Network Attached Storage (NAS)
Table of Contents
- TrueNAS Storage
- Unix/Linux Server - Network File System (NFS)
- Microsoft Windows (SMB/CIFS)
- Mirror Disks for Failure Protection
- Virtual Machines
- Continue
The NAS provides a safe place to store important data. Set this up before running E-Mail or a cloud service because it is the best place to put important files. If an E-Mail server crashes you still have all your E-Mail files on the NFS (see below) attached NAS server. That's what it's for.
Three (common) ways to do this:
- TrueNAS Storage
- Microsoft Windows - SMB/CIFS
- Linux - NFS
TrueNAS supports SMB/CIFS, NFS and several other protocols.
TrueNAS Storage
This is a complete machine install that creates a TrueNAS Application and the operating system using either:
- Operating System -> FreeBSD; TrueNAS -> Core [1]
- Operating System -> Linux; TrueNAS -> Scale [2]
Personally I use Linux after running FreeBSD for years. Both have a complete Graphical Web Interface (GWI), with no need to learn the operating system details. Be aware this package will take over the whole machine and you should not install other packages or change the configuration without using the provided GWI.
Additionally TrueNAS enables apps [3] to be installed with a single click. These are docker containers running the newer versions of popular applications.
- https://www.truenas.com/download-truenas-core/#
- https://www.truenas.com/download-truenas-scale/
- https://www.truenas.com/apps/
Installation
-
Make sure you have at least three disks/SSDs. One for the Operating System (OS) and at least two more for data. An ideal setup would be one M2 on the motherboard for the OS, and five SATA disks (NAS friendly). Also at least 32GB RAM and a PCI 1Gbit ethernet network board.
-
Download the iso image here:
https://www.truenas.com/download-truenas-scale/
- Boot into the new image with a bootable USB stick and do the install:
https://www.truenas.com/docs/scale/gettingstarted/install/installingscale/
Configuration
- Console Setup Menu Configuration [1]
This article provides instructions on configuration network settings using the Console setup menu after you install TrueNAS SCALE from the iso file.
- Setting Up Storage [2]
This article provides basic instructions for setting up your first storage pool, and also provides storage requirement information.
- Setting Up Data Sharing [3]
This article provides general information on setting up basic data sharing on TrueNAS SCALE.
- Backing Up TrueNAS [4]
This article provides general information and instructions on setting up storage data backup solutions and saving the system configuration file in TrueNAS SCALE.
Set Admin User: Enable your personal userid for administration and use it to log into the web interface instead of root.
- Add groups 544(builtin_administrators) and 27(sudo) as secondary groups to your personal user via the web interface.
- Credentials > Local Users >
- Un-click 'Show Built-in Users' on the top right
- Find user, select it, then edit
- Auxiliary Groups > add: sudo and builtin_administrators
For Core -> Scale upgrades, you may need to unmount /var/tmp/firmware to unpack the update archive. Filesystem /var has more disk space.
umount -f /var/tmp/firmware
There is a large community of support around each of these, ready for research and question asking.
It supports Redundant Array of Disks using ZFS [1], so one disk failure will not interrupt a running system, and you can replace a failed drive [2] (check out the GUI action) without loss of data.
If you do not use TrueNAS, at least Mirror your Disks [3]
Unix/Linux Server - Network File System (NFS)
NFS allow one server to share it's filesystem to another server. To the other server the file system appears to be local, but all changes on the local client are actually done on the remote NFS server.
Install NFS software
On the server with the physical filesystem:
$ sudo apt install nfs-kernel-server
Enable NFS Service
$ sudo systemctl enable --now nfs-server
Create Directory to Share
$ sudo mkdir -p /media/nfs
Export Share
Edit the /etc/exports configuration file. Here, you can configure which directories you’re sharing and who can access them. You can also set specific permissions for the shares to further limit access.
$ sudo vi /etc/exports
In the file, each share gets its own line. That line begins with the location of the share on the server machine. Across from that, you can list the hostname of an accepted client, if is available in the server’s hosts file, or an IP or range of IPs. Directly behind the IP address, place the rules for the share in a set of parenthesis. Altogether, it should look something like this:
/media/nfs 192.168.1.0/24(rw,sync,no_subtree_check)
You can include as many shares as you like, provided each has its own line. You can also include more than one hostname or IP in each line and assign them different permissions. For example:
/media/nfs 192.168.1.112(rw,sync,no_subtree_check) 192.168.1.121(ro,sync,no_subtree_check)
In the second instance, each of those machines could view and read from the share, but only the computer at 192.168.1.112 could write to it.
Options:
ro – specifies that the directory may only be mounted as read only
rw – grants both read and write permissions on the directory
no_root_squash – is an extremely dangerous option that allows remote root users the same privilege as the root user of the host machine
subtree_check – specifies that, in the case of a directory is exported instead of an entire filesystem, the host should verify the location of files and directories on the host filesystem
no_subtree_check – specifies that the host should not check the location of the files being accessed within the host filesystem
sync – this just ensures that the host keeps any changes uploaded to the shared directory in sync
async – ignores synchronization checks in favor of increased speed
Load exports into live system
$ sudo exportfs -arv
exporting 192.168.1.0/24:/media/nfs
You should consider running NFS over a VLAN. The February 2023 Blog has information on setting up a vlan.
Connect to NFS server from Linux client
Install Software on Client
On the remote server, access the NFS share over the network.
Debian:
$ sudo apt install nfs-common
Redhat:
$ sudo dnf install nfs-utils
See what servers are available. This also shows allowed IP addresses, so make sure yours is in the list.
$ showmount -e nas01
Exports list on nas01:
/mnt/nfs 192.168.1.2 192.168.1.3
Mount Directory
$ sudo mkdir -p /media/share
$ sudo mount -t nfs4 192.168.1.110:/media/nfs /media/share
Make mount permanent
Add an entry to file /etc/fstab
192.168.1.110:/media/nfs /media/share nfs4 defaults,user,exec 0 0
Add noauto to the list of options to prevent your system from trying to mount it automatically.
# NAS
192.168.1.2:/mnt/nfs /data nfs rw,soft,intr,rsize=8192,wsize=8192,timeo=300,nofail,nolock 0 0
Reference: https://linuxconfig.org/how-to-configure-nfs-on-linux
NFS mount on Macos Client
See what servers are available. This also shows allowed IP addresses, so make sure yours is in the list.
% showmount -e nas01
Exports list on nas01:
/mnt/nfs 192.168.1.2 192.168.1.3
Create local directory
% mkdir $HOME/nfs
Mount
Create a directory, say /Users/don/nfs, then mount nfs on it:
% sudo mount -o rw -t nfs nas01:/nfs /Users/don/nfs
Optional performance options
sudo mount -t nfs -o soft,intr,rsize=8192,wsize=8192,timeo=900,retrans=3,proto=tcp nas01:/nfs /Users/don/nfs
Microsoft Windows (SMB/CIFS)
This is done on Linux using Samba software.
$ sudo apt-get install samba samba-common-bin
At the bottom of the config file, add:
$ sudo vi /etc/samba/smb.conf
~
[shared]
path=/mnt/raid1/shared
writeable=Yes
create mask=0777
directory mask=0777
public=no
~
:wq
Disabling the Automatic Printer Sharing
To disable the automatic printer sharing:
Add the following parameter to the [global] section of your /etc/samba/smb.conf file:
load printers = no
This will disable samba trying to open port 631 TCP every 12 minutes, eliminating ufw block warnings in the syslog.
Restart Samba
$ sudo systemctl restart smbd
$ sudo systemctl status smbd
● smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-11-26 19:08:12 UTC; 5s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Process: 3337 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
Main PID: 3346 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4 (limit: 951)
Memory: 4.5M
CGroup: /system.slice/smbd.service
├─3346 /usr/sbin/smbd --foreground --no-process-group
├─3348 /usr/sbin/smbd --foreground --no-process-group
├─3349 /usr/sbin/smbd --foreground --no-process-group
└─3350 /usr/sbin/smbd --foreground --no-process-group
Nov 26 19:08:09 beaglebone systemd[1]: Starting Samba SMB Daemon...
Nov 26 19:08:12 beaglebone systemd[1]: Started Samba SMB Daemon.
Add Linux owner
$ sudo adduser bone
Adding user `bone' ...
Adding new group `bone' (1001) ...
Adding new user `bone' (1001) with group `bone' ...
Creating home directory `/home/bone' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for bone
Enter the new value, or press ENTER for the default
Full Name []: bone
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
Adding new user `bone' to extra groups ...
Adding user `bone' to group `dialout' ...
Adding user `bone' to group `i2c' ...
Adding user `bone' to group `spi' ...
Adding user `bone' to group `cdrom' ...
Adding user `bone' to group `floppy' ...
Adding user `bone' to group `audio' ...
Adding user `bone' to group `video' ...
Adding user `bone' to group `plugdev' ...
Adding user `bone' to group `users' ...
Add SMB User
Use different password for SMB:
$ sudo smbpasswd -a bone
New SMB password:
Retype new SMB password:
Added user bone.
Secure the filesystem
If you want to create file shares that are private to individual users, just create their own directory on the RAID array.
mkdir /mnt/raid1/shared/username
sudo chown -R username /mnt/raid1/shared/username
sudo chmod -R 700 /mnt/raid1/shared/username
Replace username with the user you want. Now only that user can access that directory.
Alternatively, you can create additional entries in smb.conf for multiple shares.
Samba Share mount on Linux client
//nas/cifs2_share /mnt/share cifs credentials=/home/don/.smbcredentials,rw,noauto,user,uid=1000 0 0
Where credentials format is:
File: /home/don/.smbcrendentials
user=<name>
pass=<password>
Samba Share mount on Mac client
File: /Users/don/mount-smb.sh
#!/bin/zsh
export USER=<user>
export PASS=<password>
export NAS=<192.168.1.8>
export HOME=/Users/don
#
mkdir -p ${HOME}/share
#
/sbin/mount -t smbfs //${USER}:${PASS}@${NAS}/share ${HOME}/share
Mirror Disks for Failure Protection
TODO: Refer to the Mirror Disk page.
Virtual Machines
-
Virtual Machines can be created via the web GUI, selection Virtualization. It uses the qemu/kvm method. If the selection is disabled, you may be able to fix that by going into the system BIOS and enabling the Secure VM (SVM) option or some other tweak.
- On AMD Ryzen, for example, it is found in the Advanced > Tweaker section. Turn SVM from Disabled to Enabled, and try the VM screen on TrueNAS again.
-
To create a VM, I used these option for Debian 12:
- Create a DataSet in advance, i.e.: Local-VM, assign it to your VM and new VM's Storage Volumes will reside there
- Set Threads and Core to 1, VM hyper threading on AMD is not supported
- 4 virtual CPUs, 1 core 1 hyper thread
- CPU Model: HOST Model
- 8 GB memory
- Use Legacy BIOS, not UEFI
After installing OS...iso file from the Virtual CD-ROM, power off the VM and go into it's settings. Under devices find CD-ROM and delete the device. This will keep it from rebooting back into the installer.
Continue
Now that you have set a NAS data protection, consider installing an E-Mail server using some of that safe storage.
Proceed in the order presented, some things are depending on prior setups.
Book Last Updated: 29-March-2024
Network Attached Storags - NAS - Linux in the House - https://linux-in-the-house.org
