Using Turnkey Fileserver for storage share - major issues

[skybolt_1]

I have a PVE Community server running 8.3.1 with a total of 24 TB across 6 drives configured in RAIDZ2 that I am presenting to a bunch of different VMs, Docker containers, and LXCs using SMB using Turnkey Fileserver. While I understand that SMB isn't really optimal for this use case, and that most people would probably want to present storage using NFS, I was hesitant to use a priviledged container because of the security concerns associated with that. This might be a bit silly because this is a home hosting setup + work sandbox, but I do have a few services (Nextcloud, Jellyfin) presented publicly behind HAProxy and want to use best practices as a general rule.

I run Turnkey as an LXC and present a 20 TB mount point to it (was a typo, I intended to use 10 TB) of which I have around 4 TB consumed. I have set up the SMB shares within Turnkey based on local user groups inside of the LXC. Everything works... for a while. Periodically, whether that is a few days or a week, I suddenly discover that my Shinobi DVR VM has suddenly started throwing endless CIFS: VFS: No writable handle in writepages rc=-9 errors, or my account that I use to back up Windows boxes suddenly no longer has write privileges. A reboot of the LXC fixes everything. I've made no changes to the Samba configuration, which is as follows (slightly truncated to reduce the number of shares, all settings are identical other than groups):

[global]
    obey pam restrictions = yes
    server string = TurnKey FileServer
    debug level = 3
    min receivefile size = 16384
    os level = 20
    add user script = /usr/sbin/useradd -m '%u' -g users -G users
    recycle:exclude_dir = tmp quarantine
    delete group script = /usr/sbin/groupdel '%g'
    recycle:versions = yes
    socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536
    recycle:keeptree = yes
    add group script = /usr/sbin/groupadd '%g'
    workgroup = WORKGROUP
    dns proxy = no
    panic action = /usr/share/samba/panic-action %d
    admin users = root
    log file = /var/log/samba/samba.log
    max log size = 1000
    recycle:touch = yes
    guest account = nobody
    wins support = yes
    map to guest = bad user
    read raw = no
    pam password change = yes
    encrypt passwords = yes
    write raw = no
    delete user script = /usr/sbin/userdel -r '%u'
    security = user
    netbios name = FILESERVER
    vfs object = recycle
    passdb backend = tdbsam
    getwd cache = yes
    add user to group script = /usr/sbin/usermod -G '%g' '%u'
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    
[home-videos]
    write list = @home-videos-users
    create mode = 644
    path = /rust/home-videos
    read list = jellyfin
    force create mode = 0644
    writeable = yes
    directory mode = 775
    force directory mode = 2775

[network-drive]
    write list = @network-drive-users
    directory mode = 775
    writeable = yes
    force directory mode = 2775
    force create mode = 0644
    create mode = 664
    path = /rust/network-drive

This has happened about 10-15 times so far, and it is preventing me from fully jumping off of my legacy server which runs on ESXi + drive passthrough to TrueNAS for storage. That setup had its own issues but I have to say that I did not have anything like this happen with shares in TrueNAS.

It seems like the Turnkey LXCs are relatively popular here, I would expect that issues like this would be fairly rare, yet I seem to have gotten myself into a bad place that I'm uncertain how to get out of. I'm sort of tempted to sidestep into a "plain" Debian LXC and configure Samba manually, but I'm hoping to avoid that headache.

Anyone encounter these sorts of issues before? Also, if you think that what I'm trying to do here is dumb and bad, I'm willing to hear those arguments too!

 

[Kingneutron]

I would try a VM instead, maybe openmediavault or similar? You can do some easy admin stuff just by installing webmin on port 10000, or maybe go with SuSE + Yast for text-console convenience

 

[skybolt_1]

So I did start out using a VM, Debian w/ Samba deployed natively. But that required me creating a very large disk image vs. using a mountpoint, which appears to have a potentially significant performance hit (?) according to things I've read here and on the subreddit for Proxmox. That's one of the reasons I pulled back from that model to go to the LXC model.

 

[Kingneutron]

You could try disk passthru for better speed?

https://pve.proxmox.com/wiki/Passthrough_Physical_Disk_to_Virtual_Machine_(VM)

 

[skybolt_1]

Yeah, basically back to my prior model w/ TrueNAS + passthrough... I suppose I could. Was hoping that someone here had similar experiences with the Turnkey image and could point me in the right direction but maybe I just have a weird setup.

 

[dingybeaver]

Yeah, basically back to my prior model w/ TrueNAS + passthrough... I suppose I could. Was hoping that someone here had similar experiences with the Turnkey image and could point me in the right direction but maybe I just have a weird setup.

Did you ever get a solution? I can't change or add any folders/files into my file share form the Turnkey File Server. My situation: I have Proxmox server. Ripping discs from my dekstop to TKFS. Then use those folders/files for Jellyfin. I'm having the worst luck trying to figure things out. I cannot add myself to the root group to access these folders. Tried with 'chown -R user:group /path/folder', wouldn't allow the operation.

 

[skybolt_1]

Did you ever get a solution? I can't change or add any folders/files into my file share form the Turnkey File Server. My situation: I have Proxmox server. Ripping discs from my dekstop to TKFS. Then use those folders/files for Jellyfin. I'm having the worst luck trying to figure things out. I cannot add myself to the root group to access these folders. Tried with 'chown -R user:group /path/folder', wouldn't allow the operation.

Ultimately, I ended up creating individual drives for things like Jellyfin and Shinobi and just saving the files to those directly. I'm sure that if I had spent more time I could have gotten things working with ZFS but ultimately decided that for what I was trying to do, keeping things on individual drive images was fine. Sorry!

 

[DerekG]

Ultimately, I ended up creating individual drives for things like Jellyfin and Shinobi and just saving the files to those directly.

That will work, but then you loose the redundant drives, one failure and your data is gone.

I have 2x TrueNAS running, but when I just wanted to pass some USB drives through for basic storage, I found the OMV in a VM was the most solid solution, that after testing various LXC files servers and ZimaOS.

 

[skybolt_1]

That will work, but then you loose the redundant drives, one failure and your data is gone.

I have 2x TrueNAS running, but when I just wanted to pass some USB drives through for basic storage, I found the OMV in a VM was the most solid solution, that after testing various LXC files servers and ZimaOS.

You misunderstand my statement; I created virtual disks associated with the VMs that sit on my RAIDZ2 array of 6 physical drives. These disks are backed up nightly to an offsite PBS backup server. I can suffer two physical failures and suffer no data loss and if that were to happen I can fall back to my offsite. Truly irreplaceable content like family photos and home movies have additional copies on my local hard disk, local backup hard disk, and Amazon Glacier.

 

[DerekG]

You misunderstand my statement

Ah, sorry, I completely misunderstood the thread, I have a similar setup for none important data storage (even USB drives), OMV is still the best option I found after testing multiple LXC files servers.