Monday, October 19, 2009

EON ZFS Storage 0.59.4 based on snv_124 released!

Embedded Operating system/Networking (EON), RAM based live ZFS NAS appliance is released on Genunix! Many thanks to Genunix.org for download hosting and serving the opensolaris community.

EON ZFS storage is available in 32 and 64-bit, CIFS and Samba versions:
tryitEON 64-bit x86 CIFS ISO image version 0.59.4 based on snv_124
tryitEON 64-bit x86 Samba ISO image version 0.59.4 based on snv_124
tryitEON 32-bit x86 CIFS ISO image version 0.59.4 based on snv_124
tryitEON 32-bit x86 Samba ISO image version 0.59.4 based on snv_124
New/Changes/Fixes:
- initialization of ntpd, nscd at boot time, moved to /mnt/eon0/.exec
- added /mnt/eon0/.disable for K99local stop for a cleaner shutdown
- added /mnt/eon0/.purge to allow removing drivers and binaries not needed by your image
- new version of install.sh. Fixes a bug for virtual disks, multiple runs and improved error checking of stages
- new transporter.sh CLI to automate upgrades, backups or downgrades to backed-up versions
- eon rebooting at grub(since snv_122) in ESXi, Fusion and various versions of VMware workstation. This is related to bug 6820576. Workaround, at grub press e and add on the end of the kernel line "-B disable-pcieb=true"
Posted by at 21 comments:

Friday, October 16, 2009

A new and simpler way to upgrade EON ZFS storage

There is a new and simple way to upgrade your current EON ZFS storage to the newest version. I've added a tool, transporter.sh which allows you to backup, upgrade or restore(NOTE: restore only works if you have a backed-up version) your EON ZFS storage version. Here is a usage output:
transporter.sh 
usage: transporter.sh -i /path/eon.iso -b /path/backup -d /mnt/eon0
transporter.sh -i /tmp/eon-0.593-122-64-smb.iso -d /mnt/eon0
transporter.sh -i /tmp/eon-0.593-122-64-smb.iso -b /pool/backup -d /mnt/eon0
transporter.sh -r /pool/backup/0.59.3 -d /mnt/eon0

-i path to the source ISO
-b path to the backup destination [optional]
-d path to the upgrade destination
-r path to the restore source [optional]
Here's an example run without backup options. It is always wise to have a backup. I cannot stress this enough. There is no backup in this example because I have a previous backup in /abyss/eonback/0.593.
transporter.sh -i /tmp/eon.iso -d /mnt/eon0
OK: lofiadm -a /tmp/eon.iso /dev/lofi/1
OK: mount -F hsfs /dev/lofi/1 /tmp/upgrade
removing /mnt/eon0/boot
copying /tmp/upgrade -> /mnt/eon0
x ., 0 bytes, 0 tape blocks
x ./boot, 0 bytes, 0 tape blocks
x ./boot/amd64, 0 bytes, 0 tape blocks
x ./boot/grub, 0 bytes, 0 tape blocks
x ./boot/grub/bin, 0 bytes, 0 tape blocks
x ./boot/grub/bin/grub, 180380 bytes, 353 tape blocks
[...]   excerpt clipped
./boot/platform/i86xpv/kernel/amd64, 0 bytes, 0 tape blocks
x ./boot/platform/i86xpv/kernel/amd64/unix, 2084984 bytes, 4073 tape blocks
x ./boot/platform/i86xpv/kernel/unix, 1544152 bytes, 3016 tape blocks
x ./boot/x86.eon, 49523134 bytes, 96725 tape blocks
x ./.backup, 1454 bytes, 3 tape blocks
x ./.catalog, 2048 bytes, 4 tape blocks
x ./.disable, 137 bytes, 1 tape blocks
x ./.exec, 1383 bytes, 3 tape blocks
x ./.remove, 3264 bytes, 7 tape blocks
unmounting /dev/lofi/1
OK: umount /dev/lofi/1
releasing /dev/lofi/1
OK: lofiadm -d /dev/lofi/1
Please report any inconsistent findings.
Posted by at 9 comments:

Monday, September 28, 2009

Thumper features in EON ZFS storage

With binary kit 122, the package SUNWhd (tools and driver download) used in thumper was added to EON. With this package you get the capability to tell a great deal of metrics about your disks. It gives the ability to control read and write cache. It allows to tell firmware revision, vendor, serial and very importantly, the temperature of the disks.

We know that higher temperature disks, perform less efficiently. In my DIY ZFS storage case, hdadm showed that there was insufficient cooling or air was not being moved efficiently through the cage as the temperature of the 15K rpm drives continuously inched towards the clip or shutdown temperature. The clip temperature can be seen in the output of:
smartctl -d scsi -a /dev/rdsk/cXtXdXsX
...   excerpt
Device supports SMART and is Enabled
Temperature Warning Enabled
SMART Health Status: OK

Current Drive Temperature:     48 C
Drive Trip Temperature:        65 C
Manufactured in week 31 of year 2006
Re-orientation of the drives and re-positioning a 20MM fan seems to be holding at 53 degree C. I'll focus on getting temperatures down to the 36-40 degree C range. For more use see hdadm which is a wrapper script for calling the hd binary.
hdadm display
                                                            
Device    Serial        Vendor   Model             Rev  Temperature
------    ------        ------   -----             ---- -----------
c0t1d0p0  DNL3P68018NM  FUJITSU  MAX3036NC         5D03 53 C (127 F)
c0t2d0p0  DNL3P6400SDR  FUJITSU  MAX3036NC         5D03 58 C (136 F)
c0t3d0p0  DNL3P68018NN  FUJITSU  MAX3036NC         5D03 54 C (129 F)
c1t1d0p0  DNL3P6400SEE  FUJITSU  MAX3036NC         5D03 49 C (120 F)
c1t2d0p0  DNL3P68018BC  FUJITSU  MAX3036NC         5D03 51 C (123 F)
c1t3d0p0  DNL3P68018NV  FUJITSU  MAX3036NC         5D03 46 C (114 F)
c2d0p0    HNCF128MMG=STCB21M84025C03356C1  MG      84025C03356C1     -    None
A hard drive performance test can be run using:
hdadm diskqual
Posted by at 3 comments:

Wednesday, September 23, 2009

EON + ZFS Storage + iTunes/Firefly server equals?

What happens when you combine your EON ZFS storage with Firefly's media server/mt-daapd, the opensource iTunes server? Music to everyone's ears!

I previously covered apps to make your EON ZFS storage work for you and someone stated mt-daapd would be nice. So here it is. You can download the 32-bit mt-daapd svn_1696 here (md5sum: 6aafee73058f7628cbf3fb0199a5c162). This version supports mp3, flac, oggvorbis, mdns and more. To install and start mt-daapd after transferring mt-daapd-1696.tgz to your zpool (substitute your zpool name wherever abyss is seen), repeat the following:
(cd /abyss ; mkdir media)
(cd /opt ; ln -s ../abyss/media .)
This creates the symlink /opt/media to the location for mt-daapd (/abyss/media in this case). Now let's unpack the mt-daapd-1696.tgz package. In this case my file was located in /tmp/mt-daapd-1696.tgz.
cd /opt/media
gzip -dc /tmp/mt-daapd-1696.tgz | tar -xf -
That should've unpacked the following structure in /opt/media, as seen by ls -al
drwxr-xr-x   8 admin    stor           8 Sep 23 14:54 .
drwxrwxrwx  12 root     root          21 Sep 23 13:57 ..
drwxr-xr-x   2 root     root          13 Sep 23 13:55 bin
drwxr-xr-x   2 root     root           3 Sep 23 13:00 etc
drwxr-xr-x   5 root     root          49 Sep 23 13:55 lib
drwxr-xr-x   2 root     root           3 Sep 23 13:55 sbin
drwxr-xr-x   4 root     root           4 Sep 23 14:15 share
Now let's start the server as user, root. This will create an additional var directory with the proper permissions:
./sbin/mt-daapd
To check and configure it, point your browser to the EON storage IP address as http://eonstorageIP:3689. You should be greeted with a login window. Enter the user: admin and password: mt-daapd. These are the default account credentials which you should change after logging in. Now, all that is left, is to go to the configuration tab, enter the path to your music library and allow the Firefly media server to rescan. This could take a while depending on the size of your music collection. You can now use iTunes and Roku Soundbridge to unleash the music kept on your EON ZFS storage. If you have zerconf or multi-cast DNS clients on your network you can optionally advertise your Firefly server to the network by running the multi-cast DNS server on EON
/usr/lib/inet/mdnsd
and to view http services on your network
dns-sd -B _http._tcp .
Browsing for _http._tcp
Timestamp     A/R Flags if Domain        Service Type      Instance Name
22:14:01.525  Add     2  2 local.        _http._tcp.       Firefly svn-1696 on eon
You should see the Firefly media server listed. For now, let the music play!
Posted by at 8 comments:

Monday, September 14, 2009

EON ZFS NAS 0.59.3 based on snv_122 released!

Embedded Operating system/Networking (EON), RAM based live ZFS NAS appliance is released on Genunix! Much thanks to Genunix.org for download hosting and serving the opensolaris community.

It is available in a CIFS and Samba flavor
tryitEON 64-bit x86 CIFS ISO image version 0.59.3 based on snv_122
tryitEON 64-bit x86 Samba ISO image version 0.59.3 based on snv_122
tryitEON 32-bit x86 CIFS ISO image version 0.59.3 based on snv_122
tryitEON 32-bit x86 Samba ISO image version 0.59.3 based on snv_122New/Fixes:
- triple parity RAIDZ3, since snv_120
- added 32/64-bit drivers: bnx, igb
- Workaround fix for IP validation in setup.sh
- added /usr/local/sbin for bin kit to bashrc
- eon rebooting after grub in ESXi, Fusion and some versions of VMware workstation. This is related to bug 6820576. Workaround, at grub press e and add on the end of the kernel line "-B disable-pcieb=true"
Posted by at 36 comments:

Wednesday, September 2, 2009

Building your own EON ZFS NAS binary kit

If you wish to build your own binary kit discussed here, a working SXCE opensolaris system and the matching EON snv_xxx DVD/iso are needed. So for eon-0.592-119-xxx-xxx.iso one would need the snv_119 dvd/iso. The current binary kit is built using the following package list bin-pkg.list
SUNWopenssl-commands
SUNWwgetu
SUNWless
SUNWzip
SUNWunzip
SUNWtop
SUNWpowertop
# rmformat + dep
SUNWsmedia
SUNWrmvolmgr
# 7z + dep
SUNWlibC
SUNWbzip
SUNWp7zip
# scanpci
SUNWpciaccess
Then using the script binpkg.sh, custom binaries can be added.
PATH=/usr/bin:/usr/sbin
LOC=`pwd`
CDROM=/cdrom/cdrom0
PROD=$CDROM/Solaris_11/Product
BINKIT=/tmp/binkit
LIST=$LOC/bin-pkg.list

[ "X$1" != "X" ] && LIST=$1
for pkg in `grep -v "^#" $LIST`
do
cd $PROD ; pkgadd -d . -R $BINKIT $pkg
#sleep 5
done
Finally tar-ing and gzip-ing the (bin, sbin, lib, etc, share) directories in /tmp/binkit/usr and uploading them to /pool you have a working recipe for adding binaries from SXCE packages. Of course, this same method and package list will work using the IPS method but it would also add all the dependencies making it much larger. My main issue with IPS is not being able to override installing dependencies when using IPS to install packages.

There are limitations with packages that rely on isaexec to fork the respective matching 32 or 64-bit versions of the binary because you cannot hard link across different partitions. The workaround for now is to symlink the binary to the matching i86(32-bit).
cd /usr/local/bin
ln -s ./i86/top top
ln -s ./i86/powertop powertop
or amd64(64-bit) version
ln -s ./amd64/top top
ln -s ./amd64/powertop powertop
Posted by at 6 comments:

Tuesday, August 25, 2009

Using the binary kit with your ZFS storage

With this release some binaries like top, rsync and less, were requested. Update: Transmission torrent cli and web admin added since binary kit 124. I attempted to do so in the form of a binary kit. This provides the controls to build your own binary package. The kit was built using the pkgadd and then tar-ing and gzip-ing the bin, sbin, and lib directories. This method will not work for every package but it's an attempt to fill a gap for certain binaries.

So, how do you use the kit? First upload a binary kit from here to your zpool storage (/zpool name is /abyss in this case). Then unpack the kit using (updated: Since bin-124.tgz):
cd /abyss
mkdir local
cd local
gzip -dc bin-124.tgz | tar -xvf -
Then make the /mnt/eon0/.exec entries
(cd /usr ; ln -s ../abyss/local .)
(cd /usr/lib ; ln -s ../../abyss/local/lib/smedia .)
Proper forking between 32/64-bit binaries is not working (example: top, powertop) because it relies on hard linking /usr/lib/isaexec and that requires being on the same filesystem (Hmmm). For now I recommend symlinking the respective 32 or 64-bit binary, /pool/local/bin/i86/top or /pool/local/bin/amd64/top to /pool/local/bin/top as needed.
Posted by at 8 comments:

Wednesday, August 5, 2009

EON ZFS NAS 0.59.2 based on snv_119 released!

Embedded Operating system/Networking (EON), RAM based live ZFS NAS appliance is released on Genunix! Much thanks to Genunix.org for download hosting and serving the opensolaris community.

It is available in 32 and 64-bit, CIFS and Samba flavor
tryitEON 64-bit x86 CIFS ISO image version 0.59.2 based on snv_119
tryitEON 64-bit x86 Samba ISO image version 0.59.2 based on snv_119
tryitEON 32-bit x86 CIFS ISO image version 0.59.2 based on snv_119
tryitEON 32-bit x86 Samba ISO image version 0.59.2 based on snv_119
New/Fixes:
- xntpd retired (R.I.P) by ntpd v4
- fixed a curpsinfo, libz.so.1 DTrace bug
- added /usr/local path for symlinks to pool/bin, sbin, lib for user's binaries
- added binary package containing: rsync, top, powertop, unzip, zip, less, wget (requires a hardlink to /usr/lib/isaexec for top and powertop for proper 32/64-bit call)
- added symlink preservation to updimg.sh, so users can add custom links.
- added drivers: si3124, ,sfe, rge, yukonx
- autoexpand disks which allows upgrading individual disk one at a time since snv_117 (for more: zpool get all pool)
- added power management but not all states tested
- added iSCSI client initiator (see discuss, post feedback)
Posted by at 33 comments:

Tuesday, May 26, 2009

EON ZFS NAS 0.59.1 based on snv_114 released!

Embedded Operating system/Networking (EON), RAM based live ZFS NAS appliance is released on Genunix! Much thanks to Genunix.org for download hosting and serving the opensolaris community.

It is available in a CIFS and Samba flavor
tryitEON 64-bit x86 CIFS ISO image version 0.59.1 based on snv_114
tryitEON 64-bit x86 Samba ISO image version 0.59.1 based on snv_114
tryitEON 32-bit x86 CIFS ISO image version 0.59.1 based on snv_114
tryitEON 32-bit x86 Samba ISO image version 0.59.1 based on snv_114New/Fixes:
- fixed multi-cpu support
- ssh keys and config files added to backup list
- backup list separated from updimg.sh and located on USB/CF root
- added dtrace to help with future webgui/bui interface metrics
- added marvell 88sx and AHCI drivers (intel Bad Axe2 motherboard support)

You can roll your current custom changes into the new 0.59.1 version by executing updimg.sh with arguments/path to the new unpacked x86.eon image. Please read full details first on upgrading EON from an older post here.
updimg.sh /mnt/eon0/boot/x86_new.eon
Posted by at 85 comments:

Friday, May 22, 2009

EON NAS flexing on a Dell R610 16CPU, 12GB of RAM

So we unboxed a Dell R610 with dual Xeons in the lab today and for giggles I booted EON ZFS storage on this bad boy to see what would work and what would not. The sata controller and broadcom 5709 were missing so I couldn't see the drives or the 4 x 1gigE nics. Still fun none the less to see it scales well. All 16 CPU's online and ready to serve.










Posted by at No comments:

Thursday, May 21, 2009

EON ZFS NAS snv_114 preview

Here is a preview of EON ZFS NAS based on snv_114. This release fixes some opensolaris and EON bugs (multi-cpu support, smbadm join domain core dumping/crashing). I would also like your feedback on the addition of dtrace? Will it bring value and add use for you? The intention is to use xmlrpc and dtrace to help with display metrics and information for the future webgui/bui administration interface

Posted by at 3 comments:

Tuesday, May 5, 2009

EON ZFS NAS meets IPS packages

Adding drivers/binaries to your EON ZFS NAS presents a bit of challenge as it requires acquiring the matching SNV_xxx DVD to source the package. There is an alternative called the image packaging system. This is basically Sun's network packaging system similar to apt, RPM in Linux. I've assumed here that the network card is fully functional and internet connectivity, is working.

So assuming your nic works, a wide array of options become available with the help of IPS. This may be useful to add or run certain binaries such as unzip, ipmitool, powertop, openssl, pmconfig, etc. So how do we add pkg and other IPS goodies? First we download the pre-installed toolkit here.

Then, unzip it to a smb/cifs share somewhere on a storage pool (this example unzipped to /deep/pkg-toolkit-sunos-i386). Now let's create the packaging db in /deep/ips
mkdir -p /deep/ips
cd /deep/pkg-toolkit-sunos-i386/pkg/bin
./pkg image-create -F -a opensolaris.org=http://pkg.opensolaris.org /deep/ips
After this completes, we are ready to add packages to the /deep/ips repositories. Note, I am not adding the packages to / (root). This would store the downloaded binaries in RAM and reduce the available memory and most likely cause a crash of the OS. It would also not survive a reboot. So for now, let's use a local repository /deep/ips and lets add unzip. First, I need to know which package unzip, is a part off. So, let's try to find that
cd /deep/ips
/deep/pkg-toolkit-sunos-i386/pkg/bin/pkg search -r unzip
INDEX      ACTION    VALUE                     PACKAGE
basename   file      usr/bin/unzip             pkg:/SUNWunzip@5.53.7-0.101
basename   file      usr/bin/unzip             pkg:/SUNWunzip@5.53.7-0.96
basename   file      usr/bin/unzip             pkg:/SUNWunzip@5.52-0.75
We see the package name is SUNWunzip as well as the versions available at the repository (5.52, 5.53). Let's give it a dry run without installing to see dependencies. Still in /deep/ips
/deep/pkg-toolkit-sunos-i386/pkg/bin/pkg install -nv SUNWunzip
And to install it and all its listed dependencies in /deep/ips
/deep/pkg-toolkit-sunos-i386/pkg/bin/pkg install -v SUNWunzip
This can also be used for drivers, for example the sil 3124 sata chipset driver
/deep/pkg-toolkit-sunos-i386/pkg/bin/pkg search -r 3124
INDEX      ACTION    VALUE                     PACKAGE
description set       3124                      pkg:/SUNWsi3124@0.5.11-0.101
description set       3124                      pkg:/SUNWsi3124@0.5.11-0.75
description set       3124                      pkg:/SUNWsi3124@0.5.11-0.89
Then, simply adding this SUNWsi3124 or specifically SUNWsi3124@0.5.11-0.101 will get us the driver. One thing I note is the package naming varies slightly to the opensolaris DVD package names. I also could not locate packages SUNWzfsgu, SUNWzfsgr and SUNWmconr to attempt adding the ZFS smcwebserver GUI/BUI administration interface. Some cool pkg usage techniques can be found here at the observatory blog. A cool Hello World example.
Posted by at 8 comments:

Friday, May 1, 2009

Applications to make your ZFS NAS entertaining

Your ZFS storage is just blah without data and content. After loading your data you want access to be simple and secure. So to bridge all your important digital memories and collections with fun browsing, here are some cool open-source apps I've come across that were fairly straight forward and fun to add to EON.
Jinzora
Jinzora is a web based media streaming and management system, written in PHP.




AjaXplorer
AjaXplorer is an easy-to-install file explorer for remotely managing files on a web server. Its “rich client” layout and actions make it accessible to any end-user for a variety of purposes: file management/sharing, photo gallery, code browsing, etc. Only PHP (4 or 5) is necessary, no database needed.

MediaTomb is an open source (GPL) UPnP MediaServer with a nice web user interface, it allows you to stream your digital media through your home network and listen to/watch it on a variety of UPnP compatible devices. I've successfully compiled a 32-bit version of MediaTomb. Packaging and some integration challenges still exist and are being worked on. I will share this or the compile configurations for anyone wanting to build or download it. If anyone has successfully compiled ffmpegthumbnailer on opensolaris please feel free to share.

PS3 Media Server is a DLNA compliant Upnp Media Server for the PS3, written in Java, with the purpose of streaming or transcoding any kind of media files, with minimum configuration.


Other cool applications with less visual effects but some may find useful include using your EON ZFS NAS as a svn or git revision control system. A nice SVN howto can be seen here. Please feel free to share cool apps you've added or used with your EON ZFS storage.
Posted by at 7 comments:

Thursday, April 16, 2009

Understanding and managing NFSv4 ACLs

Using EON/Opensolaris and ZFS for storage will at some point cause you to cross paths with NFSv4 Access Control Lists. The control available through ACLs are really granular and powerful but they are also hard to manage and a bit confusing. Here i'll share my methods of handling ACLs which requires some pre-requisite reading to help understand the Compact Access codes:
add_file w, add_subdirectory p, append_data p, delete d , delete_child D , execute x , list_directory r , read_acl c , read_attributes a , read_data r , read_xattr R , write_xattr W , write_data w , write_attributes A , write_acl C , write_owner o
Inheritance compact codes:(remember i on a directory causes a recursive inheritance)
file_inherit f , dir_inherit d , inherit_only i , no_propagate n
ACL _set codes:
full_set = rwxpdDaARWcCos = all permissions
modify_set = rwxpdDaARWc--s = all permissions except write_acl, write_owner
read_set = r-----a-R-c--- = read_data, read_attributes, read_xattr, read_acl
write_set = -w-p---A-W---- = write_data, append_data, write_attributes, write_xattr
NFSv4 ACL legend (read from top, down and exit on first match)
                 owner@:--------------:-------:deny
                 owner@:rwxp---A-W-Co-:-------:allow
                 group@:-w-p----------:-------:deny
                 group@:r-x-----------:-------:allow
              everyone@:-w-p---A-W-Co-:-------:deny
              everyone@:r-x---a-R-c--s:-------:allow
                        ||||||||||||||:|||||||
           (r)read data +|||||||||||||:||||||+ (I)nherited
           (w)rite data -+||||||||||||:|||||+- (F)ailed access (audit)
              e(x)ecute --+|||||||||||:||||+-- (S)uccess access (audit)
               a(p)pend ---+||||||||||:|||+--- (n)o propagate
               (d)elete ----+|||||||||:||+---- (i)nherit only
         (D)elete child -----+||||||||:|+----- (d)irectory inherit
          read (a)ttrib ------+|||||||:+------ (f)ile inherit
         write (A)ttrib -------+||||||
           (R)ead xattr --------+|||||
          (W)rite xattr ---------+||||
             read a(c)l ----------+|||
            write a(C)l -----------+||
         change (o)wner ------------+|
                   sync -------------+
If I create a file/folder (foo) via a windows client on a SMB/CIFS share the permissions typically resemble.
eon:/deep/tank#ls -Vd foo
d---------+  2 admin    stor           2 Apr 20 14:12 foo
user:admin:rwxpdDaARWcCos:-------:allow
group:2147483648:rwxpdDaARWcCos:-------:allow
This works fine for the owner (admin) but in a case where multiple people (family) use the storage, adding user access and more control over sharing is usually required. So how do I simply add the capability needed? If I wish to modify this(above), I always start by going back to default values
eon:/deep/tank#chmod A- foo
eon:/deep/tank#ls -Vd foo
d---------   2 admin    stor           2 Apr 20 14:12 foo
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:rwxp----------:-------:deny
group@:--------------:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
I then copy and paste them directly into a terminal or script (vi /tmp/bar) for trial and error and simply flip the bits I wish to test on or off. Note I'm using A= which will wipe and replace with whatever I define. With A+ or A-, it adds or removes the matched values. So my script will look like this after the above is copied
chmod -R A=\
owner@:rwxp----------:-------:deny,\
owner@:-------A-W-Co-:-------:allow,\
group@:rwxp----------:-------:deny,\
group@:--------------:-------:allow,\
everyone@:rwxp---A-W-Co-:-------:deny,\
everyone@:------a-R-c--s:-------:allow \
foo
Let's modify group:allow to have write_set = -w-p---A-W----
chmod -R A=\
owner@:rwxp----------:-------:deny,\
owner@:-------A-W-Co-:-------:allow,\
group@:--------------:-------:deny,\
group@:-w-p---A-W----:-------:allow,\
everyone@:rwxp---A-W-Co-:-------:deny,\
everyone@:------a-R-c--s:-------:allow \
foo
Running the above
eon:/deep/tank#sh -x /tmp/bar
+ chmod -R A=owner@:rwxp----------:-------:deny,owner@:-------A-W-Co-:-------:allow,group@:--------------:-------:deny,group@:-w-p---A-W----:-------:allow,everyone@:rwxp---A-W-Co-:-------:deny,everyone@:------a-R-c--s:-------:allow foo
eon:/deep/tank#ls -Vd foo/
d----w----+  2 admin    stor           2 Apr 20 14:12 foo/
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:-w-p---A-W----:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
Adding a user (webservd) at layer 5, 6 with full_set permissions
eon:/deep/tank#eon:/deep/tank#chmod A+user:webservd:full_set:d:allow,user:webservd:full_set:f:allow foo
eon:/deep/tank#ls -Vd foo
d----w----+  2 admin    stor           2 Apr 20 14:12 foo
user:webservd:rwxpdDaARWcCos:-d-----:allow
user:webservd:rwxpdDaARWcCos:f------:allow
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:-w-p---A-W----:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
Ooops, that's level 1, 2 so let's undo this by simply repeating the command with A- instead of A+.
eon:/deep/tank#chmod A-user:webservd:full_set:d:allow,user:webservd:full_set:f:allow foo
eon:/deep/tank#ls -Vd foo
d----w----+  2 admin    stor           2 Apr 20 14:12 foo
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:-w-p---A-W----:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
Then lets fix it by repeating the command with A5+ instead of A-
eon:/deep/tank#chmod A5+user:webservd:full_set:d:allow,user:webservd:full_set:f:allow foo
eon:/deep/tank#ls -Vd foo
d----w----+  2 admin    stor           2 Apr 20 14:12 foo
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:-w-p---A-W----:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
user:webservd:rwxpdDaARWcCos:-d-----:allow
user:webservd:rwxpdDaARWcCos:f------:allow
everyone@:------a-R-c--s:-------:allow
This covers adding, deleting, modifying and replacing NFSv4 ACLs. Hope that provides some guidance in case you have to tangle with NFSv4 ACLs. The more exercise you get with NFSv4 ACLs the more familiar you'll be with getting it to do what you want.
Posted by at No comments:

Saturday, March 28, 2009

Testing/upgrading new versions of EON

Testing new versions of EON ZFS NAS with a previous USB/CF install is simple. The risk is minimal and backing out to the previous working version is simple. Simply boot the previous verion and follow the steps. This should work with USB(tested), compact flash(tested) and virtual installs(untested). First, transfer the new eon-0.590-b110-64-cifs.iso to your storage pool. You can do a transfer using a CIFS share or winSCP or via sftp. Let's say we transferred it to /pool/eon-0.590-b110-64-cifs.iso. Then we would mount the new image:
lofiadm -a /pool/eon-0.590-b110-64-cifs.iso /dev/lofi/1
mkidr -p /mnt/new
mount /dev/lofi/1 /mnt/new
Preserve your previous version
cd /mnt/eon0/boot
mv x86.eon /pool/x86.eon.backup
tar -cvf - . | gzip > /pool/boot.tgz
Transfer the new version (still in /mnt/eon0/boot, which should be empty)
rm -rf amd64 grub platform
cd /mnt/new/boot
cp -pR * /mnt/eon0/boot
updimg.sh /mnt/eon0/x86.eon
The new contents of /mnt/eon0/boot should have amd64, grub, platform and the new x86.eon. Now, replace any custom changes you had in /mnt/eon0/boot/menu.lst. Also, do not run zpool or zfs upgrade until you're satisfied you like the new version as there is no way of going back to a previous zpool (currently v14) or zfs (currently v3) version. You can now reboot into the new EON ZFS NAS. From there you can re-run setup and updimg.sh to re-id your new version or mount your previous version and transfer any customizations.
Posted by at 7 comments:
Subscribe to: Posts (Atom)