Quick Start Guide for Freenas 8

Quick Start Guide for FreeNAS 8.0

FreeNAS is © 2005-2010, Olivier Cochard-Labbé.

FreeNAS is © 2011, iXsystems

FreeNAS® is a registered trademark of Olivier Cochard-Labbé.

1. Introduction

BLURB ON WHAT FREENAS IS

1.1 History

DESCRIBE ORIGINS AND FORK

1.2 Which FreeNAS Should I Use?

2. What's New in 8.0

8.0 represents an entire rewrite from the .7 series of FreeNAS. In other words, FreeNAS was rewritten from scratch andfeatures were added as the new base stabilized. This means that not every feature in the .7 series was re-implemented andsome features that are not available in FreeNAS .7 are available in FreeNAS 8.0. Notable differences between the twoimplementations are as follows:

* versioning numbers have changed with the intent to have the version number reflect the base version of FreeBSD. ThisFreeNAS version is based on FreeBSD 8.2, but it is called 8.0 as there are future plans to add functionality that will get theversions caught up. Once FreeNAS 8.2 is out, a suffix will be added, such as 8.2.1 and 8.2.2.

* based on nanoBSD rather than Monowall

* design was changed from monolithic to modularized to allow for the creation of modules to add features and to allow usersto only install/configure the modules they need

* GUI rewritten in Django to allow for future expansion

* new TreeMenu GUI is now the default. The original GUI is still available by entering the appname after the URL used toaccess the GUI. For example: http://192.168.1.1/services [http://192.168.1.1/services].

* improved management of ownership/group/permissions of volumes and datasets

* ZFS parameters per dataset, such as quotas, were added

* LSI 6 gbps HBAs are now supported

* migrated to rc.d init system

* ports updated to FreeBSD 8.0

* iSCSI boot/install support added (experimental)

As is to be expected, many bugs were found during the testing snapshots of this release. The following improvements andbug fixes have been implemented:

* dynamic DNS and FTP now work

* a bug that was preventing the system from seeing all available disks has been fixed. This mainly affected people with RAIDcontrollers tha exported units with names other than daX.

* some CIFS settings that were mostly detrimental to performance have been removed

* log rotation is more aggresive and /var has been increased in size. This should fix performance degradation caused by fullfilesystems and broken logging.

* link aggreggation (LAGG) has been tested and is working, although the configuration of it is still not perfect. Rebootingafter configuring a LAGG is the best way to ensure the configuration is usable.

* disk space utilization shows in the volume overview

* support for 3ware 6bps RAID controllers has been added along withthe CLI utility tw_cli for managing 3ware RAIDcontrollers

* GUI access via HTTP or HTTPS

quick_start_guide_for_freenas_8.0 [FreeNAS] http://wiki.freenas.org/quick_start_guide_for_freenas_8.0

1 de 39 13/05/2011 05:06 p.m.

* link aggregations can be created and configured from the CLI interface

* enhanced ZFS support that delivers enterprise filesystem performance and management, Thin Provisioning, unlimitedsystem snapshots, uncompromising data integrity, remote replication for disaster-recovery (DR) backups, and practicallylimitless capacity

* added the ability to create periodic snapshot jobs, create one-time snapshots, clone snapshots which can then be exportedas shares like any other dataset, and rollback to a previous snapshot

* VLAN interfaces are fully supported and can be created from the GUI or from the CLI menu

* NFS shares can be set to use the full range of maproot and mapall options

* tuning is available for the NFS service to boost performance past gigE networking speeds

* users and groups available to the system from any source (local users, LDAP, or AD) are now presented anywhere a useror group is specified, whether it's volume permissions, Samba anonymous user, or NFS maproot

* kernel modules to support several RAID controllers were added, as well as the modules to enable mount_smbfs to workfrom the CLI

* added the ability to edit ZFS options from the GUI such as quotas, compression, reservations on existing volumes anddatasets

* ability to create “stacked” ZFS configurations in the GUI as well as add devices to existing ZFS volumes

* spare, cache, and log devices can now be added to ZFS volumes through the GUI

3. Features

* supports NFS, CIFS, AFP, FTP and TFTP as filesharing mechanisms

* supports exporting devices via iSCSI as an iSCSI target

* supports Active Directory or LDAP for user authentication

* support for UFS2 based volumes, including gmirror, gstripe, and graid3

* support for ZFS as the primary filesystem, enabling many features not available in UFS2 such as quotas, snapshots,compression, replication, and datasets for sharing subsets of volumes via CIFS

* upgrade procedure takes advantage of nanobsd by writing the OS to the “inactive” slice, allowing for an easy reversal ofan undesirable upgrade

* automatic system notifications about LSI RAID controller events (requires email service to be configured)

* django-driven graphical user interface

4. Known Issues

UPGRADES FROM FREENAS 0.7x ARE UNSUPPORTED: the system has no way to import configuration settings from 0.7versions of FreeNAS, but the volume importer should be able to handle volumes created with FreeNAS 0.7. Please note thatzpool upgrade is a one way street and upgraded volumes will not be usable with FreeNAS 0.7.x.

The ZFS upgrade procedure is non-reversable and must be run manually. Please do not upgrade your pools unless you areabsolutely sure you'll never want to go back to other systems. For clarity, zpool upgrade is a ONE-WAY street. There is noreversing it, and there is no way for a system with an older version of ZFS to access pools that have been upgraded.

The iSCSI target does not support a configuration reload meaning that changes to the configuration restart the daemon.

Disks with certain configs can get get probed by GEOM and become essentially unwritable without manual intervention. Forinstance, if you use disks that have previously had a geom_mirror on them the system may pick that up and the disks willbe unavailable until the existing gmirror is stopped and destroyed.

In a departure from FreeNAS 0.7 releases, the operating system drive can not be used as a component for a volume, nor canit be partitioned for sharing.

Some atom based systems with Realtek gigE interfaces have network performance issues with FreeBSD 8.2.

5. Hardware Requirements

Since FreeNAS 8.x is based on FreeBSD 8.2, it supports the same hardware found in the FreeBSD 8.2 HardwareCompatability List [http://www.freebsd.org/releases/8.2R/hardware.html]. In addition, support for 3ware 6bps RAID controllershas been added along with the CLI utility tw_cli for managing 3ware RAID controllers.

FreeNAS is meant to provide network attached storage. This means that the FreeNAS device will need a reliable networkconnection as well as sufficient disk(s) to hold the data that you wish to store.


2 de 39 13/05/2011 05:06 p.m.

The FreeNAS operating system is a “running” image. This means that it should not be installed onto a hard drive, but ratherto a USB or compact flash device that is at least 1 GB in size. Production systems often have these devices as internalstorage units. If you are using a PC system, you can instead use a USB thumb drive that is dedicated to the running imageand which stays inserted in the USB slot.

Unlike previous FreeNAS releases, the FreeNAS device contains multiple slices in order to hold multiple running images. Thisallows you to safely upgrade to a new image or to revert to an older image should you encounter problems. However, it alsomeans that the device it is installed into becomes “dedicated” to FreeNAS. You will not be able to use that device to storedata. For example, if you were to install FreeNAS onto a hard drive, the entire hard drive would become inaccesible,regardless of its size.

While there aren't any minimum RAM requirements (other than those needed by FreeBS 8.2), you will want lots of RAM ifyou are using ZFS. A minimum of 4 GB is considered to be a decent minimum. If you have limited RAM, you may wish to useUFS instead of ZFS. If you're in a production environment, you will probably have lots of RAM and can benefit from thefeatures provided by ZFS.

While FreeNAS does support UFS based volumes, such as gmirror, gstripe, and graid3, the primary focus is on ZFS. Many ofthe features are provided via ZFS datasets, such as the ability to share subsets of volumes via CIFS. This delta is likely toincrease over time, meaning that the compelling reasons to use ZFS are also likely to increase.

It is highly recommended to use ZFS for new volumes, even if the underlying device is a volume exported by a hardwareRAID controller.

6. Installing FreeNAS

6.1 Getting FreeNAS

FreeNAS 8.0 can be downloaded from the FreeNAS-8 Sourceforge page [http://sourceforge.net/projects/freenas/files/FreeNAS-8/].FreeNAS is available for 32 and 64 bit architectures.

The download page contains the following types of files:

* GUI_upgrade.xz : this is a compressed firmware upgrade image and requires a previous installation of FreeNAS 8.x. Ifyour intent is to upgrade FreeNAS, download the correct .xz file for your architecture and see the section on UpgradingFreeNAS.

* Full_Install.xz : this is a compressed image of the full image disk. For using this image, you need some Unix command lineknowledge and see the section on Installing the Full_install image

* iso: this is a bootable image that can be written to CDROM. It contains an ncurses menu-driven installer as well as theFreeNAS running image. This image is typically written to a USB or compact flash device. If you burn the ISO to a CDROMand boot from it, the installer will write the running image for you; this method is described in more detail in Installing fromCDROM. Alternately, you can mount the ISO and write the image yourself; this method is described in more detail inBurning the Running Image.

6.2 Installing from CDROM

If you prefer to install FreeNAS using a menu-driven installer, download the ISO image that matches the architecture of thesystem you will install onto (32 or 64 bit) and burn it to a CDROM.

Note: the installer on the CDROM will recognize if a previous version of FreeNAS 8.x is already installed, meaning theCDROM can also be used to upgrade FreeNAS. However, the installer can not perform an upgrade from a FreeNAS 7.xsystem.

Insert the CDROM into the system and boot from it. Once the media has finished booting, you will be presented with theconsole setup menu seen in Figure 6.2a:

Figure 6.2a: FreeNAS Console Setup

Press enter to select the default option of “1 Install/Upgrade to hard drive/flash device, etc.”. The next menu, seen in Figure6.2b, will list all available drives, including any inserted USB thumb drives:

Figure 6.2b: Selecting Which Drive to Install Into


3 de 39 13/05/2011 05:06 p.m.

Note: FreeNAS is designed to be a running image that resides on a USB drive or compact flash card. On a productionsystem, these devices are probably built-in. On a PC system, you will probably have to dedicate a USB thumb drive thatremains inserted. You don't want to remove the thumb drive as it is a “running” operating system. You also don't want toinstall FreeNAS onto a hard drive as you will lose access to the entire hard drive, regardless of its size. While you couldinstall an older, small drive to use for the operating system, these drives are less reliable (due to their age) and waste a diskslot. On a PC system, you're better off using a thumb drive and ensuring that it does not inadvertently get removed.

Once you make a selection and press enter, FreeNAS will issue the warning seen in Figure 6.2c:

Figure 6.2c: FreeNAS Warning on Why You Should Install onto USB Flash Drive

If you wish to install to a USB thumb drive and haven't inserted it already, you can still insert a USB thumb drive, use thetab key in this menu to highlight “No”, and press enter. This will return you to the Console Setup screen. If you press enter,your thumb drive should now be listed in the Drive Selection menu–it will begin with “da”.

Highlight the desired device to hold the running image and press enter. This time, press Yes.FreeNAS will extract therunning image from the ISO and transfer it to the device. Once the installation is complete, you should see the message inFigure 6.2d:

Figure 6.2d: FreeNAS Installation Complete

Press enter and you'll return to the first menu, seen in Figure 6.2a. Highlight “3 Reboot System” and press enter. Removethe CDROM. If you installed onto a USB thumb drive, leave the thumb drive inserted. Make sure that the device youinstalled to is listed as the first boot entry in the BIOS so that the system will boot from it. It should boot into the Consolesetup menu described in Initial Setup.

6.3 Installing the Full_Install Image

If your system does not have a CDROM or you prefer to manually write the running image to the device yourself, you stillneed to download the Full_Install.xz file.

Once you have downloaded the Full_Install.xz, use the dd command to transfer the xz image to an inserted USB thumbdrive or compact flash device. Example 6.3a demonstrates writing the image to the first USB device on a FreeBSD system.Substitute the filename on your ISO and the device name representing the device to write to on your system.

Example 6.3a: Writing the Full_Install Image to a USB Thumb Drive (/dev/da0 in this example: Be sure to selectYOUR USB drive)

xzcat FreeNAS-8.0-RELEASE-i386.Full_Install.xz | dd of=/dev/da0 bs=5k

122070+122071 records in

122070+122071 records out


4 de 39 13/05/2011 05:06 p.m.

1000000000 bytes transferred in 604.303943 secs (1654796 bytes/sec)

You now have a running image. Make sure the boot order in the BIOS is set to boot from the device containing the imageand boot the system. It should boot into the Console setup menu described in Initial Setup.

6.4 Initial Setup

The first time you reboot into FreeNAS, you will be presented with the Console Setup screen shown in Figure 6.4a:

Figure 6.4a: FreeNAS Console Setup Menu

NEED TO UPDATE IMAGE?

FreeNAS will automatically try to connect to a DHCP server on any live interfaces. If it successfully receives an IP address, itwill display what IP address can be used to access the graphical console. In the example seen in Figure 6.4a, the FreeNASsystem is accessible from http://192.168.56.101 [http://192.168.56.101].

If your FreeNAS server is not connected to a network with a DHCP server, you will need to manually configure the interfaceas seen in Example 6.4a. In this example, the FreeNAS system has one network interface (em0):

Example 6.4a: Manually Setting an IP Address from the Console Menu

Enter an option from 1-8: 1

1) em0

Select an interface (q to quit): 1

Configure interface for DHCP? (y/n) n

Configure IPv4? (y/n) y

Interface name: (press enter as can be blank)

Several input formats are supported

Example 1 CIDR Notation:

192.168.1.1/24

Example 2 IP and Netmask seperate:

IP: 192.168.1.1

Netmask: 255.255.255.0, or /24 or 24

IPv4 Address: 192.168.1.108/24

Saving interface configuration: Ok

Configure IPv6? (y/n) n

Restarting network: ok


5 de 39 13/05/2011 05:06 p.m.

You may try the following URLs to access the web user interface:

http://192.168.1.108 [http://192.168.1.108]

From another system with a graphical web browser, input the IP address for your FreeNAS installation. The graphical logonshould appear, as seen in Figure 6.4b:

Figure 6.4b: Logging into FreeNAS Using a Browser

Tip: If the graphical login does not appear, check that your browser configuration does not have any proxy settings enabled.If it does, disable them and try again.

Enter the initial login information:

Username: admin

Password: freenas

The main page will now be displayed, as seen in Figure 6.4c:

Figure 6.4c: FreeNAS Graphical Configuration Menu


6 de 39 13/05/2011 05:06 p.m.

The rest of this Quick Start Guide covers the options that are available in each of the GUI configuration icons:

* System

* Network

* Storage

* Sharing

* Services

* Account

6.5 Upgrading FreeNAS

NOTE: Before performing an upgrade you must always backup your configuration file, system disk, and all ofyour data.

UPGRADES FROM FREENAS 0.7x ARE STILL UNSUPPORTED: the system has no way to import configurationsettings from 0.7 versions of FreeNAS, nor is there any sort of volume importer yet that will preserve data onexisting volumes. Attempting to upgrade from 0.7 will result in the loss of your configuration and data.

Beginning with FreeNAS 8.0, FreeNAS supports two operating systems on the operating system device: the current“running” operating system and, if you have performed an upgrade, your previous version of the operating system. Whenyou upgrade, FreeNAS automatically backs up your configuration and preserves the initial operating system. This means thatit is easy to rollback to the previous version and its configuration should you experience a problem with the upgradedversion. The upgrade automatically configures the system to boot from the new operating system; a rollback configures thesystem to boot from the previous operating system.

There are 2 ways to upgrade a FreeNAS 8.x system: from the ISO or from the xz file. Both methods are described below.

6.5.1 Using the ISO


7 de 39 13/05/2011 05:06 p.m.


8 de 39 13/05/2011 05:06 p.m.

6.5.2 From the WebGUI using the .xz File

For upgrading FreeNAS from the GUI you need:

The *.GUI_upgrade.xz image file that matches your architecture; download this file to the system you use to accessthe FreeNAS system.

1.

The SHA256 Hash corresponding to the image file from the ReleaseNotes2.

Do not decompress the .xz file !

Go to System → Settings → Firmware Upgrade as shown in Figure 6.5.2a:

Figure 6.5.2a: Upgrading FreeNAS From the GUI

Use the drop-down menu to select a volume to temporarily place the firmware file during the upgrade, then click the Updatebutton. You will be prompted to browse to the location of the downloaded .xz file and to paste the SHA256 sum. Whenfinished, click the Update button which will change to Please Wait while the upgrade is in progress. When the upgrade isfinished, you will receive a “You have successfully uploaded a firmware!” message.

NOTE: the upgrade is not “complete” until you click Reboot and reboot the system. During the reboot all connections to theFreeNAS server will be disconnected, including your GUI session. Wait a moment or so for the system to reboot, then tryreconnecting to the URL of the FreeNAS system. If all went well, you will be prompted to login and the System Informationtab should show the new release information.

6.5.3 Behind the Scenes

The GUI upgrade runs these commands:

cd /usr/local/www/freenasUI

python manage.py migrate

If the upgrade is successful, it touches a sentinel file, the presence of which runs the database upgrade.

7. System Configuration

The System icon contains three tabs:

ReportingSettingsSystem Information

Each of these tabs are described in more detail below.

7.1 Reporting

If you click the Reporting tab, five graphs will load as seen in the example in Figure 7.1a:


9 de 39 13/05/2011 05:06 p.m.

Figure 7.1a: Reporting Graphs Showing the Load on the System

The graphs will display the current CPU usage, physical memory utilization, system load, swap utilization, and processes.Graphs refresh every 10 minutes. Reporting data is also saved, allowing you to view and monitor usage trends hourly, daily,weekly, monthly, and yearly.

7.2 Settings

The Settings tab, shown in Figure 7.2a, contains 6 tabs: General, Advanced, Email, SSL, Firmware Update, and Config.

Figure 7.2a: Settings Tab

Table 7.2a summarizes the settings that can be configured using the General tab:

Table 7.2a: General Tab's Configuration Settings

Setting Value Description


10 de 39 13/05/2011 05:06 p.m.

Protocol HTTP or HTTPS protocol to use when connecting to the administrative GUI from a browser

Language drop-down menu select the localization from the drop-down menu; currently, only English is supported

Timezone drop-down menu select the timezone from the drop-down menu

NTP server string input the IP address or name of up to 3 NTP servers; options from ntp.conf(5) such as “iburst maxpoll 9” can be included

The Advanced tab allows you to set some miscellaneous settings on the FreeNAS system. The configurable settings aresummarized in Table 7.2b:

Table 7.2b: Advanced Tab's Configuration Settings


Enable Console Menu checkbox

Use Serial Console checkbox

Enable screen saver checkbox

Beep on boot checkbox controls boot0cfg(8) behaviour

Enable powerd (Power Saving Daemon) checkbox

Swap size non-zero integer representing GiB affects new disks only

Show console messages in the footer checkbox requires UI reload

MOTD banner string input the message you wish to be seen when user logs in via SSH

The Email tab is used to configure the email settings on the FreeNAS system. Table 7.2c summarizes the settings that canbe configured using the Email tab:

Table 7.2c: Email Tab's Configuration Settings


From email string the email address to be used when sending email notifications

Outgoing mail server string or IPaddress

Port to connect to integer SMTP port number, typically 25, 465 (secure SMTP), or 587 (submission)

TLS/SSL plain, SSL, or TLS encryption type

Use SMTPAuthentication checkbox

Username string

Password string

Send Test Mail clickable button uses the saved email settings; it can't be used to test new settings before they are saved so click the OKbutton first.

If the FreeNAS system has been set to use HTTPS for browser connections, input the SSL certificate information using theSSL tab. Table 7.2d summarizes the settings that can be configured using the SSL tab:

Table 7.2d: SSL Tab's Configuration Settings


Organization string optional

Organizational Unit string optional

Email Address string optional

Locality string optional

State string optional

Country string optional

Common Name string optional

SSL Certificate string paste the SSL certificate into the box

In the Firmware Update tab, use the drop down menu to set the temporary location of the firmware file. Refer to UpgradingFreeNAS for upgrade instructions.

Table 7.2e summarizes the options that are available in the Config tab:

Table 7.2e: Config Tab Options

Option Description

Restore to Factory Defaults replaces current configuration with the factory default

Save Config allows you to browse to location to save current configuration

Upload Config allows you to browse to location of saved configuration file

NOTE: If you intend to recreate volumes and restore the default configuration, delete the volumes first in Storage →Volumes.

7.3 System Information

The system information tab will display general information about the FreeNAS system. The information includes thehostname, underlying FreeBSD version, type of CPU (platform), the current system time, the system's uptime, the currentload average, and the FreeNAS build version.


11 de 39 13/05/2011 05:06 p.m.

8. Network Configuration

The Network Settings tab contains several tabs for viewing and configuring the FreeNAS system's network settings: GlobalConfiguration, Network Summary, Interfaces, Link Aggregation, Static Routes, and VLANs. Each of these tabs is described inmore detail below.

8.1 Global Configuration

The global configuration tab allows you to set the non-interface specific network settings.

Table 8.1a summarizes the settings that can be configured using the Global Configuration tab:

Table 8.1a: Global Configuration Settings


Hostname string system host name

Domain string system domain name

IPv4 Default Gateway IP address

IPv6 Default Gateway IP address

Nameserver 1 IP adress primary name server

Nameserver 2 IP address secondary name server

Nameserver 3 IP address tertiary name server

8.2 Network Summary

The Network Summary tab allows you to quickly view the addressing information of every configured interface. It will showthe interface name, IP address, DNS server(s), and default gateway.

8.3 Interfaces

The interfaces tab allows you to view which interfaces have been configured, to add an interface to configure, and to edit aninterface's current configuration. An example configuration, with the Edit page open, can be seen in Figure 8.3a:

Figure 8.3a: Editing an Interfaces Configuration

Table 8.3a summarizes the configuration options when you Add or Edit an interface:

Table 8.3a: Interface Configuration Settings


NIC interface name appears when add an interface; select the device name from the drop-down menu


12 de 39 13/05/2011 05:06 p.m.

Int interface string appears when edit interface; read-only field

Interface Name string same as interface name or can change to a useful description

DHCP checkbox requires manual configuration if unchecked

IPv4 Address IP address set if DHCP unchecked

IPv4 Netmask select from drop-down menu

Auto configure IPv6 checkbox requires manual configuration if unchecked and wish to use IPv6

IPv6 Address IPv6 address

IPv6 Netmask select from drop-down menu

Options string parameters from ifconfig(8), for example: mtu 9000

8.4 Link Aggregations

FreeNAS uses FreeBSD's lagg(4 [http://www.freebsd.org/cgi/man.cgi?query=lagg&apropos=0&sektion=0&manpath=FreeBSD+8.2-RELEASE&format=html]) interface to provide link aggregation and link failover. The lagg interface allows aggregation ofmultiple network interfaces as one virtual lagg interface for the purpose of providing fault-tolerance and high-speed links.

The lagg driver currently supports the following aggregation protocols. The protocols determine which ports are used foroutgoing traffic and whether a specific port accepts incoming traffic. The interface link state is used to validate if the port isactive or not.

Failover: the default protocol. Sends traffic only through the active port. If the master port becomes unavailable, the nextactive port is used. The first interface added is the master port; any interfaces added after that are used as failover devices.By default, received traffic is only accepted when received through the active port. This constraint can be relaxed by settingthe net.link.lagg.failover_rx_all sysctl(8) variable to a nonzero value, which is useful for certain bridged network setups.

FEC: supports Cisco EtherChannel. This is a static setup and does not negotiate aggregation with the peer or exchangeframes to monitor the link.

LACP: supports the IEEE 802.3ad Link Aggregation Control Protocol (LACP) and the Marker Protocol. LACP will negotiate aset of aggregable links with the peer in to one or more Link Aggregated Groups. Each LAG is composed of ports of the samespeed, set to full-duplex operation. The traffic will be balanced across the ports in the LAG with the greatest total speed, inmost cases there will only be one LAG which contains all ports. In the event of changes in physical connectivity, LinkAggregation will quickly converge to a new configuration. Note that LACP will need to be configured on the switch as well.

Load Balance: balances outgoing traffic across the active ports based on hashed protocol header information and acceptsincoming traffic from any active port. This is a static setup and does not negotiate aggregation with the peer or exchangeframes to monitor the link. The hash includes the Ethernet source and destination address, and, if available, the VLAN tag,and the IP source and destination address.

Round Robin: distributes outgoing traffic using a round-robin scheduler through all active ports and accepts incoming trafficfrom any active port.

None: this protocol is intended to do nothing: it disables any traffic without disabling the lagg interface itself.

NOTE: The FreeNAS system will need to be rebooted after the lagg device is configured. Since you will lose TCP accessduring the reboot, you will need to have console access to the FreeNAS system.

Figure 8.4a shows the configuration options when adding a lagg interface:

Figure 8.4a: Adding a lagg Interface


13 de 39 13/05/2011 05:06 p.m.

Select the desired aggregation protocol and highlight the interfaces to associate with the lagg device.

Once the lagg device has been created, click its Edit Interface button. You can now sets its IP addressing information asdescribed in Table 8.3a.

If you click a lagg device's Edit Members button, then the Edit button under the Action column, you can configure theoptions shown in Table 8.4a:

Table 8.4a: Configuring a lagg Device's Membership


LAGG Interface group

LAGG Priority Number integer

Physical NIC

Options

8.5 Static Routes

This screen allows you to add and view all static routes. If you click “Add Static Route” you will see the screen shown inFigure 8.5a:

Figure 8.5a: Adding a Static Route

The destination network and gateway fields are mandatory; the description field is optional.

If you add any static routes, they will show in “View All Static Routes”. Each route will have an action of Edit or Delete.

8.6 VLANs

FreeNAS uses FreeBSD's vlan(4) interface to demultiplex frames with IEEE 802.1q tags. This allows nodes on differentVLANs to communicate through a layer 3 switch or router. A vlan interface must be assigned a parent interface and anumeric VLAN tag. A single parent can be assigned to multiple vlan interfaces provided they have different tags. If you click


14 de 39 13/05/2011 05:06 p.m.

“Add VLAN”, you will see the screen shown in Figure 8.6a:

Figure 8.6a: Adding a VLAN

Table 8.6a describes the various fields:

Table 8.56: Adding a VLAN


Virtual Interface vlanX where X is a number representing the interface

Parent Interface select from drop down menu usually an Ethernet card connected to a properly configured switch port

VLAN Tag integer should match a numeric tag set up in the switched network

Descripton string optional

NOTE: VLAN tagging is the only 802.1Q feature that is implemented. Additionally, not all Ethernet interfaces support fullVLAN processing–see the HARDWARE section of vlan(4) for details.

9. Storage Configuration

The Storage tab contains allows you to create periodic ZFS snapshots, replicate ZFS file systems, and to create, import, andview volumes. These functions are described in more detail below.

9.1 Periodic Snapshot Tasks

FreeNAS ZFS volumes support snapshots, a read-only version of a file system or volume at a given point in time. Snapshotscan be created quickly and initially consume no additional space within the pool. As data within the active dataset changes,the snapshot consumes more data than would otherwise be shared with the active dataset. Snapshots of volumes can becloned or rolled back, but cannot be accessed independently. Snapshots are automatically mounted on demand and may beunmounted at regular intervals.

Before you can create a snapshot, you need to have an existing ZFS volume–these can be created in Storage → Volumes →Create Volume as described in the next section.

To create a ZFS snapshot, click Add Periodic Snapshot Task which will open the screen shown in Figure 9.1a:

Figure 9.1a: Creating a ZFS Periodic Snapshot

Table 9.1a summarizes the fields in this screen:


15 de 39 13/05/2011 05:06 p.m.

Table 9.1a: Options When Creating a Periodic Snapshot


MountPoint select from drop down menu mount point of existing ZFS volume

Recursive checkbox recursive snapshots are created as one atomic operation across descendentfile systems

Lifetime integer and time interval (e.g. hours, days) from dropdown menu how long to keep the snapshot

Begin time from drop down menu time of first snapshot for selected Lifetime

End time from drop down menu time of last snapshot for selected Lifetime

Interval drop down menu how often to take snapshot between Begin and End times

Weekday checkboxes which days of the week to take snapshots

Once you click the OK button, a snapshot will be taken and this task will be repeated according to your settings. If you clickView All Snapshots, you will see a listing of available snapshots as seen in the example in Figure 9.1b:

Figure 9.1b: Viewing Available Snapshots

The icons associated with each snapshot entry all you to:

* Clone snapshot: you will be prompted to name the clone. Note that the clone must exist on the same volume. Whilesnapshots are read-only, a clone is a writable volume or file system whose initial contents are the same as the snapshot. Aswith snapshots, creating a clone is nearly instantaneous, and initially consumes no additional space.

* Destroy snapshot: you will be prompted to verify this action before the snapshot is deleted from the volume.

* Rollback snapshot: you will be prompted to verify this action. When a snapshot is rolled back, all data that has changedsince the snapshot was taken is discarded, and the dataset reverts to the state at the time of the snapshot.

9.2 Replication Tasks

ZFS supports replication stream packages which replicate on a remote host the specified filesystem, and all descendent filesystems, up to the named snapshot. All properties, snapshots, descendent file systems, and clones are preserved to theremote system. This allows you to recreate the data on one system to another system. The remote system must beformatted for ZFS and be configured for SSH key based authentication.

To replicate a filesystem, click Add Replication Task which will open the screen shown in Figure 9.2a:

Figure 9.2a: Adding a Replication Task


16 de 39 13/05/2011 05:06 p.m.

Table 9.2a summarizes the options in this screen:

Table 9.2a: Adding a Replication Task


Mount Point drop-down menu the filesystem to be replicated

Remote ZFS filesystem string name of an existing filesystem in the format poolname/filesystem

Remote hostname string IP address or DNS name of remote system

Remote hostkey string mandatory; paste the public key to be used for key based authentication

View All Replication Tasks will list an entry for each created task. Each entry has an icon to delete the replication task or toedit a replication task's options.

9.3 Volumes

As seen during the installation of FreeNAS 8.x, the disks containing the stored data are separate from the FreeNASoperating system. This means that you don't actually have a NAS (network attached storage) system until you create atleast one volume. FreeNAS supports both UFS and ZFS volumes. However, ZFS volumes are recommended to get the mostout of your FreeNAS 8 system.

If you click on Create Volumes, you will see a screen similar to the example shown in Figure 9.3a. In this example, there are4 attached disk drives and the user has selected ZFS which opens the ZFS Extra portion of the screen.

Figure 9.3a: Creating a ZFS Volume

Table 9.3a summarizes the configuration options of this screen:

Table 9.3a: Options When Creating a ZFS Volume


Volumename string

if an existing volume name is specified, the volume being created will be added to the existing volume as a stripe.This allows for complex volumes such as RAID 10, RAIDZ+0, RAIDZ2+0, RAIDZ3+0. The top level group is implicitly astripe and there is no provision to build a mirror of mirrors, a RAIDZ of mirrors, or a mirror of RAIDZs.

Memberdisks

check fromavailable disk(s)

Filesystemtype button selection UFS or ZFS

ZFS extrabutton selectionfor each availabledisk

only available when select ZFS. Choose from: None, Log, Cache, Spare


17 de 39 13/05/2011 05:06 p.m.

Add Volume click when finished IMPORTANT: creating a volume destroys all existing data on selected disk(s)

Once a volume is created, it will be listed by its mount point name–in this example as /mnt/volume1. If you expand themount point, you have the option to Change Permissions. If you click that option, you will see the screen in Figure 9.3b:

Figure 9.3b: Changing a Volume's Permissions

Here you can use the drop down menus to change the volume owner and group, use the checkboxes to select read/write/execute permissions, and decide whether or not to apply the changes recursively to all of the directories within the volume.

If you click Create ZFS Dataset, you will see the screen shown in Figure 9.3c:

Figure 9.3c: Creating a ZFS Dataset

Table 9.3a summarizes the options available when creating a ZFS dataset:

Table 9.3a: ZFS Dataset Options


Volume drop-downmenu select desired volume

Dataset Name string

Compression Level drop-downmenu

choose from: inherit, off, lzjb (optimized for performance while providing decent data compression), gzip level6, gzip fastest (level 1), gzip maximum (level 9, best compression but slow)

Enable atime inherit, on,or off

controls whether the access time for files is updated when they are read. Turning this property off avoidsproducing write traffic when reading files and can result in significant performance gains, though it mightconfuse mailers and other similar utilities.

Quota for dataset integer

Quota for dataset andchildren integer

Reserved space fordataset integer

Reserved space fordataset and children integer

A ZFS dataset is identified by a unique path within the ZFS namespace. A dataset can be a filesystem or a snapshot. A


18 de 39 13/05/2011 05:06 p.m.

storage pool contains datasets that share the same space.

If you click Import Volume, you'll see the screen shown in Figure 9.3d:

Figure 9.3d: Importing a Volume

If you click View All Volumes, you can view and further configure each volume, as seen in the example shown in Figure9.3e:

Figure 9.3e: Viewing Volumes

The four icons towards the top of the right frame allow you to: create another volume, create a ZFS dataset, import avolume, and auto import a volume.

The five icons associated with a ZFS volume entry allow you to: destroy the volume (and all of its data), edit the volume'sZFS options, change the volume's permissions, create a ZFS snapshot, and view the disks associated with the volume. If youclick the View Disks icon → Edit, you'll see the screen shown in Figure 9.3f:

Figure 9.3f: Editing a Volume's Disk Options


19 de 39 13/05/2011 05:06 p.m.

Table 9.3b summarizes the configurable options:

Table 9.3b: Editable Options for a Volume's Disk


Description string by default will show name of volume

Transfer Mode drop-downmenu default is auto, can also specify transfer mode used by hardware

HDD Standby drop-downmenu default is always on, can specify

Advanced Power Management drop-downmenu

Acoustic Level drop-downmenu

default is disabled, can be modified for disks that understand AAM [http://en.wikipedia.org/wiki/Automatic_acoustic_management]

Enable S.M.A.R.T [http://en.wikipedia.org/wiki/S.M.A.R.T.]

checkbox on by default

S.M.A.R.T extra options string

Group Membership drop-downmenu

10. Sharing Configuration

Once you create your volume(s), you can start to store data on them. Typically, this data is meant to be available to userson remote systems. FreeNAS supports data sharing for computers running the following operating systems: Macintosh, Unix(e.g. BSD or Linux), and Windows. This section will demonstrate how to configure FreeNAS sharing. Shares will appear aslocal filesystems on the supported operating systems.

10.1 Apple Shares

FreeNAS uses AFP (Apple Filing Protocol) to share data with Apple systems. If you click Apple Shares → Add Apple Share,you will see the screen shown in Figure 10.1a:

Figure 10.1a: Creating an Apple Share


20 de 39 13/05/2011 05:06 p.m.

Table 10.1a summarizes the available options when creating an Apple share:


Name string volume name that will appear in the Mac computer's “connect to server”dialog. Limited to 27 characters and can not contain a period.

Share Comment string

Volume Path drop-downmenu select volume to share

Share password string recommended. Maximum of 8 characters

Share Character Set [http://en.wikipedia.org/wiki/Charset] string examples include UTF8 and ISO–8859-15

Allow List string comma delimited list of allowed users and/or groups where groupnamebegins with a @

Deny List string comma delimited list of denied users and/or groups where groupname beginswith a @

Read-only Access string comma delimited list of users and/or groups who only have read accesswhere groupname begins with a @

Write-write Access string comma delimited list of users and/or groups who have read and write accesswhere groupname begins with a @

Disk Discovery check box

Disk discovery mode drop-downmenu default or Time Machine (Apple's backup utility)

Database Path string

Cache CNID checkbox a CNID is a tag used by iTunes to identify an item such as a song or movie

Translate CR/LF checkbox

Windows File Names checkbox check this box if Windows clients get filename errors when accessing theApple share

No .AppleDouble [http://en.wikipedia.org/wiki/AppleSingle_and_AppleDouble_formats]

checkbox only check this box if all clients natively support resource forks (e.g. are allApple clients)

Zero Device Numbers checkbox

Disable File ID checkbox

Disable :hex Names checkbox

ProDOS checkbox

No Stat checkbox

AFP3 Unix Privs checkbox do not enable if have Mac OSX 10.4 clients as they do not support this

After creating your Apple share(s), don't forget to enable and configure the AFP service in Services → Control Services.

Mac OS X users can then connect to the share(s) using “Connect to Server…” from the Go menu in the Finder. This will openthe screen shown in Figure 10.1b:

Figure 10.1b: Connect to Server Dialog


21 de 39 13/05/2011 05:06 p.m.

In the Server Address box, use the format shown in this example but replace “freenas.example.com” with the DNS name orIP address of the FreeNAS system. Click the Connect button and a login box, seen in Figure 10.1c, will appear. Enter a validusername and password to authenticate.

Figure 10.1c: Authenticating to the AFP Share

If authentication is successful, a Finder window will appear with the contents of the shared volume, as seen in the examplein Figure 10.1d:

Figure 10.1d: Viewing the Contents of the Share From a Mac System


22 de 39 13/05/2011 05:06 p.m.

To disconnect from the volume, click the eject button (where the cursor appears in Figure 10.1d) in the Shared sidebar.

10.2 UNIX Shares

FreeNAS uses NFS to share volumes with Unix-like operating systems. If you click UNIX Shares → Add UNIX Share you'll seethe screen shown in Figure 10.2a:

Figure 10.2a: Creating a UNIX Share

Table 10.2a summarizes the options in this screen.

Table 10.2a: UNIX Share Options


Comment string optional

Volume Path drop-downmenu select volume to share

Authorizednetwork string comma delimited list of allowed IP addresses and/or network addresses in the form 1.2.3.0/24 where the number

after the slash is the CIDR mask

All directories checkbox allows the host(s) to mount at any point within the volume's file system

Read only checkbox prohibits writing to the volume

Quiet checkbox inhibits some syslog diagnostics which can be useful to avoid annoying error messages for known possibleproblems; see exports(5) for examples

Maproot User drop-downmenu the specified user is used for remote access by root


23 de 39 13/05/2011 05:06 p.m.

Maproot Group drop-downmenu the specified group is used for remote access by root

Mapall User drop-downmenu the specified user is used for remote access by all client UIDs

Mapall Group drop-downmenu the specified group is used for remote access by all client UIDs

After creating your UNIX share(s), don't forget to enable and configure the NFS service in Services → Control Services.

10.3 Windows Shares

FreeNAS uses Samba to share volumes with Microsoft operating systems. If you click Windows Shares → Add Windows Shareyou'll see the screen shown in Figure 10.3a:

Figure 10.3a: Adding a Windows Share

Table 10.3a summarizes the options when creating a Windows share:

Table 10.3a: Options for a Windows Share


Name string mandatory


Path drop-downmenu select volume to share

Export Read Only checkbox prohibits write access to the volume

Browsable to NetworkClients checkbox enables Windows clients to browse the shared directory using Windows Explorer

Inherit Permissions checkbox if checked, permissions on new files and directories are inherited from parent directory

Export Recycle Bin checkbox deleted files are moved to a recycle directory instead of being deleted

Show Hidden Files checkbox

Guest Account drop-downmenu account to use for guest access

Allow Guest Access checkbox

Only Allow GuestAccess checkbox forces guest access

Hosts Allow string comma, space, or tab delimited list of allowed hostnames or IP addresses

Hosts Deny string comma, space, or tab delimited list of denied hostnames or IP addresses. Allowed hosts take precedence socan use ALL here and specify allowed hosts in Hosts Allow

Auxiliary Parameters string add additional smb.conf parameters not covered by other option fields

After creating your Windows share(s), don't forget to enable and configure the Active Directory or CIFS service in Services→ Control Services.

11. Services Configuration

The Services section of the GUI allows you to configure the various services that ship with the FreeNAS system.

11.1 Control Services


24 de 39 13/05/2011 05:06 p.m.

The Control Services screen, shown in Figure 11.1a, allows you to quickly determine which services are currently running,enable/disable services, and configure services.

Figure 11.11a: Control Services

To enable/disable a service, click its on/off icon.

To configure a service, click the wrench icon associated with the service. The configuration options for each service aredescribed in the rest of this section.

11.2 AFP

The Apple Filing Protocol (AFP) is a network protocol that offers file services for Mac computers. Enabling this service willopen the following ports on the FreeNAS system:

* TCP 548 (afpd)

* TCP 4799 (cnid_metadata)

* UDP 5353 and a random UDP port (avahi)

Figure 11.2a shows the configuration options which are described in Table 11.2a:

Figure 11.2a: AFP Configuration

Table 11.2a: AFP Configuration Options


Server Name string server name that will appear to Mac clients. If empty, will use the default server name of freenas

Guest Access checkbox

Guest Account drop-down menu select account to use for guest access

Local Access checkbox

Enable DDP checkbox


25 de 39 13/05/2011 05:06 p.m.

11.3 Active Directory

Active Directory (AD) is a service for sharing resources in a Windows network. It requires a configured system that isrunning at least Windows Server 2000. If you wish to share your FreeNAS data with Windows systems in a network thatdoes not have a Windows server running AD, enable and configure CIFS instead. If your network does have a Windowsserver running AD, configuring the Active Directory service on the FreeNAS system means that users can authenticate tothe Windows server and be authorized to access the data stored on the FreeNAS system.

NOTE: your FreeNAS system may not show up in Active Directory until you add a DNS record for the FreeNAS system onthe Windows server.

Figure 11.3a shows the Active Directory Configuration screen and Table 11.3a describes the configurable options:

Figure 11.3a: Configuring Active Directory

Table 11.3a: Active Directory Configuration Options


Domain Controller Name string Windows server's AD or PDC name

Domain Name string name of Windows server's DNS realm

Host Name string NETBIOS name of Windows server (for older Microsoft clients)

Workgroup Name string name of Windows server's workgroup (for older Microsoft clients)

Administrator Name string

Administrator Password string

Windows Version drop-down menu currently Windows Server 2000 or 2003

11.4 CIFS

The Common Internet File System (CIFS) is a network protocol that offers file services for (typically) Windows computers.FreeNAS uses Samba [http://www.samba.org] to provide CIFS capability without the need for a Windows server in thenetwork. Unix-like systems that provide a CIFS client [http://www.samba.org/samba/GUI/] can also connect to CIFS shares.

Enabling this service will open the following ports on the FreeNAS system:

* TCP 139 (smbd)

* TCP 445 (smbd)

* UDP 137 (nmbd)

* UDP 138 (nmbd)

Figure 11.4a shows the configuration options which are described in Table 11.4a. This configuration screen is really afront-end to smb.conf [http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html].

Figure 11.4a: Configuring CIFS


26 de 39 13/05/2011 05:06 p.m.

Table 11.4a: CIFS Configuration Options


Authentication Model drop-downmenu anonymous or local user (user account has to exist on FreeNAS system)

NetBIOS Name string used by client to connect

Workgroup string used by client to connect

Description string optional

DOS Charset drop-downmenu

the charset Samba uses when communicating with DOS and Windows 9x/Me clients; it will use Unicode fornewer clients

UNIX Charset drop-downmenu default is UTF-8, which is fine for most systems and covers all characters in all languages

Log Level drop-downmenu

Local Master checkbox determines whether or not the FreeNAS system participates in a browser election in order to try and become alocal master browser on a subnet

Time Server checkbox determines whether or not the FreeNAS system advertises itself as a time server to Windows clients

Guest Account drop-downmenu account to be used for guest access

Allow guest access checkbox

Only allow guest access checkbox

File mask integer overrides default file creation mask of 0666

Directory mask integer overrides default directory creation mask of 0777

Large RW support checkbox determines whether or not the FreeNAS system supports 64k streaming read/write requests introduced withWindows 2000 and which can improve performance by 10% with Windows 2000 clients

Send files withsendfile(2) checkbox newer Windows versions support the more efficient sendfile system call, making more efficient use of the

system CPU's and causing Samba to be faster

EA Support checkbox enables extended attributes

Support DOS FileAttributes checkbox allows a user who has write access to a file to modify the permissions, even if not the owner of the file

Allow Empty Password checkbox

Auxiliary parameters string smb.conf options not covered elsewhere in this screen

Enable home directories checkbox

Enable home directoriesbrowsing checkbox

Home directories drop-downmenu select volume containing user home directories

Enable AIO checkbox enables asyncrynous I/O

Minimal AIO read size integer if set to non-zero value, Samba will read from file asynchronously when size of request is bigger than thisvalue in bytes

Minimal AIO write size integer if set to non-zero value, Samba will write from file asynchronously when size of request is bigger than thisvalue in bytes

11.5 Dynamic DNS

Dynamic DNS (DDNS) is useful if your FreeNAS system is connected to an ISP that periodically changes the IP address of thesystem. With dynamic DNS, the system can automatically associate its current IP address with a domain name, allowing youto access the FreeNAS system even if the IP address changes. DDNS requires you to register with a DDNS service such asDynDNS [http://www.dyndns.com/].

Figure 11.5a shows the DDNS configuration options:


27 de 39 13/05/2011 05:06 p.m.

Figure 11.5a: Configuring DDNS

Table 11.5a summarizes the configuration options. The values you need to input will be given to you by the DDNS provider.

Table 11.5a: DDNS Configuration Options


Provider drop-down menu several providers are supported

Domain name string

Username string

Password string

Update period integer in milliseconds

Forced update period integer

Auxiliary parameters string any values the provider needs that aren't covered elsewhere in this screen

11.6 FTP

FreeNAS allows you to configure an FTP server so that users can browse and download data using their web browser or FTPclient software. FTP is considered to be an insecure protocol so it should not be used to transfer sensitive files.

Figure 11.6a shows the configuration screen for FTP:

Figure 11.6a: Configuring FTP

Table 11.6a summarizes the available options when configuring the FTP server:

Table 11.6a: FTP Configuration Options



28 de 39 13/05/2011 05:06 p.m.

Port integer port to use for connection requests

Clients integer maximum number of simultaneous clients

Connections integer maximum number of connections per IP address where 0 means unlimited

Login Attempts integer maximum number of attempts before client is disconnected

Timeout integer maximum client idle time in seconds before client is disconnected

Allow Root Login checkbox discouraged as increases security risk

Allow Anonymous Login checkbox allows anyone to browse the data

Path drop-downmenu root directory of FTP server

Allow Local User Login checkbox required if anonymous is disabled

Banner string message users see when access FTP server, if left empty it will show theversion of FTP

File Permission checkboxes

Directory Permission checkboxes

Enable FXP [http://en.wikipedia.org/wiki/File_eXchange_Protocol]

checkbox discouraged as vulnerable to FTP bounce attacks

Allow Transfer Resumption checkbox if transfer is interrupted, server will resume transfer at last known point

Always Chroot checkbox forces users to stay in their home directory (always true for anonymous)

Require IDENT Authentication checkbox will result in timeouts if identd is not running on the client

Require Reverse DNS for IP checkbox will result in timeouts if there isn't a DNS record for the client's hostname

Masquerade address IP address use if FTP clients can not connect through a NAT device

Minimum passive port integer to be used by clients in PASV mode, default of 0 means any port above 1023

Maximum passive port integer to be used by clients in PASV mode, default of 0 means any port above 1023

Local user upload bandwidth integer in KB/s, default of 0 means unlimited

Local user download bandwidth integer in KB/s, default of 0 means unlimited

Anonymous user upload bandwidth integer in KB/s, default of 0 means unlimited

Anonymous user download bandwidth integer in KB/s, default of 0 means unlimited

Enable SSL/TLS checkbox enables encrypted connections; you will need to configure the certificate inSettings → SSL

Auxiliary parameters string include ftpd(8) parameters not covered elsewhere in this screen

11.7 LDAP

FreeNAS includes an OpenLDAP [http://www.openldap.org/] client for accessing information from an LDAP server. An LDAPserver provides directory services for finding resources, such as users and their associated permissions, in a network.Examples of LDAP servers include Microsoft Server (2000 and newer), Mac OS X Server, Novell eDirectory, and OpenLDAPrunning on a BSD or Linux system. If an LDAP server is running on your network, you should configure the FreeNAS LDAPclient so that the network's users can authenticate to the LDAP server and thus be provided authorized access to the datastored on the FreeNAS system.

Figure 11.7a shows the LDAP Configuration screen:

Figure 11.7a: Configuring LDAP

Table 11.7a summarizes the available configuration options:

Table 11.7a: LDAP Configuration Options



29 de 39 13/05/2011 05:06 p.m.

Hostname hostname or IPaddress of LDAP server

Base DN integer top level of the LDAP directory tree to be used when searching for resources

Allow AnonymousBinding checkbox instructs LDAP server to not provide authentication and to allow read/write access to any client

Root bind DN string used to bind with the LDAP server for administrative write access to the LDAP directory to change someattributes of an LDAP entry, such as a user's password

Root bind password string used for administrative write access on the LDAP server

Password Encryption drop-down menu select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, exop

User Suffix string optional, can be added to name when user account added to LDAP directory (e.g. dept. or company name)

Group Suffix string optional, can be added to name when group added to LDAP directory (e.g. dept. or company name)

Password Suffix string optional, can be added to password when password added to LDAP directory

Machine Suffix optional can be added to name when system added to LDAP directory (e.g. server, accounting)

Turn on/off TLS

Self signedcertificate string

Auxiliary Parameters string LDAP options, one per line, not covered by other options in this screen

11.8 NFS

Network File System (NFS) is a protocol for sharing files on a network. If you configure your FreeNAS system as a NFSserver, it will open the following ports:

* TCP 111 (rpcbind)

* TCP 2049 (nfsd)

* UDP 111 (rpcbind)

Additionally, mountd and rpcbind will each bind to a randomly available UDP port.

Figure 11.8a shows the configuration screen and Table 11.8a summarizes the configuration options:

Figure 11.8a: Configuring NFS

Table 11.8a: NFS Configuration Options


Number of servers integer should match expected number of concurrent clients

Asynchronous mode checkbox speeds up data access but may result in corruption if a transfer is interrupted

11.9 SNMP

SNMP (Simple Network Management Protocol) is a protocol used to monitor network-attached devices for conditions thatwarrant administrative attention. FreeNAS can be configured as a bsnmpd(8) server where bsnmp is FreeBSD's simple andextensible SNMP daemon. If you enable SNMP, the following port will be enabled on the FreeNAS system:

* UDP 161 (bsnmpd listens here for SNMP requests)

Figure 11.8a shows the SNMP configuration screen and Table 11.9a summarizes the configuration options:

Figure 11.8a: Configuring SNMP


30 de 39 13/05/2011 05:06 p.m.

Table 11.8a: SNMP Configuration Options


Location string optional description of FreeNAS system's location

Contact string optional e.g. email address of FreeNAS administrator

Community string password used on the SNMP network, default is public

Send SNMP Traps checkbox a trap is an event notification message

Auxiliary Parameters string additional bsnmpd(8) options not covered in this screen, one per line

11.10 SSH

Secure Shell (SSH) allows for files to be transferred securely over an encrypted network. If you configure your FreeNASsystem as an SSH server, the computers in your network will need to run SSH client software [http://en.wikipedia.org/wiki/Comparison_of_SSH_clients] in order to transfer files using SSH. By default, enabling SSH will open TCP port 22 unlessyou specify otherwise in the configuration screen.

Figure 11.10a shows the SSH configuration screen and Table 11.10a summarizes the configuration options:

Figure 11.10a: SSH Configuration

Table 11.10a: SSH Configuration Options


TCP Port integer port to open for SSH connection requests, 22 by default

Login as Root withpassword checkbox for security reasons, root logins are discouraged

Allow PasswordAuthentication checkbox if unchecked, only accepts key based authentication which is more secure but requires additional setup

[http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html] on both the SSH client and server

Allow TCP PortForwarding checkbox allows users to bypass firewall restrictions using SSH's port forwarding feature [http://www.symantec.com/connect/articles

/ssh-port-forwarding]

Compress Connections checkbox may reduce latency over slow networks

Host Private Key string

Extra Options string additional sshd_config(5) options not covered in this screen, one per line

11.11 TFTP

Trivial File Transfer Protocol (TFTP) is a light-weight version of FTP usually used to transfer configuration or boot filesbetween machines, such as routers, in a local environment. TFTP is extremely limited, providing no authentication, and israrely used interactively by a user. If you enable TFTP on your FreeNAS server, it will open UDP port 69. An example wherethis is useful is when you wish to store all of the images and configuration files for your network's devices on the FreeNASsystem.

Figure 11.11a shows the TFTP configuration screen and Table 11.11a summarizes the available options:

Figure 11.11a: TFTP Configuration


31 de 39 13/05/2011 05:06 p.m.

Table 11.11a: TFTP Configuration Options


Directory string most devices expect a path of /tftpboot

Allow New Files checkbox enable if network devices need to send files to the FreeNAS system (e.g. backup their config)

Port integer port to listen for TFTP requests, 69 by default

Username drop-down menu account used for tftp requests

Umask integer umask for newly created files, default is 022

Extra options string additional tftpd(8) options not shown in this screen, one per line

11.12 iSCSI

iSCSI is a protocol standard that allows the consolidation of storage data. iSCSI is implemented in FreeNAS to allow FreeNASto act like a storage area network (SAN) over an existing ethernet network. Specifically, it exports disk devices over anethernet network that iSCSI clients (called initiators) can attach to and mount. Traditional SANs operate over fibre channelnetworks which require a fibre channel infrastructure such as fibre channel HBAs, fibre channel switches, and discreetcabling. iSCSI can be used over an existing ethernet network, although dedicated networks can be build for iSCSI traffic inan effort to boost performance. iSCSI also provides an advantage in an environment that uses Windows shell programs;these programs tend to filter “Network Location” but iSCSI mounts are not filtered.

Before configuring iSCSI on your FreeNAS device, you should be familiar with the following iSCSI terminology:

CHAP: a protocol used for authenticating initiators (clients) by a target (server). CHAP uses a shared secret and three-wayauthentication to determine if a system is authorized to access the storage device and to periodically confirm that thesession has not been hijacked by another system.

Mutual CHAP: a superset of CHAP. The target authenticates the initiator as in CHAP, and additionally the initiator uses CHAPto authenticate the target.

Initiator: the remote system which has authorized access to the storage data on the FreeNAS system (client).

Target: a storage resource on the FreeNAS system (server).

This section will show you how to figure your FreeNAS system for iSCSI.

11.11a Authorized Accesses

To configure iSCSI on FreeNAS, you must first create users. Go to Services → ISCSI → Authorized Accesses → AddAuthorized Access.

Figure 11.11a: Adding Authorized Access for iSCSI

Table 11.11a summarizes the settings that can be configured when adding an authorized access:


32 de 39 13/05/2011 05:06 p.m.

Table 11.11a: Authorized Access Configuration Settings


Group ID integerThe Group ID is used to build the authentication groups used by the iSCSI target software, allowing different groups to beconfigured with different authentication profiles. For instance, all users with a Group ID of 1 will be members of “Group 1” and willinherit the authentication profile associated with that group.

User string Name of user account that will be created on the FreeNAS device in order to CHAP authenticate with the user on the remotesystem. Many initiators default to using the initiator name as the user.

Secret string needs to be confirmed. Password to be associated with the created user account.

Peer User string If this is entered it will cause the user to be a Mutual CHAP user. In most cases it will need to be the same as the User.

InitiatorSecret string needs to be confirmed. The mutual secret password. Most initiators require this to be different than the Secret, and have arbitrary

limitations on its length. This is required if the Peer User field is set.

As users are added, they will appear in the tab. In the example shown in Figure 11.11b, three users (test, test2, and test3)have been configured and there are two groups created, with group1 consisting of a single CHAP user and group2 consistingof a CHAP user and a mutual CHAP user.

Figure 11.11b: Viewing Authorized iSCSI Users

11.11b Initiators

The next step is to configure authorized initiators, or the systems which are allowed to connect to the stored data. Going toServices → ISCSI → Initiators → Add Initiator will bring up the screen shown in Figure 11.11c:

Figure 11.11c: Adding an iSCSI Initiator

Table 11.11b summarizes the settings that can be configured when adding an initiator:

Table 11.11b: Initiator Configuration Settings


Group ID integer if the group ID does not exist yet, create it in Authorized Accesses → Add Authorized Access as described above.

Initiators string can use ALL keyword or a list of initiator names separated by commas with no space.

Authorized network string can use ALL keyword or a network address with CIDR mask, as shown in the example in Figure 11.11d.

Comment string optional description.

In the example shown in Figure 11.11d, two groups have been created. Group 1 allows connections from any initiator onany network; Group 2 only allows connections from any initiator on the 10.10.1.0/24 network.

Figure 11.11d: Sample iSCSI Initiator Configuration


33 de 39 13/05/2011 05:06 p.m.

11.11c Portals

Portals configuration allows FreeNAS systems with multiple IP addresses or interfaces to provide services on differentinterfaces or subnets. Going to Services → ISCSI → Portals → Add Portal will bring up the screen shown in Figure 11.11e:

Figure 11.11e: Adding an iSCSI Portal

In this example, 0.0.0.0:3260 is a wildcard that will cause the system to bind to every IP address and interface.

Table 11.11c summarizes the settings that can be configured when adding a portal:

Table 11.11c: Portal Configuration Settings


Portal Group ID integer if the group ID does not exist yet, create it in Authorized Accesses → Add Authorized Access as described above.

Portal string interface or subnet IP address followed by a colon and the TCP port used by iSCSI (3260 by default).

Comment string optional description.

Figure 11.11f shows an example of a portal that listens on all IP addresses and interfaces.

Figure 11.11f: Sample iSCSI Portals Configuration

11.11d Target Global Configuration

The Target Global Configuration screen, is shown in Figures 11.11g and 11.11h

Figure 11.11g: iSCSI Target Global Configuration Variables


34 de 39 13/05/2011 05:06 p.m.

Figure 11.11h: More iSCSI Target Global Configuration Variables

Table 11.11d summarizes the settings that can be configured in the Target Global Configuration screen:

Table 11.11d: Target Global Configuration Settings


Base Name string

Discovery AuthMethod

None, Auto,CHAP, or MutualCHAP

Configures the authentication level required by the target for discovery of valid devices. None will allowanonymous discovery. CHAP and Mutual CHAP require the authentication specified. Auto lets the initiatordecide the authentication scheme.

Discovery Auth Group number

required if Discovery Auth Method is set to CHAP or Mutual CHAP, optional if Discovery Auth Method is set toAuto, and not needed if Discovery Auth Method is set to None. In the latter two cases the config generatedin the [Global] section of istgt.conf will be DiscoveryAuthGroup None, otherwise it will be a number likeDiscoveryAuthGroup 1. If you wish to use authenticated discover the users must be configured prior to thisstep.

I/O Timeoutintegerrepresentingseconds

Possible values range from 0 -300 with a default value of 30.


35 de 39 13/05/2011 05:06 p.m.

NOPIN Intervalintegerrepresentingseconds

Possible values range from 0 -300 with a default value of 20.

Max. Sessions integer Possible values range from 1 - 64 with a default value of 16.

Max. Connections integer Possible values range from 1 - 64 with a default value of 8.

Max. pre-send R2T integer Possible values range from 1 - 255 with a default value of 32.

MaxOutstandingR2T integer Possible values range from 1 - 255 with a default value of 16.

First burst length integer Possible values range from 1 - 2^32 with a default value of 65536.

Max burst length integer Possible values range from 1 - 2^32 with a default value of 262144.

Max receive datasegment length integer Possible values range from 1 - 2^32 with a default value of 262144.

DefaultTime2Wait integer Possible values range from 1 - 300 with a default value of 2.

DefaultTime2Retain integer Possible values range from 1 - 300 with a default value of 60.

Enable LUC true/false False by default. If it is true the rest of the fields are required.

Controller IP address IP address must be an IP address that is assigned to an interface. If it's not assigned to an interface, the daemonwon't start. Generally set to 127.0.0.1.

Controller TCP port integer Possible values range from 1024-65535 with a default value of 3261.

Controller Authorisednetmask subnet mask represents the Controller Authorized Netmask and can be the same choicebox used for interface

configuration.

Controller AuthMethod:

None, Auto,CHAP, or MutualCHAP

Controls access to the iSCSI controller interface.

Controller Auth Group integer

required if Controller Auth Method is set to CHAP or Mutual CHAP, optional if Controller Auth Method is set toAuto, and not needed if Controller Auth Method is set to None. In the latter two cases the config generatedin the [Global] section of istgt.conf will be ControllerAuthGroup None, otherwise it will be a number likeControllerAuthGroup 1. If you wish to use authenticated discover the users must be configured prior to thisstep.

In the examples shown in Figures 11.11g and 11.11h, anonymous discover has been configured and the logical unitcontroller is set to accept CHAP users from Group 1.

11.11e Targets

Next you should add a Target using Services → ISCSI → Targets → Add Target, as shown in Figure 11.11i. A target combinesa portal ID, allowed initiator ID, and an authentication method.

Figure 11.11i: Adding an iSCSI Target

Table 11.11e summarizes the settings that can be configured when creating a Target:

Table 11.11e: Target Settings


Target Name string required value. Base name will be appended automatically if it starts without “iqn”.

Target Alias string optional user-friendly name.

Type disk, DVD, tape, or pass

Target Flags read-write or read-only

Portal Group ID integer existing Group IDs will be listed in drop-down menu. Indicates which group is has access tothe portal.

Initiator Group ID integer existing Group IDs will be listed in drop-down menu. Indicates which group has access to theinitiator.


36 de 39 13/05/2011 05:06 p.m.

Auth Method auto, CHAP, or mutualCHAP

Authentication Groupnumber none or integer

Queue Depth integer

Logical Block Size integer

In the example shown in Figure 11.11i, two targets have been created that combine portal 1 with initiator group 1. Onetarget allows users in Group 1 to authenticate with CHAP, the other allows users in Group 2 to authenticate with mutualCHAP.

11.11f Extents

The next step is to configure device and/or file extents. Device extents allow raw devices to be exported via iSCSI. A likelyscenario for a device extent is to export the volume created by a hardware RAID controller. File extents allow files on thefilesystem to be exported. This scenario is useful in the case of software RAID.

NOTE: you can't add a pool as a device extent.

To add a device extent, go to Services → ISCSI → Device Extents → Add Device Extent, as seen in Figure 11.11j:

Figure 11.11k: Adding an iSCSI Device Extent

Table 11.11f summarizes the settings that can be configured when creating a Device Extent:

Table 11.11f: Device Extent Configuration Settings


Extent Name string required


Disk device select the device from the drop down menu

To add a device extent, go to Services → ISCSI → Extents → Add Extent. Figure 11.11k shows a file extent of 500MB:

Figure 11.11k: Adding an iSCSI File Extent

Table 11.11g summarizes the settings that can be configured when creating an File Extent:

Table 11.11g: File Extent Configuration Settings


Extent Name string required

Path to theextent string full path to the file

Extent size integer If the size is specified as 0 then the actual file size will be used. This method requires creating the file manually in theCLI.


11.11g Target/Extents


37 de 39 13/05/2011 05:06 p.m.

The last step is associating extents to targets within Services → ISCSI → Target/Extents → Add Target/Extent, shown inFigure 11.11l.

Figure 11.11l: Associating iSCSI Targets/Extents

Table 11.11h summarizes the settings that can be configured when associating targets and extents:

Table 11.11h: Target/Extents Configuration Settings


Target select the pre-created target from the drop-down menu

Extent select the pre-created extent from the drop-down menu

It is best practice to associate extents to targets in a 1:1 manner, although the software will allow multiple extents to beassociated to a target. In the example shown in Figure 11.11l, the device extent is mapped to target 2, and the file extent ismapped to target 1.

Once iSCSI has been configured, click the Services icon. Click the iSCSI Off button to change it from Off to On and thus startthe iSCSI service.

12. Account Configuration

12.1 My Account

12.2 Groups

12.3 Users

13. Using the Command Line Interface (CLI)

14. Getting Help

FreeNAS uses a trac database [http://support.freenas.org] where you can view existing support tickets to see if your issue hasalready been reported or create new tickets for unreported issues. You do not need to create a login account in order to viewexisting tickets, but you will need to use the Register link if you wish to create a ticket.

If you wish to ask a question in “real time”, you can try the #freenas channel on IRC Freenode. Depending upon the time ofday (and your time zone), a FreeNAS developer or other FreeNAS users may be available to assist you. If you don't get ananswer right away, remain on the channel as other users tend to read the channel history in order to answer questions asthey are able to.

14.1 Useful Commands

The following commands and tips can be useful when troubleshooting a problem:

* There's a debug script called /usr/local/bin/freenas-debug that will generate some debug info to help diagnose the issue.

14.2 FAQs

Q1. I changed the root password at the command line but it does not persist after a reboot. How do I fix this?

A. the password files are generated at boot from the FreeNAS database. To make sure the password gets written to thedatabase go to Account → Users tab and change the password from there.

Q2. Can a RAID-Z array be expanded? For example, if I start off with a 8x2TB RAID-Z2 array can I add moredrives to it in the future?

A. You can add drives to a volume, but not to a RAIDZ group. For example, if your volume is a 3 drive RAIDZ, you can addanother 3 drive RAIDZ in the future, giving you a RAIDZ+0. But you can't say change it to a 4 drive RAIDZ. This a


38 de 39 13/05/2011 05:06 p.m.

limitation/feature of ZFS.

Q3. Is there a command to force FreeBSD to scan for new disks? I'm trying to add some disks to my array usingthe hot-swappable bays and a 3ware SATA card. The drives go in fine and light up, but the operating systemcan't see them.

A. Use the command:

tw_cli /c0 rescan

Then you use the drives to create units and export them to the operating system. When finished, run camcontrol rescanall and they will show up.

quick_start_guide_for_freenas_8.0.txt · Last modified: 2011/05/04 09:48 by dlavigne


39 de 39 13/05/2011 05:06 p.m.

Quick Start Guide for Freenas 8

Documents