On Feb 9, 2026, at 08:05, Kurt Strosahl via lustre-discuss <[email protected]> wrote: > > Good Morning, > > I'm trying to set up nodemaps on a new lustre file system. Presently when > I turn on the nodemaps I get permission denied for servers in the default > nodemap. > > I've defined two custom nodemaps. An AdminSystems nodemap (for servers that > will need to perform actions as root, and a LustreServers nodemap (for the > lustre servers themselves) > > Every other client will be in the default map. (whose gid/uid/projid mappings > we trust) > > I set the following: > [root@scmds2501 ~]# lctl get_param nodemap.*.admin_nodemap > nodemap.AdminSystems.admin_nodemap=1 > nodemap.LustreServers.admin_nodemap=1 > Nodemap.default.admin_nodemap=0 > > [root@scmds2501 ~]# lctl get_param nodemap.*.trusted_nodemap > nodemap.AdminSystems.trusted_nodemap=1 > nodemap.LustreServers.trusted_nodemap=1 > Nodemap.default.trusted_nodemap=1 > > When I turn on the nodemap feature I get a permission denied when mounting on > a client node that isn't in the Admin nodemap.
Kurt, I'm not a nodemap expert, but you probably need to check some things on your side: - can client mountpoints on the Admin/Server nodes work properly? - are the nodemaps configured properly on all nodes (i.e. MGS)? - are there other nodemap parameters on the default nodemap set correctly? - any messages in the server console or debug logs to explain the error? There have been a few LUG/LAD presentations on nodemaps that may help: https://wiki.lustre.org/images/5/5c/LUG2018-Multitenancy-Buisson.pdf https://wiki.lustre.org/images/3/3d/LUG2025-Lustre_Multitenancy-Buisson.pdf https://www.eofs.eu/wp-content/uploads/2025/09/06-Vef-Lustre_Nodemap_Update-V1.pdf https://www.eofs.eu/wp-content/uploads/2025/09/07-Buisson-Nodemap-membership-paradigms.pdf > Interestingly, on a test client that was mounted before I turned on the > nodemap I can write files as myself (into a directory that I established > beforehand owned by me). > > Our desired end state is an Admin nodemap we can add and remove systems to as > needed that can take action as root, and all other lustre clients being able > to access the file system, but having no root access. The LustreServers > nodemap is there to keep the lustre file servers themselves safe from any > unexpected changes. > > w/r, > Kurt J. Strosahl (he/him) > System Administrator: Lustre, HPC > Scientific Computing Group, Thomas Jefferson National Accelerator Facility > _______________________________________________ > lustre-discuss mailing list > [email protected] > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org _______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
