I try to setup an Ubuntu VM having two NIC’s one to a storage VLAN and one as NIC to the outside world.
Tom is big fan of a separate storage (V)LAN and I agree with that, however how to implement that !? (Using TrueNAS scale)
I am facing two issues:
Situation-1 (One NIC combined for storage and VM-access)
the VM is connected to a vlan bridge with address-1
add an address-2 to the bridge in favor of NFS
select NFS4 as protocol
create a TrueNas data set in favor of the VM
add that data set to NFS with allowance for address-1
on the vm sudo apt update & upgrade
sudo apt install nfs-common
sudo mkdir -p /nfs/
sudo mount : /nfs/
df -sh "to check (OK)
du -sh /nfs/ “to see the disk usage (OK)
sudo touch /nfs//general.test “write a file to test => NO permission
I a recent video (xcpng) I noticed that Tom had the TrueNas dataset permission to completely open “root/root/everybody” … when I do it that way
Yep it works !! However I definitively do NOT want to open the dataset for every body !!
Issue 1) How to give the VM access to the dataset with normal restricted ! permission settings !
Second problem a separate storage vlan
I defined an extra bridge as storage bridge
the bridge is just internal. I did not attache an interface, since the bridge is only intended as communication channel between NFS and VM’s
I did add an address to the bridge in favor of NFS
I did add an extra NIC to the VM and did gave it the highest order number
Did start the VM
logged in the VM to edit /etc/netplan/ with the intention to have the old NIC as the default gateway and the storage lan only in favor of NFS with a static route for every thing destinated storage VLAN (bridge)
Issue-2 With this setup I did not mange to access the storage VLAN
So to resume:
I have a problem with permissions around the dataset and NFS access
I have a problem setting up and accessing a separate storage vlan
I hope someone has an answer on one or both issues
The storage VLAN should not be routed and use different IP network addresses than the other VLANs. in TrueNAS you can bin the NFS service to an interface IP so tht it can only be reached from the storage VLAN.
The VM can only reach the NFS service from an Interface with an IP within the storage VLAN. From your description I woudl think that is address-2 (but I am not sure).
The storage VLAN should not be routed and use different IP network addresses than the other VLANs. in TrueNAS you can bin the NFS service to an interface IP so tht it can only be reached from the storage VLAN.\
Yep agreed, that is what I did. That storage VLAN is in my description the storage-bridge.
I did create a address for the NFS-server on that bridge
I did connect the VM to that bridge by adding an extra NIC to the VM
The VM can only reach the NFS service from an Interface with an IP within the storage VLAN. From your description I woudl think that is address-2 (but I am not sure).
Yep that is correct. That is what I did.
Note that In my initial setup, I did not have a storage vlan, I defined an address on the bridge used for the VM. That did work. However I agree with Tom that a separate storage LAN is better, that is the reason I did create the storage LAN.
By the way I did that for two reasons:
security and
I have multiple vlans with VM’s which I would like to connect via NFS. However there is only ONE NFS-server in ONE VLAN, that simply does not fit / match !!
I just made one little mistake … I defined the VM-storage IP as bridge address in truenas and as address in the VM’s netplan. That does not work.
The VM’s address should only be defined in the VM’s netplan file.
When I tried to ping the NFS-server from the VM and that did not work … I searched and found the problem …
Its working now, also with the correct permissions for the NAS-dataset. Do not know what the problem was there. What ever both problems are gone
PS
My statement that you can only use NFS in favor of one VLAN was not correct. You can the service can listen to multiple address. I think you have to be carefully with that
