iXsystems TrueNAS 11.3-U5 User Manual

Table of Contents

Quick Links

Download this manual

TrueNAS

11.3-U5 User Guide

Table of Contents

Troubleshooting

Need help?

Do you have a question about the TrueNAS 11.3-U5 and is the answer not in the manual?

Questions and answers

Summary of Contents for iXsystems TrueNAS 11.3-U5

Page 1 TrueNAS 11.3-U5 User Guide ®...
Page 2 FreeNAS and TrueNAS are unifying (https://www.ixsystems.com/blog/freenas- truenas-uniﬁcation/.) into “TrueNAS”. Documentation for TrueNAS 12.0 and later releases has been uniﬁed and moved to the TrueNAS Documentation Hub (https://www.truenas.com/docs/). Copyright iXsystems 2011-2020 ® ® TrueNAS and the TrueNAS logo are registered trademarks of iXsystems.
Page 3: Table Of Contents
1 Introduction Contacting iXsystems ..........10 Path and Name Lengths .
Page 4 5.4.2.1 Deploying SEDs ......... 42 5.4.2.2 Check SED Functionality .
Page 5 6.6.6.3 Manual Testing ......... . 109 Resilver Priority .
Page 6 10.5 Kerberos Keytabs ..........175 10.6 Kerberos Settings .
Page 7 12.12SNMP ............242 12.13SSH .
Page 8: Welcome
User Guide. ® ® TrueNAS and the TrueNAS logo are registered trademarks of iXsystems. ® Active Directory is a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Apple, Mac and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries.
Page 9: Typographic Conventions
Typographic Conventions Typographic Conventions ® The TrueNAS Administrator Guide uses these typographic conventions: Table 1: Text Format Examples Item Visual Example Graphical elements: buttons, icons, ﬁelds, columns, Click the Import CA button. and boxes Menu selections Select System Information. → Commands Use the scp command.
Page 10: Introduction
After becoming familiar with the conﬁguration workﬂow, this document can be used as a reference guide to the many features provided by ® TrueNAS 1.1 Contacting iXsystems For assistance, please contact iX Support: Contact Method Contact Options https://support.ixsystems.com...
Page 11 Table 1.2: Path and Name Lengths Type Maximum Description Length File Paths 1023 bytes Total ﬁle path length (PATH_MAX). The full path includes directory separator slash characters, subdirectory names, and the name of the ﬁle itself. For example, the path /mnt/tank/mydataset/ mydirectory/myfile.txt is 42 bytes long.
Page 12: Using The Web Interface
1.3 Using the Web Interface 1.3.1 Tables and Columns Tables show a subset of all available columns. Additional columns can be shown or hidden with the COLUMNS button. Set a checkmark by the ﬁelds to be shown in the table. Column settings are remembered from session to session. The original columns can be restored by clicking Reset to Defaults in the column list.
Page 13: Schedule Calendar
These ﬁelds accept standard cron values. The simplest option is to enter a single number in the ﬁeld. The task runs when the time value matches that number. For example, entering 10 means that the job runs when the time is ten minutes past the hour.
Page 14: Web Interface Troubleshooting
1.3.5 Web Interface Troubleshooting If the web interface is shown but seems unresponsive or incomplete: ® • Make sure the browser allows cookies, Javascript, and custom fonts from the TrueNAS system. • Try a diﬀerent browser. Firefox (https://www.mozilla.org/en-US/ﬁrefox/all/) is recommended. ®...
Page 15: Initial Setup
Note: Always perform the initial TrueNAS setup in consultation with your iXsystems Support Representative. ® iXsystems Support can be contacted at truenas-support@ixsystems.com. Be sure to have all TrueNAS hard- ware serial numbers on hand. The serial numbers are located on the back of each chassis.
Page 16 Fig. 2.1: Console Setup Menu Note: On HA systems, some of these menu options are not available unless HA has been administratively dis- abled. The menu provides these options: 1) Conﬁgure Network Interfaces provides a conﬁguration wizard to set up the system’s network interfaces. If the sys- tem has been licensed for High Availability (HA), the wizard prompts for IP addresses for both “This Controller”...
Page 17: Accessing The Web Interface
Note: The numbering and quantity of options on this menu can change due to software updates, service agree- ments, or other factors. Please carefully check the menu before selecting an option, and keep this in mind when writing local procedures. ®...
Page 18 Fig. 2.2: Login Screen High Availability (HA) (page 81) status and information about the active TrueNAS controller is displayed on this screen. Log in with: • Username: root • Password: abcd1234 Note: The default root password can be changed to a more secure value by going to Accounts Users.
Page 19: Web Interface Troubleshooting
(page 10) for initial setup and conﬁguration assistance. Warning: It is important to use the web interface or the console setup menu for all conﬁguration changes. Do not make changes from the command line unless directed by an iXsystems Support Engineer.
Page 20: Settings
CHAPTER THREE SETTINGS The  (Settings) menu provides options to change the administrator password, set preferences, and view system information. 3.1 Change Password To change the root account password, click  (Settings) and Change Password. The current root password must be entered before a new password can be saved.
Page 21: Themes
Fig. 3.1: Web Interface Preferences These options are applied to the entire web interface: • Choose Theme: Change the active theme. Custom themes are added to this list. • Prefer buttons with icons only: Set to preserve screen space and only display icons and tooltips instead of text labels.
Page 22 Fig. 3.2: Create and Preview a Custom Theme To create a new custom theme, click CREATE NEW THEME. Colors from an existing theme can be used when creat- ing a new custom theme. Select a theme from the Load Colors from Theme drop-down to use the colors from that theme for the new custom theme.
Page 23: Api Documentation
Changing any color value automatically updates the Theme Preview column. This section is completely interactive and shows how the custom theme is applied to all the diﬀerent elements in the web interface. Click SAVE CUSTOM THEME when ﬁnished with all the GENERAL and COLORS options. The new theme is added to the list of available themes in Web Interface Preferences.
Page 24: Accounts
CHAPTER FOUR ACCOUNTS Accounts is used to manage users and groups. This section contains these entries: ® • Groups (page 24): used to manage UNIX-style groups on the TrueNAS system. ® • Users (page 27): used to manage UNIX-style accounts on the TrueNAS system.
Page 25 Fig. 4.1: Group Management The table displays group names, group IDs (GID), built-in groups, and whether sudo is permitted. Clicking the  (Options) icon on a user-created group entry displays Members, Edit, and Delete options. Click Members to view ® and modify the group membership.
Page 26 Fig. 4.2: Creating a New Group Table 4.1: Group Creation Options Setting Value Description string The next available group ID is suggested. By convention, UNIX groups containing user accounts have an ID greater than 1000 and groups required by a service have an ID equal to the default port number used by the service.
Page 27: Users
Fig. 4.3: Assigning a User to a Group The Delete button deletes a group. The pop-up message asks if all users with this primary group should also be deleted, and to conﬁrm the action. Note built-in groups do not have a Delete button. 4.2 Users ®...
Page 28 Fig. 4.4: Managing User Accounts ® By default, each user entry displays the username, User ID (UID), whether the user is built into TrueNAS , and full name. This table is adjustable by clicking COLUMNS and setting the desired columns. Clicking a column name sorts the list by that value.
Page 29 Fig. 4.5: Adding or Editing a User Account Table 4.2: User Account Conﬁguration Setting Value Description Username string Usernames can be up to 16 characters long. When using NIS or other legacy software with limited username lengths, keep usernames to eight characters or less for compatibil- ity.
Page 30 Table 4.2 – continued from previous page Setting Value Description Primary Group drop-down menu Unset New Primary Group to access this menu. For secu- rity reasons, FreeBSD will not give a user su permissions if wheel is not their primary group. To give a user su access, add them to the wheel group in Auxiliary groups.
Page 31 Table 4.3 – continued from previous page Shell Description scponly Select scponly (https://github.com/scponly/scponly/wiki) to restrict the user’s SSH usage to only the scp and sftp commands. Z shell (http://www.zsh.org/) git-shell restricted git shell (https://git-scm.com/docs/git-shell) nologin Use when creating a system account or to create a user account that can authenticate with shares but which cannot login to the FreeNAS system using ssh.
Page 32: System
CHAPTER FIVE SYSTEM The System section of the web interface contains these entries: • General (page 32) conﬁgures general settings such as HTTPS access, the language, and the timezone • NTP Servers (page 35) adds, edits, and deletes Network Time Protocol servers •...
Page 33 Fig. 5.1: General System Options Table 5.1: General Conﬁguration Settings Setting Value Description GUI SSL Certiﬁcate drop- The system uses a self-signed certiﬁcate (page 76) to enable en- down crypted web interface connections. To change the default certiﬁcate, menu select a diﬀerent created or imported certiﬁcate. WebGUI IPv4 Address drop- Choose a recent IP addresses to limit the usage when accessing the...
Page 34 Usage Collection checkbox Enable sending anonymous usage statistics to iXsystems. After making any changes, click SAVE. Changes to any of the GUI ﬁelds can interrupt web interface connectivity while the new settings are applied. This screen also contains these buttons: •...
Page 35: Ntp Servers
secured to prevent decryption of passwords and unauthorized access. Warning: The Export Password Secret Seed option is oﬀ by default and should only be used when making a conﬁguration backup that will be stored securely. After moving a conﬁguration to new hardware, media containing a conﬁguration backup with a decryption seed should be securely erased before reuse.
Page 36 Fig. 5.2: Add an NTP Server Table 5.2: NTP Servers Conﬁguration Options Setting Value Description Address string Enter the hostname or IP address of the NTP server. Burst checkbox Recommended when Max. Poll is greater than 10. Only use on per- sonal servers.
Page 37: Boot
5.3 Boot ® TrueNAS supports a ZFS feature known as multiple boot environments. With multiple boot environments, the process of updating the operating system becomes a low-risk operation. The updater automatically creates a snapshot of the current boot environment and adds it to the boot menu before applying the update. Note: Boot environments are separate from the conﬁguration database.
Page 38: Operating System Device Mirroring
• Keep: indicates whether or not this boot environment can be pruned if an update does not have enough space to proceed. Click  (Options) and Keep for an entry if that boot environment should not be automati- cally pruned. Click ...
Page 39: Advanced
Fig. 5.4: Viewing the Status of the Operating System Device ® TrueNAS supports 2-device mirrors for the operating system device. In a mirrored conﬁguration, a failed device can be detached and replaced. Click  (Options) on a device entry to access actions speciﬁc to that device: •...
Page 40 Fig. 5.5: Advanced Screen Table 5.3: Advanced Conﬁguration Settings Setting Value Description Show Text Console with- checkbox Set for the text console to be available without entering a password. out Password Prompt Do not enable this option if the serial port is disabled. Adds the Se- Enable Serial Console checkbox rial Port and Serial Speed ﬁelds.
Page 41: Autotune
→ vanced is enabled by default, so this script runs automatically. Leaving autotune enabled is recommended unless advised otherwise by an iXsystems support engineer. If the autotune script adjusts any settings, the changed values appear in System Tunables. While these values →...
Page 42: Deploying Seds
encryption is removed. Pyrite provides a logical equivalent of the legacy ATA security for non-ATA devices. Only the drive ﬁrmware is used to protect the device. Danger: Pyrite Version 1 SEDs do not have PSID support and can become unusable if the password is lost.
Page 43: Check Sed Functionality
Setting a global password for SEDs Go to System Advanced SED Password and enter the password. Record this password and store it in a safe → → place! Now the SEDs must be conﬁgured with this password. Go to the Shell (page 302) and enter sedhelper setup password, where password is the global password entered in System...
Page 44: Managing Sed Passwords And Data
ReadLocked: WriteLocked: LockOnReset: 5.4.2.3 Managing SED Passwords and Data This section contains command line instructions to manage SED passwords and data. The command used is sedutil-cli(8) (https://www.mankier.com/8/sedutil-cli). Most SEDs are TCG-E (Enterprise) or TCG-Opal (Opal v2.0 (https://trustedcomputinggroup.org/wp-content/uploads/TCG_Storage-Opal_SSC_v2.01_rev1.00.pdf)). Commands are diﬀerent for the diﬀerent drive types, so the ﬁrst step is identifying which type is being used. Warning: These commands can be destructive to data and passwords.
Page 45: View Enclosure
TCG-E Instructions Use all of these commands to reset the password without losing data: sedutil-cli --setSIDPassword oldpassword ”” /dev/device sedutil-cli --setPassword oldpassword EraseMaster ”” /dev/device sedutil-cli --setPassword oldpassword BandMaster0 ”” /dev/device sedutil-cli --setPassword oldpassword BandMaster1 ”” /dev/device Use all of these commands to change the password without destroying data: sedutil-cli --setSIDPassword oldpassword newpassword /dev/device sedutil-cli --setPassword oldpassword EraseMaster newpassword /dev/device sedutil-cli --setPassword oldpassword BandMaster0 newpassword /dev/device...
Page 46 Fig. 5.6: View Enclosure ® Detected TrueNAS hardware is added to a column on the right side of the screen. Click an enclosure to show de- tails about that hardware. The screen is divided into diﬀerent tabs. These tabs reﬂect the sensors that are active in the chosen hardware. ®...
Page 47: Email
5.6 Email An automatic script sends a nightly email to the root user account containing important information such as the health of the disks. Alert (page 305) events are also emailed to the root user account. Problems with Scrub Tasks (page 111) are reported separately in an email sent at 03:00AM.
Page 48: System Dataset
Table 5.4: Email Conﬁguration Settings Setting Value Description From E-mail string The envelope From address shown in the email. This can be set to make ﬁltering mail on the receiving system easier. From Name string The friendly name to show in front of the sending email address. Outgoing Mail string or IP address Hostname or IP address of SMTP server used for sending this...
Page 49 Fig. 5.8: System Dataset Screen Use the System Dataset Pool drop-down menu to select the volume (pool) to contain the system dataset. The sys- tem dataset can be moved to unencrypted volumes (pools) or encrypted volumes which do not have passphrases. If the system dataset is moved to an encrypted volume, that volume is no longer allowed to be locked or have a passphrase set.
Page 50: Reporting
Warning: These alert services might use a third party commercial vendor not directly aﬃliated with iXsystems. Please investigate and fully understand that vendor’s pricing policies and services before using their alert ser- vice. iXsystems is not responsible for any charges incurred from the use of third party vendors with the Alert Services feature.
Page 51 Fig. 5.9: Alert Services Click ADD to display the Add Alert Service form, Figure 5.10.
Page 52: Alert Settings
Fig. 5.10: Add Alert Service Select the Type to choose an alert service to conﬁgure. Alert services can be set for a particular severity Level. All alerts of that level are then sent out with that alert ser- vice. For example, if the E-Mail alert service Level is set to Info, any Info level alerts are sent by that service. Multiple alert services can be set to the same level.
Page 53: Cloud Credentials
Fig. 5.11: Alert Settings Alerts are grouped by web interface feature or service monitor. To customize alert importance, use the Warning Level drop-down. To adjust how often alert notiﬁcations are sent, use the Frequency drop-down. Setting the Fre- quency to NEVER prevents that alert from being added to alert notiﬁcations, but the alert can still show in the web interface if it is triggered.
Page 54 Fig. 5.12: Cloud Credentials List The list shows the Account Name and Provider for each credential. There are options to Edit and Delete a credential after clicking  (Options) for a credential. Click ADD to add a new cloud credential. Choose a Provider to display any speciﬁc options for that provider. Figure 5.13 shows an example conﬁguration:...
Page 55 Fig. 5.13: Add Amazon S3 Credential Enter a descriptive and unique name for the cloud credential in the Name ﬁeld. The remaining options vary by Provider, and are shown in Table 5.6. Clicking a provider name opens a new browser tab to the rclone documen- tation (https://rclone.org/docs/) for that provider.
Page 56 Table 5.6 – continued from previous page Provider Setting Description Amazon S3 Region AWS resources in a geographic area (https://rclone.org/s3/) (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html). Leave empty to automatically detect the correct public region for the bucket. Entering a private region name allows interact- ing with Amazon buckets created in that region.
Page 57: Ssh Connections
Table 5.6 – continued from previous page Provider Setting Description Microsoft Access Token, The Access Token is conﬁgured with Open Authentication (page 57). Au- OneDrive Drives List, Drive thenticating a Microsoft account adds the Drives List and selects the (https://rclone.org/onedrive/) Account Type, Drive correct Drive Account Type.
Page 59: Manual Setup
Table 5.7: SSH Connection Options Setting Value Description Name string Descriptive name of this SSH connection. SSH connection names must be unique. Setup Method drop-down menu How to conﬁgure the connection: Manual requires conﬁguring authentication on the remote system. This can require copying SSH keys and modifying the root user ac- count on that system.
Page 60: Semi-Automatic Setup
Log in to Host 2 and go to Accounts Users. Click  (Options) for the root account, then Edit. Paste the copied key → into the SSH Public Key ﬁeld and click SAVE as shown in Figure 5.14. Fig. 5.14: Paste the Replication Key Switch back to Host 1 and go to System SSH Connections and click ADD.
Page 61: Ssh Keypairs
5.13 SSH Keypairs ® TrueNAS generates and stores RSA-encrypted (https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) SSH public and private keypairs in System SSH Keypairs. These are generally used when conﬁguring SSH Connections → (page 57) or SFTP Cloud Credentials (page 53). Encrypted keypairs or keypairs with passphrases are not supported. To generate a new keypair, click ADD, enter a name, and click GENERATE KEYPAIR.
Page 62 2. FreeBSD loaders: a loader is only loaded when a FreeBSD-based system boots and can be used to pass a parameter to the kernel or to load an additional kernel module such as a FreeBSD hardware driver. 3. FreeBSD rc.conf options: rc.conf(5) (https://www.freebsd.org/cgi/man.cgi?query=rc.conf) is used to pass ®...
Page 63 Table 5.8: Adding a Tunable Setting Value Description Variable string The name of the sysctl or driver to load. Value integer or string Set a value for the Variable. Refer to the man page for the speciﬁc driver or the FreeBSD Handbook (https://www.freebsd.org/doc/en_US.ISO08859-1/books/handbook/) for suggested values.
Page 64: Update
On very large systems, a proportionally longer maintenance window is recom- mended. For individual support during an upgrade, please open a ticket at https://support.ixsystems.com, or call 408-943- 4100 to schedule one. Scheduling at least two days in advance of a planned upgrade gives time to make sure a specialist is available for assistance.
Page 65: Updates And Trains
Maintenance-only updates for the older 9.3 branch of TrueNAS . Use this train only at the recommendation of an iXsystems support engineer. Warning: Only Production trains are recommended for regular usage. Other trains are made available for pre-production testing and updates to legacy versions. Pre-production testing trains are provided only to permit testing of new versions before switching to a new branch.
Page 66 Fig. 5.17: Update Options The system checks daily for updates and downloads an update if one is available. An alert is issued when a new update becomes available. The automatic check and download of updates is disabled by unsetting Check for Up- dates Daily and Download if Available.
Page 67: Saving The Configuration File
Fig. 5.18: Reviewing Updates 5.15.4 Saving the Configuration File A dialog to save the system conﬁguration ﬁle (page 34) appears before installing updates.
Page 68: Applying Updates
Warning: Keep the system conﬁguration ﬁle secure after saving it. The security information in the conﬁgura- ® tion ﬁle could be used for unauthorized access to the TrueNAS system. 5.15.5 Applying Updates Make sure the system is in a low-usage state as described above in Preparing for Updates (page 64).
Page 69: Update In Progress
® The current version of TrueNAS is shown for veriﬁcation. Select the manual update ﬁle with the Browse button. Set Reboot After Update to reboot the system after the up- date has been installed. Click APPLY UPDATE to begin the update. 5.15.7 Update in Progress Starting an update shows a progress dialog.
Page 70 A warning dialog appears for any other user that is logged into the web interface and a “System Updating” icon is shown in the top bar while the update is in progress. Update progress is shown for both TrueNAS controllers. The standby TrueNAS controller reboots when it is ﬁn- ished updating.
Page 71: If Something Goes Wrong
When both TrueNAS controllers are online, verify that the update is complete by going to Dashboard and conﬁrm- ing that Version is the same on both TrueNAS controllers. 5.15.10 If Something Goes Wrong If an update fails, an alert is issued and the details are written to /data/update.failed. ®...
Page 72: Cas
not necessary to upgrade the pool unless the end user has a speciﬁc need for the newer ZFS Feature Flags (page 312). If a pool is upgraded to the latest feature ﬂags, it will not be possible to import that pool into an- other operating system that does not yet support those feature ﬂags.
Page 73 Figure 5.20 shows the screen after clicking System CAs. → Fig. 5.20: Initial CA Screen If the organization already has a CA, the CA certiﬁcate and key can be imported. Click ADD and set the Type to Im- port CA to see the conﬁguration options shown in Figure 5.21.
Page 74 Fig. 5.21: Importing a CA Table 5.9: Importing a CA Options Setting Value Description Identiﬁer string Enter a descriptive name for the CA using only alphanumeric, under- score (_), and dash (-) characters. Type drop-down menu Choose the type of CA. Choices are Internal CA, Intermediate CA, and Import CA.
Page 75 Fig. 5.22: Creating an Internal CA The conﬁgurable options are described in Table 5.10. When completing the ﬁelds for the certiﬁcate authority, sup- ply the information for the organization. Table 5.10: Internal CA Options Setting Value Description Identiﬁer string Enter a descriptive name for the CA using only alphanumeric, under- score (_), and dash (-) characters.
Page 76: Certificates
Table 5.10 – continued from previous page Setting Value Description Lifetime integer The lifetime of a CA is speciﬁed in days. Country drop-down menu Select the country for the organization. State string Enter the state or province of the organization. Locality string Enter the location of the organization.
Page 77 Fig. 5.23: Certiﬁcates ® TrueNAS uses a self-signed certiﬁcate to enable encrypted access to the web interface. This certiﬁcate is gener- ated at boot and cannot be deleted until a diﬀerent certiﬁcate is chosen as the GUI SSL Certiﬁcate (page 33). To import an existing certiﬁcate, click ADD and set the Type to Import Certiﬁcate.
Page 78 Fig. 5.24: Importing a Certiﬁcate Table 5.11: Certiﬁcate Import Options Setting Value Description Identiﬁer string Enter a descriptive name for the certiﬁcate using only alphanumeric, underscore (_), and dash (-) characters. Type drop-down menu Choose the type of certiﬁcate. Choices are Internal Certiﬁcate, Certiﬁ- cate Signing Request, Import Certiﬁcate, and Import Certiﬁcate Signing Request.
Page 79 Table 5.12: Certiﬁcate Signing Request Import Options Setting Value Description Identiﬁer string Enter a descriptive name for the certiﬁcate using only alphanumeric, underscore (_), and dash (-) characters. Type drop-down menu Choose the type of certiﬁcate. Choices are Internal Certiﬁcate, Certiﬁ- cate Signing Request, Import Certiﬁcate, and Import Certiﬁcate Signing Request.
Page 80 Table 5.13: Certiﬁcate Creation Options Setting Value Description Identiﬁer string Enter a descriptive name for the certiﬁcate using only alphanu- meric, underscore (_), and dash (-) characters. Type drop-down menu Choose the type of certiﬁcate. Choices are Internal Certiﬁcate, Cer- tiﬁcate Signing Request, and Import Certiﬁcate.
Page 81: Failover
Fig. 5.26: Managing Certiﬁcates Clicking  (Options) for an entry shows these conﬁguration buttons: • View: use this option to view the contents of an existing Certiﬁcate, Private Key, or to edit the Identiﬁer. • Export Certiﬁcate saves a copy of the certiﬁcate or certiﬁcate signing request to the system being used to ®...
Page 82 → cense. Paste the HA license received from iXsystems and press SAVE LICENSE to activate it. The license contains the serial numbers for both units in the chassis. Activating the license adds the Failover option to System. Some ﬁelds are modiﬁed in Network so that the peer IP address, peer hostname, and virtual IP can be conﬁgured.
Page 83 When HA is disabled by the system administrator, the status icon changes to HA Disabled. If the standby TrueNAS controller is not available because it is powered oﬀ, still starting up, disconnected from the network, or if failover has not been conﬁgured, the status icon changes to HA Unavailable. The remaining failover options are found in System Failover.
Page 84: Support
HA conﬁgurations. Do not use this unless re- quested by an iXsystems Support Engineer. Notes about High Availability and failovers: Booting an HA pair with failover disabled causes both TrueNAS controllers to come up in standby mode. The web interface shows an additional Force Takeover button which can be used to force that TrueNAS controller to take control.
Page 85: License Information
CENSE. An additional dialog prompts to reload the web interface and show the new license details. There are also options to mark the system for production use or to send an initial debug to iXsystems. To update the status, set either option and click UPDATE STATUS.
Page 86: Contact Support
5.19.3 Contact Support To generate a support ticket, ﬁll in the ﬁelds: • Name is the name of the person the iXsystems Support Representative should contact to assist with the is- sue. • Email is the email address of the person to contact.
Page 87: Tasks
CHAPTER TASKS The Tasks section of the web interface is used to conﬁgure repetitive tasks: • Cron Jobs (page 87) schedules a command or script to automatically execute at a speciﬁed time • Init/Shutdown Scripts (page 89) conﬁgures a command or script to automatically execute during system startup or shutdown •...
Page 88 Fig. 6.1: Cron Job Settings Table 6.1 lists the conﬁgurable options for a cron job. Table 6.1: Cron Job Options Setting Value Description Description string Enter a description of the cron job. Command drop-down menu Enter the full path to the command or script to be run. If it is a script, testing it at the command line ﬁrst is recommended.
Page 89: Init/Shutdown Scripts
whether the job is enabled. This table is adjustable by setting the diﬀerent column checkboxes above it. Set Tog- gle to display all options in the table. Click  (Options) for to show the Run Now, Edit, and Delete options. Note: % symbols are automatically escaped and do not need to be preﬁxed with backslashes.
Page 90: Rsync Tasks
Table 6.2 – continued from previous page Setting Value Description When drop-down menu Select when the Command or Script runs: • Pre Init: early in the boot process, after mounting ﬁlesystems and starting networking ® • Post Init: at the end of the boot process, before TrueNAS ser- vices start •...
Page 91 ® deﬁned in the TrueNAS web interface under Services Rsync Conﬁgure Rsync Module. In other operating → → systems, the module is deﬁned in rsyncd.conf(5) (https://www.samba.org/ftp/rsync/rsyncd.conf.html). • SSH: synchronizes over an encrypted connection. Requires the conﬁguration of SSH user and host public keys.
Page 92 Table 6.3 – continued from previous page Setting Value Description Remote Host string Enter the IP address or hostname of the remote system that will store the copy. Use the format username@remote_host if the user- name diﬀers on the remote host. Remote SSH integer Only available in SSH mode.
Page 93: Rsync Module Mode
Rsync tasks also generate an Alert (page 305) on task completion. The alert shows if the task succeeded or failed. 6.3.1 Rsync Module Mode ® This conﬁguration example conﬁgures rsync module mode between the two following TrueNAS systems: • 192.168.2.2 has existing data in /mnt/local/images. It will be the rsync client, meaning that an rsync task needs to be deﬁned.
Page 94 Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f5:b0:06:d1:33:e4:95:cf:04:aa:bb:6e:a4:b7:2b:df root@freenas.local The key’s randomart image is: +--[ RSA 2048]----+ .o. oo o+o. . . =o + S o .
Page 95 Fig. 6.4: Pasting the User SSH Public Key While on PULL, verify that the SSH service is running in Services and start it if it is not. Next, copy the host key of PULL using Shell on PUSH. The command copies the RSA host key of the PULL server used in our previous example.
Page 96: Tests
Save the rsync task and the rsync will automatically occur according to the schedule. In this example, the contents of /mnt/local/images/ will automatically appear in /mnt/remote/images/ after 15 minutes. If the content does not appear, use Shell on PULL to read /var/log/messages. If the message indicates a n (newline character) in the key, remove the space in the pasted key–it will be after the character that appears just before the n in the error message.
Page 97: Periodic Snapshot Tasks
Table 6.4: S.M.A.R.T. Test Options Setting Value Description All Disks checkbox Set to monitor all disks. Disks drop-down menu Select the disks to monitor. Available when All Disks is unset. Type drop-down menu Choose the test type. See smartctl(8) (https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.8.in) for descriptions of each type.
Page 98 Fig. 6.6: Creating a Periodic Snapshot Table 6.5: Periodic Snapshot Options Setting Value Description Dataset drop-down menu Select a pool, dataset, or zvol. Recursive checkbox Set to take separate snapshots of the dataset and each of its child datasets. Leave unset to take a single snapshot only of the speciﬁed dataset without child datasets.
Page 99: Snapshot Autoremoval
Table 6.5 – continued from previous page Setting Value Description Schedule the drop-down menu When the periodic snapshot task runs. Choose one of the preset Periodic Snap- schedules or choose Custom to use the Advanced Scheduler (page 12). shot Task Begin drop-down menu Hour and minute when the system can begin taking snapshots.
Page 100: Replication
One notable detail of this process is that there is no saved memory of which task created which snapshot, or what the parameters of the periodic snapshot task were at the time a snapshot was created. All checks for autoremoval are based on the current state of the system.
Page 101 Fig. 6.7: Replication Wizard: What and Where The wizard allows loading previously saved replication conﬁgurations and simpliﬁes many replication settings. To see all possible replication creation options (page 103), click ADVANCED REPLICATION CREATION. Using the wizard to create a new replication task begins by deﬁning what is being replicated and where. Choos- ing On a Diﬀerent System for either the Source Location or Destination Location requires an SSH Connection (page 57)
Page 102 and select the dataset from the expandable tree or type a path to the location in the ﬁeld. Only a single Destination path can be deﬁned. Using an SSH connection for replication adds the SSH Transfer Security option. This sets the data transfer security level.
Page 103: Advanced Replication Creation
Tasks set to Run Once will start immediately. If a one-time replication has no valid local system source dataset ® snapshots, TrueNAS will snapshot the source datasets and immediately replicate those snapshots to the desti- nation dataset. All replication tasks are displayed in Tasks Replication Tasks.
Page 104 • LEG: LEGACY Table 6.6: Replication Task Options Setting Transport Value Description Name string Descriptive name for the replication. Direction SSH, NCT, drop- PUSH sends snapshots to a destination system. PULL con- down nects to a remote system and retrieves snapshots matching menu a Naming Schema.
Page 105 Table 6.6 – continued from previous page Setting Transport Value Description Destination Deﬁne the path to a system location that will store repli-  (Browse), cated snapshots. Click the  (Browse) to see all locations string on the destination system or click in the ﬁeld to manually type a location path (Example: pool1/dataset1).
Page 106 Table 6.6 – continued from previous page Setting Transport Value Description Replicate Speciﬁc SSH, NCT, checkbox Only replicate snapshots that match a deﬁned creation Snapshots and drop- time. To specify which snapshots will be replicated, set this down checkbox and deﬁne the snapshot creation times that will menu be replicated.
Page 107: Replication Tasks
Table 6.6 – continued from previous page Setting Transport Value Description Number of retries SSH, NCT, integer Number of times the replication is attempted before stop- for failed replica- ping and marking the task as failed. tions Logging Level drop- Message verbosity level in the replication task log.
Page 108: Replication Topologies And Scenarios
tivity will not slow down other operations like snapshots or Scrub Tasks (page 111). The default settings allow repli- cation to occur at any time. These times control when replication task are allowed to start, but will not stop a replication task that is already running.
Page 109: Troubleshooting Replication
Recovering data onto a replacement computer is done manually with the zfs send and zfs recv commands, or a replication task can be deﬁned on the target computer containing the backup data. This replication task would normally be disabled. If a disaster damages the source computer, the target computer replication task is tem- porarily enabled, replicating the data onto the replacement source computer.
Page 110: Resilver Priority
zfs destroy -R betapool/alphadata@auto-20161206.1110-2w Then send the snapshot manually again. Snapshots on the destination system, Beta, are listed from the Shell (page 302) with zfs list -t snapshot or from Storage Snapshots. → Error messages here can indicate any remaining problems. 6.7 Resilver Priority Resilvering, or the process of copying data to a replacement disk, is best completed as quickly as possible.
Page 111: Scrub Tasks
Table 6.7 – continued from previous page Setting Value Description End Time drop-down Choose the hour and minute when new resilver tasks can no longer be started. This does not aﬀect active resilver tasks. Days of the Week checkboxes Select the days to run resilver tasks. 6.8 Scrub Tasks A scrub is the process of ZFS scanning through the data on a pool.
Page 112 Fig. 6.11: Viewing Pool Default Scrub Settings Table 6.8: ZFS Scrub Options Setting Value Description Pool drop-down Choose a pool to scrub. menu Threshold days string Days before a completed scrub is allowed to run again. This controls the task schedule. For example, scheduling a scrub to run daily and setting Threshold days to 7 means the scrub attempts to run daily.
Page 113: Cloud Sync Tasks
Warning: This Cloud Sync task might go to a third party commercial vendor not directly aﬃliated with iXsys- tems. Please investigate and fully understand that vendor’s pricing policies and services before creating any Cloud Sync task. iXsystems is not responsible for any charges incurred from the use of third party vendors with the Cloud Sync feature.
Page 114 Click ADD to display the Add Cloud Sync menu shown in Figure 6.13. Fig. 6.13: Adding a Cloud Sync Table 6.9 shows the conﬁguration options for Cloud Syncs. Table 6.9: Cloud Sync Options Setting Value Type Description Description string A description of the Cloud Sync Task. Direction drop-down menu PUSH sends data to cloud storage.
Page 115 Table 6.9 – continued from previous page Setting Value Type Description Storage Class drop-down menu Classiﬁcation for each S3 object. Choose a class based on the speciﬁc use case or performance requirements. See Amazon S3 Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage- class-intro.html) for more information on which storage class to choose.
Page 116: Cloud Sync Example
Table 6.9 – continued from previous page Setting Value Type Description Password to encrypt and decrypt remote data. Warning: Always se- Encryption string Password curely back up this password! Losing the encryption password will result in data loss. Encryption Salt string Enter a long string of random characters for use as salt...
Page 117 Fig. 6.14: Example: Adding Cloud Credentials Go to Tasks Cloud Sync and click ADD to create a cloud sync job. The Description is ﬁlled with a simple note de- → scribing the job. Data is being sent to cloud storage, so this is a Push. The provider comes from the cloud creden- tials deﬁned in the previous step, and the destination folder was conﬁgured in the cloud provider account.
Page 118 Fig. 6.15: Example: Successful Cloud Sync...
Page 119: Network
CHAPTER SEVEN NETWORK The Network section of the web interface contains these components for viewing and conﬁguring network settings ® on the TrueNAS system: • Global Conﬁguration (page 119): general network settings. • Interfaces (page 121): settings for each network interface and options to conﬁgure Bridge (page 124), Link Ag-...
Page 120 Upper and lower case alphanumeric, ., and - charac- ters are allowed. Domain string System domain name. The Hostname and Domain are also displayed under the iXsystems logo at the top left of the main screen. Additional Do- string Additional space-delimited domains to search. Adding search do- mains mains can cause slow DNS lookups.
Page 121: Interfaces
Table 7.1 – continued from previous page Setting Value Description Nameserver 2 IP address Secondary DNS server. Nameserver 3 IP address Tertiary DNS server. HTTP Proxy string Enter the proxy information for the network in the format http://my.proxy.server:3128 or http://user:password@my.proxy.server:3128. Enable netwait checkbox If enabled, network services do not start at boot until the interface is...
Page 122 Fig. 7.2: Adding a Network Interface Each Type of conﬁgurable network interface changes the available options. Table 7.2 shows which settings are available with each interface type. Table 7.2: Interface Conﬁguration Options Setting Value Type Description Type drop- Choose the type of interface. Bridge creates a logical link down between multiple networks.
Page 123 Table 7.2 – continued from previous page Setting Value Type Description Disable Hardware checkbox Turn oﬀ hardware oﬄoading for network traﬃc process- Oﬄoading ing. WARNING: disabling hardware oﬄoading can reduce network performance and is only recommended when the interface is managing jails (page 260), plugins...
Page 124: Network Bridges
7.2.1 Network Bridges A network bridge allows multiple network interfaces to function as a single interface. To create a bridge, go to Network Interfaces and click ADD. Choose Bridge as the Type and continue to conﬁgure → the interface. See the Interface Conﬁguration Options table (page 122) for descriptions of each option.
Page 125: Lacp, Mpio, Nfs, And Esxi
eﬀect of limiting throughput as reordering packets can be CPU intensive on the client. Requires a switch which supports IEEE 802.3ad static link aggregation. None: this protocol disables any traﬃc without disabling the lagg interface itself. 7.2.2.1 LACP, MPIO, NFS, and ESXi LACP bonds Ethernet connections to improve bandwidth.
Page 126: Vlans
systat -ifstat More information about this command can be found at systat(1) (https://www.freebsd.org/cgi/man.cgi?query=systat). 7.2.3 VLANs ® TrueNAS uses vlan(4) (https://www.freebsd.org/cgi/man.cgi?query=vlan) to demultiplex frames with IEEE 802.1q tags. This allows nodes on diﬀerent VLANs to communicate through a layer 3 switch or router. A vlan interface must be assigned a parent interface and a numeric VLAN tag.
Page 127 Fig. 7.3: IPMI Conﬁguration Table 7.3: IPMI Options Setting Value Description TrueNAS Con- drop-down menu Select a TrueNAS controller. All IPMI changes are applied to that Tru- troller eNAS controller. Channel drop-down menu Select the communications channel (https://www.thomas- krenn.com/en/wiki/IPMI_Basics#Channel_Model) to use. Available channel numbers vary by hardware.
Page 128: Network Summary
documentation to determine the default administrative username. After logging in to the management interface, the default administrative username can be changed, and additional users created. The appearance of the IPMI utility and the functions that are available vary depending on the hard- ware.
Page 129 Table 7.4: Static Route Options Setting Value Description Destination integer Use the format A.B.C.D/E where E is the CIDR mask. Gateway integer Enter the IP address of the gateway. Description string Optional. Add any notes about the route. Added static routes are shown in Network Static Routes.
Page 130: Storage
CHAPTER EIGHT STORAGE The Storage section of the web interface allows conﬁguration of these options: • Swap Space (page 130): Change the swap space size. • Pools (page 130): create and manage storage pools. • Snapshots (page 152): manage local snapshots. •...
Page 131: Creating Pools
8.2.1 Creating Pools Before creating a pool, determine the level of required redundancy, how many disks will be added, and if any data exists on those disks. Creating a pool overwrites disk data, so save any required data to diﬀerent media before adding disks to a pool.
Page 132 After selecting disks, click the right arrow to add them to the Data VDevs section. The usable space of each disk in a vdev is limited to the size of the smallest disk in the vdev. Additional data vdevs must have the same conﬁguration as the initial vdev.
Page 133: Managing Encrypted Pools
Table 8.1: Pool Status Symbol Color Meaning  HEALTHY Green The pool is healthy.  DEGRADED Orange The pool is in a degraded state.  UNKNOWN Blue Pool status cannot be determined.  LOCKED Yellow The pool is locked.  Pool Fault The pool has a critical error.
Page 134 down, when the pool is locked, or when disks are physically stolen. ® TrueNAS encrypts disks and pools, not individual ﬁlesystems. The partition table on each disk is not encrypted, but only identiﬁes the location of partitions on the disk. On an encrypted pool, the data in each partition is en- crypted.
Page 135: Encryption And Recovery Keys
8.2.2.1 Encryption and Recovery Keys ® TrueNAS generates a randomized encryption key whenever a new encrypted pool is created. This key is stored in system dataset (page 48). It is the primary key used to unlock the pool each time the system boots. Creating a passphrase for the pool adds a passphrase component to the encryption key and allows the pool to be locked.
Page 136: Adding Cache Or Log Devices
Fig. 8.3: Encryption Key/Passphrase Options The administrator password is required for encryption key changes. Setting Remove Passphrase invalidates the current pool passphrase. Creating or changing a passphrase invalidates the pool recovery key. • Recovery Key: Generate and download a new recovery key ﬁle or invalidate an existing recovery key. The ®...
Page 137: Removing Cache Or Log Devices
To add a Cache or Log device during pool creation, click the Add Cache or Add Log button. Select the disk from Available Disks and use the right arrow next to Cache VDev or Log VDev to add it to that section. To add a device to an existing pool, Extend (page 137) that pool.
Page 138 Fig. 8.4: Export/Disconnect a Pool Note: At least one pool is required for High Availability (HA) (page 81). If HA is enabled and only one pool is con- nected, HA must be disabled before that pool can be removed. Warning: Do not export/disconnect an encrypted pool if the passphrase has not been set! An encrypted pool cannot be reimported without a passphrase! When in doubt, use the instructions in Managing En- crypted Pools...
Page 139: Importing A Pool
To instead destroy the data and share conﬁgurations on the pool, also set the Destroy data on this pool? option. To verify that data on the pool is to be destroyed, type the name of the pool and click EXPORT/DISCONNECT. Data on the pool is destroyed, including share conﬁguration, zvols, datasets, and the pool itself.
Page 140 Fig. 8.6: Importing a Pool Select the pool from the Pool * drop-down menu and click NEXT to conﬁrm the options and IMPORT it. Before importing an encrypted pool (page 133), disks must ﬁrst be decrypted. Click Yes, decrypt the disks. This is shown in Figure 8.7.
Page 141: Viewing Pool Scrub Status
Fig. 8.7: Decrypting Disks Before Importing a Pool Use the Disks dropdown menu to select the disks to decrypt. Click Browse to select the encryption key ﬁle stored on the client system. Enter the Passphrase associated with the encryption key, then click NEXT to continue import- ing the pool.
Page 142: Adding Datasets
To view the scrub status of a pool, click the pool name,  (Settings), then Status. The resulting screen will display the status and estimated time remaining for a running scrub or the statistics from the last completed scrub. A CANCEL button is provided to cancel a scrub in progress. When a scrub is cancelled, it is abandoned. The next scrub to run starts from the beginning, not where the cancelled scrub left oﬀ.
Page 143 A speciﬁed value applies to both this dataset and any child ✓ this dataset and all datasets. children ZFS Deduplication drop- Do not change this setting unless instructed to do so by your down iXsystems support engineer. menu Read-only drop- Choices are Inherit, On, or Oﬀ. ✓ down menu Exec drop- Choices are Inherit, On, or Oﬀ.
Page 144 Table 8.3 – continued from previous page Setting Value Advanced Description Mode Record Size drop- While ZFS automatically adapts the record size dynamically to ✓ down adapt to data, if the data has a ﬁxed size (such as database menu records), matching its size might result in better performance.
Page 145: Compression
Tip: Deduplication is often considered when using a group of very similar virtual machine images. However, other features of ZFS can provide dedup-like functionality more eﬃciently. For example, create a dataset for a standard VM, then clone a snapshot of that dataset for other VMs. Only the diﬀerence between each created VM and the main dataset are saved, giving the eﬀect of deduplication without the overhead.
Page 146 Fig. 8.9: Adding a Zvol The conﬁguration options are described in Table 8.4. Table 8.4: zvol Conﬁguration Options Setting Value Advanced Description Mode zvol name string Enter a short name for the zvol. Using a zvol name longer than 63-characters can prevent accessing zvols as devices. For exam- ple, a zvol with a 70-character ﬁlename or path cannot be used as an iSCSI extent.
Page 147: Setting Permissions
ZFS Deduplication drop- Do not change this setting unless instructed to do so by your down iXsystems support engineer. menu Sparse checkbox Used to provide thin provisioning. Use with caution as writes will fail when the pool is low on space.
Page 148: Acl Management
Fig. 8.10: Editing Dataset Permissions Table 8.5: Permission Options Setting Value Description Path string Displays the path to the dataset or zvol directory. User drop- Select the user to control the dataset. Users created manually or im- down ported from a directory service appear in the drop-down menu. menu Group drop-...
Page 149 The ACL for a new ﬁle or directory is typically determined by the parent directory ACL. An exception is when there are no File Inherit or Directory Inherit ﬂags (page 151) in the parent ACL owner@, group@, or everyone@ en- tries.
Page 150 Table 8.6 – continued from previous page Setting Section Value Description User File Infor- drop- User who controls the dataset. This user always has permissions mation down to read or write the ACL and read or write attributes. Users cre- menu ated manually or imported from a directory service...
Page 151 Table 8.6 – continued from previous page Setting Section Value Description Strip ACLs Advanced checkbox Set to remove all ACLs from the current dataset. ACLs are also re- cursively stripped from directories and child datasets when Apply permissions recursively and Apply permissions to child datasets are set.
Page 152: Snapshots
• Inherited : set when the ACE has been inherited from another dataset. 8.3 Snapshots To view and manage the listing of created snapshots, use Storage Snapshots. An example is shown in Figure → 8.12. Note: If snapshots do not appear, check that the current time conﬁgured in Periodic Snapshot Tasks (page 97) does not conﬂict with the Begin, End, and Interval settings.
Page 153: Browsing A Snapshot Collection
does not take into account pending changes. While pending changes are generally accounted for within a few sec- onds, disk changes do not necessarily guarantee that the space usage information is updated immediately. Tip: Space used by individual snapshots can be seen by running zfs list -t snapshot from Shell (page 302).
Page 154: Creating A Single Snapshot
• Snapshot visibility must be manually enabled in the ZFS properties of the dataset. • In Samba auxillary settings, the veto files command must be modiﬁed to not hide the .zfs ﬁle, and the setting zfsacl:expose_snapdir=true must be added. The eﬀect will be that any user who can access the dataset contents will be able to view the list of snapshots by navigating to the .zfs directory of the dataset.
Page 155: Vmware-Snapshots
The snapshot can have a custom Name or be automatically named by a Naming Schema. Using a Naming Schema allows the snapshot to be included in Replication Tasks (page 107). The Naming Schema drop-down is populated with previously created schemas from Periodic Snapshot Tasks (page 97).
Page 156: Disks
Table 8.7 – continued from previous page Setting Value Description Password string Enter the password associated with Username. ZFS Filesystem browse button Browse to the ﬁlesystem to snapshot. Datastore drop-down menu After entering the Hostname, Username, and Password, click FETCH DATASTORES to populate the menu, then select the datastore to be synchronized.
Page 157 To bulk edit disks, set the checkbox for each disk in the table then click  (Edit Disks). The Bulk Edit Disks page dis- plays which disks are being edited and a short list of conﬁgurable options. The Disk Options table (page 157) indi- cates the options available when editing multiple disks.
Page 158: Replacing A Failed Disk
Table 8.8 – continued from previous page Setting Value Bulk Description Edit Acoustic Level drop- Default is Disabled. Other values can be ✓ down selected for disks that understand menu (https://en.wikipedia.org/wiki/Automatic_acoustic_management). Enable S.M.A.R.T. checkbox Enabled by default when the disk supports S.M.A.R.T. Disabling ✓...
Page 159 Before physically removing the failed device, go to Storage Pools. Select the pool name then click  (Settings). → Select Status and locate the failed disk. Then perform these steps: 1. Click  (Options) on the disk entry, then Oﬄine to change the disk status to OFFLINE. This step removes the device from the pool and prevents swap issues.
Page 160 Fig. 8.17: Replacing a Failed Disk After the resilver is complete, the pool status shows a Completed resilver status and indicates any errors. Figure 8.18 indicates that the disk replacement was successful in this example. Note: A disk that is failing but has not completely failed can be replaced in place, without ﬁrst removing it. Whether this is a good idea depends on the overall condition of the failing disk.
Page 161: Removing A Log Or Cache Device
Fig. 8.18: Disk Replacement is Complete 8.5.1.1 Removing a Log or Cache Device Added log or cache devices appear in Storage Pools Pool Status. Clicking the device enables the Replace and → → Remove buttons. Log and cache devices can be safely removed or replaced with these buttons. Both types of devices improve per- formance, and throughput can be impacted by their removal.
Page 162: Importing A Disk
2. Go to Storage Pools. → 3. Select the pool and click  (Settings) Status. → 4. Select one of the old, smaller disks in the pool. Click  (Options) Replace. Choose the new disk as the re- → placement. The status of the resilver process is shown on the screen, or can be viewed with zpool status.
Page 163: Multipaths
Fig. 8.19: Importing a Disk Use the drop-down menu to select the disk to import, conﬁrm the detected ﬁlesystem is correct, and browse to the ZFS dataset that will hold the copied data. If the MSDOSFS ﬁlesystem is selected, an additional MSDOSFS locale drop-down menu is displayed.
Page 164: Overprovisioning
CHAPTER NINE OVERPROVISIONING Overprovisioning SSDs can be done using the disk_resize command in the Shell (page 302). This can be use- ful for many diﬀerent scenarios. Perhaps the most useful beneﬁt of overprovisioning is that it can extend the life of an SSD greatly.
Page 165: Directory Services
CHAPTER DIRECTORY SERVICES ® TrueNAS supports integration with these directory services: • Active Directory (page 165) (for Windows 2000 and higher networks) • LDAP (page 170) • (page 173) ® TrueNAS also supports Kerberos Realms (page 174), Kerberos Keytabs (page 175), and the ability to add more pa- rameters to Kerberos Settings (page 176).
Page 166 Figure 10.1 shows Directory Services Active Directory settings. → Fig. 10.1: Conﬁguring Active Directory Table 10.1 describes the conﬁgurable options. Some settings are only available in Advanced Mode. Click the AD- VANCED MODE button to show the Advanced Mode settings. Go to System Advanced and set the Show advanced →...
Page 167 Table 10.1 – continued from previous page Setting Value Advanced Description Mode Encryption Mode drop-down Choices are Oﬀ, SSL (LDAPS protocol port 636), or TLS (LDAP ✓ protocol port 389). See http://info.ssl.com/article.aspx?id= 10241 https://hpbn.co/transport-layer-security-tls/ more information about SSL and TLS. Certiﬁcate drop-down Select the Active Directory server certiﬁcate if SSL connec-...
Page 168 Table 10.1 – continued from previous page Setting Value Advanced Description Mode AD Timeout integer Increase the number of seconds before timeout if the AD ✓ service does not immediately start after connecting to the domain. DNS Timeout integer Increase the number of seconds before a timeout occurs if ✓...
Page 169 Table 10.2 – continued from previous page Value Description autorid Similar to rid, but automatically conﬁgures the range to be used for each domain, so there is no need to specify a speciﬁc range for each domain in the forest. The only needed conﬁguration is the range of UID or GIDs to use for user and group mappings and an optional size for the ranges.
Page 170: Leaving The Domain
→ → If any of the commands fail or result in a traceback, create a bug report at https://bugs.ixsystems.com. Include the commands in the order in which they were run and the exact wording of the error message or traceback.
Page 171 Fig. 10.2: Conﬁguring LDAP Table 10.3 summarizes the available conﬁguration options. Some settings are only available in Advanced Mode. Click the ADVANCED MODE button to show the Advanced Mode settings. Go to System Advanced and set the → Show advanced ﬁelds by default option to always show advanced options. Those new to LDAP terminology should read the OpenLDAP Software 2.4 Administrator’s Guide (http://www.openldap.org/doc/admin24/).
Page 172 Table 10.3 – continued from previous page Setting Value Advanced Description Mode Kerberos Realm drop-down The realm created using the instructions in Kerberos ✓ menu Realms (page 174). Kerberos Principal drop-down The location of the principal in the keytab created as de- ✓...
Page 173: Nis
10.3 NIS The Network Information Service (NIS) maintains and distributes a central directory of Unix user and group infor- mation, hostnames, email aliases, and other text-based tables of information. If an NIS server is running on the ® network, the TrueNAS system can be conﬁgured to import the users and groups from the NIS directory.
Page 174: Kerberos Realms
Table 10.4 – continued from previous page Setting Value Description Secure mode checkbox Set to have ypbind(8) (https://www.freebsd.org/cgi/man.cgi?query=ypbind) refuse to bind to any NIS server not running as root on a TCP port over 1024. Manycast checkbox Set to have ypbind to bind to the server that responds the fastest. This is useful when no local NIS server is available on the same sub- net.
Page 175: Kerberos Keytabs
Table 10.5: Kerberos Realm Options Setting Value Advanced Description Mode Realm string Name of the realm. string Name of the Key Distribution Center. ✓ Admin Server string Server where all changes to the database are performed. ✓ Password Server string Server where all password changes are performed.
Page 176: Kerberos Settings
10.6 Kerberos Settings Conﬁgure additional Kerberos parameters in the Directory Services Kerberos Settings section. Figure 10.5 shows → the ﬁelds available: Fig. 10.5: Additional Kerberos Settings • Appdefaults Auxiliary Parameters: Deﬁne any additional settings for use by some Kerberos ap- plications.
Page 177: Sharing
CHAPTER ELEVEN SHARING Shares provide and control access to an area of storage. Consider factors like operating system, security, trans- fer speed, and user access before creating a new share. This information can help determine the type of share, if multiple datasets are needed to divide the storage into areas with diﬀerent access and permissions, and the com- plexity of setting up permissions.
Page 178: Apple (Afp) Shares
11.1 Apple (AFP) Shares ® TrueNAS uses the Netatalk (http://netatalk.sourceforge.net/) AFP server to share data with Apple systems. This section describes the conﬁguration screen for ﬁne-tuning AFP shares. It then provides conﬁguration examples for ® conﬁguring Time Machine to back up to a dataset on the TrueNAS system and for connecting to the share from a macOS client.
Page 179 Table 11.1: AFP Share Conﬁguration Options Setting Value Advanced Description Mode Path browse but- Browse to the pool or dataset to share. Do not nest addi- tional pools, datasets, or symbolic links beneath this path because Netatalk does not fully support that. Name string Enter the pool name that appears in macOS after selecting...
Page 180: Creating Afp Guest Shares
Table 11.1 – continued from previous page Setting Value Advanced Description Mode Auxiliary Parame- string Enter any additional afp.conf ✓ ters (https://www.freebsd.org/cgi/man.cgi?query=afp.conf) parameters not covered by other option ﬁelds. Note: If neither Hosts Allow or Hosts Deny contains an entry, then AFP share access is allowed for any host. If there is a Hosts Allow list but no Hosts Deny list, then only allow hosts on the Hosts Allow list.
Page 181 Fig. 11.2: Creating a Guest AFP Share Next, create a dataset for the guest share. Refer to Adding Datasets (page 142) for more information about dataset creation. After creating the dataset for the guest share, go to Storage Pools, click the  (Options) button for the dataset, →...
Page 182 Fig. 11.3: Editing Dataset Permissions for Guest AFP Share To create a guest AFP share: 1. Go to Sharing Apple (AFP) Shares and click ADD. → 2. Browse to the dataset created for the guest share. 3. Fill out the other required ﬁelds, then press SAVE. macOS users can use Finder to connect to the guest AFP share by clicking Go Connect to Server.
Page 183: Block (Iscsi)
Fig. 11.4: Connect to Server Dialog To disconnect from the pool, click the eject button in the Shared sidebar. 11.2 Block (iSCSI) ® iSCSI is a protocol standard for the consolidation of storage data. iSCSI allows TrueNAS to act like a storage area network (SAN) over an existing Ethernet network.
Page 184: Iscsi Wizard
iSCSI LUNs as if they were a raw SCSI or SATA hard drive. Rather than mounting remote directories, initiators for- mat and directly manage ﬁlesystems on iSCSI LUNs. When conﬁguring multiple iSCSI LUNs, create a new target for each LUN. Since iSCSI multiplexes a target with multiple LUNs over the same TCP connection, there can be TCP ®...
Page 185: Target Global Configuration
• Initiators: Leave blank to allow all or enter a list of initiator hostnames separated by spaces. • Authorized Networks: Network addresses allowed to use this initiator. Leave blank to allow all networks or list network addresses with a CIDR mask. Separate multiple addresses with a space: 192.168.2.0/ 24 192.168.2.1/12.
Page 186: Portals
Table 11.2: Target Global Conﬁguration Settings Setting Value Description Base Name string Lowercase alphanumeric characters plus dot (.), dash (-), and colon (:) are allowed. See the “Constructing iSCSI names using the iqn. for- mat” section of RFC 3721 (https://tools.ietf.org/html/rfc3721.html). ISNS Servers string Enter the hostnames or IP addresses of ISNS servers to be registered...
Page 187: Initiators
Table 11.3: Portal Conﬁguration Settings Setting Value Description Description string Optional description. Portals are automatically assigned a numeric group. Discovery Auth Method drop- iSCSI (page 231) supports multiple authentication methods that are down used by the target to discover valid devices. None allows anonymous menu discovery while CHAP and Mutual CHAP both require authentication.
Page 188 Fig. 11.7: Adding an iSCSI Initiator Table 11.4 summarizes the settings that can be conﬁgured when adding an initiator. Table 11.4: Initiator Conﬁguration Settings Setting Value Description Allow All Initiators checkbox Accept all detected initiators. When set, all other initiator ﬁelds are disabled.
Page 189: Authorized Access
11.2.5 Authorized Access When using CHAP or mutual CHAP to provide authentication, creating authorized access is recommended. Do this by going to Sharing Block (iSCSI) Authorized Access and clicking ADD. The screen is shown in Figure 11.8. → → Note: This screen sets login authentication. This is diﬀerent from discovery authentication which is set in Global Conﬁguration (page 119).
Page 190: Targets
Table 11.5 – continued from previous page Setting Value Description Peer User string Only entered when conﬁguring mutual CHAP. Usually the same value as User. Peer Secret string Mutual secret password. Required when Peer User is set. Must be diﬀerent than the Secret. Must be at least 12 and no more than 16 characters long.
Page 191 block device read/write. If a traditional ﬁlesystem such as EXT, XFS, FAT, NTFS, UFS, or ZFS is placed on the block device, care must be taken that only one initiator at a time has read/write access or the result will be ﬁlesystem corruption.
Page 192: Extents
Table 11.6 – continued from previous page Setting Value Description Authentication Group drop- Select None or an integer. This number represents the number of number down existing authorized accesses. menu 11.2.7 Extents ® iSCSI targets provide virtual access to resources on the TrueNAS system.
Page 193 Fig. 11.11: Adding an iSCSI Extent Table 11.7: Extent Conﬁguration Settings Setting Value Description Extent name string Enter the extent name. If the Extent size is not 0, it cannot be an exist- ing ﬁle within the pool or dataset. Extent type drop- File shares the contents of an individual ﬁle.
Page 194: Associated Targets
Table 11.7 – continued from previous page Setting Value Description Disable physical block checkbox Set if the initiator does not support physical block size values over size reporting 4K (MS SQL). Setting can also prevent constant block size warnings (https://www.virten.net/2016/12/the-physical-block-size-reported-by- the-device-is-not-supported/) when using this share with ESXi.
Page 195 Fig. 11.12: Associating a Target With an Extent Table 11.8 summarizes the settings that can be conﬁgured when associating targets and extents. Table 11.8: Associated Target Conﬁguration Settings Setting Value Description Target drop-down menu Select an existing target. LUN ID integer Select or enter a value between 0 and 1023.
Page 196: Fibre Channel Ports
11.2.9 Fibre Channel Ports ® If the TrueNAS system has Fibre Channel ports, Sharing Block (iSCSI) appears as Sharing Block (iSCSI/FC) and → → an extra Fibre Channel Ports tab is added. An example is shown in Figure 11.13. Fig. 11.13: Block (iSCSI) Screen Since the Portals, Initiators, and Authorized Access screens only apply to iSCSI, they are marked as such and can be ignored when conﬁguring Fibre Channel.
Page 197 Fig. 11.14: Add Target Screen The screens for adding an extent and associating a target are the same as described in Extents (page 192) and sociated Targets (page 194). Note: The Target tab of Reporting (page 285) provides Fibre Channel port bandwidth graphs. Fibre Channel can be conﬁgured for NPIV (N_Port ID Virtualization).
Page 198: Connecting To Iscsi
Fig. 11.15: Adding Virtual Ports 11.2.10 Connecting to iSCSI To access the iSCSI target, clients must use iSCSI initiator software. An iSCSI Initiator client is pre-installed with Windows 7. A detailed how-to for this client can be found here (http://techgenix.com/Connecting-Windows-7-iSCSI-SAN/). A client for Windows 2000, XP, and 2003 can be found here (http://www.microsoft.com/en-us/download/details.aspx?id=18986).
Page 199: Growing Luns
Instructions for connecting from a VMware ESXi Server can be found at How to conﬁgure FreeNAS 8 for iSCSI and connect to ESX(i) (https://www.vladan.fr/how-to-conﬁgure-freenas-8-for-iscsi-and-connect-to-esxi/). Note that the requirements for booting vSphere 4.x oﬀ iSCSI diﬀer between ESX and ESXi. ESX requires a hardware iSCSI adapter while ESXi requires speciﬁc iSCSI boot ﬁrmware support.
Page 200: 2File Extent Based Lun
Fig. 11.16: Editing an Existing Zvol Enter the new size for the zvol in the Size for this zvol ﬁeld and click SAVE. The new size for the zvol is immediately shown in the Used column of the Storage Pools table. →...
Page 201: Unix (Nfs) Shares
11.3 Unix (NFS) Shares ® TrueNAS supports sharing pools, datasets, and directories over the Network File System (NFS). Clients use the mount command to mount the share. Mounted NFS shares appear as another directory on the client system. Some Linux distros require the installation of additional software to mount an NFS share. Windows systems must enable Services for NFS in the Ultimate or Enterprise editions or install an NFS client application.
Page 202 To better understand these restrictions, consider scenarios where there are: • two networks, 10.0.0.0/8 and 20.0.0.0/8 • a ZFS pool named pool1 with a dataset named dataset1 • dataset1 contains directories named directory1, directory2, and directory3 Because of restriction #3, an error is shown when trying to create one NFS share like this: •...
Page 203 Table 11.9 – continued from previous page Setting Value Advanced Description Mode Maproot Group drop-down When a group is selected, the root user is also limited to ✓ menu permissions of that group. ® Mapall User drop-down TrueNAS user or user imported with Active Directory ✓...
Page 204: Example Configuration
11.3.1 Example Configuration By default, the Mapall ﬁelds are not set. This means that when a user connects to the NFS share, the user has the permissions associated with their user account. This is a security risk if a user is able to connect as root as they will have complete access to the share.
Page 205: From Microsoft
NFS share settings cannot be changed when the share is mounted on a client computer. The umount command is used to unmount the share on BSD and Linux clients. Run it as the superuser or with sudo on each client com- puter: umount /mnt 11.3.2.2 From Microsoft...
Page 206: Troubleshooting Nfs
Fig. 11.20: Viewing the NFS Share in Finder 11.3.3 Troubleshooting NFS Some NFS clients do not support the NLM (Network Lock Manager) protocol used by NFS. This is the case if the client receives an error that all or part of the ﬁle may be locked when a ﬁle transfer is attempted. To resolve this error, add the option -o nolock when running the mount command on the client to allow write access to the NFS share.
Page 207: Webdav Shares
The nfsstat -c or nfsstat -s commands can be helpful to detect problems from the Shell (page 302). A high proportion of retries and timeouts compared to reads usually indicates network problems. 11.4 WebDAV Shares ® In TrueNAS , WebDAV shares can be created so that authenticated users can browse the contents of the speciﬁed pool, dataset, or directory from a web browser.
Page 208 Fig. 11.21: Adding a WebDAV Share Table 11.10 summarizes the available options. Table 11.10: WebDAV Share Options Setting Value Description Share Path Name string Enter a name for the share. Comment string Optional. Path browse button Enter the path or Browse to the pool or dataset to share. Append- ing a new name to the path creates a new dataset.
Page 209: Windows (Smb) Shares
SMB shares. Another helpful reference is Methods For Fine-Tuning Samba Permissions (https://forums.freenas.org/index.php?threads/methods-for-ﬁne-tuning-samba-permissions.50739/). Warning: SMB1 is disabled by default for security (https://www.ixsystems.com/blog/library/do-not-use- smb1/). If necessary, SMB1 can be enabled in Services SMB Conﬁgure. → Figure 11.22 shows the conﬁguration screen that appears after clicking Sharing Windows (SMB Shares), then ADD.
Page 210 Fig. 11.22: Adding an SMB Share Table 11.11 summarizes the options available when creating a SMB share. Some settings are only conﬁgurable af- ter clicking the ADVANCED MODE button. For simple sharing scenarios, ADVANCED MODE options are not needed. For more complex sharing scenarios, only change an ADVANCED MODE option after fully understanding the func- tion of that option.
Page 211 Table 11.11 – continued from previous page Setting Value Advanced Description Mode Use as home share checkbox Set to allow this share to hold user home directories. Only one share can be the home share. Note that lower case names for user home directories are strongly recom- mended, as Samba maps usernames to all lower case.
Page 212 Table 11.11 – continued from previous page Setting Value Advanced Description Mode Only Allow Guest checkbox Requires Allow guest access to also be enabled. Forces ✓ Access guest access for all connections. Access Based Share checkbox Restrict share visibility to users with a cur- ✓...
Page 213 enable NTLMv2 on those clients. If changing the client conﬁguration is not possible, NTLMv1 authentication can be enabled by selecting the NTLMv1 auth option in Services  (Conﬁgure). → → Table 11.12 provides an overview of the available VFS objects. Be sure to research each object before adding or deleting it from the Selected column of the VFS Objects ﬁeld of the share.
Page 214 Table 11.12: Available VFS Objects Value Description audit Log share access, connects/disconnects, di- rectory opens/creates/removes, and ﬁle opens/closes/renames/unlinks/chmods to syslog. catia Improve Mac interoperability by translating char- acters that are unsupported by Windows. crossrename Allow server side rename operations even if source and target are on diﬀerent physical devices.
Page 215: Configuring Unauthenticated Access
(page 210). Creating or editing an SMB share on a dataset with a trivial Access Control List (ACL) (https://www.ixsystems.com/community/threads/methods-for-ﬁne-tuning-samba-permissions.50739/) prompts to conﬁgure the ACL (page 148) for the dataset. To view all active SMB connections and users, enter smbstatus in the Shell (page 302).
Page 216: Configuring Authenticated Access With Local Users
Fig. 11.23: Creating an Unauthenticated SMB Share The new share appears in Sharing Windows (SMB) Shares. → By default, users that access the share from an SMB client will not be prompted for a username or password. For example, to access the share from a Windows system, open Explorer and click on Network. In this example, a sys- tem named FREENAS appears with a share named p2ds2-smb.
Page 217 ® the TrueNAS system. This type of conﬁguration scenario is often used in home and small networks as it does not scale well if many user accounts are needed. To conﬁgure authenticated access for an SMB share, ﬁrst create a group (page 24) for all the SMB user accounts in ®...
Page 218: User Quota Administration
Map the share as a network drive to prevent Windows Explorer from hanging when accessing the share. Right- click the share and select Map network drive…. Choose a drive letter from the drop-down menu and click Finish. Windows caches user account credentials with the authenticated share. This sometimes prevents connection to a share, even when the correct username and password are provided.
Page 219 The process for creating an authenticated share for a user is the same as creating a Time Machine share for that user. Create Time Machine or authenticated shares on a new dataset (page 142). Change permissions on the new dataset by going to Storage Pools.
Page 220: Setting Smb And Afp Share Quotas
Conﬁguring a quota for each Time Machine share helps prevent backups from using all available space on the ® TrueNAS system. Time Machine waits two minutes before creating a full backup. It then creates ongoing hourly, daily, weekly, and monthly backups. The oldest backups are deleted when a Time Machine share ﬁlls up, so make sure that the quota size is large enough to hold the desired number of backups.
Page 221: Client Time Machine Configuration
11.6.2 Client Time Machine Configuration ® Note: The example shown here is intended to show the general process of adding a TrueNAS share in Time Ma- chine. The example might not reﬂect the exact process to conﬁgure Time Machine on a speciﬁc version of macOS. See the Apple documentation (https://support.apple.com/en-us/HT201250) for detailed Time Machine conﬁgura-...
Page 222: Services
CHAPTER TWELVE SERVICES ® ® Services that ship with TrueNAS are conﬁgured, started, or stopped in Services. TrueNAS includes these built-in services: • (page 223) • Dynamic DNS (page 225) • (page 226) • iSCSI (page 231) • LLDP (page 231) •...
Page 223: Afp
Fig. 12.1: Conﬁgure Services Stopped services show the sliding button on the left. Active services show the sliding button on the right. Click the slider to start or stop a service. Stopping a service shows a conﬁrmation dialog. Tip: Using a proxy server can prevent the list of services from being displayed. If a proxy server is used, do not conﬁgure it to proxy local network or websocket connections.
Page 224 Figure 12.2 shows the available global AFP conﬁguration options which are described in Table 12.1. Fig. 12.2: Global AFP Conﬁguration Table 12.1: Global AFP Conﬁguration Options Setting Value Description Guest Account drop-down menu Select an account to use for guest access. The account must have permissions to the pool or dataset being shared.
Page 225: Troubleshooting Afp
12.2.1 Troubleshooting AFP Check for error messages in /var/log/afp.log. Determine which users are connected to an AFP share by typing afpusers. If Something wrong with the volume’s CNID DB is shown, run this command from Shell (page 302), replacing the path to the problematic AFP share: dbd -rf /path/to/share This command can take some time, depending upon the size of the pool or dataset being shared.
Page 226: Ftp
Table 12.2: DDNS Conﬁguration Options Setting Value Description Provider drop-down menu Several providers are supported. If a speciﬁc provider is not listed, select Custom Provider and enter the information in the Custom Server and Custom Path ﬁelds. CheckIP Server checkbox Use HTTPS for the connection to the CheckIP Server.
Page 227 Fig. 12.4: Conﬁguring FTP Table 12.3 summarizes the available options when conﬁguring the FTP server. Table 12.3: FTP Conﬁguration Options Setting Value Advanced Description Mode Port integer Set the port the FTP service listens on. Clients integer Maximum number of simultaneous clients. Connections integer Set the maximum number of connections per IP address.
Page 228 Table 12.3 – continued from previous page Setting Value Advanced Description Mode Allow Transfer Re- checkbox Set to allow FTP clients to resume interrupted transfers. sumption Always Chroot checkbox When set a local user is only allowed access to their home directory when they are a member of the wheel group.
Page 229: Anonymous Ftp
Table 12.3 – continued from previous page Setting Value Advanced Description Mode TLS Enable Diag- checkbox If set when troubleshooting a connection, logs more ver- ✓ nostics bosely. TLS Export Certiﬁ- checkbox If set, exports the certiﬁcate environment variables. ✓ cate Data TLS No Certiﬁcate checkbox...
Page 230: Ftp In Chroot
4. Test the connection from a client using a utility such as Filezilla (https://ﬁlezilla-project.org/). In the example shown in Figure 12.5, The user has entered this information into the Filezilla client: ® • IP address of the TrueNAS server: 192.168.1.113 •...
Page 231: Encrypting Ftp
5. Start the FTP service in Services FTP. Click the sliding button on the FTP row. The FTP service takes a second → or so to start. The sliding button moves to the right to show the service is running. 6.
Page 232: Nfs
® tation. If the network contains managed switches, conﬁguring and starting the LLDP service will tell the TrueNAS system to advertise itself on the network. Figure 12.6 shows the LLDP conﬁguration screen and Table 12.4 summarizes the conﬁguration options for the LLDP service.
Page 233 Fig. 12.7: Conﬁguring NFS Table 12.5: NFS Conﬁguration Options Setting Value Description Number of integer Specify how many servers to create. Increase if NFS client responses servers are slow. To limit CPU context switching, keep this number less than or equal to the number of CPUs reported by sysctl -n kern.smp. cpus.
Page 234: Rsync
Table 12.5 – continued from previous page Setting Value Description mountd(8) bind integer Optional. Specify the port that mountd(8) port (https://www.freebsd.org/cgi/man.cgi?query=mountd) binds rpc.statd(8) integer Optional. Specify the port that rpc.statd(8) bind port (https://www.freebsd.org/cgi/man.cgi?query=rpc.statd) binds rpc.lockd(8) integer Optional. Specify the port that rpc.lockd(8) bind port (https://www.freebsd.org/cgi/man.cgi?query=rpc.lockd) binds...
Page 235: Rsync Modules
Fig. 12.8: Rsyncd Conﬁguration Table 12.6 summarizes the conﬁguration options for the rsync daemon: Table 12.6: Rsyncd Conﬁguration Options Setting Value Description TCP Port integer rsyncd listens on this port. The default is 873. Auxiliary pa- string Enter any additional parameters from rsyncd.conf(5) rameters (https://www.freebsd.org/cgi/man.cgi?query=rsyncd.conf).
Page 236 Fig. 12.9: Adding an Rsync Module Table 12.7 summarizes the conﬁguration options available when creating a rsync module. Table 12.7: Rsync Module Conﬁguration Options Setting Value Description Name string Module name that matches the name requested by the rsync client. Comment string Describe this module.
Page 237 12.9 S3 ® S3 is a distributed or clustered ﬁlesystem protocol compatible with Amazon S3 cloud storage. The TrueNAS ® service uses Minio (https://minio.io/) to provide S3 storage hosted on the TrueNAS system itself. Minio also pro- vides features beyond the limits of the basic Amazon S3 speciﬁcations. Figure 12.10 shows the S3 service conﬁguration screen and Table 12.8...
Page 238: 238
Table 12.8 – continued from previous page Setting Value Description Conﬁrm Secret string Re-enter the S3 password to conﬁrm. Disk browse Directory where the S3 ﬁlesystem will be mounted. Ownership of this directory and all subdirectories is set to minio:minio. Create a separate dataset (page 142) for Minio to avoid issues with conﬂicting directory...
Page 239 Fig. 12.11: S.M.A.R.T Conﬁguration Options Note: smartd wakes up at the conﬁgured Check Interval. It checks the times conﬁgured in Tasks S.M.A.R.T. Tests → to see if a test must begin. Since the smallest time increment for a test is an hour, it does not make sense to set a Check Interval value higher than 60 minutes.
Page 240: Smb
12.11 SMB Note: After starting the SMB service, it can take several minutes for the master browser election (https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetworkBrowsing.html#id2581357) to occur and for ® the TrueNAS system to become available in Windows Explorer. Figure 12.12 shows the global conﬁguration options which apply to all SMB shares. This conﬁguration screen dis- plays the conﬁgurable options from smb4.conf (https://www.freebsd.org/cgi/man.cgi?query=smb4.conf).
Page 241 Enable SMB1 checkbox support not secure and has been deprecated by Microsoft. See Do Not Use SMB1 (https://www.ixsystems.com/blog/library/do-not-use-smb1/). UNIX Charset drop-down menu Default is UTF-8 which supports all characters in all languages. Log Level drop-down menu Choices are Minimum, Normal, or Debug.
Page 242: Troubleshooting Smb
12.11.1 Troubleshooting SMB Windows automatically caches ﬁle sharing information. If changes are made to an SMB share or to the permis- sions of a pool or dataset being shared by SMB and the share becomes inaccessible, log out and back in to the Windows system.
Page 243 Fig. 12.13: Conﬁguring SNMP Table 12.11: SNMP Conﬁguration Options Setting Value Description Location string Enter the location of the system. Contact string Enter an email address to receive messages from the SNMP service. Community string Change from public to increase system security. Can only contain al- phanumeric characters, underscores, dashes, periods, and spaces.
Page 244: Ssh
Table 12.11 – continued from previous page Setting Value Description Auxiliary Pa- string Enter additional snmpd.conf(5) rameters (https://www.freebsd.org/cgi/man.cgi?query=snmpd.conf) op- tions. Add one option for each line. Expose zilstat checkbox Enabling this option may have pool performance implications. via SNMP Log Level drop-down menu Choose how many log entries to create.
Page 245 Fig. 12.14: SSH Conﬁguration Table 12.12 summarizes the conﬁguration options. Some settings are only available in Advanced Mode. To see these settings, either click the ADVANCED MODE button, or conﬁgure the system to always display these settings by enabling the Show advanced ﬁelds by default option in System Advanced.
Page 246: Scp Only
Table 12.12 – continued from previous page Setting Value Advanced Description Mode Allow TCP port for- checkbox Set to allow users to bypass ﬁrewall restric- warding tions using the SSH port forwarding feature (https://www.symantec.com/connect/articles/ssh-port- forwarding). Compress connec- checkbox Set to attempt to reduce latency over slow networks. tions SFTP log level drop-down...
Page 247: Tftp
When conﬁguring SSH, always test the conﬁguration as an SSH user account to ensure the user is limited by the conﬁguration and they have permission to transfer ﬁles within the intended directories. If the user account is ex- periencing problems, the SSH error messages are speciﬁc in describing the problem. Type this command within Shell (page 302) to read these messages as they occur: tail -f /var/log/messages...
Page 248: Ups
Table 12.13: TFTP Conﬁguration Options Setting Value Description Browse to an existing directory to be used for storage. Some devices Directory Browse button require a speciﬁc directory name, refer to the device documentation for details. Allow New Files checkbox Set when network devices need to send ﬁles to the system. For ex- ample, to back up their conﬁguration.
Page 249 Fig. 12.16: UPS Conﬁguration Screen Table 12.14 summarizes the options in the UPS Conﬁguration screen. Table 12.14: UPS Conﬁguration Options Setting Value Description UPS Mode drop- Select Master if the UPS is plugged directly into the system serial port. down The UPS will remain the last item to shut down.
Page 250 Table 12.14 – continued from previous page Setting Value Description Port or Hostname drop- Serial or USB port connected to the UPS. To automatically detect and down manage the USB port settings, open the drop-down menu and select menu auto. If the speciﬁc USB port must be chosen, see this note (page 250) about identiﬁng the USB port used by the UPS.
Page 251: Multiple Computers With One Ups
pollinterval = 10. The default polling frequency is two seconds. upsc(8) (https://www.freebsd.org/cgi/man.cgi?query=upsc) can be used to get status variables from the UPS dae- mon such as the current charge and input voltage. It can be run from Shell (page 302) using this syntax: upsc ups@localhost upsc(8) (https://www.freebsd.org/cgi/man.cgi?query=upsc) man page gives some other usage examples.
Page 252 Fig. 12.17: WebDAV Conﬁguration Screen Table 12.15: WebDAV Conﬁguration Options Setting Value Description Protocol drop- HTTP keeps the connection unencrypted. HTTPS encrypts the connec- down tion. HTTP+HTTPS allows both types of connections. menu HTTP Port string Specify a port for unencrypted connections. The default port 8080 is recommended.
Page 253 Contact Method Contact Options https://support.ixsystems.com Email support@iXsystems.com Telephone Monday - Friday, 6:00AM to 6:00PM Paciﬁc Standard Time: • US-only toll-free: 855-473-7449 option 2 • Local and international: 408-943-4100 option 2 Telephone After Hours (24x7 Gold Level Support only): • US-only toll-free: 855-499-5131 •...
Page 254: Plugins
CHAPTER THIRTEEN PLUGINS ® TrueNAS provides the ability to extend the built-in NAS services by providing two methods for installing addi- tional software. Plugins (page 254) allow the user to browse, install, and conﬁgure pre-packaged software from the web interface. This method is easy to use, but provides a limited amount of available software.
Page 255 Enter a Jail Name. A unique name is required, since multiple installations of the same plugin are supported. Names can contain letters, numbers, periods (.), dashes (-), and underscores (_). Most plugins default to NAT. This setting is recommended as it does not require manual conﬁguration of multiple available IP addresses and prevents addressing conﬂicts on the network.
Page 256: Updating Plugins
In addition to the Jail name, the Columns menu can be used to display more information about installed Plugins. More information such as RELEASE and VERSION is shown by clicking  (Expand). Options to RESTART, STOP, UP- DATE, MANAGE, and UNINSTALL the plugin are also displayed. If an installed plugin has notes, the notes can be viewed by clicking POST INSTALL NOTES.
Page 257: Uninstalling Plugins
Fig. 13.2: Updating a Plugin Updating a plugin also restarts that plugin. To update or upgrade the plugin jail operating system, see Jail Updates and Upgrades (page 273). 13.3 Uninstalling Plugins Installing a plugin creates an associated jail. Uninstalling a plugin deletes the jail because it is no longer required. This means all datasets or snapshots that are associated with the plugin are also deleted.
Page 258: Asigra Plugin
Fig. 13.3: Uninstalling a Plugin and its Associated Jail and Dataset 13.4 Asigra Plugin ® The Asigra plugin connects TrueNAS to a third party service and is subject to licensing. Please read the Asigra Software License Agreement (https://www.asigra.com/legal/software-license-agreement) before using this plugin. To begin using Asigra services after installing the plugin, open the plugin options and click Register.
Page 259 Contact Method Contact Options https://support.ixsystems.com Email support@iXsystems.com Telephone Monday - Friday, 6:00AM to 6:00PM Paciﬁc Standard Time: • US-only toll-free: 855-473-7449 option 2 • Local and international: 408-943-4100 option 2 Telephone After Hours (24x7 Gold Level Support only): • US-only toll-free: 855-499-5131 •...
Page 260: Jails
CHAPTER FOURTEEN JAILS Jails are a lightweight, operating-system-level virtualization. One or multiple services can run in a jail, isolating ® ® those services from the host TrueNAS system. TrueNAS uses iocage (https://github.com/iocage/iocage) for jail plugin (page 254) management. The main diﬀerences between a user-created jail and a plugin are that plugins are preconﬁgured and usually provide only a single service.
Page 261: Creating Jails
• FreeBSD releases are fetched as a child dataset into the /iocage/download dataset. This datset is then ex- tracted into the /iocage/releases dataset to be used in jail creation. The dataset in /iocage/download can then be removed without aﬀecting the availability of fetched releases or an existing jail. •...
Page 262 Enter a Jail Name. Names can contain letters, numbers, periods (.), dashes (-), and underscores (_). Choose a Jail Type: Default (Clone Jail) or Basejail. Clone jails are clones of the speciﬁed FreeBSD RELEASE. They are linked to that RELEASE, even if they are upgraded. Basejails mount the speciﬁed RELEASE directories as nullfs mounts over the jail directories.
Page 263: Advanced Jail Creation
Fig. 14.2: Conﬁgure Jail Networking Click NEXT to view a summary screen of the chosen jail options. Click SUBMIT to create the new jail. After a few moments, the new jail is added to the primary jails list. 14.2.2 Advanced Jail Creation The advanced jail creation form is opened by clicking Jails ADD then Advanced Jail Creation.
Page 264 Fig. 14.3: Creating a Jail A usable jail can be quickly created by setting only the required values, the Jail Name and Release. Additional set- tings are in the Jail Properties, Network Properties, and Custom Properties sections. Table 14.1 shows the available options of the Basic Properties of a new jail.
Page 265 Table 14.1 – continued from previous page Setting Value Description checkbox Network Address Translation (NAT). When set, the jail is given an internal IP address and connections are forwarded from the host to the jail. When NAT is set, Berkeley Packet Filter cannot be set. Adds the NAT Port Forwarding options to the jail Network Properties (page 269).
Page 266 Table 14.2: Jail Properties Setting Value Description devfs_ruleset integer Number of the devfs(8) (https://www.freebsd.org/cgi/man.cgi?query=devfs) ruleset to enforce when mounting devfs in the jail. The default value of 0 means no ruleset is enforced. Mounting devfs inside a jail is only possible when the allow_mount and allow_mount_devfs permissions are enabled and enforce_statfs is set to a value lower than 2.
Page 267 Table 14.2 – continued from previous page Setting Value Description enforce_statfs drop-down Determine which information processes in a jail are able to obtain about mount points. The behavior of multiple syscalls is aﬀected: statfs(2) (https://www.freebsd.org/cgi/man.cgi?query=statfs), tatfs(2) (https://www.freebsd.org/cgi/man.cgi?query=statfs), getf- sstat(2) (https://www.freebsd.org/cgi/man.cgi?query=getfsstat), fhstatfs(2) (https://www.freebsd.org/cgi/man.cgi?query=fhstatfs), and other similar compatibility syscalls.
Page 268 Table 14.2 – continued from previous page Setting Value Description allow_raw_sockets checkbox Allow the jail to use raw sockets (https://en.wikipedia.org/wiki/Network_socket#Raw_socket). When set, the jail has access to lower-level net- work layers. This allows utilities like ping(8) (https://www.freebsd.org/cgi/man.cgi?query=ping) and tracer- oute(8) (https://www.freebsd.org/cgi/man.cgi?query=traceroute) to work in the jail, but has security implications and should only be used on jails running trusted software.
Page 269 Table 14.2 – continued from previous page Setting Value Description allow_socket_af checkbox Allow access to other protocol stacks beyond IPv4, IPv6, local (UNIX), and route. Warning: jail functionality does not exist for all protocal stacks. vnet_interfaces string Space-delimited list of network interfaces to attach to a VNET- enabled jail after it is created.
Page 270 Table 14.3 – continued from previous page Setting Value Description vnet3_mac string Leave this blank to generate random MAC addresses for the host and jail. To assign ﬁxed MAC addresses, enter the host MAC ad- dress and the jail MAC address separated by a space. The ﬁnal set of jail properties are contained in the Custom Properties section.
Page 271: Creating Template Jails
14.2.2.1 Creating Template Jails Template jails are basejails that can be used as a template to eﬃciently create jails with the same conﬁguration. These steps create a template jail: 1. Go to Jails ADVANCED JAIL CREATION. → → 2. Select Basejail as the Jail Type. Conﬁgure the jail with desired options. 3.
Page 272 More information such as IPV4, IPV6, TYPE of jail, and whether it is a TEMPLATE jail or BASEJAIL can be shown by clicking  (Expand). Additional options for that jail are also displayed. These are described in Table 14.5. Figure 14.5 shows the menu that appears.
Page 273: Jail Updates And Upgrades
Table 14.5 – continued from previous page Option Description UPDATE Runs freebsd-update (https://www.freebsd.org/cgi/man.cgi?query=freebsd-update) to update the jail to the latest patch level of the installed FreeBSD release. SHELL Access a root command prompt to interact with a jail directly from the command line.
Page 274 Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. root@jailexamp:~ # Tip: A root shell can also be opened for a jail using the TrueNAS ®...
Page 275: Additional Storage
root@jailexamp:~ # passwd Changing local password for root New Password: Retype New Password: root@jailexamp:~ # Finally, test that the user can successfully ssh into the jail from another system and gain superuser privileges. In the example, a user named jailuser uses ssh to access the jail at 192.168.2.3. The host RSA key ﬁngerprint must be veriﬁed the ﬁrst time a user logs in.
Page 276 Fig. 14.6: Adding Storage to a Jail Browse to the Source and Destination, where: ® ® • Source: is the directory or dataset on the TrueNAS system which will be accessed by the jail. TrueNAS cre- ates the directory if it does not exist. This directory must reside outside of the pool or dataset being used by the jail.
Page 277 or even between the host and jails. ® 2. On the TrueNAS system, create a user account and group account that match the user and group names used by the application in the jail. 3. Decide whether the jail will be given access to existing data or a new storage area will be allocated. 4.
Page 278: Jail Software
ﬁlesystem, so child datasets must each have separate mount points. Click  (Options) Delete to delete the storage. → ® Warning: Remember that added storage is just a pointer to the selected storage directory on the TrueNAS system. It does not copy that data to the jail. Files that are deleted from the Destination directory in the jail are really deleted from the Source directory on the TrueNAS ®...
Page 279: Compiling Freebsd Ports
After ﬁnding the name of the desired package, use the pkg install command to install it. For example, to install the audiotag package, use the command pkg install audiotag When prompted, press y to complete the installation. Messages will show the download and installation status. A successful installation can be conﬁrmed by querying the package database: pkg info -f audiotag audiotag-0.19_1...
Page 280 Compiling a port has these disadvantages: • It takes time. Depending upon the size of the application, the amount of dependencies, the speed of the ® CPU, the amount of RAM available, and the current load on the TrueNAS system, the time needed can range from a few minutes to a few hours or even to a few days.
Page 282: Starting Installed Software
Packages are built with default options. Ports let the user select options. The Ports Collection must be installed in the jail before ports can be compiled. Inside the jail, use the portsnap utility. This command downloads the ports collection and extracts it to the /usr/ports/ directory of the jail: portsnap fetch extract Note: To install additional software at a later date, make sure the ports collection is updated with portsnap fetch update.
Page 283 Take some time to read the software documentation to learn which conﬁguration options are available and which conﬁguration ﬁles require editing. Most FreeBSD packages that contain a startable service include a startup script which is automatically installed to /usr/local/etc/rc.d/. After the conﬁguration is complete, test starting the service by running the script with the onestart option.
Page 284 # # optional: # NAME_flags= # additional command line arguments # NAME_configfile=”/usr/local/etc/openvpn/NAME.conf” # --config file # NAME_dir=”/usr/local/etc/openvpn” # --cd directory...
Page 285: Reporting
CHAPTER FIFTEEN REPORTING Reporting displays several graphs, as seen in Figure 15.1. Choose a category from the drop-down menu to view those graphs. There are also options to change the graph view and number of graphs on each page. Fig. 15.1: Reporting Graphs ®...
Page 286 • CPU – (https://collectd.org/wiki/index.php/Plugin:CPU) shows the amount of time spent by the CPU in var- ious states such as executing user code, executing system code, and being idle. Graphs of short-, mid-, and long-term load are shown, along with CPU temperature graphs. •...
Page 287 Contact Method Contact Options https://support.ixsystems.com Email support@iXsystems.com Telephone Monday - Friday, 6:00AM to 6:00PM Paciﬁc Standard Time: • US-only toll-free: 855-473-7449 option 2 • Local and international: 408-943-4100 option 2 Telephone After Hours (24x7 Gold Level Support only): • US-only toll-free: 855-499-5131 •...
Page 288: Virtual Machines
CHAPTER SIXTEEN VIRTUAL MACHINES A Virtual Machine (VM) is an environment on a host computer that can be used as if it were a separate physical computer. VMs can be used to run multiple operating systems simultaneously on a single computer. Operating systems running inside a VM see emulated virtual hardware rather than the actual hardware of the host com- puter.
Page 289 Fig. 16.1: Virtual Machines Name, State, and Autostart are displayed on the Virtual Machines page. Click  (Expand) to view additional options for controlling and modifying VMs: • Start boots a VM. VMs can also be started by clicking the slide toggle on the desired VM. If there is insuﬃcient memory to start the VM, a dialog will prompt to Overcommit Memory.
Page 290: Creating Vms
• VMs with Enable VNC set show a VNC button. VNC connections permit remote graphical access to the VM. • SERIAL opens a connection to a virtual serial port on the VM. /dev/nmdm1B is assigned to the ﬁrst VM, /dev/ nmdm2B is assigned to the second VM, and so on.
Page 291 Table 16.1: VM Wizard Options Screen Setting Value Description Guest Operating drop- Choose the VM operating system type. Choices are: Windows, System down Linux, or FreeBSD. See this guide (https://github.com/FreeBSD- menu UPB/freebsd/wiki/How-to-launch-diﬀerent-guest-OS) for detailed instructions about using a diﬀerent guest OS. Name string Name of the VM.
Page 292 Table 16.1 – continued from previous page Screen Setting Value Description Attach NIC drop- Select the physical interface to associate with the VM. down menu Optional: Choose browse Click  (Browse) to select an installer ISO or image ﬁle on the ®...
Page 293: Installing Docker
Fig. 16.3: Creating a Sample Virtual Machine 16.2 Installing Docker ® Docker (https://www.docker.com/) can be used on TrueNAS by installing it on a Linux virtual machine. ® Choose a Linux distro and install it on TrueNAS by following the steps in Creating VMs (page 290).
Page 294: Cd-Rom Devices
Fig. 16.4: VM Devices Select the new device from the Type ﬁeld. These devices are available: • CD-ROM (page 294) • NIC (Network Interface Card) (page 295) • Disk Device (page 296) • Raw File (page 297) • VNC Interface (page 298) (only available on virtual machines with Boot Loader Type set to UEFI) Virtual Machines ...
Page 295: Nic (Network Interfaces)
image is shown: Fig. 16.5: CD-ROM Device ® Note: VMs from other virtual machine systems can be recreated for use in TrueNAS . Back up the original VM, ® then create a new TrueNAS VM with virtual hardware as close as possible to the original VM. Binary-copy the ®...
Page 296: Disk Devices
Fig. 16.6: Network Interface Device The Adapter Type can emulate an Intel e82545 (e1000) Ethernet card for compatibility with most operating sys- tems. VirtIO can provide better performance when the operating system installed in the VM supports VirtIO par- avirtualized network drivers. By default, the VM receives an auto-generated random MAC address.
Page 297: Raw Files
Fig. 16.7: Disk Device Open the drop-down menu to select a created Zvol, then set the disk Mode: • AHCI emulates an AHCI hard disk for best software compatibility. This is recommended for Windows VMs. • VirtIO uses paravirtualized drivers and can provide better performance, but requires the operating system installed in the VM to support VirtIO disk devices.
Page 298: Vnc Interface
Fig. 16.8: Raw File Disk Device Click  (Browse) to select the image ﬁle. If a speciﬁc sector size is required, choose it from Disk sector size. The De- fault value automatically selects a preferred sector size for the ﬁle. Setting disk Mode to AHCI emulates an AHCI hard disk for best software compatibility.
Page 299 Fig. 16.9: VNC Device Setting Port to 0 automatically assigns a port when the VM is started. If a ﬁxed, preferred port number is needed, enter it here. Set Delay VM Boot until VNC Connects to wait to start the VM until a VNC client connects. Resolution sets the default screen resolution used for the VNC session.
Page 300: Vcenter Plugin
Plugin makes it possible to provision and use TrueNAS storage from within vCenter Server. For more information, please contact iXsystems Support at support@iXsystems.com or by phone: • US-only toll-free: 855-473-7449 option 2 • Local and international: 408-943-4100 option 2...
Page 301: Additional Options
CHAPTER EIGHTEEN ADDITIONAL OPTIONS ® This section covers the remaining miscellaneous options available from the TrueNAS graphical administrative interface. 18.1 Display System Processes Clicking Display System Processes opens a screen showing the output of top(1) (https://www.freebsd.org/cgi/man.cgi?query=top). An example is shown in Figure 18.1.
Page 302: Shell
18.2 Shell ® The TrueNAS web interface provides a web shell, making it convenient to run command line tools from the web browser as the root user. Fig. 18.2: Web Shell The prompt shows that the current user is root, the hostname is freenas, and the current working directory is ~, the home directory of the logged-in user.
Page 303: Log Out, Restart, Or Shut Down
Clicking other web interface menus closes the shell session and stops commands running in the shell. Note: Not all shell features render correctly in Chrome. Firefox is the recommended browser when using the shell. Most FreeBSD command line utilities are available in the Shell. 18.3 Log Out, Restart, or Shut Down ®...
Page 304: Shut Down
(page 302) until it is veriﬁed that the scrub or resilver process is complete. Once complete, the restart request can be re-issued. Click the Cancel button to cancel the reboot request. Otherwise, set Conﬁrm and click Reboot to reboot the system. Rebooting the system disconnects all clients, including the web interface.
Page 305: Alert
18.4 Alert ® The TrueNAS alert system provides a visual warning of any conditions that require administrative attention. The Alert icon in the upper right corner has a notiﬁcation badge that displays the total number of unread alerts. In the example alert shown in Figure 18.5, the system is warning that a pool is degraded.
Page 306 18.2) by running midclt call alert.list. Alert messages indicate which High Availability (HA) (page 81) True- NAS controller generated the alert. Notiﬁcations for speciﬁc alerts are adjusted in the Alert Settings (page 52) menu. An alert message can be set to publish IMMEDIATELY, HOURLY, DAILY, or NEVER.
Page 307 (page 85) is enabled with Silver or Gold support coverage, and there is an internet con- nection, alerts which can indicate a hardware issue automatically create a support ticket with iXsystems Support. These alerts include a ZFS pool status change, a multipath failure, a failed S.M.A.R.T. test, and a failed re-key oper-...
Page 308: Task Manager
CHAPTER NINETEEN TASK MANAGER ® The task manager shows a list of tasks performed by the TrueNAS system starting with the most recent. Click a task name to display its start time, progress, ﬁnish time, and whether the task succeeded. If a task failed, the error status is shown.
Page 309: Zfs Primer
CHAPTER TWENTY ZFS PRIMER ZFS is an advanced, modern ﬁlesystem that was speciﬁcally designed to provide features not available in tradi- tional UNIX ﬁlesystems. It was originally developed at Sun with the intent to open source the ﬁlesystem so that it could be ported to other operating systems.
Page 310 created. When a ﬁle is deleted, its disk blocks are added to the free list; however, the blocks for that ﬁle in any ex- isting snapshots are not added to the free list until all referencing snapshots are removed. This makes snapshots a clever way to keep a history of ﬁles, useful for recovering an older copy of a ﬁle or a deleted ﬁle.
Page 311 active data, and another on hard drives for rarely used content. After adding an L2ARC device, monitor its eﬀec- tiveness using tools such as arcstat. To increase the size of an existing L2ARC, stripe another cache device with it. The web interface will always stripe L2ARC, not mirror it, as the contents of L2ARC are recreated at boot. Failure of an individual SSD from an L2ARC pool will not aﬀect the integrity of the pool, but may have an impact on read performance, depending on the workload and the ratio of dataset size to cache size.
Page 312: Zfs Feature Flags
longer the resilvering time. When replacing a disk in a RAIDZ, it is possible that another disk will fail before the resilvering process completes. If the number of failed disks exceeds the number allowed per vdev for the type of RAIDZ, the data in the pool will be lost. For this reason, RAIDZ1 is not recommended for drives over 1 TiB in size.
Page 313: Vmware Recommendations
CHAPTER TWENTYONE VMWARE RECOMMENDATIONS ® ® This section oﬀers TrueNAS conﬁguration recommendations and troubleshooting tips when using TrueNAS with a VMware (https://www.vmware.com/) hypervisor. 21.1 TrueNAS ® as a VMware Guest ® This section has recommendations for conﬁguring TrueNAS when it is installed as a Virtual Machine (VM) in VMware.
Page 314: Vaai For Iscsi
21.3 VAAI for iSCSI VMware’s vStorage APIs for Array Integration, or VAAI, allows storage tasks such as large data moves to be of- ﬂoaded from the virtualization hardware to the storage array. These operations are performed locally on the NAS without transferring bulk data over the network.
Page 315: Using The Api
(https://tools.ietf.org/html/rfc2616.html), such as GET, PUT, POST, or DELETE. As shown in Figure 22.1, an online version of the API is available at api.ixsystems.com/freenas (https://api.ixsystems.com/freenas/). Fig. 22.1: API Documentation The rest of this section shows code examples to illustrate the use of the API.
Page 316: A Simple Api Example
Line 7: to force validation of the SSL certiﬁcate while using HTTPS, change False to True. Lines 8-16: set the values for the user being created. The user section at api.ixsystems.com/freenas (https://api.ixsystems.com/freenas/) describes this in more detail. Allowed parameters are listed in the JSON Pa-...
Page 317: A More Complex Example
rameters section of that resource. Since this resource creates a FreeBSD user, the values entered must be valid for a FreeBSD user account. Table 22.1 summarizes acceptable values. This resource uses JSON, so the boolean values are True or False. Table 22.1: JSON Parameters for Users Create Resource JSON Parameter Type...
Page 318 ’%s/%s/’ (self._ep, resource), data=json.dumps(data), headers={’Content-Type’: ”application/json”}, auth=(self._user, self._secret), r.ok: try: return r.json() except: return r.text raise ValueError(r) A get_disks method is deﬁned to get all the disks in the system as a disk_name response. The create_pool method uses this information to create a ZFS pool named tank which is created as a stripe. The volume_name and layout JSON parameters are described in the Storage Volume resource of the API documentation.: _get_disks(self): disks...
Page 319: User Guide
CHAPTER TWENTYTHREE USER GUIDE ® The TrueNAS User Guide with complete conﬁguration instructions is available either by clicking Guide in the ® TrueNAS user interface or going to https://www.ixsystems.com/documentation/truenas/.
Page 320: Appendix A: End-User License Agreement
TrueNAS Software is only authorized for use with a TrueNAS Device identiﬁed by a speciﬁc serial number and manufactured by iXsystems. This license may be extended to a second TrueNAS Device if an additional True- NAS Device was purchased for high availability data protection. The Product, including the TrueNAS Software, is protected by copyright laws and international treaties, as well as other intellectual property laws, statutes, and treaties.
Page 321 You will promptly notify iXsystems if You become aware of any infringement of the Product and cooperate with iXsystems in any legal action taken by iXsystems to enforce its intellectual property rights. By accepting this Agreement, You agree You will not disclose, copy, trans- fer, or publish benchmark results relating to the Product without the express written consent of iXsystems.
Page 322 4.9 Force Majeure - iXsystems will not be deemed to be in default of any of the provisions of this Agreement or be liable for any delay or failure in performance due to Force Majeure, which shall include without limitation acts of God, earthquake, weather conditions, labor disputes, changes in law, regulation or government policy, riots, war, ﬁre, epidemics, acts or omissions of vendors or suppliers, equipment failures, transportation diﬃculties, malicious...
Page 323 WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT IXSYSTEMS WAS ADVISED OF THE POS- SIBILITY OF SUCH DAMAGES; (B) IN NO EVENT WILL IXSYSTEMS’ AND ITS AFFILIATES’, INCLUDING ANY OF ITS OR THEIR RESPECTIVE LICENSORS’ AND SERVICE PROVIDERS’, COLLECTIVE AGGREGATE LIABILITY UNDER OR IN CON-...
Page 324: Appendix B: Truenas ® Product Catalog
® PRODUCT CATALOG ® iXsystems oﬀers many storage products that are designed to fully use the many features of TrueNAS . These products have enterprise features like High Availability (HA), high-eﬃciency storage optimization, and fast net- working speeds for data transfer. Scalability and modularity are also featured.
Page 325: M-Series
The TrueNAS ES12 (https://static.ixsystems.co/uploads/2019/07/BSG-ES12-1.3_screen.pdf) is a 2U, 12-bay (front- loading), SAS3 (12 Gb/s) expansion shelf with dual expansion controllers and redundant power supplies. Physical dimensions are 21”L x 19”W x 3.5”H (531 x 447 x 89 mm). It weighs 44 lbs (20 kg) and draws 112-180 W of power...
Page 326 The TrueNAS ES24 (https://static.ixsystems.co/uploads/2019/08/BSG-ES24-1.4_screen.pdf) is a 4U, 24-bay (front- loading), SAS3 (12 Gb/s) expansion shelf with dual expansion controllers and redundant power supplies. Physi- cal dimensions are 20.5”L x 19”W x 7”H (521 x 483 x 178 mm). It weighs 76 lbs (34.5 kg) and draws 231-288 W of power when fully loaded with drives.

iXsystems TrueNAS 11.3-U5 User Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for iXsystems TrueNAS 11.3-U5

Summary of Contents for iXsystems TrueNAS 11.3-U5