Discovering Omnios Server
1000 words, 5 minutes
Doing some tidying in my network, computers and VPS collection, I went looking for a piece of software that could be used :
- at home, as a file server, a backup server and a VM lab.
- at colloc, as an hypervisor.
After looking at SmartOS , I tried OmniOS . It is also based on Illumos . The notes go here.
Preparation
Read about a fresh installation and getting started with OmniOS .
Download https://downloads.omnios.org/media/stable/omnios-r151048.iso and transfer it to a USB Flash Drive:
# dd if=omnios-r151048.iso of=/dev/rsd2c bs=1M
Booting the ISO using Ventoy did not work. Well, it worked but the installer stopped saying it wouldn’t find its data.
Insert the flash drive and power on the machine.
Installation
OmniOS comes with a nice friendly ncurse-like text installer. You can also use “the old text” installer which is more 1 question / 1 line ; a bit like OpenBSD installer.
As the machine was previously running SmartOS, the disks were configured for ZFS. To prevent issues, I used the installer option to start from scratch. On the “Welcome to the OmniOSce installer”, select the Configure Boot Options and toggle the Reconfigure variable.
My installation went:
- Select a keyboard layout: French
- Find disks, create rpool and install OmniOS
- Select disks for installation: c3t0d0
- ZFS Root Pool Configuration
- Root pool name: rpool
- Partionning Scheme: UEFI
- Compression: YES
- Force sector size: no
- Enter the system hostname: omnios
- Please identify a location: Europe, France
- Is the above information OK, Yes
Wait for installation to proceed. When installation is complete, select Configure the installed OmniOS system.
- Configure Networking igb1 is selected by default. But the interface number order is nonsense. When rebooted, the interface is referenced as igb0, as expected by my cabling.
- Create User
- Grant ‘Primary Administrator’ role: yes
- Set Root Password
- SSH Server: Enabled
Return to main menu and Reboot.
Remove the USB stick when screen gets blank.
The first boot is quite long. “Applying initial boot settings” seem to take quite a few moments.
By default, the root user cannot log in using SSH. Don’t forget to create an Admin account during install. Connect using SSH and start admining.
Secured SSH connections
Install the SSH keys, force the key usage and restart the daemon:
$ mkdir ~/.ssh
$ cat > ~/.ssh/authorized_keys
ssh-ed25519 (...)
$ su -
# cat >> ~/.ssh/authorized_keys
ssh-ed25519 (...)
# vi /etc/ssh/sshd_config
(...)
PermitRootLogin prohibit-password
(...)
PasswordAuthentication no
# svcs | grep ssh
online 20:09:39 svc:/network/ssh:default
# svcadm restart ssh
Enable IPv6
To use IPv6 auto-configuration, simply:
# ipadm create-addr -T addrconf igb0/v6
Package management and Upgrading
Quick cheatsheet for package management:
- Update available packages list:
pkg refresh - List installed packages that have newer versions available:
pkg list -upkg update -nv - Update all installed packages:
pkg update - Install tmux:
pkg install tmux
ZFS pools and datasets
I want the OS on the mSATA and the data on the SSD, so let’s create the new pool.
# diskinfo
TYPE DISK VID PID SIZE RMV SSD
SATA c2t0d0 ATA BT58SSD10M 238.47 GiB no yes
SATA c2t1d0 Samsung SSD 870 QVO 8TB 7452.04 GiB no yes
# zpool create -f tank c2t1d0
# zpool list
NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
rpool 238G 4.87G 233G - - 0% 2% 1.00x ONLINE -
tank 7.27T 102K 7.27T - - 0% 0% 1.00x ONLINE -
According to the manual, I’d rather go for the LZ4 compression algorythm.
The lz4 compression algorithm is a high-performance replacement for the lzjb algorithm. It features significantly faster compression and decompression, as well as a moderately higher compression ratio than lzjb, but can only be used on pools with the lz4_compress feature set to enabled. See zpool-features(7) for details on ZFS feature flags and the lz4_compress feature.
Activate LZ4 compression on the data pool.
# zpool get feature@lz4_compress
NAME PROPERTY VALUE SOURCE
rpool feature@lz4_compress active local
tank feature@lz4_compress active local
# zfs set compression=lz4 tank
# zfs get compression
NAME PROPERTY VALUE SOURCE
rpool compression on local
rpool/ROOT compression on inherited from rpool
rpool/ROOT/omnios-r151048 compression on inherited from rpool
rpool/ROOT/omnios-r151048b compression on inherited from rpool
(...)
tank compression lz4 local
Create some ZFS dataset and enable deduplication. We’ll see later on if this is useful.
# for d in backup nocloud zones; do \
zfs create -o mountpoint=/$d tank/$d ; \
zfs set dedup=edonr,verify tank/$d ; \
done
# zfs get dedup,compression
NAME PROPERTY VALUE SOURCE
rpool dedup off default
rpool compression on local
rpool/ROOT dedup off default
rpool/ROOT compression on inherited from rpool
(...)
tank dedup off default
tank compression lz4 local
tank/backup dedup edonr,verify local
tank/backup compression lz4 inherited from tank
tank/nocloud dedup edonr,verify local
tank/nocloud compression lz4 inherited from tank
tank/zones dedup edonr,verify local
tank/zones compression lz4 inherited from tank
Zone Management Tool
zadm is a third-party tool that allows user-friendly Zones management.
Let’s install it:
# pkg install zadm
Asciinerama casts are available here . They demonstrate basic Zones tasks.
Firewall
IPF can be used to filter access to the Global Zone services.
# svcadm enable network/ipfilter
# vim /etc/ipf/ipf.conf
pass in quick on lo0 all
pass out quick on lo0 all
block in all
pass in quick on igb0 proto icmp keep state
pass in quick on igb0 proto tcp to port = 22 keep state
pass out all
#EOF
# ipf -Fa -f /etc/ipf/ipf.conf -nv
# ipf -Fa -f /etc/ipf/ipf.conf
# ipfstat -io
To be continued
From here, there’s a couple of use-cases I want to implement. I am testing a few with success so far. I think OmniOS should become my second prefered system.
I’ll probably write about use-cases later on.
Bibliography
Here is a list of articles I found very usefull while exploring OmniOS. I recommend reading them.