will EE rreplicate back to a core install?
Of course.
In my experience, some Core bug have limited the possibility: pratically i can can only PUSH from Scale to Core, PULL from Core not working because Scale not use root account
PULL from Core not working because Scale not use root account
It’s just disabled by default, but you have the option of using it. I’m using root on SCALE right now.
In my opinion, root disabling is one of those “security by obfuscation” things sponsored by Linuxisms (pioneered by Canonical) not unlike running services on different port number that doesn’t actually improve security and more like gives you a false sense of security. Disabling root does virtually nothing if you do stupid things like having password123 as your password with an account that has sudo access.
What does improve actual security is things like using good strong password, disabling remote password-based logins and only allow key-based remote logins with ed25519 or 4096-bit RSA keys.
2 Likes
For what my opinion can be worth (i have to admit, i’m not so confident on those args), your points are totally valid.
There are a lot of things that can mitigate the risks of use root account, instead there are a lot of worst mistakes that can’t help you neither using custom admin.
And i should have mention that:
PULL from Core not working because Scale not use root account, and there Is a bug on Core that will only use root as user login, neither of another username Is specified in the GUI.
Just for share all info to let Op make his own consideration
Thanks for that info, @oxyde.
I missed the problem with pull replication because I only use push everywhere. I like to have all configuration in one place, specifically snapshot frequency and retention times of both source and destination.
So let me rephrase my first post: of course you can push replicate from SCALE to CORE.
Second the fact that only the root user can log on to the UI is not a bug. It was a design decision at the time and will for obvious reasons not be changed for CORE, anymore.
I can’t see any reason why you couldn’t setup PULL from CORE so long as you setup all the relevant user / permissions / keys (although I haven’t tried it). You just need a user (doesn’t have to be root) on the primary system that has sudo permissions with no password and the relevant public key (they will need a homedir).
Ok so I managed to have a little play with this and it wasn’t quite as straightforward as I first thought.
It seems the biggest stumbling block is the requirement for passwordless sudo which in SCALE is a simple check box but in CORE is not.
You can (but I don’t recommend) edit the /usr/local/etc/sudoers file to allow passwordless sudo for your replication user and this setup works however after reboot these changes are lost and replication fails.
So it would seem that for the PULL replication (from CORE to SCALE) then the simple answer is no.
For our company time machine NAS, also CORE, which runs with Active Directory integration, I simply created a post-init task that gave all Domain Admins passwordless sudo on the NAS. Easy peasy.
Question: why can’t you run the task as root on CORE and configure an SSH connection to SCALE as a different SCALE user? I haven’t tried, yet.
1 Like
Cool.
I haven’t tried that either I was sticking with the non-root user theme but worth a shot.
What I have experienced Is that (have open a ticket on jira, can’t find now from phone but i will add It later when i go on PC 
):
- if you setup a SSH connection on Core, automatic setup, with an eg truenas_admin user/pass, the result Is that Core will try anyway to login to Scale using root as username, failing
- if you setup a SSH connection, manual setup, Core refusing to connect due to some TLS error in any case, failing
EDIT: ticket i was referring: Jira
tldr: first case is a bug that will not be resolved, the second case should work but for me no, isn’t working, and ticket has been closed
1 Like
glad to hear i can replicate from scale to core…i am reverting my main nas back to core…in preparation for a bigger move…potentially…
Well, i set up a temp SCALE instance on a spare server over the weekend after an animated thread on here and tried if i can replicate from CORE to SCALE just now. It works, but not with a different SCALE user, only with Root. I guess the same counts vice versa.
My plan is to wait for Fangtooth as i do want the dedicated IP for each app (and apparently it will also support onedrive for cloudsync) but i thought it wouldn’t hurt to get a taste of it already.
1 Like
i am not running any apps…i simply use it as a network storage/file server…i am not a fan of scale and will be taking my primary server back to core…
1 Like
After a couple of days of fiddling around with SCALE, i haven’t made up my mind yet. Clearly i am not used to the docker containers and the lack of transparency with containers. Jails made much more sense to me, an OS in an isolated space inside of an OS made sense to me as you could use the same approach and commands inside the jail. It feels i have less control with the containers. For the rest, all seems fairly ok. A couple of glitches such as the dashboard not holding the configuration entirely or the update train that doesn’t change once you have changed it to another train and want to switch to the previous train. Nothing major.
Incus containers coming in 25.04 may be more what you’re looking for
they are experimental so not yet ready for production.
so to swing this back on topic. i am actually going to revert my primary back to core today. i personally have not been a fan of scale and 25.x is showing me some serious p3erformance regressions. I am heading back to an earlier version right now…will figure out next steps over the next few days.
you can follow my performance troubleshooting here 25.04 performance problems after upgrade - #4 by hescominsoon
My primary is still Core. I have TN CE running on a spare server with same setup, e.g. Plex and Nextcloud as an app to learn more about the Linux environment and docker compose. In essence, it runs well with no issues but i do miss the lack of control of running something in a jail which is basically an OS within an OS so once you know, you know. Docker compose is a whole new animal to me and needs time. I will probably switch over once i get the hang of CE.