Skip to content

Instantly share code, notes, and snippets.

@janhalfar

janhalfar/expose.md

Last active February 11, 2019 09:03
Show Gist options
  • Save janhalfar/54beff7c13fe2dce5f1d3fd58ad1b306 to your computer and use it in GitHub Desktop.
Save janhalfar/54beff7c13fe2dce5f1d3fd58ad1b306 to your computer and use it in GitHub Desktop.
Download ZIP
setup your mac to expose a NFS share to a docker container
Raw
expose.md

Docker for Mac and NFS

To setup your mac you have to perform the following steps:

Make sure the address 192.168.23.1 is exposed on your loopback device:

If you do not want to do this manually all the time, then I have a deamon for you:

https://github.com/foomo/ifconfigdockerhost

sudo ifconfig lo0 alias 192.168.23.1
# if you want remove it
# sudo ifconfig lo0 -alias 192.168.23.1

Add a host for it:

# /etc/hosts
192.168.23.1    dockerhost

Change your nfsd conf

# /etc/nfs.conf
nfs.server.mount.require_resv_port = 0

Export your www dir:

# /etc/exports
/Users/<yourname>/www -mapall=<yourname> -alldirs dockerhost

Restart nfsd:

sudo nfsd restart

See if things are exported:

showmount -e dockerhost
@ervinb
Copy link

ervinb commented Feb 8, 2019
edited
Loading

Docker not responding

Running make local with the default Docker settings will make your instance unresponsive. You will not be able to execute any docker commands in the CLI.

So, before you do anything, increase the memory and CPU resources by clicking the Docker icon on the top right Preferences > Advanced. Increase the core count to 6 and the memory to at least 8 GB.

NFS permission issues

The export (at least on Mojave) has to explicitly point to the project directory.

# /etc/exports
/Users/<name>/www/globus -mapall=<name> dockerhost

Otherwise, the containers using the NFS share will fail to start due to a permission error.
An example is the apache2 container

$ docker ps
...
63fb1ad60cea docker-registry.bestbytes.net/globus/site:latest "apache2-foreground" About an hour ago   Restarting (1) 34 seconds ago                                                            globuslocaltest_site_1

$ docker logs 63fb1ad60cea
preparing nfs mounts with dockerhost:/Users/<user>/www/globus:/var/www/globus
nfs client pseudo dev service is starting
    handling dockerhost:/Users/<user>/www/globus:/var/www/globus
        mount target /var/www/globus exists
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying 192.168.23.1 prog 100003 vers 3 prot TCP port 2049
mount.nfs: trying 192.168.23.1 prog 100005 vers 3 prot UDP port 926
mount.nfs: mount(2): Permission denied

After you fix the file, restart the NFS server and the container.

$ docker restart 63fb1ad60cea
$ sudo nfsd restart
$ showmount -e dockerhost

Exports list on dockerhost:
/Users/baer/www/globus     dockerhost

$ docker logs 63fb1ad60cea
...
preparing nfs mounts with dockerhost:/Users/baer/www/globus:/var/www/globus
nfs client pseudo dev service is starting
    handling dockerhost:/Users/<user>/www/globus:/var/www/globus
        mount target /var/www/globus exists
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying 192.168.23.1 prog 100003 vers 3 prot TCP port 2049
mount.nfs: trying 192.168.23.1 prog 100005 vers 3 prot UDP port 874
mount.nfs: timeout set for Fri Feb  8 15:32:29 2019
mount.nfs: trying text-based options 'vers=4,addr=192.168.23.1,clientaddr=172.22.0.7'
mount.nfs: trying text-based options 'addr=192.168.23.1'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: prog 100005, trying vers=3, prot=17
        SUCCESS for dockerhost:/Users/<user>/www/globus => /var/www/globus
starting apache2

The easiest way to reproduce this behavior, is to configure the export, and try to mount it regularly:

# SETUP
$ mkdir nfs-temp-mount

# BAD
$ showmount -e dockerhost
Exports list on dockerhost:
/Users/<user>/www    dockerhost
$ sudo mount dockerhost:/Users/<user>/www/globus nfs-temp-mount
mount_nfs: can't mount /Users/<user>/www/globus from dockerhost onto /Users/<user>/workspace/code/nfs-share: Permission denied

# GOOD - notice the different export path
$ showmount -e dockerhost
Exports list on dockerhost:
/Users/<user>/www/globus   dockerhost
$ sudo mount dockerhost:/Users/<user>/www/globus nfs-temp-mount
exit 0

tldr; The point is to export the path which is being mounted.

File permission issues

If you're having issues when copying/editing files with sudo in the terminal, like:

$ sudo cp exports /etc/exports
sudo cp: /etc/exports: Permission denied

Go to Security & Privacy > Privacy > [Full Disk Access], click on the + sign and add your terminal (eg. iTerm).

Local dockerhost address

globus-local-test.bestbytes.net should be added to the hosts configuration, and dockerhost is an alias to it.

# /etc/hosts
192.168.23.1    globus-local-test.bestbytes.net dockerhost

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment