Skip to main content

"Connection timed out" when mouting file storage service on OCI instances

 

Issue - 

Recently faced below 'Connection Timed Out' Error when trying to mount a freshly created OCI file system. Would like to share my experience and document this for future references.

I am using public and private subnets with security lists defined for each. File system is created in the private subnet and faced below issue when trying to mount it from an instance in the same private subnet,


sudo mount -v 10.3.2.10:/fssfortestcomp /mnt/fssfortestcomp

mount.nfs: timeout set for Wed Sep  9 06:27:20 2020

mount.nfs: trying text-based options 'vers=4.1,addr=10.3.2.10,clientaddr=10.3.2.2'

mount.nfs: mount(2): Connection timed out


Documenting list of ports that need to be open for mounting a file storage service on OCI instances on private/public subnet


Solution - 

Update Security List Rules -

Please note to open destination ports for  respective subnet where you created filesystem. These ports are opened to make sure our source oci instances can access nfs services like nfsd, rpcbind, etc running on file system storage.


Ingress Rules -

Rule TypeProtocolSource Port RangeDestination Port RangeStateful/Stateless
IngressTCPAll111Stateful
IngressTCPAll2048Stateful
IngressTCPAll2049Stateful
IngressTCPAll2050Stateful
IngressUDPAll111Stateful
IngressUDPAll2048Stateful


Egress rules -

Rule TypeProtocolSource Port RangeDestination Port RangeStateful/Stateless
Egress TCP All111Stateful
Egress TCP All2048Stateful
Egress TCP All2049Stateful
Egress TCP All2050Stateful
Egress UDP All111 Stateful
Egress UDP All2048Stateful


Next time when trying to mount  - 

$ sudo mount -v 10.3.2.10:/fssfortestcomp /mnt/fssfortestcomp
mount.nfs: timeout set for Wed Sep  9 06:42:49 2020
mount.nfs: trying text-based options 'vers=4.1,addr=10.3.2.10,clientaddr=10.3.2.2'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=10.3.2.10,clientaddr=10.3.2.2'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=10.3.2.10'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.3.2.10 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.3.2.10 prog 100005 vers 3 prot UDP port 2048
mount.nfs: portmap query retrying: RPC: Timed out
mount.nfs: prog 100005, trying vers=3, prot=6
mount.nfs: trying 10.3.2.10 prog 100005 vers 3 prot TCP port 2048


Check newly added mount -
showmount -e 10.3.2.10
Export list for 10.3.2.10:
/fssfortestcomp (everyone)

A question may arise here that why are we explicitly creating egress rules when we already have stateful ingress rules in place -

You should look at it as if there were firewalls attached to every (virtual) network card. 
traffic goes like so:

Request
Instance1(request)===>VNIC_instance1===>network===>VNIC_nfsfilesystem===>nfsfilesystem 

Response
nfsfilesystem(answer)===>VNIC_nfsfilesystem===>network===>VNIC_instance1===>Instance 1 


First you need to exit from the oci instance 1 to the network, you should therefore first do an egress from instance 1. At this point in time the ingress rules weren't evaluated yet (there were no inrgress traffic anywhere), and therefore the state of the stateful ingress rule doesn't exist.

Happy OCI Learning :)

References -

https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm

https://cloudcustomerconnect.oracle.com/posts/7eb3f888e6


Comments

Post a Comment

Popular posts from this blog

Logfile locations in EBS r12.1 and EBS r12.2

Startup/shutdown Apps tier services are started and stopped frequently and we must know logfiles when troubleshooting startup/shutdown issues. $INST_TOP/logs/appl/admin/log $INST_TOP/logs/appl/admin/log Apache OHS being part of opmn in r12.1 has continued in r12.2. Logfile locations for troubleshooting have been changed $INST_TOP/logs/ora/10.1.3/Apache/error_log[timestamp] $INST_TOP/logs/ora/10.1.3/opmn/HTTP_Server~1.log $IAS_ORACLE_HOME/instances/*/diagnostics/logs/OHS/*/*log*   OPMN Logfile locations for r12.1 and r12.2 have been changed $INST_TOP/logs/ora/10.1.3/opmn/opmn* $IAS_ORACLE_HOME/instances/*/diagnostics/logs/OPMN/opmn/* Oacore oacore in r12.1 is oc4j component and part of 10gAS. However, in r12.2, oacore is now a managed server for weblogic server $LOG_HOME/ora/10.1.3/j2ee/oacore/oacore*/ $LOG_HOME/ora/10.1.3/j2ee/oacore/oacore*/ $LOG_HOME/ora/10.1.3/opmn/oacore*/oacor...
1 comment
Read more

Query to Check AD and TXK code levels in your EBS environment

Below query can be very handy in finding out current AD and TXK code levels. col ABBREVIATION for a10 set lines 1000 col NAME for a50 col CODELEVEL for a20 SELECT ABBREVIATION,NAME,codelevel FROM AD_TRACKABLE_ENTITIES WHERE abbreviation in ('txk','ad'); ABBREVIATI NAME                                                CODELEVEL ---------- -------------------------------------------------- ------------ ad           Oracle Applications DBA                             C.11 txk         Oracle Applications Technology Stack    ...
1 comment
Read more

Compile all JSP files in Oracle ebs r12.2

Before you start compiling jsps and following below steps, I recommend understanding some key differences between 11i, r12.1 and r12.2 when it comes to compiling jsps. Please follow below link and then proceed further - One-stop shop to Compile JSPs in 11i, r12.1 and r12.2 1. Take a backup of _pages directory that will be modified due to jsp compilation - $ cd $EBS_APPS_DEPLOYMENT_DIR/oacore/html/WEB-INF/classes/ $ cp -R _pages _pages29dec2019 $ ls -ld _pages* drwxr-xr-x 5 applmgr oinstall 249856 Dec 29 16:36 _pages drwxr-xr-x 5 applmgr oinstall 249856 Dec 29 16:56 _pages29dec2019 2. Stop apache, oacore and oafm services - adapcctl.sh stop admanagedsrvctl.sh stop oacore_server1 admanagedsrvctl.sh stop oafm_server1 3. Compile the jsps manually using the below command - $ cd $FND_TOP/patch/115/bin/ $ perl $FND_TOP/patch/115/bin/ojspCompile.pl --compile --flush -p              4. Check class file last mo...
Post a Comment
Read more