New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Backup NFS - Operation not permitted during mount #6114
Comments
@adampetrovic |
I have the exact same issue longhorn v1.5.1 using helm Personally i don't have access to the NFS server |
i also struggle with this issue.. V1.5.1 |
@ozid @DanielG0721 |
Hello @derekbit i checked a bit more and i see this on a tcpdump: First line is the pod making the request Find strange this is working on the host itself and not the pod, but after testing on an another privileged pod i have the exact same issue. Ill try to search the issue but on the server side i can only whitelist our IP nothing else |
I just notice when the traffic coming from the pod to the NFS server it use as source port a range of unprivileged ports (above 1023), .... After testing a rule on my gateway to rewrite the source port to use a port between 1-1023 |
@ozid |
I would love to know why also but there is so many ways of doing thing... Maybe it worth writing this on the documentation here: |
cc @mantissahz |
Could you share more about how you managed to fix this issue ? Thanks |
Hello @dotdiego yes of course, so basically your NFS server expecting your client to have a source port to be in the privileged port range, in simple term it must be under 1024. So you must somehow find a way to make sure your client (in this case, the longhorn pod) is making a nfs query with a source port between 1-1023. In my case, my kubernetes cluster need to go through my gateway server to reach the NFS, good news for me it's fully managed with linux tools so i can manipulate the traffic as i want, this is why i added this line to my gateway: So after adding this, my gateway rewrite the original source port wich was: 54850 to a random port between 1-1023 Before my command tcpdump was output something like this: After my command on my gateway: Hope it's more clear for you |
@james-munson Please help with the doc as @derekbit mentioned. We need a KB doc. |
I stumbled across this as I'm attempting to debug this issue on my own k3s cluster. I'm running into this
Nothing is logged in
Here's my environment details and I will submit a support bundle as well. Longhorn version: 1.5.3 |
@npawelek maybe you could try to tcpdump at the host level just to be 100% sure there is no nat applied once the traffic goes out of the CNI. |
Describe the bug (馃悰 if you encounter this issue)
Setting
backupTarget
to an NFS store is giving an Operation not permitted error in the UII am using a Synology NAS that only supports up to v4.1
My kubernetes nodes are within the subnet above
To Reproduce
Manually exec the mount command from within a longhorn-manager:
Executing the same command directly on a k8s node works fine:
Expected behavior
NFS should mount
Log or Support bundle
If applicable, add the Longhorn managers' log or support bundle when the issue happens.
You can generate a Support Bundle using the link at the footer of the Longhorn UI.
Environment
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: