limetech

Administrators
  • Posts

    9869
  • Joined

  • Last visited

  • Days Won

    162

Everything posted by limetech

  1. What is your question? (not trying to be disrespectful or flippant, but the server does not phone home, I don't know how to reply to this, which is why I asked previous for someone to ask specifically a question or for clarity)
  2. Of course, we are not disabling our support email address. I completely acknowledge the desire to have an "air gapped" server, but vast majority of servers use at least some internet resources. Nothing we are doing with UPC or future online services will preclude running your server totally disconnected from any internet access.
  3. Pre-6.10 release: if someone wants to try out Unraid with a Trial key they have to give us an email address. When someone makes a key purchase they have to give us an email address. Hence we already have email/key database, i.e., "accounts". The primary purpose of the UPC is to now make these accounts accessible by users. We leveraged the IPS (forum) member capabilities to do this. That is why we enabled 2-factor authentication for the forum. When you "sign-up" via a sever we create an association between the account screen name/email address and the particular key GUID. If you already have a forum account then "sign-in" will do the same association. This lets us simplify a great deal of support having to do with keys. You also get a nice "dashboard" (the My Servers menu option) that shows all your servers. In order to show this dashboard, the sign-up/sign-in process will upload your server name and description. This is so we can present a link to your webGUI on your LAN. But of course this is a local IP address and only works if you click from a browser running in a PC on the same LAN. We don't send up any other info and the code that doing the sending up is open source in the webGUI - you can examine and see this. If you don't want to use your forum account to associate with your keys, then just create a different forum account. Yes, having "accounts" will open the door for us to provide "cloud based" services. For example you can install our My Servers plugin and get real-time status of your server presented on the dashboard as well as automatic flash configuration backup. If you don't want this, don't install the plugin. If you don't want your server to appear "signed in" then sign out. For those who think the will never sign-in and are disturbed by having a "sign in" link in your header - well we will consider cosmetic changes. No doubt some may have more questions and want more details. So let's do this: go ahead and fire away but please ask only one question or ask for only one clarification per post and I'll try to answer them all until we're all exhausted.
  4. What version did you upgrade from? The only thing the upgrade does is copy new bz* files into place.
  5. It's only an "error" with the syslog colorizing function that is erroneously tagging the error because the word error appears in the string.
  6. Could be. Nothing in 'stock' Unraid OS requires libgd so we would not have noticed if an updated package removed it. We can add it - what about 'vnstat' package? Is this useful to add to Unraid OS?
  7. Interesting, it's because that's when the skeleton post for this release was created. As we proceed with development and testing, I update the post as we go along. Normally I do this in a separate internal "test board" and then select/copy/paste into a new post here, but this time I just started it here to begin with and marked it "hidden" and until today when I "un-hid" it.
  8. We are not going to remove it and your server functions identically whether you "sign in" or not, with exception of provisioning or renew of a Let's Encypt certificate, which evidently you are not interested in anyway. Nothing is being "pushed down anyone's throats". Just don't sign-in but nothing is exchanged which we don't already know (like your key/GUID) or that we care about (like your server name or LAN IP), those are transmitted for your convenience. Do you use Docker? Do you use plugins? Do you use automatic check for updates? Do you have NTP enabled? All those services contact resources on the internet. And honestly, we are lot more forthcoming in the nature of the data transfer happening than some of those might be. Lastly, out of respect, if anyone wants to discuss this further, please create a separate topic to do so.
  9. Note: recent update to openssh may cause certain clients, eg, PuTTY to not connect using public/private keys. You may see this in the system log: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] You might get hit by this if using an older version of PuTTY. From: https://itectec.com/superuser/how-to-check-if-your-ssh-keys-are-in-the-ssh-rsa2-format/ "So you can continue using "ssh-rsa" keys – you only need to upgrade the software on both ends to something reasonably recent, and it will automatically start producing "rsa-sha2-256" signatures from that key. (For example, you might need to install a new version of PuTTY and Pageant, and you might have troubles with older versions of gpg-agent." I had to update my version of PuTTY/Pageant.
  10. Yes we will update this text which did not get modified properly when we introduced multiple pool feature. The behavior you are seeing is by design as @trurl has pointed out. When we release "multiple unRAID array" feature the situation will be a little different. The share storage settings will change to reflect the concept of a "primary" pool and a "secondary" pool for a share. You could, for example, have a btrfs primary pool of hdd's and a xfs secondary single-device nvme secondary pool.
  11. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Note: In order to permit ongoing development, some changes/features are marked experimental. This means underlying support is included in the release, but high level functionality or UI has not been included yet. UPC and My Servers Plugin - [rc2] reworded The most visible new feature is located in the upper right of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. [rc2] Exception: A server must be signed-in to Provision and Renew a Let's Encrypt SSL certificate. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. Let's Encrypt SSL provisioning change. In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Linux Kernel Upgrade to [rc2] Linux 5.14.15 kernel which includes so-called Sequoia vulnerability mitigation. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out, [rc2] Enabled additional ACPI kernel options [rc2] Updated out-of-tree drivers [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is begin deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. Version 6.10.0-rc2 2021-11-01 (vs. 6.10.0-rc1) Base distro: acpid: version 2.0.33 at-spi2-core: version 2.42.0 bind: version 9.16.22 btrfs-progs: version 5.14.2 ca-certificates: version 20211005 cifs-utils: version 6.14 coreutils: version 9.0 cryptsetup: version 2.4.1 curl: version 7.79.1 dhcpcd: version 9.4.1 dnsmasq: version 2.86 docker: version 20.10.9 e2fsprogs: version 1.46.4 ethtool: version 5.14 file: version 5.41 fribidi: version 1.0.11 fuse3: version 3.10.5 gd: version 2.3.3 gdbm: version 1.22 git: version 2.33.1 glib2: version 2.70.0 glibc-zoneinfo: version 2021e gnutls: version 3.7.2 grep: version 3.7 gzip: version 1.11 harfbuzz: version 3.0.0 haveged: version 1.9.15 htop: version 3.1.1 iproute2: version 5.14.0 jansson: version 2.14 json-glib: version 1.6.6 libXi: version 1.8 libarchive: version 3.5.2 libedit: version 20210910_3.1 libepoxy: version 1.5.9 libgcrypt: version 1.9.4 libgudev: version 237 libjpeg-turbo: version 2.1.1 libssh: version 0.9.6 libssh2: version 1.10.0 libtpms: version 0.9.0 libvirt: version 7.8.0 libvirt-php: version 0.5.6a libwebp: version 1.2.1 libxkbcommon: version 1.3.1 lvm2: version 2.03.13 mc: version 4.8.27 mcelog: version 179 nano: version 5.9 ncurses: version 6.3 nghttp2: version 1.46.0 nginx: version 1.19.10 ntfs-3g: version 2021.8.22 openssh: version 8.8p1 openssl: version 1.1.1l openssl-solibs: version 1.1.1l pam: version 1.5.2 pango: version 1.48.10 pcre2: version 10.38 php: version 7.4.24 qemu: version 6.1.0 samba: version 4.15.0 sudo: version 1.9.8p2 swtpm: version 0.6.1 ttyd: version 20211023 usbutils: version 014 util-linux: version 2.37.2 wget: version 1.21.2 wireguard-tools: version 1.0.20210914 wsdd2: version 1.8.6 xfsprogs: version 5.13.0 xkeyboard-config: version 2.34 xrdb: version 1.2.1 xterm: version 369 Linux kernel: version 5.14.15 restore CONFIG_X86_X32: x32 ABI for 64-bit mode added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for this kernel added several ACPI-related CONFIG settings added CONFIG_TCG_TPM and associated TPM chip drivers added CONFIG_NFSD_V4: NFS server support for NFS version 4 added CONFIG_USB_NET_AQC111: Aquantia AQtion USB to 5/2.5GbE Controllers support added NFS_V4: NFS client support for NFS version 4 oot: md/unriad: version 2.9.19 oot: nvidia: version 470.63.01 [via plugin] oot: r8125:version 9.006.04 oot: r8152: version 2.15.0 Management: emhttpd: fix regression: user shares should be enabled by default emhttpd: minimize information transmitted by 'stock' UpdateDNS function firefox: version 91.0.r20210823123856 (AppImage) mover: append '.partial' suffix to filename when move in-progess rc.mcelog: mcelog added to base distro rc.nginx: support custom wildcard self-signed certs rc.S: check bz file sha256 during initial boot sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) wsdd2: listen only on active interface by default (br0, bond0, or eth0) webgui: remove 'My Servers' skeleton page webgui: present CA-signed certificate subject as a link webgui: Relax update frequency a bit webgui: Docker: Only save templates as v2 webgui: Fix pools display on Main page when empty pool exists webgui: Escape double quotes in text input submit webgui: Add 'root' folder protection to filetree webgui: Support multi-language in filetree display webgui: Use background checking for flash corruption webgui: Proactive script security hardening webgui: Diagnostics: add check for DNS Rebinding Protection webgui: Diagnostics: privatize routable IPs webgui: Diagnostics: add url details webgui: Docker: Fix incorrect caching when deleting / recreating image webgui: Silence PHP error on syslinux page if flash drive is missing webgui: various Multi-language corrections webgui: VM Manager: added Windows 11 template and OVMF TPM webgui: VM Manager: add virtio-win-0.1.208.iso download link webgui: Sign-in required to provision/renew Unraid LE SSL certificate
  12. Thank you for all your testing! In case above, did client 'recover' automatically or did you need to remount? Correct, not sure how I missed that one, but indeed having that kernel module solves the local mount problem. Agreed, there are several areas worth customizing: /etc/nfs.conf /etc/nfsmount.conf plus the 'options' list and 'export options' on individual share lines in /etc/exports Changes to support these customizations will have to wait until after 6.10 has been released (I cannot hold back the release for the time it will take to implement and test unfortunately, hopefully everyone understands this).
  13. Ok you can test with an -rc2 "pre-release". To install, install this plugin. It puts you on our "test" branch, mainly for internal testing: https://s3.amazonaws.com/dnld.lime-technology.com/test/unRAIDServer.plg (paste that URL into the Install Plugin URL field) It should come up as 6.10.0-rc2d Also: what NFS client are you running?
  14. Nice find! Where did you see the value 131072 being recommended? I found this reference: https://discuss.aerospike.com/t/how-to-handle-net-netfilter-nf-conntrack-count-max-exceeded/5051
  15. Please update to 6.10 and if it's still broken then post diagnostics.zip.
  16. I added nfsv4 support in kernel starting with 6.10-rc2. nfsv3 still works and the v4 protocol is definitely enabled but I can't get a client (another Unraid server) to mount a share using v4 protocol. Spent a couple hours on it this morning but I have no time to spend more time on it now. If someone wants to test this and let me know what has to happen, then we can add to 6.10 release. But please post in Prerelease Board.