Truenas permissions for xcp-ng

Computer Hardware & Server Infrastructure Builds
1

I’m admittedly new to TrueNAS. I’m currently using TrueNAS Scale 22.12.4.2 and this is running on a TrueNAS-mini-r.

I’m trying to figure out the recommended way to set up datasets/permissions/shares for mostly ISO and VM usage for multiple xcp-ng, proxmox and vm esxi hosts. I’m mostly familiar with xcp-ng, so I started there.

I created some basic datasets and created both SMB and NFS shares to see which one would work best. However, in doing this, I’m pretty sure I screwed up my permissions royally. When trying to create a store for xcp-ng to store my VMs, xcp-ng connects, but when I try to create a VM, XO fails to create the VM due to permissions. This is admittedly where I probably screwed up, but I have even tried to give the share root permissions (it’s a lab unit and I can reset it all when I’m done). I still get those errors, though.

What type of share is recommended? NFS or SMB? I realize that there are performance issues not utilizing iSCSI, but I need to share these VMs between multiple hosts at different times, which limits me somewhat.

Once I create them, what is the best practice on setting permissions for this?

And is there an easy way to reset permissions back to a good starting point without having to reimage the machine?

Is there a video that shows best practices on how to set this up? I’ve watched Tom’s videos on TrueNAS, but it assumes a base level of knowledge that I evidently don’t have.

Lots of questions, so I may have to break this out into another post, but I’m starting here first…

2

SMB for VM storage is only available in the 8.3 Beta, it’s not an approved method yet. Approved is NFS or iSCSI for the time being.

SMB can be used (with user/pass) for ISO storage.

Somewhere Tom has a video on the storage side of things which includes permissions for the shares. I can tell you that I normally mess them up at least once before I get the settings right, one of those things where I don’t configure it often enough to remember every detail.

3

There is not really much performance difference between NFS and iSCSI in TrueNAS. Setting up NFS is easy:

Dataset ACL type: generic
Owner: root
Group: root
Unix Permissions

Read Write Execute
User :ballot_box_with_check: :ballot_box_with_check: :ballot_box_with_check:
Group :ballot_box_with_check: :ballot_box_with_check: :ballot_box_with_check:
Other :ballot_box_with_check: :ballot_box_with_check: :ballot_box_with_check:

For security you should have storage on it’s own network and you can restrict NFS by allowing by Host/IP under advanced.

4

Thank you! I had not set the owner/group to root. I was trying to set them to the same user/group that was working for the dataset the NFS share was pointing to. I’m still not sure why that doesn’t work, but it doesn’t (at least for me). Setting these to root/wheel resolved the issue and everything is working.

I’m using FOG for imaging/reimaging machines (I’m doing performance comparisons and have to revert at times), and this was the last piece I was missing for my TrueNAS installation.

If you haven’t looked at FOG, I’d recommend it. It’s pretty cool.

Thanks for the tip – saved my day.

5

I’ve been interested in FOG for a while, but never had time to really look at it. I’m using Windows WDS right now, but ability to boot a system into Linux would be nice.