Pull request sent.
On Mon, Jan 25, 2021 at 11:21 AM Nir Soffer <nsoffer(a)redhat.com> wrote:
On Mon, Jan 25, 2021 at 7:23 PM Matt Snow <mattsnow(a)gmail.com>
wrote:
>
> I can confirm that removing "--manage-gids" flag from RPCMOUNTDOPTS in
/etc/default/nfs-kernel-server now allows me to add the ZFS backed NFS
share.
>
> From the man page:
>
> -g or --manage-gids
> Accept requests from the kernel to map user id numbers into lists of
group id numbers for use in access control. An NFS request will normally
(except when using Kerberos or other cryptographic authentication) contains
a user-id and a list of group-ids. Due to a limitation in the NFS protocol,
at most 16 groups ids can be listed. If you use the -g flag, then the list
of group ids received from the client will be replaced by a list of group
ids determined by an appropriate lookup on the server. Note that the
'primary' group id is not affected so a newgroup command on the client will
still be effective. This function requires a Linux Kernel with version at
least 2.6.21.
>
>
> I speculate that if I had directory services setup and the NFS server
directed there, this would be a non-issue.
>
> Thank you so much for your help on this, Nir & Team!
You can contribute by updating the nfs troubleshooting page with this info:
https://www.ovirt.org/develop/troubleshooting-nfs-storage-issues.html
See the link "Edit this page" in the bottom of the page.
> On Mon, Jan 25, 2021 at 1:00 AM Nir Soffer <nsoffer(a)redhat.com> wrote:
>>
>> On Mon, Jan 25, 2021 at 12:33 AM Matt Snow <mattsnow(a)gmail.com> wrote:
>>
>> I reproduced the issue with ubuntu server 20.04 nfs server.
>>
>> The root cause is this setting in /etc/default/nfs-kernel-server:
>> RPCMOUNTDOPTS="--manage-gids"
>>
>> Looking at
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1454112
>> it seems that the purpose of this option is to ignore client groups,
which
>> breaks ovirt.
>>
>> After removing this option:
>> RPCMOUNTDOPTS=""
>>
>> And restarting nfs-kernel-server service, creating storage domain works.
>>
>> You can check with Ubuntu folks why they are enabling this configuration
>> by default, and if disabling it has any unwanted side effects.
>>
>> Nir
>>