OpenZFS NAS (BSD, Illumos, Linux, OSX, Solaris, Windows + Storage Spaces) with napp-it web-gui

_Gea said:
i changed some settings due to your suggestions:

napp-it 0.414o changelog:
- pw-length now max 16 char (does not work on Nexenta, without modifications, Nexenta use only first 8 char.)
- if you change/ set a user pw, you have to enter twice
- menu disks, identify drive via dd (does not work on all systems)
Click to expand...

Awesome! I will give this a shot tonight when I get home. Thanks!

EDIT: Actually, I've got another one for ya. When rebooting, my encrypted folders lock back up which is great. However, if those folders are shared out via SMB, I must un-share them and then re-share them after decrypting the folder. Is there any way you can have the interface reshare the folder "if and only if" the folder was shared out prior to decryption?

If this doesn't make sense, let me know and I will provide pictures.
 
If I have a thin prov LU(3 LU of 500GB in size) and my pool is only 1TB big, what happens when pool gets full?
What error will I get on the initiator side? Disk full even though there will be 100GB of free space?
No error, just corrupted image?

Matej
 
If I use VirtualBox with Solaris as Host and 2008R2 as guest, is there any way an underlining zfs raidz from solaris can be used by windows as storage. There seems to be a 2TB limit via virtualbox.

Can this be done via iSCSI for example? I have read that "raw disk access" can be configured somehow but how about 10 disk / 20TB raidz?

Thanks
 
wingfat said:
If I use VirtualBox with Solaris as Host and 2008R2 as guest, is there any way an underlining zfs raidz from solaris can be used by windows as storage. There seems to be a 2TB limit via virtualbox.

Can this be done via iSCSI for example? I have read that "raw disk access" can be configured somehow but how about 10 disk / 20TB raidz?

Thanks
Click to expand...

A type-2 hypervisor like Virtualbox on top of Solaris is not the fastest way to run Windows but
i am sure, you do not really want to avoid ZFS with Windows Raw disk access at all !!

So iSCSI is a way to have ZFS features with Windows +NTFS disks, but you need to have enough RAM for Solaris (1GB+)
+ VirtualBox (?) + ZFS (4 GB+) + Windows 2008 (4GB) = 9-12 GB+ for a rather slow solution compared
with a type 1 barebone solution with XEN or ESXi.

My opinion is: Virtualbox is ok, if you mainly need Solaris + some smaller or Test-VM*s


Gea
 
Hey Gea,

Napp-it is really awesome and I was hoping I could throw in a (probably easy) feature request. My server is connected to a UPS and it can monitor the UPS via APCUPSD, which runs well on solaris. It has some cgi scripts to generate UPS status information, see:

http://www.apcupsd.com/manual/manual.html#apcupsd-network-monitoring-cgi-programs

I was wondering if it would be possible to have napp-it display this information?

Thanks!
s0rce
 
I'd like to make a copy of my 16G SSD boot drive (rpool) onto a USB drive as a backup. I created the zfs pool on the usb drive using napp-it.

I've made a new snap shot (zfs snapshot -r). I've tried to do a:
zfs send rpoo1@2011-04-06 > zfs receive usb

but it says it cannot unmount /usb

Any help would be great! Thanks!
 
s0rce said:
Hey Gea,

Napp-it is really awesome and I was hoping I could throw in a (probably easy) feature request. My server is connected to a UPS and it can monitor the UPS via APCUPSD, which runs well on solaris. It has some cgi scripts to generate UPS status information, see:

http://www.apcupsd.com/manual/manual.html#apcupsd-network-monitoring-cgi-programs

I was wondering if it would be possible to have napp-it display this information?

Thanks!
s0rce
Click to expand...


1.
copy your cgi files to /var/web-gui/wwwroot/_my

2.
make them executable

3.
call them via
http://serverip:81/_my/cgifile

and check if they work

4.
create a private menu in napp-it and link to this cgi-files
you may embedd the link in an iframe just i do it with help pages

Gea
 
Last edited:
s0rce said:
I'd like to make a copy of my 16G SSD boot drive (rpool) onto a USB drive as a backup. I created the zfs pool on the usb drive using napp-it.

I've made a new snap shot (zfs snapshot -r). I've tried to do a:
zfs send rpoo1@2011-04-06 > zfs receive usb

but it says it cannot unmount /usb
Click to expand...

you may try something like

zfs send rpoo1@2011-04-06 > /dev/rmt/0 (use your device names)
zfs send rpoo1@2011-04-06 | gzip > backupfile.gz (use full path)

or just rsync needed folders.


see also
http://docs.huihoo.com/opensolaris/solaris-zfs-administration-guide/html/ch06s03.html

Gea
 
Emulsifide said:
When rebooting, my encrypted folders lock back up which is great. However, if those folders are shared out via SMB, I must un-share them and then re-share them after decrypting the folder. Is there any way you can have the interface reshare the folder "if and only if" the folder was shared out prior to decryption?

If this doesn't make sense, let me know and I will provide pictures.
Click to expand...

today's napp-it reshares a Solaris 11 Express folder after unlocking.

Gea
 
Gea, related to the password-length issue I discussed before (thanks for the changes! Much improved, but...) it seems like the way that napp-it is storing passwords with more than 8 characters may be broken: if I change my password using napp-it, to a password longer than 8 (generally 12 or so), I can't use that password in ssh, smb, or local console. If I then change my password to the first 8 characters of the same password, again using napp-it, everything works again.

Could it be related to special characters? I always use a few in my passwords. When I change them using passwd, everything is fine.

Second question: what's the best way to set SMB share permissions? I have a share that won't let me connect unless I'm using root credentials. The ACLs seem good, but the share itself is uncooperative.

Third question: regarding using the Solaris SMB client to connect to a native Windows SMB share: I can't seem to authenticate. The SMB client wants me to supply a domain, but my systems are configured as part of a workgroup. I've tried: workgroup\<username> , <servername>\<username> , and <username> leaving the domain blank, but nothing seems to work.
 
Last edited:
levak said:
I just mirrored my zpool, it all went smoothly without any problems with the help of this guide...

Matej
Click to expand...

Thanks, that guide seems to cover how to make a running mirror of the rpool, I would like to make a mirror but not keep it connected since the USB drive is slow. Just keep it as a bootable (or not) backup that I can use if my main boot drive fails.
 
Any idea of SE11/Open Indiana have support for the new Sandy Bridge Xeons / C202/204/206 server chipsets?
 
Gigas-VII said:
Gea, related to the password-length issue I discussed before (thanks for the changes! Much improved, but...) it seems like the way that napp-it is storing passwords with more than 8 characters may be broken: if I change my password using napp-it, to a password longer than 8 (generally 12 or so), I can't use that password in ssh, smb, or local console. If I then change my password to the first 8 characters of the same password, again using napp-it, everything works again.

Could it be related to special characters? I always use a few in my passwords. When I change them using passwd, everything is fine.

Second question: what's the best way to set SMB share permissions? I have a share that won't let me connect unless I'm using root credentials. The ACLs seem good, but the share itself is uncooperative.

Third question: regarding using the Solaris SMB client to connect to a native Windows SMB share: I can't seem to authenticate. The SMB client wants me to supply a domain, but my systems are configured as part of a workgroup. I've tried: workgroup\<username> , <servername>\<username> , and <username> leaving the domain blank, but nothing seems to work.
Click to expand...

about special characters in passwords

napp-it uses passwd to change passwords. but usually passwd is a console-only application.
using it via a web-application is rather tricky. to avoid some cgi-problems, i parsed the input prior
processing it. but i have noted the allowed characters at the input form (a-zA-Z0-9,.-+#)

if i have some time, i can look, if i can allow more special characters.
at the moment, you can use only the above characters, when setting a pw with napp-it


about folder-ACL - quick and easy -
set unix permissions to 777 and set needed ACL from a Windows machine smb-connected as root

about share-ACL - quick and easy -
if you want to set ACL at share level, smb-connect to your Solaris machine from Windows as a user, member of Solaris SMB-administrators.
Start then computer-management at your Windows machine and connect computer-management with your Solaris server .
You can now set share permissions from Windows for your Solaris machine, restart smb-service after changing.

about Solaris SMB client
have not used yet


Gea
 
Last edited:
Hey Gea,

Thanks, I copied the files into /var/web-gui/wwwroot/_my and did chmod +x, however, when I pointed firefox at the file it just went to download the file, I looked at the napp-it files and they were all .pl so I tried to rename my .cgi file to .pl and then it worked but everytime I clicked on anything on the cgi site it would point to a .cgi and file and just try and download it, do you know if this can be solved?

Thanks very much,
s0rce

edit: in your init.d file (not sure if this is used in solaris) you specify -c **.pl instead of cgi-bin/* or **.cgi so this limits the executable cgi-scripts to ones with the .pl extension. I can't figure out how to change this setting (I figure cgi-bin/* should work if I place my files also in the cgi-bin directory).

Thanks!

_Gea said:
1.
copy your cgi files to /var/web-gui/wwwroot/_my

2.
make them executable

3.
call them via
http://serverip:81/_my/cgifile

and check if they work

4.
create a private menu in napp-it and link to this cgi-files
you may embedd the link in an iframe just i do it with help pages

Gea
Click to expand...
 
Last edited:
Looking at this method to setup a ZFS nas. Would adding virtualbox to this config to run a small ubuntu server vm be ok?


or would i be better off on the ESX path. I plan on doing this on a supermicro atom d525 motherboard.
 
Last edited:
s0rce said:
Hey Gea,

Thanks, I copied the files into /var/web-gui/wwwroot/_my and did chmod +x, however, when I pointed firefox at the file it just went to download the file, I looked at the napp-it files and they were all .pl so I tried to rename my .cgi file to .pl and then it worked but everytime I clicked on anything on the cgi site it would point to a .cgi and file and just try and download it, do you know if this can be solved?

Thanks very much,
s0rce

edit: in your init.d file (not sure if this is used in solaris) you specify -c **.pl instead of cgi-bin/* or **.cgi so this limits the executable cgi-scripts to ones with the .pl extension. I can't figure out how to change this setting (I figure cgi-bin/* should work if I place my files also in the cgi-bin directory).

Thanks!
Click to expand...

i would not suggest to change napp-it settings. (I will move it to Solaris service management in one of the next version. You may use another instance of minihttpd on another port or you may open your cgi file with a texteditor and replace all .cgi with .pl

Gea
 
pipingfiend said:
Looking at this method to setup a ZFS nas. Would adding virtualbox to this config to run a small ubuntu server vm be ok?


or would i be better off on the ESX path. I plan on doing this on a supermicro atom d525 motherboard.
Click to expand...

Either way is slow with atom and 4 GB max.
I would use virtualbox if i mainly need Solaris and ESXi if all VM's are
as important and if i want to have best Disk and Netperformance from VM's
and all the other goodies of ESXi like easy handling/ move/backup, better
support for different guests especially Windows or better control of cpu and
ram resources together with ram over-commitment.


Gea
 
A question about the solaris/smb/windows security. I've done as suggested, but when I try to add / set users permissions from windows, it keeps telling me the user in question does not exist. Where does he need to exist (I created them in the napp-it interface) and what am I missing ?
 
It's me again:)

I was playing with iscsi today a little bit and there is something about snapshots with filebased LU that I want to know...

If I have filebased LUs and I make a snapshot, how do I reach it?
With Volume LU there is no problem. Just create a new VolumeLU with chosen pool and instead of volume, I choose snapshot.
I can probably do the same with the snapshot of my ZFS folder in which filebased LUs are located, but then I get a ZFS "formated" device shared over iscsi which I can't mount(AFAIK). How do I get to the data on snapshot on filebased LU if I don't want to rollback the whole ZFS folder?

Another thing: how do I set MAILFROM in nappit? Not it's sending the email as napp-it-no-reply-xxx@gmail.com which my mail server wont allow to relay. I want to change it to noreply@mydomain.tld. Where can I set that?

Thanks, Matej
 
_Gea said:
i would not suggest to change napp-it settings. (I will move it to Solaris service management in one of the next version. You may use another instance of minihttpd on another port or you may open your cgi file with a texteditor and replace all .cgi with .pl

Gea
Click to expand...

The CGI files were compiled so I just used another instance of mini-httpd, thanks very much!

napp-it is great, my last HDD is coming in monday so I hope I can get my server completely set up soon
 
levak said:
It's me again:)

I was playing with iscsi today a little bit and there is something about snapshots with filebased LU that I want to know...

If I have filebased LUs and I make a snapshot, how do I reach it?
With Volume LU there is no problem. Just create a new VolumeLU with chosen pool and instead of volume, I choose snapshot.
I can probably do the same with the snapshot of my ZFS folder in which filebased LUs are located, but then I get a ZFS "formated" device shared over iscsi which I can't mount(AFAIK). How do I get to the data on snapshot on filebased LU if I don't want to rollback the whole ZFS folder?

Another thing: how do I set MAILFROM in nappit? Not it's sending the email as napp-it-no-reply-xxx@gmail.com which my mail server wont allow to relay. I want to change it to noreply@mydomain.tld. Where can I set that?

Thanks, Matej
Click to expand...

currently, its hardcoded in the menu/ job script.You may edit the job-script or wait to a further version. i will add a from-field to napp-it settings.

Gea
 
DJ_Datte said:
A question about the solaris/smb/windows security. I've done as suggested, but when I try to add / set users permissions from windows, it keeps telling me the user in question does not exist. Where does he need to exist (I created them in the napp-it interface) and what am I missing ?
Click to expand...


yes, you have to use a Solaris user like host\name.
(smb connect as root)

suggestion:
From Windows, you can display a list of all user and select names from the list
to have the correct namings (Windows security-extended properties-search)

Gea
 
_Gea said:
currently, its hardcoded in the menu/ job script.You may edit the job-script or wait to a further version. i will add a from-field to napp-it settings.

Gea
Click to expand...

That would be super great:)

Any idea on a iscsi "problem"?
I was playing with iscsi today a little bit and there is something about snapshots with filebased LU that I want to know...

If I have filebased LUs and I make a snapshot, how do I reach it?
With Volume LU there is no problem. Just create a new VolumeLU with chosen pool and instead of volume, I choose snapshot.
I can probably do the same with the snapshot of my ZFS folder in which filebased LUs are located, but then I get a ZFS "formated" device shared over iscsi which I can't mount(AFAIK). How do I get to the data on snapshot on filebased LU if I don't want to rollback the whole ZFS folder?
Click to expand...

Thanks, Matej
 
levak said:
If I have filebased LUs and I make a snapshot, how do I reach it?
Thanks, Matej
Click to expand...

Like any other file from a snapshot, either

1. via console/ midnight commander from ..folder/.zfs/snapshot
2. via filebrowser nautilus (start as root) and time-slider
3. via Windows previous version if you Cifs-share the folder containing your files

Gea
 
I was thinking more like if I can mount the snapshot and go "inside" it, so I could reach all the files in iscsi LU.

If you have a volume LU and you create a snapshot, you can attach that snapshot to iscsi and mount the snapshot on iscsi initiator and get access to all the files inside the iscsi filebased LU, so I can only copy back 1 folder instead of rolling back the whole LU.

NFS share would be better for those things, since reaching previous versions would be easier, but I get poor performance with NFS compared to iscsi filebased LU. Well actually now I see, only seq write is about 20MB/s slower that iscsi:)

Some bonnie benchmarks
fatlady is the NAS server
moron is iscsi filebased LU with ext3
moron-nfs is nfs mount

I am interested in why NFS can't max out the 1gbps network or at least get close to it, because reading can max it(or at least get close to it). Also, I get better seeks with nfs. On the other hand, performance of iscsi zvol is REALLY BAD! Kiddna weird?!

Matej
 
Is there a chance to add the snapshoted filebased LU as thin prov LU?

I tried with sbdadm import-lu /zpool1/iscsi/.zfs/snapshot/08.04.2011_21\:08\:37/mail , but I get sbdadm: meta file error.

If I try create-lu, I get sbdadm: unknown error.

If I could do that, I could add another view to iscsi and mount the new iscsi device and copy the data over...

I also tried zvol iscsi, but the performances are abnormaly poor. Writes around 20MB/s and read around 10MB/s. Don't know what the cause can be, since filebased LU and NFS can do much better...

Update:
I tried dd-int zvol: dd if=/dev/zero of=/dev/zvol/rdsk/zpool1/zvol-iscsi bs=1M count=1000
I get around 22MB/s write and load average goes up to 5 and it would still climb on, but dd finishes by then and then it starts to descend... Weird. Anyone had such problems?

Update2:
I changed block size from 512k to 4k and the speed are now better and cpu usage lower, but still not as fast as filebased LUs.

Update3:
I tried different block sizes and when I go above 4k, results are getting better and better(with block size 64k I get close to what I get with filebased LU) - see the link in previous post. Filebased LU are still less CPU intensive than zvols though.

Update4:
Finally sound a solution. I described it in post #366

Matej
 
Last edited:
Hi all. There's any way to know why my hard disks doesn't go to sleep? The raidz is only used for storage, no logs or something like that. Here is a copy of mi power.conf

autopm enable
autoS3 default
cpupm enable
cpu-threshold 1s
# Auto-Shutdown Idle(min) Start/Finish(hh:mm) Behavior
autoshutdown 30 9:00 9:00 noshutdown

#device-thresholds /dev/dsk/c8d0 10800s
#device-thresholds /dev/dsk/c8d1 10800s
#device-thresholds /dev/dsk/c7t0d0 10800s
device-thresholds /pci@0,0/pci1458,b002@11/disk@0,0 120m
device-thresholds /pci@0,0/pci1458,b002@11/disk@1,0 120m
device-thresholds /pci@0,0/pci1458,b002@11/disk@2,0 120m
device-thresholds /pci@0,0/pci1458,b002@11/disk@3,0 120m
device-thresholds /pci@0,0/pci1458,b002@11/disk@4,0 120m
device-thresholds /pci@0,0/pci1458,b002@11/disk@5,0 120m


Sergio
 
danswartz said:
I specifically DID put the initiator name in, but it still allowed me to connect. oh well...
Click to expand...

I tried this again, with OI 148 again. Same damn thing. Although I explicitly used host groups, target groups and views, and the documentation *says* this should control which initiators can see which LUNs, it doesn't seem to work that way :( Either I am missing something, or there is a bug in comstar :(
 
danswartz said:
I tried this again, with OI 148 again. Same damn thing. Although I explicitly used host groups, target groups and views, and the documentation *says* this should control which initiators can see which LUNs, it doesn't seem to work that way :( Either I am missing something, or there is a bug in comstar :(
Click to expand...

Weird, the thing works for me...

Here is how I did it:
- create a LU,
- add a target A (iqn.1986-03.com.sun:test)
- create a target group tg-A and add member A.
- create host group hg-B and add initiators name (iqn.2002.com.domain:some-random-numbers-or-name)
- create a view, where I choose LU I created, add target group tg-A and host group hg-B

Thats it:)

If it doesn't work, could you post screenshots of menue comstart and comstar-view? We might see something there...

Matej
 
Matej, just so we are clear. Doing the above, I DO see the target I want to see. My complaint is that I also see targets I should not see. I can't tell from your post if you were testing that or not.
 
Oo now I get it:)

I can always see/discover all the targets(you can limit them to listen on only certain IPs) but I can't login to iscsi target, if the iscsi initiator is not in the host group. Well, actually I can even login to the iscsi target, but I can't see any LUN's.

So this is how I see things:
- you can always see all iscsi targets, but you can limit on what IPs iscsi target listens
- you can always login to iscsi target, if you don't set CHAP or any other authentication
- you can always see all LUNs, if you don't set host group(in that case it's set to all)

Matej
 
No, that is my point! I DID use host groups with views, but the initiator still sees all of the LUNS, despite the docs saying it should not work that way :( I am doing an OI install onto a VM to re-test that...
 
Weird... I'm using IO as well and the thing works on my end.

Can you copy the output of menue comstar-view-detailed view(and select a view).

lp,Matej
 
Weird... Everything looks the same as in my configuration but in my case, it works:) So on the win7 box you can see the testfile LUN and can access it? Weird... Because I can see and connect to the remote target, but I don't see any LUNs.

I'm afraid my knowledge is too little to do much help from here on(just started using solaris 14 days ago). Maby we should wait for Gea or someone else to help.

Matej
 
Actually, I think we have a terminology disconnect here. I can see the target but I haven't actually tried to connect to it - mainly because according to the docs, I shouldn't even be able to see the target.
 
Yea, I can see the target and I can connect to it, but when I connect, I can't see any LUNs... If I add the initiator to the host group, then the LUNs apear.
 
You must log in or register to reply here.
Back
Top