Harry Tegnut
Cadet
- Joined
- Aug 28, 2021
- Messages
- 2
First of all I have to say I'm impressed how stable and usable this beta already is. I've worked with a TrueNAS Core server at work and I was interested to see how the transition from FreeBSD to Debian Linux in TrueNAS SCALE looks like and if I can use it for my personal projects at home. I read that 21.08 is around the corner, but I wanted to give feedback regarding three things i found in 21.06 beta:
1) I created several applications (nextcloud, haproxy, jellyfin) and used host path volumes for configuration and data files that are on a dataset that is encrypted. When I reboot the TrueNAS machine the applications are started even when the encrypted datasets (which contain the files for the host path volumes) are not unlocked yet. This creates strange behaviour of the applications (they usually start up with their first time configuration flow). I have to stop the instances, unlock the encrypted dataset, start the instances. It would be nice to be able to configure applications to startup manually only or if the startup service checks if host path volumes are on encrypted datasets and starts them only when the dataset is unlocked.
2) I had trouble setting the correct time of the machine via Web UI. The web UI showed the right one but when I entered date in the shell the clock was set to April still. I manually changed the time via timedatectl.
3) I scanned the TrueNAS Scale instance and found several open ports:
111 (rpcbind)
179 (kube-router)
548 (afpd)
6000 (asyncio_loop)
rpcbind is probably acceptable. But why does 179 and 6000 have to be reachable on 0.0.0.0? From a security perspective maybe it is better to make them listen only to localhost (if this is possible)?
Thanks for the amazing job. I'm looking forward to try out 21.08...
1) I created several applications (nextcloud, haproxy, jellyfin) and used host path volumes for configuration and data files that are on a dataset that is encrypted. When I reboot the TrueNAS machine the applications are started even when the encrypted datasets (which contain the files for the host path volumes) are not unlocked yet. This creates strange behaviour of the applications (they usually start up with their first time configuration flow). I have to stop the instances, unlock the encrypted dataset, start the instances. It would be nice to be able to configure applications to startup manually only or if the startup service checks if host path volumes are on encrypted datasets and starts them only when the dataset is unlocked.
2) I had trouble setting the correct time of the machine via Web UI. The web UI showed the right one but when I entered date in the shell the clock was set to April still. I manually changed the time via timedatectl.
3) I scanned the TrueNAS Scale instance and found several open ports:
111 (rpcbind)
179 (kube-router)
548 (afpd)
6000 (asyncio_loop)
rpcbind is probably acceptable. But why does 179 and 6000 have to be reachable on 0.0.0.0? From a security perspective maybe it is better to make them listen only to localhost (if this is possible)?
Thanks for the amazing job. I'm looking forward to try out 21.08...
