EDIT

I found the issue, it was me!! LOL I thought it had to be a setting I had forgotten and it was, I forgot to enable NFS & Nesting under Features in the Otions of the cotainer, see this image - https://imgur.com/bSiozKS

Thank you to everyone that took the time to reply and offer their suggestions.

Hi All,

Let me start with some basic basic background on my set up, I have a server running Proxmox with some Ubuntu containers. I have a separate server running TrueNas with a share that has both NFS & SMB set up. I can see this share in Windows 11 and read and write to it.

One of the Ubuntu containers is able to see this share via NFS and read and write to it too. I am testing Sonarr, Prowlarr & Qbittorrent Docker containers and got the basics set up, Sonarr can find episodes via Prowlarr of a TV show, hand it off to Qbittorrent to download and then move it from the download folder to the TV folder. Both the download folder and the TV folder are on the TrueNas server.

I then set up a Docker container for AudioBookShelf in the same Ubuntu CT and that can also read and write to the NFS share.

My issue is that I tried to set up another Ubuntu CT on the Proxmox server but cannot seem to access the NFS share on the TrueNas server.

This is what I did (which I think was the same process as the working CT)

  • 1/Create a privileged conatiner
  • 2/ Update and upgrade the CT
  • 3/ Install nfs-common
  • 4/ Create a directory in the CT in the /mnt directory for the NFS share
  • 5/ added this line to the fstab file in /etc 192.168.0.188:/mnt/store/test-share /mnt/test-share nfs defaults 0 0

However, when I run mount -a I get this error message mount.nfs: access denied by server while mounting 192.168.0.188:/mnt/store/test-share

Running df -h does not show the mount obviously but it does in the working CT

As a further test, I cloned the working CT, deleted all the Docker containers and I can still see the NFS just fine.

I have probably missed a step while setting up the new CT but I’m not sure what.

Can anyone offer some help?

TheDevil
link
fedilink
English
2
edit-2
1Y

The two docker containers can access the share, but the new proxmox container can’t?

The new proxmox container will have a different IP. My guess would be that the IP of the docker host is permitted to access the nfs share but the ip of the new proxmox container is not.

To test, you can allow access from your entire lan subnet (192.168.1.1/24)

Edit: For reference see: https://www.truenas.com/docs/scale/scaletutorials/shares/addingnfsshares/#adding-nfs-share-network-and-hosts

In particular: If you want to enter allowed systems, click Add to the right of Add hosts. Enter a host name or IP address to allow that system access to the NFS share. Click Add for each allowed system you want to define. Defining authorized systems restricts access to all other systems. Press the X to delete the field and allow all systems access to the share.

@SonyJunkie@lemmy.world
creator
link
fedilink
English
11Y

Hi, thanks for your reply.

Lets call the original Proxmox container CT1 and this has the *arrs Dockers that can access and interact with the NFS share on TrueNAS

Lets call the new Proxmox container CT2 and this is the one giving me the can’t access error

Lets call the cloned Proxmox container CT1Clone, this one can access the NFS share.

I think the NFS share is not restricted to any IP address, this is a screenshot of the NFS permissions. https://i.imgur.com/9k5jnw4.png I can also access if from my Windows machine that also has a different IP address.

CT1 & CT1Clone work fine, CT2 doesn’t work.

TheDevil
link
fedilink
English
21Y

You can ignore the windows machine unless it’s using nfs, it’s not relevant.

Your screenshot suggests my guess was incorrect because you do not have any authorised Networks or Hosts defined.

Even so if it was me I would correctly configure authorised hosts or authorised networks just to rule it out, as it neatly explains why it works on one container but not another. Does the clone have the same IP by any chance?

The only other thing I can think for you to try is to set maproot user/group to root/wheel and see if that helps but it’s just a shot in the dark.

@SonyJunkie@lemmy.world
creator
link
fedilink
English
11Y

Hi,

The clone has a different IP address

@HybridSarcasm@lemmy.world
mod
link
fedilink
English
21Y

Add “-vvv” to your mount command and see what else it tells you.

@SonyJunkie@lemmy.world
creator
link
fedilink
English
11Y

Hi, thanks for your reply.

when I run mount -a -vvv I get the following:

mount.nfs: timeout set for Tue Aug 8 16:14:10 2023

mount.nfs: trying text-based options 'vers=4.2,addr=192.168.0.188,clientaddr=192.168.0.116' mount.nfs: mount(2): Permission denied

mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.0.188,clientaddr=192.168.0.116'

mount.nfs: mount(2): Permission denied

mount.nfs: trying text-based options 'vers=4,addr=192.168.0.188,clientaddr=192.168.0.116'

mount.nfs: mount(2): Permission denied

mount.nfs: trying text-based options 'addr=192.168.0.188'

mount.nfs: prog 100003, trying vers=3, prot=6

mount.nfs: trying 192.168.0.188 prog 100003 vers 3 prot TCP port 2049

mount.nfs: prog 100005, trying vers=3, prot=17

mount.nfs: trying 192.168.0.188 prog 100005 vers 3 prot UDP port 661

mount.nfs: mount(2): Permission denied

mount.nfs: access denied by server while mounting 192.168.0.188:/mnt/store/test-share

@SpazOut@lemmy.world
link
fedilink
English
2
edit-2
1Y

Check the /etc/exports on the host. Is the .116 device listed there?

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 21 users / day
  • 54 users / week
  • 218 users / month
  • 820 users / 6 months
  • 1 subscriber
  • 1.57K Posts
  • 8.89K Comments
  • Modlog