cap_set_file error with NFS (Synology)

[Ralph]

Hi there,

we just bought a Synology RS-815+ that I want to use as storage for our Proxmox server. The RS-815+ is connected via NFS.

For testing purposes I created a new CentOS container on the new storage using "centos-7-x86_64-minimal.tar.gz" from https://openvz.org/Download/template/precreated

A "yum update" is going to update this container to CentOS 7.1, but the update fails with the following error:

Running transaction
  Updating   : systemd-208-20.el7_1.2.x86_64                                1/2
Error unpacking rpm package systemd-208-20.el7_1.2.x86_64
error: unpacking of archive failed on file /usr/bin/systemd-detect-virt: cpio: [b]cap_set_file[/b]
  Verifying  : systemd-208-20.el7_1.2.x86_64                                1/2
systemd-208-11.el7_0.5.x86_64 was supposed to be removed but is not!
  Verifying  : systemd-208-11.el7_0.5.x86_64                                2/2
Failed:
  systemd.x86_64 0:208-11.el7_0.5        systemd.x86_64 0:208-20.el7_1.2

If I create the same container on the local storage and do the update there, it works just fine - so the error seems to be related to NFS?


Is there anything I could have done wrong with the NFS configuration on the Synology device that would cause this error?


Edit: I found this on https://bugzilla.redhat.com/show_bug.cgi?id=648654 (Comment 13):

I guess we should also question why NFS does not support file capabilities

If NFS does not support file capabilities (I don't know if that's a fact) how would we be able to run a linux container with Proxmox on a NFS storage device???


Any ideas?

Thanks for any help!

proxmox-ve-2.6.32: 3.4-150 (running kernel: 2.6.32-37-pve)
pve-manager: 3.4-3 (running version: 3.4-3/2fc72fee)
pve-kernel-2.6.32-37-pve: 2.6.32-150
pve-kernel-2.6.32-34-pve: 2.6.32-140
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-2
pve-cluster: 3.0-16
qemu-server: 3.4-3
pve-firmware: 1.1-4
libpve-common-perl: 3.0-24
libpve-access-control: 3.0-16
libpve-storage-perl: 3.0-32
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.2-8
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1

Ralph

 

[Ralph]

Sorry for bumping this thread...

Do we have a working howto of how to use a Synology NAS connected via NFS to Proxmox running a Linux container? I wasn't able to find anything!

I am not new to Proxmox - anything works just perfect using local storage.

It's just the new NFS share, that's causing problems... I can upload images, put backups and run Windows-VM images to and on the Synology - all of that works as expected. I just can not run a CentOS-Container on this NFS-device.

What am I doing wrong????

Ralph

 

[mir]

Do you mount using NFSv3 or NFSv4?

 

[Ralph]

It's v3 at the moment because this is what Proxmox seems to use as a default.

 

[mir]

Could you try add this mount option to the nfs mount in /etc/pve/storage.cfg: noacl

 

[Ralph]

I can try it tomorrow... on a sunday it's ok to reboot the server

... but: shouldn't this work with the default options that proxmox uses?

I might be wrong but I think it is a fairly common task to use NFS-storage for a container (for others, not for me). So the default options should be ok.

Therefore I think that I would be the one to blame, some mistake in setting up the NFS-share...

I'll report the results of the option noacl...

Ralph

 

[mir]

the Synology RS-815+ imposes NFSv4 acl on the file system which is fine and works flawlessly if used in a pure file sharing setup but when used for remote storage for VM's dealing with permissions gets tricky so the easiest thing is simply to instruct the NFS server to disable acl support for the mount. This is especially important when using NFSv3 at the client side since NFSv3 does not support acl what so ever.

 

[Ralph]

Thank you very much for the explanation!!

I will try it tomorrow...

 

[Ralph]

One more question:

Would it be better to use NFS v4? The RackStation is used by Proxmox only, there are no other services running on it, just NFS.

I would add the option vers=4 in Proxmox and enable v4 on the RackStation. Anything else?

Ralph

 

[mir]

You could try. It wouldn't Hurd.

 

[Ralph]

This didn't help - I still get the same error...

/etc/pve/storage.cfg:

dir: local
        path /var/lib/vz
        content images,iso,vztmpl,backup,rootdir
        maxfiles 0

nfs: RackStation1
        path /mnt/pve/RackStation1
        server 192.xxx.xxx.xxx
        export /volume1/4ProxMox
        options vers=3,noacl
        content images,iso,vztmpl,rootdir,backup
        maxfiles 1

 

[mir]

Have you tried NFSv4?

 

[Ralph]

I tried options vers=4,noacl and enabled NFSv4 on the RackStation:

Now I can't even create a new container. I get tons of these errors:
"Cannot change ownership to uid 0, gid 0: Invalid argument"

 

[Ralph]

I just found something in the Synology control panel:

File Services - Win/Mac/NFS - NFS Service - Advanced Settings - Apply default UNIX permissions

This is activated... Good or bad?

 

[mir]

If you use NFSv4 you should not add noacl to mount options.

 

[mir]

I just found something in the Synology control panel:

File Services - Win/Mac/NFS - NFS Service - Advanced Settings - Apply default UNIX permissions

This is activated... Good or bad?

Now try vers=3, vers=3,noacl, vers=4. You could also read this: https://amigotechnotes.wordpress.co...are-files-on-synology-between-os-x-and-linux/

 

[Ralph]

What about the setting "Apply default UNIX permissions"? Checked or unchecked?

What about edit /etc/exports and change no_root_squash into all_squash?

Here are my current settings:

NFS rule:
- Privilege: Read/Write
- Squash: No mapping
- Security: sys
- Enable asynchronous: Checked
- Allow connections from non-privileged ports: Checked
- Allow users to access mounted subfolders: Checked

NFS:
- Enable NFS: Checked (of course)
- Enable NFSv4 support: Unchecked
- Apply default UNIX permissions: Checked

Proxmox:
vers=3,noacl

 

[Ralph]

I tried...

vers=3 -> "cap_set_file error" during yum update
vers=3,noacl -> "cap_set_file_error" during yum update
vers=4 -> "Cannot change ownership to uid 0, gid 0: Invalid argument" during creation of the container

The settings on the RackStation where the same as in post #17 for all 3 runs, except for NFSv4 enabled for vers=4

Could someone with a working configuration (Proxmox, Synology NFS, Linux Container on that NFS share) crosscheck my settings on the Synology?

TIA for any help.
Ralph

 

[mir]

I do not own a Synology so I cannot help you any further.

 

[Ralph]

Thanks a lot for your help anyway!!!!