Leaderboard

Popular Content

Showing content with the highest reputation since 04/26/22 in all areas

  1. Refer to Summary of New Features for an overview of changes since version 6.9. To upgrade: First create a backup of your USB flash boot device: Main/Flash/Flash Backup If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer.plg Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. @JorgeB for rigorous testing of storage subsystem
    31 points
  2. Listening to the Community we decided to remove the requirement for all users to register their server with an Unraid.net account. Making use of the My Servers plugin, providing a growing number of online-enabled features, does still require use of an Unraid.net account. Upon upgrade to this release, users who currently have the My Servers plugin installed should upgrade the plugin on their server(s). Servers without the plugin will no longer need, or be able to sign in to Unraid.net and as timeouts kick in, they will automatically be removed from the My Servers Dashboard and disassociated with your Unraid.net account. To continue using the My Servers Dashboard please install the My Servers plugin. Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc5 2022-04-26 (vs. 6.10.0-rc4) Base distro: at: version 3.2.3 bind: version 9.16.27 btrfs-progs: version 5.16 ca-certificates: version 20220403 ethtool: version 5.16 eudev: version 3.2.11 git: version 2.35.3-x86_64-1 (CVE-2022-24765) glib2: version 2.70.3 glibc-zoneinfo: version 2022a gzip: version 1.12-x86_64-1 (CVE-2022-1271) haveged: [removed] hdparm: version 9.63 iproute2: version 5.16.0 libarchive: version 3.6.1-x86_64-1 libgpg-error: version 1.44 libunwind: version 1.6.2 libwebp: version 1.2.2 libxml2: version 2.9.13 libxslt: version 1.1.35 openssl: version 1.1.1n openssl-solibs: version 1.1.1n p11-kit: version 0.24.1 pango: version 1.48.11 sudo: version 1.9.9 tdb: version 1.4.6 util-linux: version 2.37.4 wsdd2: version 20111022 build 2 xz: version 5.2.5-x86_64-4 (CVE-2022-1271) zlib: version 1.2.12 zstd: version 1.5.2 Linux kernel: Linux 5.15.35-Unraid added CONFIG_USB_RTL8152: Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Management: emhttpd: fix btrfs pool device replace still showing 'missing' rc.docker: fix startup network race condition rc.libvirt: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state rc.nginx: read IP address from management interfact (eth0) only rc.samba: disable SMB Multi Channel by default; add control to Settings/SMB Settings page ttyd: fix garbled text in local FireFox Termainl windows upc: refactor(upc):base-6.10 remove sign in requirement webgui: improve: Highlight selected row when hovering over array or shares webgui: Right-clicking or long-clicking a menu item should open the selected menu webgui: Make links in help text standout (red) webgui: Update Outlook/Hotmail smtp settings webgui: UpdateDNS to prefer IPv4 first and then IPv6 webgui: Allow simultaneous log and console windows for containers webgui: Fixed: missing samesite attribute in cookies webgui: WireGuard: user nginx settings and unraid.net api webgui: Parity: shown duration time excluding idle time webgui: Miscellaneous updates and fixes webgui: fix: password lockouts not being cleared properly webgui: Support future T2FA webgui: Expand file type icon selection webgui: Show IP on VM Manager VM Page webgui: Docker: Silence PHP errors when editing a template if corruption exists webgui: Fixed PHP errors for share and disk calculations webgui: Main page - lower table update frequency for better responsiveness of links webgui: Change page switching to better suit Safari on mobile devices webgui: Set Main page update frequency to 1s for better support of mobile devices webgui: Docker settings: suppress browser presets webgui: Lower update frequency of monitor function to better suit mobile devices webgui: Docker: fixed list display in fixed view mode webgui: Docker: fixed header display causes gap webgui: WireGuard updates: Make import config file of VPN providers more robust. Add tunnel routing for docker containers Automatically make the WG tunnel available to containers (custom network) webgui: WireGuard: Introduce new network modes: VPN tunneled access for system VPN tunneled access for docker webgui: WireGuard: Add warning when tunnel deletion fails webgui: WireGuard: use kill switch when tunnel inactive webgui: Docker: add route for remote WireGuard access Containers with network 'br0' can be remotely accessed by WireGuard without the need to configure static routes on the home router (gateway) "Host access to custom networks" must be enabled to allow access webgui: WireGuard: add logic to recreate networks after reboot webgui: Docker: add route for remote WireGuard access webgui: Wireguard: make management interface seletable Defaults to eth0 - future expansion webgui: Docker: add wireguard description in network selection webgui: diagnostics: fix: anonymize myunraid.net urls webgui: BTRFS balance: fix recommendation message when volume is empty webgui: Log docker icon download failures webgui: Docker: add description to all custom networks webgui: Management: fix ports in use check webgui: Fixed: specific disk settings for pool devices only
    20 points
  3. This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc6 2022-05-04 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1
    13 points
  4. LXC LXC is a well-known Linux container runtime that consists of tools, templates, and library and language bindings. It's pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel. This plugin doesn't include the LXD provided CLI tool lxc! This allows you basically to run a isolated system with shared resources on CLI level (without a GUI) on Unraid which can be deployed in a matter of seconds and also allows you to destroy it quickly. Please keep in mind that if you have to set up everything manually after deploying the container eg: SSH access or a dedicated user account else than root ATTENTION: This plugin is currently in development and features will be added over time. LIMITATIONS: Distributions which use systemd (Ubuntu, Debian Bookworm+,...) will not work or not work properly currently. Install LXC from the CA App: Go to the Settings tab in Unraid an click on "LXC" Enable the LXC service, select the default storage path for your images (this path will be created if it doesn't exist and it always needs to have a trailing / ) and click on "Update": ATTENTION: - It is strongly recommended that you are using a real path like "/mnt/cache/lxc/" or "/mnt/diskX/lxc/" instead of a FUSE "/mnt/user/lxc/" to avoid slowing down the entire system when performing heavy I/O operations in the container(s) and to avoid issues when the Mover wants to move data from a container which is currently running. - It is also strongly recommended to not share this path over NFS or SMB because if the permissions are messed up the container won't start anymore and to avoid data loss in the container(s)! - Never run New Permissions from the Unraid Tools menu on this directory because you will basically destroy your container(s)! Now you can see the newly created directory in your Shares tab in Unraid, if you are using a real path (what is strongly recommended) weather it's on the Cache or Array it should be fine to leave the Use Cache setting at No because the Mover won't touch this directory if it's set to No: Now you will see LXC appearing in Unraid, click on it to navigate to it Click on "Add Container" to add a container: On the next page you can specify the Container Name, the Distribution, Release, MAC Address and if Autostart should be enabled for the container, click on "Create": You can get a full list of Distributions and Releases to choose from here The MAC Address will be generated randomly every time, you can change it if you need specific one. The Autostart checkbox let's you choose if the container should start up when the Array or LXC service is started or not (can be changed later). In the next popup you will see information about the installation status from the container (don't close this window until you see the "Done" button) : After clicking on "Done" and "Done" in the previous window you will be greeted with this screen on the LXC page, to start the container click on "Start": If you want to disable the Autostart from the container click on "Disable" and the button will change to "Enable", click on "Enable" to enable it again. After starting the container you will see several information (assigned CPUs, Memory usage, IP Address) about the container itself: By clicking on the container name you will get the storage location from your configuration file from this container and the config file contents itself: For further information on the configuration file see here Now you can attach to the started container by clicking the Terminal symbol in the top right corner from Unraid and typing in lxc-attach CONTAINERNAME /bin/bash (in this case lxc-attach DebianLXC /bin/bash): You can of course also connect to the container without /bin/bash but it is always recommended to connect to the shell that you prefer Now you will see that the terminal changed the hostname to the containers name this means that you are now successfully attached to the shell from the container and the container is ready to use. I recommend to always do a update from the packages first, for Debian based container run this command (apt-get update && apt-get upgrade): Please keep in mind that this container is pretty much empty and nothing else than the basic tools are installed, so you have to install nano, vi, openssh-server,.. yourself. To install the SSH Server (for Debian based containers) see the second post.
    12 points
  5. Woohoo! Thank you to the entire community for the bug reports, suggestions, and overall positive vibes along the way. The Unraid 6.10.0 Release Blog with all of the major highlights is here:
    11 points
  6. You should only need to go to Tools/UpdateOS and switch to the Stable branch to see the update. Sure there are still some outstanding issues and we'll continue to monitor here. Please upgrade and switch to Stable Bug Reports board for new issues.
    10 points
  7. This release includes some bug fixes and update of base packages. Notable changes: correct device status handling for single-slot pools collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore WireGuard: fixed proper handling of ipv4 + ipv6 tunnels A few security related base package updates Added BPF support in the Linux kernel Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. @JorgeB for rigorous testing of storage subsystem Version 6.10.0-rc8 2022-05-10 (vs. 6.10.0-rc7) Base distro: libxml2: version 2.9.14 (CVE-2022-29824) openssl: version 1.1.1o (CVE-2022-1292) openssl-solibs: version 1.1.1o Linux kernel: Linux 5.15.38-Unraid enable BPF kernel options (user request): CONFIG_BPF_SYSCALL: Enable bpf() system call CONFIG_BPF_JIT: Enable BPF Just In Time compiler CONFIG_BPF_JIT_ALWAYS_ON: Permanently enable BPF JIT and remove BPF interpreter CONFIG_NET_CLS_BPF: BPF-based classifier CONFIG_NET_CLS_ACT: Actions CONFIG_NET_ACT_BPF: BPF based action CONFIG_IKHEADERS: Enable kernel headers through /sys/kernel/kheaders.tar.xz CONFIG_NET_SCH_SFQ: Stochastic Fairness Queueing (SFQ) CONFIG_NET_ACT_POLICE: Traffic Policing CONFIG_NET_ACT_GACT: Generic actions CONFIG_GACT_PROB: Probability support CONFIG_NET_SCH_INGRESS: Ingress/classifier-action Qdisc CONFIG_CGROUP_BPF: Support for eBPF programs attached to cgroups Management: emhttpd: correct device status handling for single-slot pools emhttpd: collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore webgui: WireGuard: fixed proper handling of ipv4 + ipv6 tunnels webgui: Font files update clear-sans --> source sans pro bitstream --> source code pro webgui: Remove deprecated font extensions: eot, svg, ttf webgui: Cleanup styles folder webgui: Update css files to use woff and woff2 formats only webgui: Fixed balance/scrub schedule not saved when device name has "-" in it webgui: Fix side bar of themes azure/gray in firefox webgui: chore(upc): ENOKEYFILE2 message translation
    8 points
  8. Awesome work by the team and just reiterating what @SpencerJ said above: THANK YOU to everyone who has helped test and report bugs for us! You guys are all rockstars!!
    8 points
  9. This release corrects an issue in -rc6 where both the Intel out-of-tree ixgbe module (10Gbit Network driver) and the in-tree ixgbe module were included in the build. At system start time, the Intel driver was preferred. It was our intent to remove this driver and revert to the in-tree version, but a flaw in our build process permitted inclusion of both. This has been corrected in this release, and there are no other changes. If you have upgraded to -rc6 and you do not use Intel 10Gbit network driver there is no need to upgrade to this release. This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc7 2022-05-05 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver [-rc7] Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1
    8 points
  10. OK. Not that I use this plugin, but I have forked it so that the logs and the context menus appear. I have temporarily removed the dashboard part of things until I get more time to look at it's display aberrations. Going forward, so long as explicit directions are made as to how to replicate issues on 6.10 I will attempt to fix, but no guarantees will be made, and my goal here is not to continue development on this plugin, but to simply keep it in the same rough state as it was left in when the author stopped development. You will need to uninstall the version from Guild Darts and then reinstall the forked version. I would suggest making a backup of the folder.json file within /config/plugins/docker.folder on the flash drive. If you don't do this, then you will need to recreate your folders.
    6 points
  11. The newest release 4.1 and 4.0 added influxdb among other changes and the container template on the community applications page needs to be updated accordingly. You can change the repository field to "lscr.io/linuxserver/scrutiny:8e34ef8d-ls35" until it gets updated.
    6 points
  12. Sounds like a new poll topic: Are you an Innie or an Outie? 😜
    6 points
  13. I would recommend anyone running a HP MicroServer Gen8 to not update for now, there have been multiple cases of filesystem corruption after updating, with both XFS and btrfs, looks like the hardware doesn't get along with the new kernel, not clear if it's all models in general or just some specific BIOS/CPU combos, so if anyone updated without issues please post here. Edit to add: The ones I found so far were all using Xeon CPUs with Intel VT-D (IOMMU) enable, I have a suspicion the problem is related to this, it's causing some kind of kernel memory corruption so if you're running one of these with a Pentium or I3 CPU (or a Xeon with VT-D disable) you might be OK. See here for latest update on this: https://forums.unraid.net/topic/123620-unraid-os-version-6100-available/?do=findComment&comment=1129501
    5 points
  14. FYI: Wer das Plugin "Unassigned Devices" installiert hat und auf das heute erschienene Unraid 6.10 umstellen wird, sollte unbedingt neben den Unraid Update Hinweisen vorab den Beitrag zum Update des Unassigned Devices Plugin lesen. Dies vor allen Dingen wenn man mit NVMe oder SSD Devices im Unassigned Devices Plugin arbeitet - wie ich. Üblicherweise aktualisiert man vor einem Upgrade von Unraid die Plugins und Container. Leider fiel eine kritische Änderung am Unassigned Devices Plugin mit dem Release von Unraid 6.10 zusammen. Beides wurde heute zeitgleich veröffentlicht. Beim Start des aktualisierten Unraid 6.10 können NVMe, SSD Devices durch UD neue Bezeichner erhalten, was unter Umständen Auswirkungen auf die Docker und KVM Subsysteme haben kann. In meinem Fall wurden tatsächlich Unassigned Devices unter neuen Bezeichnern aufgeführt und ich musste das Docker Subsystem neu konfigurieren (Passthru Devices, etc.). Beim KVM Subsystem hatte ich vor einiger Zeit auf "bus:device" statt "dev/by-id" umgestellt. Deshalb wurde ich im Falle von VMs vor notwendigen Änderungen verschont. Ich persönlich finde diesen zeitlichen Zusammenhang für extrem unglücklich. Wer schon etwas tiefer in Unraid eingetaucht ist, der wird das sicherlich schnell beheben können. Wer aber ohne weitere Nachforschung die Update Knöpfe drückt, könnte beim nächsten Start überrascht werden. Also unbedingt lesen.
    5 points
  15. Great work guys. When can we see an RC for 6.11 ? 😁
    5 points
  16. Definitions and Preamble Skip this section and read the next one if you already understand what COW is and how Btrfs works. To users who are unaware of what COW, and subsequently NOCOW is: COW stands for copy-on-write, as such, NOCOW is the absence of COW. Btrfs (and ZFS) are COW based filesystems, in contrast to something like XFS, ReiserFS, EXT4, NTFS, etc. While those filesystems overwrite blocks in place when an overwrite request is made, copy-on-write filesystems always write any changes to newly allocated space, even if a portion of the file is "overwritten". Once the change is written to new space, it will then update metadata references to reflect the new state of the file. This is how modern filesystems are able to achieve "atomicity" without using a "journal". (Now I recognize this is a simple definition, but I think it gets the point across to those familiar with filesystems, after all, metadata operations also use COW, but this should be enough for most people to understand.) Basically, if any filesystem operation is interrupted on Btrfs or ZFS (such as a system crash, power failure, or a flaky disk), if the change has not been fully committed to the disk(s), the old state is retained on the disk(s). There is no need to run any fsck or do anything extra even for metadata, since the change was not fully committed. That's the idea behind atomicity, either the entire operation is completed in full, or it didn't happen. Most journaling filesystems (apart from ext4 in certain scenarios) do not support journaling of data blocks anyway (doing so would kill performance). There's not really any need to do this anyway, since these filesystems can only ever exist on one disk anyway (as far as they're concerned). If these filesystems are used on any form of RAID, it is that RAID platform that needs to ensure everything is in sync. Whether that's a battery backed raid controller, bitmaps like MD and LVM uses, whatever. Unraid does indeed also work to ensure it's own parity is in sync with a parity sync operation in the event of a system failure for it's array devices. Running a scheduled parity check is also encouraged of course in case something goes wrong during normal operation. While unraid can't avoid the "write hole", at least it can be mitigated. Btrfs and ZFS are different though. As we know, they are the RAID platform in addition to simply being filesystems. There are pools of multiple disks that these filesystem can exists on. Btrfs supports it's own unique spin of "RAID1" (among other profiles) as does ZFS. Since they're handling redundancy, extra thought needs to go into ensuring redundant copies of files are always in sync. When you use a RAID1 profile with Btrfs, a file is replicated across 2 devices, so there's effectively two "copies" of the same file. The Issue Since a Btrfs Cache pool in Unraid can span multiple devices, it needs to ensure atomicity of redundant copies on the pool disks to provide reliable redundancy. It is impossible to write to each disk at the exact same time since they are still two physically different drives. If the system crashes when one disk had a change written to it but the other one didn't, now your redundant copies may be out of sync, similarly to how your parity disk(s) can be out of sync when it comes to the unraid array during a crash. Now, thanks to copy on write, this problem is properly addressed. If either disk is out of sync, the old copy still exists. Btrfs provides checksums that can further be used to verify each copy is exactly the same. If they are not, they will "self repair", and a scrub triggers the filesystem to read each and every file and verify their checksums, repairing it if they mismatch using the other copy. ZFS of course does the same thing. However, when NOCOW is in use, both checksums and atomic updates of the data blocks are gone. While other software RAID solutions do allow for ensuring things are in sync without copy on write, Btrfs does not, as such NOCOW is not intended to be used on anything other than "disposable data". NOCOW makes Btrfs work more like the traditional filesystems for data blocks, but along with that comes significant gotchas that people seem to be quite unaware of. (ZFS has no concept of NOCOW, so it's not an issue for it). There is no way possible to ensure both copies of a NOCOW file is in sync on Btrfs if any of the RAID1,10 or DUP profiles are used. Btrfs does not provide *any* method to fix out of sync NOCOW files when it does go out of sync (scrub only verifies checksums, and since NOCOW has no checksums, it doesn't touch nocow data). To make matters worse, anything as simple as a power failure can trigger this situation if a VM were in use, and anyone using Unraid with VMs can run into this corruption scenario in the default state. Further, Btrfs doesn't have a concept of "master" and "slave" drives, it decides which copy to read based on the PID of the process. To the user, this effectively means the disk a file is read from is "randomly" selected. So in an out of sync scenario with VM disk images, even if one copy was valid, if it reads the invalid copy, it may (and will) end up corrupting the good copy. Then when it reads the other copy, it detects corruption, and so on.... you're stuck in a vicious cycle. There was a long discussion on the Btrfs mailing list about this a few years ago, but the TL;DR of it is while there were patches submitted to allow btrfsck to identify this issue, they were never committed to master, not that anyone let alone Unraid uses btrfsck in the event of a crash, scrub and balance is the usual recommended course of action, depending on the scenario. Using Btrfsck can be dangerous without developer advice anyway. This issue would apply to RAID1, RAID1c3, RAID1c4, RAID10 and the DUP data profiles of Btrfs, since all of these profiles involve making "copies". If the user is using a single disk with the SINGLE profile, if they're using multiple disks with RAID0, or ironically, if they're using Btrfs' grossly unstable RAID5 or RAID6 profiles, the issue doesn't really exist since there is only one copy of the data in these cases (or in the case of RAID5/6, scrub will repair any damage caused by the parity write hole). Now users may be wondering: Why is NOCOW even an option then? Well the issue with Btrfs in particular is it is not well optimized for workloads that involve a lot of small writes to the same file. This is exactly the type of workload that makes it less than ideal for things like VMs, Databases and even Bittorrent downloads. While ZFS can be tuned and has more complicated caching schemes to mitigate this, Btrfs simply doesn't scale well when it comes to tiny writes to files. Each time a write is made, the metadata tree needs to be updated to reference a new extent that will be rather small. As more and more tiny writes are made, this tree can get very "top heavy", and it too can become fragmented. Processing the tree alone can be expensive on system resources, even when an SSD is used. NOCOW is a way to avoid this fragmentation. I briefly discussed this with @jonp on Discord a while back, with regards to performance, and he suggested to do some benchmarks. So I took the time to do some quick benchmarks to show the difference (and also showcase how sparse allocation isn't the greatest with NOCOW anyway). I've ran these benchmarks with the Phoronix Test Suite. The benchmark was pgbench to show a certain workload that involves a lot of small writes. This all was done on Ubuntu 22.04 using the ext4 filesystem as the VM filesystem (since these are vdisks, Btrfs COW is still at work here). The VMs all used VirtIO SCSI as the vdisk controller, with caching disabled. The Btrfs pool is on a Btrfs RAID1 pool with an 860 EVO and WD Blue SATA SSD. The system specs for the VM were indeed limited (only 2 cores on a Ryzen 5 3400G), however I think it still showcases it quite well. I did three tests. The first was a VM with on a NOCOW Cache pool using a sparsely allocated image, just as unraid behaves out of the box with cache pools. The filefrag indicated this VM had ~30k extents allocated after a single benchmark pass. Over time, as the vdisk fills, this number will increase, but since it's NOCOW, it won't increase once allocated unless snapshots or reflink copies are made. Still, it does not provide the best use of the NOCOW attribute. The second one was a VM on a NOCOW Cache pool but the VM disk image was preallocated using fallocate to reduce fragmentation as much as possible. The filefrag command indicated this VM only had 5 extents both before and after the benchmark. The third was to just straight up use COW (there was no need to make the differentiation between preallocation or not in this case since COW would be used regardless). The filefrag command indicated this VM had ~1.2 million (yikes!) extents after the benchmark ran. You'll notice the difference between the most optimized NOCOW VM and the one with COW is double the average latency. The Unraid default state was dropped somewhere in the middle, so even then, Unraid's current default isn't the most ideal performance wise. However, in the case of cache pools, when redundancy is used, there's no way to escape a corruption scenario. Why not use autodefrag? Autodefrag is proposed to be a solution for desktop use cases, by grouping up small writes to Btrfs to be rewritten in larger extents. However in the case of workloads like VMs, autodefrag ends up causing write amplification, since it is effectively rewriting existing data. It is really only intended for desktop use cases where small databases may be used for applications like web browsers, and the writes to these databases are generally negligible. So what can be done? My suggestion is to simply just leave COW enabled (AUTO) for the domains share by default going forward for all new unraid installs. Users should accept the performance impact it may bring along unless they so choose to disable it, especially since the performance for many use cases may be perfectly acceptable, especially for a home use cases. Btrfs is a COW filesystem, so CoW should be expected to be used unless otherwise disabled. As was mentioned in this "rant" here, regular users don't set NOCOW, "admins" do, and using it "downgrades the stability rating of the storage approximately to the same degree that raid0 does". Leaving the current default gives Unraid users a false sense of redundancy (and I would argue unraid is intended to improve the UX around redundancy, so I think this default option is contrary to that). If users have a performance complaint, it would be better to clearly note the implications of using NOCOW if they so choose, or they can choose to use an XFS formatted cache pool. At least in that case there is no false sense of redundancy. And regardless, there's been feature requests and plugins that propose adding snapshots for VMs anyway. Both XFS and Btrfs support reflink copies after all. Yet doing so triggers Copy-on-Write, completely negating the gains of using the NOCOW attribute.
    5 points
  17. After multiple recent support issues with SanDisk brand USBs, we don't recommend buying SanDisk USBs for Unraid at this point. Either due to counterfeit devices being sold or a manufacturing change directly from SanDisk, multiple users have attempted to boot SanDisk USBs and found out that they do not register a unique GUID and therefore, cannot be properly licensed with Unraid. Multiple attempts at contacting SanDisk on this issue have gone nowhere. For a great rundown on the best USBs for Unraid, @SpaceInvaderOne made an exhaustively researched video on the topic: (Spoiler) The best 3 flash drives were: 1. Samsung bar plus USA ---- https://amzn.to/32TtQyp UK ---- https://amzn.to/3004ooU DE --- https://www.amazon.de/Samsung-MUF-32BE4-EU-Flash-Speicherstick/dp/B07CVVHCTG/ 2. Kingston DataTraveler SE9 G2 USA ---- https://amzn.to/30NhzIZ UK ---- https://amzn.to/3f4Bp7C DE --- https://www.amazon.de/Kingston-DataTraveler-USB-Stick-USB3-2-32GB/dp/B08KHTRF61?th=1 3. Samsung Fit Plus USA --- https://amzn.to/3hFboha UK --- https://amzn.to/39vSsOR DE --- https://www.amazon.de/Samsung-Flash-Drive-MUF-32AB-APC/dp/B07HPWKS3C BONUS @ich777 recommendation for Amazon.de users: https://www.amazon.de/Transcend-JetFlash-Extreme-Speed-32GB-USB-Stick/dp/B002WE6CN6
    4 points
  18. Install SSH Server in Debian based containers: Method 1 (recommended) : Attach to the container with "lxc-attach DebianLXC /bin/bash" (replace DebianLXC with your container name) : I would first recommend that you add a password for the user root, to do so enter "passwd" and enter your preferred root password two times (there is nothing displayed while typing) : Now Create a user with the command "useradd -m debian -s /bin/bash" (in this case the newly created username is "debian") : In the next step we will create a password for the user "debian" with the command "passwd debian" (replace "debian" with your preferred username) type in the password two times like above for the root user: Now install the openssh-server with "apt-get -y install openssh-server": After it successfully installed you can close the terminal window from the LXC container, connect via SSH to the container via Putty or your preferred SSH client through the IP from your container and the username "debian" and the password set for the user "debian" (in this example we will connect through a Linux shell with the command "ssh debian@10.0.0.237" you see the IP address in the LXC tab in Unraid) : Now you are connected through SSH with the user "debian" to your LXC container. Method 2 (not recommended - root connection) : Attach to the container with "lxc-attach DebianLXC /bin/bash" (replace DebianLXC with your container name): I would first recommend that you add a password for the user root, to do so enter "passwd" and enter your preferred root password two times (there is nothing displayed while typing) : Now install the openssh-server with "apt-get -y install openssh-server": Now issue the command: "sed -i "/#PermitRootLogin prohibit-password/c\PermitRootLogin yes" /etc/ssh/sshd_config" (this will basically change your SSH configuration file so that you can login with the root account through SSH) : Restart the sshd service with the command "systemctl restart sshd" to apply the new settings: After that you can close the terminal window from the LXC container, connect via SSH to the container via Putty or your preferred SSH client through the IP from your container and the username "root" and the password set for the "root" user (in this example we will connect through a Linux shell with the command "ssh root@10.0.0.237" you see the IP address in the LXC tab in Unraid) : Now you see that you are connected through SSH with the user "root" to your LXC container.
    4 points
  19. The amount of brave people without password for the root account is scary.
    4 points
  20. OK we figured it out. There was a bug in 6.9.2 that allowed you to use https://servername.local even though it was not valid for the hash.unraid.net certificate the server was configured to use. And since self-signed certificates also throw errors the browser probably didn't make it clear exactly which error you were accepting. So it would have been tough for you to know that the system was misconfigured in 6.9.2. We are going to tweak the upgrade process so that anyone upgrading from 6.9.2 with USE_SSL=auto will change to USE_SSL=yes in 6.10.0. That will eliminate this problem, and put users in control of whether they want the more secure/restrictive USE_SSL=auto setting.
    4 points
  21. Only what's reported can be fixed, once a release goes stable it starts being used by many more users, so a few new issues are expected/inevitable.
    4 points
  22. Proxmox added support for virtio-gl / virGL display driver, results look promising. I saw in Unraid 6.10rc release notes QEMU has been compiled with OpenGL support, but not sure how to check compiled flags to confirm virGL support.
    4 points
  23. Tja, meine Glaskugel ist kaputt aber typische Ursachen dieses Symptoms könnten sein: ein Prozess hat Files auf dem Dateisystem "dauerhaft" geöffnet das Netzteil Deiner externen Disk ist schlapp der USB-Port macht Probleme/das Kabel ist mau ein Problem vor der Tastatur (Wackler, drive-by-eject, ...) ...Sonnenflecken
    4 points
  24. I really like this "webgui: Show IP on VM Manager VM Page"
    4 points
  25. Installing the dependencies worked for me. There is however a typo in the above script which has to do with the install of freetype-2.6.3. Find the line below in the above script and you will notice it's slightly off from what I've shown below. Replace that line with what I've included below. It will now install all dependencies properly or you can install freetype after the script has run by itself. Look at the install output in your terminal and notice that freetype has not installed properly. upgradepkg --install-new freetype-2.6.3-x86_64-1.txz If you're doing it after running the script, then just use this at the command line. Then refresh the browser window and the graphs should show up. #!/bin/bash wget https://slackware.uk/slackware/slackware64-14.2/slackware64/l/freetype-2.6.3-x86_64-1.txz upgradepkg --install-new freetype-2.6.3-x86_64-1.txz
    4 points
  26. I just wanted to add a follow up for this in case anyone is in my same scenario. I was confused when you made this comment specifically when you said "the plugin still operates as is with its default settings" because the only thing that was working for me was the separation into folders. None of the context menu items were working for my on any of the icons. It turns out the actual source of the problem is in the "Preview advanced context menu" option for the docker folders. It turns out this is the feature where the main bug is. After turning this off (I had it on for all folders because it's pretty useful), the typical context menu features started working again. This brings back the major useful functionality of the plugin and I can again navigate my dockers without pulling my hair out. Thanks.
    4 points
  27. 3 points
  28. I guess that you can adjust most of the settings through some trickery in Unraid as well. For any fixes or incompatibility issues however, you will be relying on Unraid/Limetech to update the corresponding components of their system. And from what I read, it can be a hazzle to get TimeMachine up and running reliably as is. Therefore I think there is a certain advantage of running TimeMachine as a Docker image. The docker image used (https://github.com/mbentley/docker-timemachine) is in active development and quick to fix issues. The focus of that project is clear - TimeMachine and nothing but TimeMachine. I have been using this solution for a couple of months and it has been rock solid.
    3 points
  29. I have never had luck using the updater. I recommend following the manual update instructions in post 1; they’ve worked for me for… many iterations.
    3 points
  30. 3 points
  31. VM's are functionally the same as standalone computers from the user standpoint. What you are asking is a function of joining the machine to a windows server domain controller, so that is how you would need to do it with VM's as well.
    3 points
  32. OP in pre-release section by me for Unraid OS 6.10.0 RC8. Since this issue has persisted into the stable release, I am reposting here. Not sure if allowed to have two posts (prerelease/stable) for the same issue. If this is not allowed, feel free to contact me or adjust as needed. I looked at the full release notes and tried to see if the VNC package that Unraid Linux uses was the cause. I could not figure out which library/package it is. Issue: When editing or creating a VM, the VNC password field in the WebGUI template, does not allow any password greater than 8 characters. This issue was first noticed when turning on a VM just after 6.10.0-RC8 update. I was prompted that my 19 character password exceeded the 8 character limit (as shown similarly in screenshot attached). By today's standards passwords less than 8 characters are considered insecure. Reproduction steps: 1. Inside of Unraid WebGUI, navigate to VMs tab. 2. Select the "ADD VM" button below the list of currently installed VMs to create a new VM. 3. Select VM template type Linux. This shouldn't matter but these are my exact steps for testing. 4. Set primary vDisk size to "10M". 5. Set VNC Password to anything greater than 8 characters. In this case "123456789". 6. Select the button "Create VM". 7. Observe the following error: "VM reation error unsupported configuration: VNC password is 9 characters long, only 8 permitted." everestsrvr-diagnostics-20220518-1203.zip
    3 points
  33. Or want to keep an absent minded moment from removing the wrong drive, or have kids, etc. It's a very good idea to keep hot swap drives locked, it's not like they are going to be moved that often, and if they are because you are using one of the bays to do backups that you pull, even more reason to lock the rest of the array drives in place. I'd also consider putting a piece of tape on each bay drive slider with the current last 4 serial on it. Makes life less stressful when a drive fails.
    3 points
  34. -Upgraded ✅ -Cert upgraded ✅ make sure you add to pfsense (Services > DNS Resolver > General Settings > Custom Options) private-domain: "myunraid.net" -if you can't access the GUI after cert upgrade. 1 ssh root@SERVERIP 2 use_ssl no then you can log in using the normal ip way. -Root Shares ✅ -File Manager ✅ Thank you for all the hard work, everything is working GUCCI. Disks are finally sleeping!😴😇🤫
    3 points
  35. Note: this community guide is offered in the hope that it is helpful, but comes with no warranty/guarantee/etc. Follow at your own risk. This guide explains how to make an outgoing WireGuard VPN connection to a commercial VPN provider. If you are trying to access your Unraid network from a remote location, see the original WireGuard quickstart guide. Commerical VPN Providers Several commercial VPN providers support WireGuard, a few are listed below. No endorsement is implied, you need to research and determine which one meets your needs. Comment below if you are aware of others: VPN Jantit (Free! Scroll down and pick a location. Note that the free options have to be recreated every few days.) Azire VPN Mullvad (download WireGuard config files - requires login. See this tip.) IVPN (download WireGuard config files - requires login) OVPN Windscribe (See this) Avoid these providers, they require a customized WireGuard client and will not work with Unraid: TunSafe (this seems to require a custom WireGuard client now) Nord (see this) PIA (see this, although with a lot of extra work it is possible. This definitely falls outside of what could be considered supported though. Also see this.) Note that with the current state of WireGuard, VPN providers cannot guarantee the same amount of privacy as they can with OpenVPN. See: https://restoreprivacy.com/wireguard/ Typically the objections are not around security, but around the fact that it is harder for them to guarantee that they cannot track you. Configuring “VPN tunneled access for docker” (New in 6.10.0-rc5! For older versions see the next post) Download a config file from your preferred commercial VPN provider On the Settings -> VPN Manager page, click the "Import Config" button and select the file on your hard drive. This will create a new tunnel specific to this provider. The “Peer type of access” will default to “VPN tunneled access for docker”. There are no settings to change, except perhaps to give it a local name. Click Apply. Note: You do not need to forward any ports through your router for this type of connection Change the Inactive slider to Active Take note the name of this tunnel, it will be wg0 or wg1 or wg2, etc. You'll need this later when setting up your containers Also note that any DNS setting the Commercial VPN provides is not imported. Open their config file and see if there is a "DNS" entry, make note of the server they provided, you will use it below. If they didn't provide one, you may want to use Google's at 8.8.8.8. Testing the tunnel Using Community Applications, install a Firefox Docker container When setting up the container, set the “Network Type” to “Custom: wg2” (or whatever the name of the tunnel was in the previous step) Switch to Advanced view and add your preferred DNS provider to the "Extra Parameters". i.e.: --dns=8.8.8.8 (if you don't set this, the container may leak your ISP's DNS server) The rest of the defaults should be fine, apply the changes and start the container Launch Firefox and visit https://whatismyipaddress.com/ you should see that your IP address is in the country you selected when you signed up with the provider Also visit https://www.dnsleaktest.com/ and run a test, confirm that it only finds IPs related to the DNS provider you specified. Feel free to add more containers to this same tunnel, or create multiple tunnels if desired. BTW, the “VPN tunneled access for docker” tunnel has a built-in kill switch - if the WireGuard tunnel goes down then any Docker containers using it will not be able to connect to the Internet.
    3 points
  36. Two servers updated from -rc8 without issue. Thank you for this release.
    3 points
  37. rc8 -> stable. No issue. Happy puppy here.
    3 points
  38. Simple spelling mistakes always concern me....
    3 points
  39. Default poll interval dates back a number of years. It was chosen to minimize video "glitching" in lower-performance servers - Atom processors, 4G or less of RAM, older hard drives with small caches. These days I think something like 30 seconds would be better. Then if someone posts that they are seeing video glitches every 30 sec we can suggest raising the value.
    3 points
  40. @tiphae & @MrInhumane & @Xaero CoreKeeper container is done and should be available in the next few hours in the CA App. Please note that you don't have to forward any ports for this game because it uses the Steam Network and the GameID to establish the connection. You can get your GameID in the logs from the container after it successfully started. Have fun!
    3 points
  41. Hallo zusammen, anbei möchte ich euch meine Server Konstellation vorstellen, meine Fragen stellen und eure Verbesserungsvorschläge entgegennehmen. Den Server benutze ich für alles. Zum Beispiel Gaming Server, Cloud, Backups, Proxy, usw. Unraid Unraid Version: 6.10.0-rc5 Hardware Thermaltake Core V21 Matx Mesh Stackable Case with 200 mm Fan, Black Intel Xeon W-1290P, 10C/20T, 3.70-5.30GHz, tray Gigabyte W480M Vision W (LGA 1200/Intel W480/Micro-ATX/Dual M.2/SATA 6Gbps/USB 3.2 Gen 2/Dual Intel LAN/Multi-GPU support/ECC-memory support/Motherboard) 4 x 32GB Kingston Server Premier ECC DDR4-2933 DIMM CL21 Single 550 Watt Corsair RMx Series RM550x Modular 80+ Gold 2TB Samsung 970 Evo Plus M.2 2280 PCIe 3.0 x4 3D-NAND TLC (MZ-V7S2T0BW) 2 x 12TB WD Red Plus WD120EFBX 256MB 3.5" (8.9cm) SATA 6Gb/s Noctua NH-P1 passiver CPU-Kühler Noctua NF-A20 PWM chromax.black.swap Lüfter - 200mm, schwarz (Derzeit nicht angeschlossen) Noiseblocker NB-eLoop B14-3 140x 140x 29mm 1400 U/min 28.5 dB(A) schwarz/weiß (Derzeit nicht angeschlossen) IDLE Den idle Wert habe ich gemessen mit "myStrom WiFi Switch". Bestimmt nicht das beste Teil. Eventuell habt ihr hier ein paar Vorschläge für bessere Geräte ? Den Verbrauch dieser myStrom Steckdose habe ich NICHT abgezogen. Ich meine dieser liegt so bei 1-2 W, bin mir da aber nicht sicher! Bei der myStrom Steckdose schwankt es im idle zwischen 11-14 W. Folgende Einstellungen habe ich getätigt. Ich habe alle Einstellungen im BIOS fotografiert und angehangen. (BIOS Version F21) In das GO file habe ich die power-saving commands von hier hinzugefügt. Tips and Tweaks Plugin installiert und den CPU Scaling Governor auf Power Save gestellt (Was die commands im GO file aber bereits getant haben - Plugin wird also eigentlich nicht dafür benötigt) Intel GPU TOP Plugin installiert Falls jemand noch ein paar Tweaks kennt oder Verbesserungsvorschläge hat -> Gerne her damit
    3 points
  42. Plugin is now released and available in the CA App:
    3 points
  43. Yay. Up and running on 5.18rc5 kernel. Gonna give it a day, just to make sure the kernel is stable.
    3 points
  44. This is already updated for the next release to highlight line rather than change colour.
    3 points
  45. Try this, looks like the same issue, and it worked also on a Dell: https://forums.unraid.net/topic/119502-bzimage-checksum-error/?do=findComment&comment=1120488
    3 points
  46. According to this, its 5.18 I kinda almost regret picking up an Alder Lake at this point. 😅 https://forums.plex.tv/t/plex-media-server-on-ubuntu-21-10-with-intel-12th-gen-alder-lake/768123/30
    3 points
  47. I think you are onto something here. I was having the same problem when i needed to replace my usb. I turned off virtualization support and was able to boot. I went further, the kernel panic was about iommu. So I tried adding this to the boot args: intel_iommu=on iommu=pt I can now boot with virtualization on. Hope this helps.
    3 points
  48. Can I please ask everyone when you mark an issue as "urgent" to obey these conditions: 1) The problem is reproduceable 2) Diagnostics and other relevant information are attached in the post We (the receiving side) get alarm bells ringing and act asap, but need info as much as possible to find and resolve the issue. Thank you.
    3 points