My FreeNAS Experience
Mar 28th, 2008 by admin
In an effort to bring my home/small-office network under control, ease growing space issues, gurantee safety of important records and photos, and curtail “accidents” from our tech-savvy kids, I decided to replace our aging XP ‘266mhz box that has been acting as our file server for many years, with a hodgepodge of IDE drives, and devoid of any sort of mirroring, RAID, etc..
Not wanting to spend big bucks on server equipment (which consumes server-level power, btw), but also not wanting to use “junker” equipment just because it’s available, I re-cycled a very sweet e-machine 663mhz PIII system. It’s always been a solid machine, and was just too slow to use as a workstation. It ran on a very miserly 120w power supply, so I new it wouldn’t sip much power (compared to other “former development machine” systems in my boneyard). But I didn’t want to string together any more 100GB “black friday specials” - it’s time to go big. So I bought a pair of Seagate 750GB drives from geeks.com for $125 each, and a cheap sata raid card.
While I awaited delivery on the discs, I started playing around with prototypes. FreeNAS was first. It seemed nice, but there wasn’t any user-level security. It’s just one big happy share. So much for keeping the kids out of my development stuff. But the install was easy - boot from the CD, it stores the config data on a flash drive. Nice.
OpenFiler seemed promising, but I couldn’t get the security to work. It requires an LDAP server, and I couldn’t get the included one to work. Looking at their forums, nobody else can either! Bah. Security was so good I couldn’t use it.
NasLite looked easy, but again, no security.
Back to FreeNAS. Voila! All I needed to do was use “old school” unix-level permissions. You can’t do it all from the web gui (which is very nice, btw), but once you set up the groups and users, you can then go into the console (or SSH) and use chmod and chgrp to assign ownership. The permissions then applied to what you could or couldn’t do through the samba share with a windows client. So “Carolyn” could see directories available to teh “family” group, and she could write to the “carolyn” directory, but not the “alex” directory. Yes, this would work!
The hardware arrived. I quickly set about to building a proper server. The e-machine case and power supply were inadequate for multiple disk drives, so I transplanted the motherboard into a generic tower case with a 300w power supply, installed the RAID card, drives, etc.. Long story short: I spent a lot of time getting mirroring to work. Much like navigating to/from the “lost” island, you have to follow a particular course, without deviation.
There is apparently a problem with the IOFlex card, Seagate SATA drives, and FreeBSD (FreeNAS is based on FreeBSD Unix). At least according to comments on NewEgg. I didn’t expect to need any sort of driver, as I wanted to mirror the two 750 drives and have FreeNAS see it as one drive. But FreeNAS saw it as two drives. So I tried mounting one and figured I’d let the hardware sync it to the other. Bad idea. It actually crashed FreeNAS so hard that it forgot the network config and reset the web password to some unknown… I had to start over. Long story short (again), I decided to switch to another card - the ROSEWILL RC-212, which I had bought to use as a “lifeboat” for migrating XP/Vista installations to new motherboards. Voila - this card made a mirror array (you do it by pressing TAB during the BIOS boot-up) that presented itself to FreeNAS as a distinct volume - “ar0″. The physical discs show up too in FreeNAS, but if I ignore them and just use the “ar0″, I get hardware mirroring.
Now for the critical parts - I wasted a lot of time because I picked the wrong options when setting up the discs, usually ending up in the “error - retry” when trying to mount. Here’s the magic formula, in my case:
- Hardware RAID - set in bios (I used Raid1 - mirroring two identical Seagate 750GB SATA drives)
- Add the “ar0″ disk (raid array), ignore the actual physical drives in the list. Don’t pick any pre-formatting options.
- Format the disk - choose “UFS (GPT and Soft Updates)”. Do not pick “software raid”. It will take a few minues, and fill the screen with long numbers. That’s good.
- Mount the disk - choose “EFI GPT” as the type. Here is where I fouled up earlier, by picking “UFS”. It had to be “EFI GPT”, then it worked. Bingo! I called it Data750.
Great! Now I activated SSH and SAMBA (shared \mnt\Data750 as share name “Data”). Since I’ve got unix-level control over permissoins, I decided to just use one SAMBA share. Different users get to do different things, according to the group and family membership. So everyone mounts the network drive as \\nas1\Data and their userid/password (which windows will happily remember for you, after challenging you one time) determines what they can do.
I set up (in FreeNAS web panel) users and groups:
- groups: thornsoft, family
- users: chris, brenda, carolyn, alex, matt, ripley
Chris and Brenda are members of both groups. We put the dog in there (ripley) for use by visiting relatives who may need to get/put pictures, etc..
Here’s the directory structure:
drwxrwxr-x 23 chris thornsoft 512 Mar 28 15:34 www
drwxrwxr-x 11 chris family 512 Mar 28 15:15 pub
drwxrwx— 2 chris thornsoft 512 Mar 28 14:39 dev
drwxrwx— 2 chris thornsoft 512 Mar 28 14:39 prod
Notice that everyone can see the “pub” and “www” directories, but only the “thornsoft” members (chris and brenda) can even SEE the dev and prod directories. Within “pub” are folders such as video, music, pictures, etc.., along with “home”. The “home” directory looks like this:
drwxr-x— 2 ripley family 512 Mar 28 15:15 ripley
drwxr-x— 2 matt family 512 Mar 28 15:15 matt
drwxr-x— 2 carolyn family 512 Mar 28 15:15 carolyn
drwxr-x— 2 alex family 512 Mar 28 15:15 alex
drwxr-x— 2 brenda family 512 Mar 28 15:15 brenda
drwxr-x— 2 chris family 512 Mar 28 15:15 chris
Here, you’ll see that I’ve set the group ownership to “family”, and each user owns his/her own directory. This should prevent any family member from deleting/modifying anyone else’s files. I could (probably will) make a shared folder in there, with rwx permissions for the family group. But the family group DOES also have rwx access to the other folders within the “pub” directory (music, pictures, etc..)
So how to do this? From the FreeNAS console (or an SSH session), navigate to /mnt/Data750 and issue commands such as:
- mkdir pub
- chgrp family pub
- chown chris pub
- chmod 755 pub
Then I went down into “pub” and created other directories, all with “family” group ownership. For the individual user directories, I assigned the user ownership with “chown”. For the important directories (dev and prod), I assigned the group to “thornsoft”.
As I write this, I’m syncing the directories from the XP server using SaltyBrine’s FolderClone. Once it’s done, I’ll start transitioning over to the new server. Yay!
Other misc notes….
FreeNAS can be installed onto a hard disk, compact flash card (with IDE reader) or can run from CD if you have a USB flash drive for it to store its config data. I’d like to use the CF option, but don’ thave the right kind of IDE interface for it, so I’m using the CD with config on USB. Works great, and you can hand-edit the file on another PC if you want. I “cloned” our account info that way, which was quicker than using the web interface. This is also how you back it up. Interestingly, it stores the passwords there as clear text.
