OpenSolaris derived ZFS NAS/ SAN (OmniOS, OpenIndiana, Solaris and napp-it)

Discussion in 'SSDs & Data Storage' started by _Gea, Dec 30, 2010.

  1. CopyRunStart

    CopyRunStart Limp Gawd

    Messages:
    141
    Joined:
    Apr 3, 2014
    Agreed on your first point.

    Yea, auto service is on and the OS is Solaris 11.3. Still no luck :\
     
  2. sdc

    sdc n00bie

    Messages:
    2
    Joined:
    Apr 28, 2017
    Thanks. For 2, all set now. For 1. I checked on Firmware and all updated firmware use the same temperature. I agree that disabling fmd would probably not be a good thing. So, that pretty much makes napp-it on Illumos not possible for me. Which of the non-Illumos systems does napp-it have the most functionality on? I'd prefer Linux since that is what 99% of our systems use (a couple of OpenBSD systems for packet filtering).

    Thanks,

    Steve
     
  3. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    napp-it on Illumos (OI and OmniOS) are quite identical and use the same mpt_sas driver.
    Functionality wise, Oracle Solaris is not only identical but offers additionally much faster resilvering,
    encryption and is mostly the fastest ZFS and Oracle use their own driver (but Solaris is nonfree for commercial usage)

    napp-it on Linux is limited to ZFS, Snap and Jobmanagement with limited share management functions
    http://www.napp-it.org/doc/downloads/setup_napp-it_os.pdf
     
  4. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
  5. turquoisewords

    turquoisewords n00bie

    Messages:
    42
    Joined:
    Jan 17, 2012
  6. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    Both are very close to the common Illumos development, for example the newest improvements in Illumos like the new loader and USB3 are now in both OmniOS 151022 and OI 2017.04

    Both adds specials like the GUI option in OI or LX container in OmniOS. Main advantage of OmniOS was the commercial support option and stable/longterm stable editions with fulltime software engineers working on it. The future of this commercial support option is open (There is a funding call to continue).

    There are comments from OmniTi indicating to continue hosting of the repository, offer the brand OmniOS to the community and to support bugfixing at a certain level. As OmniOS stable 151022 LTS will be available soon and as it is currently the most advanced and stable free Illumos OS for storage, there is no hurry to decide for next year. If there is a need, a switch is troublefree as they are nearly identical.

    Next AiO napp-it template will be based on next OmniOS. An OI release would be possible as well.
     
  7. CopyRunStart

    CopyRunStart Limp Gawd

    Messages:
    141
    Joined:
    Apr 3, 2014
    Having a curious problem, thought you guys might have an idea what's going on.

    I added a Solaris 11.3 server to my Windows Domain with ID Mapping so I could have ACL's on Pool/FileSystem1. Pool/FileSystem2 is set to every@=mod and guestok=true because I want guest access on FileSystem2, but only Windows computers can connect as guests, not OSX computers. Why is this?


    Also, is there a log of the Solaris commands Napp-it is executing?
     
    Last edited: May 4, 2017
  8. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    1. What id-mappings?
    When you are only using SMB + AD domain you need no mappings,
    ok maybe beside windows:domain\administrator=unix:root for easier administration.

    On OmniOS, you must enable and use a user guest for anonymous access, have not tried this with OSX and Solaris for some time.

    2. command log
    On napp-it Pro, you can enable "edit" in the upper right toplevel menu nearby logout.
    You can the check internal hash values and you can click on "Log" that displays last commands and results.
     
  9. CopyRunStart

    CopyRunStart Limp Gawd

    Messages:
    141
    Joined:
    Apr 3, 2014
    I'm only using domain\administrator=unix:root. Do you mean you have to create an actual user named guest?

    Thanks! I'm trying to learn more about the ACLs on SMB shares so I want to see the commands Napp-it is outputting when doing ACL modifications.

    If you get the chance I think you should add to the Napp-it documentation for AD ACLs that you can modify them by going to Computer Management on your DC and connecting to your Solaris server in the Computer Management interface. Currently the documentation I've seen just says "Modify ACLs from Windows" but doesn't tell you how.


    For anybody who finds this post in the future: Computer Management > Connect to Computer > Put in hostname or IP of your Solaris box > System Tools > Shared Folders.
     
  10. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    about guest access in OmniOS/OI (may be different in Solaris)
    https://wiki.illumos.org/display/illumos/SMB+Guest+access

    About Windows:
    Solaris behaves quite like a Windows 2008 server so you can do this like you would on a Windows server
    - set ACL from a Windows machine connected as an admin or user root (via security properties)

    - manage shares or open files/ connected users via computer management.
    You should only SMB connect as a user that is a member of the SMB group administrators on Solaris prior a "connect to computer"
     
  11. ldoodle

    ldoodle Limp Gawd

    Messages:
    135
    Joined:
    Jun 29, 2011
    Hey,

    I use OI 151_a (yeah, I know!). Is there a way to simulate read/write to a pool to determine which drives have gone bad. Once I have done that I am going to replace them and re-jig the pools, so basically start again. What is the best distro out there now?

    I am considering Windows Server 2016 Storage Spaces too. I don't need anything fancy - just a no-frills file storage box.

    Thanks!
     
  12. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    No problem with OI 151a. I have also such a server that is running as a backup server for years, set and forget!
    Not like Windows where every few weeks there is a critical pach that you MUST update with a reboot.

    Regarding best distro, this is not as easy.
    Best ZFS integration is in Solaris & Co where even a minimal install offers everything that is needed for ZFS and storage.

    The most feature rich and fastest in my tests is Oracle Solaris the origin of ZFS.
    But it is not free and not compatible with OpenZFS

    For a free distribution, look at the free Solaris forks like OmniOS (151022 LTS, May 2017) or OpenIndiana (2017.04), see
    http://www.napp-it.org/doc/downloads/setup_napp-it_os.pdf
     
  13. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
  14. Mastaba

    Mastaba Limp Gawd

    Messages:
    226
    Joined:
    Apr 2, 2011
    Is there something to do for protecting my ZFS boxes from wannacry ransomware? If some infected machine is connected to the local network can it access them by SMB?
     
  15. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    As I see it, WannaCry infects Windows machines with a patchlevel older say march 2017. Systems prior Windows 7 are always affected as there are no security fixes for years.

    After infection with WannaCry, this trojan can attack and/or infect other Windows machines (and eventually SAMBA) over SMB. If this is using the hearbeat bug, Solarish CIFS is not affected.

    Infected Windows machines start then to encrypt data. If an infected Windows machine can access a network share with its admin account, all data on the share can be encrypted. If the server is a ZFS server with snapshots, all data can be encrypted but as snaps are readonly they are always save, so do snapshots at least one a day.

    In case of an infection you have snaps for a rollback.

    btw
    Last week I got infos of a new very critical problem that affects Windows with a patchlevel prior may. The target is a bug in Windows Defender. Even opening a mail or a website without any further action can result in a full takeover of the machine.
     
    Last edited: May 16, 2017 at 3:32 PM
  16. CopyRunStart

    CopyRunStart Limp Gawd

    Messages:
    141
    Joined:
    Apr 3, 2014
    _Gea can you tell us more about this and when the expected patch is!?
     
  17. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
  18. CopyRunStart

    CopyRunStart Limp Gawd

    Messages:
    141
    Joined:
    Apr 3, 2014
    Ah ok I thought you were saying you had info about about a bug that hadn't been patched yet.

    Thanks!
     
  19. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    This is a very critical bug with an immediate patch from Microsoft.
     
  20. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
  21. danswartz

    danswartz 2[H]4U

    Messages:
    3,567
    Joined:
    Feb 25, 2011
    So I haven't been using SMB/CIFS recently. I wanted a share for some reason, so I created one and shared with sharesmb=on, but the omnios host is not showing up in the Network window of any of 4 windows servers/workstations here. I *can* share the filesystem if I explictly share it (like with '\\10.0.0.32\xxxx"). It's like omnios is not making itself browseable? I tried disabling/enabling the cifs server, rebooting, rejoining WORKGROUP, etc, but nothing?
     
  22. _Gea

    _Gea 2[H]4U

    Messages:
    3,577
    Joined:
    Dec 5, 2010
    For whatever reason this is disabled per default from OmniOS 151018 up.
    Enable via napp-it menu service > smb > properties or via CLI
    sharectl set -p netbios_enable=true smb.