Leaderboard

Popular Content

Showing content with the highest reputation since 05/28/21 in Reports

  1. 6.10.0 Summary of New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". UPC and My Servers Plugin The most visible new feature is located in the upper right of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Ability to install the My Servers plugin (see below). Posting privilege in a new set of My Servers forum boards. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. Exception: if you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a Lime Technology cloud server for the purpose of transmitting real-time status. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing each signed-in server. Here you can see real-time status such as whether the server is online or offline, storage utilization and other information. In addition, links are created to bring up a server webGUI, either locally on the LAN or remotely over the Internet (if Remote Access has been enabled). flash backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. Through the My Servers webApp it's possible to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. License key download - Again, through the My Servers webApp you can download your license key directly. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition qemu has been compiled with OpenGL support. The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. Let's Encrypt SSL provisioning change. In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Linux Kernel Upgrade to Linux 5.13.8 kernel which includes so-called Sequoia vulnerability mitigation. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. Base Packages Virtually the entire base package set has been updated. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal. Many other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. Version 6.10.0-rc1 2021-08-07 Base distro: aaa_base: version 15.0 aaa_glibc-solibs: version 2.33 aaa_libraries: version 15.0 acl: version 2.3.1 acpid: version 2.0.32 adwaita-icon-theme: version 40.1.1 apcupsd: version 3.14.14 appres: version 1.0.5 at: version 3.2.2 at-spi2-atk: version 2.38.0 at-spi2-core: version 2.40.3 atk: version 2.36.0 attr: version 2.5.1 avahi: version 0.8 bash: version 5.1.008 beep: version 1.3 bin: version 11.1 bind: version 9.16.19 bluez-firmware: version 1.2 bridge-utils: version 1.7.1 brotli: version 1.0.9 btrfs-progs: version 5.13.1 bzip2: version 1.0.8 ca-certificates: version 20210526 cairo: version 1.16.0 celt051: version 0.5.1.3 cifs-utils: version 6.13 coreutils: version 8.32 cpio: version 2.13 cpufrequtils: version 008 cracklib: version 2.9.7 cryptsetup: version 2.3.6 curl: version 7.78.0 cyrus-sasl: version 2.1.27 db48: version 4.8.30 dbus: version 1.12.20 dbus-glib: version 0.112 dcron: version 4.5 dejavu-fonts-ttf: version 2.37 devs: version 2.3.1 dhcpcd: version 8.1.9 diffutils: version 3.8 dmidecode: version 3.3 dnsmasq: version 2.85 docker: version 20.10.6 dosfstools: version 4.2 e2fsprogs: version 1.46.3 ebtables: version 2.0.11 editres: version 1.0.7 eject: version 2.1.5 elogind: version 246.10 elvis: version 2.2_0 encodings: version 1.0.5 etc: version 15.0 ethtool: version 5.13 eudev: version 3.2.10 file: version 5.40 findutils: version 4.8.0 flex: version 2.6.4 floppy: version 5.5 fluxbox: version 1.3.7 fontconfig: version 2.13.92 freeglut: version 3.2.1 freetype: version 2.11.0 fribidi: version 1.0.10 fuse3: version 3.10.4 gawk: version 5.1.0 gd: version 2.3.2 gdbm: version 1.20 gdk-pixbuf2: version 2.42.6 genpower: version 1.0.5 getty-ps: version 2.1.0b git: version 2.32.0 glew: version 2.2.0 glib2: version 2.68.3 glibc: version 2.33 glibc-zoneinfo: version 2021a glu: version 9.0.2 gmp: version 6.2.1 gnutls: version 3.6.16 gptfdisk: version 1.0.8 graphite2: version 1.3.14 grep: version 3.6 gtk+3: version 3.24.30 gzip: version 1.10 harfbuzz: version 2.8.2 haveged: version 1.9.14 hdparm: version 9.62 hicolor-icon-theme: version 0.17 hostname: version 3.23 htop: version 3.0.5 hwloc: version 2.2.0 icu4c: version 69.1 imlib2: version 1.7.1 inetd: version 1.79s infozip: version 6.0 inih: version 53 inotify-tools: version 3.20.11.0 iproute2: version 5.13.0 iptables: version 1.8.7 iputils: version 20210722 irqbalance: version 1.7.0 jansson: version 2.13.1 jemalloc: version 5.2.1 jq: version 1.6 json-c: version 0.15_20200726 keyutils: version 1.6.3 kmod: version 29 krb5: version 1.19.2 lbzip2: version 2.5 less: version 590 libICE: version 1.0.10 libSM: version 1.2.3 libX11: version 1.7.2 libXau: version 1.0.9 libXaw: version 1.0.14 libXcomposite: version 0.4.5 libXcursor: version 1.2.0 libXdamage: version 1.1.5 libXdmcp: version 1.1.3 libXevie: version 1.0.3 libXext: version 1.3.4 libXfixes: version 6.0.0 libXfont: version 1.5.2 libXfont2: version 2.0.5 libXfontcache: version 1.0.5 libXft: version 2.3.4 libXi: version 1.7.10 libXinerama: version 1.1.4 libXmu: version 1.1.3 libXpm: version 3.5.13 libXrandr: version 1.5.2 libXrender: version 0.9.10 libXres: version 1.2.1 libXt: version 1.2.1 libXtst: version 1.2.3 libXxf86dga: version 1.1.5 libXxf86misc: version 1.0.4 libXxf86vm: version 1.1.4 libaio: version 0.3.112 libarchive: version 3.5.1 libcap-ng: version 0.8.2 libcgroup: version 0.41 libdaemon: version 0.14 libdmx: version 1.1.4 libdrm: version 2.4.107 libedit: version 20210714_3.1 libepoxy: version 1.5.8 libestr: version 0.1.9 libevdev: version 1.11.0 libevent: version 2.1.12 libfastjson: version 0.99.9 libffi: version 3.3 libfontenc: version 1.1.4 libgcrypt: version 1.9.3 libglvnd: version 1.3.3 libgpg-error: version 1.42 libgudev: version 236 libidn: version 1.38 libjpeg-turbo: version 2.1.0 liblogging: version 1.0.6 libmnl: version 1.0.4 libnetfilter_conntrack: version 1.0.8 libnfnetlink: version 1.0.1 libnftnl: version 1.2.0 libnl3: version 3.5.0 libpcap: version 1.10.1 libpciaccess: version 0.16 libpng: version 1.6.37 libpsl: version 0.21.1 libpthread-stubs: version 0.4 libseccomp: version 2.5.1 libssh: version 0.9.5 libssh2: version 1.9.0 libtasn1: version 4.17.0 libtiff: version 4.3.0 libtiff: version 4.3.0 libtirpc: version 1.3.2 libunistring: version 0.9.10 libunwind: version 1.5.0 libusb: version 1.0.24 libusb-compat: version 0.1.7 libuv: version 1.41.0 libvirt: version 7.3.0 libvirt-php: version 0.5.5 libwebp: version 1.2.0 libwebsockets: version 4.2.0 libx86: version 1.1 libxcb: version 1.14 libxkbcommon: version 1.3.0 libxkbfile: version 1.1.0 libxml2: version 2.9.12 libxshmfence: version 1.3 libxslt: version 1.1.34 libzip: version 1.8.0 listres: version 1.0.4 lm_sensors: version 3.6.0 lmdb: version 0.9.29 logrotate: version 3.18.1 lshw: version B.02.19.2 lsof: version 4.94.0 lsscsi: version 0.32 lvm2: version 2.03.12 lz4: version 1.9.3 lzip: version 1.22 lzo: version 2.10 mc: version 4.8.26 miniupnpc: version 2.1 mkfontscale: version 1.2.1 mpfr: version 4.1.0 mtdev: version 1.1.6 nano: version 5.8 ncompress: version 5.0 ncurses: version 6.2_20201219 net-tools: version 20181103_0eebece nettle: version 3.7.3 network-scripts: version 15.0 nfs-utils: version 2.5.4 nghttp2: version 1.44.0 nginx: version 1.19.9 nss-mdns: version 0.14.1 ntfs-3g: version 2017.3.23 ntp: version 4.2.8p15 numactl: version 2.0.13 oniguruma: version 6.9.7 openssh: version 8.6p1 openssl: version 1.1.1k openssl-solibs: version 1.1.1k p11-kit: version 0.24.0 pam: version 1.5.1 pango: version 1.48.7 patch: version 2.7.6 pciutils: version 3.7.0 pcre: version 8.45 pcre2: version 10.37 php: version 7.4.18 pixman: version 0.40.0 pkgtools: version 15.0 procps-ng: version 3.3.17 pv: version 1.6.6 qemu: version 6.0.0 qrencode: version 4.1.1 reiserfsprogs: version 3.6.27 rpcbind: version 1.2.5 rsync: version 3.2.3 rsyslog: version 8.2102.0 sakura: version 3.5.0 samba: version 4.12.15 sdparm: version 1.12 sed: version 4.8 sessreg: version 1.1.2 setxkbmap: version 1.3.2 sg3_utils: version 1.46 shadow: version 4.8.1 shared-mime-info: version 2.1 slim: version 1.3.6 smartmontools: version 7.2 spice: version 0.15.0 sqlite: version 3.36.0 ssmtp: version 2.64 startup-notification: version 0.12 sudo: version 1.9.7p2 sysfsutils: version 2.1.0 sysvinit: version 2.99 sysvinit-scripts: version 15.0 talloc: version 2.3.2 tar: version 1.34 tcp_wrappers: version 7.6 tdb: version 1.4.5 telnet: version 0.17 tevent: version 0.11.0 traceroute: version 2.1.0 transset: version 1.0.2 tree: version 1.8.0 ttyd: version 20210507 usbredir: version 0.8.0 usbutils: version 013 utempter: version 1.2.0 util-linux: version 2.37.1 vbetool: version 1.2.2 vsftpd: version 3.0.5 vte3: version 0.50.2 wayland: version 1.19.0 wget: version 1.21.1 which: version 2.21 wireguard-tools: version 1.0.20210424 wsdd2: version 1.8.3.2 xauth: version 1.1 xcb-util: version 0.4.0 xclock: version 1.0.9 xdpyinfo: version 1.3.2 xdriinfo: version 1.0.6 xev: version 1.2.4 xf86-input-evdev: version 2.10.6 xf86-input-keyboard: version 1.9.0 xf86-input-mouse: version 1.9.3 xf86-input-synaptics: version 1.9.1 xf86-video-ast: version 1.1.5 xf86-video-mga: version 2.0.0 xf86-video-vesa: version 2.5.0 xfsprogs: version 5.12.0 xhost: version 1.0.8 xinit: version 1.4.1 xkbcomp: version 1.4.5 xkbevd: version 1.1.4 xkbutils: version 1.0.4 xkeyboard-config: version 2.33 xkill: version 1.0.5 xload: version 1.1.3 xlsatoms: version 1.1.3 xlsclients: version 1.1.4 xmessage: version 1.0.5 xmodmap: version 1.0.10 xorg-server: version 1.20.13 xprop: version 1.2.5 xrandr: version 1.5.1 xrdb: version 1.2.0 xrefresh: version 1.0.6 xset: version 1.2.4 xsetroot: version 1.1.2 xsm: version 1.0.4 xterm: version 368 xtrans: version 1.4.0 xwd: version 1.0.8 xwininfo: version 1.1.5 xwud: version 1.0.5 xxHash: version 0.8.0 xz: version 5.2.5 yajl: version 2.1.0 zlib: version 1.2.11 zstd: version 1.5.0 Linux kernel: version 5.13.8 (CVE-2021-33909 CVE-2021-33910) CONFIG_USB4: Unified support for USB4 and Thunderbolt CONFIG_USB4_NET: Networking over USB4 and Thunderbolt cables CONFIG_DRM_I915_GVT: Enable Intel GVT-g graphics virtualization host support CONFIG_DRM_I915_GVT_KVMGT: Enable KVM/VFIO support for Intel GVT-g CONFIG_VFIO_MDEV: Mediated device driver framework CONFIG_VFIO_MDEV_DEVICE: VFIO driver for Mediated devices CONFIG_FTRACE: Tracers CONFIG_FUNCTION_TRACER: Kernel Function Tracer CONFIG_KPROBES: Kprobes CONFIG_DEBUG_KERNEL: Kernel debugging CONFIG_KALLSYMS_ALL: Include all symbols in kallsyms CONFIG_X86_X32: removed md_unraid: version 2.9.18 Management: emhttp new defaults: - root password required - newly created shares not exported by default - predefined 'flash' share not exported by default - ftp, ssh, telnet: disabled by default - NetBIOS disabled by default - WSD enabled (and using newer 'wsdd2' package) - Enhanced macOS interoperability enabled mover: fix bug not moving shares with embedded spaces shfs: fix bug where permissions being ingored ('default_permissions' was missing in mount command) webgui: support simultanious LAN SSL with self-signed cert and DNS-based SSL with Lets Encrypt cert webgui: Suppress non-relevant IPv6 routes in routing table webgui: Fixed smart temperature settings sometimes not possible webgui: Add internal container reference webgui: Diagnostics: Remove lines from go containing passwords etc webgui: Better translation of docker container variables webgui: Fix monitor false positives webgui: Allow ruleset for local rules in rsyslog.conf webgui: Include links in email and Discord agent notifications webgui: Allow all notification agents to send links webgui: Validate WebGUI ports before applying webgui: Add vmxnet3 and e1000 into available NICs for VMs webgui: Error checking etc on ports for syslog server webgui: Check for flash offline / quick check on if it is corrupted webgui: Only allow png files to be uploaded as user image webgui: Diagnostics: Revamp anonymization webgui: Add WireGuard GUI webgui: Update DashStats.page webgui: Bug fix in DashStats webgui: Fix corruption check after a New Config is issued webgui: Update alert text webgui: Translation support (Unraid.net) webgui: WireGuard: preset peer DNS server with "Remote tunneled access" webgui: Plugins page loading improvements webgui: Docker page loading improvements webgui: Make WireGuard trademark visible on "full" page webgui: Replace polling scripts with event driven Nchan interface webgui: Improved format of stale and error plugin pages webgui: Docker: Add crypto as a category webgui: Dashboard: add CPU and NETWORK chart webgui: Docker: compress too long author names webgui: Convert notify polling to Nchan webgui: Docker: process bash ANSI colors in web log display webgui: dockerMan: remove HTML from descriptions webgui: SSH authorized keys UI webgui: Device_list replace .png icon with font icon webgui: Compress too long share names in dropdown menus webgui: Show management access and shares access groups for users webgui: Added "User 'root'" reference on Management Access page webgui: Show warning when javascript is disabled webgui: Force creation of root password webgui: Edit/Add Container: Fix browser console error webgui: WireGuard: warn when directly connected with public IP webgui: Fix network bonding display webgui: Add tracking after system shutdown webgui: Added notify when plugin fails to install webgui: Add Apps link to install CA webgui: Diagnostics: Add share summary webgui: Suppress IPv6 anycast addresses in routing table webgui: Diagnostics: Add share summary webgui: Diagnostics: Include current plugin versions webgui: Diagnostics: add DHCP log webgui: Diagnostics fix plugin deprecated max version error webgui: Docker: Support CA tag webgui: Delete DockerRepositories.page webgui: dockerMan Security: Remove HTML tags from Config elements webgui: When viewing source, identify which .page file is responsible webgui: System devices additions webgui: Create syslog entry when user logs out webgui: privatize host in diagnostics webgui: Create favicon.ico webgui: Update Credits.page
    22 points
  2. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). In order to provision a new wildcard certificate, or upgrade a legacy certificate, you must be signed-in to Unraid.net. You do not need to be signed-in however, to have either type of certificate automatically renewed when it is within 30 days of expiration. The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with new the URL; however, if you server is signed-in to Unraid.net then the My Servers dashboard maintains the correct Local Access URL for each of your servers. More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc3] Linux 5.15.27 kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Updated out-of-tree drivers [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc3 2022-03-09 (vs. 6.10.0-rc2) Base distro: bash: version 5.1.016 bind: version 9.16.24 btrfs-progs: version 5.15.1 ca-certificates: version 20211216 cryptsetup: version 2.4.3 curl: version 7.81.0 e2fsprogs: version 1.46.5 ethtool: version 5.15 freetype: version 2.11.1 gawk: version 5.1.1 git: version 2.34.1 glib2: version 2.70.2 gtk+3: version 3.24.31 harfbuzz: version 3.2.0 haveged: version 1.9.16 htop: version 3.1.2 intel-microcode: version 20220207 iproute2: version 5.15.0 iputils: version 20211215 kernel-firmware: version 20220228_ee0667a libX11: version 1.7.3.1 libdrm: version 2.4.109 libevdev: version 1.12.0 libgpg-error: version 1.43 libjpeg-turbo: version 2.1.2 libnftnl: version 1.2.1 libtasn1: version 4.18.0 libvirt: version 7.10.0 mcelog: version 180 nano: version 6.0 nginx: version 1.21.5 with nchan: version 1.2.15 oniguruma: version 6.9.7.1 openssl: version 1.1.1m openssl-solibs: version 1.1.1m pcre2: version 10.39 php: version 7.4.28 (CVE-2021-21708) qemu: version 6.2.0 samba: version 4.15.5 (CVE-2021-44141 CVE-2021-44142 CVE-2022-0336) sg3_utils: version 1.47 sqlite: version 3.37.2 wayland: version 1.20.0 wsdd2: version 20111022 xauth: version 1.1.1 xfsprogs: version 5.13.0 build 2 xorg-server: version 1.20.14 xterm: version 370 xxHash: version 0.8.1 zstd: version 1.5.1 Linux kernel: version 5.15.27 (CVE-2022-0847) CONFIG_ISCSI_TCP: iSCSI Initiator over TCP/IP (per Community Member @ich777) oot: md/unraid: version 2.9.21 fix: md_sync_limit was being ignored Management: diagnostics: add bz*.sha256 values diagnostics: Improved anonymization diagnostics: Anonymize mover diagnostics: better package listings in folders.txt diagnostics: do not anonymize 169.254.x.x addresses emhttpd: use shfs ioctl to invalidate shfs cached share info when share cfg changes emhttpd: fix incorrect handling of unassigned device read/write counters emhttpd: fix sometimes wrong device name assigned to hotplugged unassigned devices emhttpd: fix btrfs-replace case rc.nginx: change fastcgi_read_timeout from 120s to 640s rc.nginx: remove ttyd side-loading rc.nginx: support LE wildcard certs rc.nginx: self-signed cert subject OU change from "unRAID" to "Unraid" upgradepkg: do not upgrade if existing package is newer webgui: Docker: fix overlapping container ID display webgui: Docker: fixed template removal when no containers exist webgui: Do not highlight false positive ERST error webgui: VMs: automatically update virtio-win iso list webgui: Allow CA to get all docker info without having to download icons if not present webgui: Docker: fixed filetree sometimes not visible webgui: Docker: add time unit in settings webgui: Plugin manager: fix branch select gets unnecessary disabled webgui: require sign in to provision cert webgui: refactor UpdateDNS.php: anonymize verbose output by default, other improvements webgui: Use ttyd for logging windows webgui: Add new setting "Terminal font size" webgui: Fix missing csrf-token in Notify webgui: VM: fix missing path selection (for GPU firmware file) webgui: Docker: Support ReadMe in context menus webgui: Relax SMART detection logic webgui: Fix CPU model sometimes not present webgui: Dashboard: fix bar color when disk thresholds are disabled webgui: Update GUI with latest helptext webgui: Update FileTree.php webgui: Updated bitstream font to support more languages webgui: Fixed parity duration + speed when paused/resumed webgui: Added: Cumulative parity check. This allows a parity check to be divided over multiple time windows. webgui: ContextMenu: added option "button": defaults to "left" (current behavior), other options are "right" and "both" webgui: Docker: optimized contextmenu webgui: VMs: optimized contextmenu webgui: Fixed comments field only for selected disks webgui: Open terminal window with dynamic size webgui: Docker: remove close button in popup windiow webgui: Docker: update window uses color of selected theme webgui: Fixed: speed calculation of parity check webgui: Fixes and enhancements in Browse function webgui: remove(upc): usage of sendCrashInfo webgui: Move Start button below encryption field webgui: Limit popup window width on ultrawide monitors webgui: NFS: fix copying of hostList after READ operation webgui: Expand ipaddr() with protocol: protocol defaults to ipv4 in case of ipv4 + ipv6 webgui: Nchan: Use multiplexed channels and add error reporting webgui: Docker: Do not update installed user templates webgui: Docker: fix GUI may hang when multiple screens are opened webgui: Docker: fix spinner will not disappear after attempting to uninstall a non-existent container webgui: Updated help text for Display settings and Docker webgui: Docker utilization warning only when image file webgui: Validate destination of VirtIO ISO downloads webgui: Use tabbed view for device information page webgui: System info: fix translation webgui: CSS minor corrections webgui: Fixed: VM 9p add share issue webgui: Parity check: re-introduce Done button when finished webgui: css scrollbar enhancements webgui: Always show "WebUI" for user specified URLs webgui: Docker: Handle edge case involving browser back button when within CA in certain unlikely circumstances webgui: Parity operation enhancements: - Separate Parity-Sync and Data-Rebuild as individual actions - Add parity operation action to history view - Correct calculations for data-rebuild smaller than parity - Add disk clear action - Use Nchan updates for copying/clearing progress - CSS adjustment in SMART attributes - Show additional buttons in Array Stopped state - Textual enhancements - Added "size" column to parity history webgui: Dashboard: separate cpu details and graph view webgui: Better array sync when multiple sessions are opened webgui: Enable/Disable SMART extended test depending on spin down delay setting webgui: Fixed: spinner stays visible after docker command webgui: Fixed: buttons not working in device info when no device is present webgui: Fixed: race condition when array is stopped and device assignments are changed webgui: VM editor style update webgui: Fixed: parity history sometimes wrongly processed webgui: BTRFS balance and scrub scheduler webgui: Change Dashboard Parity status to be invalid and not emulated. webgui: Improved background process detection and handling webgui: jQuery: version 3.6.0 webgui: DisplaySettings: add "showBannerGradient"
    21 points
  3. Listening to the Community we decided to remove the requirement for all users to register their server with an Unraid.net account. Making use of the My Servers plugin, providing a growing number of online-enabled features, does still require use of an Unraid.net account. Upon upgrade to this release, users who currently have the My Servers plugin installed should upgrade the plugin on their server(s). Servers without the plugin will no longer need, or be able to sign in to Unraid.net and as timeouts kick in, they will automatically be removed from the My Servers Dashboard and disassociated with your Unraid.net account. To continue using the My Servers Dashboard please install the My Servers plugin. Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc5 2022-04-26 (vs. 6.10.0-rc4) Base distro: at: version 3.2.3 bind: version 9.16.27 btrfs-progs: version 5.16 ca-certificates: version 20220403 ethtool: version 5.16 eudev: version 3.2.11 git: version 2.35.3-x86_64-1 (CVE-2022-24765) glib2: version 2.70.3 glibc-zoneinfo: version 2022a gzip: version 1.12-x86_64-1 (CVE-2022-1271) haveged: [removed] hdparm: version 9.63 iproute2: version 5.16.0 libarchive: version 3.6.1-x86_64-1 libgpg-error: version 1.44 libunwind: version 1.6.2 libwebp: version 1.2.2 libxml2: version 2.9.13 libxslt: version 1.1.35 openssl: version 1.1.1n openssl-solibs: version 1.1.1n p11-kit: version 0.24.1 pango: version 1.48.11 sudo: version 1.9.9 tdb: version 1.4.6 util-linux: version 2.37.4 wsdd2: version 20111022 build 2 xz: version 5.2.5-x86_64-4 (CVE-2022-1271) zlib: version 1.2.12 zstd: version 1.5.2 Linux kernel: Linux 5.15.35-Unraid added CONFIG_USB_RTL8152: Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Management: emhttpd: fix btrfs pool device replace still showing 'missing' rc.docker: fix startup network race condition rc.libvirt: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state rc.nginx: read IP address from management interfact (eth0) only rc.samba: disable SMB Multi Channel by default; add control to Settings/SMB Settings page ttyd: fix garbled text in local FireFox Termainl windows upc: refactor(upc):base-6.10 remove sign in requirement webgui: improve: Highlight selected row when hovering over array or shares webgui: Right-clicking or long-clicking a menu item should open the selected menu webgui: Make links in help text standout (red) webgui: Update Outlook/Hotmail smtp settings webgui: UpdateDNS to prefer IPv4 first and then IPv6 webgui: Allow simultaneous log and console windows for containers webgui: Fixed: missing samesite attribute in cookies webgui: WireGuard: user nginx settings and unraid.net api webgui: Parity: shown duration time excluding idle time webgui: Miscellaneous updates and fixes webgui: fix: password lockouts not being cleared properly webgui: Support future T2FA webgui: Expand file type icon selection webgui: Show IP on VM Manager VM Page webgui: Docker: Silence PHP errors when editing a template if corruption exists webgui: Fixed PHP errors for share and disk calculations webgui: Main page - lower table update frequency for better responsiveness of links webgui: Change page switching to better suit Safari on mobile devices webgui: Set Main page update frequency to 1s for better support of mobile devices webgui: Docker settings: suppress browser presets webgui: Lower update frequency of monitor function to better suit mobile devices webgui: Docker: fixed list display in fixed view mode webgui: Docker: fixed header display causes gap webgui: WireGuard updates: Make import config file of VPN providers more robust. Add tunnel routing for docker containers Automatically make the WG tunnel available to containers (custom network) webgui: WireGuard: Introduce new network modes: VPN tunneled access for system VPN tunneled access for docker webgui: WireGuard: Add warning when tunnel deletion fails webgui: WireGuard: use kill switch when tunnel inactive webgui: Docker: add route for remote WireGuard access Containers with network 'br0' can be remotely accessed by WireGuard without the need to configure static routes on the home router (gateway) "Host access to custom networks" must be enabled to allow access webgui: WireGuard: add logic to recreate networks after reboot webgui: Docker: add route for remote WireGuard access webgui: Wireguard: make management interface seletable Defaults to eth0 - future expansion webgui: Docker: add wireguard description in network selection webgui: diagnostics: fix: anonymize myunraid.net urls webgui: BTRFS balance: fix recommendation message when volume is empty webgui: Log docker icon download failures webgui: Docker: add description to all custom networks webgui: Management: fix ports in use check webgui: Fixed: specific disk settings for pool devices only
    20 points
  4. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Note: In order to permit ongoing development, some changes/features are marked experimental. This means underlying support is included in the release, but high level functionality or UI has not been included yet. UPC and My Servers Plugin - [rc2] reworded The most visible new feature is located in the upper right of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. [rc2] Exception: A server must be signed-in to Provision and Renew a Let's Encrypt SSL certificate. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. Let's Encrypt SSL provisioning change. In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Linux Kernel Upgrade to [rc2] Linux 5.14.15 kernel which includes so-called Sequoia vulnerability mitigation. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out, [rc2] Enabled additional ACPI kernel options [rc2] Updated out-of-tree drivers [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is begin deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. Version 6.10.0-rc2 2021-11-01 (vs. 6.10.0-rc1) Base distro: acpid: version 2.0.33 at-spi2-core: version 2.42.0 bind: version 9.16.22 btrfs-progs: version 5.14.2 ca-certificates: version 20211005 cifs-utils: version 6.14 coreutils: version 9.0 cryptsetup: version 2.4.1 curl: version 7.79.1 dhcpcd: version 9.4.1 dnsmasq: version 2.86 docker: version 20.10.9 e2fsprogs: version 1.46.4 ethtool: version 5.14 file: version 5.41 fribidi: version 1.0.11 fuse3: version 3.10.5 gd: version 2.3.3 gdbm: version 1.22 git: version 2.33.1 glib2: version 2.70.0 glibc-zoneinfo: version 2021e gnutls: version 3.7.2 grep: version 3.7 gzip: version 1.11 harfbuzz: version 3.0.0 haveged: version 1.9.15 htop: version 3.1.1 iproute2: version 5.14.0 jansson: version 2.14 json-glib: version 1.6.6 libXi: version 1.8 libarchive: version 3.5.2 libedit: version 20210910_3.1 libepoxy: version 1.5.9 libgcrypt: version 1.9.4 libgudev: version 237 libjpeg-turbo: version 2.1.1 libssh: version 0.9.6 libssh2: version 1.10.0 libtpms: version 0.9.0 libvirt: version 7.8.0 libvirt-php: version 0.5.6a libwebp: version 1.2.1 libxkbcommon: version 1.3.1 lvm2: version 2.03.13 mc: version 4.8.27 mcelog: version 179 nano: version 5.9 ncurses: version 6.3 nghttp2: version 1.46.0 nginx: version 1.19.10 ntfs-3g: version 2021.8.22 openssh: version 8.8p1 openssl: version 1.1.1l openssl-solibs: version 1.1.1l pam: version 1.5.2 pango: version 1.48.10 pcre2: version 10.38 php: version 7.4.24 qemu: version 6.1.0 samba: version 4.15.0 sudo: version 1.9.8p2 swtpm: version 0.6.1 ttyd: version 20211023 usbutils: version 014 util-linux: version 2.37.2 wget: version 1.21.2 wireguard-tools: version 1.0.20210914 wsdd2: version 1.8.6 xfsprogs: version 5.13.0 xkeyboard-config: version 2.34 xrdb: version 1.2.1 xterm: version 369 Linux kernel: version 5.14.15 restore CONFIG_X86_X32: x32 ABI for 64-bit mode added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for this kernel added several ACPI-related CONFIG settings added CONFIG_TCG_TPM and associated TPM chip drivers added CONFIG_NFSD_V4: NFS server support for NFS version 4 added CONFIG_USB_NET_AQC111: Aquantia AQtion USB to 5/2.5GbE Controllers support added NFS_V4: NFS client support for NFS version 4 oot: md/unriad: version 2.9.19 oot: nvidia: version 470.63.01 [via plugin] oot: r8125:version 9.006.04 oot: r8152: version 2.15.0 Management: emhttpd: fix regression: user shares should be enabled by default emhttpd: minimize information transmitted by 'stock' UpdateDNS function firefox: version 91.0.r20210823123856 (AppImage) mover: append '.partial' suffix to filename when move in-progess rc.mcelog: mcelog added to base distro rc.nginx: support custom wildcard self-signed certs rc.S: check bz file sha256 during initial boot sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) wsdd2: listen only on active interface by default (br0, bond0, or eth0) webgui: remove 'My Servers' skeleton page webgui: present CA-signed certificate subject as a link webgui: Relax update frequency a bit webgui: Docker: Only save templates as v2 webgui: Fix pools display on Main page when empty pool exists webgui: Escape double quotes in text input submit webgui: Add 'root' folder protection to filetree webgui: Support multi-language in filetree display webgui: Use background checking for flash corruption webgui: Proactive script security hardening webgui: Diagnostics: add check for DNS Rebinding Protection webgui: Diagnostics: privatize routable IPs webgui: Diagnostics: add url details webgui: Docker: Fix incorrect caching when deleting / recreating image webgui: Silence PHP error on syslinux page if flash drive is missing webgui: various Multi-language corrections webgui: VM Manager: added Windows 11 template and OVMF TPM webgui: VM Manager: add virtio-win-0.1.208.iso download link webgui: Sign-in required to provision/renew Unraid LE SSL certificate
    14 points
  5. This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc6 2022-05-04 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1
    13 points
  6. This is primarily a bug fix release. We have not addressed every issue that has been reported. In the past we would typically delay releases until most things were addressed; however, we are committed to producing releases as quickly as possible as issues are fixed and small improvements are made. It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. The main issues addressed here have to do with nchan errors, DNS Rebinding Protection check, and XFS formatting issue. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). In order to provision a new wildcard certificate, or upgrade a legacy certificate, you must be signed-in to Unraid.net. You do not need to be signed-in however, to have either type of certificate automatically renewed when it is within 30 days of expiration. The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with new the URL; however, if you server is signed-in to Unraid.net then the My Servers dashboard maintains the correct Local Access URL for each of your servers. More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.30 kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc4 2022-03-19 (vs. 6.10.0-rc3) Base distro: docker: version 20.10.13 firefox: 98.0.r20220313140707 (AppImage) kbd: version 1.15.3 (to support non-US keyboards) Linux kernel: Linux 5.15.30-Unraid oot: md/unraid: version 2.9.22 (revert setting min sector size to 4096) oot: added Intel ixgbe: version 5.14.6 Management: emhttpd: add 'rootshare' reserved name rc.nginx: prefer IPv4 if both IPv4 and IPv6 rc.nginx: ignore case in processing Subject field for custom certificates rc.nginx: remove default server block returning 404 for https if USE_SSL==no and no CA-signed cert webgui: Docker: Add Network / Privacy Category webgui: Revert back to default capitalization of device names webgui: Fix PHP error when calculating balance level webgui: Docker: make popup window fit in browser window webgui: Change parity sync notification from error to notice level webgui: Changed header selection for better support of Android webgui: Let setting "showBannerGradient" default to "yes" webgui: Remove Nchan error detection (Rely on the automatic reconnect of Nchan to re-establish connections when communication is slow) webgui: Fix: Improved DNS Rebinding checks webgui: Revised filedrop.js webgui: Use https for internet connectivity check webgui: Fix regression error for themes auzre & gray webgui: Highlight selected row when hovering over array or shares
    13 points
  7. You should only need to go to Tools/UpdateOS and switch to the Stable branch to see the update. Sure there are still some outstanding issues and we'll continue to monitor here. Please upgrade and switch to Stable Bug Reports board for new issues.
    10 points
  8. This release includes some bug fixes and update of base packages. Notable changes: correct device status handling for single-slot pools collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore WireGuard: fixed proper handling of ipv4 + ipv6 tunnels A few security related base package updates Added BPF support in the Linux kernel Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. @JorgeB for rigorous testing of storage subsystem Version 6.10.0-rc8 2022-05-10 (vs. 6.10.0-rc7) Base distro: libxml2: version 2.9.14 (CVE-2022-29824) openssl: version 1.1.1o (CVE-2022-1292) openssl-solibs: version 1.1.1o Linux kernel: Linux 5.15.38-Unraid enable BPF kernel options (user request): CONFIG_BPF_SYSCALL: Enable bpf() system call CONFIG_BPF_JIT: Enable BPF Just In Time compiler CONFIG_BPF_JIT_ALWAYS_ON: Permanently enable BPF JIT and remove BPF interpreter CONFIG_NET_CLS_BPF: BPF-based classifier CONFIG_NET_CLS_ACT: Actions CONFIG_NET_ACT_BPF: BPF based action CONFIG_IKHEADERS: Enable kernel headers through /sys/kernel/kheaders.tar.xz CONFIG_NET_SCH_SFQ: Stochastic Fairness Queueing (SFQ) CONFIG_NET_ACT_POLICE: Traffic Policing CONFIG_NET_ACT_GACT: Generic actions CONFIG_GACT_PROB: Probability support CONFIG_NET_SCH_INGRESS: Ingress/classifier-action Qdisc CONFIG_CGROUP_BPF: Support for eBPF programs attached to cgroups Management: emhttpd: correct device status handling for single-slot pools emhttpd: collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore webgui: WireGuard: fixed proper handling of ipv4 + ipv6 tunnels webgui: Font files update clear-sans --> source sans pro bitstream --> source code pro webgui: Remove deprecated font extensions: eot, svg, ttf webgui: Cleanup styles folder webgui: Update css files to use woff and woff2 formats only webgui: Fixed balance/scrub schedule not saved when device name has "-" in it webgui: Fix side bar of themes azure/gray in firefox webgui: chore(upc): ENOKEYFILE2 message translation
    8 points
  9. Since the 5.x kernel based releases many users have been reporting system hangs every few days once the i915 module is loaded. With reports from a few users detailed in the thread below we have worked out that the issue is caused by the i915 module and is a persistent issue with both the 6.9.x release and 6.10 release candidates. The system does not need to be actively transcoding for the hang to occur. 6.8.3 does not have this issue and is not hardware related. Unloading the i915 module stops the hangs. Hangs are still present in 6.10.0RC2. I can provide a list of similar reports if required.
    8 points
  10. This release corrects an issue in -rc6 where both the Intel out-of-tree ixgbe module (10Gbit Network driver) and the in-tree ixgbe module were included in the build. At system start time, the Intel driver was preferred. It was our intent to remove this driver and revert to the in-tree version, but a flaw in our build process permitted inclusion of both. This has been corrected in this release, and there are no other changes. If you have upgraded to -rc6 and you do not use Intel 10Gbit network driver there is no need to upgrade to this release. This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc7 2022-05-05 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver [-rc7] Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1
    8 points
  11. With this version that has nfs4 enabled in the kernel, I was able mount all my mount points with version 4 instead of version 3. To enable nfs4 I made no changes on the Unraid side (other than just upgrading to 6.10.0-rc2d). I use systemd to mount my unraid nfs shares. For each of my .mount files, I simply changed Type=nfs to Type=nfs4 I then rebooted to see everything automount as expected. I also manually mounted a share with the following command sudo mount -t nfs4 -o proto=tcp,port=2049 x.x.x.x:/mnt/user/BookLibrary /mnt/ADrive I checked the output of nfsstat -m to verify: ❯ nfsstat -m /nfs_mnt/AtlasBackups from x.x.x.x:/mnt/user/AtlasBackups Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/AtlasMedia from x.x.x.x:/mnt/user/AtlasMedia Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/GameUtils from x.x.x.x:/mnt/user/GameUtils Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/syslog_share from x.x.x.x:/mnt/user/syslog_share Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/GamesStorage from x.x.x.x:/mnt/user/GamesStorage Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/unsorted from x.x.x.x:/mnt/user/unsorted Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /mnt/ADrive from x.x.x.x:/mnt/user/BookLibrary Flags: rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x So it looks like it mounted ok. Everything on my Manjaro linux desktop that uses those mounts at least starts ok. I'll do some more rigorous testing over the weekend but right now I'm running a backup and having Steam install a game to see how things shake out. So far so good though, fingers crossed! -Greg
    6 points
  12. At the moment the two default VM network adapters have the following names: This is really confusing as "virtio" and "virtio-net" are using the same virtual network adapter "virtio-net-pci" (which cost me hours to find out). The only difference is that "virtio-net" disables "vhost-net" access. My suggestion is to use the real name, but with different notes (and its time for more adapters of course):
    4 points
  13. OP in pre-release section by me for Unraid OS 6.10.0 RC8. Since this issue has persisted into the stable release, I am reposting here. Not sure if allowed to have two posts (prerelease/stable) for the same issue. If this is not allowed, feel free to contact me or adjust as needed. I looked at the full release notes and tried to see if the VNC package that Unraid Linux uses was the cause. I could not figure out which library/package it is. Issue: When editing or creating a VM, the VNC password field in the WebGUI template, does not allow any password greater than 8 characters. This issue was first noticed when turning on a VM just after 6.10.0-RC8 update. I was prompted that my 19 character password exceeded the 8 character limit (as shown similarly in screenshot attached). By today's standards passwords less than 8 characters are considered insecure. Reproduction steps: 1. Inside of Unraid WebGUI, navigate to VMs tab. 2. Select the "ADD VM" button below the list of currently installed VMs to create a new VM. 3. Select VM template type Linux. This shouldn't matter but these are my exact steps for testing. 4. Set primary vDisk size to "10M". 5. Set VNC Password to anything greater than 8 characters. In this case "123456789". 6. Select the button "Create VM". 7. Observe the following error: "VM reation error unsupported configuration: VNC password is 9 characters long, only 8 permitted." everestsrvr-diagnostics-20220518-1203.zip
    3 points
  14. Since RC4, doing a right click on one of the items in the top bar and opening it in a new tab always lands on "main". For example opening "docker" in a new tab lands on "main". Used to work in RC3 and prior. Edit: It actually lands on the page from where it was opened. So opening "docker" while on "shares" opens "shares" in a new tab. Opening "apps" while on "settings" opens "settings" in a new tab.
    3 points
  15. Found in this thread, was able to reproduce in safe mode to make sure it's not plugin related, how to reproduce: -start with a redundant pool -replace one device -replacement will complete successfully and pool will work normally during/after the replacement -stop/start array and pool will now be unmountable: Apr 10 12:55:48 Test2 emhttpd: shcmd (354): mkdir -p /mnt/cache Apr 10 12:55:48 Test2 emhttpd: /mnt/cache uuid: 601ca645-abb2-463f-881e-074622a7abbb Apr 10 12:55:48 Test2 emhttpd: /mnt/cache found: 2 Apr 10 12:55:48 Test2 emhttpd: /mnt/cache extra: 0 Apr 10 12:55:48 Test2 emhttpd: /mnt/cache missing: 1 Apr 10 12:55:48 Test2 emhttpd: /mnt/cache Label: none uuid: 601ca645-abb2-463f-881e-074622a7abbb Apr 10 12:55:48 Test2 emhttpd: /mnt/cache Total devices 2 FS bytes used 1.00GiB Apr 10 12:55:48 Test2 emhttpd: /mnt/cache devid 1 size 111.79GiB used 5.03GiB path /dev/sdc1 Apr 10 12:55:48 Test2 emhttpd: /mnt/cache devid 3 size 111.79GiB used 5.03GiB path /dev/sde1 Apr 10 12:55:48 Test2 emhttpd: /mnt/cache mount error: Invalid pool config For some reason it's detecting a missing device despite both being available and detected, after rebooting pool mounts normally, marking this urgent not because the bug directly results in data loss but because I'm afraid some users than run into this will start trying to add/remove devices to fix this and end up nuking the pool. test2-diagnostics-20220410-1255.zip
    3 points
  16. There was a discussion about this a few years ago, but it was never changed, and IMHO it's more than time for that, it's a constant support issue, UEFI should be enable by default both in the download/ZIP and when using the USB tool, it won't affect legacy boot, concern at the time were buggy UEFI BIOS but this should no longer be an issue.
    3 points
  17. Can I please ask everyone when you mark an issue as "urgent" to obey these conditions: 1) The problem is reproduceable 2) Diagnostics and other relevant information are attached in the post We (the receiving side) get alarm bells ringing and act asap, but need info as much as possible to find and resolve the issue. Thank you.
    3 points
  18. When Unraid loses communication with its UPS, it sends "alert" severity notification, but it also sends an "alert" severity notification when UPS communication is restored. I believe when UPS communication is restored it should be a "normal" (or at least warning) severity notification, which would be more consistent with how other system notifications work (IMHO).
    2 points
  19. Hi, With 2 new systems installed, the minimum free space in the cache is not converted. Is there e.g. 460GB, it seems to be taken as 460 bytes. If you enter 460000000 by hand, everything works fine. This means that as soon as the cache is full, it is no longer written to the array and the copy process is aborted. We have already started a topic in German.
    2 points
  20. Hello, I just upgraded to 6.10-rc2 and I have a custom SSL cert that keeps getting replaced. The problem is that domain names are not case sensitive, while the code checking them doesn't take that into account. As such, I recommend the following line 355 of /etc/rc.d/rc.nginx: [[ $SUBJECT != $LANFQDN ]] && rm -f $SSL/certs/${LANNAME}_unraid_bundle.pem Be changed to the following: [[ ${SUBJECT,,} != ${LANFQDN,,} ]] && rm -f $SSL/certs/${LANNAME}_unraid_bundle.pem This will not cause the cert to be deleted in the case that the Server's name is MySErVeR.domain.tld and the cert is for myserver.domain.tld
    2 points
  21. Steps to reproduce: correctly configure bios to support ASPM Don't install any unnecessary components, no hard drives connected, no add-in cards installed boot a fresh Ubuntu 21.04 from USB check if ASPM is enabled lspci -vvvnnPPDq lspci_ubuntu.txt boot Unraid 6.9.2 check if ASPM is enabled lspci -vvvnnPPDq lspci_unraid.txt try to fix it with echo -n powersave > /sys/module/pcie_aspm/parameters/policy try to fix it with boot option add pcie_aspm=force to /boot/syslinux/syslinux.cfg reboot check if ASPM is enabled lspci_unraid_aspm.txt try to fix it with echo -n powersave > /sys/module/pcie_aspm/parameters/policy powertop --auto-tune veryfy if boot option was used pcie_aspm=force unraid_aspm_syslog.txt Expected Result: ASPM should be enabled like it is in Ubuntu to save 4W of power in idle Actual Result: It is still disabled lspci_unraid_aspm.txt What setting or which driver could prevent ASPM or does disable ASPM? I don't know how to compare Ubuntu with Unraid to check what is different. Workarround: I know that Unraid and my hardware is capable of enable ASPM. Not only because Ubuntu does it, but because I can force it with manually setting it in the register https://wireless.wiki.kernel.org/en/users/documentation/aspm#enabling_aspm_with_setpci After doing this hack for my root and ethernet interface, the power consumption gets reduced by 4W and powertop does tell that my CPU Package does now reach C7 instead of C2 Hardware Infos server-diagnostics-20210727-1604.zip About Me I don't know if this error did exist in the previous versions because I'm currently evaluating Unraid and would like to know how important power saving issues are for you because I want to use it to make it more easy to reduce my servers power consumption. Power is expensive at my location, I can easily afford server upgrades based on power savings. I would like to give the money to you for a license instead to my power provider
    2 points
  22. AFTER I UPGRADED TO 10.0.2 MY NETWORK INTERFACES DISSAPPEARED ONLY Lo0 IS SHOWING (DELL R720 XD)CAN'T ACCESS THROUGH WEB UI THEY ARE SHWOING IN LSPCI BUT NOT IN NETWORK SETTINGS!!!! CAN'T DOWNLOAD ANY FILES TO ATTATCH news update i tried just to reboot and after reboot starting to show missing drives !!!! probably problems with new kernel!!!!
    1 point
  23. Reference post: https://forums.unraid.net/topic/124021-win-10-vm-bootbcd-io-error-after-unraid-6101-update/ This user was receiving a bcd error for his passed through nvme controller with a windows 10 installation. He stated that windows booted correctly when not run in a vm. The issue was solved by pointing in the xml to a newer compiled seabios version (latest 1.16).
    1 point
  24. Hi, I tested unraid 6.10.1 and 6.10.2 but I think the issue comes from 6.10.0RC7 when libvirt 8.2.0 was introduced. It seems there are several issues: 1. Unraid gui (xml view): Reference post: https://forums.unraid.net/topic/123933-unraid-610-win10-vm-not-able-to-start-intel-btwifi-3168-device-error-code-10/ The user was trying to use: <qemu:capabilities> <qemu:del capability='usb-host.hostdevice'/> </qemu:capabilities> to avoid error 10 on its bluetooth device. Issue: he first added only that block of code before the closing </domain> tag in the unraid gui (xml view); after pressing the update button there was no output error, but viewing again the vm settings in xml view mode there was no trace of that block. If the vm is modified with 'virsh edit VmName' then it outputs an error (no validated schemas found for that block). That's because additionally to that block he needed to modify from: <domain type='kvm'> to: <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> Changes through the unraid gui (xml view) or through virsh edit command work. The issue is that unraid gui (xml view) is exiting without outputting any error, and the user thinks everything was correctly modified, but it wasn't. 2. Second issue: Reference post: https://forums.unraid.net/topic/120232-atheros-ar9280-wireless-card-bar-error The user is trying to add property x-msix-relocation for his wifi device. Libvirt 8.2.0 introduced <qemu:override> to be able to override properties for passed through devices. The sintax is: <qemu:override> <qemu:device alias='YOURALIASHERE'> <qemu:frontend> <qemu:property name='x-msix-relocation' type='string' value='bar2'/> </qemu:frontend> </qemu:device> </qemu:override> together with: <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> Both these changes aren't saved, both through the unraid gui (xml view) and with the 'virsh edit VmName': both do not output any error, but changes aren't applied. This is more tricky, because in my manjaro build (as host) changes are applied correctly with the 'virsh edit VmName'. In this build I have: libvirt-1:8.3.0-1-x86_64 qemu-XXXX-7.0.0-10-x86_64 I don't think the issue is with qemu 6.2 included in unraid, maybe an update to libvirt (from 8.2.0 to 8.3.0) worth a try. PS: I'm seeing during boot that there is a checksum on bzroot file, I don't know if it prevents boot or not if the checksum fails (for 'security' reasons), so I can't repack/replace the binaries inside it, without maybe cracking any additional binary...thing that I don't want to do to troubleshoot this more.
    1 point
  25. I first posted regarding this in the prerelease section here but just testing and reporting for 6.10. See the initial bug report for more details. Summary: TimeMachine completes one backup but then cannot mount that sparsebundle for future backups. This error is being reported by multiple unraid and synology users.
    1 point
  26. Upgraded to 6.10.1 from 6.9.2 and encountered a few issues tied to internal permissions. Initially thought it was tied to just docker but basic commands like rsync and mv from terminal trigger permission hiccups as well with errors such as update_known_hosts: hostfile_replace_entries failed for /root/.ssh/known_hosts: Operation not permitted mv -f /path/to/new/dir/made/on/6.10 /path/to/existing/dir/ error out with a permission error when removing the /path/to/new/file/made/on/6.10 dir mv: cannot remove '/path/to/new/dir/made/on/6.10': Directory not empty Poked around /etc/group /etc/passwd and nothing immediately jumps out at me. Did notice folders which were 777 become 755 after upgrade but I don’t have proof just anecdotal memory of things I had to fix today. Down graded to 6.9.2 and all appears well. The issue seems to lie when you are dealing with new directories created on 6.10.1 and dealing with 6.9.2 and older directories. It's almost like the new folders being created are being created with improper permissions through possibly the ACL?
    1 point
  27. When a disk is unmountable there is a typo where it says "sysem" instead of "system".
    1 point
  28. After upgrading to 6.10.0 the server stopped booting with the message "Unraid boot device not found" after the 30 second time out. Tried formatting the USB, and doing a fresh (didn't copy my config folder across) manual install of 6.10 but the issue was the same. Have manually installed 6.9.2, copied my old config folder across and am backup and running with out issue. So seems there is a bug\issue in 6.10. I'm using a 16GB SanDisk Corp. Cruzer Fit as the boot USB dbunraid01-diagnostics-20220518-2106.zip
    1 point
  29. Hello, Excuse my pronunciation, english is not my natural language. Shelf is a NetApp DS4243 / IOM6. The controller is a NetApp PMC-Sierra PM8003 SCC 4-Port QSFP PCIe x8. The 6.8.3 Version has the kernel: pm80xx 0000:27:00.0: pm80xx: driver version 0.1.39. The 6.9.0-beta30 last working version. The 6.9.0 rc2 Version stable has the kernel: pm80xx 0000:27:00.0: pm80xx: driver version 0.1.40 The controller didn't find my drives with the new driver. The 6.9.1 same problem. The 6.9.2 same problem. Is there any way to get back the older driver or a patch? Thank's for reading T. PS.: Justification from limetech There were some changes in that driver in kernel 5.10.26 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.26 Unraid 6.9.2 will include those changes. 😀😀😀😀😀😀😀😀😀😀 Good news, there is a patch for us. Big thank's to @Linux und @DrBeaker. You make a great work. Please give booth a like 👍 👍👍👍👍👍👍👍👍👍👍👍 !!!!!!!!! Everything at your own risk !!!!!!!!!! You are responsible yourself !!!!!!!!!!!! The NetApp PMC-Sierra PM8003 SCC 4-Port QSFP PCIe x8 works. Adaptec 6805H HBA Controller can't be confirn, I don't have one. Thank you
    1 point
  30. [rc6] Changing root user password will log out all webGUI browser sessions. I changed the password of user "jess" and I was logged out of the webGUI. Based on the change log, I should remain logged in. nas-diagnostics-20220512-1951.zip
    1 point
  31. 6.10.0-rc4 is currently on OpenSSL 1.1.1m (14 Dec 2021) which has a vulnerability that can leave it open to denial of service attacks. https://www.openssl.org/news/secadv/20220315.txt https://github.com/advisories/GHSA-x3mh-jvjw-3xwx Advice is OpenSSL 1.1.1 users should upgrade to 1.1.1n, which probably missed the last RC upgrade window by a few days.
    1 point
  32. tl;dr: It appears to me that Unraid 6.9.2 doesn't honor device-specific temperature notification settings for Unassigned Devices for a straightforward reason that is easily fixed. Now that I have two unassigned NVME drives in my Unraid server, the annoyance of over-temp notifications that ignore the per-device settings has doubled, so I've come up with what is hopefully a true fix, rather than a workaround, in the form of a small change to the check_temp function in /usr/local/emhttp/plugins/dynamix/scripts/monitor. Here's the diff for /usr/local/emhttp/plugins/dynamix/scripts/monitor in Unraid 6.9.2: 61,62c61,66 < global $notify,$disks,$saved,$display,$server,$top; < $disk = &$disks[$name]; --- > global $notify,$disks,$devs,$saved,$display,$server,$top; > if (isset($disks[$name])) { > $disk = &$disks[$name]; > } else { > $disk = &$devs[$name]; > } The logic behind the change is that it appears to me that while the $devs array does properly include the hotTemp ("Warning disk temperature threshold") and maxTemp ("Critical disk temperature threshold") values as a result of CustomMerge.php merging them from the /boot/config/smart-one.cfg file, the check_temp function in 6.9.2 fails to consider the $devs array at all. This patch changes check_temp so that $devs is included as a global, so that if the passed $name can't be found in the $disks array, a lookup in $devs can be attempted, instead. I suspect there's a more elegant way to implement the fallback from $disks to $devs, but I'll leave that as an exercise for people who know PHP well I don't claim this to be well-researched or production-quality code, but it does fundamentally make sense, and It Works On My System™, so I hope this is helpful.
    1 point
  33. When swapping my cache drive for a new one, i encountered a issue when moving data off my cache disk to the array with the mover. Lot of files did not get moved by the mover due a "does not exist" notice and No such file or directory. Workaround: I had to move the files manually in the terminal. Files where not locked, neither where there permission issues. Example: /mnt/user/appdata/linuxserver-plex/Library/Application Support/Plex Media Server/Metadata/TV Shows/8/145fa310d3a3602fe884933af4b1bb329951e0a.bundle/Contents/com.plexapp.agents.thetvdb/seasons/2/posters/d08056a72b0fb9cf1c627be9efe8d0bd1db65595 Moving from /mnt/cache to /mnt/disk2/ resulted in this logging: Jan 11 18:19:34 UnNASty root: Specified filename /mnt/disk2/appdata/linuxserver-plex/Library/Application Support/Plex Media Server/Metadata/TV Shows/8/145fa310d3a3602fe884933af4b1bb329951e0a.bundle/Contents/_combined/seasons/2/posters/com.plexapp.agents.thetvdb_d08056a72b0fb9cf1c627be9efe8d0bd1db65595 does not exist. Jan 11 18:19:34 UnNASty move: move_object: /mnt/disk2/appdata/linuxserver-plex/Library/Application Support/Plex Media Server/Metadata/TV Shows/8/145fa310d3a3602fe884933af4b1bb329951e0a.bundle/Contents/_combined/seasons/2/posters/com.plexapp.agents.thetvdb_d08056a72b0fb9cf1c627be9efe8d0bd1db65595 No such file or directory No further logging found. This happend to most files of my appdata plex docker container. My guess it has to do with the length of the path?
    1 point
  34. There seem to be samba-problems in combination of macOS Monterey and 6.10.0-rc2. Mounting the smaba shares on macOS Monterey works fine but subjectively slightly slower. But immediately after starting a filecopy to the unraid-system, strange things happen: the destination folder goes blank for a moment then suddenly many previously existing folders appear multiple times you can not cancel the copy process the smb share drops I also have the impression that the reactivity/perfomance of the samba shares are much slower than in 6.9.2. The whole thing is reproducible. Unfortunately, I could only test with macOS Monterey. I cannot say whether the problem also occurs with other macOS versions. @Maxrad also Reported: Reverting to 6.9.2 or to 6.10.0-rc1 (Maxrad) worked. Tested with this "Samba extra configuration": #unassigned_devices_start #Unassigned devices share includes include = /tmp/unassigned.devices/smb-settings.conf #unassigned_devices_end [global] spotlight backend = tracker [data] path = /mnt/user/data spotlight = yes #vfs_recycle_start #Recycle bin configuration [global] syslog only = No syslog = 0 logging = 0 log level = 0 vfs:0 #vfs_recycle_end nas.fritz.box-diagnostics-20211108-1021.zip
    1 point
  35. Can this be made optional in display settings. Looks strange on Dashboard for some panels.
    1 point
  36. In 6.10-rc4 you can no longer have both a docker console and docker log window open, when you open one or the other it overwrites the existing session.
    1 point
  37. just to keep this issue alive as there are more open questions regarding this and its still open in 6.10 rc2 description is simple as the topic, whenever there was a unsafe shutdown, starting unraid with docker setting will result in a non working state, stopping/starting docker service or rebooting clean resolving the issue. easy to reproduce and annoying when you externally working on the mashine and hard reboot externally while using as sample ssh guac to access it again, but doesnt work as described above, so only VPN backdoor to restart it. may a workaroud possible if its a bigger issue ? like you can trigger parity after a unclean shutdown, trigger a docker service restart too ? tested here from 6.92 until today 6.10 rc2 on 4 different mashines with the same result, open issues as reminder ...
    1 point
  38. I have an existing Share which I have turned off Caching. However new files are still being written to the cache for that share. Also If I create a new share and initially set cache to No, and then go back and set it to Yes - new files are not placed on the cache they go to disk. I have not restarted the server, but in the past I've not had to do that when changing cache settings. Steps that I can follow to re-create the issue on New Share 1. Create new Share and set cache to No, click apply 2. Change the cache setting to Yes, click apply 3. Share it out over SMB 4. Copy a new file to the share 5. The new file is on the disk Steps that I can follow to re-create the issue on Existing Share 1. Change the cache setting to No for an existing share that is already set to cache yes, click apply 2. Copy a new file to the share 3. The new file is on the cache or if you have an existing Share with cache already set to Yes, change it back No and the files still go to the cache. This is also affecting dockers as well.
    1 point
  39. Since updating to 6.10 my Mac can no longer backup using TimeMachine. I can mount the share manually in Finder and see my backup but it hasn't been able to back up since I updated to 6.10 in November. I've tried changing the SMB settings, removing the disk and re-adding it on the Mac, nothing seems to work. Can't downgrade at the moment since I'm running Windows 11 VM and need the virtual TPIM. Logs attached nicknas2-diagnostics-20220101-1534.zip
    1 point
  40. I have been tracking a continuous call trace problem for many days and it seems the built in nvidia kernel/drivers is causing them. Any insight to alleviate this would be great. I am not sure if this is a "bug" or a "support issue" so wanted to start here and be moved if needed. System Info Unraid Version:6.9.2 && 6.10-rc1 Kernel:5.10.28-Unraid Compile Date:Wed Apr 7 08:23:18 PDT 2021 nVidia Info: Nvidia Driver Version:470.63.01 (latest stable) Installed GPU(s):0: Quadro P1000 43:00.0 Aug 20 07:10:58 GSA kernel: ------------[ cut here ]------------ Aug 20 07:10:58 GSA kernel: WARNING: CPU: 15 PID: 0 at net/netfilter/nf_nat_core.c:614 nf_nat_setup_info+0x6c/0x6aa [nf_nat] Aug 20 07:10:58 GSA kernel: Modules linked in: nvidia_uvm(PO) xt_mark xt_comment xt_nat veth nfsv3 nfs nfs_ssc xt_CHECKSUM ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat iptable_mangle nf_tables vhost_net tun vhost vhost_iotlb tap macvlan xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter xfs nfsd lockd grace sunrpc md_mod nvidia_drm(PO) nvidia_modeset(PO) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops nvidia(PO) drm backlight agpgart ip6table_filter ip6_tables iptable_filter ip_tables x_tables mlx4_en mlx4_core tg3 sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper ipmi_ssif rapl intel_cstate i2c_core intel_uncore mpt3sas input_leds led_class raid_class scsi_transport_sas megaraid_sas wmi acpi_power_meter ipmi_si button [last unloaded: mlx4_core] Aug 20 07:10:58 GSA kernel: CPU: 15 PID: 0 Comm: swapper/15 Tainted: P W O 5.10.28-Unraid #1 Aug 20 07:10:58 GSA kernel: Hardware name: Dell Inc. PowerEdge R720xd/0JP31P, BIOS 2.9.0 12/06/2019 Aug 20 07:10:58 GSA kernel: RIP: 0010:nf_nat_setup_info+0x6c/0x6aa [nf_nat] Aug 20 07:10:58 GSA kernel: Code: 89 fb 49 89 f6 41 89 d4 76 02 0f 0b 48 8b 93 80 00 00 00 89 d0 25 00 01 00 00 45 85 e4 75 07 89 d0 25 80 00 00 00 85 c0 74 07 <0f> 0b e9 77 05 00 00 48 8b 83 90 00 00 00 4c 8d 6c 24 20 48 8d 73 Aug 20 07:10:58 GSA kernel: RSP: 0018:ffffc90000494810 EFLAGS: 00010202 Aug 20 07:10:58 GSA kernel: RAX: 0000000000000080 RBX: ffff88830f355b80 RCX: ffff88821645e500 Aug 20 07:10:58 GSA kernel: RDX: 0000000000000180 RSI: ffffc900004948ec RDI: ffff88830f355b80 Aug 20 07:10:58 GSA kernel: RBP: ffffc900004948d8 R08: 000000007313a8c0 R09: 0000000000000000 Aug 20 07:10:58 GSA kernel: R10: 0000000000000158 R11: ffff88814f13bf00 R12: 0000000000000000 Aug 20 07:10:58 GSA kernel: R13: 000000007313a800 R14: ffffc900004948ec R15: 0000000000000001 Aug 20 07:10:58 GSA kernel: FS: 0000000000000000(0000) GS:ffff88debf5c0000(0000) knlGS:0000000000000000 Aug 20 07:10:58 GSA kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Aug 20 07:10:58 GSA kernel: CR2: 00000000017d62f0 CR3: 000000000200a001 CR4: 00000000000606e0 Aug 20 07:10:58 GSA kernel: Call Trace: Aug 20 07:10:58 GSA kernel: Aug 20 07:10:58 GSA kernel: ? __fib_validate_source+0x24c/0x2a5 Aug 20 07:10:58 GSA kernel: ? ipt_do_table+0x4bb/0x5c0 [ip_tables] Aug 20 07:10:58 GSA kernel: ? ipt_do_table+0x570/0x5c0 [ip_tables] Aug 20 07:10:58 GSA kernel: __nf_nat_alloc_null_binding+0x5f/0x76 [nf_nat] Aug 20 07:10:58 GSA kernel: nf_nat_inet_fn+0x91/0x183 [nf_nat] Aug 20 07:10:58 GSA kernel: nf_nat_ipv4_local_in+0x25/0xa9 [nf_nat] Aug 20 07:10:58 GSA kernel: nf_hook_slow+0x39/0x8e Aug 20 07:10:58 GSA kernel: nf_hook.constprop.0+0xb1/0xd8 Aug 20 07:10:58 GSA kernel: ? ip_protocol_deliver_rcu+0xfe/0xfe Aug 20 07:10:58 GSA kernel: ip_local_deliver+0x49/0x75 Aug 20 07:10:58 GSA kernel: ip_sabotage_in+0x43/0x4d [br_netfilter] Aug 20 07:10:58 GSA kernel: nf_hook_slow+0x39/0x8e Aug 20 07:10:58 GSA kernel: nf_hook.constprop.0+0xb1/0xd8 Aug 20 07:10:58 GSA kernel: ? l3mdev_l3_rcv.constprop.0+0x50/0x50 Aug 20 07:10:58 GSA kernel: ip_rcv+0x41/0x61 Aug 20 07:10:58 GSA kernel: __netif_receive_skb_one_core+0x74/0x95 Aug 20 07:10:58 GSA kernel: netif_receive_skb+0x79/0xa1 Aug 20 07:10:58 GSA kernel: br_handle_frame_finish+0x30d/0x351 Aug 20 07:10:58 GSA kernel: ? skb_copy_bits+0xe8/0x197 Aug 20 07:10:58 GSA kernel: ? ipt_do_table+0x570/0x5c0 [ip_tables] Aug 20 07:10:58 GSA kernel: ? br_pass_frame_up+0xda/0xda Aug 20 07:10:58 GSA kernel: br_nf_hook_thresh+0xa3/0xc3 [br_netfilter] Aug 20 07:10:58 GSA kernel: ? br_pass_frame_up+0xda/0xda Aug 20 07:10:58 GSA kernel: br_nf_pre_routing_finish+0x23d/0x264 [br_netfilter] Aug 20 07:10:58 GSA kernel: ? br_pass_frame_up+0xda/0xda Aug 20 07:10:58 GSA kernel: ? br_handle_frame_finish+0x351/0x351 Aug 20 07:10:58 GSA kernel: ? nf_nat_ipv4_pre_routing+0x1e/0x4a [nf_nat] Aug 20 07:10:58 GSA kernel: ? br_nf_forward_finish+0xd0/0xd0 [br_netfilter] Aug 20 07:10:58 GSA kernel: ? br_handle_frame_finish+0x351/0x351 Aug 20 07:10:58 GSA kernel: NF_HOOK+0xd7/0xf7 [br_netfilter] Aug 20 07:10:58 GSA kernel: ? br_nf_forward_finish+0xd0/0xd0 [br_netfilter] Aug 20 07:10:58 GSA kernel: br_nf_pre_routing+0x229/0x239 [br_netfilter] Aug 20 07:10:58 GSA kernel: ? br_nf_forward_finish+0xd0/0xd0 [br_netfilter] Aug 20 07:10:58 GSA kernel: br_handle_frame+0x25e/0x2a6 Aug 20 07:10:58 GSA kernel: ? br_pass_frame_up+0xda/0xda Aug 20 07:10:58 GSA kernel: __netif_receive_skb_core+0x335/0x4e7 Aug 20 07:10:58 GSA kernel: ? dev_gro_receive+0x55d/0x578 Aug 20 07:10:58 GSA kernel: __netif_receive_skb_list_core+0x78/0x104 Aug 20 07:10:58 GSA kernel: netif_receive_skb_list_internal+0x1bf/0x1f2 Aug 20 07:10:58 GSA kernel: gro_normal_list+0x1d/0x39 Aug 20 07:10:58 GSA kernel: napi_complete_done+0x79/0x104 Aug 20 07:10:58 GSA kernel: mlx4_en_poll_rx_cq+0xa8/0xc7 [mlx4_en] Aug 20 07:10:58 GSA kernel: net_rx_action+0xf4/0x29d Aug 20 07:10:58 GSA kernel: __do_softirq+0xc4/0x1c2 Aug 20 07:10:58 GSA kernel: asm_call_irq_on_stack+0x12/0x20 Aug 20 07:10:58 GSA kernel: Aug 20 07:10:58 GSA kernel: do_softirq_own_stack+0x2c/0x39 Aug 20 07:10:58 GSA kernel: __irq_exit_rcu+0x45/0x80 Aug 20 07:10:58 GSA kernel: common_interrupt+0x119/0x12e Aug 20 07:10:58 GSA kernel: asm_common_interrupt+0x1e/0x40 Aug 20 07:10:58 GSA kernel: RIP: 0010:arch_local_irq_enable+0x4/0x8 Aug 20 07:10:58 GSA kernel: Code: d4 39 18 00 48 83 c4 28 4c 89 e0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 9c 58 66 66 90 66 90 c3 fa 66 66 90 66 66 90 c3 fb 66 66 90 <66> 66 90 c3 55 8b af 28 04 00 00 b8 01 00 00 00 45 31 c9 53 45 31 Aug 20 07:10:58 GSA kernel: RSP: 0018:ffffc900000f7ea0 EFLAGS: 00000246 Aug 20 07:10:58 GSA kernel: RAX: ffff88debf5e2380 RBX: 0000000000000004 RCX: 000000000000001f Aug 20 07:10:58 GSA kernel: RDX: 0000000000000000 RSI: 000000003333348b RDI: 0000000000000000 Aug 20 07:10:58 GSA kernel: RBP: ffffe8fffddfed00 R08: 00003d6121a8df03 R09: 00003d667688e0ff Aug 20 07:10:58 GSA kernel: R10: 00000000000664e6 R11: 071c71c71c71c71c R12: 00003d6121a8df03 Aug 20 07:10:58 GSA kernel: R13: ffffffff820c5dc0 R14: 0000000000000004 R15: 0000000000000000 Aug 20 07:10:58 GSA kernel: cpuidle_enter_state+0x101/0x1c4 Aug 20 07:10:58 GSA kernel: cpuidle_enter+0x25/0x31 Aug 20 07:10:58 GSA kernel: do_idle+0x1a6/0x214 Aug 20 07:10:58 GSA kernel: cpu_startup_entry+0x18/0x1a Aug 20 07:10:58 GSA kernel: secondary_startup_64_no_verify+0xb0/0xbb Aug 20 07:10:58 GSA kernel: ---[ end trace d61aac45b3f9ccb8 ]---
    1 point
  41. This is not a big deal and has been reported before on the general support forum, when a custom controller type is used for SMART you can see all the SMART attributes including temp, but for some reason temp is not displayed on the GUI or dash, other user was using the HP cciss controller and the same happens to me with an LSI MegaRAID controller, so looks like a general issue when using a custom SMART controller type. Note, I'm using two disks in RAID0 for each device here, so I can only choose SMART from one of the member disks form that RAID, still I should be seeing temp from that disk, since all SMART attributes appear correctly, unless the GUI is not using the custom controller type to get the temp.
    1 point
  42. Looks like the most recent update to Safari has broken the terminal window again. When I click the terminal button I just get a mostly blank browser window. The cursor moves with text input but nothing is displayed. Safari vs 15.0 (16612.1.29.41.4, 16612) unRaid vs 6.9.2 Not seeing anything related in the logs. brunnhilde-diagnostics-20211001-1805.zip
    1 point
  43. This isn't specifically a UnRAID problem but I'm putting it here for visibility and awareness, as UnRAID v6.9.2 is affected by this bug. I already commented about the problem over here: UNRAID 6.9.2 - DOCKER CONTAINER NOT REACHABLE OVER THE INTERNET WITH IPV6 There is a problem in the networking engine of Docker when using IPv6 with a container that has only a IPv4 assigned in a bridged network. Prior to Docker version 20.10.2 IPv6 traffic was forwarded to the container regardless. This behavior changed with version 20.10.2. This is the pull request that changed this behavior: Fix IPv6 Port Forwarding for the Bridge Driver A fix for this regression was issued 4 days later: Fix regression in docker-proxy but this wasn't implemented into Docker until version 20.10.6. For me this is just a minor issue as I have a full dual-stack connection and switched to only IPv4 for now, but for people using a connection via DS-Lite, this could mean that their docker-containers that are operating in bridged mode aren't accessible from outside of their home network anymore (like PLEX or Nextcloud).
    1 point
  44. I removed one of the drives from the array, created new config and let it recreate parity. But it seems that it's using unassigned device (the one I removed) for some reason. You can see the reads amount on the screen, it's on par with the array disks and is growing with them. dstat and the GUI shows 0MB/s read and write on it though, so it might be a visual bug. But on the other hand, it won't let me spin-down this drive, logs will show: I don't know if it's just a visual bug or Unraid one and I'm screwing up my parity. I first asked on UA's thread and got a response, so I'm writing here now:
    1 point
  45. LAN adapter: Intel X550-T2 Switch: TP-Link TL-SG108-M2 [8086:1563] 07:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10G X550T (rev 01) [8086:1563] 07:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10G X550T (rev 01) Asus XT8 access point can successfully negotiate 2.5Gbit link on the switch, but the Intel X550-T2 only negotiates 1Gbit, 2500baseT/Full and 5000baseT/Full are listed as supported but are not advertised: root@Mammuth:~# ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 100baseT/Full 1000baseT/Full 10000baseT/Full 2500baseT/Full 5000baseT/Full Supported pause frame use: Symmetric Supports auto-negotiation: Yes Supported FEC modes: Not reported Advertised link modes: 100baseT/Full 1000baseT/Full 10000baseT/Full Advertised pause frame use: Symmetric Advertised auto-negotiation: Yes Advertised FEC modes: Not reported Speed: 1000Mb/s Duplex: Full Auto-negotiation: on Port: Twisted Pair PHYAD: 0 Transceiver: internal MDI-X: Unknown Supports Wake-on: d Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes Manually setting link speed with ethtool -s eth0 speed 2500 duplex full successfully sets the link to 2.5Gbit: root@Mammuth:~# ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 100baseT/Full 1000baseT/Full 10000baseT/Full 2500baseT/Full 5000baseT/Full Supported pause frame use: Symmetric Supports auto-negotiation: Yes Supported FEC modes: Not reported Advertised link modes: 2500baseT/Full Advertised pause frame use: Symmetric Advertised auto-negotiation: Yes Advertised FEC modes: Not reported Speed: 2500Mb/s Duplex: Full Auto-negotiation: on Port: Twisted Pair PHYAD: 0 Transceiver: internal MDI-X: Unknown Supports Wake-on: d Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes Everything works correctly but is not persistent after reboot, solved by adding commands in the go file to set ports speed at boot: root@Mammuth:/boot/config# cat go #!/bin/bash # Start the Management Utility /usr/local/sbin/zenstates --c6-disable /usr/local/sbin/emhttp & ln -s /boot/scripts/diskmv /usr/sbin ln -s /boot/scripts/consld8 /usr/sbin /usr/sbin/ethtool -s eth0 speed 2500 duplex full /usr/sbin/ethtool -s eth1 speed 2500 duplex full Had this issue in Archlinux as well and it was fixed in June 2021 with the Network Manager 1.32 release.
    1 point
  46. If an extended SMART self test takes longer than the configured spin-down delay for the array disk, then the disk spins down and the self test is aborted. This behaviour is different from previous versions, where spin-down was temporarily suspended until after the self-test had completed. The message "SMART self test in progress" appears but the spin-down prevention doesn't operate. pusok-diagnostics-20210120-0317.zip (I know the unassigned Hitachi disk is totally shot!)
    1 point
  47. New in this release: GPU Driver Integration Unraid OS now includes selected in-tree GPU drivers: ast (Aspeed), i915 (Intel), amdgpu and radeon (AMD). These drivers are blacklisted by default via 'conf' files in /etc/modprobe.d: /etc/modprobe.d/ast.conf /etc/modprobe.d/amdgpu.conf /etc/modprobe.d/i915.conf /etc/modprobe.d/radeon.conf Each of these files has a single line which blacklists the driver, preventing it from being loaded by the Linux kernel. However it is possible to override the settings in these files by creating the directory 'config/modprobe.d' on your USB flash boot device and then creating the same named-file in that directory. For example, to unblacklist amdgpu type these commands in a Terminal session: mkdir /boot/config/modprobe.d touch /boot/config/modprobe.d/amdgpu.conf When Unraid OS boots, before the Linux kernel executes device discovery, we copy any files from /boot/config/modprobe.d to /etc/modprobe.d. Since amdgpu.conf on the flash is an empty file, it will effectively cancel the driver from being blacklisted. This technique can be used to set boot-time options for any driver as well. Better Support for Third Party Drivers Recall that we distribute Linux modules and firmware in separate squashfs files which are read-only mounted at /lib/modules and /lib/firmware. We now set up an overlayfs on each of these mount points, making it possible to install 3rd party modules at boot time, provided those modules are built against the same kernel version. This technique may be used by Community Developers to provide an easier way to add modules not included in base Unraid OS: no need to build custom bzimage, bzmodules, bzfirmware and bzroot files. To go along with the other GPU drivers included in this release, we have created a separate installable Nvidia driver package. Since each new kernel version requires drivers to be rebuilt, we have set up a feed that enumerates each driver available with each kernel. The easiest way to install the Nvdia driver, if you require it, is to make use of a plugin provided by Community member @ich777. This plugin uses the feed to install the correct driver for the currently running kernel. A big thank you! to @ich777 for providing assistance and coding up the the plugin: Linux Kernel This release includes Linux kernel 5.8.18. We realize the 5.8 kernel has reached EOL and we are currently busy upgrading to 5.9. Version 6.9.0-beta35 2020-11-12 (vs -beta30) Base distro: aaa_elflibs: version 15.0 build 25 brotli: version 1.0.9 build 2 btrfs-progs: version 5.9 ca-certificates: version 20201016 curl: version 7.73.0 dmidecode: version 3.3 ethtool: version 5.9 freetype: version 2.10.4 fuse3: version 3.10.0 git: version 2.29.1 glib2: version 2.66.2 glibc-solibs: version 2.30 build 2 glibc-zoneinfo: version 2020d glibc: version 2.30 build 2 iproute2: version 5.9.0 jasper: version 2.0.22 less: version 563 libcap-ng: version 0.8 build 2 libevdev: version 1.10.0 libgcrypt: version 1.8.7 libnftnl: version 1.1.8 librsvg: version 2.50.1 libwebp: version 1.1.0 build 3 libxml2: version 2.9.10 build 3 lmdb: version 0.9.27 nano: version 5.3 ncurses: version 6.2_20201024 nginx: version 1.19.4 ntp: version 4.2.8p15 build 3 openssh: version 8.4p1 build 2 pam: version 1.4.0 build 2 rpcbind: version 1.2.5 build 2 samba: version 4.12.9 (CVE-2020-14318 CVE-2020-14318 CVE-2020-14318) talloc: version 2.3.1 build 4 tcp_wrappers: version 7.6 build 3 tdb: version 1.4.3 build 4 tevent: version 0.10.2 build 4 usbutils: version 013 util-linux: version 2.36 build 2 vsftpd: version 3.0.3 build 7 xfsprogs: version 5.9.0 xkeyboard-config: version 2.31 xterm: version 361 Linux kernel: version 5.8.18 added GPU drivers: CONFIG_DRM_RADEON: ATI Radeon CONFIG_DRM_RADEON_USERPTR: Always enable userptr support CONFIG_DRM_AMDGPU: AMD GPU CONFIG_DRM_AMDGPU_SI: Enable amdgpu support for SI parts CONFIG_DRM_AMDGPU_CIK: Enable amdgpu support for CIK parts CONFIG_DRM_AMDGPU_USERPTR: Always enable userptr write support CONFIG_HSA_AMD: HSA kernel driver for AMD GPU devices kernel-firmware: version 20201005_58d41d0 md/unraid: version 2.9.16: correction recording disk info with array Stopped; remove 'superblock dirty' handling oot: Realtek r8152: version 2.14.0 Management: emhttpd: fix 'auto' setting where pools enabled for user shares should not be exported emhttpd: permit Erase of 'DISK_DSBL_NEW' replacement devices emhtptd: track clean/unclean shutdown using file 'config/forcesync' emhttpd: avoid unnecessarily removing mover.cron file modprobe: blacklist GPU drivers by default, config/modprobe.d/* can override at boot samba: disable aio by default startup: setup an overlayfs for /lib/modules and /lib/firmware webgui: pools not enabled for user shares should not be selectable for cache webgui: Add pools information to diagnostics webgui: vnc: add browser cache busting webgui: Multilanguage: Fix unable to delete / edit users webgui: Prevent "Add" reverting to English when adding a new user with an invalid username webgui: Fix Azure / Gray Switch Language being cut-off webgui: Fix unable to use top right icons if notifications present webgui: Changed: Consistency between dashboard and docker on accessing logs webgui: correct login form wrong default case icon displayed webgui: set 'mid-tower' default case icon webgui: fix: jGrowl covering buttons webgui: New Perms: Support multi-cache pools webgui: Remove WG from Dashboard if no tunnels defined webgui: dockerMan: Allow readmore in advanced view webgui: dockerMan: Only allow name compatible with docker
    1 point
  48. I installed RC1 and it booted fine. Dockers & VM's running. Hit the Stop button to bring down the array so I could change a SMB setting to disable netbios. The status bar kept reporting that it was retrying to unmount. Unable to pull up the syslog via the GUI so I telnetted in and tailed the syslog. Received the following over & over. Oct 15 01:17:30 NAS emhttpd: Retry unmounting disk share(s)... Oct 15 01:17:35 NAS emhttpd: Unmounting disks... Oct 15 01:17:35 NAS emhttpd: shcmd (250): umount /mnt/cache Oct 15 01:17:35 NAS root: umount: /mnt/cache: target is busy. Oct 15 01:17:35 NAS emhttpd: shcmd (250): exit status: 32 lsof didn't report any files on /mnt/cache open. "mount -l" reported: /mnt/cache/system/docker/docker.img on /var/lib/docker type btrfs (rw) I entered "umount /var/lib/docker" and the unraid "Stop" function was able to complete. Seems like the unmount order needs to be adjusted. nas-diagnostics-20191015-0819.zip
    1 point
  49. 2019-09-21T23:33:56.395403Z qemu-system-x86_64: vfio_region_write(0000:65:00.0:region1+0xd71e0, 0x0,8) failed: Device or resource busy I created a vfio-pci.cfg but the binding to a Windows 10 VM on Supermicro X11SPM-F with GeForce RTX 2080 SUPER doesn't seem to work. I get the same result as not having a vfio-pci.cfg file when I attempt to start the VM: VM log: ErrorWarningSystemArrayLogin -boot strict=on \ -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 \ -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 \ -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 \ -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 \ -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 \ -device pcie-root-port,port=0x8,chassis=6,id=pci.6,bus=pcie.0,multifunction=on,addr=0x1 \ -device pcie-pci-bridge,id=pci.7,bus=pci.1,addr=0x0 \ -device pcie-root-port,port=0x9,chassis=8,id=pci.8,bus=pcie.0,addr=0x1.0x1 \ -device pcie-root-port,port=0xa,chassis=9,id=pci.9,bus=pcie.0,addr=0x1.0x2 \ -device qemu-xhci,p2=15,p3=15,id=usb,bus=pcie.0,addr=0x7 \ -device virtio-serial-pci,id=virtio-serial0,bus=pci.2,addr=0x0 \ -drive 'file=/mnt/disks/Scorch/VM/Windows 10/vdisk1.img,format=raw,if=none,id=drive-virtio-disk2,cache=writeback' \ -device virtio-blk-pci,scsi=off,bus=pci.4,addr=0x0,drive=drive-virtio-disk2,id=virtio-disk2,bootindex=1,write-cache=on \ -drive file=/mnt/user/backup/Win10_1903_V1_English_x64.iso,format=raw,if=none,id=drive-sata0-0-0,readonly=on \ -device ide-cd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=2 \ -drive file=/mnt/user/backup/virtio-win-0.1.160-1.iso,format=raw,if=none,id=drive-sata0-0-1,readonly=on \ -device ide-cd,bus=ide.1,drive=drive-sata0-0-1,id=sata0-0-1 \ -netdev tap,fd=29,id=hostnet0,vhost=on,vhostfd=30 \ -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:da:47:b1,bus=pci.3,addr=0x0 \ -chardev pty,id=charserial0 \ -device isa-serial,chardev=charserial0,id=serial0 \ -chardev socket,id=charchannel0,fd=31,server,nowait \ -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \ -device usb-tablet,id=input0,bus=usb.0,port=3 \ -vnc 0.0.0.0:0,websocket=5700 \ -k en-us \ -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.7,addr=0x1 \ -device vfio-pci,host=65:00.0,id=hostdev0,bus=pci.5,addr=0x0 \ -device vfio-pci,host=65:00.1,id=hostdev1,bus=pci.6,addr=0x0 \ -device usb-host,hostbus=1,hostaddr=5,id=hostdev2,bus=usb.0,port=1 \ -device usb-host,hostbus=1,hostaddr=7,id=hostdev3,bus=usb.0,port=2 \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -msg timestamp=on 2019-09-21 05:40:54.258+0000: Domain id=1 is tainted: high-privileges 2019-09-21 05:40:54.258+0000: Domain id=1 is tainted: host-cpu char device redirected to /dev/pts/0 (label charserial0) 2019-09-21T05:40:54.449416Z qemu-system-x86_64: -device vfio-pci,host=65:00.0,id=hostdev0,bus=pci.5,addr=0x0: vfio 0000:65:00.0: group 28 is not viable Please ensure all devices within the iommu_group are bound to their vfio bus driver. 2019-09-21 05:40:54.488+0000: shutting down, reason=failed I am able to BIND and start the VM if I edit the Syslinux configuration with "{append initrd=/bzroot} vfio-pci.ids=10de:1e81,10de:10f8,10de:1ad8,10de:1ad9" and this noted here: In safe mode the VM tab reports "Libvirt Service failed to start." Please see second diagnostics. Rebooting to normal after safe-mode seems to have fixed some things. The BIND is now working with a stock Syslinux configuration so vfio-pci.cfg appears to be working. (Or are there effects remaining form the previous mods?) Starting the VM resulted in this line filling the syslog: 2019-09-21T23:33:56.395403Z qemu-system-x86_64: vfio_region_write(0000:65:00.0:region1+0xd71e0, 0x0,8) failed: Device or resource busy Adding these lines to my go file allows the VM to operate acceptably: #fix video for VM echo 0 > /sys/class/vtconsole/vtcon0/bind echo 0 > /sys/class/vtconsole/vtcon1/bind echo efi-framebuffer.0 > /sys/bus/platform/drivers/efi-framebuffer/unbind Please see latest diagnostics attached. rack-diagnostics-20190921-0547.zip vfio-pci.cfg rack-diagnostics-20190921-2315.zip rack-diagnostics-20190921-2356.zip
    1 point
  50. It's easy for us to get overwhelmed by new issues, especially coinciding with new features and new kernel releases. Our lack of immediate reply does not mean your report is being ignored. We very much appreciate all hints, testing results, etc. Remember, for very odd issues, please reboot in "Safe Mode" to ensure no strange interaction with a plugin.
    1 point