[SOLVED] Getting permission denied on ZFS-shares after upgrade to Proxmox 6.1 (from 5.4)

K

Karsten Voigt

Member
Feb 21, 2020
4
0
21
44
Hi all,

I am currently experiencing a permission denied on the zfs-shares on the upgraded servers. It happens when trying to start a VM, when trying to upload an ISO or transferring a QEMU-Image.

ZFS shares have been added via terminal.

pvesm status output:
Name Type Status Total Used Available %
ISOs nfs active 41808896 29503488 12305408 70.57%
bb-mountie_data lvm disabled 0 0 0 N/A
bb-vmdata lvm disabled 0 0 0 N/A
caipirinha-storage lvmthin disabled 0 0 0 N/A
external_backup nfs active 7751365632 1635645440 5725002752 21.10%
local dir disabled 0 0 0 N/A
tesla-storage nfs active 189357056 177051648 12305408 93.50%
tranquility-base-storage nfs active 5655803904 0 5655803904 0.00%

It is possible to touch files within the datasets but within the GUI, Proxmox always throws an error (even with native root):

kvm: -drive file=/mnt/pve/Data/images/106/vm-106-disk-0.qcow2,if=none,id=drive-virtio0,format=qcow2,cache=none,aio=native,detect-zeroes=on: Could not reopen file: Permission denied
TASK ERROR: start failed: QEMU exited with code 1

I am happy about every help.

Best regards,
Karsten
 
Last edited:
If it's an NFS export from a ZFS dataset, it's probably because since ZFS on Linux 0.8.3, the no_root_squash option isn't set anymore by default, and must be set explicitely, like

zfs set sharenfs='rw,no_root_squash' zpool/foo/bar
 
  • Like
Reactions: korintiqn and lubbdi
Hi,

many thanks for the quick reply! Yes it is indeed a NFS export.

I could make a work-around by applying 0777 to the mounted dir, which is /zpool/dataset mounted in root. I will give it a try next week on one of the nodes.

Do you think it might crush the VMs when I revoke the chmod and apply your suggestion? VMs are productive and it is a little bit scary in this respect.

Is it wise to change the datasets one by one or can I apply it directly on /zpool/?

Best regards and have a nice Weekend,
Karsten
 
It worked! Many thanks for the advise! I want to emphasise that 744 was not sufficient but 755 did the trick + no_root_squash.

This thread can be marked as solved!
 
You must log in or register to reply here.
Top Bottom