• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Posscon2013
 

Posscon2013

on

  • 436 views

Presentation for POSSCON 2013.

Presentation for POSSCON 2013.

Statistics

Views

Total Views
436
Views on SlideShare
436
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Posscon2013 Posscon2013 Presentation Transcript

    • Introduction to FreeNAS 8.3.1Dru LavigneDocumentation Lead, iXsystemsPOSSCON, March 27, 2013
    • Class OutlineUSB key contains the 32- and 64-bit ISOs ofFreeNAS 8.3.1, a PDF version of the 8.3.1 UsersGuide, and a PDF of this presentation.If you would like to follow along by installingFreeNAS into a virtual machine, create severalvirtual disks. Instructions for doing so in Virtualboxcan be found on pp 21-28 of the PDF. If your CPUdoes not support “long mode”, use the 32-bit ISO.
    • Outline✔ FreeNAS Overview ZFS Overview Configuration Workflow Plugins Overview ZFS Encryption Overview Additional Resources
    • FreeNAS OverviewOpen source NAS (network attached storage)based on an embedded version of FreeBSD(nanoBSD) and released under 2-clause BSDlicenseEnterprise-grade appliance (TrueNAS) is alsoavailable in 2U/4U form factors with professionalsupport
    • FreeNAS Overview8.x is a rewrite of the original monolithic design toa modular design (.7x EOLd in 2011)8.0 was released May, 2011 with a focus on NAS“core” functionality8.2.0 introduced the Plugins Jail architecture(released on July 20, 2012) for extending core8.3.1 added GELI encryption for ZFS pools(released March 20, 2013)
    • Core FeaturesCreate UFS or ZFS volumes (ZFS recommended)Import existing UFS/ZFS RAID/z volumesImport existing UFS, DOS, NTFS, EXT2/3volumesCreate shares using Appletalk, NFS, and SMBprotocolsConfigure access through FTP/SFTP, SSH, andiSCSI
    • Core FeaturesIntegration with OpenLDAP, Active DirectoryAutomated, secure replication via rsync/sshAutomated ZFS snapshots and scrubsFront-ends to cron, sysctls, loader.confReporting graphs, scheduled S.M.A.R.T. tests,automated alerts, UPS
    • Core FeaturesLink aggregation, failover, and VLAN supportDDNS, SNMP, and TFTP supportControl panel to stop/start and view the status ofservicesUsers Guide available in wiki, HTML, PDF, epub,and Kindle formats
    • Core FeaturesSupports OSX Time Machine and WindowsShadow CopiesOS is installed on USB stick/CF and is separatefrom data on storage disksUpgrades keep a backup of the old OS, allowingfor rollbackAdministrative GUI accessed through a webbrowser; 8.2 adds a web shell for command lineoperations
    • ZFS Overview128-bit filesystem with a maximum pool/file size of16 exabytesUnlike traditional Unix filesystems, you are notlimited to the partition size and mount pointdefined at filesystem creation timeInstead, disks are fed to a “pool” and the size ofthat pool can increase as disk capacity increases
    • ZFS OverviewThe pool can be logically subdivided, with eachsegment having access to the remaining capacityof the poolOffers great flexibility!Pre-planning for hardware and designing for aparticular environments storage needs is neededfor optimization and to get the full benefits of ZFS
    • PoolRoot (parent) volume which can be sub-dividedinto datasets or zvols as neededTypically only one, but multiple pools are allowedTypically, feed all disks to the poolThe number of disks added at a time is known asa “vdev”To optimize performance, number of disks islimited and additional vdevs are striped
    • RAIDZRAIDZ* levels designed to overcome hardwareRAID limitations such as the write-hole andcorrupt data written over time before the controllernoticesDesigned for commodity disks so no RAIDcontroller is neededCan also be used with a RAID controller, but itshould be put in JBOD mode
    • RAIDZ1Avoids the RAID5 write-hole by using COW (copyon write)Parity blocks are distributed across all disksUp to one disk can fail without losing poolPool can be lost if second disk fails before restripecompletesOptimized for vdev of 3, 5, or 9 disks
    • RAIDZ2Double-parity solution similar to RAID6Parity blocks are distributed across all disksUp to two disks can fail without losing pool, withno restrictions on which disks can failOptimized for vdev of 4, 6, or 10 disks
    • RAIDZ3Triple-parity solutionParity blocks are distributed across all disksUp to three disks can fail without losing pool, withno restrictions on which disks can failOptimized for vdev of 5, 7, or 11 disks
    • ZILZFS Intent LogEffectively a filesystem journal that manageswritesA dedicated SSD or drive can increase writeperformance, especially for synchronous NFSUse ZFSv28 for dedicated ZIL or else lost devicewill lose pool
    • ARCARC refers to read cache in RAM; if RAM is verysmall, read speed is reduced to disk speedExpect a miss for random reads and a hit forcached readsTakes time for ARC to populate; if high missescontinue for cached reads, the system needs tobe tunedFreenas adds ARC stats to top(1) and includesarc_summary.py and arcstat.py tools for ARCmonitoring
    • L2ARCOptional, secondary ARC which can be installedon SSD or diskL2ARC is populated over time with “hot” readsRecommended for deduplication and to increaseread performance
    • DatasetsPool can be divided into datasetsSimilar to a folder in that it supports permissionsSimilar to a filesystem in that you can setproperties such as quotas and compressionA well thought out design can optimize storage forthe type of data being stored
    • ZvolsPool can also be divided into zvolsEssentially, a virtual, raw block deviceIdeal for iSCSI device extentsSupports quotas and compression
    • SnapshotsProvide read-only, point-in-time image of thespecified pool, dataset, or zvolSnapshots can be recursive (atomic inclusion ofall child datasets)Initial size is 0 bytes as COW, snapshot increasesin size as changes are written to diskCan be replicated to another systemCan be used to provide Windows shadow copies
    • ClonesProvide read-write copies of read-only snapshotsInitial size of clone is 0 bytesClones can be mounted and used to access datafrom that point in time (e.g. earlier revision of afile)
    • ScrubsZFS was designed to be self-healingZFS creates and verifies checksums as data iswritten to diskA scrub verifies the checksum in each disk block,correcting data as necessaryI/O intensive so should be scheduledappropriatelyReading the scrub results can provide an earlyindication of possible disk failure
    • DeduplicationUsed to free blocks containing identical data(updates reference pointers)Can improve performance on datasets containingduplicate data (e.g. virtual images)Dedup tables should fit into L2ARC; systems withlimited RAM or no L2ARC might freeze hard
    • RAMRAM is used to hold read cache, write cache,checksum calculations, dedup tables, paritycalculations, etc.Add as much RAM as possible; general rule ofthumb is:1 GB of RAM for every 1TB of storage in pool5 GB RAM/L2ARC per TB of storage to bededuplicated (use a dataset)
    • Misczpool split command can be used to “clone” amirror to one disk and to use that disk to recreatethat pool on a different systemautoexpand property allows pool to grow byreplacing one disk at a time with a larger diskResilvering is the process of resyncing a RAIDZ.This takes time, depending upon the size of diskbeing replaced. It is a bad thing to lose themaximum number of disks in a RAIDZ before theresilver completes.
    • Configuration Workflow1. Set the administrative username and password2. Create volumes/datasets3. Create users/groups or integrate with LDAP/AD4. Configure share5. Start applicable service(s)6. Test and save the configuration
    • 1. Set Administrative Creds
    • 2. Create VolumeSeveral choices:1. Import existing UFS RAID or ZFS pool2. Import existing disk or partition(s) formattedwith UFS, FAT, NTFS, or EXT2/33. Format a UFS or ZFS volume Once a ZFS volume (pool) is created, it can bedivided into datasets (with own options) or zvols(to use as a “raw” disk for iSCSI)
    • Create ZFS Volume
    • Create ZFS Dataset
    • 3. Users/GroupsChoices:1. Manually create2. Import existing Active Directory users3. Import existing LDAP users
    • Manually Create
    • Import Active Directory
    • Import from LDAP
    • 4. Configure ShareAFP: for Mac OS XCIFS: for Windows, also supports any other OSNFS: faster than CIFS, supports any OSSSH: CLI and GUI clients available for any OSFTP: CLI and GUI clients available for any OSiSCSI target: for access to “raw” disks
    • Configure ShareWhen configuring:Recommended to only have one type of share toprevent filesystem/client conflictsUsers needing access to that share must havepermission to the volume being shared, or theshare access must be set to anon/guestPermissions can be set on a per volume or perdataset basis
    • 5. Start Service
    • 6. Test and Save ConfigurationFrom a client, confirm that access is permitted toallowed usersCan enable console logging at bottom of browserto troubleshoot a service that wont startCan use web shell to read logs whentroubleshooting
    • Save Configuration
    • Plugins ArchitectureProvides the administrator the flexibility to installadditional software from the FreeNAS GUI tomeet the requirements of the NASComprised of three components:- FreeBSD Jail- PBI (Push Button Installer) files- Plugins
    • What is a Jail?A FreeBSD feature for providing light-weight,operating system-level virtualizationA jail has its own hostname, IP address, users,and is separated from the host operating systemFreeNAS implementation includes vimage whichgives the jail its own networking stack and IPbroadcasting
    • What is a PBI/Plugin?PBI format originally created by the PC-BSDproject (a desktop version of FreeBSD)Provides a graphical installation wrapper forsoftware ported to FreeBSDFreeNAS implementation extends thisfunctionality by incorporating the applicationsconfiguration file into the FreeNAS graphicaladministrative interface—the result is known as aPlugin
    • Installing the Plugins JailBefore any plugins can be installed, the PluginsJail must be installed and startedRecommended that Plugins Jail is installed into itsown ZFS dataset and that a second dataset isused to store the installed softwareThe Plugins Jail and supported Plugins can bedownloaded from plugins folder for architecturehttp://sourceforge.net/projects/freenas/files/FreeNAS-8.3.1/
    • Installing the Plugins Jail
    • Starting the Plugins Jail
    • Installing a PluginOnce the Plugins Jail is installed and the Pluginsservice started, you can install FreeNAS PBIs(Plugins)As each Plugin is installed, an icon will be addedto the FreeNAS menu (used to configure theapplication) and its service will be added to thePlugins tab of the Control Services menu so it canbe started
    • Installing Plugins
    • Configuring a Plugin
    • Installing Non-PBI SoftwareIf a PBI is not available, you can still installFreeBSD packages or compile ports within thePlugins JailSoftware installed this way will not be integratedinto the administrative interface but can beconfigured and started from the command lineUse FreshPorts.org to search for software thathas been ported to FreeBSD
    • Installing PackagesA FreeBSD package is a pre-compiled binary thatincludes the dependencies required by theapplicationInstalled using the pkg_add -r command:FreshPorts.org will tell you the exact command tousepkg_info -Lx will tell you what gets installedTypically, conf files are in /usr/local/etc/ andstartup scripts are in /usr/local/etc/rc.d/
    • Compiling PortsPackages are recommended unless a package isnot available or you need to change a compileoption as compiling takes time and systemresourcesFreshPorts.org will list the available compileoptionsUse the make install command to compileOnce compiled and installed, the software can beconfigured like any other package
    • Available PBIsFreeNAS PBIs are still new (only available sinceJuly 2012)3 official PBIs: Firefly, MiniDLNA, TransmissionList of PBI requests:http://doc.freenas.org/index.php/PBI_RequestsList of user-created PBIs:http://forums.freenas.org/showthread.php?8470-INDEX-Available-Plugins
    • EncryptionGELI full disk encryption for new ZFS volumes(not ZFSv30 encryption which is closed source)Full disk encryption, not per-filesystem encryptionTargeted at users who store sensitive data andwant the ability to safely dispose of disks(independent of the encryption key) without wipingthem firstEncryption key is per ZFS pool
    • EncryptionEncryption key is protected by both a passphraseand a recovery keyCPU that supports AES-NI is recommended,especially if more than one disk in poolData in the ARC cache and the contents of RAMare unencryptedSwap is always encrypted, even on unencryptedvolumes
    • EncryptionKey management tools added to encryptedvolumes screen in GUIUsed to change the passphrase, download a copyof the key, create a new key (which destroys theold key), create and download a copy of therecovery key, and change the recovery keyIf the passphrase is forgotten, the recovery keycan be used (needed when importing a pool)
    • Encryption
    • ResourcesWebsite:http://www.freenas.orgForums:http://forums.freenas.orgBug tracker:http://support.freenas.org
    • ResourcesLinks to Users Guide:http://doc.freenas.orgIRC:#freenas on FreenodeLinks to mailing lists and instructional videos:http://doc.freenas.org/index.php/FreeNAS_Support_Resources
    • Questions Contact: dru@freebsd.org URL to Slides:http://slideshare.net/dlavigne/posscon2013