iX Information Library

A one-stop shop for product information.

FreeNAS 11.3-BETA1

We are pleased to announce the general availability of FreeNAS 11.3-BETA1. The 11.3 series represent a year-long development and testing effort. In a departure from previous BETA release cycles, this BETA has been fully vetted by the iXsystems QA team internally and users should notice a significant improvement in both stability and usability.

Please read these Release Notes thoroughly before updating to become familiar with the potential impacts of the many new features brought in by this update. Please report any bugs to https://jira.ixsystems.com/projects/NAS.

To install this release, refer to https://www.freenas.org/download/ for installation instructions and to download the installation file.

Updating to 11.3-BETA1

Before updating an existing FreeNAS system:

  1. It is recommended to first update to 11.2-U6 to reduce the amount of migration needed.
  2. If any Warden jails exist on the system, take the time to recreate them as 11.2 Plugins (which uses the iocage backend) and test that they are working as expected.
  3. If the FreeNAS system is the Domain Controller on the network, follow the instructions in Migrating an Existing Domain Controller and verify that the domain is working correctly.
  4. Backup your configuration using System -> General -> Save Config. Be sure to select Export Password Secret Seed if you have configured iSCSI, Active Directory, or Cloud services. If replication is configured, also backup the /usr/local/etc/ssh/ and /root/.ssh directories.

Then, run this command from the FreeNAS shell:

freenas-update -T FreeNAS-11.3-BETA update

After rebooting into the updated system, run this command from the FreeNAS shell to ensure the update train displays correctly:

midclt call update.set_train FreeNAS-11.3-BETA

It is recommended to also double-check the Known Impacts section for post-installation instructions, particularly for SMB shares and Time Machine backups.

 

Major New Features and Improvements

The replication framework has been redesigned, adding new back-end systems, files, and screen options to the Replication system and Periodic Snapshot Tasks. The redesign adds these features:

  • New peers/credentials API for creating and managing credentials. The SSH Connections and SSH Keypairs screens have been added and a wizard makes it easy to generate new keypairs. Existing SFTP and SSH replication keys created in 11.2 or earlier will be automatically added as entries to SSH Keypairs during the upgrade.
  • New transport API adds netcat support, for greatly improved speed of transfer
  • Snapshot creation has been decoupled from replication tasks, allowing replication of manually created snapshots.
  • The ability to use custom names for snapshots.
  • Configurable snapshot retention on the remote side.
  • A new replication wizard makes it easy to configure replication scenarios, including local replication and replication to systems running legacy replication (pre-11.3).
  • Replication is resumable and failed replication tasks will automatically try to resume from a previous checkpoint Each task has its own log which can be accessed from the State column.

Network interface management has been redesigned to streamline the management of both physical and virtual interfaces using one screen. VLANs and LAGGs are now classified as interface types and support for the Bridge interface type has been added. The addressing details for all physical interfaces, including DHCP, are now displayed but are read-only if the interface is a member of a LAGG. When applying interface changes, the web interface provides a window to cancel the change and revert to the previous network configuration. A new MTU field makes it easier to set the MTU as it no longer has to be typed in as an Auxiliary Parameter.

Automatic Certificate Management Environment (ACME) support has been added. ACME simplifies the process of issuing and renewing certificates using a set of DNS challenges to verify a user is the owner of the domain. While the new API supports the addition of multiple DNS authenticators, support for Amazon Route 53 has been added as the initial implementation. The ACME DNS screen is used for authenticator configuration which adds the ACME Certificates option for Certificate Signing Requests. Once configured, FreeNAS will automatically renew ACME certificates as they expire.

The Alert system has been improved:

  • Support for one-shot critical alerts has been added. These alerts remain active until dismissed by the user.
  • Alert Settings has been reorganized: alerts are grouped functionally rather than alphabetically and per-alert severity and alert thresholds are configurable.
  • Periodic alert scripts have been replaced by the Alert framework. Periodic alert emails are disabled by default and previous email alert conditions have been added to the FreeNAS alert system. E-mail or other alert methods can be configured in Alert Services.

The Dashboard has been rewritten to provide an overview of the current state of the system rather than repeat the historical data found in Reporting. It now uses middleware to handle data collection and provide a web interface with real-time events. Line charts have been replaced with meters and gauges. CPU graphs have been consolidated into a single widget that provides average usage and per-thread statistics for both temperature and usage. Interfaces are represented as a separate card per physical NIC unless they are part of a LAGG card. Pool and Interface widgets feature mobile-inspired lateral navigation, allowing users to “drill down” into the data without leaving the page.

Reporting has been greatly improved. Data is now prepared on the backend by the middleware and operating system. Any remaining data manipulation is done in a web worker, keeping expensive processing off of the main UI thread/context. The SVG-based charting library was replaced with a GPU-accelerated canvas-based library. Virtual scroll and lazy loading prevent overloading the browser and eliminate the need for a pager. Users can zoom by the X or Y axis and reset the zoom level with a double click. Graphs do not display if there is no related data. Support for UPS and NFS statistics has been added.

Options for configuring the reporting database have been moved to System ➞ Reporting. This screen adds the ability to configure Graph Age as well as the number of points for each hourly, daily, weekly, monthly, or yearly graph (Graph Points). The location of the reporting database defaults to tmpfs and a configurable alert if the database exceeds 1 GiB has been added to Alert Settings.

The web interface has received many improvements and bug fixes. Usability enhancements include: the ability to move, pin, and copy help text, persistent layout customizations, customizable column views, size units which accept humanized input, improved caching and browser support, and improved error messages, popup dialogs, and help text. An iX Official theme has been added which is the default for new installations.

NAT support has been added as the default for most Plugins. With NAT, a plugin is contained in its own network and does not require any knowledge of the physical network to work properly. This removes the need to manually configure IP addresses or have a DHCP server running. When installing a plugin into a virtualized environment, NAT removes the requirement to enable Promiscuous Mode for the network.

The Plugins page has been streamlined so that most operations can be performed without having to go to the Jails page. Support for collections has been added to differentiate between iXsystems plugins, which receive updates every few weeks, and Community plugins. In addition, there have been many bug fixes and improvements to iocage, the Plugins backend, resulting in a much better Plugins user experience.

An ACL Manager has been added to Storage ➞ Pools ➞  (Options) and the permissions editor has been redesigned.

A new iSCSI wizard makes it easy to configure iSCSI shares.

There have been several Pool Manager improvements. The labels and tooltips for encryption operations are clearer. Disk type, rotation rate, and manufacturer information makes it easier to differentiate between selectable disks when creating a pool. A REPEAT button makes it easy to create large pools using the same vdev layout, such as a series of striped mirrors.

Support for collecting daily anonymous usage statistics has been added. Collected non-identifying data includes hardware information such as CPU type, number and size of disks, and configured NIC types as well as an indication of which services, types of shares, and Plugins are configured. The collected data will assist in determining where to best focus engineering and testing efforts. Collection is enabled by default. To opt-out, unset System ➞ General ➞ Usage collection.

Significant improvements to SMB sharing include ZFS user quotas support, web service discovery support, and improved directory listing performance for newly-created shares.

The middleware and websockets APIv2 rewrite is complete. APIv1 remains for backwards compatibility but will be deprecated and no longer available in the next major release.

A complete list of the new features and changes to the UI can be found in the New Features in 11.3 section of the Guide.

Deprecated and Removed Features

The legacy web interface has been removed and no longer appears as an option in the login screen.

Warden has been removed along with support for warden jails or plugins installed using FreeNAS 11.1 or earlier.

Netdata has been removed from Services due to a long-standing upstream memory leak. TrueCommand provides similar reporting plus advanced management capabilities for single or multiple FreeNAS systems and is free to use to manage up to 50 drives.

The built-in Docker template has been removed, though Docker can still be deployed in a Linux Virtual Machine.

Domain Controller has been removed from Services. To migrate an existing Domain Controller configuration, follow the steps in Migrating an Existing Domain Controller before updating.

Known Impacts

The system no longer allows moving the system dataset to an encrypted pool containing a passphrase. Since Directory Services and some SMB state information is stored in the system dataset, these services will not function correctly if the system dataset is locked or otherwise unavailable. It is recommended to move the system dataset to a non-encrypted pool or an encrypted pool not containing a passphrase.

Syncing to a B2 bucket does not delete files from the bucket, even when those files have been deleted locally.  Instead, files are tagged with a version number or moved to a hidden state. To automatically delete old or unwanted files from the bucket, adjust the Backblaze B2 Lifecycle Rules.

If Time Machine over SMB shares has been configured using Auxiliary Parameters, backups may fail. Since the middleware now performs SMB, AFPOVERTCP, and ADISK mDNS registration, SMB share auxiliary parameters are no longer evaluated to determine whether to advertise Time Machine. To resolve, remove fruit:time machine = yes from smb4.conf, check the Time Machine box in the SMB share, and run the command midclt call mdnsadvertise.restart.

The default nfs4:mode was changed from “special” to “simple”. This change is recommended as it synchronizes with Samba defaults and provides a better user experience. If the legacy behavior is required, add the following auxiliary parameter to all SMB shares: nfs4:mode=special. It is important that all shares have the same nfs4:mode setting as they share a common caching backend for SID to ID lookups.

The samba_server rc script has been broken into separate rc scripts for each of the Samba-related services. To manually invoke a script, add the “one” prefix to the rc commands, such as samba server onerestart, or restart the desired service directly: service winbindd restart.

Legacy AD monitoring has been replaced by the following health checks:

  • hourly clock skew check from DC with PDC Emulator FSMO role
  • test connection to netlogon share of currently connected DC every 10 minutes
  • instantaneous alert of winbindd status for domain transitioning to OFFLINE where the alert is automatically cleared when domain comes back online

Existing SMB shares are migrated to use a new libzfs-based shadow copy module. By default, all ZFS snapshots will be visible through “previous versions” in FIle Explorer. To disable this behavior, uncheck the Enable Shadow Copies checkbox for the SMB share and add the shadow_copy2 VFS module. Configuration parameters for shadow_copy2 are explained here.

There are two Share Type choices for dataset creation:

SMB

  • case insensitive dataset (filesystem is case insensitive, but case preserving)
  • restricted aclmode (chmod is not permitted)
  • default “restricted” ACL

Generic

  • case sensitive dataset
  • passthrough aclmode (chmod is allowed)
  • no default ACL.

When SMB is selected as the Share Type, a default ACL will be applied to the dataset. Since case sensitivity settings are immutable, users should consider application/client requirements prior to selecting the SMB Share Type.

 

Migrating an Existing Domain Controller

If the FreeNAS system is currently configured as the Domain Controller (DC) for a network, follow these steps to transfer its domain role to a separate system running Samba which will act as the new DC.

  1. On the FreeNAS system, take a snapshot of the dataset containing the sysvol share and make a clone of the current boot environment.
  2. Install Samba on new server and prepare to join the existing  domain. Follow these instructions to set the FreeNAS DC as Nameserver 1 on the new Samba DC.
  3. Join the new Samba DC to the existing domain: samba-tool domain join SAMDOM.FUN DC -U SAMDOM\\administrator
  4. View location of current FSMO roles from DC2: samba-tool fsmo show
  5. Transfer FSMO roles from DC1 (FreeNAS) to DC2 (Samba server): samba-tool fsmo transfer --role=all -U SAMDOM\\administrator
  6. Demote DC1(FreeNAS): samba-tool domain demote -U SAMDOM\\administrator
  7. Snapshot state of DC2.
  8. Disable Domain Controller service on FreeNAS and clear its DC configuration.