Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

FreeNAS 11.3-BETA1 - Now available!

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
Today i restart FreeNAS to remove unsuccessful hack of Proliant fan (can't lower noise due to non-standard connector) and the system dataset (with TCG Opal) wasn't imported but it's sed-unlocked. I import manually "zpool import SSDdrive" to see data is there, then restart again. Now it's imported on boot, but without mount points. The mount point is in root.
Here they say "FreeNAS does not allow users to set the mountpoint property--everything goes under /mnt.". Mnt is empty.. ouch. Stuck into web shell (luckily temporarily, but perhaps longterm, propagated to WAN) as all ssh is there. Have to fix this before coming back to ACL!
So these are the hottest beta1 problems: system dataset cannot be changed as reported 2 times above, and it disappears after boot.
UPDATE: manual import caused mountpoint, i thought this is written in the pool. After importing via UI, mountpoint is correct. After reboot, one drive in array was missing. After another reboot, it's back. All pools healthy. I won't rebot til beta2.
Can't see any more:
- drive temperatures in dashboard
Ideas:
- unlock geli from dashboard
 
Last edited:

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,454
I import manually "zpool import SSDdrive" to see data is there
You shouldn't import manually (temporarily it can be done, but you need to import from the GUI to have FreeNAS do things properly through the middleware)
 

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
11.3 beta1: pool options: switching between 'Default ACL Options' causes 'Permissions' and 'Flags' to be empty and 'Save' button unavailable. When clicked, there are advanced options instead of basic options listed. When clicked on a single permissions, all are suddenly deselected. Finally, after permissions and flags are somehow selected, 'Save' button becomes available.
When switching 'permission type' from advanced to basic, the permissions and flags are also emptied. If instead closest match was picked, the issues above wouldn't appear.
chmod/ACL permissions are not applied recursively so this hint is not correct: "Apply permissions recursively to all directories and files in the current dataset. ". Same for strip, it won't strip anything while claiming "Set to remove all ACLs from the current dataset. ACLs are also recursively stripped from directories and child datasets when those options are set. ".
Glitch: in pool options, Flags combo box hint link which goes to missingURL.
 
Last edited:

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,655
11.3 beta1: pool options: switching between 'Default ACL Options' causes 'Permissions' and 'Flags' to be empty and 'Save' button unavailable. When clicked, there are advanced options instead of basic options listed. When clicked on a single permissions, all are suddenly deselected. Finally, after permissions and flags are somehow selected, 'Save' button becomes available.
When switching 'permission type' from advanced to basic, the permissions and flags are also emptied. If instead closest match was picked, the issues above wouldn't appear.
Those are GUI issues. Please file a bug ticket with them so that the UI team can fix them.
 

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
Caveat:
The ACL manager is not aware of your home directory settings. It is optimized for speed (because we sometimes have to do this on millions of files). If you select "recursive" it will change the ACL on everything in the dataset. If you select "recursive" and "traverse", it will change the ACL on the dataset and all child datasets. This means that you will need to use the account UI to fix the permissions on user home directories after ACL changes (so it's better to set the ACL correctly from the get-go).
Reading your messages back and forth, couldn't get rid of Everyone attached to new files on home datasets with inheriting getfacl permissions only for owner and group. Just when i was about to write about samba again, i realized my test command "touch" (probably from cygwin) is causing it. Now i stepped out of this "box", started using normal editors, and copy, and everything is ok. Permissions between users are nicely converted to fit target user rules. Only thing i can ask is now how some command can convince Samba ACL to add Everyone group permission. This way it can still happen by some apps.
I added tickets Re pool options and Gui tables. I assume dataset transfer issue is very well known. Overall no huge issue in beta1. Happy to try beta2 and RC1.
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,655
Reading your messages back and forth, couldn't get rid of Everyone attached to new files on home datasets with inheriting getfacl permissions only for owner and group. Just when i was about to write about samba again, i realized my test command "touch" (probably from cygwin) is causing it. Now i stepped out of this "box", started using normal editors, and copy, and everything is ok. Permissions between users are nicely converted to fit target user rules. Only thing i can ask is now how some command can convince Samba ACL to add Everyone group permission. This way it can still happen by some apps.
I added tickets Re pool options and Gui tables. I assume dataset transfer issue is very well known. Overall no huge issue in beta1. Happy to try beta2 and RC1.
There is one change I made right before BETA1 to vfs_ixnas that you can try disabling ixnas:zfs_acl_chmod_enabled = False. This intercepts vfs_chmod() functions in samba and turns them into appropriate acl_set_file() syscalls. vfs_fruit maps changes to certain special ACL entries to a chmod() request, but there appears to be another place in smbd (possibly during non-posix opens) where this may be called and I haven't investigated it. Parameter is applied to the share.

As far as everyone@ goes, there will _always_ be an empty entry: everyone@::fd:allow. This is explicitly set by the ACL manager to lock down certain counter-intuitive ZFS behavior on SMB shares. If someone can give me a good case for allowing an API option to not do this, I'll listen, but as things stand I can't think of a good reason to do otherwise here. It would just increase complexity and create POLA violation for SMB users.
 
Last edited:

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
There is one change I made right before BETA1 to vfs_ixnas that you can try disabling ixnas:zfs_acl_chmod_enabled = False. This intercepts vfs_chmod() functions in samba and turns them into appropriate acl_set_file() syscalls. vfs_fruit maps changes to certain special ACL entries to a chmod() request, but there appears to be another place in smbd (possibly during non-posix opens) where this may be called and I haven't investigated it. Parameter is applied to the share.

As far as everyone@ goes, there will _always_ be an empty entry: everyone@::fd:allow. This is explicitly set by the ACL manager to lock down certain counter-intuitive ZFS behavior on SMB shares. If someone can give me a good case for allowing an API option to not do this, I'll listen, but as things stand I can't think of a good reason to do otherwise here. It would just increase complexity and create POLA violation for SMB users.
nice thread here
i don't mean blank Everyone, i mean Everyone getting illegal pemissions to new files on a restricted dataset with ixnas setting applied and samba flushed and restarted

root of dataset:
user:USER:rwxpDdaARWcCo-:fd-----:allow
group:GROUP:r-x---a-R-c---:fd-----:allow
everyone@:--------------:fd-----:allow

files:
1 - via touch
2 - via other methods
expected inheriting permissions: u+rw, g+rx as above


\\NAS>getfacl 1
# file: 1
# owner: Unknown+User
# group: Unknown+Group
user::rw-
group::r--
other:r--

\\NAS>getfacl 2
# file: 2
# owner: Unknown+User
# group: Unknown+Group
user::rwx
group::r-x
other:---
getfacl [1-2]
# file: 1
# owner: USER
# group: GROUP
user:USER:rw-p-daARWcCo-:-------:allow
group:GROUP:r-----a-R-c---:-------:allow
everyone@:r-----a-R-c---:-------:allow
everyone@:--------------:-------:allow

# file: 2
# owner: USER
# group: GROUP
user:USER:rwxpDdaARWcCo-:------I:allow
group:GROUP:r-x---a-R-c---:------I:allow
everyone@:--------------:------I:allow
 

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
11.3 beta 1: networkless jail won't start "BPF requires VNET", however Berkeley Packet Filter is not shown during jail creation wizard but evidently it is preselected while all other network settings are off by default, so default jail creation will end up with this error.
Also wonder why a new jail doesn't have bit more packages installed like, especially zsh:
Code:
jexec 1
jexec: execlp: /usr/local/bin/zsh: No such file or directory

i know iocage is preferred, but jexec complaint is not nice.
Code:
iocage console test
find / -name zsh
<nothing>

zsh is preferred generally
'The default shell for a new install of FreeNAS® is zsh '
and help indicates that it's supposed to be there:
Shell (sh csh tcsh git-shell zsh rzsh nologin) [sh]: csh
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,655
nice thread here
i don't mean blank Everyone, i mean Everyone getting illegal pemissions to new files on a restricted dataset with ixnas setting applied and samba flushed and restarted

root of dataset:
user:USER:rwxpDdaARWcCo-:fd-----:allow
group:GROUP:r-x---a-R-c---:fd-----:allow
everyone@:--------------:fd-----:allow

files:
1 - via touch
2 - via other methods
expected inheriting permissions: u+rw, g+rx as above
As I mentioned earlier, this is expected behavior if you have the aclmode=passthrough on the ZFS dataset underlying the path where you are testing SMB behavior. zfs set aclmode=restricted <pool>/<dataset> This is because of samba performing a chmod() during non-posix opens. Additionally, make sure you are restarting the SMB service after any of these changes (like the ixnas parameter).
 

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
Today i restart FreeNAS to remove unsuccessful hack of Proliant fan (can't lower noise due to non-standard connector) and the system dataset (with TCG Opal) wasn't imported but it's sed-unlocked.
...
After reboot, one drive in array was missing. After another reboot, it's back. All pools healthy. I won't rebot til beta2.
(1)
i did reboot, because of replication complained about pool busy, and shortly OS rebooted voluntarily once more:
WARNING
NAS.FAMILY had an unscheduled system reboot. The operating system successfully came back online at Sat Nov 30 22:38:14 2019.

Sat, 30 Nov 2019 10:38:16 (Europe/Berlin) <---------this timestamp sucks, it's not time from the timezone, the first timestamp is correct
...and again TCGopal drive wasn't loaded, rebooted to fix. so it's a coin toss with drives.

(2)-minor
cpu is known, why these messages:
dmesg|grep CPU
pmc: Unknown AMD CPU
...
CPU: AMD Opteron(tm)


(3)-minor
usp was throwing "libusb_get_interrupt: Unknown error" in debug.log, used this parameter to fix. Terrible USB communication of Eaton, it slows down BIOS already, can't even use keyboard.

(4)-minor
manual root crons are impossible :( and too frequent crons via UI flood the UI's "task manager" which becomes unresponsive. so i converted the command to a job with sleep (meh), set to run via post-init, but that has got timeout "feature". Timeout=0 doesn't mean infinite, the command was killed asap. How to launch a boot script in a decent way, without tweaking conf/bases once again?

(5)-minor
unlocking all pools interactively with one password and unlock button presence in dashboard would be lovely.

(6)
didn't find any way to change files creation time (btime) using CLI/samba/powershell. Thanks to lack of filesystem compatibility (import failed and fuse ext2 mounted drive was terribly slow) i had to migrate TBs of data via sambas, then ftp in midnightcommander and it decided to set most files times to midnight. just like you see in ls -l command without -T or --full-time switch. what a terrible feature to hide time for older files in un*x systems. fixing was done with robocopy /e /timfix /dcopy:t /copy:t source target, but this has fixed only mtime, so i copied files once again to reclaim btime. apparently only a newly copied file updates btime (visible in stat command).
 
Last edited:

veldthui

Newbie
Joined
Nov 28, 2019
Messages
12
Is there a fix to add an RSync module or a way around it? Trying to add one and getting the "Please specify a valid user" and same for group no matter what I select. I saw another post that this was a known issue but still would like to add one somehow.
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,655
Is there a fix to add an RSync module or a way around it? Trying to add one and getting the "Please specify a valid user" and same for group no matter what I select. I saw another post that this was a known issue but still would like to add one somehow.
I'll pm you the fix.
 

appliance

Newbie
Joined
Nov 6, 2019
Messages
51
[beta 1][quotas]
i have a dataset of 100GB, quota=100gb, reserved=0gb, no snapshots, no copies, no sharing just jail mapping, compression=lz4 (ratio 1.0).
Plugin fills it up to 100%.
i delete most of the files, zfs list -r or df -h says 80% FREE, 20% USED.
Storage\Pools say 0% FREE, 100% USED, for a whole day. Plugin complains, cannot write files.
i try to change some pool flags via UI -> error. i change it with zfs set -> ok. Interesting.
i reduce quota via UI below to 80GB -> ok. Also interesting. And after that, Storage\Pools say 60GB FREE, 20GB USED which means it was reset somehow.
that means there is a handler actively enforcing fake quota and it is successful in doing it.

also, back to 100gb capacity, there's actually 40GB used of noncompressible data, and both UI and zfs claim it's just 20GB (20% USED as above). interesting. so yes i could move quota below real used capacity but not under artificial capacity. there are no symlinks or thrashbins, just plain files.
i emulate the filling process manually, set quota to 21GB, leaving 1GB free, fill up 1GB, get quota error as expected. now 41GB reside on drive. i deleted 1GB, and again 80gb becomes free.
i also turn off compression, truncate -s 10GB testfile* several times, and it doesn't move statistics. Interesting, truncate creates tiny (in physical terms) 10GB file, i thought it'd work like that only with compression on.
this one could be a allocation issue or feature i guess.. both plugin and command preallocate. not liking the way, as it kills the concept somehow.
Code:
zfs get quota dataset
NAME           PROPERTY  VALUE  SOURCE
dataset  quota     100G   local
zfs userspace -p dataset
TYPE        NAME         USED  QUOTA
POSIX User  root        40448   none
POSIX User  999     21474836480   none
df -h|grep dataset
dataset                     100G    20G    80G
du /mnt/dataset
42949672960  /mnt/dataset


Read some forum threads that 100% is a problem, but they're old and cyberjocky, so it must have been either wrong info or fixed just after that. i can delete files when i fill up the drive with tiny files to make sure last metadata optimally flood the drive. Evidently there's still room in pool/dataset metadata and it'd be a unusable CoW filesystem if there wasn't a reserved space for it. can't google such problem since ~2014, besides folks from time to time who don't get samba thrashbins, snapshots or other datasets in pool can collide with empty space.
The parent pool itself has quota 80% ("ssd provisioning"), and there are 2 datasets with reserved+quota, and overall there's still lot of capacity left. All other pools and datasets show real capacity, with snapshots or not.
 

veldthui

Newbie
Joined
Nov 28, 2019
Messages
12
Having issues with Synology and Freenas rsync.
After applying the fix for the username/group issues I got it working and was backing up a single folder from my Synology to Freenas.
Today my 5 new 5TB drives arrived and I installed them and created a new pool as a raidz and added a dataset. Set all the permissions the same as the rsync dataset that was working.
Deleted the rsync task from the Synology as it was just a test and tried to create a new rsync task to backup the whole synology. Went okay with everything up until the end when it repeatably says it has insufficient privileges to access the remote side. After checking everything a dozen times and getting frustrated I tried to recreate the original rsync task I had and it gave me the same error yet it was working fine before.
I am at a loss now because the credentials I used in the Synology rsync task are the owner and group of the dataset and I set them for full control.
Also the previously working one fails now as well and only change is adding another pool of 5 drives.
Tried a reboot of both and still no good.
Any help appreciated. I would go and install the 11.2 release but everytime I try and create a bootable USB drive after the write it crashes my Windows 10 machine to a blue screen and the USB is then unreadable.
 

veldthui

Newbie
Joined
Nov 28, 2019
Messages
12
Okay I finally got it working. I had to add an ACL user to the permissions. I had to add the user to be the same as the owner and then it worked even though I gave owner full control. Not sure what happened but it is running now.
 
Top