I'm doing the following from 10.1.2.44:

mount -o ro truenas:/mnt/tank/group/test2 /tank/test2

and it fails and says it's now allowed. My client is Solaris 10 x86_64, which I know is ancient, but it works for what I need. Mounting /mnt/tank/group to /tank/test2 DOES work in terms of mounting, but isn't what I need.

Basically, I'll be mounting a whole bunch of datasets from the TrueNAS using NIS automount maps. And I need to keep the client side paths the same.

Any thoughts?

 

[winnielinnie]

Unfortunately, TrueNAS doesn't allow specifying auxiliary parameters under NFS Shares.

While you can do this for SMB Shares, Rsync Modules, SSH, UPS, as well as among other places in the GUI, no such option exists under NFS Shares.

I filed a feature request for this, and it was immediately shot down. They will not add a text field for auxiliary parameters for NFS Shares. (The reason given for why auxiliary parameters exist everywhere else in the GUI is "for historical reasons".)

 

[awasb]

Did you try via /etc/exports?

 

[Jfs]

I managed to get this working. Someone needs to update the docs with some examples. Basically I created two shares. One was marked "ReadOnly" and had the subnets listed as what was allowed.

The second one had JUST the three hosts listed. You can't combine host level and subnet level declarations in the same share. This is not obvious and it would be better if they just had a share line, and then you could add individual shares, marked RO or RW as needed.

 

[winnielinnie]

You can't combine host level and subnet level declarations in the same share.

Really? But both fields are available when you create an NFS share.

 

[Jfs]

I also didn't want to muck with /etc/exports directly since all the config in the HA setup is stored in the DB, and would overwrite my by-hand changes. Now I'm trying to figure out how to use the API to make calls, since I need to create a bunch of datasets, their NFS exports, etc. Painful and slow in the GUI.