need help with NFS mount on Debian10 VM hosting docker containers

Currently reading
need help with NFS mount on Debian10 VM hosting docker containers

162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello all,
After having issues with Docker NginxPM not able to get the real client IP and wanting to use something more "standard" than MacVLAN, I decided to pull the trigger and create a Debian10 VM on my Synology to host a few containers such as AdGuardHome, NginxPM and have their config files and data hosted on a NFS share.
The VM is now up and running with docker, docker compose, portainer agent (so it can be managed from the portainer hosted directly on the NASes docker) and nfs-common but I did not manage to get the NFS share to work properly.
I needed to do something as simple to maintain as possible and also easy to rebuild in case of issue.
At some point, I managed to get one NFS share visible and usable on the VM but unfortunately, the containers were not able to use the share so until I get it working properly, I manually sync one of the VMs local folder containing the containers data (mounted volumes) with the NFS share mounted on the VM.
I did one attempt today to create a new share on the NAS and try to get it mounted on the VM but it seems like I something I did is not right but I can't figure out what ...

Below how my Share is configured (sorry interface is in french :P ) :
- Permissions (user has on Syno has the same ID as the user in VM)
DSM 2021-07-30 181430.png


- File Station
DSM 2021-07-30 181803.png


- NFS
DSM 2021-07-30 180951.png



And what I did in the VM to mount the share (it failed)
root@deb10vm:/# mkdir /mnt/docker-nfs root@deb10vm:/# mount 192.168.1.250:/volume3/NFS_VM_Share /mnt/docker-nfs mount.nfs: access denied by server while mounting 192.168.1.250:/volume3/NFS_VM_Share

It would be great if anyone could help me go through this configuration.

Thanks.
 
Last edited:
How does your etc/exports file looks like on the nas side? Are there any insecure_locks elements? If so, try and remove the _locks part, save, and try again.
Hi Rusty,
Thanks for your reply.
I have just checked and yes, the share which is mounted (but not usable by docker) as well as the one I can not mount both have insecure_locks in their configuration in /etc/exports (see below contents of my /etc/exports)

/volume3/Syno_Sys_Shared 192.168.1.0/24(rw,async,no_wdelay,crossmnt,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100) /volume3/VM_NFS_Share 192.168.1.0/24(rw,async,no_wdelay,crossmnt,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

After removing the insecure_locks from the /etc/exports file, I have again tried to mount the share (/volume3/VM_NFS_Share) and got the same error : mount.nfs: access denied by server while mounting 192.168.1.250:/volume3/NFS_VM_Share

Edit: I'm stoopid :D tried to mount an inexistant export :/ ... I have switched VM and NFS in the name of the export I tried to mount...
Got to check now if the containers know how to use the new mount and I will report
 
Upvote 0
Ok so I ran a few tests and still no success :/
- I put back the insecure_locks, in my /etc/exports then tried to mount both NFS shares and both were mounting and accessbile from the VM
- added lines in my fstab to get them mounted on sys startup
#192.168.1.250:/volume3/Syno_Sys_Shared/Debian_Docker /mnt/nfs nfs defaults,nouser,exec,auto 0 0 192.168.1.250:/volume3/VM_NFS_Share /mnt/docker-nfs nfs defaults,nouser,exec,auto 0 0
1st line is commented because it will not be used anymore. I will cleanup the /etc/fstab once I have validated that new mount for new share is all OK

So now back to containers access to the NFS share mount :
- containers are created from portainer stack with volumes instruction :
volumes: - /DOCKER/HOST/LOCAL/PATH/:/CONTAINER/PATH

example for log volume for adguard (which is working right now):
volumes: - /dockerdata/adguard/log/:/var/log/

- the aim is to be able to use NFS share mount instead of local directory
volumes: - /MNT/ON/DOCKER/HOST/:/CONTAINER/PATH

example for log volume for adguard:
volumes: - /mnt/docker-nfs/adguard/log/:/var/log/

This should be OK from my point of view but when I replace /dockerdata/ to /mnt/docker-nfs/ in any of my stack definitions, the containers break...
 
Upvote 0
Hello,

I'm still stuck at the same point where my Debian VM (hosted on NAS VMM) has access to the NFS (on the same NAS) but the containers (on the VM) do not seem to have proper access to the NFS share.
Anyone here has managed to use this kind of installation successfully?

Thanks.
 
Upvote 0
Hello,

I'm still stuck at the same point where my Debian VM (hosted on NAS VMM) has access to the NFS (on the same NAS) but the containers (on the VM) do not seem to have proper access to the NFS share.
Anyone here has managed to use this kind of installation successfully?

Thanks.
Even if you configure the NFS data shared for Everyone (r/w permissions)? Just to test out is it permissions or the NFS configuration that is the problem.
 
Upvote 0
Last edited:
I tried to modify the rights to allow RW to everyone (in File Station) :

1627836966149.png


I synced the data from "local" /dockerdata/adguard/ to mounted /mnt/docker-nfs/adguard/log/.
I tried to switch the paths in my adguard container from "local" /dockerdata/adguard/ to mounted /mnt/docker-nfs/adguard/log/.
The container starts fine, it even writes the logs in /mnt/docker-nfs/adguard/log/AdGuard.log for the startup :
Code:
2021/08/01 18:50:10.904604 [info] AdGuard Home, version v0.106.3
2021/08/01 18:50:11.039257 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
2021/08/01 18:50:11.192656 [info] auth: initialized.  users:1  sessions:4
2021/08/01 18:50:11.192707 [info] Initialize web module
2021/08/01 18:50:11.394395 [info] AdGuard Home is available on the following addresses:
2021/08/01 18:50:11.395481 [info] Go to http://127.0.0.1:3080
2021/08/01 18:50:11.395530 [info] Go to http://[::1]:3080
2021/08/01 18:50:11.395551 [info] Go to http://192.168.1.251:3080
2021/08/01 18:50:11.395571 [info] Go to http://172.17.0.1:3080
2021/08/01 18:50:14.155304 [info] Starting the DNS proxy server
2021/08/01 18:50:14.155373 [info] The server is configured to refuse ANY requests
2021/08/01 18:50:14.155392 [info] DNS cache is enabled
2021/08/01 18:50:14.155415 [info] MaxGoroutines is set to 300
2021/08/01 18:50:14.155442 [info] Creating the UDP server socket
2021/08/01 18:50:14.155725 [info] Listening to udp://[::]:53
2021/08/01 18:50:14.155750 [info] Creating a TCP server socket
2021/08/01 18:50:14.155846 [info] Listening to tcp://[::]:53
2021/08/01 18:50:14.190508 [info] Entering the UDP listener loop on [::]:53
2021/08/01 18:50:14.190700 [info] Entering the tcp listener loop on [::]:53
But when I try to reach http://192.168.1.251:3080, it is not reachable

So I switched the paths back to /dockerdata/adguard/, restarted the container checked the logs in /dockerdata/adguard/log/AdGuad.log and have the same lines (just different timestamps) and http://192.168.1.251:3080 works fine

So nothing new :cry:
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I have been running Starcraft, warcraft, wow, and diablo games for years off a NAS as well. No problem at...
Replies
1
Views
981
I dont know, needing to enter any credentials defeats my purpose of having that guest folder share...? at...
Replies
2
Views
1,597
  • Question
I have been digging down a similar path with SMB multichannel. I was expecting the mounts for Filestation...
Replies
1
Views
1,343
Just joined the forum to post that this did help me in the end and how I got this to work for me. I...
Replies
14
Views
6,577
I'm using smb only on my windows pc. I have android devices with kodi but there i'm using NFS without any...
Replies
2
Views
3,082
worked out what the problem was - schoolboy error. i hadn't created a user on the NAS with the same...
Replies
1
Views
3,301
Hi everyone, on my linux machine (Mageia) I would like one user (let's say, user1) to be able to access...
Replies
0
Views
1,481

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top