September 3, 20178 yr 14 minutes ago, bonienl said: Since rc7 Update OS is a separate update and can be found under Tools. There is no change in rc8 and still working as before. What is your observation? I am using the function under tools. I press "check for updates" and it just keeps hanging there... for more than an hour now... I have restart the search several time, same result. My secundary server worked fine..
September 3, 20178 yr Wow LUKS support is a great idea, kudos for focusing on security! If I understand correctly a "xfs encrypted" volume will still be mountable from any Linux distribution that supports LUKS? How about the parity drive, does that also get encrypted or stay plaintext? (I can see arguments for both) Is a mixed mode with encrypted/unencrypted drives in the same array possible? If so am I correct in the assumption that all encrypted devices will have to be unlocked before the array can be started at all?
September 3, 20178 yr Just now, lionceau said: Wow LUKS support is a great idea, kudos for focusing on security! If I understand correctly a "xfs encrypted" volume will still be mountable from any Linux distribution that supports LUKS? How about the parity drive, does that also get encrypted or stay plaintext? (I can see arguments for both) Is a mixed mode with encrypted/unencrypted drives in the same array possible? If so am I correct in the assumption that all encrypted devices will have to be unlocked before the array can be started at all? Interesting.. The way I understood the OP, the encryption is disk based, one level above the filesystem (with the exception of the cache drive, that is handled as a complete pool, which is logical, the filesystem spreads over the different drives there). That would mean it can be disk specific, one disk is encrypted, the other is not. The array can only start after all encrypted drives are unlocked, possibly this must mean that parity is calculated over the de-encrypted volumes.. If that is the case and you started the array before unencrypting then parity would be invalid..
September 3, 20178 yr 3 minutes ago, Helmonder said: I am using the function under tools. I press "check for updates" and it just keeps hanging there... for more than an hour now... I have restart the search several time, same result. My secundary server worked fine.. The "Check for Updates" button is presented when no automatic checks are set (see notifications settings). In this case clicking the button opens a new window and shows one line to tell it is checking for updates of the OS. Once the check is completed a "Close" button is displayed. All working fine here! Does your server have correct Internet access and is DNS correctly setup?
September 3, 20178 yr 2 minutes ago, bonienl said: The "Check for Updates" button is presented when no automatic checks are set (see notifications settings). In this case clicking the button opens a new window and shows one line to tell it is checking for updates of the OS. Once the check is completed a "Close" button is displayed. All working fine here! Does your server have correct Internet access and is DNS correctly setup? Yes.. That should all be fine... All functionality and dockers on the system are working.. I''ll change the dns to googles quickly to see if that makes a difference..
September 3, 20178 yr 15 minutes ago, lionceau said: Wow LUKS support is a great idea, kudos for focusing on security! If I understand correctly a "xfs encrypted" volume will still be mountable from any Linux distribution that supports LUKS? How about the parity drive, does that also get encrypted or stay plaintext? (I can see arguments for both) Is a mixed mode with encrypted/unencrypted drives in the same array possible? If so am I correct in the assumption that all encrypted devices will have to be unlocked before the array can be started at all? Below a screenshot of my test server. The parity disk does not contain data and is not encrypted, actually the parity disk calculates its content over the encrypted and non-encrypted data disks of the array. This means that a replaced data disk will get the exact same (encrypted) content as the original disk. Ps. Yes, LUKS is used as the underlying method and a disk can be taken out and put into another system. As long as you know the passphrase (or keyfile) you are able to read the encrypted content. Edited September 3, 20178 yr by bonienl
September 3, 20178 yr 4 hours ago, limetech said: Yes that is the fall-back, but even though we have a short TTL (60 sec at present), it appears that win10/Chrome/FF will still refer to it's DNS cache in the absence of an Internet connection. At least this is what appears to be the case when you yank the upstream connection from a (consumer grade) router. The lowest fall-back you can do is entering the IP address of the server and bypass DNS. This will always work!
September 3, 20178 yr I run a pfsense VM. If I enable secure access, does this mean I'll never be able to access my server? At the moment there is no LAN or WAN until the server after about 30 mins starts the pfsense VM, so I'm wondering how the DNS checks will work. At the moment, I'm waiting to see if rc8 even boots fully as rc7 didn't for me (it never made it to the point where my VMs start) - I'm about 30 mins in - going to give it another 20 then I'm rolling back to rc6
September 3, 20178 yr This is from the Help under Settings -> Identification pfSense: If you are using pfSense internal DNS resolver service, you can add these Custom Option lines: server:private-domain: "unraid.net" Can you telnet or ssh into your system and obtain diagnostics in case your GUI isn't reachable?
September 3, 20178 yr 29 minutes ago, bonienl said: This is from the Help under Settings -> Identification pfSense: If you are using pfSense internal DNS resolver service, you can add these Custom Option lines: server:private-domain: "unraid.net" Can you telnet or ssh into your system and obtain diagnostics in case your GUI isn't reachable? Thanks - haven't got that far yet to see that! I've run diagnostics as suggested from CLI - will post when I rollback if I give up (waiting for rc6 as you've seen in other thread). So far been going 1hr and array has started (it's even started a parity check) but VMs haven't and maybe docker (don't know how to check that from CLI). Going to wait a bit longer then I'll have to rollback to rc6 Edit: Added diagnostics - rolling back to RC6 highlander-diagnostics-20170903-1013.zip Edited September 3, 20178 yr by DZMM
September 3, 20178 yr 5 hours ago, limetech said: Yes that is the fall-back, but even though we have a short TTL (60 sec at present), it appears that win10/Chrome/FF will still refer to it's DNS cache in the absence of an Internet connection. At least this is what appears to be the case when you yank the upstream connection from a (consumer grade) router. Does this mean, we must always have an internet connection to make this work?
September 3, 20178 yr 19 minutes ago, DZMM said: I've run diagnostics as suggested from CLI - will post when I rollback if I give up (waiting for rc6 as you've seen in other thread). So far been going 1hr and array has started (it's even started a parity check) but VMs haven't and maybe docker (don't know how to check that from CLI). My guess is that something prevents your VMs to start and you end up in a catch 22 situation. Hopefully the diagnostics can shed some more light on this.
September 3, 20178 yr 8 minutes ago, uldise said: Does this mean, we must always have an internet connection to make this work? Yes, if you want to make use of the DNS service from Limetech. It is still possible to work the "old way" or make an entry in the hosts file to bypass online DNS service.
September 3, 20178 yr I Also have issue to start my VM:s , have created some diagnostics and roll back to previous version and Ishall take a look at my diagnostics files .....Skickat från min iPhone med Tapatalk
September 3, 20178 yr 2 minutes ago, bonienl said: It is still possible to work the "old way" can you elaborate a bit on this? i have for example, my own Let'sEncrypt certificates..
September 3, 20178 yr 2 minutes ago, uldise said: can you elaborate a bit on this? i have for example, my own Let'sEncrypt certificates.. As long as you do not provision a LT certifictate, it works as in the older releases, except that HTTP and HTTPs ports are now set under Settings -> Identification instead of the 'go' file. The OP explains how to remove the LT certificate if already set.
September 3, 20178 yr 8 minutes ago, bonienl said: As long as you do not provision a LT certifictate, it works as in the older releases a just looked back at older 6.4.x release notes, and i can find information about how to switch https on in go file and that ngix will generate self signed certificates. but how about custom certs? or this is still not supported? sorry if i can't find it in these long threads
September 3, 20178 yr 3 minutes ago, uldise said: a just looked back at older 6.4.x release notes, and i can find information about how to switch https on in go file and that ngix will generate self signed certificates. but how about custom certs? or this is still not supported? sorry if i can't find it in these long threads The problem with self signed certificates it that the browser sees them as unsecure and gives you a warning before proceeding. If you can live with that, fine. Custom certificates are not allowed to reference to private IP addresses (RFC1918), to overcome this limitation the introduction of Limetech certificates was done.
September 3, 20178 yr 35 minutes ago, DZMM said: Thanks - haven't got that far yet to see that! I've run diagnostics as suggested from CLI - will post when I rollback if I give up (waiting for rc6 as you've seen in other thread). So far been going 1hr and array has started (it's even started a parity check) but VMs haven't and maybe docker (don't know how to check that from CLI). Going to wait a bit longer then I'll have to rollback to rc6 Edit: Added diagnostics - rolling back to RC6 highlander-diagnostics-20170903-1013.zip Not sure what's causing the boot problems, but I can see in my syslog.txt what's slowing my overall boot times which I think I can fix: Sep 3 08:53:04 Highlander emhttpd: shcmd (82): /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/dockerupdate.php This locks the machine for about 9 mins, so I guess it's looking for docker updates when there's no internet connection so it's failing - will see if disabling helps Sep 3 09:12:02 Highlander crond[2837]: failed parsing crontab for user root: ? * FRI * /usr/local/emhttp/plugins/user.scripts/startCustom.php /boot/config/plugins/user.scripts/scripts/Backup Buzz/script > /dev/null 2>&1 Sep 3 09:12:02 Highlander crond[2837]: failed parsing crontab for user root: ? * WED * /usr/local/emhttp/plugins/user.scripts/startCustom.php /boot/config/plugins/user.scripts/scripts/Backup Disney and Lego/script > /dev/null 2>&1 There are a couple of attempts in the logs that cost me about 7 mins each time, for have custom userscripts jobs based on days of week to backup some of my VMs - these keep failing I think because the server isn't sure what day it is - other backup jobs not based on days of the week aren't mentioned, so I'll change these to non-day-of-the week backups.
September 3, 20178 yr fuuuuuuuuck I think I just lost all the data of a harddrive I updated from rc7 to rc8q and it said that one drive wasn't formatted correctly, being excited about the update I formatted it How do I get it back with help of parity?
September 3, 20178 yr 18 minutes ago, DZMM said: There are a couple of attempts in the logs that cost me about 7 mins each time, for have custom userscripts jobs based on days of week to backup some of my VMs - these keep failing I think because the server isn't sure what day it is - other backup jobs not based on days of the week aren't mentioned, so I'll change these to non-day-of-the week backups. As a quick test. Can you start your server in safemode? Want to exclude if this is related to the plugins and packages which you install.
September 3, 20178 yr 26 minutes ago, bonienl said: The problem with self signed certificates it that the browser sees them as unsecure and gives you a warning before proceeding. If you can live with that, fine. Custom certificates are not allowed to reference to private IP addresses (RFC1918), to overcome this limitation the introduction of Limetech certificates was done. ok, i think, i got it.. no probs for me with self signed certificates, i just use firefox for my servers maintenance - you can add exception on first time and forget about warnings. and i don't wanna make access to my unRAID from Internet side, even with some reverse proxy from my main webserver. if i would, then i will need to integrate my own certs into unRAID. Edit: that's not true. BTW, from the next year Let'sEncrypt will support wildcard certs - for me it looks more secure than list all my sub-domains for one pair of certs.. Edited September 3, 20178 yr by uldise
September 3, 20178 yr 22 minutes ago, starbix said: fuuuuuuuuck I think I just lost all the data of a harddrive I updated from rc7 to rc8q and it said that one drive wasn't formatted correctly, being excited about the update I formatted it How do I get it back with help of parity? When you format a disk the content is gone and parity can not be used to recover. Do you have a backup of that disk? Otherwise there are tools to undo the formating. Somebody with more experience in this area than me, may give you better advice. Be patient and don't rush, chances are good to recover. Be sure not to write to the disk in question. Edited September 3, 20178 yr by bonienl
September 3, 20178 yr I don't have a backup of that disk, I discovered that even when the drive is emulated by parity it's still unmountable. It wasn't much data yet, but now I wasted a lot of freeleech tokens
Archived
This topic is now archived and is closed to further replies.