Configuration LaCie-CloudBox: Difference between revisions

From miki
Jump to navigation Jump to search
No edit summary
 
(59 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Install ==
== Reference information ==
* Device: '''Lacie-CloudBox 3TB'''
* Name: '''lacie-cloudbox'''
* Lacie-CloudBox dashboard: '''http://lacie-cloudbox/'''
=== Basic usage ===
;TODO - Move to own wiki page
Some commands to know for basic administration (TODO: )

<source lang="bash">
# Optware / Optware-ng
ipkg list | grep PACKAGE # Check if PACKAGE is available
ipkg list-installed # Check if PACKAGE is installed
ipkg install PACKAGE # Install PACKAGE

# Native
ngc --status # View status of services
ngc --reboot # REBOOT
reboot # ... idem
ngc --stop nfs/exportfs # STOP a service
</source>

=== Information ===
* Drive info:
:* '''Seagate Barracuda 3000GB ST3000DM001'''
:* {{red|Crash in September 2018}} (bought ~ June 2015, lifetime 3 yr).
* uname
<source lang=bash>
uname -a
# Linux LaCie-CloudBox 2.6.31.14-svn7493 #1 Fri Oct 17 14:00:51 UTC 2014 armv5tel GNU/Linux
</source>
* /proc/cpuinfo
<source lang="bash">
cat /proc/cpuinfo
# Processor : Feroceon 88FR131 rev 1 (v5l)
# BogoMIPS : 999.42
# Features : swp half thumb fastmult edsp
# CPU implementer : 0x56
# CPU architecture: 5TE
# CPU variant : 0x2
# CPU part : 0x131
# CPU revision : 1
#
# Hardware : familybox
# Revision : 0000
# Serial : 0000000000000000
</source>
* meminfo
<source lang="bash">
cat meminfo
# MemTotal: 254348 kB
# MemFree: 115412 kB
# Buffers: 3944 kB
# Cached: 76468 kB
# SwapCached: 0 kB
# Active: 58464 kB
# Inactive: 63856 kB
# Active(anon): 42692 kB
# Inactive(anon): 0 kB
# Active(file): 15772 kB
# Inactive(file): 63856 kB
# Unevictable: 0 kB
# Mlocked: 0 kB
# SwapTotal: 262124 kB
# SwapFree: 262124 kB
# Dirty: 0 kB
# Writeback: 0 kB
# AnonPages: 41932 kB
# Mapped: 19776 kB
# Slab: 11936 kB
# SReclaimable: 4772 kB
# SUnreclaim: 7164 kB
# PageTables: 1056 kB
# NFS_Unstable: 0 kB
# Bounce: 0 kB
# WritebackTmp: 0 kB
# CommitLimit: 389296 kB
# Committed_AS: 208068 kB
# VmallocTotal: 385024 kB
# VmallocUsed: 992 kB
# VmallocChunk: 382244 kB
</source>
* free
<source lang="bash">
free
# total used free shared buffers
# Mem: 254348 138996 115352 0 3976
# -/+ buffers: 135020 119328
# Swap: 262124 0 262124
</source>

Mounting the drive in another pc, we see the following structure:
<source lang="bash">
sudo parted -l
# Model: ATA ST3000DM001-1CH1 (scsi)
# Disk /dev/sdb: 3001GB
# Sector size (logical/physical): 512B/4096B
# Partition Table: gpt
#
# Number Start End Size File system Name Flags
# 1 1049kB 2097kB 1049kB grub_core bios_grub
# 2 2097kB 203MB 201MB ext2 boot_rescue
# 3 203MB 204MB 1049kB ext2 nv_data
# 4 204MB 1815MB 1611MB ext2 root_1 raid
# 5 1815MB 3426MB 1611MB ext2 root_2 raid
# 6 3426MB 4499MB 1074MB ext3 var raid
# 7 4499MB 4768MB 268MB linux-swap(v1) swap raid
# 8 4768MB 3001GB 2996GB user_data raid
#
#
# Model: Linux Software RAID Array (md)
# Disk /dev/md4: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
#
# Number Start End Size File system Flags
# 1 0.00B 1611MB 1611MB ext2
#
#
# Model: Linux Software RAID Array (md)
# Disk /dev/md5: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
#
# Number Start End Size File system Flags
# 1 0.00B 1611MB 1611MB ext2
#
#
# Model: Linux Software RAID Array (md)
# Disk /dev/md6: 1074MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
#
# Number Start End Size File system Flags
# 1 0.00B 1074MB 1074MB ext3
#
#
# Model: Linux Software RAID Array (md)
# Disk /dev/md7: 268MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
#
# Number Start End Size File system Flags
# 1 0.00B 268MB 268MB linux-swap(v1)
</source>

The disk is organized as follows :
* {{file|/dev/sdb4}} and {{file|/dev/sdb5}} are raid volumes that contains two copies of the same root partition. The other copy is used when doing a firmware update (''ping-pong'' approach, see [https://forum.nas-central.org/viewtopic.php?f=277&t=17409&sid=7d077fdc7f74414f02c86a5d99793d61&start=15#p96821]). We mount them with:
<source lang="bash">
mdadm --assemble --run /dev/md4 /dev/sdb4 # Done automatically on Ubuntu
mdadm --assemble --run /dev/md5 /dev/sdb5 # Done automatically on Ubuntu
mount /dev/md4 /mount/md4
mount /dev/md5 /mount/md5
</source>
* {{file|/dev/sdb6}} contains another raid partition, mounted as an additional layer over root partition above. It contains:
<source lang="c">
/dev/md6
0/
etc/
root/
var/
1/
etc/
root/
var/
lost+found/
tmp/
</source>

=== Initng config ===
<source lang="bash">
mount
# rootfs on / type rootfs (rw)
# /dev/md5 on / type ext2 (ro,relatime,errors=continue)
# /dev/md6 on /rw type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /var type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /etc type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /root type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# none on /tmp type tmpfs (rw,relatime)
# none on /media type tmpfs (rw,relatime)
# none on /shares type tmpfs (rw,relatime)
# none on /lacie type tmpfs (rw,relatime)
# proc on /proc type proc (rw,relatime)
# sysfs on /sys type sysfs (rw,relatime)
# udev on /dev type tmpfs (rw,relatime,mode=755)
# devpts on /dev/pts type devpts (rw,relatime,mode=600)
# /dev/dm-0 on /media/internal_11 type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/tmp type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/var type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/torrent_dir type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/autoupdate type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/afp_db type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/Family type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/admin type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/beq06659 type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/NetBackup type ext4 (rw,relatime,barrier=1,data=ordered)
</source>

file {{file|/etc/initng/runlevel/default.runlevel}}
<source lang="text">
# +--+ File autogenerated by sbs_plugin projectfilepatcher (Stage: RELEASE) +--+N
initial
dbus
udev
ublocks
dhcdbd
logrotate
syslogd
klogd
NetworkManager
http
getty/S0
getty/0
sshd/generate_keys
sshd
cron
unicorn
thumbd
unicorn/ready
mdadm/monitor
buttons-manager
</source>

== Configuration ==
=== First install ===
* Network share available at <code>smb://lacie-cloudbox/</code>.
* Network share available at <code>smb://lacie-cloudbox/</code>.
* Cloudbox dashboard available at http://lacie-cloudbox.local.
* Cloudbox dashboard available at http://lacie-cloudbox.local.
Line 6: Line 229:
* Enable the '''netbackup-share''' (port 873, encrypted port 22)
* Enable the '''netbackup-share''' (port 873, encrypted port 22)
* Create user '''beq06659''', with private share.
* Create user '''beq06659''', with private share.

{|class=wikitable
|-
|MAC
|00:d0:4b:96:34:32
|-
|IP
|172.19.100.98
|-
|hostname
|lacie-cloudbox
|}

=== Rooting ===

;First rooting
* Guide: http://lacie.nas-central.org/wiki/Category:CloudBox#Enabling_Secure_Shell
* Log: See [[Lacie NAS rooting]] for install log first rooting.

* Create {{file|telnetd.sh}} in a share root
<source lang="bash">
cat > /smb/lacie-cloudbox/family/telnetd.sh <<- __END__
#!/bin/sh
/usr/sbin/telnetd -l /bin/sh
__END__
</source>

* Get and build clunc:
<source lang="bash">
# CLUNC Home: http://lacie-nas.org/doku.php?id=clunc
git clone http://git.lacie-nas.org/clunc.git
cd clunc
make
</source>

* Run clunc, and reboot lacie:
<source lang="bash">
./clunc -i 192.168.1.98
</source>

* ...

When we get root access, we changed the following file:
* Edit file {{file|/etc/initng/runlevel/default.runlevel}}:
<source lang="diff">
-#sshd
+sshd
</source>
* Edit file {{file|/etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf}}
<source lang="diff">
-enabled: false
+enabled: true
</source>
* Edit file {{file|/etc/ssh/sshd_config}}
<source lang="diff">
-PermitRootLogin no
-AllowUsers netbackup
+PermitRootLogin yes
+AllowUsers root netbackup git
+Match User root
+Match User git
</source>
* Add to file {{file|/etc/environment}}:
<source lang="bash">
PATH=/opt/bin:/opt/sbin
</source>
* Edit file {{file|/etc/lighttpd/lighttpd.conf}}
<source lang=diff>
--- lighttpd.conf.bak 2017-04-24 17:36:43.000000000 +0200
+++ lighttpd.conf 2017-04-24 17:38:19.000000000 +0200
@@ -1,6 +1,6 @@
server.modules = (
-# "mod_redirect",
-# "mod_cgi",
+ "mod_redirect",
+ "mod_cgi",
"mod_expire",
"mod_compress",
"mod_proxy",
@@ -9,6 +9,8 @@
"mod_setenv",
"mod_secdownload",
"mod_access",
+ "mod_alias",
+ "mod_auth",
)
include "secure_password.inc"
@@ -27,9 +29,19 @@
url.rewrite-once = ("^/info$" => "/api/external/1.0/system_info","^/diagnostics$" => "/api/external/1.0/diagnostics")
index-file.names = (
- "index.html", "index.php"
+ "index.html", "index.php", "index.cgi"
)
+# Force HTTPS
+$HTTP["scheme"] == "http" {
+ # capture vhost name with regex conditiona -> %0 in redirect pattern
+ # must be the most inner block to the redirect rule
+ $HTTP["url"] =~ "/backuppc" {
+ $HTTP["host"] =~ ".*" {
+ url.redirect = (".*" => "https://%0$0")
+ }
+ }
+}
$HTTP["url"] =~ "index"{
setenv.add-response-header = ( "Cache-Control" => "no-cache, no-store" )
@@ -61,6 +73,21 @@
url.access-deny = ("")
}
+## >>>>>>>>>>>> ADDED FOR BACKUPPC
+cgi.assign += ( "/opt/local/backuppc/cgi-bin/index.cgi" => "" )
+#alias.url += ("/backuppc/index.cgi" => "/opt/local/backuppc/cgi-bin/index.cgi")
+alias.url += ("/backuppc" => "/opt/local/backuppc/cgi-bin" )
+#alias.url += ("/BackupPC_Admin" => "/shares/backuppc/www/cgi-bin/BackupPC_Admin")
+auth.debug = 2
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/etc/lighttpd/lighttpd-htpasswd.user"
+auth.require = ( "/backuppc" =>
+ ( "method" => "basic", "realm" => "Password protected area", "require" => "user=backuppc" )
+)
+
+## Added for rubik's WCA official scrambler / timer
+alias.url += ("/tnt" => "/opt/local/tnoodle-timer/tnt.html" )
+
proxy.server = (
"/api" => (
"tornado" => (
</source>

;Second rooting
After firmware upgrade, we need to root it again. This time clunc method no longer works.
* Mount drive in another pc
* Mount partition {{file|/dev/md6}} and copy back configuration changes (see above) from {{file|/dev/md6/1}} to {{file|/dev/md6/0}} (or vice-versa, depending on which image contains the new firmware).
* Note that originally we tried to edit directly the partitions {{file|/dev/md4}} but this does not work since the configuration is overridden by files in {{file|/dev/md6}}.

=== Install Optware ===
Summary of changes:
* Create and populate {{file|/opt}}.
* Update <code>PATH</code> in {{file|/root/.profile}}.
* Create file {{file|/etc/initng/optware.i}}.
* Add <code>optware</code> to {{file|/etc/initng/runlevel/default.runlevel}}.

This is copied from the guide [http://lacie.nas-central.org/wiki/Category:CloudBox#Enabling_Secure_Shell]:
* Create a location for optware root:
<source lang="bash">
mkdir /shares/admin/opt # This assumes a share 'admin' exists
mkdir /opt
mount -o bind /shares/admin/opt /opt
</source>

* Manually download and Extract the ipkg-opt package.
:There's a chicken-and-egg situation we need to overcome, where we cannot install the ipkg-opt package without a package manager. We solve this by replicating the basic functions of the ipkg binary.

<source lang="bash">
cd /opt
feed=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/
feednative=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable
ipkg_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'`
wget $feed/$ipkg_name
tar -xOvzf $ipkg_name ./data.tar.gz | tar -C / -xzvf -
rm $ipkg_name
</source>

* Configure Package Sources

<source lang="bash">
mkdir -p /opt/etc/ipkg
echo "src cross $feed" > /opt/etc/ipkg/feeds.conf
echo "src native $feednative" >> /opt/etc/ipkg/feeds.conf
</source>

* Prepare Root's Profile

<source lang="bash">
echo -e "\nexport PATH=/opt/bin:/opt/sbin:\$PATH" >> /root/.profile
source /root/.profile
</source>

* Update the Package Lists

<source lang="bash">
ipkg update
</source>

* Install the Optware Init Driver Script
:Create the file {{file|/opt/etc/rc.optware}} containing the following:

<source lang="bash">
#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue

case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done
</source>

:Make the file executable:

<source lang="bash">
chmod 755 /opt/etc/rc.optware
</source>

* Install the Optware InitNG File

This file is used by initng to launch the {{file|rc.optware}} file we just created. Copy the contents into the file into {{file|/etc/initng/optware.i}}:

<source lang="bash">
#!/sbin/itype
# This is a i file, used by initng parsed by install_service

service optware {
need = unicorn/ready;
stdall = /var/log/messages;
script start = {
if test -z "${REAL_OPT_DIR}"; then
REAL_OPT_DIR=/shares/admin/opt/
fi
if test -n "${REAL_OPT_DIR}"; then
if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
mkdir -p /opt
mount -o bind ${REAL_OPT_DIR} /opt
fi
fi
[ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
};
script stop = {
umount -l /opt
};
}
</source>

* Add optware to the end of {{file|default.runlevel}}

<source lang="bash">
echo "optware" >> /etc/initng/runlevel/default.runlevel
</source>

* Tell initng to start Optware

<source lang="bash">
ngc --start optware
</source>

:After a reboot, /opt should be mounted, and any packages that install scripts in /etc/init.d/ (eg openssh) should have them executed at start-up time.

=== Install Git ===

* Create user git in the unicorn interface (or user will not be available after reboot).
* Edit {{file|/etc/passwd}} as follows:
<source lang="bash">
git:x:503:100:None:/shares/git:/opt/bin/git-shell
</source>
* Enable user git in {{file|/etc/ssh/sshd_config}}:
<source lang="bash">
-AllowUsers root netbackup
+AllowUsers root netbackup git
Match User root
Match User netbackup
ForceCommand /usr/bin/nas-backup-server-runner
+Match User git
</source>
* Create and edit {{file|/shares/git/.ssh}} as usual
* Restart sshd
<source lang="bash">
ngc --restart sshd
</source>
* In {{file|}}/etc/shadow, make sure that user is not disabled.
<source lang="bash">
git:!:16485:0:99999:7::: <--- no password and login forbidden
git:*:16485:0:99999:7::: <--- no password but login allowed
</source>

Most of the above is now done in our script {{file|init.d/S80config}}.

Git needs a lot of memory when compressing its database (occurs at each <code>fetch</code>!). To limit this, run as root:
<source lang=bash>
git config --system pack.windowmemory 128m
git config --system pack.packsizelimit 1g
git config --system pack.threads 1
git config --system core.bigFileThreshold 16m
</source>

Then as user ''git'', in all relevant projects (typically those with big files)
<source lang=bash>
cd ~/git/minecraft_nosaves.git
git config --local core.bigFileThreshold 10m
</source>

=== Install rsync ===
We do via user ''git'', so:
* Set <code>/bin/bash</code> as shell for user ''git'' in {{file|/etc/passwd}}
* Set <code>PermitUserEnvironment yes</code> in {{file|/etc/ssh/sshd_config}}
* Create file {{file|/shares/git/.ssh/environment}} to add rsync into path:
PATH=/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin

=== Startup script ===
Create the file {{file|/opt/etc/init.d/S80config}} (chmod 755):
<source lang=bash>
#! /bin/sh

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then
# Enable ssh login with user git
sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
# Enable user environment for user git (in order to set PATH)
sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
# Restart sshd
ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi
</source>

Create the hosts include file {{file|/opt/etc/hosts.inc}}:
<source lang=bash>
# ###hosts.inc### additional hosts for lacie-cloudbox
172.19.3.1 local.gateway # Static
172.19.3.2 manticore # Static?
172.19.100.1 gryphon
172.19.100.2 minimoy # DHCP Static 00:24:54:02:98:8d
172.19.100.3 unicorn # obsolete
172.19.100.4 beqleunxp1nb103 # obsolete
172.19.100.5 nxl67002ux # obsolete
172.19.100.6 griffin # DHCP Static 68:b5:99:f2:4d:99
172.19.100.7 lambada # obsolete
172.19.100.8 reddragon
172.19.100.9 leviathan # obsolete
172.19.100.10 nxl67063 # obsolete
172.19.100.11 mandala # DHCP Static 00:1b:24:fa:a2:9b
172.19.100.12 nxl67002 # obsolete
172.19.100.13 nxl67063ux # obsolete
172.19.100.14 nxl67170ux # DHCP Static b8:ca:3a:cc:07:bf
172.19.100.15 pc-112-597 # DHCP Static b8:ca:3a:93:91:27
172.19.100.16 zyratastic
172.19.100.17 graphicdaemon
172.19.100.18 xbmcbuntu # DHCP Static 00:01:2e:4e:46:05 00:01:2e:4e:46:06
172.19.100.19 zavcxl0005 # DHCP Static 48:0f:cf:27:ad:ad
# 172.19.100.98 lacie-cloudbox # Static
172.19.100.99 mnemosyne # Static
172.19.100.102 minimoy-wlan # DHCP Static 00:26:5e:37:83:ea
172.19.100.105 nxl67002ux-wlan # DHCP Static
172.19.100.106 griffin-wlan # DHCP Static 00:24:d7:7d:4e:94
172.19.100.107 apple-pi # Static
172.19.100.111 mandala-wlan # DHCP Static 00:1d:92:13:d2:7d
172.19.100.114 nxl67170ux-wlan # DHCP Static 84:3a:4b:22:0d:0c
172.19.100.116 zyratastic-wlan
172.19.100.118 xbmcbuntu-wlan # DHCP Static 0c:d2:92:54:c1:53
172.19.100.119 zavcxl0005-wlan # DHCP Static ac:fd:ce:40:c5:31
172.19.100.120 galaxy
</source>

=== Install Unison ===
* ''ipkg'' provides unison 2.27.57. It can be installed via <code>ipkg install unison</code>.
<source lang=bash>
ipkg list | grep unison
# unison - 2.27.57-2 - A cross-platform file-synchronization tool.
</source>
* To get a more recent version, see [[Unison]] to compile from source. v2.40.102 is the same as on Ubuntu Trusty 14.04.

=== Netconsole server ===
On lacie-cloudbox:
* First install <code>netcat</code>:
ipkg install netcat
* Then start the server:
mkdir -p /shares/beq06659/netconsole
nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&

On the client, at reboot/wake-up:
<source lang=bash>
NETCON_TGTHOST=lacie-cloudbox
NETCON_PORT=6666
echo "[------------] Redocking on $(date +"%Y-%m-%d %H:%M:%S")..." | nc -w 1 -u -p 6665 $NETCON_TGTHOST $NETCON_PORT
if [ -n "$NETCON_TGTHOST" ]; then
NETCON_TGTIP=$(getent hosts $NETCON_TGTHOST|awk '{print $1}')
ping -c 1 $NETCON_TGTIP >/dev/null
NETCON_TGTMAC=$(arp -n $NETCON_TGTIP|awk '/ether/{print $3}')
echo "Setting up netconsole for location '$LOCATION' ($NETCON_TGTHOST,$NETCON_TGTIP/$NETCON_TGTMAC)"
sudo rmmod netconsole 2> /dev/null
sudo modprobe netconsole netconsole=@/,$NETCON_PORT@$NETCON_TGTIP/$NETCON_TGTMAC
else
echo "netconsole - Unknown location $LOCATION"
fi
</source>

=== Install Optware-ng ===
'''[https://github.com/Optware/Optware-ng Optware-ng]''' is more up-to-date version of Optware. In particular it provides Perl 5.22 with threads, which is necessary to run some autoconf utilities (<code>aclocal</code>).

Our NAS is a armv5tel with kernel 2.6.31-14 (see <code>uname -a</code>), so we pick the '''ARMv5 EABI legacy''' feed.

* Create an {{file|/opt}} mount point:
<source lang="bash">
mkdir /shares/admin/opt-ng
mkdir /opt
mount -o bind /shares/admin/opt-ng /opt
</source>
* Bootstrap ipkg. We execute the script http://ipkg.nslu2-linux.org/optware-ng/bootstrap/buildroot-armv5eabi-ng-legacy-bootstrap.sh:
<source lang="bash">
feed=http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy
ipk_name=$(wget -qO- $feed/Packages | awk '/^Filename: ipkg-static/ {print $2}')
wget -O /tmp/$ipk_name $feed/$ipk_name
tar -C /tmp -xvzf /tmp/$ipk_name ./data.tar.gz
tar -C / -xzvf /tmp/data.tar.gz
rm -f /tmp/$ipk_name /tmp/data.tar.gz
echo "src/gz optware-ng $feed" > /opt/etc/ipkg.conf
echo "dest /opt/ /" >> /opt/etc/ipkg.conf
</source>
* Update PATH (if not in {{file|/root/.profile}} already):
<source lang="bash">
export PATH=/opt/bin:/opt/sbin:$PATH
</source>
* Update and install a few packages:
<source lang="bash">
ipkg install perl par2cmdline
ipkg install perl-compress-zlib perl-archive-zip
</source>
* Install {{deb|optware-devel}}
<source lang="bash">
ipkg install optware-devel
# ERROR!
# ...
# Downloading http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy/libc-dev_1.0.15-3_arm.ipk.
# To remove package debris, try `ipkg remove libc-dev`.
# To re-attempt the install, try `ipkg install libc-dev`.
# Configuring ncurses-base.
# ...
# update-alternatives: Linking //opt/bin/patch to /opt/bin/patch-patch
# Collected errors:
# * check_data_file_clashes: Package libc-dev wants to install file /opt/include/iconv.h
# But that file is already provided by package * libiconv
# * opkg_install_cmd: Cannot install package optware-devel.

# Fix the error with:
ipkg install --force-overwrite libc-dev
# If this fails:
# Collected errors:
# * pkg_get_installed_files: Failed to open //opt/lib/ipkg/info/libc-dev.list: No such file or directory.
# try to remove package first, and install again:
ipkg remove libc-dev
ipkg install --force-overwrite libc-dev

# Resume optware-devel install:
ipkg install optware-devel
</source>
* Install {{deb|dhcp}}, {{deb|vim}}, {{deb|procps}}, {{deb|git}}...
<source lang="bash">
ipkg install dhcp vim procps git iotop atop procps
</source>

* Restore {{file|/opt/etc/rc.optware}}, {{file|/opt/etc/rsyncd.conf}}, {{file|/opt/etc/dhcpd.conf}}, {{file|/opt/etc/init.d/S80config}}
<source lang="bash">
cp /shares/admin/opt/etc/rc.optware /opt/etc
cp /shares/admin/opt/etc/dhcpd.conf /opt/etc
cp /shares/admin/opt/etc/rsyncd.conf /opt/etc
cp /shares/admin/opt/etc/init.d/S80config /opt/etc/init.d/
cp /shares/admin/opt/etc/hosts.inc /opt/etc
</source>
File {{file|/opt/etc/rc.optware}}:
<source lang="bash">
#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue

case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done
</source>
File {{file|/opt/etc/dhcpd.conf}}:
<source lang="bash">
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "hell";
option domain-name-servers 192.168.1.1;

default-lease-time 86400;
max-lease-time 864000;

option time-offset 0;
option routers 192.168.1.1;
# option ntp-servers 195.13.1.153;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

# subnet 10.152.187.0 netmask 255.255.255.0 {
# }

# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.16 192.168.1.63;
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

# subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
# }

# A slightly different configuration for an internal subnet.
# subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
# }

# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

# host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
# }

# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
# host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
# }

host manticore {
hardware ethernet 00:1d:7e:0c:24:5f;
fixed-address 192.168.1.2;
}

host tvsettopbox {
hardware ethernet f4:5f:d4:9e:20:2e;
fixed-address 192.168.1.64;
}

host minimoy-wlan {
hardware ethernet 00:26:5e:37:83:ea;
fixed-address 192.168.1.102;
}

host griffin-wlan {
hardware ethernet 00:24:d7:7d:4e:94;
fixed-address 192.168.1.106;
}

host apple-pi {
hardware ethernet b8:27:eb:30:66:7f;
fixed-address 192.168.1.107;
}

host mandala-wlan {
hardware ethernet 00:1d:92:13:d2:7d;
fixed-address 192.168.1.111;
}

host nxl67170ux.wlan {
hardware ethernet 84:3a:4b:22:0d:0c;
fixed-address 192.168.1.114;
}

host zyratastic-wlan {
hardware ethernet 24:0a:64:69:09:57;
fixed-address 192.168.1.116;
}

host graphicdaemon-wlan {
hardware ethernet 54:27:1e:76:40:df;
fixed-address 192.168.1.117;
}

host xbmcbuntu-wlan {
hardware ethernet 0c:d2:92:54:c1:53;
fixed-address 192.168.1.118;
}

host zavcxl0005-wlan {
hardware ethernet ac:fd:ce:40:c5:31;
fixed-address 192.168.1.119;
}

host alpha-blue {
hardware ethernet f4:09:d8:97:c1:78;
fixed-address 192.168.1.121;
}

host minimoy {
hardware ethernet 00:24:54:02:98:8d;
fixed-address 192.168.1.202;
}

host griffin {
hardware ethernet 68:b5:99:f2:4d:99;
fixed-address 192.168.1.206;
}

host mandala {
hardware ethernet 00:1b:24:fa:a2:9b;
fixed-address 192.168.1.211;
}

host nxl67170ux {
hardware ethernet b8:ca:3a:cc:07:bf;
fixed-address 192.168.1.214;
}

host pc-112-597 {
hardware ethernet b8:ca:3a:93:91:27;
fixed-address 192.168.1.215;
}

host zyratastic {
hardware ethernet 74:d0:2b:b8:10:2d;
fixed-address 192.168.1.216;
}

host graphicdaemon {
hardware ethernet 10:c3:7b:1a:b2:1a;
fixed-address 192.168.1.217;
}

host xbmcbuntu {
hardware ethernet 00:01:2e:4e:46:05;
fixed-address 192.168.1.218;
}

# xbmcbuntu 2nd ethernet
host xbmcbuntu2 {
hardware ethernet 00:01:2e:4e:46:06;
fixed-address 192.168.1.218;
}

host zavcxl0005 {
hardware ethernet a0:d3:c1:9c:59:56;
fixed-address 192.168.1.219;
}

# host galaxy {
# hardware ethernet --:--:--:--:--:--;
# fixed-address 192.168.1.120;
# }

# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

# class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
# }

# shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
# }
</source>
File {{file|/opt/etc/rsyncd.conf}}:
<source lang="bash">

# rsyncd.conf
#
# configure according to your needs

uid = nobody
gid = everyone
use chroot = yes
max connections = 5
syslog facility = local3
pid file = /var/run/rsyncd.pid
secrets file = /opt/etc/rsyncd.secrets

#[backup]
# path = /share/hdd/data/backup
# comment = nslu2 backup
# read only = no
# auth users = harry
# hosts allow = 192.168.10.10
# hosts deny = *
</source>
File {{file|/opt/etc/init.d/S80config}}:
<source lang="bash">

#! /bin/sh

echo "Running $0 on $(date)" >> /root/s80config.log

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then
# Enable ssh login with user git
sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
# Enable user environment for user git (in order to set PATH)
sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
# Restart sshd
ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi

# Start netconsole listener
# Requires: ipkg install netcat
# if ! pgrep -f "nc -l -p 6666" >/dev/null 2>/dev/null; then
# echo "Starting netconsole listener"
# mkdir -p /shares/beq06659/netconsole
# nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&
# fi

</source>
File {{file|/opt/etc/hosts.inc}}:
<source lang="bash">
# ###hosts.inc### additional hosts for lacie-cloudbox
192.168.3.1 local.gateway # Static
192.168.3.2 manticore # Static?
192.168.1.201 gryphon
192.168.1.202 minimoy # DHCP Static 00:24:54:02:98:8d
192.168.1.203 unicorn # obsolete
192.168.1.204 beqleunxp1nb103 # obsolete
192.168.1.205 nxl67002ux # obsolete
192.168.1.206 griffin # DHCP Static 68:b5:99:f2:4d:99
192.168.1.207 lambada # obsolete
192.168.1.208 reddragon
192.168.1.209 leviathan # obsolete
192.168.1.210 nxl67063 # obsolete
192.168.1.211 mandala # DHCP Static 00:1b:24:fa:a2:9b
192.168.1.212 nxl67002 # obsolete
192.168.1.213 nxl67063ux # obsolete
192.168.1.214 nxl67170ux # DHCP Static b8:ca:3a:cc:07:bf
192.168.1.215 pc-112-597 # DHCP Static b8:ca:3a:93:91:27
192.168.1.216 zyratastic
192.168.1.217 graphicdaemon
192.168.1.218 xbmcbuntu # DHCP Static 00:01:2e:4e:46:05 00:01:2e:4e:46:06
192.168.1.219 zavcxl0005 # DHCP Static 48:0f:cf:27:ad:ad
# 192.168.1.98 lacie-cloudbox # Static
192.168.1.99 mnemosyne # Static
192.168.1.102 minimoy-wlan # DHCP Static 00:26:5e:37:83:ea
192.168.1.105 nxl67002ux-wlan # DHCP Static
192.168.1.106 griffin-wlan # DHCP Static 00:24:d7:7d:4e:94
192.168.1.107 apple-pi # Static
192.168.1.111 mandala-wlan # DHCP Static 00:1d:92:13:d2:7d
192.168.1.114 nxl67170ux-wlan # DHCP Static 84:3a:4b:22:0d:0c
192.168.1.116 zyratastic-wlan
192.168.1.118 xbmcbuntu-wlan # DHCP Static 0c:d2:92:54:c1:53
192.168.1.119 zavcxl0005-wlan # DHCP Static ac:fd:ce:40:c5:31
192.168.1.120 galaxy
</source>

* Create the start script {{file|/etc/initng/optware-ng.i}}:
<source lang="bash">
#!/sbin/itype
# This is a i file, used by initng parsed by install_service

service optware-ng {
need = unicorn/ready;
stdall = /var/log/messages;
script start = {
if test -z "${REAL_OPT_DIR}"; then
REAL_OPT_DIR=/shares/admin/opt-ng/
fi
if test -n "${REAL_OPT_DIR}"; then
if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
mkdir -p /opt
mount -o bind ${REAL_OPT_DIR} /opt
fi
fi
[ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
};
script stop = {
umount -l /opt
};
}
</source>
* Add the service to {{file|/etc/initng/runlevel/default.runlevel}}, and start it:
<source lang="bash">
echo optware-ng >> /etc/initng/runlevel/default.runlevel
ngc --start optware-ng
</source>

=== {{file|/root}} configuration ===

file {{file|README}}:
<source lang="text">
DHCP Server
-----------

/opt/etc/dhcpd.conf
config file

/opt/etc/dhcpd.leases
current leases
</source>

file {{file|backup_all.txt}}:
<source lang="text">
unison backup.prf # Make sure that pc-112-567 is up
unison photos.prf # Make sure that mnemosyne is up
unison archives.prf # Make sure that mnemosyne is up
unison musics.prf # Make sure that mnemosyne is up
</source>

file {{file|CLEAR_MEMORY.sh}}:
<source lang="bash">
#! /bin/sh

# Run this script to free memory for backuppc

pkill -SIGSTOP -f unicorn # I stop it first so that it can't react
pkill -SIGKILL -f unicorn # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd # media server stuff
pkill -SIGKILL twonky # media server stuff
pkill -SIGKILL php-cgi # php-cgi server launcher by lighttpd

# Might also need to STOP/KILL python process, but should kill only the 'unicorn' one
#pkill -SIGSTOP python...

# The following might help as well, because twonky keep restarting
# ngc -d unicorn
</source>

file {{file|.profile}}:
* Add <code>/opt/local/bin</code> to PATH (for access to upgraded <code>pip</code>).

=== NFS ===
NFS services are available natively:
<source lang="bash">
ngc --status|grep nfs
# 01:01:49 S nfs/exportfs : SERVICE_STOPPED
# 01:01:49 S nfs/mount : SERVICE_STOPPED
# 01:01:47 S nfs/prepare : SERVICE_DONE
</source>

First edit {{file|/etc/exports}} (see [[Nfs]]). The line below is inspired from NFS configuration on Synology NAS:
<source lang=bash>
/shares/beq06659/urbackup 192.168.1.192/26(rw,async,no_subtree_check,root_squash,insecure_locks)
</source>

Start NFS with:
<source lang="bash">
ngc --start nfs
exportfs -a # To do each time /etc/exports is changed
</source>

;Update
Strangely nfs services disappear after some time:
<source lang="bash">
ngc --status|grep nfs
# 01:01:47 S nfs/prepare : SERVICE_DONE
</source>
However we can still start them manually with <code>ngc --start nfs</code>.


== Shares ==
== Shares ==
Line 18: Line 1,193:


== Backup ==
== Backup ==

=== Backup Mnemosyne ===
We use unison.

{{hiddenSourceFile|/root/.unison/|default.prf|content=<source lang=bash class="default.prf">
# Unison default preferences file

# Fastcheck - by default false on windows machine, and true on Unix machine.
# When true, uses modification date + file size as inone number. Otherwise do a full scan
fastcheck = true

# If any new preferences are added by Unison (e.g. 'ignore'
# preferences added via the graphical UI), then store them in the
# default profile file
addprefsto = default.prf

# Ignore file permissions (necessary on samba/CIFS fs)
# perms = 0

# Make sure that both roots are mounted
mountpoint = .

# Common Ignore specification
ignore = Name System Volume Information
</source>
}}

{{hiddenSourceFile|/root/.unison/|musics.prf|content=<source lang=bash class="musics.prf">
# Common include
include default.prf

root = /shares/Family/musics
root = ssh://root@mnemosyne//volume1/musics

# Where to find unison on remote server
servercmd = /opt/bin/unison

# don't ask for non-conflicting changes
auto = true

# We *MUST* sync permissions because unison defaults would prevent access to files/folders
# via samba shares (since unison runs as root)
# perms = 0
</source>
}}

{{hiddenSourceFile|/root/.unison/|archives.prf|content=<source lang=bash class="archives.prf">
# Common include
include default.prf

root = /shares/Family/archives
root = ssh://root@mnemosyne//volume1/archives

# Where to find unison on remote server
servercmd = /opt/bin/unison

# don't ask for non-conflicting changes
auto = true

# We *MUST* sync permissions because unison defaults would prevent access to files/folders
# via samba shares (since unison runs as root)
# perms = 0
</source>
}}

=== BackupPC ===
* See also [[Backuppc]]

;Fix broken pipe errors
Backuppc requires lot of memory (rsync). To free as much as possible, I kill all python stuff (except <code>ublock-daemon</code>) and all media stuff:
<source lang=bash>
pkill -SIGSTOP -f unicorn # I stop it first so that it can't react
pkill -SIGKILL -f unicorn # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd # media server stuff
pkill -SIGKILL twonky # media server stuff
pkill -SIGKILL php-cgi # php-cgi server launcher by lighttpd
</source>

=== Duplicity (Obsolete) ===
''This section is OBSOLETE &mdash; I no longer use duplicity''


* Backup done with deja-dup, which use '''duplicity''' as back-end
* Backup done with deja-dup, which use '''duplicity''' as back-end
* Duplicity can't access samba share. Instead mount samba share locally, and use {{file|file:///smb/lacie-cloudbox/sharename}} instead. Note the '''triple''' slash.
* Duplicity can't access samba share. Instead mount samba share locally, and use {{file|file:///smb/lacie-cloudbox/sharename}} instead. Note the '''triple''' slash.
Line 26: Line 1,287:


Metadata information is stored in {{file|~/.cache/duplicity}}. Attention, it seems this can grow quite large.
Metadata information is stored in {{file|~/.cache/duplicity}}. Attention, it seems this can grow quite large.

=== BURP server ===
See [[Burp]].

== DHCP Server ==
* install
<source lang=bash>
# Install the service
ipkg install dhcp
mkdir /opt/var/run
# Edit the configuration
vi /opt/etc/dhcpd.conf
# Restart the service
/opt/etc/init.d/S56dhcpd
</source>
* DHCP daemon configuration: {{file|/opt/etc/dhcpd.conf}}
* Current leases are at {{file|/opt/etc/dhcpd.leases}}

* Now I disabled the dhcpd, and will try again the one on vDSL+ router:
<source lang=bash>
cp /opt/etc/dhcpd.conf /opt/etc/dhcpd.conf.bak # Backup config if we want to reinstall
ipkg remove dhcp
</source>
* DHCP server on the VDSL+ router is a huge pile of sh*te, so I enable it again:
<source lang=bash>
ipkg install dhcp
cp /opt/etc/dhcpd.conf.bak /opt/etc/dhcpd.conf
/opt/etc/init.d/S56dhcpd
</source>

* Again... disable DHCPD to fix HDTV decoder not getting connection on factory reset. I can fix this problem by disconnecting the lacie-cloudbox while resetting the decoder, but I suspect that the DHCPD server is the cause.
<source lang=bash>
cp /opt/etc/dhcpd.conf /opt/etc/dhcpd.conf.bak # Backup config if we want to reinstall
ngc --stop dhcpd
ipkg remove dhcp
</source>

Now enable back VDSL+ route DHCP. Note that addresses are in subnet <code>.lan</code> (eg. <code>ping zavcxl0005.lan</code>).

== To do ==
* Current backup only includes files that are readable by user '''beq06659'''. It should include '''all''' files.
* Exclude some unnecessary folders. Organize these folders to ease future backup.
* Backup {{file|/}} filesystem (at least {{file|/etc}}, {{file|/usr/local}})

;Backup solutions
* deja-dup
:* Need one setup for each pc
:* No centralized management. Backup job could happen all at the same time. Same files between pc are stored multiple times.
:* Easy to setup
:* How to backup root filesystem?
* duplicity
* backuppc
:* How to install?
:* Will the NAS have enough memory?
* bacula
:* Package readily available in OptWare
* rsnapshot

See question on bacula/backuppc/rsnapshot at http://serverfault.com/questions/282228/bacula-vs-backuppc

;Rooting NAS and install new app
* TBC

== Troubleshoot ==
=== Optware install issues ===
<source lang="bash">
ipkg install optware-devel

# Conflict at some point. To fix:
# (from http://forum.synology.com/enu/viewtopic.php?f=40&t=15087)
rm /opt/bin/wget
cp /usr/bin/wget /opt/bin/wget
ipkg update
ipkg upgrade
ipkg install optware-devel
</source>

=== sshd ===
* See log at {{file|/var/log/messages}}
* Check sshd config {{file|/etc/ssh/sshd_config}}:
:* Make sure user is authorized:
AllowUsers root netbackup git
:* If user home is on {{file|/shares}} mount, then disable <code>StrictModes</code>
StrictModes no
:* Enable user environment
PermitUserEnvironment yes
:then
env > ~/.ssh/environment
vi ~/.ssh/environment # Remove useless variables
* Edit {{file|/etc/passwd}}:
git:x:503:100:None:/shares/git:/opt/bin/git-shell
* Restart sshd:
ngc --restart sshd

=== git ===
* Check that environment is ok [http://stackoverflow.com/questions/11128464/git-upload-pack-command-not-found]
ssh git@lacie-cloudbox "which git-upload-pack"

=== ntp ===
* Box loses regularly time synchronization, which then affects backuppc
* Workaround: log into https://lacie-cloudbox/, and reset ntp (uncheck / check ntp server).

=== slow performance, lot of swapping ===
The ''Lacie-Cloudbox'' only has 256MB physical memory, and some processes takes a lot of memory. When doing some unusual tasks, we can disable (stop) temporarily these processes, without apparently damage:
<source lang=bash>
pkill -SIGSTOP twonky # Usually consuming around 100MB+
pkill -f -SIGSTOP unicorn # A python process running /usr/lib/unicorn/run.py (and consuming 100MB+)
</source>
To restart:
<source lang=bash>
pkill -SIGCONT twonky
pkill -f -SIGCONT unicorn
</source>

Latest revision as of 13:26, 19 May 2023

Reference information

Basic usage

TODO - Move to own wiki page

Some commands to know for basic administration (TODO: ) 

# Optware / Optware-ng
ipkg list | grep PACKAGE           # Check if PACKAGE is available
ipkg list-installed                # Check if PACKAGE is installed
ipkg install PACKAGE               # Install PACKAGE

# Native
ngc --status                       # View status of services
ngc --reboot                       # REBOOT
reboot                             # ... idem
ngc --stop nfs/exportfs            # STOP a service

Information

  • Drive info:
  • Seagate Barracuda 3000GB ST3000DM001
  • Crash in September 2018 (bought ~ June 2015, lifetime 3 yr).
  • uname
uname -a
# Linux LaCie-CloudBox 2.6.31.14-svn7493 #1 Fri Oct 17 14:00:51 UTC 2014 armv5tel GNU/Linux
  • /proc/cpuinfo
cat /proc/cpuinfo
# Processor	: Feroceon 88FR131 rev 1 (v5l)
# BogoMIPS	: 999.42
# Features	: swp half thumb fastmult edsp 
# CPU implementer	: 0x56
# CPU architecture: 5TE
# CPU variant	: 0x2
# CPU part	: 0x131
# CPU revision	: 1
# 
# Hardware	: familybox
# Revision	: 0000
# Serial		: 0000000000000000
  • meminfo
cat meminfo
# MemTotal:         254348 kB
# MemFree:          115412 kB
# Buffers:            3944 kB
# Cached:            76468 kB
# SwapCached:            0 kB
# Active:            58464 kB
# Inactive:          63856 kB
# Active(anon):      42692 kB
# Inactive(anon):        0 kB
# Active(file):      15772 kB
# Inactive(file):    63856 kB
# Unevictable:           0 kB
# Mlocked:               0 kB
# SwapTotal:        262124 kB
# SwapFree:         262124 kB
# Dirty:                 0 kB
# Writeback:             0 kB
# AnonPages:         41932 kB
# Mapped:            19776 kB
# Slab:              11936 kB
# SReclaimable:       4772 kB
# SUnreclaim:         7164 kB
# PageTables:         1056 kB
# NFS_Unstable:          0 kB
# Bounce:                0 kB
# WritebackTmp:          0 kB
# CommitLimit:      389296 kB
# Committed_AS:     208068 kB
# VmallocTotal:     385024 kB
# VmallocUsed:         992 kB
# VmallocChunk:     382244 kB
  • free
free
#              total         used         free       shared      buffers
# Mem:        254348       138996       115352            0         3976
# -/+ buffers:             135020       119328
# Swap:       262124            0       262124

Mounting the drive in another pc, we see the following structure: 

sudo parted -l
# Model: ATA ST3000DM001-1CH1 (scsi)
# Disk /dev/sdb: 3001GB
# Sector size (logical/physical): 512B/4096B
# Partition Table: gpt
# 
# Number  Start   End     Size    File system     Name         Flags
#  1      1049kB  2097kB  1049kB                  grub_core    bios_grub
#  2      2097kB  203MB   201MB   ext2            boot_rescue
#  3      203MB   204MB   1049kB  ext2            nv_data
#  4      204MB   1815MB  1611MB  ext2            root_1       raid
#  5      1815MB  3426MB  1611MB  ext2            root_2       raid
#  6      3426MB  4499MB  1074MB  ext3            var          raid
#  7      4499MB  4768MB  268MB   linux-swap(v1)  swap         raid
#  8      4768MB  3001GB  2996GB                  user_data    raid
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md4: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1611MB  1611MB  ext2
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md5: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1611MB  1611MB  ext2
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md6: 1074MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1074MB  1074MB  ext3
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md7: 268MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End    Size   File system     Flags
#  1      0.00B  268MB  268MB  linux-swap(v1)

The disk is organized as follows :

  • /dev/sdb4 and /dev/sdb5 are raid volumes that contains two copies of the same root partition. The other copy is used when doing a firmware update (ping-pong approach, see [1]). We mount them with:
mdadm --assemble --run /dev/md4 /dev/sdb4       # Done automatically on Ubuntu
mdadm --assemble --run /dev/md5 /dev/sdb5       # Done automatically on Ubuntu
mount /dev/md4 /mount/md4
mount /dev/md5 /mount/md5
  • /dev/sdb6 contains another raid partition, mounted as an additional layer over root partition above. It contains:
/dev/md6
    0/
        etc/
        root/
        var/
    1/
        etc/
        root/
        var/
    lost+found/
    tmp/

Initng config

mount
# rootfs on / type rootfs (rw)
# /dev/md5 on / type ext2 (ro,relatime,errors=continue)
# /dev/md6 on /rw type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /var type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /etc type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# /dev/md6 on /root type ext3 (rw,relatime,errors=continue,commit=5,data=writeback)
# none on /tmp type tmpfs (rw,relatime)
# none on /media type tmpfs (rw,relatime)
# none on /shares type tmpfs (rw,relatime)
# none on /lacie type tmpfs (rw,relatime)
# proc on /proc type proc (rw,relatime)
# sysfs on /sys type sysfs (rw,relatime)
# udev on /dev type tmpfs (rw,relatime,mode=755)
# devpts on /dev/pts type devpts (rw,relatime,mode=600)
# /dev/dm-0 on /media/internal_11 type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/tmp type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/var type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/torrent_dir type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/autoupdate type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /lacie/afp_db type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/Family type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/admin type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/beq06659 type ext4 (rw,relatime,barrier=1,data=ordered)
# /dev/dm-0 on /shares/NetBackup type ext4 (rw,relatime,barrier=1,data=ordered)

file /etc/initng/runlevel/default.runlevel 

# +--+  File autogenerated by sbs_plugin projectfilepatcher (Stage: RELEASE) +--+N
initial
dbus
udev
ublocks
dhcdbd
logrotate
syslogd
klogd
NetworkManager
http
getty/S0
getty/0
sshd/generate_keys
sshd
cron
unicorn
thumbd
unicorn/ready
mdadm/monitor
buttons-manager

Configuration

First install

  • Network share available at smb://lacie-cloudbox/.
  • Cloudbox dashboard available at http://lacie-cloudbox.local.
  • setup smtp access (smtp.scarlet.be, port 25)
  • IP Configuration — fixed IP address 172.19.100.98
  • Enable the netbackup-share (port 873, encrypted port 22)
  • Create user beq06659, with private share.
MAC 00:d0:4b:96:34:32
IP 172.19.100.98
hostname lacie-cloudbox

Rooting

First rooting
  • Create telnetd.sh in a share root
cat > /smb/lacie-cloudbox/family/telnetd.sh <<- __END__
#!/bin/sh
/usr/sbin/telnetd -l /bin/sh
__END__
  • Get and build clunc:
# CLUNC Home: http://lacie-nas.org/doku.php?id=clunc
git clone http://git.lacie-nas.org/clunc.git
cd clunc
make
  • Run clunc, and reboot lacie:
./clunc -i 192.168.1.98
  • ...

When we get root access, we changed the following file:

  • Edit file /etc/initng/runlevel/default.runlevel:
-#sshd
+sshd
  • Edit file /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf
-enabled: false
+enabled: true
  • Edit file /etc/ssh/sshd_config
-PermitRootLogin no
-AllowUsers netbackup
+PermitRootLogin yes
+AllowUsers root netbackup git
+Match User root
+Match User git
  • Add to file /etc/environment:
PATH=/opt/bin:/opt/sbin
  • Edit file /etc/lighttpd/lighttpd.conf
--- lighttpd.conf.bak	2017-04-24 17:36:43.000000000 +0200
+++ lighttpd.conf	2017-04-24 17:38:19.000000000 +0200
@@ -1,6 +1,6 @@
 server.modules              = (
-#  "mod_redirect",
-#  "mod_cgi",
+  "mod_redirect",
+  "mod_cgi",
   "mod_expire",
   "mod_compress",
   "mod_proxy",
@@ -9,6 +9,8 @@
   "mod_setenv",
   "mod_secdownload",
   "mod_access",
+  "mod_alias",
+  "mod_auth",
 )
 
 include "secure_password.inc"
@@ -27,9 +29,19 @@
 url.rewrite-once = ("^/info$" => "/api/external/1.0/system_info","^/diagnostics$" => "/api/external/1.0/diagnostics")
 
 index-file.names            = (
-  "index.html", "index.php"
+  "index.html", "index.php", "index.cgi"
 )
 
+# Force HTTPS
+$HTTP["scheme"] == "http" {
+	# capture vhost name with regex conditiona -> %0 in redirect pattern
+	# must be the most inner block to the redirect rule
+ 	$HTTP["url"] =~ "/backuppc" {
+ 	    $HTTP["host"] =~ ".*" {
+ 		    url.redirect = (".*" => "https://%0$0")
+ 	    }
+ 	}
+}
 
 $HTTP["url"] =~ "index"{
       setenv.add-response-header = ( "Cache-Control" => "no-cache, no-store" )
@@ -61,6 +73,21 @@
       url.access-deny = ("")                                      
 }
 
+## >>>>>>>>>>>> ADDED FOR BACKUPPC
+cgi.assign += ( "/opt/local/backuppc/cgi-bin/index.cgi" => "" )
+#alias.url += ("/backuppc/index.cgi" => "/opt/local/backuppc/cgi-bin/index.cgi")
+alias.url += ("/backuppc" => "/opt/local/backuppc/cgi-bin" )
+#alias.url += ("/BackupPC_Admin" => "/shares/backuppc/www/cgi-bin/BackupPC_Admin")
+auth.debug = 2
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/etc/lighttpd/lighttpd-htpasswd.user"
+auth.require = ( "/backuppc" =>
+	( "method" => "basic", "realm" => "Password protected area", "require" => "user=backuppc" )
+)
+
+## Added for rubik's WCA official scrambler / timer
+alias.url += ("/tnt" => "/opt/local/tnoodle-timer/tnt.html" )
+
 proxy.server = (
 "/api" => (
   "tornado" => (
Second rooting

After firmware upgrade, we need to root it again. This time clunc method no longer works.

  • Mount drive in another pc
  • Mount partition /dev/md6 and copy back configuration changes (see above) from /dev/md6/1 to /dev/md6/0 (or vice-versa, depending on which image contains the new firmware).
  • Note that originally we tried to edit directly the partitions /dev/md4 but this does not work since the configuration is overridden by files in /dev/md6.

Install Optware

Summary of changes:

  • Create and populate /opt.
  • Update PATH in /root/.profile.
  • Create file /etc/initng/optware.i.
  • Add optware to /etc/initng/runlevel/default.runlevel.

This is copied from the guide [2]:

  • Create a location for optware root:
mkdir /shares/admin/opt                    # This assumes a share 'admin' exists
mkdir /opt
mount -o bind /shares/admin/opt /opt
  • Manually download and Extract the ipkg-opt package.
There's a chicken-and-egg situation we need to overcome, where we cannot install the ipkg-opt package without a package manager. We solve this by replicating the basic functions of the ipkg binary.
cd /opt
feed=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/
feednative=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable
ipkg_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'`
wget $feed/$ipkg_name
tar -xOvzf $ipkg_name ./data.tar.gz | tar -C / -xzvf -
rm $ipkg_name
  • Configure Package Sources
mkdir -p /opt/etc/ipkg
echo "src cross $feed" > /opt/etc/ipkg/feeds.conf
echo "src native $feednative" >> /opt/etc/ipkg/feeds.conf
  • Prepare Root's Profile
echo -e "\nexport PATH=/opt/bin:/opt/sbin:\$PATH" >> /root/.profile
source /root/.profile
  • Update the Package Lists
ipkg update
  • Install the Optware Init Driver Script
Create the file /opt/etc/rc.optware containing the following:
#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

        # Ignore dangling symlinks (if any).
        [ ! -f "$i" ] && continue

        case "$i" in
           *.sh)
                # Source shell script for speed.
                (
                        trap - INT QUIT TSTP
                        set start
                        . $i
                )
                ;;
           *)
                # No sh extension, so fork subprocess.
                $i start
                ;;
        esac
done
Make the file executable:
chmod 755 /opt/etc/rc.optware
  • Install the Optware InitNG File

This file is used by initng to launch the rc.optware file we just created. Copy the contents into the file into /etc/initng/optware.i: 

#!/sbin/itype
# This is a i file, used by initng parsed by install_service

    service optware {
          need = unicorn/ready;
          stdall = /var/log/messages;
          script start = {
                  if test -z "${REAL_OPT_DIR}"; then
                      REAL_OPT_DIR=/shares/admin/opt/
                  fi
                  if test -n "${REAL_OPT_DIR}"; then
                      if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
                          mkdir -p /opt
                          mount -o bind ${REAL_OPT_DIR} /opt
                      fi
                  fi
                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
          };
          script stop = {
                  umount -l /opt
          };
  }
  • Add optware to the end of default.runlevel
echo "optware" >> /etc/initng/runlevel/default.runlevel
  • Tell initng to start Optware
ngc --start optware
After a reboot, /opt should be mounted, and any packages that install scripts in /etc/init.d/ (eg openssh) should have them executed at start-up time.

Install Git

  • Create user git in the unicorn interface (or user will not be available after reboot).
  • Edit /etc/passwd as follows:
git:x:503:100:None:/shares/git:/opt/bin/git-shell
  • Enable user git in /etc/ssh/sshd_config:
    -AllowUsers root netbackup
    +AllowUsers root netbackup git
     Match User root
     Match User netbackup
 	    ForceCommand /usr/bin/nas-backup-server-runner
    +Match User git
  • Create and edit /shares/git/.ssh as usual
  • Restart sshd
ngc --restart sshd
  • In /etc/shadow, make sure that user is not disabled.
git:!:16485:0:99999:7:::            <--- no password and login forbidden
git:*:16485:0:99999:7:::            <--- no password but login allowed

Most of the above is now done in our script init.d/S80config.

Git needs a lot of memory when compressing its database (occurs at each fetch!). To limit this, run as root: 

git config --system pack.windowmemory 128m
git config --system pack.packsizelimit 1g
git config --system pack.threads 1
git config --system core.bigFileThreshold 16m

Then as user git, in all relevant projects (typically those with big files) 

cd ~/git/minecraft_nosaves.git
git config --local core.bigFileThreshold 10m

Install rsync

We do via user git, so:

  • Set /bin/bash as shell for user git in /etc/passwd
  • Set PermitUserEnvironment yes in /etc/ssh/sshd_config
  • Create file /shares/git/.ssh/environment to add rsync into path:
PATH=/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin

Startup script

Create the file /opt/etc/init.d/S80config (chmod 755): 

#! /bin/sh

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then 
    # Enable ssh login with user git
    sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
    # Enable user environment for user git (in order to set PATH)
    sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
    # Restart sshd
    ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi

Create the hosts include file /opt/etc/hosts.inc: 

# ###hosts.inc### additional hosts for lacie-cloudbox
172.19.3.1      local.gateway            # Static
172.19.3.2      manticore                # Static?
172.19.100.1	gryphon
172.19.100.2	minimoy                  # DHCP Static        00:24:54:02:98:8d
172.19.100.3	unicorn                  # obsolete
172.19.100.4	beqleunxp1nb103          # obsolete
172.19.100.5	nxl67002ux               # obsolete
172.19.100.6	griffin                  # DHCP Static        68:b5:99:f2:4d:99
172.19.100.7	lambada                  # obsolete
172.19.100.8	reddragon
172.19.100.9    leviathan                # obsolete
172.19.100.10   nxl67063                 # obsolete
172.19.100.11   mandala                  # DHCP Static        00:1b:24:fa:a2:9b
172.19.100.12   nxl67002                 # obsolete
172.19.100.13   nxl67063ux               # obsolete
172.19.100.14   nxl67170ux               # DHCP Static        b8:ca:3a:cc:07:bf
172.19.100.15   pc-112-597               # DHCP Static        b8:ca:3a:93:91:27
172.19.100.16   zyratastic
172.19.100.17   graphicdaemon
172.19.100.18   xbmcbuntu                # DHCP Static        00:01:2e:4e:46:05 00:01:2e:4e:46:06
172.19.100.19   zavcxl0005               # DHCP Static        48:0f:cf:27:ad:ad
# 172.19.100.98	lacie-cloudbox           # Static
172.19.100.99	mnemosyne                # Static
172.19.100.102	minimoy-wlan             # DHCP Static        00:26:5e:37:83:ea
172.19.100.105	nxl67002ux-wlan          # DHCP Static
172.19.100.106	griffin-wlan             # DHCP Static        00:24:d7:7d:4e:94
172.19.100.107	apple-pi                 # Static
172.19.100.111  mandala-wlan             # DHCP Static        00:1d:92:13:d2:7d
172.19.100.114  nxl67170ux-wlan          # DHCP Static        84:3a:4b:22:0d:0c
172.19.100.116  zyratastic-wlan
172.19.100.118  xbmcbuntu-wlan           # DHCP Static        0c:d2:92:54:c1:53
172.19.100.119  zavcxl0005-wlan          # DHCP Static        ac:fd:ce:40:c5:31
172.19.100.120	galaxy

Install Unison

  • ipkg provides unison 2.27.57. It can be installed via ipkg install unison.
ipkg list | grep unison
# unison - 2.27.57-2 - A cross-platform file-synchronization tool.
  • To get a more recent version, see Unison to compile from source. v2.40.102 is the same as on Ubuntu Trusty 14.04.

Netconsole server

On lacie-cloudbox:

  • First install netcat:
ipkg install netcat
  • Then start the server:
mkdir -p /shares/beq06659/netconsole
nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&

On the client, at reboot/wake-up: 

NETCON_TGTHOST=lacie-cloudbox
NETCON_PORT=6666
echo "[------------] Redocking on $(date +"%Y-%m-%d %H:%M:%S")..." | nc -w 1 -u -p 6665 $NETCON_TGTHOST $NETCON_PORT
if [ -n "$NETCON_TGTHOST" ]; then 
    NETCON_TGTIP=$(getent hosts $NETCON_TGTHOST|awk '{print $1}')
    ping -c 1 $NETCON_TGTIP >/dev/null
    NETCON_TGTMAC=$(arp -n $NETCON_TGTIP|awk '/ether/{print $3}')
    echo "Setting up netconsole for location '$LOCATION' ($NETCON_TGTHOST,$NETCON_TGTIP/$NETCON_TGTMAC)"
    sudo rmmod netconsole 2> /dev/null
    sudo modprobe netconsole netconsole=@/,$NETCON_PORT@$NETCON_TGTIP/$NETCON_TGTMAC
else 
    echo "netconsole - Unknown location $LOCATION"
fi

Install Optware-ng

Optware-ng is more up-to-date version of Optware. In particular it provides Perl 5.22 with threads, which is necessary to run some autoconf utilities (aclocal).

Our NAS is a armv5tel with kernel 2.6.31-14 (see uname -a), so we pick the ARMv5 EABI legacy feed.

  • Create an /opt mount point:
mkdir /shares/admin/opt-ng
mkdir /opt
mount -o bind /shares/admin/opt-ng /opt

feed=http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy
ipk_name=$(wget -qO- $feed/Packages | awk '/^Filename: ipkg-static/ {print $2}')
wget -O /tmp/$ipk_name $feed/$ipk_name
tar -C /tmp -xvzf /tmp/$ipk_name ./data.tar.gz
tar -C / -xzvf /tmp/data.tar.gz
rm -f /tmp/$ipk_name /tmp/data.tar.gz
echo "src/gz optware-ng $feed" > /opt/etc/ipkg.conf
echo "dest /opt/ /" >> /opt/etc/ipkg.conf
  • Update PATH (if not in /root/.profile already):
export PATH=/opt/bin:/opt/sbin:$PATH
  • Update and install a few packages:
ipkg install perl par2cmdline
ipkg install perl-compress-zlib perl-archive-zip
  • Install optware-devel
ipkg install optware-devel
# ERROR!
# ...
# Downloading http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy/libc-dev_1.0.15-3_arm.ipk.
# To remove package debris, try `ipkg remove libc-dev`.
# To re-attempt the install, try `ipkg install libc-dev`.
# Configuring ncurses-base.
# ...
# update-alternatives: Linking //opt/bin/patch to /opt/bin/patch-patch
# Collected errors:
#  * check_data_file_clashes: Package libc-dev wants to install file /opt/include/iconv.h
# 	But that file is already provided by package  * libiconv
#  * opkg_install_cmd: Cannot install package optware-devel.

# Fix the error with:
ipkg install --force-overwrite libc-dev
# If this fails:
#   Collected errors:
#    * pkg_get_installed_files: Failed to open //opt/lib/ipkg/info/libc-dev.list: No such file or directory.
#  try to remove package first, and install again:
ipkg remove libc-dev
ipkg install --force-overwrite libc-dev

# Resume optware-devel install:
ipkg install optware-devel
  • Install dhcp, vim, procps, git...
ipkg install dhcp vim procps git iotop atop procps
  • Restore /opt/etc/rc.optware, /opt/etc/rsyncd.conf, /opt/etc/dhcpd.conf, /opt/etc/init.d/S80config
cp /shares/admin/opt/etc/rc.optware /opt/etc
cp /shares/admin/opt/etc/dhcpd.conf /opt/etc
cp /shares/admin/opt/etc/rsyncd.conf /opt/etc
cp /shares/admin/opt/etc/init.d/S80config /opt/etc/init.d/
cp /shares/admin/opt/etc/hosts.inc /opt/etc

File /opt/etc/rc.optware: 

#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

        # Ignore dangling symlinks (if any).
        [ ! -f "$i" ] && continue

        case "$i" in
           *.sh)
                # Source shell script for speed.
                (
                        trap - INT QUIT TSTP
                        set start
                        . $i
                )
                ;;
           *)
                # No sh extension, so fork subprocess.
                $i start
                ;;
        esac
done

File /opt/etc/dhcpd.conf: 

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "hell";
option domain-name-servers 192.168.1.1;

default-lease-time 86400;
max-lease-time 864000;

option time-offset 0;
option routers 192.168.1.1;
# option ntp-servers 195.13.1.153;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

# subnet 10.152.187.0 netmask 255.255.255.0 {
# }

# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.16 192.168.1.63;
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

# subnet 10.254.239.32 netmask 255.255.255.224 {
#   range dynamic-bootp 10.254.239.40 10.254.239.60;
#   option broadcast-address 10.254.239.31;
#   option routers rtr-239-32-1.example.org;
# }

# A slightly different configuration for an internal subnet.
# subnet 10.5.5.0 netmask 255.255.255.224 {
#   range 10.5.5.26 10.5.5.30;
#   option domain-name-servers ns1.internal.example.org;
#   option domain-name "internal.example.org";
#   option routers 10.5.5.1;
#   option broadcast-address 10.5.5.31;
#   default-lease-time 600;
#   max-lease-time 7200;
# }

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

# host passacaglia {
#   hardware ethernet 0:0:c0:5d:bd:95;
#   filename "vmunix.passacaglia";
#   server-name "toccata.fugue.com";
# }

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
# host fantasia {
#   hardware ethernet 08:00:07:26:c0:a5;
#   fixed-address fantasia.fugue.com;
# }

host manticore {
  hardware ethernet 00:1d:7e:0c:24:5f;
  fixed-address 192.168.1.2;
}

host tvsettopbox {
  hardware ethernet f4:5f:d4:9e:20:2e;
  fixed-address 192.168.1.64;
}

host minimoy-wlan {
  hardware ethernet 00:26:5e:37:83:ea;
  fixed-address 192.168.1.102;
}

host griffin-wlan {
  hardware ethernet 00:24:d7:7d:4e:94;
  fixed-address 192.168.1.106;
}

host apple-pi     {
  hardware ethernet b8:27:eb:30:66:7f;
  fixed-address 192.168.1.107;
}

host mandala-wlan {
  hardware ethernet 00:1d:92:13:d2:7d;
  fixed-address 192.168.1.111;
}

host nxl67170ux.wlan {
  hardware ethernet 84:3a:4b:22:0d:0c;
  fixed-address 192.168.1.114;
}

host zyratastic-wlan {
  hardware ethernet 24:0a:64:69:09:57;
  fixed-address 192.168.1.116;
}

host graphicdaemon-wlan {
  hardware ethernet 54:27:1e:76:40:df;
  fixed-address 192.168.1.117;
}

host xbmcbuntu-wlan {
  hardware ethernet 0c:d2:92:54:c1:53;
  fixed-address 192.168.1.118;
}

host zavcxl0005-wlan {
  hardware ethernet ac:fd:ce:40:c5:31;
  fixed-address 192.168.1.119;
}

host alpha-blue {
  hardware ethernet f4:09:d8:97:c1:78;
  fixed-address 192.168.1.121;
}

host minimoy {
  hardware ethernet 00:24:54:02:98:8d;
  fixed-address 192.168.1.202;
}

host griffin {
  hardware ethernet 68:b5:99:f2:4d:99;
  fixed-address 192.168.1.206;
}

host mandala {
  hardware ethernet 00:1b:24:fa:a2:9b;
  fixed-address 192.168.1.211;
}

host nxl67170ux {
  hardware ethernet b8:ca:3a:cc:07:bf;
  fixed-address 192.168.1.214;
}

host pc-112-597 {
  hardware ethernet b8:ca:3a:93:91:27;
  fixed-address 192.168.1.215;
}

host zyratastic {
  hardware ethernet 74:d0:2b:b8:10:2d;
  fixed-address 192.168.1.216;
}

host graphicdaemon {
  hardware ethernet 10:c3:7b:1a:b2:1a;
  fixed-address 192.168.1.217;
}

host xbmcbuntu {
  hardware ethernet 00:01:2e:4e:46:05;
  fixed-address 192.168.1.218;
}

# xbmcbuntu 2nd ethernet
host xbmcbuntu2 {
  hardware ethernet 00:01:2e:4e:46:06;
  fixed-address 192.168.1.218;
}

host zavcxl0005 {
  hardware ethernet a0:d3:c1:9c:59:56;
  fixed-address 192.168.1.219;
}

# host galaxy {
#   hardware ethernet --:--:--:--:--:--;
#   fixed-address 192.168.1.120;
# }

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

# class "foo" {
#   match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
# }

# shared-network 224-29 {
#   subnet 10.17.224.0 netmask 255.255.255.0 {
#     option routers rtr-224.example.org;
#   }
#   subnet 10.0.29.0 netmask 255.255.255.0 {
#     option routers rtr-29.example.org;
#   }
#   pool {
#     allow members of "foo";
#     range 10.17.224.10 10.17.224.250;
#   }
#   pool {
#     deny members of "foo";
#     range 10.0.29.10 10.0.29.230;
#   }
# }

File /opt/etc/rsyncd.conf: 

# rsyncd.conf
# 
# configure according to your needs

uid = nobody
gid = everyone
use chroot = yes
max connections = 5
syslog facility = local3
pid file = /var/run/rsyncd.pid
secrets file = /opt/etc/rsyncd.secrets

#[backup]
#        path = /share/hdd/data/backup
#        comment = nslu2 backup
#        read only = no
#		 auth users = harry
#		 hosts allow = 192.168.10.10
#		 hosts deny = *

File /opt/etc/init.d/S80config: 

#! /bin/sh

echo "Running $0 on $(date)" >> /root/s80config.log

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then 
    # Enable ssh login with user git
    sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
    # Enable user environment for user git (in order to set PATH)
    sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
    # Restart sshd
    ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi

# Start netconsole listener
# Requires: ipkg install netcat
# if ! pgrep -f "nc -l -p 6666" >/dev/null 2>/dev/null; then 
#     echo "Starting netconsole listener"
#     mkdir -p /shares/beq06659/netconsole
#     nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&
# fi

File /opt/etc/hosts.inc: 

# ###hosts.inc### additional hosts for lacie-cloudbox
192.168.3.1     local.gateway            # Static
192.168.3.2     manticore                # Static?
192.168.1.201	gryphon
192.168.1.202	minimoy                  # DHCP Static        00:24:54:02:98:8d
192.168.1.203	unicorn                  # obsolete
192.168.1.204	beqleunxp1nb103          # obsolete
192.168.1.205	nxl67002ux               # obsolete
192.168.1.206	griffin                  # DHCP Static        68:b5:99:f2:4d:99
192.168.1.207	lambada                  # obsolete
192.168.1.208	reddragon
192.168.1.209   leviathan                # obsolete
192.168.1.210   nxl67063                 # obsolete
192.168.1.211   mandala                  # DHCP Static        00:1b:24:fa:a2:9b
192.168.1.212   nxl67002                 # obsolete
192.168.1.213   nxl67063ux               # obsolete
192.168.1.214   nxl67170ux               # DHCP Static        b8:ca:3a:cc:07:bf
192.168.1.215   pc-112-597               # DHCP Static        b8:ca:3a:93:91:27
192.168.1.216   zyratastic
192.168.1.217   graphicdaemon
192.168.1.218   xbmcbuntu                # DHCP Static        00:01:2e:4e:46:05 00:01:2e:4e:46:06
192.168.1.219   zavcxl0005               # DHCP Static        48:0f:cf:27:ad:ad
# 192.168.1.98	lacie-cloudbox           # Static
192.168.1.99	mnemosyne                # Static
192.168.1.102	minimoy-wlan             # DHCP Static        00:26:5e:37:83:ea
192.168.1.105	nxl67002ux-wlan          # DHCP Static
192.168.1.106	griffin-wlan             # DHCP Static        00:24:d7:7d:4e:94
192.168.1.107	apple-pi                 # Static
192.168.1.111   mandala-wlan             # DHCP Static        00:1d:92:13:d2:7d
192.168.1.114   nxl67170ux-wlan          # DHCP Static        84:3a:4b:22:0d:0c
192.168.1.116   zyratastic-wlan
192.168.1.118   xbmcbuntu-wlan           # DHCP Static        0c:d2:92:54:c1:53
192.168.1.119   zavcxl0005-wlan          # DHCP Static        ac:fd:ce:40:c5:31
192.168.1.120	galaxy
  • Create the start script /etc/initng/optware-ng.i:
#!/sbin/itype
# This is a i file, used by initng parsed by install_service

    service optware-ng {
          need = unicorn/ready;
          stdall = /var/log/messages;
          script start = {
                  if test -z "${REAL_OPT_DIR}"; then
                      REAL_OPT_DIR=/shares/admin/opt-ng/
                  fi
                  if test -n "${REAL_OPT_DIR}"; then
                      if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
                          mkdir -p /opt
                          mount -o bind ${REAL_OPT_DIR} /opt
                      fi
                  fi
                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
          };
          script stop = {
                  umount -l /opt
          };
  }
  • Add the service to /etc/initng/runlevel/default.runlevel, and start it:
echo optware-ng >> /etc/initng/runlevel/default.runlevel
ngc --start optware-ng

/root configuration

file README: 

DHCP Server
-----------

/opt/etc/dhcpd.conf
    config file

/opt/etc/dhcpd.leases
    current leases

file backup_all.txt: 

unison backup.prf          # Make sure that pc-112-567 is up
unison photos.prf          # Make sure that mnemosyne is up
unison archives.prf        # Make sure that mnemosyne is up
unison musics.prf          # Make sure that mnemosyne is up

file CLEAR_MEMORY.sh: 

#! /bin/sh

# Run this script to free memory for backuppc

pkill -SIGSTOP -f unicorn            # I stop it first so that it can't react
pkill -SIGKILL -f unicorn            # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd           # media server stuff
pkill -SIGKILL twonky                # media server stuff
pkill -SIGKILL php-cgi               # php-cgi server launcher by lighttpd

# Might also need to STOP/KILL python process, but should kill only the 'unicorn' one
#pkill -SIGSTOP python...

# The following might help as well, because twonky keep restarting
#     ngc -d unicorn

file .profile:

  • Add /opt/local/bin to PATH (for access to upgraded pip).

NFS

NFS services are available natively: 

ngc --status|grep nfs  
# 01:01:49 S nfs/exportfs                        : SERVICE_STOPPED
# 01:01:49 S nfs/mount                           : SERVICE_STOPPED
# 01:01:47 S nfs/prepare                         : SERVICE_DONE

First edit /etc/exports (see Nfs). The line below is inspired from NFS configuration on Synology NAS: 

/shares/beq06659/urbackup 192.168.1.192/26(rw,async,no_subtree_check,root_squash,insecure_locks)

Start NFS with: 

ngc --start nfs
exportfs -a           # To do each time /etc/exports is changed
Update

Strangely nfs services disappear after some time: 

ngc --status|grep nfs
# 01:01:47 S nfs/prepare                         : SERVICE_DONE

However we can still start them manually with ngc --start nfs.

Shares

family
  • Mount with
sudo mount //lacie-cloudbox/beq06659 /mnt/any -o noperm,iocharset=utf8,sec=ntlm,username=public,password=


beq06659
  • Mount with
sudo mount //lacie-cloudbox/beq06659 /mnt/any -o noperm,iocharset=utf8,sec=ntlm,username=beq06659

Backup

Backup Mnemosyne

We use unison.

BackupPC

Fix broken pipe errors

Backuppc requires lot of memory (rsync). To free as much as possible, I kill all python stuff (except ublock-daemon) and all media stuff: 

pkill -SIGSTOP -f unicorn            # I stop it first so that it can't react
pkill -SIGKILL -f unicorn            # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd           # media server stuff
pkill -SIGKILL twonky                # media server stuff
pkill -SIGKILL php-cgi               # php-cgi server launcher by lighttpd

Duplicity (Obsolete)

This section is OBSOLETE — I no longer use duplicity


  • Backup done with deja-dup, which use duplicity as back-end
  • Duplicity can't access samba share. Instead mount samba share locally, and use file:///smb/lacie-cloudbox/sharename instead. Note the triple slash.
  • View available backup:
duplicity collection-status file:///smb/lacie-cloudbox/beq06659
  • List file in current backup
duplicity list-current-files file:///smb/lacie-cloudbox/beq06659

Metadata information is stored in ~/.cache/duplicity. Attention, it seems this can grow quite large.

BURP server

See Burp.

DHCP Server

  • install
# Install the service
ipkg install dhcp
mkdir /opt/var/run
# Edit the configuration
vi /opt/etc/dhcpd.conf
# Restart the service
/opt/etc/init.d/S56dhcpd
  • DHCP daemon configuration: /opt/etc/dhcpd.conf
  • Current leases are at /opt/etc/dhcpd.leases
  • Now I disabled the dhcpd, and will try again the one on vDSL+ router:
cp /opt/etc/dhcpd.conf /opt/etc/dhcpd.conf.bak     # Backup config if we want to reinstall
ipkg remove dhcp
  • DHCP server on the VDSL+ router is a huge pile of sh*te, so I enable it again:
ipkg install dhcp
cp /opt/etc/dhcpd.conf.bak /opt/etc/dhcpd.conf
/opt/etc/init.d/S56dhcpd
  • Again... disable DHCPD to fix HDTV decoder not getting connection on factory reset. I can fix this problem by disconnecting the lacie-cloudbox while resetting the decoder, but I suspect that the DHCPD server is the cause.
cp /opt/etc/dhcpd.conf /opt/etc/dhcpd.conf.bak     # Backup config if we want to reinstall
ngc --stop dhcpd
ipkg remove dhcp

Now enable back VDSL+ route DHCP. Note that addresses are in subnet .lan (eg. ping zavcxl0005.lan).

To do

  • Current backup only includes files that are readable by user beq06659. It should include all files.
  • Exclude some unnecessary folders. Organize these folders to ease future backup.
  • Backup / filesystem (at least /etc, /usr/local)
Backup solutions
  • deja-dup
  • Need one setup for each pc
  • No centralized management. Backup job could happen all at the same time. Same files between pc are stored multiple times.
  • Easy to setup
  • How to backup root filesystem?
  • duplicity
  • backuppc
  • How to install?
  • Will the NAS have enough memory?
  • bacula
  • Package readily available in OptWare
  • rsnapshot

See question on bacula/backuppc/rsnapshot at http://serverfault.com/questions/282228/bacula-vs-backuppc

Rooting NAS and install new app
  • TBC

Troubleshoot

Optware install issues

ipkg install optware-devel

# Conflict at some point. To fix:
# (from http://forum.synology.com/enu/viewtopic.php?f=40&t=15087)
rm /opt/bin/wget
cp /usr/bin/wget /opt/bin/wget
ipkg update
ipkg upgrade
ipkg install optware-devel

sshd

  • See log at /var/log/messages
  • Check sshd config /etc/ssh/sshd_config:
  • Make sure user is authorized:
 AllowUsers root netbackup git
  • If user home is on /shares mount, then disable StrictModes
StrictModes no
  • Enable user environment
PermitUserEnvironment yes
then
env > ~/.ssh/environment
vi ~/.ssh/environment                # Remove useless variables
  • Edit /etc/passwd:
git:x:503:100:None:/shares/git:/opt/bin/git-shell
  • Restart sshd:
ngc --restart sshd

git

  • Check that environment is ok [3]
ssh git@lacie-cloudbox  "which git-upload-pack"

ntp

  • Box loses regularly time synchronization, which then affects backuppc
  • Workaround: log into https://lacie-cloudbox/, and reset ntp (uncheck / check ntp server).

slow performance, lot of swapping

The Lacie-Cloudbox only has 256MB physical memory, and some processes takes a lot of memory. When doing some unusual tasks, we can disable (stop) temporarily these processes, without apparently damage: 

pkill -SIGSTOP twonky        # Usually consuming around 100MB+
pkill -f -SIGSTOP unicorn    # A python process running /usr/lib/unicorn/run.py (and consuming 100MB+)

To restart: 

pkill -SIGCONT twonky
pkill -f -SIGCONT unicorn
Retrieved from "https://miki.immie.org/mediawiki/index.php?title=Configuration_LaCie-CloudBox&oldid=16906"