napp-it ZFS Storage Скачать руководство пользователя | Manualshive

Страница: 28 / 63

background image

ACLs on files and folders

Each file and folder on OmniOS has an owner (root or the creator), Unix permissions

(traditional Unix permissions like 755) and NFS4 ACL permissions.

If you enter for example at console

/usr/bin/ls -V /var/web-gui/napp-it

you may get as a result

root@datanode-01:/root# /usr/bin/ls -V /var/web-gui/_my

total 2

drwxr-xr-x 2 napp-it root 2 Mar 19 15:00 wwwroot

owner@:rwxp--aARWcCos:-------:allow

group@:r-x---a-R-c--s:-------:allow

everyone@:r-x---a-R-c--s:-------:allow

drwxr-xr-x 3 napp-it root 3 Mar 19 15:00 zfsos

user:2147484183:rwxp-DaARWc--s:fd-----:allow

owner@:rwxp--aARWcCos:-------:allow

group@:r-x---a-R-c--s:-------:allow

everyone@:r-x---a-R-c--s:-------:allow

Owner (napp-it), group (root), Unix permissions like drwxr-xr-x and ACLs like
owner@:rwxp--aARWcCos:-------:allow or auser ACL are shown.
Windows SID informations are not shown here as they are used in the CIFS server only.

ACLs can be assigned to OmniOS/AD users, OmniOS/SMB or AD groups or as a trivial ACL to owner@,
group@ or everyone@ to be compatible to traditional Unix permissions.

You can modify ACL permissions with the /usr/bin/chmod command, per Windows or per napp-it ACL
extension. Modifying ACL via CLI command is really stupid. Especially with napp-it free, you can use Windows
(beside Home editions) to modify permissions. To do this, you can login to the SMB share from Windows as
user root. A right-mouse click >> Property on a file or folders opens the Windows property dialog
where you can select Security. Set Permissions just like you would do on a real Windows server.

Good to know:

User root or the owner/creator have always full access, you
cannot lock them out - even if permission is not set
explicitely. This is normal on Unix and different to Windows
(and a boon for any admin doing backups)

If you set ACL on a folder, they are per default inherited
to newly created files and folders unless you set „inherit to
this folder only“ The user that is logged in is the owner of
new files and folders (with full permission).

You can override this behaviour with the ZFS property
acl inheritance = discard or restricted (default is pass-
through).

Windows processes first deny rules then allow. Solaris pro-
cesses them in their order where the first matching rule is
relevant. To set correct deny rules, use napp-it/ ACL extension

«
...
26
27
28
29
30
...
»

Содержание ZFS Storage

Страница 1: ...napp it ZFS Storage Server User s Guide Setup on OmniOS First steps published 2016 Oct 12 c napp it org Licence CC BY SA see http creativecommons org licenses by sa 2 0...

Страница 2: ...Groups Active Directory 13 NFS server 14 iSCSI FC server 15 Data scrubbing 16 Data snapshots versioning backup 17 Data replikation availability 18 Rollback and Clones 19 Operational settings 20 Applia...

Страница 3: ...le behind them Organizations don t innovate people do As the rise of Linux forced the market price of OS aquisition to zero that open sourcing the Solaris operating system was the right business decis...

Страница 4: ...ctive development with a stable every 6 months long term stable editions minimal OS just enough for a fully functional ZFS server for best stability free but with a commercial support option Just enou...

Страница 5: ...the GUI in production systems prefer Solaris Alternatively you can use the text edition of OpenIndiana or Solaris or OmniOS a minimalistic and very stable OpenSource distribution for storage and othe...

Страница 6: ...2 3 Storage Management via napp it on OmniOS OpenIndiana or Oracle Solaris ZFS Filesystems and disk details...

Страница 7: ...s for HA solutions based on Multipath IO prefer Sata disks with multiple HBAs without expander prefer 24 7 enterprise disks Rules for high capacity storage prefer raid Z2 vdevs with 6 or 10 disks or Z...

Страница 8: ...3 1 ZFS Configurations...

Страница 9: ...to add images with different mainboards disk sizes and napp it Step 3 Boot your server from the CloneZilla USB stick to restore napp it Select your keyboard type device image mode and a the source of...

Страница 10: ...2 select device image mode 3 select local_dev USB drive 4 Clonezilla is now ready to read the napp it image If the image is on an USB 3 stick or disk insert the stick now wait 5s press enter and selec...

Страница 11: ...ot working do a manual network setup see 5 2 2 Image is not compatible with your SSD use the ones that were used to create the image 3 Image is incompatible with your hardware do a manual setup and cr...

Страница 12: ...root Unix and SMB no password press enter twice passwd root 6 enable SSH root access via napp it menu Services SSH 7 Login via Putty to copy paste commands with a mouse right click 8 set TLS for encry...

Страница 13: ...setup a different OS version or a different ditribution ex OpenIndiana or Oracle Solaris or if the default cloning method of a preconfigured image fails Use a 32 GB or larger Sata SSD disk or Sata DOM...

Страница 14: ...te addr T dhcp e1000g0 dhcp add nameserver echo nameserver 8 8 8 8 etc resolv conf use DNS name resolution copy over DNS template cp etc nsswitch dns etc nsswitch conf install napp it online default f...

Страница 15: ...et O www napp it org nappit perl reboot or set current bootenvironment as default reboot set a root password this password is valid for Unix shell logins and SMB connects passwd root optional check cu...

Страница 16: ...laris 11 Express http archive is snZaS The archive is page refers to the old Solaris Express 11 page If you click on a description you are forwarded to the current Solaris 11 page If you click on Down...

Страница 17: ...t a remote console keyboard and the ability to mount ISOs like a lokal CD DVD drive IPMI window Java applet with a virtual keyboard and a console preview that can be displayed full size You can enable...

Страница 18: ...UI in menu Services SSH allow root As this can be a security problem you should disable remote root afterwards with menu Services SSH deny root Tips You can copy paste CLI commands with a right mouse...

Страница 19: ...LAN check modify Unix permissions and ownership To use WinSCP you must enable SSH on OmniOS This is the case per default but per default only allows that regular users can login not root An option is...

Страница 20: ...is menu set in production environments As Solaris is an enterprise OS you can use it for other services or applications as well example a Webserver or Databese Server You can use these services withou...

Страница 21: ...features that are needed to manage a ZFS storage appliance Napp it free is not crippleware or a product that is limited in essential features It is sufficient for many cases It is a stable state of na...

Страница 22: ...gn goal of ZFS Similar to oldstyle partitions you create ZFS filesystems on your pool but unlike old partitions you do not set a size of a filesystem as it can grow dynamically up to the poolsize If y...

Страница 23: ...have different ZFS properties can be replicated and has its own snapshots it is common to use as many filesystems as you like up to thousands example one filesystem per user create a ZFS pool with men...

Страница 24: ...the row of a filesystem example tank userdata to the entry under the column RES or RFRES enable sync write for a filesystem click in the row of a filesystem example tank userdata to the entry under th...

Страница 25: ...server on any X system can act as AD server a lot of sharing options nested shares shares independent from ZFS filesystems permissions are based on Unix UID GID Posix ACL this is a plus if you work ma...

Страница 26: ...et sharesmb off SMB permissions In contrast to other Unix services Solarish CIFS uses Windows alike NFS4 ACL with permission inheritance not traditional Unix permissions like 755 or Posix ACLs https e...

Страница 27: ...these users to all files even when there was no explicit permission set for admins as root has always full access ID mapping is available in menu Users napp it ACL extension Attention Do not map local...

Страница 28: ...sions with the usr bin chmod command per Windows or per napp it ACL extension Modifying ACL via CLI command is really stupid Especially with napp it free you can use Windows beside Home editions to mo...

Страница 29: ...data You can set share level ACL via napp it ACL extension or remotely via Windows server management You must connect a share server management as a user that is a member of the SMB admin group exampl...

Страница 30: ...t affects the mode The default mode for the aclinherit is passthrough napp it only aclmode Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod oper...

Страница 31: ...behaves different This is the reason why the Solaris CIFS server come with an own SMB group management that works independently from Unix groups If you need groups to restrict SMB access you must do...

Страница 32: ...ot restrict ownership when creating folders folder tank data allow everyone readx read and execute no inherit this folder only allow everyone create_folder_set inherit to folders and subfolders allow...

Страница 33: ...Server can be either a member of a workgroup use local user or a domain can use either local or domain user If you switch from domain to workgroup mode remove all mappings with idmap remove a If you j...

Страница 34: ...s this approach was replaced by COMSTAR a enterprise framework to manage iSCSI and FC environments When should you use iSCSI FC when you need a non ZFS filesystem like ext4 HFS NTFS or VMFS ex ESXi en...

Страница 35: ...pointers are not updated old data keeps valid and verified 3 If anything goes wrong this will be detected by checksums on next read and auto repaired self healing That does not mean that you cannot h...

Страница 36: ...ata no autorepair This may be different in future with ReFS but currently this is not a comparable option to ZFS ZFS snapshots ZFS snapshots are far better than the former solutions ZFS is a CopyOnWri...

Страница 37: ...Replikation If you need realtim sync with the exact same datastate at any time you can use a mirror between appliances You need two or more storage nodes independent ZFS storage servers that offer a Z...

Страница 38: ...s the snapshot from which it was created Creating a clone is nearly instantaneous and initially consumes no additional disk space In additi on you can snapshot a clone Clones can only be created from...

Страница 39: ...job Jobs backup create backup job tp backup basic OS and napp it settings to a pool Restore all user SMB groups idmappings and other napp it settings then via User Restore ACL extension Set autoscrub...

Страница 40: ...orts to a secure environment either based on a network adapter link or based on your networks Restrict access to file services Fileserveices like NFS3 do not offer authentication Access can be only li...

Страница 41: ...ks about 100MB s came up many years ago this was sufficient as storage capacity was quite low and performance of an average internal disk and network performance was quite similar Now storage is in th...

Страница 42: ...h faster than the e1000 vnic with the base vmxnet3 tuning The other tuning aspects are main ly relevant for external access or if you use a 10G nic in pass through mode for fastest external access Rem...

Страница 43: ...u need a switch with enough 10G ports This introduces two problems One is that 10G switches with more than two ports are quite expensive Then they are quite loud and only an option in a serverroom In...

Страница 44: ...nd assign disks to the map You can then printout a screenshot of a map an place it on the server as a reference If a disk fails the map allows to identify the slot of the failed disk Example demo maps...

Страница 45: ...Example Map Chenbro 50 x 3 5 Bay...

Страница 46: ...metadate update is done completely or discared ex due a crash So different states of mirrored disks or partly written raid stripes are not possible on ZFS by design So for daily use you are protected...

Страница 47: ...or overwriting un less you do not block with a snap A write action on ZFS that affects filestructure or Raid consistency is done ompletely or discared completely on a crash Result The CopyOnWrite mech...

Страница 48: ...e that contains all committed data what means that it only need to be able to store about 10s of writes Even with a single 10G connection about 8GB is enough This is why one of the fastest Slog device...

Страница 49: ...on the backup system From time to time replace the backup pool with a second one and keep the disks on a safe location outside Level 3 Professional use Care additionally about two backups on different...

Страница 50: ...e is updated only from time to time or to fix severe bugs After the eval period functionality is automatically reduced to the free features napp it Pro extends the functionality of napp it Free It is...

Страница 51: ...filesystem used IDmappings via Web UI Menu user Restore all napp it user smbgroup and idmapping settings from backup job data Menu user restore settings Without the extension you can control file per...

Страница 52: ...a common DNS server or manual host entries How replication works On initial run it creates a source snap jobid nr_1 and transfers the complete ZFS dataset over a netcat highspeed connection When the...

Страница 53: ...bers with Extensions Appliance group delete members and rebuild the group Replication requires that the napp it webserver is running on port 81 on source and target machine The replication itself is d...

Страница 54: ...anually With napp it Pro and the ACL extension you can easily restore all user group and napp it settings in menu User Restore Settings If you do not have a backup of the job and group settings first...

Страница 55: ...SID as an extended ZFS attribute Solarish SMB this is really troublefree Even in a Windows AD environment you only need to import a pool takeover the ip of the former server and your clients can acce...

Страница 56: ...d switch NFS SMB services over a common virtual HA ip You can extend this with two dedicated Storageheads for the Initiator part that creates the Z RAID Pool on LUNs from up to 6 Storagenodes for a ne...

Страница 57: ...is menu shows the state of the network Z RAID and allows to change the state of heads Master Slave and nodes You can do a manual failover between heads or a role switch from this menu more see Z RAID...

Страница 58: ...is the current default professional HA solution RSF 1 RSF 1 brings advanced HA High Availability features to ZFS providing a more resilient and robust storage offering tolerant to system failures Act...

Страница 59: ...ferent location on the drive Transaction Problems Disks are preferring RAM cached writes as this offers a much better write performance Database applications cannot tolerate this File or dataset locki...

Страница 60: ...che some seconds of last writes may get lost on a crash Older file systems may have corruption prob lems even without a cache because data may be written to disk but meta data might not have been upda...

Страница 61: ...ity of RAM errors increase with RAM size With several Gigabyte of RAM ECC is mandatory for a storage server Backup is used to restore a certain data version after a disk or array crash There are diffe...

Страница 62: ...ill be freed in order to be overwritten unless it is protected by a snapshot Checksums They are needed on order to detect and repair errors When using redundant data like in a RAID all data will be re...

Страница 63: ...pdf SMB 10G Tunings on OSX Windows http napp it org doc downloads performance_smb2 pdf Advanced user http www napp it org doc downloads advanced_user pdf Tuning http napp it org manuals tuning_en html...

Отзывы:

Нет отзывов

Похожие инструкции для ZFS Storage

Бренд: D-Link Страницы: 5

Бренд: D-Link Страницы: 2

Бренд: U-Line Страницы: 5

System Storage TS2900

Бренд: IBM Страницы: 130

Barricade SMC7901WBRA2

Бренд: SMC Networks Страницы: 2

Бренд: Patton electronics Страницы: 12

SO READY SECURE

Бренд: DANE-ELEC Страницы: 2

Бренд: 3Com Страницы: 32

Бренд: Valcom Страницы: 4

Бренд: Seagate Страницы: 2

Бренд: TP-Link Страницы: 2

Бренд: Gateway Страницы: 64

UltraNEXUS-HD Flex

Бренд: Leightronix Страницы: 5

EdgeRouter ER-8

Бренд: Ubiquiti Страницы: 20

SuperServer 6026TT-HIBQF

Бренд: Supero Страницы: 112

Бренд: Rohde & Schwarz Страницы: 126

StorageTek T10000D

Бренд: Oracle Страницы: 51

Бренд: SmartSight Страницы: 113

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды