TrueNAS NFS Setup For XCP-ng and Linux

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

a network attached storage device can share data out using several different file sharing protocols one of those is nfs network file system also known as unix shares but how do you configure an actual nas like true nas for example to share data out using nfs how do you then connect an end device like a computer desktop operating system or a hypervisor like xc png to these nfs file shares or if that's something you're interested in learning about then stick around and watch this video because that's what we'll be covering [Music] now when it comes to nfs it's kind of similar to smb in that we're basically sharing a folder out over the network that where multiple users can get access to the same data they can upload new files and create new files delete files edit files and so on but it's all about shared storage and that's kind of similar when it comes to hypervisors as well because they'll need access to shared storage to be able to get access to a virtual machine for example because what we want to be able to take advantage of is much simpler migrations from one node to another if the actual virtual machine is sitting on a mobile hard drive if you want to migrate that virtual machine from one node to another that takes a long time because all of that data and metadata has to actually be transferred from one computer hard drive to another whereas if we're using a nas for example both of these nodes have got access to that same shared folder and it's just a case of disconnecting one node then connecting another node and hey presto you know if you've actually migrated the actual um virtual machine without actually moving the data itself much much simpler but at the heart of it all it's all about user accounts that's the very first thing we've got to do is to create a user account and the one thing to bear in mind with trunas is that we've got to login as the root user or at least to the actual web interface here if we want to share something else we need something to share in the first place we either need a folder to share out or we need a data set the share out which means we've got to create that i certainly don't want to share an entire drive i want to share an individual folder or an individual data set but the problem is as soon as i create that it's going to be assigned permissions to the root user which i don't want so the very first thing we've got to do is well create a user account now truenaz is based on the free bsd operating system which means that it's not just user accounts i need to factor in here but also group accounts so even though what i'm planning to do is to set up an nfs share where we're actually going to be getting access from xc png hypervisors technically i only really need a user account to be able to get access to files within that folder but the problem is whenever a new file gets created for example the system is going to assign permissions to the actual user account in other words the actual user account used to actually create the file the owner if you will but it's also going to sign permissions to their primary group because that's the way the system works you've got a user account and every user account has a primary group so they have to belong to at least one group so that way when the actual system creates this file or folder it knows who the user is and who the group is to assign permissions to so in my case what i need to do is to actually create the group first so we're going over to accounts then going over to groups then i'll click on add to create a group now this is the first group that i'm creating so it actually gets assigned a group id of a thousand now the problem is i want to be able to get access to this from say a linux machine for example and i'm going to have problems if the group id isn't in alignment on that of the computer you know based on what i'm using here and the reason for that is that each computer has its own individual database for users and groups i mean we're not using a directory service like ldap a shared user account database each of them is individual but we've got to keep them in sync so for that reason i don't you know i don't create this group here with a number of a thousand because chances are i've got another computer out there and it's already started creating groups in which case that one was already used so for that reason i'm going to change this to 3000 because i know for certain that's not getting used anywhere else so i should be able to go to another computer now and then create you know an actual group that's got the same name and the same group id and then trunars and this other computer are in sync with each other so now that we've changed the group id i'm going to give this a name it doesn't matter what the naming convention is it's entirely up to you but for me this is all about nfs shares for my xc png hypervisors so i'm just going to call this group xcp users now when it comes to these options these first two options it's all about least privilege um zero trust this is the security model we're basically working on these days is that we should only be giving people access to what they need access to these the actual users up for this particular group that don't need access to you know pseudo rights for example they don't need to log into the computer and elevate the privilege to where you know using pseudo for instance so you know not surprisingly that's not enabled by default we don't want to enable it because the idea is you only give permissions or rights to people that need access to what they need to so we're going to leave that as is but for the same reason we're going to disable summer authentication because for us this is all about nfs shares so they don't need access to windows shares smb shares whatever you want to call it so deselecting that option we also don't want to allow duplicate group ids so we'll click on submit and then that will go off and create a new actual user group now one thing to bear in mind is although we've got this new group here and it's got a group id of three thousand it's not going to actually then pick a 3001 for the next group we create so if i click on add you'll see it's going back to a thousand so it's got its own inbuilt system as to where it starts at and then it will increment from there so in which case that's just something to bear in mind don't assume that the next number is going to be 3 000. so if we're going to create another group somewhere down the line and it's you know different to this for different uh a different share for example we're gonna have to bear in mind the fact that we'll have to change that group id to something completely different as well next thing to do is to create our actual user uh so we've gone into the users option there click on add uh we'll give it a full name so i'm just going to call this swan cp user click on the username and that automatically gets populated from the full name now if this had been more than 8 characters that would have been truncated it does warn you if you click on like the question mark about you know limitations for certain systems and so on in our case it doesn't really matter because i mean i mean that that username that we've used here it's relatively small anyways it's not that big of a deal password definitely definitely want to be using something much longer and much more complicated than this because the only reason i'm doing it like this is the fact that most of the time even with a an actual password that's small i still have to bear you know fat finger in the keyboard or whatever you are typing too quickly and you end up getting messed up so if this was like 20 plus characters i'll just never get it done within a video basic i mean i could actually set up a an actual database manager for example for passwords but the there's always the risk i could accidentally copy and paste in a real password and i don't want to risk that on a video that's out in public so for that reason and purely for this video i'm using relatively weak passwords and but you definitely definitely want to be using something you know much longer much more complicated than what i'm doing user id this is our first user so not surprisingly this one's starting in a thousand but i do want to change this as well because again i'm going to create a user you know probably with that same name on another computer in which case i need to make sure not just the name is the same but also the user id now one thing to bear in mind though is that the user id and the group id do not have to be an alignment that's not necessary all i have to do is create you know a group that's got the same name and group id that i've created on this nas server on my linux computer for example and a user account that's got this same new username and the same user id on my linux computer that way the two databases are in sync but the user id and group id that's that they're not relevant to one another now the next thing i want to do is i want to deselect that option to create a new primary group i mean it's not it's not surprising that's the default option because you just literally cannot create a user unless it has a primary group but i don't want to end up with a group called xcp user for example i want to actually use that previous group that i created so we've deselected that so that we don't create a new one and i'll just scroll through the list here and right at the bottom we'll pick our group out so now what's going to happen is i'll create an actual user called xcp user that belongs to the group xcp users account home directory not relevant to this this is all about for me it's just you know xcp ng hypervisor is getting access to ear share so that this particular user doesn't need a home directory so we're just going to leave it on the default which is non-existent in other words it's not going to create one in which case the permissions down here it can leave as is because they don't apply other options around here we can pretty much leave as is except for the one at the bottom we don't want to allow sambar authentication again it's a case of this user account it doesn't need access to samba shares in which case we shouldn't be giving it access to them so we'll click on submit and that will go off and create our user as before if i go and click on add the next user is going to end up with a user id of a thousand so again it's not it's not so like clever if you will where it says all right you actually want to start at a higher range no it doesn't work like that it's got its own internal system so anyway we've now got an actual user account and we've got a group account so the next thing is to actually set up something that we can actually share out in the first place now for a typical file server on nas you would usually be creating folders and then sharing folders out but because the way we've got truenas set up here we can take advantage of what are called datasets and they allow us some extra options over what we would get with a typical folder so for that reason i'm going to go over to storage uh then i'll go over to pools and then what i'm gonna do is actually create a data set uh below my main pool here so this is the pool of data that we've got all of our hard drives have been pulled together to create this one big giant pool of data what i don't want to be doing is sharing out the entire pool it doesn't really make much sense for one thing i might want to be able to share certain things out using smb some might be using nfs i might want you know different uh people to get access to different data for example and that would be a lot more complicated if we just share out in the entire pool so for that reason we're going to create a completely new data set which will be kind of like a subfolder off the pool so we're going to click on the ellipsis here and i'm going to select the option called add dataset and i'm going to give this a name of isos and the reason being is this particular nfs share that we're actually going to set up i mean this is just a data set we'll share it out afterwards through nfs but this is going to be where i'm going to be storing iso images or cd images if you will that the hypervisors can take advantage of to then create virtual machines from and all of the hypervisors i've got have access to this shared storage now what sets these data sets aside from a folder is all these options so these are the basic options but if you click on advanced there's a lot more and these come in particularly useful so for example we've got compression for instance by default what's happening is anything that's created within that pool is using the lz4 or lz4 compression algorithm but you can change that on a per data set basis so you pick all these different types of algorithms and that's really useful for example if you're going to upload data that's got um it's like high compression anyway to begin with there's no point uploading you know heavily compressed data to a folder which is then going to result in the nas trying to compress it even further it's just going to be a waste of time and probably end up with bigger files in the first place because it's got to add on that compression header for example in which case we might want a particular folder where we store our heavily compressed files and we then just disable the compression level when it's because there's just no point trying to compress it again so that's a useful feature to have so there's quite you know quite a few other options the only other one i'm going to point out at this stage is the encryption because this is a one-off choice now what i've done is i've disabled encryption in the pool the reason being is that i don't really see a benefit to encrypting everything on this nas there's going to be a lot of data on the actual nas that doesn't need encrypting where there's just no gain so for example these iso files for example there's no point doing that because i'm pulling them off the internet so why would i want to encrypt them if somebody got access to them it doesn't matter they're on the internet anyway um the disadvantage of me and crippling them really is the fact that every time a file gets uploaded the nas has to encrypt the file before it can write it to disk which case that's adding you know a bit of latency it's adding a bit of extra process of time to the actual now so it's going to take longer um it's not as efficient basically same as you know it's true in the reverse when we start to pull files down from the actual nas if it's encrypted the nas has to unencrypt it so it slows things down again so yeah to me there's just no point in encrypting everything so i like this option of being able to do things on a per data set basis so the way this is set up is that pool doesn't actually de encrypt anything anyway so whenever i create a data set it's inheriting this unencryption option so if i actually want to encrypt a particular data set i'll have to deselect that option and then start selecting the encryption specifications there the only thing to bear in mind is this is a one-off once you create the pool you can't go back and change your mind it's the same with the data sets in this case i'm going with this non-encrypted option for the data set and since i click on submit that's it i can't go back and change my mind as you guys will see in a minute i'll click on submit because there's no other options i want to change at this stage but if i go back to edit options here even though i go to advanced options there's nothing in here to allow me to set the encryption it's just a one-off choice um that gets set when the data set gets encrypted like i said it's the same for the pool you know i've got this set up without encryption and i can't go back now and change it um if i do change my mind i'm gonna have to create a completely new data set with encryption copy everything out of this particular isos data set into that one and then i may as well just delete that one because it's no longer relevant anymore so it's something you've got to bear in mind you've got to decide whether you want to encrypt it or not in my case i think it's more efficient to not encrypt everything and only encryp as and when i need it but yeah that's one of the reasons i do like these data sets is just the fact that well one i can do it all through the goo i don't have to drop into the shell and start creating folders for example i can just create data sets just by clicking on the ellipses up here and then saying add a data set so it's it's a bit easier if you're used to gui's but it's also i'm going to be able to get all these extra options anywho for whatever reason when it comes to trunads i have to log in as the root user and that root uses primary group as wheel which means that this particular data set we've created has actually permission to say to root and wheel and i don't want anybody logging in over the network as root and wheel to be able to get access to them it doesn't really make sense um at least it's not good you know from a security practice in which case i need to change the permissions on this data set so i'm clicking on the ellipsis here and i'm going to edit permissions so as you can see the owner is root and the group is wheel so i want to change those but rather than just going through the typical uh permissions that we've got of user group another i'm actually going to take advantage of the acl manager that we've now got with truenas here and what i'm going to do is i'm just going to go with a preset acl most of the time that's all i need and i'm just going to select restricted click on continue because what that restricted one does is it allows full control for all for the actual owner and it allows modify the group now where it's got owner at it means this user here where we've got group at it means this group here i mean you can change these if you like uh if you select user you then have to tell it which user you want now in my case i'm i'm happy with a specific owner it's the same as you want to change the group you can change it to group and then tell it to group there's also a special option for everyone now in my case we've only got these two access list entries if we scroll down you can see there's nothing else but the good thing about us it allows you to add more entries for example you might be able to you know want to pick out a specific user who isn't necessarily a member of the group to get permission for example so i prefer that over the basic setup which is just a group a user and everybody else it can get a lot more flexibility through these but before i commit this what i've got to do is i've got to change the permissions here so i'm going to change this one well there's different ways you can do this for the user i'm just going to click on the drop down menu scroll down here and then i'll pick xcp users so there's all those built-in users that you've got in the list any new ones you create are right at the bottom so we'll pick that user out one thing to bear in mind is if i click on save at the bottom and go down there it's a save option nothing's gonna happen the reason being is that you can have such a big impact by doing uh all these changes to who's the owner who's the group that's got permissions but you want you to confirm it it's a bit confusing i must admit when it says apply user uh it would have been better if it had i think maybe like confirmed choices but you know the good thing is you've got the question mark and it does tell you yeah that's to confirm the changes so we've got to take that box to say yes we do want to change the owner to this specific user so even though we've actually picked a user out that's different to root unless you take that box it's not going to get changed i also want to change the group so rather than just you know scrolling through that big laundry list of groups for example what i can do is just start typing in the name of a group and what it'll do is it'll pass through the list and give you so like a filtered output there in our case there's only one group that begins with grp and which case that's easier to select and pick out but again i've got to take that box to say apply that specific group so what's going to happen is it's going to change the permissions for this data set or if you drop into the shell it just looks like any folder to be honest it's going to change the permissions and it's going to set xcp user as the owner and they're going to have full control it's going to change the group over to be grp xcp users and they're going to have modify rights uh mouse has gone a bit strange there so they've got modify rights i mean i can change it to something else if i wanted to don't have a specific need i mean you can go one step further to give them like full control to change permissions and so on if i wanted to uh but that's enough for me for now i mean you can even go into changing the basic um uh acl the basic type of permissions rather at the moment we're setting basic which is just things like you know read access modify traverse and full control if you if you go with a more advanced option there's just a ton of things you can pick but these are easy enough for me finally we've got an option down here which is to apply permissions recursively now this is a completely new folder or data set we set up so i don't have anything that already exists in there but if we were making changes and to an actual folder that already had files in there and folders we would want to tick that box and say actually apply this this change to everything now in our case i don't necessarily need to do that so i'm just going to click on the save button leave that alone at its default setting so that changes the permissions over so if i go back into edit permissions you'll see when i was set up with xcp user and group xcp users if i go into the shell and you can see from a shell's perspective if i have a look at that specific rule there so slash mount pool one you can see there xcp user who's got read write execute permission group xcp users read write execute permission that's just from its perspective the acl manager is a bit more complicated than that but the key point is that nobody's got uh or nobody else i should say the other users have got no permissions whatsoever we've taken all of that away because of that acl manager so we've now set up our actual data set so the next thing to do is to actually share this out using nfs now sharing this actual data set out using nfs is relatively straightforward but there's just something else i actually need to take into account so what i'm going to do is go over to sharing and then we'll select unix shares nfs then we'll click on add and i've got to tell trunas what it is we want to share out in the first place so i'll select this isos folder it's the only one i've got you can see it's actually telling us it's got an acl applied we can change the description if you want or put something in there to make it more meaningful but in my case you know the actual full name is enough for me to understand what it means we have quite a useful feature here or four ns at nfs which is called all dirs the idea is that typically you'd be on a computer and you'd mapped to this specific folder this nfs share that we're setting up and then you would then have access to you know child folders subfolders within there so you'd navigate your way through them now if you select this old dirs option though you can actually map to actual individual child folders you don't necessarily have to map to the parent all the time you can actually map to ones uh below it which is quite useful now in my case i've got iso images in here so it doesn't really matter it's not something particularly useful to me but it's something to bear in mind now this option though is quite useful i'm going to take that box and that's just basically suppressing error messages which could be deemed cosmetic more than anything gives you a bit more information there and one thing you don't want is a ton of error messages in logs because when you're troubleshooting you want to you know you want to make it as easy as possible for yourself so logic here is that well as long as this works then it's a case of i'm quite happy to leave that box enabled if something on the other hand stops working it doesn't go as planned something breaks then i would come back and deselect that option not surprisingly wouldn't leave that option enabled and set because obviously that decides that particular rare share is available over the network it's going to be uh something that people can connect to but it's quite useful in the sense that you can actually then disable your sharing on a per folder or per data basis so that's quite useful i mean you know for maybe maintenance or something maybe you want to disable a certain folder from being shared in a certain time of day or something definitely useful that being able to do it per uh per folder rather than having to do something where you're going to take down the entire nfs and service for example so yeah quite like that so either way we do want to be able to get access to it for now so i'm just going to leave that damn set enabled but what i do want to do is go into these advanced options now i'm not too fussed about the read-only option because i certainly need to be able to upload iso image files but these options here are what are of interest to me because the zen servers that we've got they're going to try and connect into this nfs share as the root user and the group wheel the problem we've got there is well for one thing i've changed the permissions on this data set the setups that xcp user and group xcp users are the ones who've got permission so if the you know the hypervisors try and connect in that doesn't really make any sense it's a case of um we've got a specific user and group that i've got access to these but also i want to kind of like discourage anybody trying to get access through the root and wheel group anyway so what you can do is you can actually take advantage of these two to actually squash and that user root account down to a particular user and group that you want them to be so what i'm going to do for that reason is i'm going to change this to xcp user and xcp users so when the hypervisors actually connect in and they're going to try and connect and use in their root account but what truenas is going to do is just going to give them access based on this user account and group account in which case they'll be able to get access to the share now now there is an operational benefit to this and that i now don't have to actually keep a user account and a password on an actual computer like a hypervisor for example the benefit of that is that let's say somebody would actually change that user account now if that's been you know stored on the actual hypervisor for example the problem is the password's broken now it's it doesn't align with what truenas has got it set up to in which case the actual hypervisor will stop working you won't be able to get access to the files and folders over nfs anymore so there is an operational benefit to it i must admit in our case no matter what i do this then service is going to try and get access as root anyway as you'll see surely it's not giving me an option really to change the actual user it's just gonna connect this route anyway but something to bear in mind with other uh computer systems that are out there if they're running 24x7 last thing you need is somebody changing a password and next thing you're just broken and you know the hypervisors because these days probably everything's running in virtual and environments anyway so that could have serious repercussions so we're taking a bit of a business risk out of the out of the um the equation here but rubbing up a security risk because it means that any computer that's out there now that's got access to this share if it tries to connect this route it's good just going to get access in you know with these user account credentials anyway and that's a bit of a security gamble uh something we definitely don't want so for that reason we have to take a bit more of a secure approach where you can see here i've got a nas it's going to have an interface in the 172 1620 network same as the hypervisor so other computers like these ones for example they don't have access to that vlan in which case they won't be able to get access that share the only computers will be the hypervisors now i did use that same subnet in a in a previous video for smb shares but since i'm not planning to do any smb shares on this network it's a case of i'm quite happy doing it that way if i do want to allow anybody access to that so for example upload iso images what i can do is i can actually provide a connection from the firewall into that um specific subnet for example and then i can restrict who can get access to it but it's uh yeah it's something to bear in mind is that um we're kind of stuck here in the sense that the hypervisor is going to want to try to use roots so we've got to do something i mean if you do these options here you can't use both these pairs here and these pairs here these pairs are effectively like an anonymous access because they refer to all users if we put a user account in a group account here then it doesn't matter what account you use um to connect you'll get access and you'll get access based on you know whatever user account group account here so that's like i said it's like equivalent to anonymous access so that's even the biggest security risk but these two would trump these two anyway so you wouldn't configure these two and these two so in our case because the hypervisors are going to try and connect in through routes i'm going to override those i'm going to squash the route user rights down to xcp user and the wheel group down to group xcp users but any other user that now tries to get access it'll have to log in with a genuine user account and password what i can do is to tighten things up a bit is to actually either set up specific network restrictions in other words we only allow access from specific subnets or i can do it on a per ip basis now because it's a lab ip addresses can be changing quite frequently so in my case i'm actually just going to set it up for a specific subnet so it's the for me it's going to be the 172 1620 network i'll just double check that 172 16 20 yeah so now what i'm doing is i'm i'm being even more restrictive so at this stage nobody unless you're in that specific subnet you won't be able to get access into this nfs share and you can keep adding on here i mean you can see it by default it's set to a slash 24 prefix foot we can change that um 24 bits is the prefix length we've got here by default which for me you know it lines up with what i'm using anyway i can click on the add button and add more subnets as we go along and i can as i said do it on a per ip address basis if i want to but for now that's pretty much it that i want to do so we should end up with a share except let's see when i click on submit it says well actually you don't even have the nfs service enabled in which case i do want to enable that so i'll click that so the first time you do start to share anything through nfs the service isn't enabled so it gives you that pop-up to actually tell you that you you know the services being enabled so what we want to do though is before i finish off is to go over the services and i want to make some changes because you can see there's a lot of services here they're not enabled by default so it's a good security practice but what we've now done just by setting up that share is it's actually set up this nfs server so that's now running and it's got it set to start automatically so whenever this truenas server gets rebooted it'll automatically start up nfs but i do want to be a bit more securely conscious here so i want to change this bind ip address because by default it's listening on any interface so i'm actually going to change that and i'm only going to listen on that specific 172 16 20 ip address but there's two reasons for it one's for security another one is the expectation would be this is going to be like a much higher uh throughput interface the unit the interface is more likely to be also like a management interface there's no point trying to upload files through a what potentially be like maybe just like a one gig in the face versus something like this which would be 10 gig um also it's okay so i wouldn't want to overwhelm the the management interface so there's the two aspects to it one is to make sure the management interface is always around and available not getting overwhelmed through data transfers but also it's a security advantage in that unless you're connecting on that specific subnet you're not going to get access to it anyway another thing i want to do is to enable nfs version 4 and that's pretty much about it i mean i'm not really at the stage of doing things like kerberos for example and nothing else i can see here that i need a change now if the actual nas server or more specifically nfs starts to get get laggy and slow you can actually add more ram power to it at the moment it's set up for four listeners basically when you click on the option it actually tells you about um you know how much how much it's already set to and how much you can change it to if you want but here by default it's set to four and starts to get slow you can add more in if you like but that's not for me because it's just a test lab anyway so we'll click on save and that's made the changes i want but just to be on the safe side i'm just going to stop and restart that service just to make sure that they take effect so it should now be operating with nms version 4 and only listening on that specific interface in which case the next thing to do is to then actually try getting access to it now the reason that i've set up that specific nfs share is to give the hosts access to iso images so i'm connecting into my dashboard if you will for zen orchestra i've only got one xc png hypervisor but effectively i want to be able to allow any host access to that nfs share so they'll have access to these iso images that i'll put there and then i'll then be able to create virtual machines that can use these iso images to create you know operating systems and uh it's a case of i need to actually connect xc png to the nfs share and it is relatively straightforward and since it's there's not a great deal of information i've got to put in i just have to factor in that they're going to connect and it's the root user though hence the reason why i've had to squash the actual user account and uh group account rights down to a specific views that it's already got actually accessed to that chair so down here i'm coming to the option new and i'm going to select storage because this is how we set up access to an nfs share so the first thing i've got to do is select an actual horse now i've only got one i do have an actual pool but there's only one xc png host so not surprising the pool's got the same name as the host so i'll pick that storage name well i've done this before so i'm just going to select what i've already used which is isos give it the same description and then it comes down to the choices of the types now this particular folder or share that we've got is aligned with this nfs iso so it's an iso storage what we're not doing in on this particular one is shared storage for virtual machines which is what the vdi storage is referring to with this one the expectation is that we're just connecting into uh an iso storage pool effectively where we can get access to iso winches this is one where we're actually gonna have a shared storage medium if you will where all the hypervisors can get access to uh create virtual machines on and then when we migrate an actual machine from one node to another we're effectively just disconnecting the node and then the next node just attaches to that same shared pool it's much much easier much much quicker than actually storing the virtual machines on the individual nodes themselves but in this case like i said we're more interested in iso file so i'm going to select that option you do have another option which is smb but for this video we're interested in fs so select that you now want to know what the actual server is so you can put the ip address in or you can actually get it to do it you know dns resolution in my case i'm just going to stick with ip addressing for now i'm going to change the version over time to use version 4.1 which is the later version that we've got here and now what i do need to do is click on the question mark here and what it's going to do is it's it's going off to interrogate that actual server and we've now got a path option here so we're going to drop down box and this is the only nfs share that we're seeing so we'll select that and you saw the little wheel spinning around there now if something went wrong it would actually pop up an error message but it hasn't so that's a good sign now you do actually have some options you can put in there but what i'm not seeing here is an option for changing a user account for example to specify a user as i said it's kind of about weighing up the security risks versus the operational um challenges and that if we did have a means to put in a user account password you've got that problem of well if the password changes all of a sudden your hypervisors don't work anymore then but that would be especially a big problem if this is this was a vdi storage type because then all of a sudden literally the the hypervisor wouldn't have access to that share anymore or in fact none of the actual hypervisors would and the entire system would just collapse so yeah we are making a bit of a compromise in terms of security that a computer that can you know somebody who's on a computer and has got access to the root account can effectively connect into the actual um now shared just by being a root account and they'll automatically get access but we have taken that extra security proportion of isolating the storage subnet away from everything else that the idea is only the hypervisors should be able to get access anyway we've selected all our options all seems to tickety boom so we'll now just click on the create button there that should then connect this hypervisor into the nfs share so it's done that but as you can see there's nothing there it's a completely new folder uh or data set if you will it stands to reason there is there's nothing there and it's available for this to take advantage of so that's something we need to do is actually start uploading iso images and there's no real option here where i can't like click on a box and say all right and upload this image from this particular computer and download and i'm connected through you can do that through something like esxi but i can't do that with xc png for instance so the alternative way in which i'm going to do it uh long term i should say would be i would connect the firewall into that specific subnet to allow this specific computer access into that subnet so that that computer can download iso images from the internet it'll then have access to that subnet through the firewall but the firewall is being very restrictive and only allowing that specific computer or various computers you need because the idea is i've got jump servers on here for management of the entire network all the computers and so on so that's a security um aspect i'm quite happy with in the sense that yes that computer doesn't have direct access but it's very tightly controlled who gets access to the computer and even from where so the only challenge with that is that these two computers are on different networks i mean this this nas for example it's sitting in this network here which is the storage network but it's also in the infrastructure network it's got access to the internet uh through that interface so if this computer would have tried to connect uh through the firewall the naz would see that ip address and then try and connect to it through that specific interface and the connection would break you'd have what's called asymmetric traffic so for that reason what i would have to do is set up network address translation so that when the firewall forwards the traffic into the subnet it would actually have to translate the source ip address of this particular computer so that way the nas would respond back to the firewall effectively and then it keeps everything nicely symmetrical but this video isn't specifically about um setting up firewalls and network translation that's outside of our scope really here all we're interested in is setting up nfs how to get it working on xc png how to get it configured and so on and true now so what i'm going to do is i'm cheekily going to get that this pc directly connected into that subnet so it's got direct access um that isn't really something you should be doing so i'm only going to do it as part of the fact that it's a video world that i'm doing my long-term goal really would be to allow that specific computer access but this is just like a quick fix job shot and show you how to get an actual linux machine to connect into that nfs share now while i couldn't get access to this nfs share and using our xcp user account what i want to do is actually set up a completely new account because the idea is that maybe you want to actually set up an nfs share and allow access for multiple users so in which case we're back on true nas and we're going to create ourselves a new account so go to accounts and go to users i'm going to create a completely new user i'm going to call this one fred and i'll put in a password again do make sure you use something a lot stronger and more secure than what i'm using this is just for demo purposes now i definitely need to change this user id because when i go to another computer or linux computer for instance that 1000 is probably going to be used anyway so which case i'm going to pick this one over 2000. so the user ids 2000 the group id is going to be 3 000. so i don't want to create a new uh new primary group for them but i do want them to belong to this group xcp users instead so we select that option there and we'll scroll down i don't want to give them somewhere authentication for instance they don't need a home directory so that's pretty much it so we just create that user and now what we've got is a different user who should be able to get access to that nfs share the only thing to bear in mind is they don't have full permission so they can't change permissions but what they can do is at least get access to the share they should be able to create files delete files and so on they just can't change the permissions so next thing we need to do is to set up an equivalent user account an actual group account on a linux compute episode and test access from there now i'm logged into an actual linux computer which has got direct access to this and that storage now that's not really the long term uh plan uh i just want to show you how to actually connect to that share through linux so first thing i need to do is to actually create an actual group that lines up with the one that we've got on true now so it's going to be pseudo add group group id is 3000 the group's called grp cp users so we've added a group next thing we need to do is to add an actual user so that user has an id of 2000 it's called fred so give brett a password i don't need to put the details in but normally you would i mean to be honest if you're sending up lots of users anywhere you'd be scripting this sort of thing so now could i use a pork bread so let's just check fred's d we'll check friends details i'm gonna lag there so fred has a user id of uh of 2000 but they're actually in an actual group called fred so i need to change that so uh sudo to use a mod so dash g to change the group so the group is glp xcp users and we're changing this for fred so if you have a look at fred's details again you can see he's now actually um belonging to that specific group that we want them to be in so it's a case of his primary group is now the you know group xcp users so fred's now all set up ready to go but the thing is out of the box we can't actually connect to nfs so even this is a linux computer and nfs is more geared towards uh unix computers the idea is out of the box we just can't connect direct to it we can connect the s and b shares we just can't connect to nfs which means we need to install some extra software to give fred access to be able to mount shares and get access to that nfs share so they can then start uploading iso files now as usual the first thing we need to do is to make sure this computer is up to date so the pseudo app update first and just check that we don't need to update anything first okay so that's fine the next thing we need to do is to install the software that allows us to actually mount these nfs shares so for that we need to install uh nfs common i'll just put in dash wise that it doesn't prompt me now once that's done and install the software we could like manually mount the actual um shares to a folder if you wanted to but i want to automate this so the idea is i want to take advantage of fs to do that so we're going to install that next so i'll suit up install auto fs and then off i'll go and install that software now the good thing about that is it's a case of it it'll connect to the actual network share but it'll be it'll all be automated so with a manual uh mounting of drive or full refuel the problem will have is whenever you reboot reboot the computer it'll forget all about it with autofs this is just so totally automated um we just need to set it at once in this case uh for this specific folder every time the computer reboots and that user tries to get access to that folder it'll map the drive for us so it's pretty useful that so what you need to do is actually edit the master file first just to tell it what we're going to be doing so i need to tell it to well i'll just put an extra layer in there i need to tell it to use slash nfs this is basically the parent folder so this is where we're going to be installing all uh mapped nfs folders if you will uh so now that i've put that i've actually got to tell it where to interrogate a file for the for all the information so i'm going to create a file called auto.nfs this is going to contain all of the actual mappings for nfs shares you can basically set up different um config files for different file sharing types and the idea is that any mapping that i've put into this config file here is going to basically end up being a child folder of this nfs folder here so we can have different ones for different protocols so it's a nice clean way of doing things quite like that so slash nfs slash etc auto dot nfs and then we've got to actually configure the file itself which contains the actual drive mapping details so this one we need to give it a natural name for the folder that we're going to map to uh we also need to give it the file type so that's fs type uh in our case it's nfs4 so dash fs type equal to nfs4 then we're going to tell it to drive mapping so 172 16 20.30 slash slash cool one slash isos and i can just keep adding more and more mappings here if i will if i want to so this one is going to end up in a child full of iso so when we want to reference this we'll be referencing slash nfs slash isos and then i can have multiple you know mappings defined here all going into different folders so it's nice clean and tiny i'm going to start doing it that way so now that we've done that uh i need to make a slight change for nfs because we're using nfs version 4 so that's slash epc slash defaults slash nfs dash comma i think it is here so what it's got is a setting down here which basically it's order detecting whether kerberos is getting used now i know i'm not so just to save myself a bit of time i'm going to tell it what not because we're using nfs version 4 i also need to basically tell it about that so that's to do with the mapping so i need id equally yes so need underscore id map d equally yes so you can see i mean if you go through these details it tells you that if you don't specify anything it does order detection and that's why i set that one to no whereas in this one i want to tell you yes we do because i know it's going to need it so we made those changes now the thing is i need to restart the service at this stage because we've made some changes to order fs so so we'll do a pseudo service or auto fs and pull up the reload then i'm just going to check the status just to make sure that it doesn't throw in any errors and then i'm going to come out up here and i'm actually gonna log into fred because fred has access to this um you know nfs share whereas uh that user account david doesn't so i'm just gonna log out i mean i could have just switched users i suppose that's one way so log in as fred this time and just make sure i put the password in properly now fred's a new user so it's going to prompt us for a series of questions but i'm just going to jump straight to the terminal just to see if fred does actually have access to this so i'm going to the terminal i can do ls dash l dash nfs slash isos now to come back with total zero so at least at this stage i know that it has connected because if i do cd slash nfs isos you can see we're now in an actual directory the reason it came back with total zero because there's nothing here so just to demonstrate that fred's got access to something and we do touch cd or iso so effectively it's just going to create a file called cd.iso and now if we do an ls dash l the file exists the only trouble is it looks a bit strange because the user account or the owner if you will is called nobody and the group that's got permission is just this this number so it looks a bit confusing actually so the reason that's a problem is to do with some mapping so what we need to do is fix a mapping on this computer because if we go over to xcp well i need to go over to the actual management computer uh well actually incidentally while we're here on xc png let's see if we if we redo a rescan you can see now it's picking up a disk so it's picking up an actual disk called cd or iso so effectively the actual hypervisor has now got um access to this you know fake file called cd or iso i mean what i'll have to do is actually download an actual image and then uh copy it but what i'm just going to show you is if i go to the shell if we do ls dash l slash mount slash isos that's cool one that's fine interestingly enough prunas actually sees this as being a file that was created by fred and the group xcp users has got access to it which is different to what the actual uh pc that we've got to see it's seeing something completely different and that's that's basically a mapping problem that we need to fix uh if i can just minimize that and get it out of the way so you can see we're we're seeing something different here so i'm just going to log out of here because i'm going to have to reboot this computer anyway once i've made this change and we'll get the actual mapping fixed so i'll log in as david because i've got pseudo rights on this computer so i'll be able to make the necessary change on this one assuming i can put the password in that's a reason why i don't want like characters about 20 characters or something i'd never get that right okay so just wait for this to to connect and then we'll go into the terminal and i'll make a change that impacts the actual mappings so previous you know nano and it's if you see by the map come up d dot conf so you can see at the moment the domain is basically blocked out so we actually need to tell it what the mean to use that's the reason why it's having this problem so in our case it is temp lab.land so it's saying here basically this is what this is further down it tells you about mappings and it doesn't know you end up with nobody and no group and so it's just confused because of the the fact that they're it's it's not working correctly when it comes to the domain so the domain equals template down so i'll save that as what i'll reboot this now and then once this reboots we'll log back in as fred and this time fred should actually see the proper permissions i mean technically it doesn't really matter in the sense that as far as trunas is concerned everything's all tickety boom and working it's just from the perspective of the user who's creating all these files it just looks a bit weird something seems wrong but it is actually functional so it's just literally a mapping so we'll go back into the terminal again so if we do cd slash nfs slash isos there you go let's fix that problem so what the point now where if we go through a hypervisor it does see an actual um what it thinks is an iso file because that's what it's expecting here this is set up as storage for uh you know iso files for installing cd images into virtual machines and so on so what i'm going to do is actually download a real one and just double check that this is all working as it should now i've downloaded a copy of debian so i've got an actual genuine iso file here so what i can do is actually copy this across to the actual nfs share i could do it through the terminal but i can also get access to this share through the actual file explorer here so i'm just going to select that it's like copy if i go to other locations we go to computer there's our nfs folder that nfs creates there's the iso folders where it's mapping our drive and if we select paste it copies across so i've actually deleted the um cd actual file because well i don't really want that that was just a fake file but just to demonstrate we can actually get access to this i've got a zen orchestra if we go to go to storage uh if we go to select that isos i'm going to rescan and have a look at the disks so you can see it can actually see the iso file so what i can do now is actually create a new virtual machine uh using that iso file so i'll tell it to create one i mean i've only got one xc png server so i'll pick that one uh this is going to the debian computer so i'm using debian 10. and this is called dip 10. i'll leave all of those settings as is i need to get it to pick an iso file so you can see it's giving us the option of that iso file that it knows about on the nfs share i'll just scroll down i mean i'm not really going to create it but i'll i'll click on create and then off it goes so it actually boots up the actual computer as you can see automatically and by default so once it's actually up and running you'll see it'll start to actually give us the the actual option so if i go into the console you can see it's already literally booted off that iso file so i mean it's not that difficult to do really um setting up the nfs share in trunars is pretty straightforward to be honest it's probably easier just using smb because you can you can't share a full route using multiple uh file sharing protocols so it might be easy to by all means set up the actual shares for using nfs you could even use smb if you want i'm just really trying to demonstrate how you set up nfs using truenas and how you can then access it you know using linux because you can actually have um you know computers connecting to an nfs share for example so you can have multiple users who get home directories for example that the process is pretty much the same you're going to use an nfs share on say true nas and then you're going to give all those computers uh their own sort of like mappings if you will through truenow's using something like auto fs so that was really the premise behind that was just to show you how you could use nfs but i think in reality it's probably a lot easier uh for some when it comes to something like iso files probably just giving them access through like smb or something and then and then you can upload it a lot easier you don't have to necessarily install the nfs software onto the actual linux computer for example i mean out of the box a windows machine and a linux machine they can all get access to an smb share so it's much easier for them um to get to get access to that and that smb share then it is like an nfs share it's a lot more complicated and kind of weird up to think well is it really worth it kind of makes sense for the um the hypervisor because in the case of the hypervisor you might also want to be able to set up a different type of nfs share and that's where we're talking about getting access to shared pool of storage to be able to actually install virtual machines on now when it comes to configuring nfs on truenas uh here to provide shared storage for virtual machines from hypervisor like xc png the process is basically the same so it's okay so i've set up a data set and i've set up a share so that's now available to x8 png so we'll go over to zen orchestra and we'll tell it to create a new storage and the process is pretty much the same here just one slight change so we'll talk which host we want and we'll give the storage a name give it a description now this is where it uh kind of branches off from when we were setting it up for isos here we've got to tell it to use a different storage type we want to be using this nfs storage type so it's for virtual disk images versus isos so here we've got nfs iso that's what's trying to distinguish between this is you've got nfs which is for the virtual disk images so these are for uh virtual machines versus nfs acer which is for your ace images one thing out of interest is the fact you can't use smb for that you can use it for your isos but you can't use it for the vdi storage i mean we've also got iscsi for example which i'll cover in another video but in our case we want nfs so that's pretty much it because now we just need to tell it what server to use uh we'll tell it the nfs version one and then click on our magnifying glass and that will go it'll interrogate the actual and so find out what paths are available so we'll tell it to use that one now it does remember a previous attachment i've had because i've been playing around with storage on this but in this case i'm just going to click on create and then that will create this connection to the actual truenas it basically allows us to then start installing virtual machines in here so if i go over to new and then select vm there we go to our pool here so that's the pool we've got in my case i'm just going to pick the debian image template i'm just going to call this say deb11 give it two cpus all the good memory i do have to tell it what the iso file is so i can get that through the isos share that we've got and what i do definitely need to do is change the storage so by default it's pointing to local storage but the intention here is we want to be able to make this virtual machine available to other hypervisors now only one hypervisor will be running this virtual machine at any given time but what it means is that we'll be able to get redundancy so i'll pick that's nfs storage instead because what it means going forward is that all of the files will be written into this nfs share and then if this hypervisor would have fallen over another hypervisor but you know as when i get around to building another one for the pool it'll be able to run this virtual machine if this hypervisor stopped working so it gives you really good redundancy it also means that i'll get much quicker migrations from one hypervisor to another because the actual underlying data the real hard drive for example that we've got that's going to be built with this operating system resides on shared storage so we're not transferring data from an actual you know global source on one computer to another we're just effectively releasing the locks so that um the original hypervisor let's go that virtual machine the next hypervisor takes control of it there will be some data transfer you know what for whatever is actually in in volatile memory but the main um data itself or the data that makes up the operating system any data stored on that on the drive uh the virtual drive that we've got it resides on the nas so it will never actually move so that's pretty much it really it's it's uh it's a relatively straightforward process we've just got to remember that we need to create this slightly different storage type uh when we're actually creating shared storage and we've got to remember that when creating our virtual machines to actually actually select that remote storage and option and then after that if you go and click create now in general when it comes to using nfs for file storage one thing to bear in mind is that kind of a bit of a performance bottleneck especially if you compare it to something like iscsi or at least out of the box so typically what's going on is that nfs is operating in what's called synchronous mode iscsi on the other hand is operating in asynchronous mode so nfs is basically prioritizing data integrity over performance iscsi on the other hand is more um inclined to be relying on the end storage device to guarantee data integrity regardless so there's a difference going on here because nfs is basically operating in this synchronous mode where it's sending data across to the nas and it's not just waiting for confirmation that the data has been received it's also waiting for confirmation that the date is being written to disk in comparison ice because he's operating in a synchronous mode so it's just all it wants to know is how do you receive the data and that's it so that the turnaround is much much quicker so that's something you've got to weigh up in terms of using you know file storage solutions as to performance can be quite significantly different it's something you've got to consider i mean if you're going to use nfs can you afford to lose that data integrity because you can actually put nfs into asynchronous mode out of the box where what's happening in the case of true nas it's operating in a mode where it's leaving it up to the client to decide whether it's going to be synchronous or asynchronous um so you can actually switch it over if you want if you want even if the client actually asks for a synchronous mode you can more or less force it into an asynchronous mode in which case you've gone through the normal process like by scusi for example where all the nas is going to do is it's going to receive the data tell the client yep data's been received now it's in the next batch in the meantime truenas is then writing that data at the disk the problem that you've got is if the client thinks that data is secure and the actual nas falls over because at a time when the data hasn't been rendered this is always the risk of data being lost so as an example let's say you've got a computer and it's got a file in local storage and the user decides to move it to the nas the problem you've got is it's operating in two steps if you will it's going to copy the data now if the nas is you know running this in asynchronous mode and it's a case of it's just telling the you know the actual client that the dns being received and and you know send the next batch what's going to happen is you'll get to the point where all the data is actually being sent across the client's then going to think well that's it the data is safe and it will now go to step 2 and it will actually delete the file now typically in operating systems these days if you delete a file in other words the user deletes the file it usually ends up in a recycling bin so it's recoverable if you move a file on the other hand that deletion doesn't count it's it doesn't you know go into the actual recycling bin so the problem you've got is that you've sent this data and moved the data i should save it and as if your computer thinks it's you know it's all done and dusted and the data is now safe and stored on the nas it's then it's deleted it put in that particular moment the nasdam just falls over maybe a motherboard failure process of failure uh maybe it's a case of them powers lost whatever the nas hasn't actually got round to writing that data that was in volatile memory to disk and the date was lost and if it's been deleted on the client it's lost for good um there is you know ways to salvage data off disks but there's certainly the sort of things you've got to bear in mind that's why you know by default we'll have this data integrity going on and you know and as a priority over the actual throughput instead but yeah it's interesting when you look at the benchmarks in comparison because you can see significant differences and it is actually possible to disable that sync option if you want to so you can actually just basically force like a hypervise like you know xc png into asynchronous mode basically it'll just carry on sending the data and in the meantime yeah we'll get that data disk eventually you just got to wield the risks here in terms of you know what's your priority here the deal or the performance but just to give you some sort of comparison here if i go over to xc png this virtual machine for example if i get this installed in other words if i click on that create button and what's going to happen is i'll put this virtual machine up of cd image that will then go through a series of questions and then once all those questions are answered it'll install the operating system to this shared storage using nfs that's going to take me well after the actual first after the next reboot you know once the installation part's finished the actual virtual machine will reboot and then i'll get the login prompt so from the point of me clicking that create button going through all the questions and so on and getting that login prompt takes 34 minutes by default while we're in this synchronous mode if i switch over to asynchronous mode it takes 21 minutes so that's a massive you know difference in time 34 minutes versus 21 minutes just by disabling um the right sinks in other words going from synchronistic asynchronous effectively now that is doable it's not something that's recommended but it is doable in a training lab test lab or something you might not be concerned i mean in my case i don't actually have any important data as such uh i don't have any like data to lose i mean yes i don't have to rebuild things or you know restore them from backup if i had to or that sort of stuff but in a production environment you probably wouldn't be doing that but in this particular case what i could do for example because this is a data set i can do it on a third data set basis so i can just edit the options for this date set and then i just change the sync option so out of the box what's happening is the data set when you create it it's inheriting whatever the poll is set to and by default that set the standard unless you've changed it yourself that we set a standard which means it leaves it to the actual client to decide do you want asynchronous or sequence if we switch to always uh it doesn't matter what the client asks we're running synchronous rights in other words we're going to be writing the date at the disk then we'll tell the client and that's how that's the how that's how that you know the hypervisor is operating anyway on the other hand if i set it to descend and then it's a case of it doesn't matter what the hypervisor is going to ask we're not actually going to sync the rights to the actual hard drive we're just going to be operating in basically in an asynchronous mode so as far as the hypervisor is concerned yeah that data saved it's been written the disk basically well we are all running similar to like iscsi where we're operating in in an asynchronous mode because the data is being sent over from the hypervisor in this case to the nas and that signals back to the actual hypervisor and then get on with the next stem transfer in the meantime the nas is then trying to transfer that data to the disk and it's that that process until the actual data is written to disk will run the risk of actually losing data so that is one option that you've got it makes a significant difference in a production environment not something recommended in the training environments you can weigh it up you know training environment testing whatever you want to call it you can wait up it's entirely up to you so it is an option and easy enough to do it's just a couple of clicks and that's it and it seriously improves the performance but there is a more preferred way to do this now we're always going to get higher throughput if we just disable the synchronous rights but the trouble is you're at risk of actually losing data so there is a bit of a halfway house that we can introduce here which is to effectively cash the rights so the expectation is that we're going to have mechanical drives in the back end that pool that we've got when all of our long-term storage is as mechanical drives they can tolerate a lot more rights than cssds and nvme so they're much better suited for our long-term storage and give us much better data integrity as a result but what we can do is we can introduce faster drives as a caching mechanism so the idea is that client sends the data to the nas the nas then sends it to the actual faster drives and then it tells the client the date is written and then in the background what it will do is then transfer that data off the faster drives onto the back end pool drive so it's a a brief moment where we're keeping it on those same on these caching drives if you will because it's that turnaround that we're trying to improve it's the turnaround between the client and the actual nas itself and then we can get on you know in the background with actually storing the actual data so it does improve the performance just not as much as you know disabling the actual um right syncs so to do something like that um i'm in storage and then pools and for this pool that we've got we need to make an alteration to it so we'll click on the com and then we'll select add v devs now i've got two drives here that i'm going to use uh the idea is that you could have one drive for that the trouble is if you receive that data and right now to say disk 7 and that's the only caching that we've got the problem is if that disk fails before we've got the data off of these under our pool well that's it you've lost the data anyway so we'll take a bit of a performance hit again now we'll actually use two drives to give us a redundancy so we'll have a pair of redundant cache drives effectively and then we've got our back-end pool where all the real data is eventually going to get stored so what we want to do is click on add vdiv here and this is what we want here the cfs loan and as it says it's it's an optional right cache and you can you can you know you can add one and you can take it away and you can do it on the fly effectively it doesn't really make any difference but we can add this in and then what we've got to do is if we scroll further down you've got this option here for the log log v div so what we want to do is actually transfer both of these disks here and that gives us a redundant cache so again because it's a mirror it takes longer to to copy it to those two drives in just the one drive effectively so that the rights are a bit slower but i'd rather have the redundancy in that that is the recommendation to have the redundancy so if we click on the arrow there we transfer two disks so you can see the estimated raw capacity the moment is 20 gig because it said the strength so we don't want that we don't want the risk of the actual um you know any one of these discs failing would just completely break that cash so what we want is a mirrored cache so i mean i've got 10 gig which is probably more than we need because the idea is we're going to be receiving quite you know a reasonable amount of data over the network but we should be able to get it off these drives on the back end drives a lot quicker all we're really interested in speeding up that front end transfer between the client and the nan so once we've picked those two drives we've set them to mirror the actual capacity for the pool itself doesn't change all of introduces this log v david as i said it's called a z log or z log if you prefer so we click on the add v divs and we confirm that because it says any data now it's just referring to the data on these not the actual genuine pool that's being lost it's just these discs that's fine so we'd say okay we'll add that in so write it you know it formats those drives and adds them in so from the pool's perspective nothing's really changed as such it's still the same uh data storage we've just got now about this extra caching so we should then end up with is we'll end up with a faster transfer through uh for nfs we've still got synchronous rights but the other suggestion really is to go into your options on that data set and instead of leaving it set at standard set it's set to always so then it doesn't really matter you're always getting that data integrity uh so because i mean that's the whole you know point that we want that data integrity over performance anyway so in which case do set it to always put in your z-log or z-log drives and that's it um it should improve the performance over you know the normal synchronous rights but just not as much as it would if you disable the actual sync rights well thanks for making it to the end of this video i really do hope you found it useful if so then do click the like button and share because that encourages youtube's algorithm to suggest it to other people who might find it useful as well if you're new to the channel and you'd like to see more content like this then yeah do subscribe just remember to click the little bell icon though that way you'll get notifications when i send new content out if you've got any comments any suggestions if you want to leave any feedback at all please post that in the comment section below and if you'd like to support the channel i've left links to both patreon and paypal in the description below but above all thanks very much for watching i'll see you in the next video

Info

Channel: Tech Tutorials - David McKone

Views: 17,988

Rating: undefined out of 5

Keywords: Truenas nfs setup, Truenas nfs permissions, Truenas nfs xcp-ng, Truenas nfs tutorial, xcp-ng nfs storage, xcp-ng iso library, autofs nfs, autofs linux, autofs configuration in linux, autofs configuration in linux step by step, autofs nfs mount, ubuntu nfs mount, ubuntu nfs-common, ubuntu nfs client install, ubuntu autofs nfs, xcp-ng shared storage, truenas nfs share setup

Id: ySMitWnNxp4

Channel Id: undefined

Length: 78min 24sec (4704 seconds)

Published: Sat Aug 07 2021