Matching freenas examples from original repo

examples/api-with-ssh/freenas-iscsi.yaml

@@ -72,6 +72,7 @@ iscsi:
   #nameTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}-{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
   namePrefix: csi-
   nameSuffix: "-clustera"
+
   # add as many as needed
   targetGroups:
     # get the correct ID from the "portal" section in the UI
@@ -84,6 +85,7 @@ iscsi:
       # only required if using Chap
       targetGroupAuthGroup:
 
+  #extentCommentTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
   extentInsecureTpc: true
   extentXenCompat: false
   extentDisablePhysicalBlocksize: true

examples/api-with-ssh/freenas-nfs.yaml

@@ -51,8 +51,8 @@ zfs:
   datasetEnableQuotas: true
   datasetEnableReservation: false
   datasetPermissionsMode: "0777"
-  datasetPermissionsUser: root
+  datasetPermissionsUser: 0
-  datasetPermissionsGroup: wheel
+  datasetPermissionsGroup: 0
   #datasetPermissionsAcls:
   #- "-m everyone@:full_set:allow"
   #- "-m u:kube:full_set:allow"

examples/api-with-ssh/freenas-smb.yaml

@@ -46,7 +46,9 @@ zfs:
 
   datasetProperties:
     aclmode: restricted
-    casesensitivity: mixed
+    aclinherit: passthrough
+    acltype: nfsv4
+    casesensitivity: insensitive
 
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
@@ -54,12 +56,41 @@ zfs:
   detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
   datasetEnableQuotas: true
   datasetEnableReservation: false
-  datasetPermissionsMode: "0777"
+  datasetPermissionsMode: "0770"
-  datasetPermissionsUser: nobody
+
-  datasetPermissionsGroup: nobody
+  # as appropriate create a dedicated user for smb connections
+  # and set this
+  datasetPermissionsUser: 65534
+  datasetPermissionsGroup: 65534
+
+  # CORE
+  #datasetPermissionsAclsBinary: setfacl
+
+  # SCALE
+  #datasetPermissionsAclsBinary: nfs4xdr_setfacl
+
+  # if using a user other than guest/nobody comment the 'everyone@' acl
+  # and uncomment the appropriate block below
   datasetPermissionsAcls:
-  - "-m everyone@:full_set:allow"
+    - "-m everyone@:full_set:fd:allow"
-  #- "-m u:kube:full_set:allow"
+
+  # CORE
+  # in CORE you cannot have multiple entries for the same principle
+  # or said differently, they are declarative so using -m will replace
+  # whatever the current value is for the principle rather than adding a
+  # entry in the acl list
+  #- "-m g:builtin_users:full_set:fd:allow"
+  #- "-m group@:modify_set:fd:allow"
+  #- "-m owner@:full_set:fd:allow"
+
+  # SCALE
+  # https://www.truenas.com/community/threads/get-setfacl-on-scale-with-nfsv4-acls.95231/
+  # -s replaces everything
+  # so we put this in specific order to mimic the defaults of SCALE when using the api
+  #- -s group:builtin_users:full_set:fd:allow
+  #- -a group:builtin_users:modify_set:fd:allow
+  #- -a group@:modify_set:fd:allow
+  #- -a owner@:full_set:fd:allow
 
 smb:
   shareHost: server address
@@ -77,7 +108,7 @@ smb:
   shareAllowedHosts: []
   shareDeniedHosts: []
   #shareDefaultPermissions: true
-  shareGuestOk: true
+  shareGuestOk: false
   #shareGuestOnly: true
   #shareShowHiddenFiles: true
   shareRecycleBin: true

examples/api-without-ssh/freenas-api-iscsi.yaml

@@ -37,7 +37,8 @@ zfs:
   # total volume name (zvol/<datasetParentName>/<pvc name>) length cannot exceed 63 chars
   # https://www.ixsystems.com/documentation/freenas/11.2-U5/storage.html#zfs-zvol-config-opts-tab
   # standard volume naming overhead is 46 chars
-  # datasetParentName should therefore be 17 chars or less when using TrueNAS 12 or below
+  # datasetParentName should therefore be 17 chars or less when using TrueNAS 12 or below (SCALE and 13+ do not have the same limits)
+  # for work-arounds see https://github.com/democratic-csi/democratic-csi/issues/54
   datasetParentName: tank/k8s/b/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
@@ -62,6 +63,7 @@ iscsi:
   #nameTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}-{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
   namePrefix: csi-
   nameSuffix: "-clustera"
+
   # add as many as needed
   targetGroups:
     # get the correct ID from the "portal" section in the UI
@@ -74,6 +76,7 @@ iscsi:
       # only required if using Chap
       targetGroupAuthGroup:
 
+  #extentCommentTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
   extentInsecureTpc: true
   extentXenCompat: false
   extentDisablePhysicalBlocksize: true

examples/api-without-ssh/freenas-api-nfs.yaml

@@ -43,6 +43,8 @@ zfs:
   datasetPermissionsMode: "0777"
   datasetPermissionsUser: 0
   datasetPermissionsGroup: 0
+
+  # not supported yet
   #datasetPermissionsAcls:
   #- "-m everyone@:full_set:allow"
   #- "-m u:kube:full_set:allow"

examples/api-without-ssh/freenas-api-smb.yaml

@@ -34,9 +34,10 @@ zfs:
   #  "org.freenas:test": "{{ parameters.foo }}"
   #  "org.freenas:test2": "some value"
 
-  datasetProperties:
+  # these are managed automatically via the volume creation process when flagged as an smb volume
-    aclmode: restricted
+  #datasetProperties:
-    casesensitivity: mixed
+  #  aclmode: restricted
+  #  casesensitivity: mixed
 
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
@@ -47,8 +48,10 @@ zfs:
   datasetPermissionsMode: "0777"
   datasetPermissionsUser: 0
   datasetPermissionsGroup: 0
-  datasetPermissionsAcls:
+
-  - "-m everyone@:full_set:allow"
+  # not supported yet in api
+  #datasetPermissionsAcls:
+  #- "-m everyone@:full_set:allow"
   #- "-m u:kube:full_set:allow"
 
 smb: