ZFS Datasets have to restart CIFS for network to see folders/files

[Paul5]

Hi, I have and auto decrypt and mount scripts that has been working fine until I re-did the ZFS volumes with Datasets. Everything still works except that I have to login and manually stop and start CIFs for the network to see the volumes folders. The irony is that the non encrypted drives are available.

I also increased the sleep time in the script between disk decryptions and mounting but it has had no effect.

Anyone have any idea on how to resolve it. For some reason CIFs does not refresh itself when I use data sets.

 

[dlavigne]

Which version of FreeNAS? Any other changes besides dataset creation (e.g. an upgrade)?

 

[Dusan]

Maybe you should also post your auto decrypt / mount scripts so that we can see what are you trying to do. Also, unless the scripts fetch the passphrase over network (i.e. you store it locally) I do not see a point of having an auto decrypt script. You can just remove the passphrase and be done -- the pool will still be encrypted, but will automount.

 

[Paul5]

Which version of FreeNAS? Any other changes besides dataset creation (e.g. an upgrade)?

Ok,

FreeNas 9.1.1

1 -ZFS volume mirrored 1GB with 4 datasets - auto decrypted and mounted on post init boot-

2 - 3 usb drives - USB 1 Freenas,USB 2 UFS to initiate decryption of usb3 and USB 3 ZFS usb which decrypts the volume. USB 2 & 3, are remotely connected to computer and both have to be in for decryption - this works and has been working without issue, except for a new one with CIF's and datasets.

First to answer Dusans question - the usb's 2 and 3 are remotely attached fixed/hidden/glued, also not available to the network, if you remove it you will destroy it. If you where to steel the nas you most likely will leave the usb cables behind, if not, rip them out, in any case the usb drives are likely to be left behind rendering the system useless. You also need both drives in at boot up to initiate decryption. The weakest link is the UFS usb which has the first password to decrypt the encrypted usb with main passwords and script, but that's why both have to be in.. Moral of the story, If I go away I can just remove the usb cables - system will not decrypt. My use, I start a media player send WOL. All done for you but whilst maintaining physical security of the NAS. Better than having to boot, wait, login and decrypt every time.
With the risk of theft for a home user your suggestion of removing the passphrase renders everthing moot. Why even bother with encryption.

I could do with the code for unmounting a usb after x seconds. That will then re-encrypt the USB's and unmount them, removing the exposure whilst FreeNas is running.

Actual problem:

1- Auto decryption: no datasets networks sees folders

2- Auto decrytion: with 4 datasets network does not see folders unless CIF's is stopped and started. In the FREENAS folder is just the printer icon

3- Manual decryption: network sees folders.

Initially I just had an encrypted ZFS volume - network picked it up. I then started playing with Datasets created 4 - no problems. However, I noticed that I had to stop and restart CIF's to get the network to see the folders.

The script I made up of bits and pieces I found.

Note:
1-I am unfamiliar with Syntax and rules to make it look neat. I've also removed a lot of my comments to remind me.
2-It works.
3-It can't be a sleep timing issue for I've gone up to 40 seconds on all with same results
4-something must be missing in my script or not being started after decryption in this manner.

#!/bin/sh
#This file is to Auto Decrypt And Mount Encrypted ZFS Volumes.
# test if /mnt/usbtest/Utilities/zfsvolumes if not script cancels.
if [ -e /mnt/usbtest/Utilities/zfsvolumes ]; then
echo "File Found..." >&2
else
echo "OOP's! Where is it??" >&2
exit 1
fi
#
##First Volume
#
#Unencrypts disk in primary disk in volume also adds sleep time
geli attach -j /mnt/usbtest/Utilities/zfsvolumes -k /data/geli/cf32ff91-b0a0-448c-a698-aa91eecce1c3.key /dev/gptid/62c4ba17-33ae-11e3-8d79-00248c4855a5
sleep 2
#
#Unencrypts additional disk in a volume
geli attach -j /mnt/usbtest/Utilities/zfsvolumes -k /data/geli/cf32ff91-b0a0-448c-a698-aa91eecce1c3.key /dev/gptid/635046fb-33ae-11e3-8d79-00248c4855a5
sleep 2
#
#Mounts the ZFS Volume pool also adds sleep time for mounting the pool
zpool import -R /mnt Encrypted
sleep 10
#
#Exits the script
exit 1

 

[Dusan]

When you unlock a volume via the FreeNAS GUI it asks you which services to restart so that they pick up the new pool. You are missing this part.
FreeNAS runs this to restart CIFS:

Code:

service ix-samba quietstart
service dbus forcestop
service dbus restart
service avahi-daemon forcestop
service avahi-daemon restart
service samba forcestop
service samba quietrestart

You can also get rid of the sleeps.

 

[Paul5]

When you unlock a volume via the FreeNAS GUI it asks you which services to restart so that they pick up the new pool. You are missing this part.
FreeNAS runs this to restart CIFS:

Code:

service ix-samba quietstart
service dbus forcestop
service dbus restart
service avahi-daemon forcestop
service avahi-daemon restart
service samba forcestop
service samba quietrestart

You can also get rid of the sleeps.

Ok, cool. I had actually gone looking for cifs for those reasons but didn't need to prior to datasets for some reason. I found nothing of any value and did notice the avahi folder.

Anyway, I gather I just add those lines after the zpool import without any additional code?

 

[Dusan]

Anyway, I gather I just add those lines after the zpool import without any additional code?

Correct, that should be enough to properly restart CIFS.

 

[Paul5]

Correct, that should be enough to properly restart CIFS.

Thanks, I'll give a try in about an hour.

 

[Paul5]

Correct, that should be enough to properly restart CIFS.

Thank you. Worked beautifully.

 

[Paul5]

Correct, that should be enough to properly restart CIFS.

Hi, Dusan, I'm hoping you see this.

Your help with the above stop start lines have been working flawlessly for two years now, many thanks, but I just upgraded to 9.3.1 from 9.2 and they no longer work in 9.3.1. My search keeps bringing me back to my own post. Would you know what the new script lines I should use would be?

One last question if you don't mind, what would be the right way to encrypt and unmount a volume: zfs unmount (Volume name) I know it works but I don't know if it's the right way to do it via a script.

 

[cyberjock]

Dusan isn't on the forums anymore.

There is no "right way" to script a zpool unmount. The only right way is via the WebGUI or via the API. Anything else is risky and totally not supported or even recommended.

Edit: And if your .system dataset is on the encrypted zpool, you're better off rebooting the machine to unmount the zpool.

 

[Paul5]

T

Dusan isn't on the forums anymore.

There is no "right way" to script a zpool unmount. The only right way is via the WebGUI or via the API. Anything else is risky and totally not supported or even recommended.

Edit: And if your .system dataset is on the encrypted zpool, you're better off rebooting the machine to unmount the zpool.

Thanks for that. I can live with them mounted.

If you're reading this and you know I came up with this to restart CIFS after auto decryption for as above the F/N 9.2 version doesn't work with 9.3.

It works but currently I have disabled until I can get some confirmation from someone who knows.

# 9.3.1 service restart for auto decrypted volumes.
# service samba_server stop
# service ix-pre-samba restart
# service samba_server start
# service ix-post-samba restart
# service collectd restart