My FreeNAS Experience
Mar 28th, 2008 by admin
In an effort to bring my home/small-office network under control, ease growing space issues, gurantee safety of important records and photos, and curtail “accidents” from our tech-savvy kids, I decided to replace our aging XP ‘266mhz box that has been acting as our file server for many years, with a hodgepodge of IDE drives, and devoid of any sort of mirroring, RAID, etc..
Not wanting to spend big bucks on server equipment (which consumes server-level power, btw), but also not wanting to use “junker” equipment just because it’s available, I re-cycled a very sweet e-machine 663mhz PIII system. It’s always been a solid machine, and was just too slow to use as a workstation. It ran on a very miserly 120w power supply, so I new it wouldn’t sip much power (compared to other “former development machine” systems in my boneyard). But I didn’t want to string together any more 100GB “black friday specials” - it’s time to go big. So I bought a pair of Seagate 750GB drives from geeks.com for $125 each, and a cheap sata raid card.
While I awaited delivery on the discs, I started playing around with prototypes. FreeNAS was first. It seemed nice, but there wasn’t any user-level security. It’s just one big happy share. So much for keeping the kids out of my development stuff. But the install was easy - boot from the CD, it stores the config data on a flash drive. Nice.
OpenFiler seemed promising, but I couldn’t get the security to work. It requires an LDAP server, and I couldn’t get the included one to work. Looking at their forums, nobody else can either! Bah. Security was so good I couldn’t use it.
NasLite looked easy, but again, no security.
Back to FreeNAS. Voila! All I needed to do was use “old school” unix-level permissions. You can’t do it all from the web gui (which is very nice, btw), but once you set up the groups and users, you can then go into the console (or SSH) and use chmod and chgrp to assign ownership. The permissions then applied to what you could or couldn’t do through the samba share with a windows client. So “Carolyn” could see directories available to teh “family” group, and she could write to the “carolyn” directory, but not the “alex” directory. Yes, this would work!
The hardware arrived. I quickly set about to building a proper server. The e-machine case and power supply were inadequate for multiple disk drives, so I transplanted the motherboard into a generic tower case with a 300w power supply, installed the RAID card, drives, etc.. Long story short: I spent a lot of time getting mirroring to work. Much like navigating to/from the “lost” island, you have to follow a particular course, without deviation.
There is apparently a problem with the IOFlex card, Seagate SATA drives, and FreeBSD (FreeNAS is based on FreeBSD Unix). At least according to comments on NewEgg. I didn’t expect to need any sort of driver, as I wanted to mirror the two 750 drives and have FreeNAS see it as one drive. But FreeNAS saw it as two drives. So I tried mounting one and figured I’d let the hardware sync it to the other. Bad idea. It actually crashed FreeNAS so hard that it forgot the network config and reset the web password to some unknown… I had to start over. Long story short (again), I decided to switch to another card - the ROSEWILL RC-212, which I had bought to use as a “lifeboat” for migrating XP/Vista installations to new motherboards. Voila - this card made a mirror array (you do it by pressing TAB during the BIOS boot-up) that presented itself to FreeNAS as a distinct volume - “ar0″. The physical discs show up too in FreeNAS, but if I ignore them and just use the “ar0″, I get hardware mirroring.
Now for the critical parts - I wasted a lot of time because I picked the wrong options when setting up the discs, usually ending up in the “error - retry” when trying to mount. Here’s the magic formula, in my case:
- Hardware RAID - set in bios (I used Raid1 - mirroring two identical Seagate 750GB SATA drives)
- Add the “ar0″ disk (raid array), ignore the actual physical drives in the list. Don’t pick any pre-formatting options.
- Format the disk - choose “UFS (GPT and Soft Updates)”. Do not pick “software raid”. It will take a few minues, and fill the screen with long numbers. That’s good.
- Mount the disk - choose “EFI GPT” as the type. Here is where I fouled up earlier, by picking “UFS”. It had to be “EFI GPT”, then it worked. Bingo! I called it Data750.
Great! Now I activated SSH and SAMBA (shared \mnt\Data750 as share name “Data”). Since I’ve got unix-level control over permissoins, I decided to just use one SAMBA share. Different users get to do different things, according to the group and family membership. So everyone mounts the network drive as \\nas1\Data and their userid/password (which windows will happily remember for you, after challenging you one time) determines what they can do.
I set up (in FreeNAS web panel) users and groups:
- groups: thornsoft, family
- users: chris, brenda, carolyn, alex, matt, ripley
Chris and Brenda are members of both groups. We put the dog in there (ripley) for use by visiting relatives who may need to get/put pictures, etc..
Here’s the directory structure:
drwxrwxr-x 23 chris thornsoft 512 Mar 28 15:34 www
drwxrwxr-x 11 chris family 512 Mar 28 15:15 pub
drwxrwx— 2 chris thornsoft 512 Mar 28 14:39 dev
drwxrwx— 2 chris thornsoft 512 Mar 28 14:39 prod
Notice that everyone can see the “pub” and “www” directories, but only the “thornsoft” members (chris and brenda) can even SEE the dev and prod directories. Within “pub” are folders such as video, music, pictures, etc.., along with “home”. The “home” directory looks like this:
drwxr-x— 2 ripley family 512 Mar 28 15:15 ripley
drwxr-x— 2 matt family 512 Mar 28 15:15 matt
drwxr-x— 2 carolyn family 512 Mar 28 15:15 carolyn
drwxr-x— 2 alex family 512 Mar 28 15:15 alex
drwxr-x— 2 brenda family 512 Mar 28 15:15 brenda
drwxr-x— 2 chris family 512 Mar 28 15:15 chris
Here, you’ll see that I’ve set the group ownership to “family”, and each user owns his/her own directory. This should prevent any family member from deleting/modifying anyone else’s files. I could (probably will) make a shared folder in there, with rwx permissions for the family group. But the family group DOES also have rwx access to the other folders within the “pub” directory (music, pictures, etc..)
So how to do this? From the FreeNAS console (or an SSH session), navigate to /mnt/Data750 and issue commands such as:
- mkdir pub
- chgrp family pub
- chown chris pub
- chmod 755 pub
Then I went down into “pub” and created other directories, all with “family” group ownership. For the individual user directories, I assigned the user ownership with “chown”. For the important directories (dev and prod), I assigned the group to “thornsoft”.
As I write this, I’m syncing the directories from the XP server using SaltyBrine’s FolderClone. Once it’s done, I’ll start transitioning over to the new server. Yay!
Other misc notes….
FreeNAS can be installed onto a hard disk, compact flash card (with IDE reader) or can run from CD if you have a USB flash drive for it to store its config data. I’d like to use the CF option, but don’ thave the right kind of IDE interface for it, so I’m using the CD with config on USB. Works great, and you can hand-edit the file on another PC if you want. I “cloned” our account info that way, which was quicker than using the web interface. This is also how you back it up. Interestingly, it stores the passwords there as clear text.
Update: I have switched to software RAID mirroring. I followed the writeup in the wiki, and it seems to be working. Why do this??? I powered off one of the disks to see how the system would tolerate it. The raid controller failed (in my opinion) to keep the system running. The volume was inaccessible, and a reboot was required. In the bootup, the raid intervened and allowed me to continue to boot with the crippled mirror and it worked… But then I rebooted and tried to add the disk back in. The Raid wanted to sync it back up… sounded good, right? RED SCREEN. It flashed “duplicating…” for a second, then RED SCREEN. I tried several times. I couldn’t get it to add the other disk back in. I gave up. The software mirroring seems to work, but I’ll test more before relying on this in production. One benefit of software raid is that the S.M.A.R.T. disk monitoring works now. It can, for example, show me the disk temperature of each drive, in the web panel.
Update: Software Mirroring is going well, and we’re moved onto the new server. I added another drive, a 200GB IDE that will be used for occasionally backing up important files from the miror set, so that I have another copy. I’ll use the local rsync feature of FreeNAS to sync certain directories to the backup disk.
Power Usage: Amazingly, this box only draws 50 watts when (mostly) idle, and 70 watts during heavy use. Disk temps run about 31c on the seagate 750s, but that’s with a 90mm fan blowing directly on them (but that counts towards the power usage). I’m VERY happy. Once I get the XP server shut down, I should have about an hour of runtime on the UPS. Which is good, as FreeNAS doesn’t have the APCUPSD demon (UPS monitoring/shutdown).
Great article! I’m curious about a couple of things:
1) How do you have this connected to your network? I am considering a NAS type unit, but want to use it with a Squeezebox…so I may want to tuck this into a closet or basement and use a wireless network card.
2) Any recommendations for a low-power-consuming system? I notice (elsewhere) that you mentioned it consumed only about 50 watts. I do not want this to run 24/7, but I also don’t want it to soak up a lot of power.
Admin Replies:It’s connected via Cat5 Ethernet, but I see that there are provisions for wireless. I plan on having it running 24/7 except when we’re on vacation, so I look at it as “50 watts is a lot better than 250 watts”. FreeNAS has the ability for cron jobs, so you could have it shut down itself, or you could script it from another station, or just power off manually from the console or the WWW admin page.
very helpful article
Question:
with ref. to, quote: “Notice that everyone can see the “pub” and “www” directories, but only the “thornsoft” members (chris and brenda) can even SEE the dev and prod directories”
To handle permissions by hand through SSH is a good idea, however how do you hide /dev & /prod dirs. for others users than chris & brenda?
Hi EV,
You’re right - everyone can see the dev and prod directories. I need to re-visit this…. They can’t modify/delete anything though. But I’d rather that they aren’t navigable.
EV, Update:
I did chmod 770 on the dev and prod directories, and now the kids can’t open them.