Terramaster F4-210 NAS experiences (2021-09) version 0x01 -- @sairukau =============================================================================== Changelog =============================================================================== v0x01 Initial document, frustrating device =============================================================================== Expected Use cases =============================================================================== - NFS Access, multiple permissions per share by host - NB: Already have a QNAP TS-431P so trying to migration some volumes, this dictates some requirements in 1:1 for config =============================================================================== Hardware =============================================================================== NAS - Terramaster F42-210 Drives - 3x4TB shucked Seagate Expansion Desktop Drives - Model: STxxDM005 (3 platter drive) Networking - LAN - Static IP =============================================================================== First Impressions (some comparison with QNAP product) =============================================================================== Unit Looks cheap, considering i paid a similar amount for the QNAP it doesn't hold its own, caddys feel like they could have been 3d printed and are flimsy Web Interface Much nicer presentation than the QNAP device, not as much functionality =============================================================================== Installation =============================================================================== Out of the gate the frustration starts here, doco says 'install our app to find out the ip of the device' On first boot the device is in initialization mode, before it can be used you will need to upload the .ins file (or do an online init) to do this we first need to find the device on the network, the doco doesn't mention if it will have a static or dynamic ip, so off to nmap to see if we can discover it my internal net is 192.168.0.0, scan yours as appropriate $ nmap 192.168.0.0/23 The device once found with have port 80 and 22 open, you can hit port 80 and get the init page which will step you through a wizard warning all data on the drives will be lost (ok for me in this instance) and will required the aforementioned .ins files You will need to download this .ins file from their site, you do not get a disc nor usb with one on there already for offline setup The main admin account setup requires an email, for an (off inet) device this is dumb and while it offers an option to skip it, the options didn't work, assume its harvesting your email so you a throw away one/alias You should be asked at some point about device names and the like, you will not be asked to setup networking at this point tho, so you will be stuck with the dhcp assigned ip until the device is fully installed, i just cant remember when in the process device names and the like were asked because i was already well annoyed at this point in time Upload the *.ins file when prompted, it will report it takes around 10m to install, i am on TOS 4.2.15-2107141517 If like me you get to 50% and it stalls well past the 10m mark, ssh in as root, the ciphers offered by the ssh implementation in init mode are old so setup a custom config entry or provide the below as appropriate -o option to ssh. {{{ Host tosins HostName 192.168.0.108 Port 22 User root KexAlgorithms=diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 }}} ssh into the device as root with password Admin123 According to a forum post from support terramaster support it should be safe to reboot the device, it should restart in init mode See https://forum.terra-master.com/en/viewtopic.php?t=840 I just checked ps that nothing was still running from /etc/tos/scripts then rebooted the device The device came back fully installed and started a wizard to configure the pools and volumes, this actual setup was presented well and was simple enough I chose a raid 5 setup for my use case and disc numbers raid sync started for this setup and stated it would take 1001m from the admin ui i was then able to configure a static ip for the unit and assign what i needed it at the ssh requirements change post intallation, root is not permitted regardless of what forum posts state, the ciphers are now at a reasonable level so the init ssh config is no longer required and it is listening on a custom port, for me that was 9222 to that end i considered the installation was complete =============================================================================== Config =============================================================================== File Services - Only NFS is enabled =============================================================================== Access =============================================================================== Post installation root ssh access is not enabled, su - is also broken, you can confirm the password for root is the same as admin with {{{ cat /etc/shadow }}} the hashes will match between the users ssh in as admin and run {{{ sudo -i }}} to escalate to root =============================================================================== Migration =============================================================================== The NFS ui configation is severly lacking in functionality, you can only set one permission level, cannot device squash nor anon uid/gid I want to use r/w perms based on host with a world readable perm this can't be done through the interface Attempting to map /etc/exports appropriately and running exportfs did not reflect the required config on showmount -e from an applicable host this change did not persist over a reboot the problem here seems to be /etc/exports is written from /etc/base/nasdb from the call to /sbin/svrcfg-all -c nfs in /etc/init.d/nfs we can see the share entries in nasdb root@pugsy:~# sqlite3 /etc/base/nasdb SQLite version 3.8.11.1 2015-07-29 20:00:57 Enter ".help" for usage hints. sqlite> .tables acl_host app_table group_users share_crypt vpn_user_table acl_list dav_list interface user_extend acl_webdav dfs_list share user_table sqlite> select * from share; 1|public|md0|/mnt/md0/public|root|0|0|LFS|||0|20|0|0|0|0 2|appdata|md0|/mnt/md0/appdata|root|0|0|LFS|||0|20|0|0|7|0 3|media|md0|/mnt/md0/media|root|0|0|LFS|media||1|20|0|0|0|0 sqlite> select * from acl_host; *|3|nfs|1|61a52f7a75745796f63ec9e3ea2547b4|{"squash":null,"async":"async","secure":"","crossmnt":""} *|3|samba|2|d04345ff279266adfed0f6baee49c77b| sqlite> where the columns are sqlite> PRAGMA table_info(acl_host); 0|host|TEXT|1||0 1|folder_id|INTEGER|1||0 2|service|TEXT|1||0 3|access|INTEGER|1||0 4|hash|TEXT|1||0 5|extend|TEXT|0||0 sqlite> host folder_id # shared folder service # nfs/samba etc access # 1: read, 2: read/write hash # md5sum, its a unique index extend # e.g. mount options theoretically i should be able to insert another row for host rw access and reload the nfs service to update exports? nope sqlite> insert into acl_host values('192.168.0.206',3,'nfs',2,'f667fda226573d6db7842d73b96393e7','{"squash":"all_squash","async":"async","secure":"","crossmnt":"","anonuid":"1000","anongid":"100"}'); sqlite> select * from acl_host; *|3|nfs|1|61a52f7a75745796f63ec9e3ea2547b4|{"squash":null,"async":"async","secure":"","crossmnt":""} *|3|samba|2|d04345ff279266adfed0f6baee49c77b| 192.168.0.206|3|nfs|2|f667fda226573d6db7842d73b96393e7|{"squash":"all_squash","async":"async","secure":"","crossmnt":"","anonuid":"1000","anongid":"100"} sqlite> this still doesn't write the config properly on service restart, although it does impact the webui try modifying a second share to provide access sqlite> update acl_host set extend='{"squash":"all_squash","async":"async","secure":"","crossmnt":"","anonuid":"1000","anongid":"100"}' where hash='0286c95b0d7f9c90a943c3e52b93f537'; sqlite> select * from acl_host; *|3|nfs|1|61a52f7a75745796f63ec9e3ea2547b4|{"squash":null,"async":"async","secure":"","crossmnt":""} *|3|samba|2|d04345ff279266adfed0f6baee49c77b| 192.168.0.206,192.168.0.104,192.168.0.126|4|nfs|2|0286c95b0d7f9c90a943c3e52b93f537|{"squash":"all_squash","async":"async","secure":"","crossmnt":"","anonuid":"1000","anongid":"100"} *|4|samba|2|8d9a5c6721ec44b69733bbeeaa365f5a| sqlite> =============================================================================== Customisations =============================================================================== =============================================================================== Performance ===============================================================================a