1. Two recommended ways to protect your account on OCAU:
    Dismiss Notice

OpenSolaris/Solaris 11 Express/ESXi : BYO Home NAS for Media and backup images etc

Discussion in 'Storage & Backup' started by davros123, Dec 14, 2009.

  1. OP
    OP
    davros123

    davros123 Member

    Joined:
    Jun 18, 2008
    Messages:
    3,045
  2. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  3. OP
    OP
    davros123

    davros123 Member

    Joined:
    Jun 18, 2008
    Messages:
    3,045
    Nice. The fork lives on ;)
     
  4. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  5. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  6. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  7. downforce

    downforce Member

    Joined:
    Jun 11, 2007
    Messages:
    1,202
    Location:
    Thornlie, WA
    I currently have a Solaris 11 ESX VM running as a "NAS" (with passed through HBA in zpool etc).

    Up to this point, I've just been running SMB/NFS with a single user account, but now my kids are getting older I want to give them access to different shares (like Movies, but not the homemade porn)

    Are there any Solaris drop-in replacements (well ZFS) that have easier to use ACL than Solaris' ZFS model?
    Or am I just going to have to suck it up and learn the (what seems) crazy way to set ACLs on ZFS/SMB on Solaris?
     
  8. ljw1

    ljw1 Member

    Joined:
    Jul 4, 2002
    Messages:
    79
    You could pay for the acl addon from nappit?

    Unless you are paying for support Solaris 11 is well and truly dead. It is probably a good time to look at moving to something else. There may be other ACL management options in other operating systems.
     
  9. downforce

    downforce Member

    Joined:
    Jun 11, 2007
    Messages:
    1,202
    Location:
    Thornlie, WA
    I don't currently use napp-it on Solaris, everything was configured command line from a SSH shell.

    As for the second part, that was exactly my question :D
     
  10. OP
    OP
    davros123

    davros123 Member

    Joined:
    Jun 18, 2008
    Messages:
    3,045
    not 100% on this (as i use acls) but i think you can you set the permissions on sub folders in a share using the standard windows permissions screen (ie. right click, properties, security iirc).
     
  11. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    From outside view (from a Windows Pro computer) a Solaris SMB server and a Windows Server behave quite identical regarding permissions. Solaris nfs4 ACL and Windows ntfs are quite identical on options and permission inheritance beside deny rules. They were processed on Windows prior allow rules whereas Solaris respects order of rules similar to firewall rules.

    So just set an SMB password for root (passwd root) and SMB connect from Windows as root, You can then modify all permissions from Windows. If you want to allow anyone to access a share, give him at least read permissions via everyone@ or user/group permission. If you want to allow them to access a share but not included folders, remove the anyone rule for files and folders and set a read rule for this folder only (the share). Then set permissions to subfolders like folder-a: modify for person1 with inheritance to files and folders and a different rule for other folders (inheritance determines the permission of newly created files and folders)

    If you only use a read and create permission on a folder, everyone can create a folder and is the only one to access the folder as the owner (you can hinder that a creator is the owner via zfs property aclinherit).

    The only simpler option is when using traditional basic Unix/Linux permissions like owner, group, everyone without inheritance ex with SAMBA. But the Windows ntfs/nfs4 permissions are far superiour and much easier to setup once you have understood the basics especially the inheritance. Setup the rules from a commandline is quite complicated does not matter if you try on a Windows server or Solaris. Use a GUI like Windows. For those who need deny rules, I offer the ACL extension for napp-it. All others, simply set ACL from Windows. To set share rules from Windows, SMB connect as a member of administrators and use the Windows computer management console. This also allows to control connected users and open files.
     
    downforce likes this.
  12. chook

    chook Member

    Joined:
    Apr 9, 2002
    Messages:
    3,789
    I think the point of the ACL style permissions being introduced was to align them with NTFS style permissions.
     
  13. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    Luckily we have Illumos, the free Solaris fork that is developped since 2010 completely independent from Oracle. Beside ZFS encryption and ultrafast sequential resilvering it has all features of the genuine Oracle Solaris and some features more that are not available in Solaris like LX/KVM/Docker support as you find in SmartOS (a Samsung owned company) or OmniOS with LX zones or NexentaStor with SMB3 or OpenIndiana with a server and a desktop option with many server services in their repo. Even ZFS encryption and sequential resilvering, the last unique Solaris features are on the way to Open-ZFS. The fast multithreaded Solaris CIFS server with its unbeaten Windows ACL or Snaps=Windows previous version compatibility is the same on either.

    It is sad that Oracle lost interest on Solaris as one of the best commercial Unix server operating systems and in all my tests always the fastest ZFS server in favour of their cloud solutions but Oracle promised support for Solaris, Sparc and the underlying hardware at least until 2037 so it is not really dead but freezed to internal Oracle needs.
     
    Last edited: Nov 8, 2017
  14. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    I have uploaded a new preview ova template for ESXi 5.5-6.5
    to deploy a virtualized ZFS storage server on ESXi.

    Disk size 40GB/ thin provisioned 4,5GB
    e1000 (management) + vmxnet3 (data) vnic
    OmniOS 151024 CE stable with NFS, SMB and FC/iSCSI
    napp-it 17.06 free/Nov. edition
    Open-VM-tools, midnight commander, smartmontools 6.6 etc
    TLS mail enabled
    Basic tuning

    HowTo: http://napp-it.org/doc/downloads/napp-in-one.pdf
    Download: napp-it // webbased ZFS NAS/SAN appliance for OmniOS, OpenIndiana, Solaris and Linux : Downloads
     
  15. OP
    OP
    davros123

    davros123 Member

    Joined:
    Jun 18, 2008
    Messages:
    3,045
    nice one gea. That makes it so easy to go with a zfs nas appliance.

    Thanks !
     
  16. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    ZFS is crash resistent!

    This means that ZFS - a Copy on Write Filesystem is not corrupt after a crash during writes (unlike older filesystems). This does not mean that a VM or a database is consistent on a crash as ZFS uses up to 4 GB RAM as writecache for a better performance. Think of an accounting software where you put off an amount from one account and the system crashes prior you can add it to another account (money in data nirwana as the ramcache is lost on a crash).

    ZFS offers sync write, a mechanism where every commited write is logged. On a crash the commited writes are done on next reboot to allow a database or VM to be consistent. Sadly sync write requires a log device with powerloss protection and ultra low latency for a good performance. In the past these log devices (slog) were expensive and despire slow compared to fast writes without sync.

    The new Intel Optane is a game-changing technology. When you use them as an Slog, even sequential sync writes are nearly as fast as writes without sync. If you use Optane not for Slog but the pool itself, it opens a new performance level on small random writes and sequential writes. Even a filer with sync enabled is possible now. I am impressed!

    See http://napp-it.org/doc/downloads/optane_slog_pool_performane.pdf
     
  17. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  18. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    I have made some new benchmarks to answer

    - napp-it AiO or barebone setup
    - How important is RAM for ZFS (2GB vs 4GB vs 8GB vs 16GB vs 24GB)
    - Differences between HD, SSD, NVMe Flash, NVMe Optane 900P and ZFS scaling over number of vdevs
    - What about Slog (ZeusRAM vs Intel DC 3700 vs P3600 vs Optane 900P)

    http://napp-it.org/doc/downloads/optane_slog_pool_performane.pdf
     
  19. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
  20. gea

    gea Member

    Joined:
    May 22, 2011
    Messages:
    220
    Update

    napp-it is running from current release Feb 02 on Solaris 11.4b (not all functions tested)
    If you want that the napp-it wget installer compiles ex smartmontools 6.6 you should
    set the beta repository prior napp-it and install gcc (pkg install gcc-5)

    You need to setup the beta repository. If you have defined it after a napp-it setup,
    install storage services manually
    pkg install --accept --deny-new-be storage/storage-server
     
    Last edited: Feb 2, 2018

Share This Page

Advertisement: