Lavigne bsdmag apr13


Published on

Article for April issue of BSD Magazine.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Lavigne bsdmag apr13

  1. 1. 12 04/2013Since its initial release in May, 2011, the newly de-signed FreeNAS 8.x series has added many fea-tures that make this open source storage operat-ing system an attractive option for everyone from homeusers up to large enterprise users.The initial releases concentrated on improving thegraphical administrative interface and the “core” NASfeatures. These core features include the ability to per-form the following within a graphical interface from a webbrowser:• import existing UFS or ZFS RAID configurations• import existing disks formatted with FAT, NTFS, orEXT2/3• create volumes, datasets, and zvols• import existing users, groups, and permissions fromActive Directory or LDAP• create Netatalk, NFS, and Samba shares and man-age permissions to those shares• share data over FTP/FTPS, SSH, and TFTP• create iSCSI targets• manage cron jobs, sysctls, and loader.conf values• manage link aggregations, VLANs, and static routes• schedule snapshots, replication, scrubs, and S.M.A.R.T. tests• backup the configuration and perform upgradesSubsequent releases added the following major featuresto augment the core NAS features:• 8.2.0, released in July, 2012, added the Plugins Jailto allow for the installation of additional software.• 8.3.0, released in October, 2012, added ZFSv28.• 8.3.1, released in March, 2013, added the ability tocreate ZFS pools on GELI encrypted disks.In addition to major features, each release incorporatesbug fixes, new drivers, and minor features to improvethe usability of FreeNAS. This article discusses some ofthese new features in more detail.Plugins JailFreeNAS 8.2.0 introduced the Plugins Jail, which allowsthe FreeNAS administrator to extend core NAS function-ality by installing additional applications in order to meetthe needs of their specific environment. This functionalityis provided through the following components:FreeBSD JailProvides light-weight, operating system-level virtualiza-tion. Essentially, it installs a separate FreeBSD systemonto the FreeNAS host. The jail has its own hostname,IP address, user accounts, processes, and configura-What’s Newin FreeNAS 8.xThis article highlights some of the new features which havebeen added to FreeNAS 8.x since July, 2012. These includethe Plugins Jail, ZFSv28, and GELI encryption.
  2. 2. www.bsdmag.orgWhats New in FreeNAS 8.xtion. The FreeNAS implementation includes vimage, whichgives the jail its own networking stack and IP broadcasting,as these are required by some file sharing applications.PBIThe Push Button Installer format was created by thePC-BSD Project to provide a graphical front-end to theFreeBSD Ports Collection. Applications can be installedand uninstalled from a GUI interface which also pro-vides information about which applications and versionsare installed. PBIs are self-contained in that they includeall the runtime and library dependencies required by theapplication.PluginsA FreeNAS plugin extends the PBI format by incorporat-ing the installed software, as well as its configuration op-tions, into the FreeNAS GUI. This allows the plugin to beinstalled, configured, started/stopped, and uninstalled, allfrom the FreeNAS GUI. Figure 1 shows how the FreeNASControl Services screen indicates that three plugins havebeen installed. Figure 2 shows the configuration screenfor the Firefly plugin.In order to install plugins, the Plugins Jail must first bedownloaded and installed. If a plugin is not available forthe needed software, FreeBSD ports or packages can stillbe installed within the plugins jail. The only difference isthat the installation, configuration, and starting/stopping ofthe application’s service is performed from the commandline of the jail, rather than from the FreeNAS GUI.The Plugins chapter of the FreeNAS Users Guide de-scribes in detail how to install and manage the plugins jail,install and manage plugins, install and manage FreeBSDpackages and ports, and how to make custom plugins.This chapter is available at 8.3.0 added support for ZFSv28. This adds thefollowing ZFS features:RAIDZ3This triple-parity version of ZFS RAID allows up to threedisks to fail, with no restrictions on which drives fail, with-out losing data.Replaceable ZILThe ZFS Intent Log is effectively a filesystem journal thatmanages writes. You can increase performance by dedi-cating a device (typically an SSD or a dedicated disk) tohold the ZIL. If the ZIL is installed on a device and thatdevice fails, it can be replaced without losing the pool.The only data that is lost is the last few seconds of writeswhich had not yet been committed to the pool.zpool splitThis command allows you to split a disk from a mirroredpool. Essentially, the pool is cloned to the disk which canthen be removed and used to recreate that pool on an-other system.autoexpandThis ZFS property allows the administrator to replacesmaller disks with larger disks in order to increase the sizeof the pool. While this is not the recommended way to in-crease pool size, it is the only option when the hardwaredoes not support adding more disks or controllers.ZLEZero Length Encoding is a fast and simple compressionalgorithm which only compresses blocks that are filledFigure 2. Configuration Screen for Firefly PluginFigure 1. Managing Plugins from Control Services Screen
  3. 3. 14 04/2013What’s Newwith zeroes. This saves space when a thin-provisionedzvol has only used a portion of the size allocated to it.DeduplicationIs the process of eliminating duplicate copies of data inorder to save space. Once deduplicaton occurs, it can im-prove ZFS performance as less data is written and stored.These features, including how to enable them and anycaveats to doing so, are described in more detail in theVolumes chapter of the FreeNAS Users Guide: ZFS volume created in FreeNAS 8.3.0 or later willautomatically be formatted with ZFSv28. Existing FreeN-AS ZFS pools running ZFSv15 can be easily upgradedusing the instructions at Upgrad-ing a pool only takes a few seconds and does not disruptthe use of the FreeNAS system.EncryptionFreeNAS 8.3.1, released on March 20, 2013, addsFreeBSD GELI disk encryption, allowing a ZFS pool tobe created on top of the AES-256 encrypted disks. Thistype of encryption is primarily targeted at users whostore sensitive data and want to retain the ability to re-move disks from the pool without having to first wipe thedisk’s contents.The design is as follows:• This is not the encryption method used by Ora-cle ZFSv30. That version of ZFS has not been opensourced and is the property of Oracle.• This is full disk encryption and not per-filesystemencryption. The underlying drives are first encrypt-ed, then the pool is created on top of the encrypteddevices.• This design is suitable for safe disposal of disks inde-pendent of the encryption key. As long as the key andthe disks are intact, the system is vulnerable to be-ing decrypted. The encryption key should be protect-ed by a strong passphrase and any backups of thekey should be securely stored.• As a backup recovery method (should the pass-phrase be forgotten), a recovery key can be used withthe encryption key to decrypt the disks.• The encryption key is per ZFS volume (pool). If youcreate multiple pools, each pool has its own encryp-tion key.• If the system has a lot of disks, there will be a perfor-mance hit if the CPU does not support AES-NI. If theprocessor does support the AES-NI instruction set,there should be very little, if any, degradation in per-formance when using encryption.• Data in the ZFS ARC cache and the contents of RAMare unencrypted.• Swap is always encrypted, even on unencrypted vol-umes.• There is no way to convert an existing, unencryptedvolume. Instead, the data must be backed up, the ex-isting pool must be destroyed, a new encrypted vol-ume must be created, and the backup restored to thenew volume.• Hybrid pools are not supported. In other words, new-ly created vdevs must match the existing encryptionscheme. When extending a volume, FreeNAS will au-tomatically encrypt the new vdev being added to theexisting encrypted pool.When creating an encrypted ZFS volume, an option isavailable to initialize the disks with random data. This isrecommended as it writes the disks with random databefore enabling encryption, which can increase its cryp-tographic strength. However, it will take longer for thevolume to be created.Once an encrypted ZFS volume is created, the usershould immediately set a passphrase on the encryptionkey, make a backup of the encryption key, and create arecovery key. Without these, it will be impossible to re-import or replace the disks at a later time. Figure 3 showsthe options for managing the encryption and recoverykeys which are added to the FreeNAS GUI for managingthe volume. Details on how to use these options can befound at FeaturesSome of the other features introduced since 8.2.0 include:• a web shell built into the FreeNAS GUI. Clicking thisopens a root shell to allow for command line manage-ment of the FreeNAS system from a web browser.Figure 3. Key Management Options for Encrypted Volume
  4. 4.• support for multipath devices on systems containingdual expander SAS backplanes, SAS drives, or du-al expander JBODs with SAS drives. Such hardwarewill be automatically configured for multipath.• an autotuning script can be used to set various load-er values and sysctls based on system resources andinstalled hardware components.• a replication window can be set, allowing snapshotstaken during the day to be replicated during the eve-ning.• improved reporting graphs make it easier to scrollthrough time intervals to monitor performance trends.• ZFS ARC stats have been added to top(1).Additional ResourcesMany resources are available to FreeNAS 8.x users. Theyinclude:• the Sourceforge download page:• the per-release documentation, in various download-able formats:• the support page for viewing/creating support ticketsand feature requests:• the user forums:• the Freenode IRC channel: #freenasDru LavigneDru Lavigne is author of BSD Hacks, The Best of FreeBSD Basics,and The Definitive Guide to PC-BSD. As Director of Communi-ty Development for the PC-BSD Project, she leads the documen-tation team, assists new users, helps to find and fix bugs, andreaches out to the community to discover their needs. She is theformer Managing Editor of the Open Source Business Resource,a free monthly publication covering open source and the com-mercialization of open source assets. She is founder and cur-rent Chair of the BSD Certification Group Inc., a non-profit orga-nization with a mission to create the standard for certifying BSDsystem administrators, and serves on the Board of the FreeBSDFoundation.