5. System

The System section of the administrative GUI contains these entries:

  • Information provides general FreeNAS® system information such as hostname, operating system version, platform, and uptime
  • General configures general settings such as HTTPS access, the language, and the timezone
  • Boot creates, renames, and deletes boot environments
  • Advanced configures advanced settings such as the serial console, swap space, and console messages
  • Email configures the email address to receive notifications
  • System Dataset configures the location where logs and reporting graphs are stored
  • Tunables provides a front-end for tuning in real-time and to load additional kernel modules at boot time
  • Update performs upgrades and checks for system updates
  • Alert Services configures services used to notify the administrator about system events.
  • CAs: import or create internal or intermediate CAs (Certificate Authorities)
  • Certificates: import existing certificates or create self-signed certificates
  • Support: report a bug or request a new feature.

Each of these is described in more detail in this section.

5.1. Information

System Information displays general information about the FreeNAS® system. An example is seen in Figure 5.1.1.

The information includes the hostname, the build version, type of CPU (platform), the amount of memory, the current system time, the system’s uptime, the number of users connected at the console or by serial, telnet, or SSH connections, and the current load average. On servers supplied or certified by iXsystems, an additional Serial Number field showing the hardware serial number is displayed.

To change the system’s hostname, click the Edit button, type in the new hostname, and click OK. The hostname must include the domain name. If the network does not use a domain name, add .local after the hostname.

_images/system-information.png

Fig. 5.1.1 System Information Tab

5.2. General

System General is shown in Figure 5.2.1.

_images/system-general.png

Fig. 5.2.1 General Screen

Table 5.2.1 summarizes the settings that can be configured using the General tab:

Table 5.2.1 General Configuration Settings
Setting Value Description
Protocol drop-down menu protocol to use when connecting to the administrative GUI from a browser; if modified from the default of HTTP to HTTPS or to HTTP+HTTPS, select the certificate to use in Certificate; if you do not have a certificate, first create a CA (in CAs), then the certificate itself (in Certificates)
Certificate drop-down menu required for HTTPS; browse to the location of the certificate to use for encrypted connections
WebGUI IPv4 Address drop-down menu choose from a list of recent IP addresses to limit the one to use when accessing the administrative GUI; the built-in HTTP server will automatically bind to the wildcard address of 0.0.0.0 (any address) and will issue an alert if the specified address becomes unavailable
WebGUI IPv6 Address drop-down menu choose from a list of recent IPv6 addresses to limit the one to use when accessing the administrative GUI; the built-in HTTP server will automatically bind to any address and will issue an alert if the specified address becomes unavailable
WebGUI HTTP Port integer allows configuring a non-standard port for accessing the administrative GUI over HTTP; changing this setting might also require changing a Firefox configuration setting
WebGUI HTTPS Port integer allows configuring a non-standard port for accessing the administrative GUI over HTTPS
WebGUI HTTP –> HTTPS Redirect checkbox when this box is checked, HTTP connections are automatically redirected to HTTPS if HTTPS is selected in Protocol, otherwise such connections will fail
Language drop-down menu select the localization from the drop-down menu and reload the browser; view the status of localization at pootle.freenas.org
Console Keyboard Map drop-down menu select the keyboard layout
Timezone drop-down menu select the timezone from the drop-down menu
Syslog level drop-down menu when Syslog server is defined, only logs matching this level are sent
Syslog server string IP address_or_hostname:optional_port_number of remote syslog server to send logs to; once set, log entries are written to both the console and the remote server

After making any changes, click the Save button.

This screen also contains these buttons:

Factory Restore: reset the configuration database to the default base version. However, this does not delete user SSH keys or any other data stored in a user’s home directory. Since any configuration changes stored in the configuration database will be erased, this option is useful when a mistake has been made or to return a test system to the original configuration.

Save Config: save a backup copy of the current configuration database in the format hostname-version-architecture to the computer accessing the administrative interface. Saving the configuration after making any configuration changes is highly recommended. FreeNAS® automatically backs up the configuration database to the system dataset every morning at 3:45. However, this backup does not occur if the system is shut down at that time. If the system dataset is stored on the boot pool and the boot pool becomes unavailable, the backup will also not be available. The location of the system dataset can be viewed or set using System System Dataset.

There are two types of passwords. User account passwords for the base operating system are stored as hashed values, do not need to be encrypted to be secure, and are saved in the system configuration backup. Other passwords, like iSCSI CHAP passwords or Active Directory bind credentials, are stored in an encrypted form to prevent them from being visible as plain text in the saved system configuration. The key or seed for this encryption is normally stored only on the boot device. When Save Config is chosen, a dialog gives the option to Export Password Secret Seed with the saved configuration, allowing the configuration file to be restored to a different boot device where the decryption seed is not already present. Configuration backups containing the seed must be physically secured to prevent decryption of passwords and unauthorized access.

Warning

The Export Password Secret Seed option is off by default and should only be used when making a configuration backup that will be stored securely. After moving a configuration to new hardware, media containing a configuration backup with a decryption seed should be securely erased before reuse.

Upload Config: allows browsing to the location of a previously saved configuration file to restore that configuration. The screen turns red as an indication that the system will need to reboot to load the restored configuration.

NTP Servers: The network time protocol (NTP) is used to synchronize the time on the computers in a network. Accurate time is necessary for the successful operation of time sensitive applications such as Active Directory or other directory services. By default, FreeNAS® is pre-configured to use three public NTP servers. If your network is using a directory service, ensure that the FreeNAS® system and the server running the directory service have been configured to use the same NTP servers.

Available NTP servers can be found at https://support.ntp.org/bin/view/Servers/NTPPoolServers. For time accuracy, choose NTP servers that are geographically close to the FreeNAS® system’s physical location.

NTP servers are added by clicking on NTP Servers Add NTP Server to open the screen shown in Figure 5.2.2. Table 5.2.2 summarizes the options available when adding an NTP server. ntp.conf(5) explains these options in more detail.

_images/ntp1.png

Fig. 5.2.2 Add an NTP Server

Table 5.2.2 NTP Servers Configuration Options
Setting Value Description
Address string name of NTP server
Burst checkbox recommended when Max. Poll is greater than 10; only use on your own servers i.e. do not use with a public NTP server
IBurst checkbox speeds the initial synchronization (seconds instead of minutes)
Prefer checkbox should only be used for NTP servers that are known to be highly accurate, such as those with time monitoring hardware
Min. Poll integer power of 2 in seconds; cannot be lower than 4 or higher than Max. Poll
Max. Poll integer power of 2 in seconds; cannot be higher than 17 or lower than Min. Poll
Force checkbox forces the addition of the NTP server, even if it is currently unreachable

5.3. Boot

FreeNAS® supports a ZFS feature known as multiple boot environments. With multiple boot environments, the process of updating the operating system becomes a low-risk operation. The updater automatically creates a snapshot of the current boot environment and adds it to the boot menu before applying the update. If the update fails, reboot the system and select the previous boot environment from the boot menu to instruct the system to go back to that system state.

Note

Boot environments are separate from the configuration database. Boot environments are a snapshot of the operating system at a specified time. When a FreeNAS® system boots, it loads the specified boot environment, or operating system, then reads the configuration database in order to load the current configuration values. If the intent is to make configuration changes rather than operating system changes, make a backup of the configuration database first using System General Save Config.

As seen in Figure 5.3.1, two boot environments are created when FreeNAS® is installed. The system will boot into the default boot environment and users can make their changes and update from this version. The other boot environment, named Initial-Install can be booted into if the system needs to be returned to a pristine, non-configured version of the installation.

If the Wizard was used, a third boot environment called Wizard-date is also created, indicating the date and time the Wizard was run.

_images/system-bootenv.png

Fig. 5.3.1 Viewing Boot Environments

Each boot environment entry contains this information:

  • Name: the name of the boot entry as it will appear in the boot menu.
  • Active: indicates which entry will boot by default if the user does not select another entry in the boot menu.
  • Created: indicates the date and time the boot entry was created.
  • Keep: indicates whether or not this boot environment can be pruned if an update does not have enough space to proceed. Click the entry’s Keep button if that boot environment should not be automatically pruned.

Highlight an entry to view its configuration buttons. These configuration buttons are shown:

  • Rename: used to change the name of the boot environment.
  • Keep/Unkeep: used to toggle whether or not the updater can prune (automatically delete) this boot environment if there is not enough space to proceed with the update.
  • Clone: used to create a copy of the highlighted boot environment.
  • Delete: used to delete the highlighted entry, which also removes that entry from the boot menu. Since you cannot delete an entry that has been activated, this button will not appear for the active boot environment. If you need to delete an entry that is currently activated, first activate another entry, which will clear the On reboot field of the currently activated entry. Note that this button will not be displayed for the default boot environment as this entry is needed in order to return the system to the original installation state.
  • Activate: only appears on entries which are not currently set to Active. Changes the selected entry to the default boot entry on next boot. Its status changes to On Reboot and the current Active entry changes from On Reboot, Now to Now, indicating that it was used on the last boot but will not be used on the next boot.

The buttons above the boot entries can be used to:

  • Create: a manual boot environment. A pop-up menu will prompt you to input a “Name” for the boot environment. When entering the name, only alphanumeric characters, underscores, and dashes are allowed.
  • Scrub Boot: can be used to perform a manual scrub of the boot devices. By default, the boot device is scrubbed every 35 days. To change the default interval, input a different number in the Automatic scrub interval (in days) field. The date and results of the last scrub are also listed in this screen. The condition of the boot device should be listed as HEALTHY.
  • Status: click this button to see the status of the boot devices. In the example shown in Figure 5.3.2, there is only one boot device and it is ONLINE.
_images/be2.png

Fig. 5.3.2 Viewing the Status of the Boot Device

If this system has a mirrored boot device and one of the boot devices has a Status of OFFLINE, click the device to replace, then click its Replace button to rebuild the boot mirror.

Note that you cannot replace the boot device if it is the only boot device as it contains the operating system itself.

Figure 5.3.3 shows a sample boot menu.

_images/be3c.png

Fig. 5.3.3 Boot Environments in Boot Menu

The first entry is the active boot environment, or the one that the system has been configured to boot into. To boot into a different boot environment, press the spacebar to pause this screen, use the down arrow to select Boot Environment Menu, and press Enter. A menu displays the other available boot environments. Use the up/down arrows to select the desired boot environment and press Enter to boot into it. To always boot into that boot environment, go to System Boot, highlight that entry, and click the Activate button.

5.3.1. Mirroring the Boot Device

If the system is currently booting from one device, you can add another device to create a mirrored boot device. This way, if one device fails, the system still has a copy of the boot file system and can be configured to boot from the remaining device in the mirror.

Note

When adding another boot device, it must be the same size (or larger) as the existing boot device. Different models of USB devices which advertise the same size may not necessarily be the same size. For this reason, it is recommended to use the same model of USB drive.

In the example shown in Figure 5.3.4, the user has clicked System Boot Status to display the current status of the boot device. The example indicates that there is currently one device, ada0p2, its status is ONLINE, and it is currently the only boot device as indicated by the word stripe. To create a mirrored boot device, click either the entry called freenas-boot or stripe, then click the Attach button. If another device is available, it appears in the Member disk drop-down menu. Select the desired device, then click Attach Disk.

_images/mirror1.png

Fig. 5.3.4 Mirroring a Boot Device

Once the mirror is created, the Status screen indicates that it is now a mirror. The number of devices in the mirror are shown, as seen in the example in Figure 5.3.5.

_images/mirror2.png

Fig. 5.3.5 Viewing the Status of a Mirrored Boot Device

5.4. Advanced

System Advanced is shown in Figure 5.4.1. The configurable settings are summarized in Table 5.4.1.

_images/system-advanced.png

Fig. 5.4.1 Advanced Screen

Table 5.4.1 Advanced Configuration Settings
Setting Value Description
Enable Console Menu checkbox unchecking this box removes the console menu shown in Figure 3.1
Use Serial Console checkbox do not check this box if the serial port is disabled
Serial Port Address string serial port address in hex
Serial Port Speed drop-down menu select the speed used by the serial port
Enable screen saver checkbox enable or disable the console screen saver
Enable powerd (Power Saving Daemon) checkbox powerd(8) monitors the system state and sets the CPU frequency accordingly
Swap size non-zero integer representing GB by default, all data disks are created with this amount of swap; this setting does not affect log or cache devices as they are created without swap
Show console messages in the footer checkbox display console messages in real time at bottom of browser; click the console to bring up a scrollable screen; check the Stop refresh box in the scrollable screen to pause updating and uncheck the box to continue to watch the messages as they occur
Show tracebacks in case of fatal errors checkbox provides a pop-up of diagnostic information when a fatal error occurs
Show advanced fields by default checkbox several GUI menus provide an Advanced Mode button to access additional features; enabling this shows these features by default
Enable autotune checkbox enables Autotune which attempts to optimize the system depending upon the hardware which is installed
Enable debug kernel checkbox when checked, next boot uses a debug version of the kernel
Enable automatic upload of kernel crash dumps and daily telemetry checkbox when checked, kernel crash dumps and telemetry (some system stats, collectd RRDs, and select syslog messages) are automatically sent to the development team for diagnosis
MOTD banner string message to be shown when a user logs in with SSH
Periodic Notification User drop-down menu user to receive security output emails; this output runs nightly but only sends an email when the system reboots or encounters an error
Remote Graphite Server hostname string IP address or hostname of a remote server running Graphite
Use FQDN for logging checkbox when checked, include the Fully-Qualified Domain Name in logs to precisely identify systems with similar hostnames

Click the Save button after making any changes.

This tab also contains this button:

Save Debug: used to generate a text file of diagnostic information. After the debug data is collected, the system prompts for a location to save the generated ASCII text file.

5.4.1. Autotune

FreeNAS® provides an autotune script which optimizes the system depending on the installed hardware. For example, if a ZFS volume exists on a system with limited RAM, the autotune script automatically adjusts some ZFS sysctl values in an attempt to minimize ZFS memory starvation issues. It should only be used as a temporary measure on a system that hangs until the underlying hardware issue is addressed by adding more RAM. Autotune will always slow such a system, as it caps the ARC.

The Enable autotune checkbox in System Advanced is unchecked by default. Check this box to run the autotuner at boot time. If you would like the script to run immediately, the system must be rebooted.

If the autotune script adjusts any settings, the changed values appear in System Tunables. These values can be modified and overridden. Note that deleting tunables that were created by autotune only affects the current session, as autotune-set tunables are recreated at boot.

When attempting to increase the performance of the FreeNAS® system, and particularly when the current hardware may be limiting performance, try enabling autotune.

For those who wish to see which checks are performed, the autotune script is located in /usr/local/bin/autotune.

5.5. Email

An automatic script sends a nightly email to the root user account containing important information such as the health of the disks. Alert events are also emailed to the root user account. Problems with Scrubs are reported separately in an email sent at 03:00AM.

Note

S.M.A.R.T. reports are mailed separately to the address configured in that service.

The administrator typically does not read email directly on the FreeNAS® system. Instead, these emails are usually sent to an external email address where they can be read more conveniently. It is important to configure the system so it can send these emails to the administrator’s remote email account so they are aware of problems or status changes.

The first step is to set the remote address where email will be sent. Select Users View Users, click on root to highlight that user, then click Change E-mail. Enter the email address on the remote system where email is to be sent, like admin@example.com.

Additional configuration is performed with System Email, shown in Figure 5.5.1.

_images/system-email.png

Fig. 5.5.1 Email Screen

Table 5.5.1 Email Configuration Settings
Setting Value Description
From email string the envelope From address shown in the email; this can be set to assist with filtering mail on the receiving system
Outgoing mail server string or IP address hostname or IP address of SMTP server to use for sending this email
Port to connect to integer SMTP port number, typically 25, 465 (secure SMTP), or 587 (submission)
TLS/SSL drop-down menu encryption type; choices are Plain, SSL, or TLS
Use SMTP Authentication checkbox enable/disable SMTP AUTH using PLAIN SASL; if checked, enter the required Username and Password
Username string enter the username if the SMTP server requires authentication
Password string enter the password if the SMTP server requires authentication
Password Confirmation string enter the same password again for confirmation

Click the Send Test Mail button to verify that the configured email settings are working. If the test email fails, double-check the destination email address by clicking the Change E-mail button for the root account in Account Users View Users. Test mail cannot be sent unless the root email address has been set.

Configuring email for TLS/SSL email providers is described in Are you having trouble getting FreeNAS to email you in Gmail?.

5.6. System Dataset

System System Dataset, shown in Figure 5.6.1, is used to select the pool which will contain the persistent system dataset. The system dataset stores debugging core files and Samba4 metadata such as the user/group cache and share level permissions. If the FreeNAS® system is configured to be a Domain Controller, all of the domain controller state is stored there as well, including domain controller users and groups.

Note

When the system dataset is moved, a new dataset is created and set active. The old dataset is intentionally not deleted by the system because the move might be transient or the information in the old dataset might be useful for later recovery.

_images/system-system-dataset.png

Fig. 5.6.1 System Dataset Screen

Note

Encrypted volumes are not displayed in the System dataset pool drop-down menu.

The system dataset can optionally be configured to also store the system log and Reporting information. If there are lots of log entries or reporting information, moving these to the system dataset will prevent /var/ on the device holding the operating system from filling up as /var/ has limited space.

Use the drop-down menu to select the ZFS volume (pool) to contain the system dataset. Whenever the location of the system dataset is changed, a pop-up warning indicates that the SMB service must be restarted, causing a temporary outage of any active SMB connections.

To store the system log on the system dataset, check the Syslog box.

To store the reporting information on the system dataset, check the Reporting Database box.

If you make any changes, click the Save button to save them.

If you change the pool storing the system dataset at a later time, FreeNAS® will automatically migrate the existing data in the system dataset to the new location.

Note

Depending on configuration, the system dataset can occupy a large amount of space and receive frequent writes. Do not put the system dataset on a flash drive or other media with limited space or write life.

5.7. Tunables

System Tunables can be used to manage the following:

  1. FreeBSD sysctls: a sysctl(8) makes changes to the FreeBSD kernel running on a FreeNAS® system and can be used to tune the system.
  2. FreeBSD loaders: a loader is only loaded when a FreeBSD-based system boots and can be used to pass a parameter to the kernel or to load an additional kernel module such as a FreeBSD hardware driver.
  3. FreeBSD rc.conf options: rc.conf(5) is used to pass system configuration options to the system startup scripts as the system boots. Since FreeNAS® has been optimized for storage, not all of the services mentioned in rc.conf(5) are available for configuration. Note that in FreeNAS®, customized rc.conf options are stored in /tmp/rc.conf.freenas.

Warning

Adding a sysctl, loader, or rc.conf option is an advanced feature. A sysctl immediately affects the kernel running the FreeNAS® system and a loader could adversely affect the ability of the FreeNAS® system to successfully boot. Do not create a tunable on a production system unless you understand and have tested the ramifications of that change.

Since sysctl, loader, and rc.conf values are specific to the kernel parameter to be tuned, the driver to be loaded, or the service to configure, descriptions and suggested values can be found in the man page for the specific driver and in many sections of the FreeBSD Handbook.

To add a loader, sysctl, or rc.conf option, go to System Tunables Add Tunable, to access the screen shown in seen in Figure 5.7.1.

_images/tunable.png

Fig. 5.7.1 Adding a Tunable

Table 5.7.1 summarizes the options when adding a tunable.

Table 5.7.1 Adding a Tunable
Setting Value Description
Variable string typically the name of the sysctl or driver to load, as indicated by its man page
Value integer or string value to associate with Variable; typically this is set to YES to enable the sysctl or driver specified by the “Variable”
Type drop-down menu choices are Loader, rc.conf, or Sysctl
Comment string optional, but a useful reminder for the reason behind adding this tunable
Enabled checkbox uncheck if you would like to disable the tunable without deleting it

Note

As soon as a Sysctl is added or edited, the running kernel changes that variable to the value specified. However, when a Loader or rc.conf value is changed, it does not take effect until the system is rebooted. Regardless of the type of tunable, changes persist at each boot and across upgrades unless the tunable is deleted or its Enabled checkbox is unchecked.

Any added tunables are listed in System Tunables. To change the value of an existing tunable, click its Edit button. To remove a tunable, click its Delete button.

Restarting the FreeNAS® system after making sysctl changes is recommended. Some sysctls only take effect at system startup, and restarting the system guarantees that the setting values correspond with what is being used by the running system.

The GUI does not display the sysctls that are pre-set when FreeNAS® is installed. FreeNAS® 11.0 ships with the following sysctls set:

kern.metadelay=3
kern.dirdelay=4
kern.filedelay=5
kern.coredump=1
kern.sugid_coredump=1
vfs.timestamp_precision=3
net.link.lagg.lacp.default_strict_mode=0
vfs.zfs.min_auto_ashift=12

Do not add or edit these default sysctls as doing so may render the system unusable.

The GUI does not display the loaders that are pre-set when FreeNAS® is installed. FreeNAS® 11.0 ships with these loaders set:

autoboot_delay="2"
loader_logo="freenas"
loader_menu_title="Welcome to FreeNAS"
loader_brand="freenas-brand"
loader_version=" "
kern.cam.boot_delay="30000"
debug.debugger_on_panic=1
debug.ddb.textdump.pending=1
hw.hptrr.attach_generic=0
vfs.mountroot.timeout="30"
ispfw_load="YES"
hint.isp.0.role=2
hint.isp.1.role=2
hint.isp.2.role=2
hint.isp.3.role=2
module_path="/boot/kernel;/boot/modules;/usr/local/modules"
net.inet6.ip6.auto_linklocal="0"
vfs.zfs.vol.mode=2
kern.geom.label.disk_ident.enable="0"
hint.ahciem.0.disabled="1"
hint.ahciem.1.disabled="1"
kern.msgbufsize="524288"
hw.usb.no_shutdown_wait=1

Do not add or edit the default tunables as doing so might make the system unusable.

The ZFS version used in 11.0 deprecates these tunables:

vfs.zfs.write_limit_override
vfs.zfs.write_limit_inflated
vfs.zfs.write_limit_max
vfs.zfs.write_limit_min
vfs.zfs.write_limit_shift
vfs.zfs.no_write_throttle

After upgrading from an earlier version of FreeNAS®, these tunables are automatically deleted. Please do not manually add them back.

5.8. Update

FreeNAS® has an integrated update system to make it easy to keep up to date.

5.8.1. Preparing for Updates

It is best to perform updates at times the FreeNAS® system is idle, with no clients connected and no scrubs or other disk activity going on. A reboot is required after most updates, so they are often planned for scheduled maintenance times to avoid disrupting user activities.

The update process will not proceed unless there is enough free space in the boot pool for the new update files. If a space warning is shown, use Boot to remove unneeded boot environments.

5.8.2. Updates and Trains

FreeNAS® is updated with signed update files. This provides flexibility in deciding when to upgrade the system with patches, new drivers, or new features. It also allows “test driving” an upcoming release. Combined with boot environments, new features or system patches can be tested while still being able to revert to a previous version of the operating system (see If Something Goes Wrong). Digital signing of update files eliminates the need to manually download both an upgrade file and the associated checksum to verify file integrity.

Figure 5.8.1 shows an example of the System Update screen.

_images/update1f.png

Fig. 5.8.1 Update Options

By default, the system automatically checks for updates and issues an alert when a new update becomes available. The automatic check can be disabled by unchecking Automatically check for updates.

This screen also shows which software branch, or train, is being tracked for updates. These trains are available:

For Production Use

  • FreeNAS-9.10-STABLE (Recommended)

    After testing, new fixes and features are added to this train. Selecting this train and applying any pending updates is recommended.

For Pre-Production Testing

  • FreeNAS-11-STABLE

    The train upon which upcoming 11-RELEASE and Release Candidates (RCs) are based. Until 11 is released, only use this train for testing.

  • FreeNAS-11-Nightlies

    Do not use this train in production. It is the experimental branch for the future 11 version and is meant only for bleeding edge testers and developers.

Legacy Versions

  • FreeNAS-9.3-STABLE

    Maintenance-only updates to the older version of FreeNAS®. Upgrading to FreeNAS-9.10-STABLE is recommended to ensure that the system receives bug fixes and new features.

Obsolete Versions

  • FreeNAS-9.10-Nightlies

    As of May 5, 2017, this train has been replaced by the FreeNAS-11-Nightlies train. Please switch to the FreeNAS-11-Nightlies train for active support.

To change the train, use the drop-down menu to make a different selection.

Note

The train selector does not allow downgrades. For example, the STABLE train cannot be selected while booted into a Nightly boot environment, or a 9.3 train cannot be selected while booted into a 9.10 boot environment. To go back to an earlier version after testing or running a more recent version, reboot and select a boot environment for that earlier version. This screen can then be used to check for updates that train.

This screen also shows the URL of the official update server. That information can be required when using a network with outbound firewall restrictions.

The Verify Install button verifies that the operating system files in the current installation do not have any inconsistencies. If any problems are found, a pop-up menu lists the files with checksum mismatches or permission errors.

5.8.3. Checking for Updates

Checking for updates by making sure the desired train is selected and clicking the Check Now button. Any available updates are listed. In the example shown in Figure 5.8.2, the numbers which begin with a # represent the bug report number from bugs.freenas.org. Numbers which do not begin with a # represent a git commit. Click the ChangeLog link to open the log of changes in a web browser. Click the ReleaseNotes link to open the Release Notes in the browser.

_images/update2a.png

Fig. 5.8.2 Reviewing Updates

5.8.4. Applying Updates

Make sure the system is in a low-usage state as described above in Preparing for Updates.

Click the OK button to download and apply the updates. Be aware that some updates automatically reboot the system after they are applied.

Warning

Each update creates a boot environment. If the update process needs more space, it attempts to remove old boot environments. Boot environments marked with the Keep attribute as shown in Boot will not be removed. If space for a new boot environment is not available, the upgrade fails. Space on the boot device can be manually freed using System Boot. Review the boot environments and remove the Keep attribute or delete any boot environments that are no longer needed.

Updates can also be downloaded and applied later. To do so, uncheck the Apply updates after downloading box before pressing OK. In this case, this screen closes after updates are downloaded. Downloaded updates are listed in the Pending Updates section of the screen shown in Figure 5.8.1. When ready to apply the previously downloaded updates, click the Apply Pending Updates button. Remember that the system might reboot after the updates are applied.

Warning

After updates have completed, reboot the system. Configuration changes made after an update but before that final reboot will not be saved.

5.8.5. Manual Updates

Updates can be manually downloaded as a file. These updates are then applied with the Manual Update button. After obtaining the update file, click Manual Update and choose a location to temporarily store the file on the FreeNAS® system. Use the file browser to locate the update file, then click Apply Update to apply it.

Manual update files can be identified by their filenames, which end in -manual-update-unsigned.tar.

Manual updates cannot be used to upgrade from older major versions.

5.9. Alert Services

FreeNAS® can use a number of methods to notify the administrator of system events that require attention. These events are system Alerts marked WARN or CRITICAL.

Currently available alert services:

Warning

These alert services might use a third party commercial vendor not directly affiliated with iXsystems. Please investigate and fully understand that vendor’s pricing policies and services before using their alert service. iXsystems is not responsible for any charges incurred from the use of third party vendors with the Alert Services feature.

Select System Alert Services to go to the Alert Services screen. Click Add Service to display the dialog shown in Figure 5.9.1.

_images/alertservice-add.png

Fig. 5.9.1 Add Alert Service

The Service Name drop-down menu is used to pick a specific alert service. The fields shown in the rest of the dialog change to those required by that service. Enter the required information, check the Enabled checkbox, then click OK to save the settings.

System alerts marked WARN or CRITICAL are sent to each alert service that has been configured and enabled.

Alert services can be deleted from this list by clicking them and then clicking the Delete button at the bottom of the window. To disable an alert service temporarily, click Edit and remove the checkmark from the Enabled checkbox.

5.9.1. How it Works

A nas-health service is registered with Consul. This service runs /usr/local/etc/consul-checks/freenas_health.sh periodically, currently every two minutes. If an alert marked WARNING or CRITICAL is found, the nas-health service is marked as “unhealthy”, triggering consul-alerts to notify configured alert services.

5.10. CAs

FreeNAS® can act as a Certificate Authority (CA). When encrypting SSL or TLS connections to the FreeNAS® system, either import an existing certificate, or create a CA on the FreeNAS® system, then create a certificate. This certificate will appear in the drop-down menus for services that support SSL or TLS.

For secure LDAP, the public key of an existing CA can be imported with Import CA, or a new CA created on the FreeNAS® system and used on the LDAP server also.

Figure 5.10.1 shows the screen after clicking System CAs.

_images/system-cas.png

Fig. 5.10.1 Initial CA Screen

If your organization already has a CA, the CA’s certificate and key can be imported. Click the Import CA button to open the configuration screen shown in Figure 5.10.2. The configurable options are summarized in Table 5.10.1.

_images/system-import-ca.png

Fig. 5.10.2 Importing a CA

Table 5.10.1 Importing a CA Options
Setting Value Description
Identifier string mandatory; enter a descriptive name for the CA using only alphanumeric, underscore (_), and dash (-) characters
Certificate string mandatory; paste in the certificate for the CA
Private Key string if there is a private key associated with the Certificate, paste it here
Passphrase string if the Private Key is protected by a passphrase, enter it here and repeat it in the “Confirm Passphrase” field
Serial string mandatory; enter the serial number for the certificate

To instead create a new CA, first decide if it will be the only CA which will sign certificates for internal use or if the CA will be part of a certificate chain.

To create a CA for internal use only, click the Create Internal CA button which will open the screen shown in Figure 5.10.3.

_images/system-create-internal-ca.png

Fig. 5.10.3 Creating an Internal CA

The configurable options are described in Table 5.10.2. When completing the fields for the certificate authority, supply the information for your organization.

Table 5.10.2 Internal CA Options
Setting Value Description
Identifier string required; enter a descriptive name for the CA using only alphanumeric, underscore (_), and dash (-) characters
Key Length drop-down menu for security reasons, a minimum of 2048 is recommended
Digest Algorithm drop-down menu the default is acceptable unless your organization requires a different algorithm
Lifetime integer in days
Country drop-down menu select the country for the organization
State string required; enter the state or province of the organization
Locality string required; enter the location of the organization
Organization string required; enter the name of the company or organization
Email Address string required; enter the email address for the person responsible for the CA
Common Name string required; enter the fully-qualified hostname (FQDN) of the FreeNAS® system

To instead create an intermediate CA which is part of a certificate chain, click the Create Intermediate CA button. This screen adds one more option to the screen shown in Figure 5.10.3:

  • Signing Certificate Authority: this drop-down menu is used to specify the root CA in the certificate chain. This CA must first be imported or created.

Any CAs that you import or create will be added as entries in System CAs. The columns in this screen indicate the name of the CA, whether it is an internal CA, whether the issuer is self-signed, the number of certificates that have been issued by the CA, the distinguished name of the CA, the date and time the CA was created, and the date and time the CA expires.

Clicking the entry for a CA causes these buttons to become available:

  • Export Certificate: prompts to browse to the location to save a copy of the CA’s X.509 certificate on the computer being used to access the FreeNAS® system.
  • Export Private Key: prompts to browse to the location to save a copy of the CA’s private key on the computer being used to access the FreeNAS® system. This option only appears if the CA has a private key.
  • Delete: prompts for confirmation before deleting the CA.

5.11. Certificates

FreeNAS® can import existing certificates, create new certificates, and issue certificate signing requests so that created certificates can be signed by the CA which was previously imported or created in CAs.

Figure 5.11.1 shows the initial screen if you click System Certificates.

_images/system-cert.png

Fig. 5.11.1 Initial Certificates Screen

To import an existing certificate, click the Import Certificate button to open the configuration screen shown in Figure 5.11.2. When importing a certificate chain, paste the primary certificate, followed by any intermediate certificates, followed by the root CA certificate.

The configurable options are summarized in Table 5.11.1.

_images/system-import-cert.png

Fig. 5.11.2 Importing a Certificate

Table 5.11.1 Certificate Import Options
Setting Value Description
Identifier string required; enter a descriptive name for the certificate using only alphanumeric, underscore (_), and dash (-) characters
Certificate string required; paste the contents of the certificate
Private Key string required; paste the private key associated with the certificate
Passphrase string if the private key is protected by a passphrase, enter it here and repeat it in the Confirm Passphrase field

To instead create a new self-signed certificate, click the Create Internal Certificate button to see the screen shown in Figure 5.11.3. The configurable options are summarized in Table 5.11.2. When completing the fields for the certificate authority, use the information for your organization. Since this is a self-signed certificate, use the CA that you imported or created using CAs as the signing authority.

_images/system-create-internal-cert.png

Fig. 5.11.3 Creating a New Certificate

Table 5.11.2 Certificate Creation Options
Setting Value Description
Signing Certificate Authority drop-down menu required; select the CA which was previously imported or created using CAs
Identifier string required; enter a descriptive name for the certificate using only alphanumeric, underscore (_), and dash (-) characters
Key Length drop-down menu for security reasons, a minimum of 2048 is recommended
Digest Algorithm drop-down menu the default is acceptable unless your organization requires a different algorithm
Lifetime integer in days
Country drop-down menu select the country for the organization
State string required; enter the state or province for the organization
Locality string required; enter the location for the organization
Organization string required; enter the name of the company or organization
Email Address string required; enter the email address for the person responsible for the CA
Common Name string required; enter the fully-qualified hostname (FQDN) of the FreeNAS® system

If you need to use a certificate that is signed by an external CA, such as Verisign, instead create a certificate signing request. To do so, click the Create Certificate Signing Request button. A screen like the one in Figure 5.11.3 opens, but without the Signing Certificate Authority field.

All certificates that you import, self-sign, or make a certificate signing request for will be added as entries to System Certificates. In the example shown in Figure 5.11.4, a self-signed certificate and a certificate signing request have been created for the fictional organization My Company. The self-signed certificate was issued by the internal CA named My Company and the administrator has not yet sent the certificate signing request to Verisign so that it can be signed. Once that certificate is signed and returned by the external CA, it should be imported using the Import Certificate button so that is available as a configurable option for encrypting connections.

_images/system-certs-manage.png

Fig. 5.11.4 Managing Certificates

Clicking an entry activates these configuration buttons:

  • View: once a certificate is created, it cannot be edited. The Name, Certificate, and Private Key fields can be viewed. If a certificate must be changed, Delete and recreate it.
  • Export Certificate saves a copy of the certificate or certificate signing request to the system being used to access the FreeNAS® system. For a certificate signing request, send the exported certificate to the external signing authority so that it can be signed.
  • Export Private Key saves a copy of the private key associated with the certificate or certificate signing request to the system being used to access the FreeNAS® system.
  • Delete is used to delete a certificate or certificate signing request.

5.12. Support

The FreeNAS® Support tab, shown in Figure 5.12.1, provides a built-in ticketing system for generating bug reports and feature requests.

_images/system-support.png

Fig. 5.12.1 Support Tab

This screen provides a built-in interface to the FreeNAS® bug tracker located at bugs.freenas.org. If you have not yet used the FreeNAS® bug tracker, you must first go to that website, click the Register link, fill out the form, and reply to the registration email. This will create a username and password which can be used to create bug reports and receive notifications as the reports are actioned.

Before creating a bug report or feature request, ensure that an existing report does not already exist at bugs.freenas.org. If you find a similar issue that is not yet marked as closed or resolved, add a comment to that issue if you have new information to provide that can assist in resolving the issue. If you find a similar issue that is marked as closed or resolved, you can create a new issue and refer to the earlier issue number.

Note

If you are not updated to the latest version of STABLE, do that first to see if it resolves your issue.

To generate a report using the built-in Support screen, complete the following fields:

  • Username: enter the login name created when registering at bugs.freenas.org.
  • Password: enter the password associated with the registered login name.
  • Type: select Bug when reporting an issue or Feature when requesting a new feature.
  • Category: this drop-down menu is empty a registered “Username” and “Password” are entered. An error message is displayed if either value is incorrect. After the Username and Password are validated, possible categories are populated to the drop-down menu. Select the one that best describes the bug or feature being reported.
  • Attach Debug Info: it is recommended to leave this box checked so that an overview of the system’s hardware, build string, and configuration is automatically generated and included with the ticket.
  • Subject: input a descriptive title for the ticket. A good Subject makes it easy for you and other users to find similar reports.
  • Description: input a 1 to 3 paragraph summary of the issue that describes the problem, and if applicable, what steps one can do to reproduce it.
  • Attachments: this is the only optional field. It is useful for including configuration files or screenshots of any errors or tracebacks.

Once you have finished completing the fields, click the Submit button to automatically generate and upload the report to bugs.freenas.org. A pop-up menu provides a clickable URL so to view status or add additional information to the report.