public_git
/
democratic-csi
mirror of https://github.com/democratic-csi/democratic-csi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add doc section about rootless SSH with FreeNAS

This commit is contained in:
Lukas Steiner 2020-11-16 16:37:56 +01:00
parent 52741d3e24
commit 5dbc79bd1d
No known key found for this signature in database
GPG Key ID: 46AA1DC4EE1832B1
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -79,6 +79,18 @@ Ensure the following services are configurged and running:
- iscsi
- smb
#### Rootless SSH
If you don't want to use the root user for logging in via SSH, it's also possible to create a separate user for managing the ZFS datasets.
First create a new user, let's call it `csi`. Next it needs write permissions on the parent dataset to create new mount points (easiest is to set it as owner of the dataset) and also specific ZFS permissions to create new child datasets, which can be set by executing:
`zfs allow csi create,destroy,mount,refquota,snapshot,userprop,refreservation tank/k8s/a/vols`
Finally you need to enable usermount by executing: `sysctl vfs.usermount=1`. This can be set persistantly via the FreeNAS Web UI at `System` -> `Tunables` (make sure changing type `SYSCTL`).
Now you can use the `csi` user for the SSH connection instead of root.
### ZoL (zfs-generic-nfs, zfs-generic-iscsi)
Ensure ssh and zfs is installed on the server and that you have installed