NFS-Ganesha: update vfs.conf to disable ID mapping
What does this MR do and why?
closes: #2862 (closed)
We maintain a vfs.conf file on the NFS-Ganesha provisioner pod at /export/vfs.conf.
To disable ID mapping, the following parameter must be added inside the NFSv4 block of this file:
NFSv4 {
Only_Numeric_Owners = true;
}- The
vfs.conffile is not managed by the Helm chart, and there is no way to modify it throughvalues.yaml. - Since
vfs.confresides on a persistent volume, the configuration remains intact across pod restarts or re-creations. - However,
vfs.confis dynamic: it is updated automatically with entries for each new NFS share, so its content changes over time.
This merge request introduces a Kubernetes Job that appends the required line in place. The approach ensures that:
For Fresh deployment:
- Create fresh vfs.conf from configmap with
Only_Numeric_Owners = truedirective
For existing deployment and update scenario:
-
Only_Numeric_Owners = true;directive is added in existing vfs.conf, - The rest of the file content remains unchanged.
Testing results on my local dev setup
CI for CAPO-ubuntu-misc is getting failed on the main branch. Weekly CI job status: https://cdn.artifacts.gitlab-static.net/2a/57/2a57fd802061363df58f9b4c9ac961a71d1bcee7ac3f3331636cb5bbfc3a768e/2025_09_17/11380134189/12879074281/job.log?response-content-type=text%2Fplain%3B%20charset%3Dutf-8&response-content-disposition=inline&Expires=1758168641&KeyName=gprd-artifacts-cdn&Signature=awhfLTUwarbNICwgRtR_haFw-90=.
The MR changes has been tested successfully on the local dev platform so I am making the MR ready for review.
Related reference(s)
dependent on !5536 (merged)
Test coverage
CI configuration
Below you can choose test deployment variants to run in this MR's CI.
Click to open to CI configuration
Legend:
| Icon | Meaning | Available values |
|---|---|---|
| Infra Provider |
capd, capo, capm3
|
|
| Bootstrap Provider |
kubeadm (alias kadm), rke2, okd, ck8s
|
|
| Node OS |
ubuntu, suse, na, leapmicro
|
|
| Deployment Options |
light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging, openbao
|
|
| Pipeline Scenarios | Available scenario list and description |
-
🎬 preview☁️ capd🚀 kadm🐧 ubuntu -
🎬 preview☁️ capo🚀 rke2🐧 suse -
🎬 preview☁️ capm3🚀 rke2🐧 ubuntu -
☁️ capd🚀 kadm🛠️ light-deploy🐧 ubuntu -
☁️ capd🚀 rke2🛠️ light-deploy🐧 suse -
☁️ capo🚀 rke2🐧 suse -
☁️ capo🚀 rke2🐧 leapmicro -
☁️ capo🚀 kadm🐧 ubuntu -
☁️ capo🚀 rke2🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capo🚀 kadm🎬 wkld-k8s-upgrade🐧 ubuntu -
☁️ capo🚀 rke2🎬 rolling-update-no-wkld🛠️ ha🐧 suse -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha🐧 ubuntu -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha,misc🐧 ubuntu -
☁️ capo🚀 rke2🛠️ ha,misc🐧 ubuntu -
☁️ capo🚀 rke2🛠️ ha,misc,openbao🐧 suse -
☁️ capm3🚀 rke2🐧 suse -
☁️ capm3🚀 kadm🐧 ubuntu -
☁️ capm3🚀 ck8s🐧 ubuntu -
☁️ capm3🚀 kadm🎬 rolling-update-no-wkld🛠️ ha,misc🐧 ubuntu -
☁️ capm3🚀 rke2🎬 wkld-k8s-upgrade🛠️ ha🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha🐧 suse -
☁️ capm3🚀 rke2🛠️ misc,ha🐧 suse -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.4.x🛠️ ha,misc🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 suse -
☁️ capm3🚀 ck8s🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capm3🚀 rke2|okd🎬 no-update🐧 ubuntu|na
Global config for deployment pipelines
-
autorun pipelines -
allow failure on pipelines -
record sylvactl events
Notes:
- Enabling
autorunwill make deployment pipelines to be run automatically without human interaction - Disabling
allow failurewill make deployment pipelines mandatory for pipeline success. - if both
autorunandallow failureare disabled, deployment pipelines will need manual triggering but will be blocking the pipeline
Be aware: after configuration change, pipeline is not triggered automatically.
Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.