Published on

Presentation for POSSCON 2013.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Introduction to FreeNAS 8.3.1Dru LavigneDocumentation Lead, iXsystemsPOSSCON, March 27, 2013
  2. 2. Class OutlineUSB key contains the 32- and 64-bit ISOs ofFreeNAS 8.3.1, a PDF version of the 8.3.1 UsersGuide, and a PDF of this presentation.If you would like to follow along by installingFreeNAS into a virtual machine, create severalvirtual disks. Instructions for doing so in Virtualboxcan be found on pp 21-28 of the PDF. If your CPUdoes not support “long mode”, use the 32-bit ISO.
  3. 3. Outline✔ FreeNAS Overview ZFS Overview Configuration Workflow Plugins Overview ZFS Encryption Overview Additional Resources
  4. 4. FreeNAS OverviewOpen source NAS (network attached storage)based on an embedded version of FreeBSD(nanoBSD) and released under 2-clause BSDlicenseEnterprise-grade appliance (TrueNAS) is alsoavailable in 2U/4U form factors with professionalsupport
  5. 5. FreeNAS Overview8.x is a rewrite of the original monolithic design toa modular design (.7x EOLd in 2011)8.0 was released May, 2011 with a focus on NAS“core” functionality8.2.0 introduced the Plugins Jail architecture(released on July 20, 2012) for extending core8.3.1 added GELI encryption for ZFS pools(released March 20, 2013)
  6. 6. Core FeaturesCreate UFS or ZFS volumes (ZFS recommended)Import existing UFS/ZFS RAID/z volumesImport existing UFS, DOS, NTFS, EXT2/3volumesCreate shares using Appletalk, NFS, and SMBprotocolsConfigure access through FTP/SFTP, SSH, andiSCSI
  7. 7. Core FeaturesIntegration with OpenLDAP, Active DirectoryAutomated, secure replication via rsync/sshAutomated ZFS snapshots and scrubsFront-ends to cron, sysctls, loader.confReporting graphs, scheduled S.M.A.R.T. tests,automated alerts, UPS
  8. 8. Core FeaturesLink aggregation, failover, and VLAN supportDDNS, SNMP, and TFTP supportControl panel to stop/start and view the status ofservicesUsers Guide available in wiki, HTML, PDF, epub,and Kindle formats
  9. 9. Core FeaturesSupports OSX Time Machine and WindowsShadow CopiesOS is installed on USB stick/CF and is separatefrom data on storage disksUpgrades keep a backup of the old OS, allowingfor rollbackAdministrative GUI accessed through a webbrowser; 8.2 adds a web shell for command lineoperations
  10. 10. ZFS Overview128-bit filesystem with a maximum pool/file size of16 exabytesUnlike traditional Unix filesystems, you are notlimited to the partition size and mount pointdefined at filesystem creation timeInstead, disks are fed to a “pool” and the size ofthat pool can increase as disk capacity increases
  11. 11. ZFS OverviewThe pool can be logically subdivided, with eachsegment having access to the remaining capacityof the poolOffers great flexibility!Pre-planning for hardware and designing for aparticular environments storage needs is neededfor optimization and to get the full benefits of ZFS
  12. 12. PoolRoot (parent) volume which can be sub-dividedinto datasets or zvols as neededTypically only one, but multiple pools are allowedTypically, feed all disks to the poolThe number of disks added at a time is known asa “vdev”To optimize performance, number of disks islimited and additional vdevs are striped
  13. 13. RAIDZRAIDZ* levels designed to overcome hardwareRAID limitations such as the write-hole andcorrupt data written over time before the controllernoticesDesigned for commodity disks so no RAIDcontroller is neededCan also be used with a RAID controller, but itshould be put in JBOD mode
  14. 14. RAIDZ1Avoids the RAID5 write-hole by using COW (copyon write)Parity blocks are distributed across all disksUp to one disk can fail without losing poolPool can be lost if second disk fails before restripecompletesOptimized for vdev of 3, 5, or 9 disks
  15. 15. RAIDZ2Double-parity solution similar to RAID6Parity blocks are distributed across all disksUp to two disks can fail without losing pool, withno restrictions on which disks can failOptimized for vdev of 4, 6, or 10 disks
  16. 16. RAIDZ3Triple-parity solutionParity blocks are distributed across all disksUp to three disks can fail without losing pool, withno restrictions on which disks can failOptimized for vdev of 5, 7, or 11 disks
  17. 17. ZILZFS Intent LogEffectively a filesystem journal that manageswritesA dedicated SSD or drive can increase writeperformance, especially for synchronous NFSUse ZFSv28 for dedicated ZIL or else lost devicewill lose pool
  18. 18. ARCARC refers to read cache in RAM; if RAM is verysmall, read speed is reduced to disk speedExpect a miss for random reads and a hit forcached readsTakes time for ARC to populate; if high missescontinue for cached reads, the system needs tobe tunedFreenas adds ARC stats to top(1) and includesarc_summary.py and arcstat.py tools for ARCmonitoring
  19. 19. L2ARCOptional, secondary ARC which can be installedon SSD or diskL2ARC is populated over time with “hot” readsRecommended for deduplication and to increaseread performance
  20. 20. DatasetsPool can be divided into datasetsSimilar to a folder in that it supports permissionsSimilar to a filesystem in that you can setproperties such as quotas and compressionA well thought out design can optimize storage forthe type of data being stored
  21. 21. ZvolsPool can also be divided into zvolsEssentially, a virtual, raw block deviceIdeal for iSCSI device extentsSupports quotas and compression
  22. 22. SnapshotsProvide read-only, point-in-time image of thespecified pool, dataset, or zvolSnapshots can be recursive (atomic inclusion ofall child datasets)Initial size is 0 bytes as COW, snapshot increasesin size as changes are written to diskCan be replicated to another systemCan be used to provide Windows shadow copies
  23. 23. ClonesProvide read-write copies of read-only snapshotsInitial size of clone is 0 bytesClones can be mounted and used to access datafrom that point in time (e.g. earlier revision of afile)
  24. 24. ScrubsZFS was designed to be self-healingZFS creates and verifies checksums as data iswritten to diskA scrub verifies the checksum in each disk block,correcting data as necessaryI/O intensive so should be scheduledappropriatelyReading the scrub results can provide an earlyindication of possible disk failure
  25. 25. DeduplicationUsed to free blocks containing identical data(updates reference pointers)Can improve performance on datasets containingduplicate data (e.g. virtual images)Dedup tables should fit into L2ARC; systems withlimited RAM or no L2ARC might freeze hard
  26. 26. RAMRAM is used to hold read cache, write cache,checksum calculations, dedup tables, paritycalculations, etc.Add as much RAM as possible; general rule ofthumb is:1 GB of RAM for every 1TB of storage in pool5 GB RAM/L2ARC per TB of storage to bededuplicated (use a dataset)
  27. 27. Misczpool split command can be used to “clone” amirror to one disk and to use that disk to recreatethat pool on a different systemautoexpand property allows pool to grow byreplacing one disk at a time with a larger diskResilvering is the process of resyncing a RAIDZ.This takes time, depending upon the size of diskbeing replaced. It is a bad thing to lose themaximum number of disks in a RAIDZ before theresilver completes.
  28. 28. Configuration Workflow1. Set the administrative username and password2. Create volumes/datasets3. Create users/groups or integrate with LDAP/AD4. Configure share5. Start applicable service(s)6. Test and save the configuration
  29. 29. 1. Set Administrative Creds
  30. 30. 2. Create VolumeSeveral choices:1. Import existing UFS RAID or ZFS pool2. Import existing disk or partition(s) formattedwith UFS, FAT, NTFS, or EXT2/33. Format a UFS or ZFS volume Once a ZFS volume (pool) is created, it can bedivided into datasets (with own options) or zvols(to use as a “raw” disk for iSCSI)
  31. 31. Create ZFS Volume
  32. 32. Create ZFS Dataset
  33. 33. 3. Users/GroupsChoices:1. Manually create2. Import existing Active Directory users3. Import existing LDAP users
  34. 34. Manually Create
  35. 35. Import Active Directory
  36. 36. Import from LDAP
  37. 37. 4. Configure ShareAFP: for Mac OS XCIFS: for Windows, also supports any other OSNFS: faster than CIFS, supports any OSSSH: CLI and GUI clients available for any OSFTP: CLI and GUI clients available for any OSiSCSI target: for access to “raw” disks
  38. 38. Configure ShareWhen configuring:Recommended to only have one type of share toprevent filesystem/client conflictsUsers needing access to that share must havepermission to the volume being shared, or theshare access must be set to anon/guestPermissions can be set on a per volume or perdataset basis
  39. 39. 5. Start Service
  40. 40. 6. Test and Save ConfigurationFrom a client, confirm that access is permitted toallowed usersCan enable console logging at bottom of browserto troubleshoot a service that wont startCan use web shell to read logs whentroubleshooting
  41. 41. Save Configuration
  42. 42. Plugins ArchitectureProvides the administrator the flexibility to installadditional software from the FreeNAS GUI tomeet the requirements of the NASComprised of three components:- FreeBSD Jail- PBI (Push Button Installer) files- Plugins
  43. 43. What is a Jail?A FreeBSD feature for providing light-weight,operating system-level virtualizationA jail has its own hostname, IP address, users,and is separated from the host operating systemFreeNAS implementation includes vimage whichgives the jail its own networking stack and IPbroadcasting
  44. 44. What is a PBI/Plugin?PBI format originally created by the PC-BSDproject (a desktop version of FreeBSD)Provides a graphical installation wrapper forsoftware ported to FreeBSDFreeNAS implementation extends thisfunctionality by incorporating the applicationsconfiguration file into the FreeNAS graphicaladministrative interface—the result is known as aPlugin
  45. 45. Installing the Plugins JailBefore any plugins can be installed, the PluginsJail must be installed and startedRecommended that Plugins Jail is installed into itsown ZFS dataset and that a second dataset isused to store the installed softwareThe Plugins Jail and supported Plugins can bedownloaded from plugins folder for architecturehttp://sourceforge.net/projects/freenas/files/FreeNAS-8.3.1/
  46. 46. Installing the Plugins Jail
  47. 47. Starting the Plugins Jail
  48. 48. Installing a PluginOnce the Plugins Jail is installed and the Pluginsservice started, you can install FreeNAS PBIs(Plugins)As each Plugin is installed, an icon will be addedto the FreeNAS menu (used to configure theapplication) and its service will be added to thePlugins tab of the Control Services menu so it canbe started
  49. 49. Installing Plugins
  50. 50. Configuring a Plugin
  51. 51. Installing Non-PBI SoftwareIf a PBI is not available, you can still installFreeBSD packages or compile ports within thePlugins JailSoftware installed this way will not be integratedinto the administrative interface but can beconfigured and started from the command lineUse FreshPorts.org to search for software thathas been ported to FreeBSD
  52. 52. Installing PackagesA FreeBSD package is a pre-compiled binary thatincludes the dependencies required by theapplicationInstalled using the pkg_add -r command:FreshPorts.org will tell you the exact command tousepkg_info -Lx will tell you what gets installedTypically, conf files are in /usr/local/etc/ andstartup scripts are in /usr/local/etc/rc.d/
  53. 53. Compiling PortsPackages are recommended unless a package isnot available or you need to change a compileoption as compiling takes time and systemresourcesFreshPorts.org will list the available compileoptionsUse the make install command to compileOnce compiled and installed, the software can beconfigured like any other package
  54. 54. Available PBIsFreeNAS PBIs are still new (only available sinceJuly 2012)3 official PBIs: Firefly, MiniDLNA, TransmissionList of PBI requests:http://doc.freenas.org/index.php/PBI_RequestsList of user-created PBIs:http://forums.freenas.org/showthread.php?8470-INDEX-Available-Plugins
  55. 55. EncryptionGELI full disk encryption for new ZFS volumes(not ZFSv30 encryption which is closed source)Full disk encryption, not per-filesystem encryptionTargeted at users who store sensitive data andwant the ability to safely dispose of disks(independent of the encryption key) without wipingthem firstEncryption key is per ZFS pool
  56. 56. EncryptionEncryption key is protected by both a passphraseand a recovery keyCPU that supports AES-NI is recommended,especially if more than one disk in poolData in the ARC cache and the contents of RAMare unencryptedSwap is always encrypted, even on unencryptedvolumes
  57. 57. EncryptionKey management tools added to encryptedvolumes screen in GUIUsed to change the passphrase, download a copyof the key, create a new key (which destroys theold key), create and download a copy of therecovery key, and change the recovery keyIf the passphrase is forgotten, the recovery keycan be used (needed when importing a pool)
  58. 58. Encryption
  59. 59. ResourcesWebsite:http://www.freenas.orgForums:http://forums.freenas.orgBug tracker:http://support.freenas.org
  60. 60. ResourcesLinks to Users Guide:http://doc.freenas.orgIRC:#freenas on FreenodeLinks to mailing lists and instructional videos:http://doc.freenas.org/index.php/FreeNAS_Support_Resources
  61. 61. Questions Contact: dru@freebsd.org URL to Slides:http://slideshare.net/dlavigne/posscon2013