Turning Proxmox Into a Pretty Good NAS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back everyone to Apple art teaches proxmox through useful applications today we're going to take this little Nas that we're running proxmox on and turn it back into a Nas I know shocking right so this started Life as a Nas we reformatted it and put proxmux on it and now we can't store files on it like an ass anymore just virtual machines sure would be nice if we could install sambar or something like that use this thing for file sharing now I know a bunch of people are gonna be like why don't you just pass through all your drives into true Nas and run true Nas and that just sounds kind of dumb to me because we have a perfectly working Linux system running ZFS why would we need to run a second Linux system running a second ZFS we can just share that ZFS pool right that's what we're going to do nice low overhead way getting file sharing in proxmox Via a container so come along on this adventure as we add file sharing to proxmox so we want to create file shares from our proxmox system and proxmox does not have a way to do this natively so we're going to create a container and then export that container storage over Samba or NFS and to help us out a little bit so we don't have to deal with Samba manually we're going to install a web GUI called cockpit cockpit is a pretty simple and easy to use web interface for servers and there are some modules available that will help us with Samba and NFS server management so to get started creating a container we first need a template to create the container from so a container is basically like a complete Linux system with its own networking users and file system but running within the same kernel as our root system so we'll start by taking any of our storages over here so local is a directory storage so it's available for CT templates that's what we need and we're going to click on templates and it'll show us a lot of the available templates we could download so sort by package and we want Debian 11 standard I'll just click on download there so what this just did is it downloaded a tar file that includes all of the root file system of a standard Debian system but without the kernel without the kernel modules because those are always inherited from The Host so now that we have this it's not even that big we can create a container from it and again a container is like a namespace within our system it's partitioned off but it's not running its own kernel it's not running its own drivers but it does have its own networking its own permissions things like that so we're going to call this file server and because we don't need to give it any special permissions on the host we're not accessing any hardware or anything like that we're going to say unprivileged container and this check box is a little bit misleading because when you check it it removes the Privileges from the container so when you uncheck it it makes the container privileged so we would like to leave this unprivileged which is the safest option and believe nesting enabled so what unprivileged does is it Maps the user IDs in the container to be at a really high number so normally the root user has access to everything and in a privileged container the root user in a container also has access to everything but with an unprivileged container the root user ends up at user ID 10 000. so they have no permissions at all in the host system they can't do anything so now we need to give our container a password and you should probably pick something secure but I didn't whatever now I can pick our template so I'm going to click local again because that's where I downloaded the template to pick our Debian 11 standard so disks the way I'm going to set this up this disk is only going to contain the operating system so it can be really small and I'm going to make it eight gigs and put it on the SSD storage because the operating system likes to be on Fast storage even though it's really just containing the system services we're going to add more storage for the actual storage we share over Samba later so for CPU unlike virtual machines this is more of a limit than an allocation so with virtual machines it'll tell the guest that it has two cores and it'll think it's running on a dual core machine with containers though it knows it's running on however many cars we actually have but it's only allowed to use two of them and same with memory this is more of a guideline and not a hard allocation so if we were to give a virtual machine a half gig of memory as soon as we started the virtual machine it's taking half a gig from our system and giving it to the VM and with ballooning it's possible to get some of it back we have all these hard allocated that memory to the virtual machine and with containers again it's more of a cap the container isn't allowed to use more than 512 Megs but if it's not using that then it goes back to the host and the kernel memory doesn't count here so in most cases you don't need much memory at all for containers and half a gig should be perfectly fine Network here like I said containers have their own networking so we do have to give them IP addresses in my case I'm going to leave it on the default ethernet and the default Bridge we haven't set anything else up yet on the ultimate Home Server so we have to give an IP address and a subnet mask and a gateway and then same for IPv6 and DNS usually I just leave it as use host settings but if you want the container to have its own DNS servers you can say that there and just to confirm we're going to go ahead so now it's done let's start it up it's not running there we go so unlike virtual machines this is more like a shell than a screen so the virtual machines this is a rendering of the screen image on the virtual machine but for containers this is actually something we can copy and paste into kind of like an SSH session but direct to The Container so now we can log in as root there we go we're on a Linux system like any other so a cockpit comes packaged with Debian so it's super easy to install but we have to enable the back ports repository to get a more recent version of cockpit or I guess we don't have to but we would like a more recent version of cockpit so we're going to enable backwards so we're going to edit the file Etsy apt sources.list and this is the file that tells the package installer on Deviant where it can look on the internet to get its packages so in this case we have three different repositories Debian Bullseye Maine Debbie and Bullseye updates Main and Debian Bullseye Security main and so we're going to add one more here we're just going to copy Debian Bullseye updates so dab debian.org Bush Debian bullseye Dash backwards and otherwise it looks the same as the other lines so back ports is basically a repository from the future version of Debian Bookworm where they're taking packages that work well there and compiling them for Bullseye so Bullseye people which is the latest release as of this video can get more up-to-date versions of packages so then we save yes then we'll do an apt update as we like to do and apt full upgrade and it probably won't have anything to upgrade because we just dialed with the template but we'll see if we have any updates to do nope no updates so now we can install cockpit so apt install and now we need to tell it to use the back ports repository because files in the back ports repository still have the same package name as they do in the regular Repository so we said s t Bullseye back ports that tells us to go to the back ports repository inside the normal one and then the package we want to install is cockpit and then the last thing is cockpit by default we'll install some modules used for administering Linux systems things like changing the hostname changing network settings and we don't want to include those because proxmox is already going to manage our host name in our network settings so we're going to say no install so dash dash no install recommends because those packages are separate packages from cockpit but they're recommended so apps will automatically install them because it thinks we probably want them to but we don't so we'll hit enter it'll say it'll take some space and we say yes and there we go so one last step before we can log in is we need to allow root login so there is a file called Etsy cockpit disallowed users and that contains users which are not allowed to log into cockpit and by default it includes root so since we're going to change some settings we're gonna get rid of that requirement so we can log in as root no need to restart anything just delete that it should be good so we navigate here to the IP address of our server colon Port 9090 we get the usual self-science certificate error we approve that and we log in and there we go we're in cockpit and as you can see we don't have a ton of modules here so we have user accounts and services but what we would really like is something to manage Samba so the three additional modules we're going to install are cockpit file sharing cockpit Navigator and cockpit identities so the first of these cockpit file sharing is designed to manage Samba and NFS so we get a web GUI to manage soundbot.fs pretty simple pretty useful the second one Navigator gives us a web browser to navigate the file system so this if depending on how you use it can kind of replace something like next Cloud it's just a handy way of looking at the files in the file system but I happen to go into the command line and the third one cockpit identities it's better than the default accounts because it can also manage some of the passwords because Samba keeps its own copy of passwords because it has to use Windows style password hashes so anyway we want to install all three of these and they all have release here so we're going to click on the latest release and go over here find the dev file and copy it and we're going to come back to our command line here and wget paste in the dev file then we'll do that for the other ones as well find the dev file copy it maybe you get it and the last one so we got the files downloaded now we can apt install dot slash so it's in the local directory star.net and it's going to sell a whole bunch of stuff now because it's going to sell Samba samba's big there we go so we got one Minor error here it's not exactly an error basically it said it couldn't delete the dev file when we were done because the user app is what actually did the install but the file is owned by root so that's not really a problem we'll just delete the files ourselves so without even refreshing we come back over here I guess we do have to refresh bam look at that new modules in cockpit isn't that fun so we click on Navigator here we can see the whole file system file sharing we could configure it's going to give us Sarah here it says some is misconfigured so we're going to click fix now and because we're root it'll fix it now and identities so now you will note we only have eight gigs of storage here so we need to add some storage so one of the magical things by using containers instead of virtual machines is we are really flexible and what we can change on the Fly I can go here and change the amount of memory it has that'll take effect immediately I can add new disks without having to do any hot swap or setting up Mount points ahead of time so in this case on This Server I have two different ZFS pools I have the SSD pool and the hard drive pool so what I could do is I could create a mount point on each of those and mount it into my file system then the container will have a amount of storage space in the ZFS file system on proxbox and so we're gonna do that so add mount point so I guess we'll do d-pool first which is our spinning drives will be Mount Point number zero we're going to mount it to Mount rust and how big do we want to get but this is again a quota not a size so ZFS on the host system is going to manage this file system and let's say I don't know one thousand sounds pretty good and how about we add another one on the ssds so click local ZFS I don't know give them 200 gigs mount fast boom stuff I go back in a navigator here mount you can see suddenly I got these two uh these two directories here so to manage our access I'm going to create a group of who has access to the spinning Rest Drive so we're going to create a new group and we're going to call it rust and I'll create one for the SSD too you can create as many of these as you want then I'm gonna go back to identities create a new user for myself appleard and login shell so it's very tempting to just say no login but if you use no login then the user can't log into cockpit itself which means they can't use Navigator so we're going to say bin bash for them and we're going to click the little plus button here to add a group and we will add these guys to rust users and SSD users to users trust users my face is in the way but if I have my face you can see the apply button there we go now we got to give our guy a password and it'll yell at you a lot if you don't give it a good password but we don't really care that much see doesn't mean the static requirements but we can click apply again and woo look at that one thing we can't Forget before we leave this page is our Samba password is different from our regular password this is going to drive you crazy there's nothing we can do about this Windows uses a different hash algorithm than Linux therefore the passwords have to be kept separately therefore Sam has his own password so we just set our Linux password now we need to set zombie password same rules apply if you have a weak password you can just double click apply there we go so now that we have some users and some groups we can make some file shares for them so coming over here to file sharing we can give our server a description and then we can come down and hit the little plus button so we'll call this rust spinning rust again if you want to use more fine-grained directories you can create a subdirectory or we can create a new Mount point up in proximox you create a separate amount point for each share if you want it's not a bad way to do it it's a pretty good way to do it uh we're going to say rust users and sell permissions so Windows has its own special way of doing access controls which is actually really quite good and NFS on Linux adopted Windows style ACLS but Linux itself did not so you most of the time you're going to want Windows ACLS and what this will do is this will tell Samba to completely ignore file permissions on the Linux system and manage permissions itself so if we check this box Windows ACLs all of the files on the Linux system will be owned by some user and we don't really care who that user is and Samba is going to keep track of access control on its own and manage that on its own that means that if you also want to access the same files from somewhere else you don't really know what the user is going to be the group is going to be on the Unix style permissions so the next option we have is Windows ACLS with Linux Mac support in this case Samba is going to try its best to map Windows permissions on to Linux permissions and it might do a good job or might not third option is to check this off entirely in which case we purely use Linux permissions and basically you're going to end up setting advanced settings here to say like I don't know create mask 066 or something like that and you're going to end up doing that on your own so what I recommend doing for most people is setting Windows ACLS unless you're also going to share the same share with NFS this is probably your best bet and then we hit click confirm and there we go so make another one for ssds there we go so now we got some shares so hop over here it asks you for your username and password you give it to it and you get logged in you also get your home directory which is kind of cool and uh be careful though because your home directory is going to be stored on slash home which is in the 8 gig root volume rust here let's make some file there we go we got our Navigator look at that we got a file that concludes our tutorial for today hopefully it worked out pretty well for you of course I got more tutorials with this little proxmox Nast coming along next up we're going to do jelly fin how does that sound to you guys don't forget to subscribe if you want to see that one as always I have a link to my Discord server down below if you want to chat with me or suggest any ideas for future videos there's probably going to be a blog post down there with some of the commands so there's not that many commands this time and as always I will see you on the next adventure
Info
Channel: apalrd's adventures
Views: 81,905
Rating: undefined out of 5
Keywords:
Id: Hu3t8pcq8O0
Channel Id: undefined
Length: 18min 31sec (1111 seconds)
Published: Thu Jan 26 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.