Truenas Core NFS Server - maproot as root not behaving as expected

[Kailee71]

Hi all. Using TrueNAS-12.0-U6.1 as a VM on ESXI 7.0 running on a DL380 G8 (yes, taking all necessary precautions, passing through an LSI etc etc). Until recently, I was NFS exporting back some of the storage on TrueNAS VM to the ESXI host as a (temporary) VM datastore. Now this no longer works. I have maproot user set as root, maproot group as wheel, but the maproot user mapping no longer works; new files are created as uid 65534 (nobody). This is a problem in my case as ESXI expects full access as root:root to the datastore directories of the VMs, which due to the maproot user no longer mapping to root no longer works; as viewed from the ESXi host:

Code:

root@esxi:/vmfs/volumes/9403a0c1-984dc898-0000-000000000000 ls -ln

total 152

drwxr-xr-x    2 0        0                2 Nov 22 23:37 testdir
drwxr-xr-x    2 0        0               42 Nov  1 23:35 testserver0
drwxr-xr-x    2 0        0               31 Aug  5 00:54 testserver1
drwxr-xr-x    2 0        0               16 Aug  5 00:31 testserver2
drwxr-xr-x    2 0        0               10 Oct  2 21:02 win11_x64

root@esxi:/vmfs/volumes/9403a0c1-984dc898-0000-000000000000

and as viewed from the truenas VM:

Code:

truenas# ls -la
total 148
drwxrwxrwx  8 root    wheel   8 Nov 23 00:37 .
drwxr-xr-x  7 root    wheel   7 Nov 22 23:58 ..
drwxr-xr-x  2 nobody  wheel   2 Nov 23 00:37 testdir
drwxr-xr-x  2 root    wheel  42 Nov  2 00:35 testserver0
drwxr-xr-x  2 root    wheel  31 Aug  5 02:54 testserver1
drwxr-xr-x  2 root    wheel  16 Aug  5 02:31 testserver2
drwxr-xr-x  2 root    wheel  10 Oct  2 23:02 win11_x64
truenas#

and as viewed from an ubuntu VM that has the same export mounted:

Code:

root@ubuntuvm0:/truenas/vms# root@ubuntuvm0:/truenas/vms# ls -ln
total 131
drwxr-xr-x 2 65534 0  3 Nov 22 23:46 testdir
drwxr-xr-x 2     0 0 42 Nov  1 23:35 testserver0
drwxr-xr-x 2     0 0 31 Aug  5 00:54 testserver1
drwxr-xr-x 2     0 0 16 Aug  5 00:31 testserver2
drwxr-xr-x 2     0 0 10 Oct  2 21:02 win11_x64
root@ubuntuvm0:/truenas/vms#

The testdir is a directory I created whilst temporarily setting the exports perms to 777...

I just updated to U6.1, afaik until this point all was working (although it's a good couple of weeks ago since I fired up those particular VMs).

I tried completely removing all shares, re-creating them, NFS3 vs NFS4, etc etc. But each time root on ESXI (NFS client) maps to nobody. Same on a ubuntu VM I fired up to try if that was any different - still gets mapped to 65534, but at least ubuntu shows it as 65534 and not 0...

Am I doing something wrong or has something changed recently?

Any and all pointers much appreciated.

Kai.

 

[Kailee71]

Ok so I spent some more time on this tonight and and can't get *any* uid mapping to work. Client is now a ubuntu vm, server as before Core U6.1. No matter what I set for "maproot user", it does not work as expected. root keeps getting mangled to uid 65534, and now, after all that playing around, to gid 1000, even though all entries have been emptied on TrueNAS. "mapall user" does nothing either...

Code:

truenas# cat /etc/exports
V4: / -sec=sys
/mnt/zpool -alldirs -sec=sys
truenas#

vs

Code:

truenas# cat /etc/exports
V4: / -sec=sys
/mnt/zpool -maproot="root":"wheel" -sec=sys
/mnt/zpool/vms -maproot="root":"wheel" -sec=sys
truenas#

Reboots of clients and server make no difference.

Is something borked?

Any help ****much**** appreciated.


K.

++++++++UPDATE+++++++
So I just installed the kernel nfs server on an ubuntu vm and immediately everything works as expected. Both on another ubuntu vm as a client and on esxi root mapping (both uid and guid) work oob. Should I file a bug report?
++++++++/UPDATE+++++++

++++++++UPDATE 2++++++
It turns out when you have nested datasets, even though nfs 4 allows for transparent mounting of those child dataset, maproot needs to be set on a per-dataset basis. It's not enough to export the nfs root with the maproot entries as these turn up in the toplevel share (/mnt/zpool ...) and not in the very first line of /etc/exports (V4: / -sec=sys ...).

It would be nice to get an entry in the nfs service settings to set this systemwide?
++++++++/UPDATE 2+++++