OpenSolaris derived ZFS NAS/ SAN (OmniOS, OpenIndiana, Solaris and napp-it)

The pro monitor will not load. Also sometimes it reports that the websocket server is missing.
Running OI 151a9. Any ideas?

You can (re)start the Mojolicious Websocketserver that is needed to display realtime charts when you disable/enable Monitoring (click on Mon in the upper right toplevelmenu) or when you restart napp-it (Menu system - shutdown - restart napp-it)
 
Have you tried a clear error (menu pools)?

I clicked on "clear errors" from the pools menu and that triggered the three drives to resilver again.


Code:
  pool: storage
 state: DEGRADED
status: One or more devices is currently being resilvered.  The pool will
	continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
  scan: resilver in progress since Fri Jun 27 19:48:22 2014
    249M scanned out of 23.6T at 3.00M/s, (scan is slow, no estimated time)
    45.0M resilvered, 0.00% done
config:

	NAME                         STATE     READ WRITE CKSUM     CAP            Product
	storage                      DEGRADED     0     0     0
	  raidz2-0                   DEGRADED     0     0     0
	    replacing-0              DEGRADED     0     0     0
	      5802520008555750639    UNAVAIL      0     0     0  was /dev/dsk/c1t5000CCA228C06F43d0s0
	      c1t5000CCA22CEED14Ed0  ONLINE       0     0     0  (resilvering)     3 TB           HGST HUS724030AL
	    c1t5000CCA228C06F69d0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    replacing-2              DEGRADED     0     0     0
	      4574634853336216011    UNAVAIL      0     0     0  was /dev/dsk/c1t5000CCA228C07074d0s0
	      c1t5000CCA22CF2279Cd0  ONLINE       0     0     0  (resilvering)     3 TB           HGST HUS724030AL
	    c1t5000CCA228C07F9Bd0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C08301d0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C0D0D6d0    ONLINE       0     0     0  (resilvering)     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C0D2C3d0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C0D60Fd0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C0D66Ed0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	    c1t5000CCA228C0D71Cd0    ONLINE       0     0     0     3 TB           Hitachi HDS5C303
	logs
	  c1t500A07510900A12Ed0      ONLINE       0     0     0     128 GB         M4-CT128M4SSD2
	cache
	  c1t500A0751090091E8d0      ONLINE       0     0     0     128 GB         M4-CT128M4SSD2

errors: 1 data errors, use '-v' for a list
 
It seems that you have more problems (c1t5000CCA228C0D0D6d0 ??)
Check menus system-logs, system-faults, disks-details (iostat messages like hard/transfer errors) or disks-smartinfo: do a short smart check for additional informations.

Is your PSU stable, other problems like RAM, too high temperature, cabling or simply a third disk with problems?
 
Because I was unable to update omnios 151006 to latest, I exported the pools and wanted to install a fresh image. But I was unable to mount the vmtools to media.
So I downloaded the pre-setuped esxi VM 14b which works now. I changed the hostname and entered my PRO key. But I don't know how to change the IP from dhcp to static?
 
Thanks.
One more thing. I imported my old pools and are working fine, just:
status: Some supported features are not enabled on the pool. The pool can
still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
the pool may no longer be accessible by software that does not support
the features. See zpool-features(5) for details.
Do I "upgrade" using menu pool->features and click "enable" on the options that are disabled or "zpool upgrade"?
 
Pool upgrade is needed if you are not on pool v5000 but for ex on v28.
If you are on pool v5000 you can decide to enable features like lz4
 
You can (re)start the Mojolicious Websocketserver that is needed to display realtime charts when you disable/enable Monitoring (click on Mon in the upper right toplevelmenu) or when you restart napp-it (Menu system - shutdown - restart napp-it)

The monitoring is enabled although it is showing inactive. I have tried restarting napp-it as well as rebooting OI with no luck.
 
The monitoring is enabled although it is showing inactive. I have tried restarting napp-it as well as rebooting OI with no luck.

Confirmed.
The new Mojolicious websocketserver v5 requires at least Perl 5.10.1
OI 151.a9 is on Perl 5.10.0

You may need to update Perl optionally with Hipster
http://wiki.openindiana.org/oi/oi_hipster

or switch to OmniOS
as I did (all my machines are now on OmniOS)
 
Hi,

Im having some read performance problems with my new system
I have finished creating my AIO ZFS server, based on the following hardware:

I5-2400
Intel DQ67SW motherboard
16GB of RAM
IBM ServeRAID M1015 LSI9220-8i in IT mode
4 x Seagate 3TB NAS HDD

Running ESXI 5.1:
1. Prebuilt OmniOS image from napp-it website, 2 vCPU and 12GB of RAM
2. Win8.1 Pro with 2vCPU and 4GB of RAM.

1 RAID-Z pool with ashift=12,
1 NFS share for the guest os
1 SMB share for the rest.

Testing write performance on SMB is fine. From the guest o/s I get around ~200MB/s sequential writes, and from an external host ~110MB/s saturating the Gigabit link.
However sequential read is capped at around 70MB/s for both the guest O/S and external host. Any idea how to resolve it?

Thanks,

P.S.
bonnie benchmark from napp-it show around 230mb/s read & write.

P.S. 2:
The LSI card is passed through directly to OmniOS .
 
Last edited:
How difficult was the switch?

If you are on OI server, you will see nearly no difference to OmniOS,
as both are distributions based on Illumos. You only need to import
the pool, eventually add users and adjust their permissions on shares.
This is identical to a new OI setup.

If you have virtualized your storage (among other VMs) under ESXi,
you only need to download a ready to use ESXi appliance from
http://napp-it.org/downloads/index_en.html

For a barebone install, you need to download the installer (iso or usb)
from Omniti, setup (ok and ok), then manually setup the network and
install napp-it via wget.
http://napp-it.org/downloads/omnios_en.html
 
Gea,

I am getting more frequent offsite replication errors now. This seems to coincide with migrating many VMs from one SAN to another, so im guessing the differential snap is quite large this time. Since i am going over 20Mbit WAN, could this be a timeout issue? Is there a way to allow the replications more time to complete over WAN? The interesting thing is that the job throws an error after 24 hours, but continues to say running and is active in both the sender and receiver. Should i just let the job keep going and see if it completes? Or is this a bug in which the job isnt properly canceled after an error and remains active in both the sender AND receiver (under Jobs>Replicate>Activity) ?

Job Error:
info: incremental remote replication nr 93 finished (time: 86390 s) job-replicate 578: new destination snap
pool01-das01/datastore04@1391007030_repli_zfs_org-loc-san05_nr_93 was not created, check network, systemlog, poolstate, capacity, timeouts and (hidden) snaps

Job Monitor:
agent/ script task details ask remote reply remote
noid 09.02:12
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
noid 09.01:56
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
noid 09.01:41
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
noid 09.01:26
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
noid 09.01:10
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
noid 09.00:55
glib 942 repli ask remote host 192.168.180.74 -> grouplib_ask_remote_pslist 1332
nc -w 60 192.168.180.74 81
do=request_pslist&hostname=org-loc-san05 answer=
29175 sh -c zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-lo
29176 zfs send -i pool01-esx/datastore04@1391007030_repli_zfs_org-loc-san0
29177 /var/web-gui/data/tools/nc/nc -b 262144 -w 30 192.168.140.75 57534
 
Last edited:
zfs send sends a stream over netcat that must not be interrupted.
On the sender side, there is a timeout of 30s between zfs send and netcat but this should not be a problem unless you do not have a disk problem.
(check iostat on sender side)

If your WAN connectivity is unstable or if the ip changes, this can be a reason but this can*t be resolved by a timeout setting.

What you can do:
Open a console at receiver side and start the replication manually.
Maybe you get a hint from console, enter as root:
perl /var/web-gui/data/napp-it/zfsos/_lib/scripts/job-replicate.pl run_id

replace id with your jobid ex
perl /var/web-gui/data/napp-it/zfsos/_lib/scripts/job-replicate.pl run_1391007030

ps
are you on current 0.9f1
I have done some modifications to improve stability on some configs
http://napp-it.org/downloads/changelog_en.html
 
Ok, i've set users log/pass on folders.

If i set "guest=ok & ABE" on the SMB ZFS filesystems menu then any client can access the folders set=everyone without needing any password but can't see the folders that have user limited access. That is what i wanted so it's cool.

But now how to access to the password protected folders for clients that need them?
I tried using the credential manager on the windows client machine to input the needed log/pass of the account i wanted to use but without effect.

Do i need to restart the client machine to modify the credentials?

Another question, how to delete users from napp-it?
 
Ok, i've set users log/pass on folders.

If i set "guest=ok & ABE" on the SMB ZFS filesystems menu then any client can access the folders set=everyone without needing any password but can't see the folders that have user limited access. That is what i wanted so it's cool.

But now how to access to the password protected folders for clients that need them?
I tried using the credential manager on the windows client machine to input the needed log/pass of the account i wanted to use but without effect.

Do i need to restart the client machine to modify the credentials?

Another question, how to delete users from napp-it?

If you enable guest, there is not authentication.
No authentication = no restrictions based on permissions

You must disable guest and set permissions based on everyone or a user.
If you use the same user/pw like on Windows or Active Directory,
you can access without login. (everyone=every authenticated user)

delete user
= menu users: delete (in the row of the user)
 
No problem.
Even for commercial usage the free version is quite often enough as there is no limitation regarding functionality, performance or capacity of the inderlying OS. The extension saves time and simplifies daily admin or management tasks.

Beside that, there is no home use license at 500 Euro. They start at 50 Euro for two years (25 Euro per year) for a single extension and doubles for all extensions.

see http://napp-it.org/extensions/quotation_en.html

I must have misread this. sorry.
"napp-it Pro, complete edition unlimited for noncomercial home use: 300 Euro (with two keys for your home and backupserver)"

thats sounds more reasonable.
is it possible for me to setup a two-way backup system? one pool from server1 to server 2. and another pool form server 2 to server 1? ( automatic zfs send / receive )
 
I must have misread this. sorry.
"napp-it Pro, complete edition unlimited for noncomercial home use: 300 Euro (with two keys for your home and backupserver)"

thats sounds more reasonable.
is it possible for me to setup a two-way backup system? one pool from server1 to server 2. and another pool form server 2 to server 1? ( automatic zfs send / receive )

no problem with two complete keys
 
I am not sure if I like this behaviour.
But a "clear error" removes errors from a zpool, status message only if there are no problems remaining - otherwise it starts a scrub/resilver.
 
If you enable guest, there is not authentication.
No authentication = no restrictions based on permissions

You must disable guest and set permissions based on everyone or a user.
If you use the same user/pw like on Windows or Active Directory,
you can access without login. (everyone=every authenticated user)

delete user
= menu users: delete (in the row of the user)

I enabled guest & ABE.
I made a few folders each shared for only one user, plus one private folder not shared to anyone and one public folder set to everyone.

From the guest windows machine i can only see the folder set to =everyone and can't see all the folders with password authentification nor the private folder.
Seems perfectly normal to me.

But now if i enter the log/pass of one of the users in the credential manager of the guest machine, i can now access to this user's folder (and off course the public folder shared to everyone) after a reboot.
Is it normal? Because it look like it's possible to have together guest and authentification at the same time??
Can i change users without having to reboot the guest machine between each credential change?

About deleting users, i don't find the delete button, i only have " user names (userid) (unixgroup) (groupid) (unix/afp-info) member of smb group SMB PW Windows SID password option"
The only clickable options are "set pw for x user" and "add local user"
 
Does anybody know if any of the Solaris distributions with ZFS support SMB2?

I'm using Solaris 11.1 and my Windows 8.1 machine is reporting SMB dialect 1.50 being used...
 
I enabled guest & ABE.
I made a few folders each shared for only one user, plus one private folder not shared to anyone and one public folder set to everyone.

From the guest windows machine i can only see the folder set to =everyone and can't see all the folders with password authentification nor the private folder.
Seems perfectly normal to me.

But now if i enter the log/pass of one of the users in the credential manager of the guest machine, i can now access to this user's folder (and off course the public folder shared to everyone) after a reboot.
Is it normal? Because it look like it's possible to have together guest and authentification at the same time??
While it may be possible, this is not a good idea as on every new login, it should skip the authentication when guest is enabled.

Can i change users without having to reboot the guest machine between each credential change?

If you mean remove a known user:
This can be done via restart SMB service or via Windows computer management (you can manage a Solaris CIFS server remotely from Windows)


About deleting users, i don't find the delete button, i only have " user names (userid) (unixgroup) (groupid) (unix/afp-info) member of smb group SMB PW Windows SID password option"
The only clickable options are "set pw for x user" and "add local user"

Confirmed.
There is a problem with SMB membership detection (you cannot delete active group members). I have fixed this. Please re-download newest 0.9f1
 
Thanks!

Does the napp-it GUI support using samba4 instead of the kernel-mode Solaris cifs?
 
Thanks!

Does the napp-it GUI support using samba4 instead of the kernel-mode Solaris cifs?

No, Solaris CIFS has so many advantages regarding easyness and Windows compatibility. I will only switch to Samba if the SMB2 bits from Nexenta were hold back completely.
 
While it may be possible, this is not a good idea as on every new login, it should skip the authentication when guest is enabled.
Where's the problem? It seems only users with correct log/pass can access protected folders, they can't see what's not allowed even with guest enabled.
Or i misunderstood something.:confused:

If you mean remove a known user:
This can be done via restart SMB service or via Windows computer management (you can manage a Solaris CIFS server remotely from Windows)
I was meaning updating the credentials without having to reboot the windows client to take change into account (which is annoying) but it seems to be a windows problem.

Confirmed.
There is a problem with SMB membership detection (you cannot delete active group members). I have fixed this. Please re-download newest 0.9f1
Works now thanks!

Another question, is this consistent bonnie results?
Edhg3WTP.png
 
about guests
If you enable guest, you are not asked for login/pass credidentials for new users.
This may not affect already logged in named users but this is not practicable.

Logout of Windows
may work with the CLI command net use with delete option

Benchmarks
depends on your config and if you look on sequential or IOPS related values.
 
config is 24*5k4000 in 2*Z2 with X9SRL-F/E5-1620/64GB.

About root, i tried to setup the backup server but i can't access it even using the correct root log/pw from windows, don't know why??? that worked for the other machine.
I try to map the network drive using root credentials but that doesn't work.
Or if it works, i don't have access.
Sometimes i can create a directory but can't rename it, or delete it, or open it.
(I removed "default_create")

Also weird thing, i see "everyone = full set", i change "full set" for "readx set" and then "everyone" become "root" (?)

And "owner@" & "group@" come back every time i delete them.
Is it possible to have only root (full set) & everyone (readx set) ?
 
about root + SMB
Have you done a passwd root (after setup of napp-it) to create the needed additional SMB password

about everyone=full to everyone=readx
should work as expected

about default ACL
they are used when you delete all ACL according to the applied Unix permissions

ps
do not forget the ZFS properties aclmode and aclinherit as they control ACL behaviours.
If you need Windows alike behaviour, set them to pass-through.
 
Well, try and try and I might, I realize I am just too stupid to set this up and have it work... I'll be sticking to hardware RAID enclosures
 
Understanding access control list behaviours on Windows or Solaris is one thing but
Hardware Raid ist technology of last century.

I would not even consider compared to Software Raid on Copy On Write filesystems like btrfs, ReFS or ZFS (or NetApp filers)
 
yep, but I buy an array, slap 16 drives in it, tell it to initialize and done... something goes wrong, it emails me, I replace the drive, and go about my business

I set tried setting up a ZFS system with RAIDZ2 using this distro and freenas and it was just painful... the freenas setup is sort of working I guess, but the configuration is really confusing and I am not sure if I trust it yet
 
Yeah setting up a root password was the first thing i did.
Then i tried using it to access the server from a windows machine with "map a network drive".

Well, try and try and I might, I realize I am just too stupid to set this up and have it work... I'll be sticking to hardware RAID enclosures
Haha exactly what i thought today while i was unable to access anything :p
 
Okay, i don't want everyone to have full access, so i change it to readx_set.

f7XnlzghC.png


3sXLyEuN.png


But now everyone transformed into root (root with the readx_set i just set), WTF? :eek::confused:

fk086e.png


---------

About accessing the ZFS box, what i did from the windows machine:
map a network drive:

QcIjlp.png


Enter my root pw (log=root pw=the root pw i just entered with "root passwd" command just after installation of omnios)
fail.

XJGsnBbSg.png


More fail. (this time i tried with //MASTABA-ZFS1/ instead of //MASTABA-ZFS1/data (name of my dataset))

dLeyBR.png


I tried with and without guest, same thing i can't access using my root pw.
------

Only thing i can (sometimes) do is creating "new folders" without even being able to rename them, probably because of that:.

9TpHShd.png

Don't know why it always want to make everyone has the "default create" set even after i change it :confused:


edit:
i share SMB off then on again (guest=ok and ABE), i enter my root pw and this time, it worked!!!

PAZc0O.png


Oh noes!

zeuKGOfn.png
 
Last edited:
Yor are doing advanced share or permission settings without knowing what they mean.

First:
Do NOT enable guest if you want to restrict anything based on users
Do NOT restrict global share permissions unless you know what it means (restrict any file/folder ACL to this setting)

Start with the following (These are mostly defaults):
- share a filesystem without guests=ok
- keep global share level ACL at everyone=full (default)
- keep File/folder ACL of the shared filesystem at root=full, everyone=modify (default)
- keep ZFS settings aclmode and aclinherit at pass-through (default)

- create folders below the filesystem, then restrict ACL of these folders like
folder a: everyone=modify
folder b: everyone=read, user x=full
folder c: user y=full (no other user beside root)


If you set ACL, keep ACL inheritance at file and folder unless you know that you restrict otherwise ACL only for newly created files and folders below.


a more advanced example with folder ACL like
- everyone = allow readx, this folder only
- owner = allow full, inherit to files and folders
- everyone= allow create folder: this folder only

This means: everyone can read this folder and can create a folder below, is owner and has full access. No other person is allowed in this new folder
 
Last edited:
Back
Top