How do I get portsnap on FreeNAS 8.0.4 ?

[stoooo]

Hello.

I have an HP N40L Microserver running FreeNAS 8.0.4. This is set up with an NFS share. It is one of two microservers I have to support my small VMware ESXi environment. The second one is set up for iSCSI and is where the datastores live.

The NFS box was always destined to be a backup repository for Veeam. However, we are encountering some issues. I have been working with Veeam tech support, and we are making some progress, but we seem to have hit a wall. We initially struggled to add the NFS share as a repository in Veeam, but once we added perl to the FreeNAS installation and changed the user to use bash instead of csh, that part worked alright.

However, when running a backup, a small Linux program needs to be run on the NFS server in order to create some temp files for the job, which are then removed when the job completes. As you might gather from that last sentence, Veeam is geared up to talk to Linux NFS servers, not FreeBSD based ones. Anyway, after some research, it seems that if we can add the linux.ko and supporting files, then it might well work out OK. It looks like the easiest way to achieve this would be by using the portsnap utility. But portsnap does not appear to be included with FreeNAS 8.0.4. If I try to add the package (# pkg_add -v -r portsnap) it cannot be found. The package installer is looking in ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.2-release/Latest/, and it's right, there's no portsnap file in there.

So, how do I go about installing portsnap on my FreeNAS box ? These two microservers are my first ever BSD boxes, so please be clear with any commands I will need to follow.

Thanks,
Stuart.

 

[James]

Is the small program a shell script? If not, can they provide a shell script?

 

[stoooo]

Nope, not a script. Support described it as "a statically linked 32-bit ELF executable". I don't fancy our chances of getting a script. They seem more than happy to help figure out what to do on the FreeNAS end of things to get this to work, but the only Veeam change I've heard mentioned so far is a potential broadening of the support for ZFS file systems. They only officially support it under Solaris, and Veeam sees an incredibly huge amount of free space available on the NFS share when connecting to FreeNAS. It should report on the actual free space, but it seems to be displaying some sort of fixed maximum value or something.

So, any more hints on the portsnap issue ? I've seen references to it being included in earlier version of FreeNAS, e.g. 8.0.1, so I would imagine there must be some way to add it in.

Cheers,
Stuart.

 

[joeschmuck]

I don't understand why you need to add portsnap. Portsnap updates the ports collection on the freebsd system. What port does Veeam want to update?

portsnap is part of the FreeBSD base OS and thus does not need to be added, however since this is and embeded OS, I'll bet it was removed to save space. It's not needed for normal use.

 

[ben]

Also, why is this stuck on FreeNAS 8.0.4? FreeNAS 8.3.0 is supported (8.0.4 already has open security advisories that will never be fixed), uses an up-to-date ZFS and FreeBSD version, and has an option for a ports jail which is designed precisely for installing custom software.

 

[joeschmuck]

8.0.4 is stable and runs fine so I can see why someone doesn't want to change and if it's behind a firewall then those security issues are not a problem. However to your point, the jails may be the answer to the OP's problem. A jail can be added to 8.0.4 as well however they are a bit easier with 8.3.0-Release.

 

[stoooo]

Upgrading to 8.3 has been discussed. In fact, the Veeam guy is working on 8.3 while I work on 8.0.4. That way, we can see if there are any differences. If he can get 8.3 to work, then I would upgrade with little hesitation. 8.0.4 has been very stable, so I am not inclined to upgrade just for the sake of it. And I'm certainly not going to upgrade my iSCSI box until we can get some good backups. And using the x.0 version of anything is always a bit risky. Maybe I'll be more enthusiastic about upgrading when 8.3.1 comes out.

The reason I'm asking about portsnap is because I read somewhere that it was the package that would provide me with the linux.ko and supporting files that I need to be able to run this Linux executable. I was trying not to come on here without having done some serious research first, and it is entirely possible that portsnap is *not* actually what I need. So, I shall put my 'utter n00b' hat on and ask...

I need to run a small Linux executable on my FreeNAS 8.0.4 box. I know FreeBSD is capable of this. What do I need to do to my FreeNAS box to make this happen ?

Thanks,
Stuart.

 

[cyberjock]

8.0.4 is stable and runs fine so I can see why someone doesn't want to change and if it's behind a firewall then those security issues are not a problem. However to your point, the jails may be the answer to the OP's problem. A jail can be added to 8.0.4 as well however they are a bit easier with 8.3.0-Release.

https://www.samba.org/samba/security/CVE-2012-1182

I'd say that the firewall doesn't necessarily protect you from this vulnerability. If someone thinks you may be using an old version of SAMBA they could attack via a number of vectors to attempt to get the server to provide an outgoing connection from your server to someplace on the internet. This would render your firewall useless for protection in this case.

The real catch is that while someone wouldn't know you have FreeNAS, making assumptions that a server is using samba is somewhat higher since SAMBA is used in many places all over the world. Attackers would be smart to attempt to gain access to machines using SAMBA since this vulnerability may not be fixed quickly in some companies(if at all). Unless you just cannot accept upgrading you really should. Vulnerabilities left open like this for months or years is why there are so many attacks against governments and companies. It should also be considered how your business would be affected if someone were to gain full access to all of the data on your server, all passwords, and the ability to delete or change settings without your control.

Edit: Just saw your post from 15 mins ago. Not upgrading because you don't want to "fix what isn't broken" is precisely why companies have data compromised. It is IMPERATIVE that you take a proactive stance on security or you WILL be reacting later. Just ask Sony how awesome their PSN network was 6 months ago. If I owned a business and you told me you weren't upgrading despite a vulnerability of this magnitude because "the system is stable" and you hadn't proven that the upgrade would make your system unstable I'd fire you on the spot. You should be testing it and verifying that it is NOT stable before you choose not to upgrade because the current system "is stable". That's just a lazy excuse for "I don't want to test it so I'll assume it won't work" while there is no assuming there may be a vulnerability.. there is one. Period.

Another edit: I noticed you discussed NFS, so you may not be using CIFS. If the service is off(not "on" with nothing shared) and you will never be turning on CIFS then the vulnerability is not an issue for you, at all. But if you don't upgrade you will have to remember to keep in the back of your mind that if someday you do plan to use CIFS you should upgrade for the reasons I've listed above.

 

[William Grzybowski]

Upgrading to 8.3 has been discussed. In fact, the Veeam guy is working on 8.3 while I work on 8.0.4. That way, we can see if there are any differences. If he can get 8.3 to work, then I would upgrade with little hesitation. 8.0.4 has been very stable, so I am not inclined to upgrade just for the sake of it. And I'm certainly not going to upgrade my iSCSI box until we can get some good backups. And using the x.0 version of anything is always a bit risky. Maybe I'll be more enthusiastic about upgrading when 8.3.1 comes out.

The reason I'm asking about portsnap is because I read somewhere that it was the package that would provide me with the linux.ko and supporting files that I need to be able to run this Linux executable. I was trying not to come on here without having done some serious research first, and it is entirely possible that portsnap is *not* actually what I need. So, I shall put my 'utter n00b' hat on and ask...

I need to run a small Linux executable on my FreeNAS 8.0.4 box. I know FreeBSD is capable of this. What do I need to do to my FreeNAS box to make this happen ?

Thanks,
Stuart.

You need a full FreeBSD 8.2 install to compile the linux kernel module, copy it to freenas /boot/kernel and add "linux_load=YES" to /boot/loader.conf

 

[stoooo]

Edit: Just saw your post from 15 mins ago. Not upgrading because you don't want to "fix what isn't broken" is precisely why companies have data compromised. It is IMPERATIVE that you take a proactive stance on security or you WILL be reacting later. Just ask Sony how awesome their PSN network was 6 months ago. If I owned a business and you told me you weren't upgrading despite a vulnerability of this magnitude because "the system is stable" and you hadn't proven that the upgrade would make your system unstable I'd fire you on the spot. You should be testing it and verifying that it is NOT stable before you choose not to upgrade because the current system "is stable". That's just a lazy excuse for "I don't want to test it so I'll assume it won't work" while there is no assuming there may be a vulnerability.. there is one. Period.

Another edit: I noticed you discussed NFS, so you may not be using CIFS. If the service is off(not "on" with nothing shared) and you will never be turning on CIFS then the vulnerability is not an issue for you, at all. But if you don't upgrade you will have to remember to keep in the back of your mind that if someday you do plan to use CIFS you should upgrade for the reasons I've listed above.

Sadly, we don't all operate in your utopian environment where money flows freely from the light fixtures and the IT elves are willing to work 72hr shifts for little more than a handful of candy canes and a pat on the head. In the real world, I operate a small family business with limited funds and only 24hrs in a day. We have a limited number of users and a limited number of computers on the network, all of which I can see from my desk. Of the two FreeNAS boxes I own, one is running iSCSI, the other NFS. Neither is running CIFS. I understand that it may be somewhat heretical to say it on here, but if I want to share files via SMB/CIFS, I'll put the files on my Windows server. Not wanting to fix what isn't broken is not lazy, it's a matter of prioritising with the limited resources I have available to me. And there are degrees of broken-ness. Sure, there's an evil SAMBA bug out there, but with CIFS disabled, *my* FreeNAS installation isn't broken. And upgrading to an x.0 version of something may introduce new issues into a production environment that don't currently exist.

I used to work in corporate America, and many of your comments are true for a large environment with many potential attack vectors. However, they do little to help us work out how to run a small Linux executable on a FreeNAS 8.0.4 box.

You need a full FreeBSD 8.2 install to compile the linux kernel module, copy it to freenas /boot/kernel and add "linux_load=YES" to /boot/loader.conf

OK, I could probably manage that. Do I just need the kernel module and the config file change, then ? No other supporting files or packages ? It almost sounds too simple.

I think we are fast approaching a fork in the road here. The idea originally was to make use of FreeNAS as an elegant solution to my storage requirements. The more modifications I need to make, the less elegant this solution becomes. I'll try the above suggestion in a virtual lab, since I would really like to stick with a FreeNAS/Veeam combination. But if it doesn't work out, I may simply have to resort to installing my favourite Linux distro on the N40L and setting up an NFS share that way. Sure, I lose the nice web GUI, but my requirements are simple and I need to get on with having backups, not hacking an unsupported NAS platform. Not having decent backups seems to me a much more sackable offence than not keeping up to date on SAMBA patches.

Thanks,
Stuart.

 

[cyberjock]

Sadly, we don't all operate in your utopian environment where money flows freely from the light fixtures and the IT elves are willing to work 72hr shifts for little more than a handful of candy canes and a pat on the head. In the real world, I operate a small family business with limited funds and only 24hrs in a day. We have a limited number of users and a limited number of computers on the network, all of which I can see from my desk. Of the two FreeNAS boxes I own, one is running iSCSI, the other NFS. Neither is running CIFS. I understand that it may be somewhat heretical to say it on here, but if I want to share files via SMB/CIFS, I'll put the files on my Windows server. Not wanting to fix what isn't broken is not lazy, it's a matter of prioritising with the limited resources I have available to me. And there are degrees of broken-ness. Sure, there's an evil SAMBA bug out there, but with CIFS disabled, *my* FreeNAS installation isn't broken. And upgrading to an x.0 version of something may introduce new issues into a production environment that don't currently exist.

I used to work in corporate America, and many of your comments are true for a large environment with many potential attack vectors. However, they do little to help us work out how to run a small Linux executable on a FreeNAS 8.0.4 box.

I totally understand your argument relating to "only so much time in a day". But we're not talking about something that would take a long time and a 5 figure budget. You could save your config file, reinstall FreeNAS on a new USB with the latest version and import your config in less than 30 mins. Plug it into the server and let it run and see what happens. If nobody complains then clearly nothing is broken. You spent a total of about 30 mins upgrading. If something is broken then you just shutdown the server, replace the new USB with the old install, and bootup.

Literally, the steps to perform a non-committing upgrade are literally identical to replacing a failed USB key for FreeNAS. I'd say if it took anyone more than an hour to get the FreeNAS server back up after they realize a USB has failed that would be borderline negligence. It really doesn't take that long at all. I've done it just before going to bed on a Friday night.

But yes, since you don't use CIFS you don't have to worry about that at all.

 

[stoooo]

Agreed. However, there is also an argument for having a consistent environment. While I am utterly unconcerned with the fate of the NFS box (I have spare USB keys here on my desk, and absolutely could have it up and running with 8.3 in a matter of minutes) I would prefer not to have two different versions of FreeNAS in my environment, each with their own quirks I have to be aware of. I can also guarantee that nobody but me will notice if anything goes wrong with it, since the only device connecting to it will be my Veeam server. Everything else lives on the iSCSI box. That one is mission critical. So daily work would indeed be unaffected by anything we do to the NFS box.

One other thing to consider is that I have seen posts on this forum bemoaning the serious performance impact of newer versions of FreeNAS on NFS performance. One poster showed the progression his machines had followed from 8.0.4 to 8.2.0 and now to 8.3.0. His throughput has practically halved. That's a data point that's hard to ignore on a box that is dedicated to NFS.

EDIT - I found the post I was referring to in that last paragraph... http://forums.freenas.org/showthrea...is-now-available&p=41794&viewfull=1#post41794. Turns out it was CIFS performance not NFS. The mention of NFSv4 in there seems to have stuck in my brain more than the reference to CIFS. So maybe NFS on 8.3 is OK after all. But simply moving to 8.3 still doesn't get me the ability to execute a small Linux app on my FreeNAS box.

 

[joeschmuck]

I completely understand where you are coming from. Some of my performance appears to have taken a huge dive but I made two changes at the same time, I swapped out my hard drives from the Samsung HD204UI to the WD Red, and changed the pool from 4 drives (RAIDZ1) to 5 drives (RAIDZ1) leaving in one of the old Samsung drives because I couldn't afford a fifth Red drive, supposedly to improve performance, and then upgraded the pool to V28. So I have a perceived large slowdown but I need to test it out to know for certain how much of a slow down there really is. It seems like I took a major hit on read performance. I need to test things out with real benchmark testing but first I need to backup the data.

I can say that 8.3.0-Release is stable for me but I only use it for CIFS and MiniDLNA use, and periodically I'll turn on the FTP Server whenever one of my sons needs to download something I have (one lives in Germany, the other in California). Nothing fancy on it. And I really like 8.0.4, never had a single problem with it and hesitated moving to 8.3.0. After my testing, I might move back but I want concrete evidence it's not my mind playing games on myself.

Please post if William's answer fixes your problem. It would be nice to know.

 

[stoooo]

Please post if William's answer fixes your problem. It would be nice to know.

Of course. I hate those kinds of threads where you see a potential answer left hanging in the wind. But, since it's Thanksgiving, I probably won't get a chance to try it until tomorrow.

 

[joeschmuck]

Of course. I hate those kinds of threads where you see a potential answer left hanging in the wind. But, since it's Thanksgiving, I probably won't get a chance to try it until tomorrow.

You folks in the UK take Thanksgiving off? I'll have to ask one of my UK buddies. I work with the Royal Navy quite a bit in the submarine program.

 

[stoooo]

The wife's American, so we still celebrate it together as a family. She says it's weird living in a country where everybody is at work today.

 

[cyberjock]

One other thing to consider is that I have seen posts on this forum bemoaning the serious performance impact of newer versions of FreeNAS on NFS performance. One poster showed the progression his machines had followed from 8.0.4 to 8.2.0 and now to 8.3.0. His throughput has practically halved. That's a data point that's hard to ignore on a box that is dedicated to NFS.

EDIT - I found the post I was referring to in that last paragraph... http://forums.freenas.org/showthrea...is-now-available&p=41794&viewfull=1#post41794. Turns out it was CIFS performance not NFS. The mention of NFSv4 in there seems to have stuck in my brain more than the reference to CIFS. So maybe NFS on 8.3 is OK after all. But simply moving to 8.3 still doesn't get me the ability to execute a small Linux app on my FreeNAS box.

That was one person's adventure though. While it was CIFS and not NFS, even still, I wouldn't assume that things will go bad until its been tested and proven. Like I said before, you are jumping to conclusions without even spending the 1 hour to prove that your concerns are even concerns to be worried about. CIFS has always been VERY CPU heavy at high speeds. If you are wanting to saturate Gb on CIFS with RAIDZ2 you'd better have more than 6GB of RAM and a CPU that is less than 4 years old and not a "low power" CPU.

The wife's American, so we still celebrate it together as a family. She says it's weird living in a country where everybody is at work today.

FREAK! Just kidding. Being ex-military and an American I can honestly say it IS weird when you go somewhere and they aren't celebrating a holiday that is as prevalent as Thanksgiving.

 

[stoooo]

That was one person's adventure though. While it was CIFS and not NFS, even still, I wouldn't assume that things will go bad until its been tested and proven. Like I said before, you are jumping to conclusions without even spending the 1 hour to prove that your concerns are even concerns to be worried about.

You're absolutely right. I am prejudging 8.3 based on the experiences of a small number of other people, and that really isn't like me. I should test it myself so that I know for a fact how well it performs in my environment. However, speed is a secondary concern (trust me, getting decent throughput *is* important to me), and stress testing gets me no closer to my primary goal of running a small Linux app on my FreeNAS box.

So, I'll do you a deal. Save me some time by pointing me at a Dummies Guide to Building a linux.ko Kernel Module in FreeBSD, and when we prove that it works, I'll do whatever speed tests you like and report the results back here for all to see. I'll even switch the four drives from RAID5 to RAID0 to take parity out of the equation and maximise the throughput.

I've got plenty of room on my VMware machines so I can build a virtual FreeBSD box to do the work on. I've never actually installed FreeBSD before, so that should be an adventure all by itself :)

 

[cyberjock]

You're absolutely right. I am prejudging 8.3 based on the experiences of a small number of other people, and that really isn't like me. I should test it myself so that I know for a fact how well it performs in my environment. However, speed is a secondary concern (trust me, getting decent throughput *is* important to me), and stress testing gets me no closer to my primary goal of running a small Linux app on my FreeNAS box.

So, I'll do you a deal. Save me some time by pointing me at a Dummies Guide to Building a linux.ko Kernel Module in FreeBSD, and when we prove that it works, I'll do whatever speed tests you like and report the results back here for all to see. I'll even switch the four drives from RAID5 to RAID0 to take parity out of the equation and maximise the throughput.

I've got plenty of room on my VMware machines so I can build a virtual FreeBSD box to do the work on. I've never actually installed FreeBSD before, so that should be an adventure all by itself :)

I'd love to see your datapoints on using 8.3 versus 8.0.4 but I have no clue how to build the linux.ko module. I have compiled FreeNAS, but never FreeBSD nor the linux.ko kernel module. You might be able to find someone that has it already compiled though.

Keep in mind that I have a 1st gen i3-530 that can handle over 400MB/sec. Unless you have a CPU that is older than Intel's "i3/i5/i7" CPU you should have no problems getting the performance you need even on 8.3. The people that are seeing performance slowly decrease is because they are using CPUs that are hitting their limits. Atoms can't even max out Gb, so no surprise there that as more features get added it would only get slower. You haven't mentioned your hardware at all but if it's faster than a 1st gen i3 you should have zero speed problems as you should be able to more than saturate 2 Gb NICs simultaneously.

 

[stoooo]

Hardware is an HP N40L Microserver... http://www.serversplus.com/servers/server_bundles/658553421-4TBNAS. The NFS one has 4GB RAM and 4x250GB drives, the iSCSI one has 8GB RAM and 4x2TB drives. Other than that they are identical.

EDIT - I forgot, the iSCSI one also has an HP NC382T NIC in it. This is connected to the ESXi servers via Cat6 crossover cables.