OpenSolaris derived ZFS NAS/ SAN (OmniOS, OpenIndiana, Solaris and napp-it)

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
1 Gbit/s = a little more than 100 MByte/s
That is what you can expect from an average single disk.

500 MB/s is what you get from a very good SSD or from
five aggregated not too fast disks.

These are raw disk values. For network transfer your special config,
overall load, setiings like jumbo frames etc determine performance.

Beside that, for VM usage, iops with concurrent random access
is more critical than single user sequential performance.

To tune a virtual NAS, you can check network performance and
tune ip or ZFS settings. You can start reading last entries in this thread
or read threads at STH like https://forums.servethehome.com/ind...le-and-napp-it-vmxnet3-and-jumbo-frames.2853/
 

CopyRunStart

Limp Gawd
Joined
Apr 3, 2014
Messages
155
Getting

oops...send error to <MY EMAIL>

when trying to use email test.

I'm using google apps for business SMTP Relay Server. From the google side I have disabled TLS and from the ISP side have unblocked outgoing port 25. I am able to telnet into smtp-relay.gmail.com 25 from the same Solaris box that is getting the error.

napp-it 0.9
Solaris 11.2

Any ideas?
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
A reason can be that the SMTP relay accepts mail only from an "official" mailserver.
I would use/try TLS.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
On OmniOS I setup TLS this way:

Code:
perl -MCPAN -e shell
notest install Net::SSLeay
notest install IO::Socket::SSL
notest install Net::SMTP::TLS
exit;
 

CopyRunStart

Limp Gawd
Joined
Apr 3, 2014
Messages
155
I'll try that on my other Solaris server. This is what I did on the first one and it worked once I changed the last command to force install:

2. Install Net:SSLeay using pkg install net-ssleay
3. Access CPAN using perl -MCPAN -e shell and answer yes when it asks if it should try to configure as much as possible by itself
4. At the CPAN prompt, enter install Net::SMTP::TLS and accept all dependencies.
5. After step 4 finishes, type install CPAN and then reload CPAN
6. Install a Gmail compatible version of IO::Socket::SSL using force install http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-1.68.tar.gz
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
Hello all. I migrated to OmniOS/Napp-it from server essentials and I'm having an issue.
So I'm still on a domain as are some other people but when I try to browse to \\servername I get access denied, even if I go \\servername\share. I put in the domain credentials and still a no go. I get error 0x80004005 unspecified error. At least with the windows box I could input username and password and get access to the shares. Is there a way to do this with Napp-IT?
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Can you add some details:
- have you joined OmniOS successfully to your domain (napp-it menu services >> smb >> AD)
- is your Windows client a member of the domain as well
- optionally: add a id mapping domain\administrator = Unix:root to give domainadmin full access with the ability to set ACL settings
- optionally: can you connect as user root (needs a passwd root at console to give root a SMB password)
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
Hello,
Thank you for the response
It's joined to the domain, it's seen in AD
Domain user with domain computers are ok
Non-domain PCs are not. Even with domain credentials. Root is mapped to adminsitrator@domain.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Hello,
Thank you for the response
It's joined to the domain, it's seen in AD
Domain user with domain computers are ok
Non-domain PCs are not. Even with domain credentials. Root is mapped to adminsitrator@domain.

If you connect as a user from a Client that is not a domainmember you must
enter a user as domain\user. Without the domain\ OmniOS will treat user as a local user.

This behaviour is similar to a real Windows server.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Have you entered your username like
shortname\user (pre Windows 2008 domainname)
ex abc\peter

optionally you can enter
user@domain (Win 2008/2012 domainname)
ex peter@university.edu
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
Hello Gea, I really appreciate the help, thank you.

Yes, both ways unforutnately. So I tied the administrator@domain to root so it doesn't show up anymore.
I've also granted access to the shares to the domain admins and autheticated users. Share permissions have been untouched so @everyone.
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
I also can't see permissions as the domain admin even though it's time to the root account.

Here's what I have according to the output
add -d winuser:Administrator@dainbentley.com unixuser:root
add -d wingroup:Administrators@BUILTIN unixgroup:root
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Did you see permissions when connecting a share as user root?
Have you started with a default setup (create a filesystem, share it) without touching ACL
or modifying aclinheritance?

Connecting from a PC that is a domainmember is ok?
Any special setting, have you joined the domain manually or via napp-it?
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
Domain users can connect. No issues there. I joined it through napp-it.
I'm looking to have domain admins full control of share, users modify. Permissions can inherit down.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Ok, domain users can connect but the remaining problem is,
that a domainuser that is a member of domainadmins cannot see permissions?
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
Ok, domain users can connect but the remaining problem is,
that a domainuser that is a member of domainadmins cannot see permissions?

Yes that and when i do \\servername it's access denied. I want non-domain computers to be able to access the shares but use their domain credentials

I also need domain admins to have full control of the shares. When I try to add them I get invalid group
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
I"m also seeing this
Files in '/tank0/Music/' (everyone=read is needed on this folder to read files)
I don't wand everyone to have access.
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
great, now none of the shares are showing up. If I do \\servername nothings there but I can do \\server\share. I need to be able to get to \\servername
 
Last edited:

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
I would first begin with default/open permission and check if all shares work for all users.
Then add the needed users ACL and remove everyone. (Windows/NFS4 ACL can be tricky)

From non domain clients, adding the domain name is the only way
(ntdomainname\user or user@domain)

If you want to assign full permission to domainadmins, you can
id-map them with -d to user root or map the domainadmins group to group root.
I prefer the add user option.

If all is messed up, reset ACL to everyone=modify, root =full (via napp-it), optionally
rejoin the domain, or stop/start the SMB server. Check if DNS=AD server, check for DNS hostname entry
and if AD DNS is DNS for all clients. If you cannot access \\server, check a ping to decide whether its a network or SMB problem.

You may need Windows Pro and up releases of Windows for some functions
If you have more than one nic, start with one nic.
 
Last edited:

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
I would first begin with default/open permission and check if all shares work for all users.
Then add the needed users ACL and remove everyone. (Windows/NFS4 ACL can be tricky)

From non domain clients, adding the domain name is the only way
(ntdomainname\user or user@domain)

If you want to assign full permission to domainadmins, you can
id-map them with -d to user root or map the domainadmins group to group root.
I prefer the add user option.

If all is messed up, reset ACL to everyone=modify, root =full (via napp-it), optionally
rejoin the domain, or stop/start the SMB server. Check if DNS=AD server, check for DNS hostname entry
and if AD DNS is DNS for all clients. If you cannot access \\server, check a ping to decide whether its a network or SMB problem.

You may need Windows Pro and up releases of Windows for some functions
If you have more than one nic, start with one nic.
A restart of the SMB services cleared up that part.

So now I have a weird ssid showing up in the security tab and would like to get rid of it or have it mapped to administrator@domain.
If I could only get \\servername to display the shares to non-domain clients. I understand they'll have to log in each time but that's fine.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
A Windows security ID sid is an extended file-attribute in Windows or Solaris/OmniOS.
You cannot map to another user as it is an unknown user.

You can
- delete the ACL entry
- set ownership to another user if it was an owner entry
 

scrummie02

n00b
Joined
Jan 31, 2015
Messages
17
A Windows security ID sid is an extended file-attribute in Windows or Solaris/OmniOS.
You cannot map to another user as it is an unknown user.

You can
- delete the ACL entry
- set ownership to another user if it was an owner entry

I thought you could domain admins to root?
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
I thought you problem is that you have a SID that is shown only when the according user was deleted. This is like an "unknown user".
A mapping of a Windows AD user to a local Unix user is of course possible.
 

shanester

Weaksauce
Joined
Mar 1, 2011
Messages
70
Running OmniOS 5.11 in a VM (AllinOne). Every week I have an auto scrub job for the rpool and the 'zfs' pool. The zfs pool runs at 12am on Wednesdays. Today something something happened and I am not sure how to proceed at this point. The resilvering has completed. Looking at some logs it appears that there was some sort of panic, but I do not understand how to decipher the log.

Timeline:
00:00 scrub started on ZFS pool.
03:08 panic - logs pulled from napp-it system - log (see below)
05:06 resilver begins (see screen shot below)

If anyone has any suggestions or advice, your comments are welcome. I have no idea what to do. I can't believe that I am FUBARd. Please help!

Vc1WNRJ.png


http://pastebin.com/z2rqWLY6
 
Last edited:

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
Only a serious hardware or software problem can affect all disks like
- PSU problem
- RAM problem
- CPU/ MB problem
- HBA, cabling or backbone problem
- OS/ESXi problem

or a temporary AC weakness

Have you done any modifications prior the problem?
What ESXi release?
What is the current pool state/ have you done a complete system restart after power off?
 

shanester

Weaksauce
Joined
Mar 1, 2011
Messages
70
Only a serious hardware or software problem can affect all disks like
- PSU problem
- RAM problem
- CPU/ MB problem
- HBA, cabling or backbone problem
- OS/ESXi problem

or a temporary AC weakness

Have you done any modifications prior the problem?
What ESXi release?
What is the current pool state/ have you done a complete system restart after power off?

No mods were made.
The box is on a UPS. ESXi (5.5 U2) was not affected or any other running VM.
The pool is in the same state as pictured in my post.
I have not done any remediation or system restart until I received some feedback as I didn't want to create further damage.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
As the reason of the problems is unclear, there is only one save option:
- shutdown and move all disks to another working machine.

If that is not possible, I would shutdown, power off/on and restart.
If you do not have ECC RAM, a RAM test after boot would be a first option.

Then boot OmniOS and backup all important files and scrub then the pool again.
Check what files are damaged.
 

Ja'Man

n00b
Joined
Nov 10, 2011
Messages
22
Hi,
Having problems getting omni to resolve via dns. I have followed the guide on their page as well a few others, tried the latest stable and tls. Also tried using static and dhcp. Using google 8.8.8.8 as dns server. Dont think its a networking issue bc if I use nslookup or dig to query 8.8.8.8 it resolves fine. Its like onmi is ignoring the resolve.conf file. Have double checked the file, rebooted, etc.
I have installed omni at least a few times before this and OI and others quite a few times over the years and never had this problem. Any ideas? Thanks!
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
My default way is:

- list available interfaces and use linkname ex e1000g0::
dladm show-link
ipadm create-if e1000g0

4.2 add static IP address
4.2.1 create static adress ex
ipadm create-addr -T static -a 192.168.0.1/24 e1000g0/v4

4.2.2 add default route ex
route -p add default 192.168.0.254


4.3 or use DHCP (select either static or dhcp)
ipadm create-addr -T dhcp e1000g0/dhcp

4.4 add nameserver
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf

If something happens (typo error), retry, opt. delete interface
ex ipadm delete-if e1000g0

4.5 use dns (copy over DNS template)
cp /etc/nsswitch.dns /etc/nsswitch.conf

5. try it ex
ping www.illumos.org
 

Ja'Man

n00b
Joined
Nov 10, 2011
Messages
22
Pretty much verbatim how I did it, just wont work. If I ping or try downloading nappit I get an unknown host. But if I use nslookup, point it at 8.8.8.8, resolves no problem, also if I use dig with @8.8.8.8 also works. Checked resolve.conf and the entry for nameserver is there. Really stumped...
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,051
I have done this many many times without a problem.

If you do not have done a typo error, redo a setup from scratch,
then search the problem not at OmniOS but for ex at nic or cabling.
 

Ja'Man

n00b
Joined
Nov 10, 2011
Messages
22
Ok, more problems, and searched for this error but nothing recent. Every page that has anything to do with disks gives me "Failed to initialise libfdisk."

Half the drives are connected directly to teh supermicro mobo and other half to an lsi 9240. omnios saw all the drives fine during installation. Again, any ideas? Thanks
 
Top