Several months ago, I posted my AIO home media server build. TL;DR: The Proxmox based server uses mergerfs to pool four bulk storage drives and has two parity drives for snapraid . The bulk storage and the parity drives are connected to a cross-flashed Dell H310 HBA.
After posting the build, I decided to add a freeipa container to manage users/groups and provide local dns. Initially, I pooled the drives in Proxmox and used lxc bind mounts to present the pooled storage to my freeipa-enrolled SMB/NFS lxc container. This is where things hit a wall. Although the group owner for a directory on my pool was "media", the members of the "media" group were unable to access the directory. After some sleuthing and experimentation, I discovered that the pooling the drives at the Proxmox level caused the access problems because of the manner in which mergerfs handles supplementary groups. If the drives are pooled in a container enrolled with freeipa, the media group can access the directory.
With the problem identified, I can think of three solutions:
1. Create a lxc container and lxc bind mount the bulk storage drives to the container. Mergerfs would then be used in the container to pool the drives. The pooled storage would be accessed by other containers and computers via smb and nfs. Snapraid functionality would be kept at the Proxmox level;
2. Same as 1 above, but bring the Snapraid functionality into the lxc container;
3. Create a Ubuntu VM, passing through the HBA to the VM. Mergerfs would again be used to pool the drives in the VM. Like 1, the pooled storage would be accessed by the other containers and computers via smb and nfs. Obviously, the snapraid functionality would be handled within the VM.
Of the three above, what would be the best approach? Is another approach worth investigating? Would one solution be more secure? What are the positives and negatives to any of the approaches? Anything that I should be conscience of with any of the above?
Thanks in advance for any and all opinions and thoughts.
After posting the build, I decided to add a freeipa container to manage users/groups and provide local dns. Initially, I pooled the drives in Proxmox and used lxc bind mounts to present the pooled storage to my freeipa-enrolled SMB/NFS lxc container. This is where things hit a wall. Although the group owner for a directory on my pool was "media", the members of the "media" group were unable to access the directory. After some sleuthing and experimentation, I discovered that the pooling the drives at the Proxmox level caused the access problems because of the manner in which mergerfs handles supplementary groups. If the drives are pooled in a container enrolled with freeipa, the media group can access the directory.
With the problem identified, I can think of three solutions:
1. Create a lxc container and lxc bind mount the bulk storage drives to the container. Mergerfs would then be used in the container to pool the drives. The pooled storage would be accessed by other containers and computers via smb and nfs. Snapraid functionality would be kept at the Proxmox level;
2. Same as 1 above, but bring the Snapraid functionality into the lxc container;
3. Create a Ubuntu VM, passing through the HBA to the VM. Mergerfs would again be used to pool the drives in the VM. Like 1, the pooled storage would be accessed by the other containers and computers via smb and nfs. Obviously, the snapraid functionality would be handled within the VM.
Of the three above, what would be the best approach? Is another approach worth investigating? Would one solution be more secure? What are the positives and negatives to any of the approaches? Anything that I should be conscience of with any of the above?
Thanks in advance for any and all opinions and thoughts.