Configuring TrueNAS NFS Share for XCP-ng

Рет қаралды 13,610

Күн бұрын

lawrence.video/xcp-ng
XCP-ng Networking Explained
• XCP-ng Networking Expl...
iSCSI VS NFS
forums.lawrencesystems.com/t/...
ZFS is a COW
• Why The ZFS Copy On Wr...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag/
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
Chapters
00:00 TrueNAS NFS Share for XCP-ng
01:49 Creating Dataset, Permissions and NFS Share
03:00 Add NFS Shared Storage in XCP-ng
03:45 ZFS and SYNC risks
06:14 NFS and IP Security
07:02 Speed Difference with SYNC
08:44 NFS and Dedicated Storage Network

Пікірлер: 44

@GennPen 4 ай бұрын

As an option, in order not to disable SYNC in NFS, you can enable the cache on virtual disk (for example, Proxmox allows this). This gives better read and write performance.

@AlexDiamantopulo 4 ай бұрын

Exactly what I needed! I just asked you this question yesterday... WOW! Thanks so much!

@jdmcivicrrr 4 ай бұрын

Thanks for making these TrueNAS Scale tutorials ❤

@toddreed1160 4 ай бұрын

Tutorials Time. Nice.

@adam872 3 ай бұрын

I've always used NFS for hypervisor storage sharing when the option has been available. It's simple and has thin provisioning out of the box. I've also never seen any performance issues with the production workloads. The convenience and supportability of NFS has over time been more beneficial than any performance gains iSCSI or other methods have provided, in my experience.

@SyberPrepper 4 ай бұрын

Super helpful video Tom. Separate storage network is always high on my list. Thanks for the pros and cons of the NFS syncing.

@plrpilot 4 ай бұрын

Thank you for creating this!

@akurenda1985 4 ай бұрын

Thank you for this!

@greghintz1848 3 ай бұрын

You are the best thank you!

@sinisterpisces Ай бұрын

This is an awesome video. I know it's aimed at XCP-ng users, but the TrueNAS side of things is a great starting point as well. In particular, TrueNAS Scale, as of Wednesday, June 26, 2024, doesn't make it obvious in the UI that the generic template is the best dataset template for NFS use. Since NFS is meant for *nix filesystems and the generic permissions are generic unix permissions, it's implied, but if you don't know that, it's not super-clear. One of those little details that makes the learning curve a bit steeper than it needs to be, but that will hopefully be fixed with a minor adjustment to the UI someday. :) Though, I'm curious about one point: was there a reason you avoided using ACLs for the NFS share?

@xtornado123 4 ай бұрын

Recently i was helping my friend to set up truenas enterprise that they company bought. It is connected to two switches that running mlag between them over 2x40G qsfp (mikrotik CRS326-24S+2Q+RM) yes mikrotik and works excellent for holding l2 over mlag. On truenas was bond 2X10G to each of switch and create 4 vlan tags over that: -mgmt vlan -nfs vlan proxmox for vm storage -nfs vlan vm nsf shares for db puroposes (vm is only boot drive and nfs mount is for db data and logging) with optimized block sizes -smb vlan And have restrictions for each segment per ip, and fw isolation between vlan so nothing cannot talk with each other. Was do not noticed any slowdowns regarding additional tagging. Running all on 1500 MTU but will try jumbo frame scenario also. Truenas backup server for replication is ongoing process , it will be truenas scale vm with HBA passthrough. Was setup this after inspirations from your truenas video series, thank you for all of that You are true truenas ambasador :)

@MrDukeLeto 4 ай бұрын

Hi Tom! Thanks for a new great video and your contribution to the popularity of XCP-ng. When you showed your network adapters attached to the storage network, I noticed that the MTU is set to 1500 bytes. Did you try to set it to 9000 bytes? Was there some performance advantage? Sorry if you already answered to this question in another video.

@LordSaliss 4 ай бұрын

Ya, 9000 Jumbo Frames on the LAN can boost NFS a lot since it means NFS traffic fits in a single packet now (8192 bytes). It greatly boosts the NFS efficiency.

@LAWRENCESYSTEMS 4 ай бұрын

It's not a substantial performance boost on modern systems, so I leave it at 1500.

@darrellpatenaude3825 4 ай бұрын

Thanks I was wondering how to do this. I'll try this when I get home from work

@darrellpatenaude3825 4 ай бұрын

i enter my server ip and click the search and I get an error Server Detecton Cannot read properties of undefined (reading "Export")

@darrellpatenaude3825 4 ай бұрын

So because I am hosting Truenas Scale Xen Orchestra web client on my server which has the same IP as my nfs share it wont work. Any work arounds? I tried this on my backup sever and it worked right away.

@lorenzomainini425 4 ай бұрын

Great Timing! i was just about to do something like that. I deployed a Trunas and I want to create 2 dataset: 1 for xcpng vm storage to set HA and one for the file share of the AD to manage with the file server role on windows server. Do you have anything to suggest for the latter? When adding the NFS share to xcpng though it returns a "SR_BACKEND_FAILURE_73(, NFS mount error [opterr=mount failed with return code 32], )" error, i think i gotta dig deep. EDIT: I thought it was going to be harder, for TrueNAS core apparently the "All dirs" checkbox in the NFS share settings has to be selected because xcpng like to mount subdirs.

@rudypieplenbosch6752 4 ай бұрын

Interesting, i never considered this 🤔

@mspencerl87 4 ай бұрын

NFS can either have synchronous or asynchronous writes via the NFS client. It seems not all softwares/ vendors have the same defaults so there's a chance whatever NFS client is writing to an NFS share can also have sync or a sync enabled or disabled. Do you know what XCPNG does by default? If it does synchronous by default then it may not even be necessary on the NAS

@LAWRENCESYSTEMS 4 ай бұрын

As far as I know XCP-ng is SYNC writes by default.

@bzmrgonz 4 ай бұрын

Lawrence, what about minIO in the mix.. please do a 3 box setup talk buddy (xcp-ng + truenas + minIO ). I think this is a solid enterprise level core setup.

@LAWRENCESYSTEMS 4 ай бұрын

I have a Minio video kzfaq.info/get/bejne/q6-dZ5SBza2pl4U.html

@bzmrgonz 4 ай бұрын

@@LAWRENCESYSTEMS will look at it buddy, but can you work on something to explain how it works in terms of convergence and backup solutions. But also the fact that lots of tech (databases included) are now reading straight to s3.

@FTLN 4 ай бұрын

Hey Tom, why so slow with NFS Sync disabled, shouldnt you be getting close to wire speed ?

@LAWRENCESYSTEMS 4 ай бұрын

Sync writes are not about wire speed as much about how fast the data can be written and validated

@FTLN 4 ай бұрын

@@LAWRENCESYSTEMS This is what I get with Sync disable on 10G link: 4294967296 bytes (4.3 GB, 4.0 GiB) copied, 4.537 s, 947 MB/s , seems you are getting only around 500 MB/s , I think something not quite right with your XCP-ng or you are running slow pool.

@FTLN 4 ай бұрын

@@LAWRENCESYSTEMS I get wirespeed over NFS from Proxmox to Truenas with sync disabled on a 10G network using your script. Any reason XCP-ng is only around 500 MB/s. Are these your nested XCP-ng hosts , maybe that impacts performance slightly...

@darrellpatenaude3825 4 ай бұрын

Running Xen Orchestra on Truenas Scale app, has the same IP as truenas scale and I can't connect NFS Share because of same IP

@darrellpatenaude3825 4 ай бұрын

I figured this issue out. My backup server was running the Dragonfish beta. my main server was on the normal. When I upgraded my main server to Dragonfish RC it started working. Interesting

@succubiuseisspin3707 4 ай бұрын

Is there any way to build an active-active-HA setup for VM Storage with TrueNAS?

@LAWRENCESYSTEMS 4 ай бұрын

Yes, with IXSystems hardware.

@kimjiu1794 4 ай бұрын

TrueNAS to Debian. What your opinion?

@LAWRENCESYSTEMS 4 ай бұрын

I like TrueNAS and I like Debian.

@0r_1x 4 ай бұрын

@@LAWRENCESYSTEMS TrueNAS is Debian 12 after all! But vanilla Debian and TrueNAS each have their own purpose. This question is like asking Hammer vs Drill, different tools for different jobs.

@zyghom 4 ай бұрын

if you use compress on the dataset if=/dev/zero will make the writes almost non existent (probably better would be /dev/random)- my dd shows 3GB/s on SSD pool (dev/random shows 260MB/s) and 1GB/s on HDD pool (dev/random shows 250MB/s), but what do I know ;-)

@James-xg4jr 4 ай бұрын

Worth noting that XO should also have a NIC on the storage network.

@LAWRENCESYSTEMS 4 ай бұрын

Which is why I pointed that out in the video.

@James-xg4jr 4 ай бұрын

must have missed it lol =]@@LAWRENCESYSTEMS

@James-xg4jr 4 ай бұрын

definitely missed the last 2 min =].....tom always covers all the bases@@LAWRENCESYSTEMS

@TheChadXperience909 4 ай бұрын

MAC or IP filtering are but a mechanism to prevent automated systems from connecting to resources you don't want them to. It's so trivial to circumvent, and you shouldn't consider it to be any form of security feature, at all. It's not even worth considering. If you want security, you need authentication, which you simply can't do with NFS. NFS is not secure, and you should never use it over a hostile network. It's best to think of NFS and iSCSI like direct attached storage, but over a network. It has zero protection from attack. Anybody can easily spoof a MAC, IP or User ID. Especially, when it's all transmitted in the plaintext. It's like hiding your SSID. These things are to prevent machines from talking to things you don't want them to, unless they are purposely programmed to do so. They are not secure.

@LAWRENCESYSTEMS 4 ай бұрын

Well, as I suggested, NFS should be on it's own network.

@TheChadXperience909 4 ай бұрын

@@LAWRENCESYSTEMS Very true.