unRAID OS version 6.4.0-rc8q available


Recommended Posts

41 minutes ago, BRiT said:

Hell No.

 

:D

 

@local.bin 

Are we now saying that unraid is secure enough to expose to the interweb? 

 

that's a rather trolling way to phrase things. Can you better rephrase your question... who specific are the 'we' and when did 'we' ever say or imply such things? Unless you can better qualify your implied conclusion, the intent behind it are reasonable questionable.

Edited by Lev
fixing quote
Link to comment

I was expecting this question.. Its not weird that it is asked:

 

- unraid webgui, unsafe..

- Move to https, green address bar, feels safe

- Unraid safe enough to put to the internet now ?

 

I believe the answer is no.

 

The https thing was done to make the encryption process work, not for a  different purpose.

 

Also.. In ANY scenario.. Or with ANY level of security.. Think of -why- you would want to expose unraid to the internet. With every level of security that is added there still remains a risk, the best way to mitigate that risk is to simply not do it.. 

 

Use a VPN if you want to access your own systems, setup takes like 10 minutes.. Mind you, even that is not fully failsafe. The best way to protect your house is not a big lock on your door... But have no door..

Link to comment

tried (for 2-3 minutes) to find and answer and couldn't find anything

 

I get emails like this

 

Subject

Quote

SUBJECT cron for user root /usr/bin/run-parts /etc/cron.daily 1> /dev/null

 

Text

Quote

grep: /proc/mdcmd: Input/output error

 
using latest 6.4.0-rc8q version.
 
any ideas?
 
 
 
Link to comment

User Interface Suggestions

 

Hello,

 

I just purchased a pro license due to the addition of encrypted volumes and have started to test unRAID. After shutdown / restart as expected the array could not start due to lack of the passphrase. However I find some user interface choices a bit confusing. On the main page, encrypted disks are shown with a red open lock. Open locks in general stand for unlocked. The green closed lock when everything is fine is also somewhat against intuition, but that's also used in browsers, so people will be used to that. May I suggest to use another symbol, e.g. a red closed lock?

 

Next issue was to find out where to enter the passphrase. Of course I knew, where I had entered it to start encryption, but it seemed to be the wrong place for unlocking due to the required double entry of the passphrase. The reason I did not dare to enter the passphrase here without re-reading the whole rc8q thread is the following: Since many encryption schemes actually use a randomly generated key for the actual encryption and the passphrase is just needed to decrypt and access that random key, I was afraid that entering a passphrase on that page would create a new random key and make all files unreadable. May I suggest to either separate initial passphrase entry from unlocking an already encrypted array or add some hints to the page that it is the right place for unlocking?

 

Anyway, thanks for the new features.

Link to comment
3 hours ago, karateo said:

tried (for 2-3 minutes) to find and answer and couldn't find anything

 

I get emails like this

 

Subject

 

Text

 
using latest 6.4.0-rc8q version.
 
any ideas?
 
 
 

 

Do you have the Dynamix File Integrity plugin installed?

 

rc8 has an API change and mdcmd status needs to be read differently, the above plugin (and maybe others) need to be updated to reflect that.

 

From rc8 onwards the preferred method to read array status is by quering the var.ini and disks.ini files.

Edited by bonienl
Link to comment

Thank you for the feedback!

 

5 hours ago, tstor said:

I just purchased a pro license due to the addition of encrypted volumes and have started to test unRAID. After shutdown / restart as expected the array could not start due to lack of the passphrase. However I find some user interface choices a bit confusing. On the main page, encrypted disks are shown with a red open lock. Open locks in general stand for unlocked. The green closed lock when everything is fine is also somewhat against intuition, but that's also used in browsers, so people will be used to that. May I suggest to use another symbol, e.g. a red closed lock?

 

We're very much open to suggestions for symbol/color, is there any kind of 'defacto standard' for this?  Something to bear in mind is that both differences in color and shape are generally required to indicate different states.  This is to accommodate people who have difficulty differentiating between colors.  For example if we used a green lock symbol to mean "ok" and same symbol but red to indicate "problem" some people would not be able to tell the difference.

 

5 hours ago, tstor said:

Next issue was to find out where to enter the passphrase. Of course I knew, where I had entered it to start encryption, but it seemed to be the wrong place for unlocking due to the required double entry of the passphrase. The reason I did not dare to enter the passphrase here without re-reading the whole rc8q thread is the following: Since many encryption schemes actually use a randomly generated key for the actual encryption and the passphrase is just needed to decrypt and access that random key, I was afraid that entering a passphrase on that page would create a new random key and make all files unreadable. May I suggest to either separate initial passphrase entry from unlocking an already encrypted array or add some hints to the page that it is the right place for unlocking?

 

Yes you raise a good point.  The reason we have you enter the passphrase twice, of course is to minimize typing mistake when you are entering a passphrase for the first time.  If  you enter a long series of random words, for example, and have an extra unnoticed space, you might have big problems later (for example, the extra space after the first word of this sentence).

 

Interestingly, the problem in unRAID is that we don't know upon initial start from reboot, whether you are entering a passphrase for the "first time" or merely to enter it in order to unlock existing encrypted volumes.  This is because we deliberately don't store any kind "encrypted status" on non-volatile storage (ie, flash boot device).  We can detect if devices have LUKS headers but we don't know, without doubt, whether they were created by unRAID previously, or perhaps they were created on some other OS or some other unRAID server.  I think the way to solve this is to tie re-entering of passphrase to the Format button.

Link to comment

Something weird happend to my server...

 

I noticed none of the plex files were showing anymore.. I checked the server and there are no errors. However... all disks were spun down.. So the tasks on the server (like plex) were not waking up the system anymore..

 

I was able to manually spin up the drives, the started up (shown in the webpage and I could also hear them spinning up).

 

Plex still did not run.

 

I checked the shares.

 

None are working any more, disk shares are working and I can also access them and play a video from them.

 

My crashplan pro for some reasons thinks it has uploaded 20 terrabyte of data in one day..

 

I was able to download diagnostics, I have attached those.

 

I am on the latest beta..

 

 

tower-diagnostics-20170907-1826.zip

Edited by Helmonder
Link to comment
5 minutes ago, Helmonder said:

Something weird happend to my server...

 

I noticed none of the plex files were showing anymore.. I checked the server and there are no errors. However... all disks were spun down.. So the tasks on the server (like plex) were not waking up the system anymore..

 

I was able to manually spin up the drives, the started up (shown in the webpage and I could also hear them spinning up).

 

Plex still did not run.

 

I checked the shares.

 

None are working any more, disk shares are working and I can also access them and play a video from them.

 

My crashplan pro for some reasons thinks it has uploaded 20 terrabyte of data in one day..

 

I was able to download diagnostics, I have attached those.

 

 

 

 

tower-diagnostics-20170907-1826.zip

Your KVM is reporting page allocation failure after page allocation failure.   Could possibly be fragmented memory.  Reboot might fix.

Link to comment
21 hours ago, GroxyPod said:

Had to shutdown my server for a planned power outage this morning and used the Power Down button which indicates it would cleanly shutdown the system. I verified the system was shutdown prior to turning off the battery backup connected to it; however when I powered the system back on after the power outage was over, I am presented with an unclean shutdown message and a parity check upon starting the array. Not sure if there is something amiss or not, just putting it out there just in case.

 

 

 

 

I too just had this issue. noticed docker updates were announced, they seemed to download, install until i checked for updates again...same ones saying updates were available.

 

so decided to restart my server and now its doing a Parity check again....

 

 

is this maybe just because its a release candidate?

Link to comment
9 minutes ago, Squid said:

Your KVM is reporting page allocation failure after page allocation failure.   Could possibly be fragmented memory.  Reboot might fix.

 

I just restarted, I can access the shares again...

 

in the bottom line unraid is stating "ARRAY STARTED STALE CONFIGURATION" ..

 

What does that mean ?

Link to comment
6 minutes ago, Helmonder said:

 

I just restarted, I can access the shares again...

 

in the bottom line unraid is stating "ARRAY STARTED STALE CONFIGURATION" ..

 

What does that mean ?

 

This means that the browser window is out-of-sync with the server.  For example, suppose your server is Stopped and you open two windows/tabs, both will show the same info.  Next to to one of them and Start array - array starts.  Now go to other window/tab and try to Start - you should see that error, although depending on how notifications are set up you might actually see the second window/tab auto-refresh because of starting array in first window/tab, that is there may be a race condition.  The "stale config" check is mainly to guard against erroneous Formatting but it's also checked upon array Start/Stop.

 

Link to comment
6 minutes ago, limetech said:

 

This means that the browser window is out-of-sync with the server.  For example, suppose your server is Stopped and you open two windows/tabs, both will show the same info.  Next to to one of them and Start array - array starts.  Now go to other window/tab and try to Start - you should see that error, although depending on how notifications are set up you might actually see the second window/tab auto-refresh because of starting array in first window/tab, that is there may be a race condition.  The "stale config" check is mainly to guard against erroneous Formatting but it's also checked upon array Start/Stop.

 

 

Okay.. but I just restarted my browser and logged in again (tried two times), it still shows that same message..

 

For the hec of it I just restarted my whole pc.. same message..

 

Diagnostics attached. The above sounds like I should not be worried though, correct ?

tower-diagnostics-20170907-1900.zip

Edited by Helmonder
Link to comment
30 minutes ago, Helmonder said:

 

Okay.. but I just restarted my browser and logged in again (tried two times), it still shows that same message..

 

For the hec of it I just restarted my whole pc.. same message..

 

Diagnostics attached. The above sounds like I should not be worried though, correct ?

tower-diagnostics-20170907-1900.zip

 

Thanks for the diags.

 

Right, restarting browswer or PC won't change that message.  It is generated by the server.  If you Stop array and then Start array it should go away.  But here is what the log reveals.  Your server is set for Array Autostart and I do see it auto-starting.  But then I also see a log entry that would be generated if the Start button was clicked.  But the Start button should not be available because the array is auto-starting.  After you restarted the server was there a time after that where you clicked a Start button?

 

But there is a bug in that the message should get cleared but isn't.

Link to comment
7 minutes ago, limetech said:

 

Thanks for the diags.

 

Right, restarting browswer or PC won't change that message.  It is generated by the server.  If you Stop array and then Start array it should go away.  But here is what the log reveals.  Your server is set for Array Autostart and I do see it auto-starting.  But then I also see a log entry that would be generated if the Start button was clicked.  But the Start button should not be available because the array is auto-starting.  After you restarted the server was there a time after that where you clicked a Start button?

 

But there is a bug in that the message should get cleared but isn't.

 

I indeed had to press the start button.. the array did not auto start ! (or, to be more precise.. the array started in stopped state, the gui also showed that and everything looked like it was not started, which is when I pressed the start button and it started, the way it always looks..

 

(I just stopped and started the array, message is now gone)

Edited by Helmonder
Link to comment
5 minutes ago, Helmonder said:

 

I indeed had to press the start button.. the array did not auto start ! (or, to be more precise.. the array started in stopped state, the gui also showed that and everything looked like it was not started, which is when I pressed the start button and it started, the way it always looks..

 

Ahh, ok, the problem is that nginx is being started too soon, or rather, the server startup has not completed before browser is able to render the webGui.  Could be that a plugin 'startup' is introducing enough delay that this is happening (which is why I don't see because we typically don't test with a large number of plugins installed).

 

Instead of clicking that Start button, if you had Refreshed the browser it would have shown array Started.

 

Thanks for the report, we'll figure out a fix for this.  For now, your server is ok, the "stale configuration" artifact is meaningless.

Link to comment
1 minute ago, limetech said:

 

Ahh, ok, the problem is that nginx is being started too soon, or rather, the server startup has not completed before browser is able to render the webGui.  Could be that a plugin 'startup' is introducing enough delay that this is happening (which is why I don't see because we typically don't test with a large number of plugins installed).

 

Instead of clicking that Start button, if you had Refreshed the browser it would have shown array Started.

 

Thanks for the report, we'll figure out a fix for this.  For now, your server is ok, the "stale configuration" artifact is meaningless.

 

Thanks !

Link to comment
1 hour ago, limetech said:

We're very much open to suggestions for symbol/color, is there any kind of 'defacto standard' for this?  Something to bear in mind is that both differences in color and shape are generally required to indicate different states.  This is to accommodate people who have difficulty differentiating between colors.  For example if we used a green lock symbol to mean "ok" and same symbol but red to indicate "problem" some people would not be able to tell the difference.

 

I am not aware of any standard for this, my experience with alarm panels is that there are regional preferences for colors, blinking ...

You're absolutely right with the idea that shape as well as color should  be different, but how about doing it just the other way around:

  • red and locked for a disk that is encrypted and not accessible
  • green and unlocked after the passphrase has been entered

Unencrypted disks wouldn't have a lock and easily be distinguishable. A closed lock protects the data. An open lock allows access, so it's green, but access also means that it is vulnerable, if someone has access to the server. This is the difference to a browser session, where a closed green lock means that data is encrypted and a man in the middle cannot access it, so it's not vulnerable.

 

1 hour ago, limetech said:

  I think the way to solve this is to tie re-entering of passphrase to the Format button.

 

Here I am not sure to understand what you mean. For the first time when encrypting?

  • Like 1
Link to comment
4 minutes ago, tstor said:

how about doing it just the other way around

 

I'm good with that.  Let's let @bonienl weigh in.

 

4 minutes ago, tstor said:

Here I am not sure to understand what you mean. For the first time when encrypting?

 

Basically this: for a server with encrypted storage, upon initial boot, you have to first go to Encryption Settings and enter your passphrase (or upload you keyfile).  We'll get rid of the "Retype passphrase" field.  Having done this, array should now Start.

 

Next, whenever you click the Format button, if one of the un-Mountable devices is configured for encryption, we'll generate an alert and have you type your passphrase again in order to continue.  (Exception: if you originally uploaded a keyfile instead of typing a passphrase, there will be no prompt.)  This satisfies both requirements: 1) in the normal start case you only type a passphrase once (no confusing confirmation box), and 2) when a new LUKS volume is created, we confirm the entered passphrase is what's intended.

 

Link to comment

Now the last thing to add would be the possibility to have two seperate arrays... Because I would be fine with my kids or my wife restarting my server when this is needed and I am away, but if that makes it necessary to type in a keyword that would mean the password would end up on a postit somewhere near the pc, I would like to avoid that :-)  

 

 

Link to comment
11 minutes ago, Helmonder said:

Now the last thing to add would be the possibility to have two seperate arrays... Because I would be fine with my kids or my wife restarting my server when this is needed and I am away, but if that makes it necessary to type in a keyword that would mean the password would end up on a postit somewhere near the pc, I would like to avoid that :-)  

 

But there is no need to restart unRAID, it is rock solid  :D

Link to comment
Guest
This topic is now closed to further replies.