TrueNAS Apps: Tutorials
Application maintenance is independent from TrueNAS version release cycles.
App versions, features, options, and installation behavior at time of access might vary from documented tutorials and UI reference.
Asigra
21 minute read.
TrueNAS Enterprise
The Asigra DS-System app enables you to offer a robust, scalable service to multiple customers. Agentless architecture, where customers only need to install the DS-Client on one LAN computer, eliminates the need to install software on each target backup/restore computer.
If the DS-Client is networked with the target backup/restore computers, you can browse data, back it up, and restore it as required. Customers can run automatic and unattended backups for data environments ranging from single-user standalone computers to enterprise-wide LANs and WANs.
During backups, the DS-Client extracts changed data, compresses it, and encrypts the items specified for backup. Only new or modified data is backed up. This accelerates the backup transmission time. Backed-up data is transmitted to the secure off-site data center hosting the DS-System vault over the Internet, intranet, or a direct dial-up connection. After clearing security measures for the DS-Client, restores are performed on demand, through the same DS-Client.
The TrueNAS Asigra DS-System app is the vault. An agentless DS-Client backs up data in the vault. The DS-Operator is the management software for the DS-System.
After installing the Asigra DS-System app, register an account with Asigra if you do not already have one. Refer to communications from Asigra for the license and the link to the DS-Operator download. See Setting Up Asigra in the DS Operator below for the next steps after installing the Asigra DS-System app.
Before you install the Asigra app:
Read the Asigra DS-System User Guide.
For information on the DS-License Server, see Section 2.1 in the Asigra DS-System User Guide.
For information on creating customer accounts and DS-Client, see Section 3.1 in the Asigra DS-System User Guide.
For more information on DS-Client accounts, see Section 4.1 in the Asigra DS-System User Guide.
Set a pool for applications to use if not already assigned.
You can use either an existing pool or create a new one. TrueNAS creates the ix-apps (hidden) dataset in the pool set as the application pool. This dataset is internally managed, so you cannot use this as the parent when you create required application datasets.
After setting the pool, the Installed Applications screen displays Apps Service Running on the top screen banner.
Locate the run-as user for the app.
Take note of the run-as user for the app, shown on the app information screen in the Run As Context widget and in the Application Metadata widget on the Installed applications screen after the app fully deploys. The run-as user(s) get added to the ACL permissions for each dataset used as a host path storage volume.
(Optional) Create a new TrueNAS user account to manage this application. When creating a new user account to manage this application or using an existing TrueNAS administrator account, enable sudo permissions for that TrueNAS user account, select Create New Primary Group, and add the appropriate group in the Auxiliary Group for the type of user you want to create. Make note of the UID for the new user to add in the installation wizard.
Add the user ID to the dataset ACL permissions when setting up app storage volumes in the Install app wizard.
Create datasets for the storage volumes for the app.
Do not create encrypted datasets for apps if not required! Using an encrypted dataset can result in undesired behaviors after upgrading TrueNAS when pools and datasets are locked. When datasets for the containers are locked, the container does not mount, and the apps do not start. To resolve issues, unlock the dataset(s) by entering the passphrase/key to allow datasets to mount and apps to start.Go to Datasets and select the pool or dataset where you want to place the dataset(s) for the app. For example, /tank/apps/appName.
This basic procedure covers the required Asigra app settings. For optional settings, see Understanding App Installation Wizard Settings.
You can have multiple deployments of the same app (for example, two or more from the stable or enterprise trains, or a combination of the stable and enterprise trains).
Go to Apps, click on Discover Apps, and locate the app widget by either scrolling down to it or begin typing the name into the search field. For example, to locate the MinIO app widget, begin typing minIO into the search field to show app widgets matching the search input.
If this is the first application installed, TrueNAS displays a dialog about configuring apps.
If not the first time installing apps the dialog does not show, click on the widget to open the app information screen.
Click Install to open the app installation wizard.
Application configuration settings are grouped into several sections, each explained below in Understanding App Installation Wizard Settings. To find specific fields begin typing in the Search Input Fields search field to show the section or field, scroll down to a particular section, or click on the section heading in the list of sections on the upper-right of the wizard screen.
Accept the default value or enter a name in Application Name field. In most cases use the default name, but if adding a second deployment of the application you must change this name.
Accept the default version number in Version. When a new version becomes available, the application shows an update badge and the Application Info widget on the Installed applications screen shows the Update button.
Enter the Asigra Configuration settings.
Enter passwords for the database, root user, and the operator user oper.
Select the DS-Operator language from the dropdown list. English is the default language.
Enable Cluster is selected by default, with five cluster nodes set as the default cluster size. Accept the default or change to a value of 3-16 nodes based on your desired configuration.
The TrueNAS app is configured with all the environment variables required to deploy the app. If you want to customize the container, click Add to the right of Additional Environment Variables for each to enter the variable(s) and values(s).
Accept the default values in Network Configurations. See Network Configuration for details. Leave Host Network unselected.
Add your Storage Configuration settings.
For Asigra DS-System Configuration Storage, set the Type to Host Path (Path that already exists on the system). Select Enable ACL, then enter or browse to and select the data dataset to populate the Host Path field.
Click Add to the right of ACL Entries for each user or group entry you want to add. Click once to add the 0 user ID. Give it FULL_CONTROL Access.
Select Force Flag.
Next, for Asigra DS-System Postgres Data Storage, set Type to Host Path (Path that already exists on the system). Enter or browse to select the postgres_data dataset to populate the Host Path field. Do not click Edit ACL! Select Automatic Permissions to set the permissions for this dataset and for the parent dataset if storage volume datasets are nested under a parent dataset.
See Storage Configuration Settings below for more information.
Accept the defaults in Resources Configuration, and select the GPU option if applicable.
Click Install. A progress dialog displays before switching to the Installed applications screen. The Installed screen displays with the Asigra DS-System app in the Deploying state. Status changes to Running when ready to use.
See Setting Up the DS-System in DS-Operator below for the next steps.
After installing the Asigra application in TrueNAS, either click Register to open the Asigra New Account screen to register your company with Asigra, or if you already have a registered account, use the link provided by Asigra to download and extract the DS-Operator GUI program.
Asigra provides your valid license and the license server IP address or URL> Enter the IP address when adding the license server for your service. It also provides the link to where you download a zip file with the DS-Operator.
Install the DS-Operator on a local network with access to the TrueNAS system hosting the Asigra DS-System.
The instructions below cover the initial configuration of the TrueNAS Asigra DS-System after installing the TrueNAS app. It covers downloading and logging into the DS-Operator GUI, initializing the TrueNAS DS-System, adding the administrator user roles, and setting up the license server. Refer to Asigra documentation for additional customizing or managing instructions for your DS-Server or DS-Client products.
For help with Asigra products, contact Asigra.
The following instructions cover a Windows OS-based DS-Operator initial configuration:
Download the DS-Operator zip file and use a zip program like 7-Zip or WinZip to extract the
dsoper.jar file. Double-click on the extracted file in your Downloads File Explorer folder to launch the DS-Operator GUI program.Launch the DS-Operator GUI. Either double-click on the dsoper file in the File Explorer Downloads folder or right-click and select Open.
Log in as the default oper user and enter the password entered in the Operator Password field in the Install Asigra DS-System wizard. The TrueNAS Asigra app default user oper is preconfigured with all administration roles, but if you add some other user account to serve as the administration user you must assign the user the Data Operator, Account Manager, and Export CRI roles. Refer to the Asigra DS-System User Guide for more information.
If you receive authentication errors, you might need to add the oper user to your Windows system.
Set up the TrueNAS DS-Server using the DS-Operator GUI. Click Setup on the top toolbar, then click Initialization to open the DS-Operator Initialization window.
Click Add to open the Add a DS-System window. Enter the IP address for your TrueNAS server running the Asigra DS-System app, then click OK.
Click Refresh at the bottom left of the window to change the default IP address to the name of your DS-System.
Enter the license server for your DS-System. Select the checkbox to the left of the system name or IP address, click Setup on the top toolbar, and then select License Server to open the DS-License Server window for your system.
Enter the license server URL provided by Asigra, for example, rlm.asigra.com, verify the port number is 4417 or the port number Asigra provides with the license, then click Add.
You can now add your customer and DS-Client accounts. For more information refer to:
Adding customer accounts for each customer backing up data to the DS-System. Refer to Section 3 in the DS-System User Guide.
Adding DS-Client accounts for your customers. Refer to Section 4 in the DS-System User Guide.
Customizing your DS-Sever to suit your use case using the DS-Operator GUI. Refer to the DS-System User Guide.
The following section provides more detailed explanations of the settings in each section of the Install Asigra DS-System installation wizard.
Accept the default value or enter a name in Application Name field. In most cases use the default name, but if adding a second deployment of the application you must change this name.
Accept the default version number in Version. When a new version becomes available, the application shows an update badge and the Application Info widget on the Installed applications screen shows the Update button.
Select the timezone where your TrueNAS system is located. Begin typing the location into the Timezone field to filter the list until the location shows, then select it.
The app includes three passwords:
- Database Password - Sets a password for the DS-System database.
- Root Password - Set a password for the root run-as user. Allowed to connect to the DS-Operator GUI but is not assigned the administration roles. The root user can create a new user in the DS-Operator and assign administration roles to the new user. Refer to Asigra documentation for more information on assigning administration roles.
- Operator Password - Sets the password for the default DS-Operator administration user account oper. This user is preassigned the administration roles. Connect to the DS-Operator with this account and password.
Select the language for the DS-Operator. This sets the on-screen language for the DS-Operator UI. The default is English.
The app wizard is configured with all settings required to deploy the container, but you can add additional settings if you want to further customize the app in TrueNAS.
Click Add to the right of Environmental Variables to show a set of fields to configure the application with additional variables.
You can add environment variables to the app configuration after deploying it. Click Edit on the Application Info widget for the app found on the Installed Application screen to open the edit screen.
Asigra provides information on environment variables you can add through their DS-Client. For more information on these variables, see Sections 5.18.2 and 5.21.2 in the DS-Client User Guide.
The TrueNAS Asigra DS-System app has three default ports:
- 4401 assigned to and exposes the DS-Client
- 4404 assigned to and exposes the DS-Operator admin interface
- 4409 assigned to and exposes the DS-System replication interface
All TrueNAS apps are assigned default port numbers. Accept the default port numbers, but if changing port number assignments, enter a number within the range 1-65535, however, 0-1024 might require the application to have elevated privileges. Before changing default ports, refer to the TrueNAS default port list for a list of assigned and available port numbers.
We do not recommend selecting Host Network unless required for the specific application or workload. When required or strongly recommended for an application, TrueNAS typically enables host networking by default.
When host networking is disabled, specific ports from the container are exposed on the local network and mapped to a host port. This is the default Docker networking behavior. This approach provides better isolation, flexibility in port assignments, and improved security compared to enabling host networking.
Select Host Network to bypass port mapping, granting the container direct access network interfaces on the host. This can improve performance, especially in deployments with many users, and simplify network configuration, but compromises isolation and introduces the risk of port conflicts, limiting the ability to run multiple instances of the same app. For most deployments, default port mapping is more secure and versatile.
TrueNAS provides two options for storage volumes: ixVolumes and host paths. Asigra DS-System expects two host path storage volumes, data to hold app DS-System data and postgres_data for postgres database storage.
If you organize the data and postgres_data datasets under a parent dataset named asigra, you can set the permissions for the postgres and parent datasets by selecting Automatic Permissions under the Asigra DS-System Postgres Data Configuration settings. To show this option, set Type to Host Path. See Setting Dataset ACL Permissions below.
You can add extra storage volumes during the app installation or edit the application after it deploys. Stop the app before editing settings.
You can configure ACL permissions for a dataset through the Install Asigra DS-System wizard or from the Datasets screen after adding the datasets. We recommend using the Automatic Permissions option found in the Asigra DS-System Postgres Data Storage section to set the permissions for the postgres and parent datasets. Setting permissions from the Datasets screen requires several adjustments that, if not correctly set, prevent the app from deploying.
Select Enable ACL to show the ACL and ACE Entries options. Configure ACE entries for each UID and/or GID you recorded from the Run As Context widget in Before You Begin.
Select Force Flag to apply the ACL even if the path has existing data. This allows you to update the app when an update is available.
TrueNAS Additional Storage options include the ability to mount an SMB share inside the container pod.
If adding an SMB share as an additional storage volume, create the SMB dataset and share user(s), and add the user ID for the share user(s) to the dataset ACL.
Set Type an SMB/CIFS Share (Mounts a volume to a SMB share) to add an SMB share storage volume.
Select Read Only to make the storage volume read only.
Enter the path inside the container to mount the storage for the share volume in Mount Path.
Enter the server address for the SMB share in Server, the path to mount the SMB share in Path, and the share authentication user credentials in User and Password. (Optional) enter the share domain name in domain.
Permissions are currently limited to the permissions of the user that mounted the share.
Use the SMB option for data synchronization between a share and the app if the option shows on the screen. A present, only the Syncthing app includes this option.
Accept the default values in Resources Configuration or enter new CPU and memory values. By default, this application is limited to use no more than 2 CPU cores and 4096 megabytes available memory. The application might use considerably less system resources.
To customize the CPU and memory allocated to the container the app uses, enter new CPU values as a plain integer value (letter suffix is not required). The default is 4096.
Accept the default value (4 Gb) allocated memory or enter a new limit in bytes. Enter a plain integer without the measurement suffix, for example, 129 not 129M or 123MiB.