Personal Computing

TrueNAS Core 12.0 RC1 Arrives

TrueNAS Core 12.0 RC1 Arrives

On Friday, DW updated the FreeNAS server to TrueNAS Core 12.0 RC1. Our use cases are simple so risk was low. The post describes what we encountered — TrueNAS is the same but different. Mostly UI reorganization and User Guide rewrite. We’re up and alive and well.

Dismal Manor runs a small hobby TrueNAS server to hold and serve photos and music. This server shares files with a MacOS system and runs instances of Roon and Plex to distribute music about the manor. On Friday, Dismal Wizard said 3 hail Marys and upgraded from FreeNAS 11.3 to TrueNAS Core 12.0 RC1. Here are the Wizard’s first impressions.



Applying the update

Upgrading from FreeNAS 11.3 to TrueNAS Core 12.0 RC1 went smoothly. Browse to System -> Updates, change the update source to TrueNAS Core 12.0 Release Candidates, and run the update process. The updater will create a new boot environment having TrueNAS Core 12.0 RC1 in it. If something goes wrong, restart and select the previous boot environment to get back to the FreeNAS 11.3 code.

The UI is the same but different

TrueNAS uses the same UI toolkit as FreeNAS 12.3 but many of the views have been revised. If you can’t find something, visit the User Guide and search for the thing you need. Chances are, it is there. For example, the host name has moved from the System overview to the Network view. This may have happened in 11.3 but it was in a different place in the beginning (2017 for me).

TrueNAS 12 likes FreeNAS 11 pools

As it comes up, TrueNAS 12.0 RC1 will function with the FreeNAS 11.3 on disk metadata. It will offer you the option to update each storage pool to the OpenZFS 2 format. Once you do this, you are committed to running TrueNAS 12.o as the new file system metadata may not be backward compatible.

Is snapshot your friend?

One thought that crossed my mind while I was writing this post is that you can snapshot your filesystem and allow it to replicate before doing the FreeNAS 11 to TrueNAS 12 metadata conversion. If things were to go wobbly, it might be possible to revert to the prior boot environment and associated snapshot. I’ve not actually done this but this sort of recovery is the intent of the two tools.

Minor sorting needed for MacOS sharing

I did have to fix up owners and permissions on two datasets shared with MacOS. That took some fiddling but was easy. In doing this, I discovered ACLS and ACE’s by accident. Fortunately, there is an option to strip ACLS. Basically, group membership got goofed on some objects. The Mac would create them as user.staff while they were on the server. User held media but somehow that went a bit wobbly. So solution was to identify MacOS user number and group number and make them match using the TrueNAS pool editor.

This was largely my problem in that I’d created a new user and user number when this iMac arrived. The idea was to abandon all the G4 cruft still around in Applications, etc. I’d created a media group for sharing photos and music when first setting up the server. When I actually migrated from the the Mac Mini to the iMac, the server now held a mix of owners and a mix of groups. This blocked tree traversal. The fix was to make the current iMac user be owner of record and to make staff be the group of record. The pool permissions editor quickly fixed this. Don’t try this via CIFS as it will take forever.

Access Control Lists are visible in TrueNAS 12

The TrueNAS 12 User Guide describes Access Control Lists and Access Control elements. Before doing anything, read the whole page from top to bottom. Most of what you need to know is there. To learn more about ACLS, look at [6].

The ACL view needs a little more explaining. The left column lets you set up an iNode’s ACL. But what is that thing on the right? What are user@ and group@? It’s almost there.

How do ACLS appear to operating systems commonly used as OpenZFS clients? Which sharing protocols can represent OpenZFS ACLS to clients? A reference is needed. Do the OpenZFS folks have one? TrueNAS and OpenZFS implement NFS 4.0 ACLS which map pretty directly to Microsoft NTFS ACLS. Somewhere are scrolls describing NFS 4 ACLS. Maybe Bill Joy knows! 🙂

ACLS are one of those mysteries

It is amazing how many authors dodge an explanation of access control lists. They’ve been around since Digital’s VMS 4.0 in the 1990’s. Basically, they are a formalization and generalization of system object access permissions.

A user holds a list of roles. An ACL lists the users or groups granted that role for that object. UNIX roles are create and control, read, write, and traverse or execute. NFS 4 has several extended roles Sun found needed in large NFS environments.

An ACL is useful when a small number of individuals hold a role but not an entire UNIX group is to hold the role.

Let’s say you had 3 groups, the owner or original author, the editors and reviewers, and the readers. UNIX lets one owner create, change, and delete the object. If you use the group to allow the editors to modify the document, the editors can also delete it. So the delete role and the modify role need to be separated. Meanwhile, can you use other for the readers? Not if the readers are a subset of the domain. But if readers aren’t editors, you can’t use the group permission for the readers. ACLS were developed to solve these role-based conflicts.

Reference [6] has several examples explaining the roles, which users should hold a particular role, and how to grant the role permissions to each of the users. The example is for UNIX and NFS 4.0.

Dismal Manor use cases don’t need ACLS

Dismal Manor is just Dismal Wizard and the dogs. Unless Siri logs Rocky in, it is just me. Our use cases are to store music and photographs on reliable, backed-up local storage. For this use case, we don’t need ACLS. So we stripped them when we discovered we had created them. User and group are sufficient. The Roon server runs at root in a VM that is sandboxed to the music directory. Similarly, the Plex server is in a jail and sandboxed to music and photos/videos.

Hostname and MDNS responder went missing

The only other surprise is that TrueNAS Core 12.0 RC1 did not know its hostname. I couldn’t see a place to set it in System and MDNS did not know the host by its old name. Is the MDNS responder included and configured? Yes, the info was moved from System to Network. Once set, the machine is there.

The User Guide is new

The User Guide looks like a complete rewrite. At first glance all the material on Jails and Virtual Machines is missing from the Guide while the FreeNAS 11.3 implementation is present and works. In reality, it is all there but tucked away down in “Advanced Tasks”. Global search of the guide is your friend.

The user guide is structured differently than before. Many things are tucked away in “Advanced Tasks”. The material here is less “advanced” and more “less commonly used.”

By davehamby

A modern Merlin, hell bent for glory, he shot the works and nothing worked.