Proper way to set up FreeNAS server

[GChuck]

First let me say that I'm totally new to FreeNAS and apologize if what I'm asking has been asked and answered before.

I have been using Windows Home Server 2011 (and WHS V1) for many years as a home server and I now need to replace it as Microsoft has abandoned the product. I did look at newer versions of Windows Server (2012 and 2016) but gave up after realizing they were expensive and often did not work properly.

I use my Home Server for three things; a file server for my household network of 5 Windows PC's, 1 Mac Desktop and 1 Linux Desktop, a backup server to automate backups nightly for my home network and lastly as a media server to store and display my home movies, music and photographs.

I have 2 WHS boxes in use; primary and backup. So I took the backup WHS machine and installed Ubuntu 18.04 LTS server. This machine is an older Core 2 Duo with 16GB memory, 1 160GB drive for system and 3 2TB drives for backups and data. On this server I then installed Samba server and Plex Media Server and after a couple of weeks of trial and error have now gotten this machine to more or less mimic what WHS had been doing for me for years. In addition, I have been using a freely usable backup product from a company called Veeam to create and manage my backups

This is all working pretty well, but it does not offer any form of safety net for disks going bad. So that brings me to FreeNAS!

I have another identical machine that I have been trying to get FreeNAS to work on. This machine may be under powered, but it should be adequate for my testing. If I can get it working properly, then I'll upgrade the hardware.

First I have purchased 4 2TB WD Red NAS drives and installed them in the box. What I would like to do is to have these four drives set up as a RaidZ configuration for both boot and for data, but try as I might, when I install FreeNAS 11.2-U7 and tell it to use all four drives, it won't boot. The box boots via MBR. I then re-ran the install and used only the first 2TB drive for boot and everything installed fine. I was then able to boot, create a RaidZ pool out of the remaining 3 2TB drives and kind of configured the system with the shares I wanted. Not ideal, but workable.

Anyway after reading (and re-reading) the documentation here are the issues I cannot wrap my brain around:

1. the docs say you can create pools out of either disks or partitions. So can I create a mirrored boot pool out of partitions on the first two disks or better still create a RaidZ pool out of the first partition of all four disks and then use the rest of the partition space on the four drives to create a RaidZ pool for data?
2. once the data pool has been created I want to create 3 data sets; 1 for shared data, one for client backups and one for server backups. Which leads me to the next question. Within the shared data area I need to have a number of separate areas for data storage. i.e. music, photos, video and public. Should these be created as file systems or data sets under data sets. If I create them as file systems, then when shared, they do not appear to show up under the windows "Net View \\server" command, but if I create them as data sets beneath data sets, then the "Net View \\server" sees them and the comments I've created.
3. the last problem I've been having is getting the "public" share to work properly. This share be considered to be similar to the /tmp directory on a Unix like system. All users have read, write and delete privileges. Data stored here cannot be considered saveable, just temporary. The only way I was able to get this share working at all was to not designate it as a "Windows" share but instead to create it as a Unix share. Not sure if that's correct or not.

I think I would like to use FreeNAS to permanently replace my WHS machine, but right now I cannot quite get shares to work the way I want them to work. All I need is simple file sharing; allow some of my users full access to some shares, read only access to others and not allowing network guests any access to any shares but the public ones.

Thanks in advance for any directions anybody can offer me

Greg

P.S. I'm not a complete newby. I spent over 40 years in IT managing big iron, PDPs and Vaxen and in later years Windows Servers, Ultrix, DEC Unix and AIX system. I have been retired for 15 years, but have kept my fingers dirty by doing small contracts over the years.

 

[KrisBee]

@GChuck Some general points:

1. Your core2duo hardware must be > 10 years old and probably doesn’t support ECC memory which is always useful to have in a sever and many would argue is essential to have if using ZFS. It’s something to think about.

2. You say your Ubuntu sever offers no protection against drive failure but you could have, (a) used a hardware raid card, (b) used linux software RAID – mdadm, (c) sync data between disks with an rsync script, or (d) easily used ZFS, creating a raidz1 with those three data disks giving you 4TB of usable data and protection against a single disk failure. The later would make for an interesting comparison with FreeNAS.

FreeNAS specific points:

1. You have separated OS drive from data drives in your Ubuntu install, why would FreeNAS be any different? FreeNAS is designed to install and run from flash media – your boot pool, while storing data on a separate array of disks – your data pool. Using whole disks over partitions is preferred. It is not essential to mirror the boot device – eg. use two usb sticks - it depends on your tolerance of server down time. What is important is to save your FreeNAS configuration in order to restore the system if a boot device fails. Running from USB sticks saves SATA ports, but boot times are relatively slow and they have limited lives, so small SSDs are now a popular choice but you could also use laptop drives as a boot device with longevity.

2. If your hardware has a limited number of SATA ports, running FreeNAS from a usb stick will allow you to use all four of your data drives in a zfs pool. You could create a raidz2 data pool that gives 4TB of usable space (it will actually be less for technical reasons) that can tolerate up to any two disks failing. An alternative would be a pool made up of a pair of mirrors (equiv to RAID10) giving the same usable space but only tolerating a single disk failure per mirror. You could stick with 3 drives in raidz1 data pool, keeping the fourth as a spare. But raidz1 in not recommended, even for small 2TB drives, due to the stress on other drives during a pool resilver after a failure and the chances of another disk failing during this process. It’s matter of risk assessment.

3. What do you understand by the term “filesystem” in the context of FreeNAS? You can think of zfs datasets as like segmenting a drive into partitions, on which you would then create and format a filesystem for each partition. So each dataset is its own filesystem (reflected in the output of the mount command in the FreeNAS shell). Hence if you create a separate datasets for each of “music, photos, video and public” you would have to define four separate windows shares in FreeNAS. That simple scheme might suffice and allow different perms of each share. You can vary the properties of each dataset, while snapshots and backups can happen at different times and frequencies for each dataset according to need. You can also choose to share folders within a given dataset, or use dataset with datasets, this might add flexibility but also adds complexity.

4. You should be able to create a “public” share in FreeNAS as a “windows type share” and not use “unix type share. Not done this myself recently, and if you mean public as in “guest share” visible to all and requiring no name/password to access it within Windows, then I seem to remember guest in Windows 10 is turned off by default for SMBv2 and above(?) for network logons. I’m sure you can find the answer on the forum.

EDIT. It's simpler for me to test "guest" access to a FreeNAS SMB share from a linux client. Created a dataset called "public" setting it to "windows share type" and editing permissions to change owner and group both to "nobody", as the FreeNAS SMB service defaults to using "nobody" as the guest account. Created a new "windows share" called public, checking three things: "allow guest access, "default permssions" and "Browseable to Network Clients".

I don't know what linux distro/desktop file manger you're using, but typically linux desktop file managers use gvfs helper programs and you probaby type in a network location as "smb://<freenas ip >" this should give access to the public share. If you use an explicit mount command at the CLI as root, then you need for example: mount -t cifs -o guest,dir_mode=0777,file_mode=0777 //192.168.0.24/public /home/chris/CIFS . Without the dir/file mode arguments, linux defaults to 0755 dir & file mode when mountng as "guest" thus leaving root as the owner/group of the mount, so non-root users don't have full access. You should find everything ends up as nobody:nobody on your FreeNAS dataset. If you want permanent SMB mounts in lunx , than you need to do the equivalent in /etc/fstab , or user systemd automounts. (** See below of other for other possible mount cmds)

FreeNAS side:

Code:

root@freenas[/mnt/NasPool/public]# ls -lR
total 1
-rwxrwx---+ 1 nobody  nobody  0 Jan  8 13:30 .windows
root@freenas[/mnt/NasPool/public]# ls -lR
total 1
-rwxrwx---+ 1 nobody  nobody  0 Jan  8 13:30 .windows
drwxrwx---+ 2 nobody  nobody  3 Jan  8 15:12 publicfolder

./publicfolder:
total 1
-rwxrwx---+ 1 nobody  nobody  37 Jan  8 15:12 pubtxtfile
root@freenas[/mnt/NasPool/public]# ls -lR
total 1
-rwxrwx---+ 1 nobody  nobody  0 Jan  8 13:30 .windows
drwxrwx---+ 2 nobody  nobody  4 Jan  8 15:14 publicfolder

./publicfolder:
total 1
-rwxrwx---+ 1 nobody  nobody  19 Jan  8 15:14 pubtxt2
-rwxrwx---+ 1 nobody  nobody  37 Jan  8 15:12 pubtxtfile
root@freenas[/mnt/NasPool/public]# getfacl /mnt/NasPool/public
# file: /mnt/NasPool/public
# owner: nobody
# group: nobody
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow
root@freenas[/mnt/NasPool/public]#

liunx side:

Code:

root@sweep:/home/chris# mount -t cifs -o guest,file_mode=0777,dir_mode=0777  //192.168.0.22/public /home/chris/CIFS
root@sweep:/home/chris# cd /home/chris/CIFS;ls -lR
.:
total 0
drwxrwxrwx 2 root root 0 Jan  8 15:12 publicfolder

./publicfolder:
total 1024
-rwxrwxrwx 1 root root 37 Jan  8 15:12 pubtxtfile
root@sweep:/home/chris/CIFS# ls -lR
.:
total 0
drwxrwxrwx 2 root root 0 Jan  8 15:14 publicfolder

./publicfolder:
total 2048
-rwxrwxrwx 1 root root 19 Jan  8 15:14 pubtxt2
-rwxrwxrwx 1 root root 37 Jan  8 15:12 pubtxtfile
root@sweep:/home/chris/CIFS#

*** Other mount cmd examples:

mount -t cifs -o guest,uid=1000,gid=1000 //192.168.0.22/public /home/chris/CIFS

mountpoint owned by a non-root user chris with id 1000 - no password required, full access to data by user and stil ends up as nobody:nobody on FreeNAS.

mount -t cifs -o guest,uid=nobody,gid=nogroup //192.168.0.22/public /home/chris/CIFS

No password required, non-root access gets read access but need to be root for other actions.

 

[GChuck]

KrisBee, thank you for your response.

Yes, I know my hardware is old. But please bear in mind that this is just a setup to allow me to test the viability of using FreeNAS. Until I have determined whether or not FreeNAS will work for me (from both a technical and management point of view), I want to keep costs down to a minimum (poor retired person!!). Should I decide to go with FreeNAS, then all hardware will be upgraded to meet minimum specs.

While I have no raid hardware or software running on my Ubuntu system, I do back the complete system up every night to 2 alternating 10TB USB 3.1 hard drives using the Veeam backup software. Unfortunately, Veeam does not have a backup agent for FreeBSD systems, only Linux and Windows. So, I'm not sure what I'll use for backup of the FreeNAS boot drive, or even if I need to do a backup.

My first go round with FreeNAS, I did install it to boot from a USB stick, which then frees up all four drives slots for data drives. But for some reason, I didn't feel comfortable booting this way. Anyway, I've set up the system to again boot from a USB stick and will do the rest of my configuration and testing using this method.

Ah, zfs datasets versus filesystems. And Pools versus Volumes. These ones have me perplexed!

I'm not sure exactly what the differences are but let me explain what I'm trying to do and how I'm going about it. First I have created a Zraid2 pool containing my four drives and called it York-data (please excuse the names; this is only a test) Next I created three datasets within this pool; Server, Client and Share. Then, within the Share dataset, I created five more datasets; Music, Pictures, Videos, Users and Public. Finally I shared these last five datasets as windows shares. So what I end up with is datasets nested within datasets and the bottom dataset set up as the share.

This left me a filesystem configuration which looks like this not counting the system created filesystems:

Filesystem 1K-blocks Used Avail Capacity Mounted on
York-data/Client 3770666284 88 3770666196 0% /mnt/York-data/Client
York-data/Server 3770666284 88 3770666196 0% /mnt/York-data/Server
York-data/Share 3770666292 96 3770666196 0% /mnt/York-data/Share
York-data/Share/Music 3770666284 88 3770666196 0% /mnt/York-data/Share/Music
York-data/Share/Pictures 3770666284 88 3770666196 0% /mnt/York-data/Share/Pictures
York-data/Share/Videos 3770666284 88 3770666196 0% /mnt/York-data/Share/Videos
York-data/Share/Users 3770666284 88 3770666196 0% /mnt/York-data/Share/Users
York-data/Share/Public 3770666284 88 3770666196 0% /mnt/York-data/Share/Public

So, with this configuration, I can see all five of my shares when I do at "net view \\york" from any of my windows boxes. However, I cannot access any of the shares; permission denied. So I reverted back to my Linux setup where all the shares where owned by the user "york-admin" and the group "tlcuser". Each user who needs access to these shares were then created along with the two groups, plus one additional group "tlcadmin". All users belong to the "tlcuser" group, but only two users belong to the "tlcadmin" group. Doing this finally allowed me to have read/write access to my shares.

I still have work to do on my public share which, like the /tmp directory, should be read/write all users, plus guests. I know that setting this up as a Unix share instead of a Windows share, allows my users the R/W access they need. Again on my Linux box, this directory was owned by "nobody" and group "nogroup"

Do you see any problems with this sort of setup? Also, is it normal to have to create directories and/or modify permissions outside of the FreeNAS GUI?

Thanks for any information you can share.

Greg ...

 

[KrisBee]

While you’re evaluating FreeNAS on real, but old, hardware with a USB stick for the boot device, do remember to save your FreeNAS configuration regularly (System ➞ General, guide 6.1) and move the system dataset to your pool (System ➞ System Dataset, guide 6.6). If you commit to FreeNAS then it’s worth setting up a cron job to auto save the FreeNAS config db as shown here for example: https://www.familybrown.org/dokuwiki/doku.php?id=fester112:additional_configbackup

Do you need to “backup” of the boot device where FreeNAS is installed? This is not like a Windows or Ubuntu server, both of which are subject to regular software updates and where you’d want the facility to backup & restore the system. FreeNAS is static between upgrades and/or new releases. Use a mirrored boot device if you can’t tolerate down time due to a single device failure. Otherwise just re-install on a new boot device and load the saved configuration.

Keeping data drives separate from your boot device means you can simply transfer them to a new server if you want to keep the pool and its data intact. Personally, I wouldn’t fully load your pool during evaluation as you may decide against using FreeNAS or decide to increase the number of data drives you wish to use in any hardware upgrade. One downside of ZFS is the relatively inflexible nature of increasing the number of disks in a pool, better to get it right first time. While four data drives are acceptable, many home users choose six data drives in a raidz2 pool as a good balance between storage efficiency, redundancy and performance.

Some recommended reading for anyone new to zfs and FreeNAS:

https://www.ixsystems.com/blog/zfs-pools-in-freenas/
https://www.ixsystems.com/blog/overview-of-datasets-and-snapshots-in-freenas/
https://www.ixsystems.com/blog/zfs-pool-performance-1/
https://www.ixsystems.com/community/resources/introduction-to-zfs.111/

That should help clarify the correct terminology.

Do I see any problems with your dataset layout? At first glance no, but I would ask what recursive actions do you wish to perform on the dataset "York-data/share", either for within FreeNAS or externally? As you’ve already found it’s easy to be tripped up by permissions, is there a potential conflict between the perms you need on the parent dataset "York-data/share" in order to access say a share of "York-data/share/music" and a share of "York-data/share/public"? ( keep in mind the release notes re: default "Windows" dataset perms at https://www.ixsystems.com/blog/library/freenas-11-2-u7/) So is a nested dataset scheme necessary for your use case, or would York-data/music, York-data/public, etc. suffice?

If you thought to create a windows share of dataset “York-data/share” to access the child datasets that could cause headaches, for example ZFS snapshots as Windows previous versions may not work as expected as snapshots are tied to a given filesystem, and each dataset is a separate filesystem. Attempting to use the share “recycle bin” facility is likely to fail too. All that is best avoided.

There are some actions on the WebUI that will create necessary directories in datasets on your pool. You might have reason to use the FreeNAS shell to create directories in an existing dataset, but in general you tend to do this from the client side after creating shares

Up to FreeNAS 11.2-U7, you’d certainly might need to modify permissions for windows shares via a Windows client as show here: https://youtu.be/RxggaE935PM . Otherwise you’d use the FreeNAS shell to use “getfacl” and/or “setfacl” as needed. The next version FreeNAS 11.3 includes an ACL editor ( see this thread for further info: https://www.ixsystems.com/community/threads/methods-for-fine-tuning-samba-permissions.50739/ ).

 

[Evertb1]

FreeNAS is designed to install and run from flash media

Installing from a Flash drive (USB stick)is OK. But booting and running FreeNAS from an USB stick is not any longer the best possibility. Currently SSD's shoold be recommended as boot/os device. The reason for that is that the current versions of FreeNAS run directly from the boot/operating system device putting a bit more stress on that drive, while earlier versions ran from RAM. See paragraph 1.4.2 of the FreeNAS user guide.

 

[KrisBee]

@Evertb1 Don't think I said using a USB stick is the best option per se, as I ready mentioned using an SSD or even a laptop drive as boot a device. But for the OP, whose test rig has limited SATA ports, it seems the best option right now.