Configuration LaCie-CloudBox

From miki
Jump to navigation Jump to search

Reference information

uname -a
# Linux LaCie-CloudBox 2.6.31.14-svn7493 #1 Fri Oct 17 14:00:51 UTC 2014 armv5tel GNU/Linux
  • /proc/cpuinfo
cat /proc/cpuinfo
# Processor	: Feroceon 88FR131 rev 1 (v5l)
# BogoMIPS	: 999.42
# Features	: swp half thumb fastmult edsp 
# CPU implementer	: 0x56
# CPU architecture: 5TE
# CPU variant	: 0x2
# CPU part	: 0x131
# CPU revision	: 1
# 
# Hardware	: familybox
# Revision	: 0000
# Serial		: 0000000000000000
  • meminfo
cat meminfo
# MemTotal:         254348 kB
# MemFree:          115412 kB
# Buffers:            3944 kB
# Cached:            76468 kB
# SwapCached:            0 kB
# Active:            58464 kB
# Inactive:          63856 kB
# Active(anon):      42692 kB
# Inactive(anon):        0 kB
# Active(file):      15772 kB
# Inactive(file):    63856 kB
# Unevictable:           0 kB
# Mlocked:               0 kB
# SwapTotal:        262124 kB
# SwapFree:         262124 kB
# Dirty:                 0 kB
# Writeback:             0 kB
# AnonPages:         41932 kB
# Mapped:            19776 kB
# Slab:              11936 kB
# SReclaimable:       4772 kB
# SUnreclaim:         7164 kB
# PageTables:         1056 kB
# NFS_Unstable:          0 kB
# Bounce:                0 kB
# WritebackTmp:          0 kB
# CommitLimit:      389296 kB
# Committed_AS:     208068 kB
# VmallocTotal:     385024 kB
# VmallocUsed:         992 kB
# VmallocChunk:     382244 kB
  • free
free
#              total         used         free       shared      buffers
# Mem:        254348       138996       115352            0         3976
# -/+ buffers:             135020       119328
# Swap:       262124            0       262124

Mounting the drive in another pc, we see the following structure:

sudo parted -l
# Model: ATA ST3000DM001-1CH1 (scsi)
# Disk /dev/sdb: 3001GB
# Sector size (logical/physical): 512B/4096B
# Partition Table: gpt
# 
# Number  Start   End     Size    File system     Name         Flags
#  1      1049kB  2097kB  1049kB                  grub_core    bios_grub
#  2      2097kB  203MB   201MB   ext2            boot_rescue
#  3      203MB   204MB   1049kB  ext2            nv_data
#  4      204MB   1815MB  1611MB  ext2            root_1       raid
#  5      1815MB  3426MB  1611MB  ext2            root_2       raid
#  6      3426MB  4499MB  1074MB  ext3            var          raid
#  7      4499MB  4768MB  268MB   linux-swap(v1)  swap         raid
#  8      4768MB  3001GB  2996GB                  user_data    raid
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md4: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1611MB  1611MB  ext2
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md5: 1611MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1611MB  1611MB  ext2
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md6: 1074MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End     Size    File system  Flags
#  1      0.00B  1074MB  1074MB  ext3
# 
# 
# Model: Linux Software RAID Array (md)
# Disk /dev/md7: 268MB
# Sector size (logical/physical): 512B/4096B
# Partition Table: loop
# 
# Number  Start  End    Size   File system     Flags
#  1      0.00B  268MB  268MB  linux-swap(v1)

The disk is organized as follows :

  • /dev/sdb4 and /dev/sdb5 are raid volumes that contains two copies of the same root partition. The other copy is used when doing a firmware update (ping-pong approach, see [1]). We mount them with:
mdadm --assemble --run /dev/md4 /dev/sdb4       # Done automatically on Ubuntu
mdadm --assemble --run /dev/md5 /dev/sdb5       # Done automatically on Ubuntu
mount /dev/md4 /mount/md4
mount /dev/md5 /mount/md5
  • /dev/sdb6 contains another raid partition, mounted as an additional layer over root partition above. It contains:
/dev/md6
    0/
        etc/
        root/
        var/
    1/
        etc/
        root/
        var/
    lost+found/
    tmp/

Configuration

First install

  • Network share available at smb://lacie-cloudbox/.
  • Cloudbox dashboard available at http://lacie-cloudbox.local.
  • setup smtp access (smtp.scarlet.be, port 25)
  • IP Configuration — fixed IP address 172.19.100.98
  • Enable the netbackup-share (port 873, encrypted port 22)
  • Create user beq06659, with private share.
MAC 00:d0:4b:96:34:32
IP 172.19.100.98
hostname lacie-cloudbox

Rooting

First rooting
  • Create telnetd.sh in a share root
cat > /smb/lacie-cloudbox/family/telnetd.sh <<- __END__
#!/bin/sh
/usr/sbin/telnetd -l /bin/sh
__END__
  • Get and build clunc:
# CLUNC Home: http://lacie-nas.org/doku.php?id=clunc
git clone http://git.lacie-nas.org/clunc.git
cd clunc
make
  • Run clunc, and reboot lacie:
./clunc -i 192.168.1.98
  • ...

When we get root access, we changed the following file:

  • Edit file /etc/initng/runlevel/default.runlevel:
-#sshd
+sshd
  • Edit file /etc/unicorn/unicorn_conf/unicorn.sharing.ssh.conf
-enabled: false
+enabled: true
  • Edit file /etc/ssh/sshd_config
-PermitRootLogin no
-AllowUsers netbackup
+PermitRootLogin yes
+AllowUsers root netbackup git
+Match User root
+Match User git
  • Add to file /etc/environment:
PATH=/opt/bin:/opt/sbin
  • Edit file /etc/lighttpd/lighttpd.conf
--- lighttpd.conf.bak	2017-04-24 17:36:43.000000000 +0200
+++ lighttpd.conf	2017-04-24 17:38:19.000000000 +0200
@@ -1,6 +1,6 @@
 server.modules              = (
-#  "mod_redirect",
-#  "mod_cgi",
+  "mod_redirect",
+  "mod_cgi",
   "mod_expire",
   "mod_compress",
   "mod_proxy",
@@ -9,6 +9,8 @@
   "mod_setenv",
   "mod_secdownload",
   "mod_access",
+  "mod_alias",
+  "mod_auth",
 )
 
 include "secure_password.inc"
@@ -27,9 +29,19 @@
 url.rewrite-once = ("^/info$" => "/api/external/1.0/system_info","^/diagnostics$" => "/api/external/1.0/diagnostics")
 
 index-file.names            = (
-  "index.html", "index.php"
+  "index.html", "index.php", "index.cgi"
 )
 
+# Force HTTPS
+$HTTP["scheme"] == "http" {
+	# capture vhost name with regex conditiona -> %0 in redirect pattern
+	# must be the most inner block to the redirect rule
+ 	$HTTP["url"] =~ "/backuppc" {
+ 	    $HTTP["host"] =~ ".*" {
+ 		    url.redirect = (".*" => "https://%0$0")
+ 	    }
+ 	}
+}
 
 $HTTP["url"] =~ "index"{
       setenv.add-response-header = ( "Cache-Control" => "no-cache, no-store" )
@@ -61,6 +73,21 @@
       url.access-deny = ("")                                      
 }
 
+## >>>>>>>>>>>> ADDED FOR BACKUPPC
+cgi.assign += ( "/opt/local/backuppc/cgi-bin/index.cgi" => "" )
+#alias.url += ("/backuppc/index.cgi" => "/opt/local/backuppc/cgi-bin/index.cgi")
+alias.url += ("/backuppc" => "/opt/local/backuppc/cgi-bin" )
+#alias.url += ("/BackupPC_Admin" => "/shares/backuppc/www/cgi-bin/BackupPC_Admin")
+auth.debug = 2
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/etc/lighttpd/lighttpd-htpasswd.user"
+auth.require = ( "/backuppc" =>
+	( "method" => "basic", "realm" => "Password protected area", "require" => "user=backuppc" )
+)
+
+## Added for rubik's WCA official scrambler / timer
+alias.url += ("/tnt" => "/opt/local/tnoodle-timer/tnt.html" )
+
 proxy.server = (
 "/api" => (
   "tornado" => (
Second rooting

After firmware upgrade, we need to root it again. This time clunc method no longer works.

  • Mount drive in another pc
  • Mount partition /dev/md6 and copy back configuration changes (see above) from /dev/md6/1 to /dev/md6/0 (or vice-versa, depending on which image contains the new firmware).
  • Note that originally we tried to edit directly the partitions /dev/md4 but this does not work since the configuration is overridden by files in /dev/md6.

Install Optware

Summary of changes:

  • Create and populate /opt.
  • Update PATH in /root/.profile.
  • Create file /etc/initng/optware.i.
  • Add optware to /etc/initng/runlevel/default.runlevel.

This is copied from the guide [2]:

  • Create a location for optware root:
mkdir /shares/admin/opt                    # This assumes a share 'admin' exists
mkdir /opt
mount -o bind /shares/admin/opt /opt
  • Manually download and Extract the ipkg-opt package.
There's a chicken-and-egg situation we need to overcome, where we cannot install the ipkg-opt package without a package manager. We solve this by replicating the basic functions of the ipkg binary.
cd /opt
feed=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/
feednative=http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/native/unstable
ipkg_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'`
wget $feed/$ipkg_name
tar -xOvzf $ipkg_name ./data.tar.gz | tar -C / -xzvf -
rm $ipkg_name
  • Configure Package Sources
mkdir -p /opt/etc/ipkg
echo "src cross $feed" > /opt/etc/ipkg/feeds.conf
echo "src native $feednative" >> /opt/etc/ipkg/feeds.conf
  • Prepare Root's Profile
echo -e "\nexport PATH=/opt/bin:/opt/sbin:\$PATH" >> /root/.profile
source /root/.profile
  • Update the Package Lists
ipkg update
  • Install the Optware Init Driver Script
Create the file /opt/etc/rc.optware containing the following:
#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

        # Ignore dangling symlinks (if any).
        [ ! -f "$i" ] && continue

        case "$i" in
           *.sh)
                # Source shell script for speed.
                (
                        trap - INT QUIT TSTP
                        set start
                        . $i
                )
                ;;
           *)
                # No sh extension, so fork subprocess.
                $i start
                ;;
        esac
done
Make the file executable:
chmod 755 /opt/etc/rc.optware
  • Install the Optware InitNG File

This file is used by initng to launch the rc.optware file we just created. Copy the contents into the file into /etc/initng/optware.i:

#!/sbin/itype
# This is a i file, used by initng parsed by install_service

    service optware {
          need = unicorn/ready;
          stdall = /var/log/messages;
          script start = {
                  if test -z "${REAL_OPT_DIR}"; then
                      REAL_OPT_DIR=/shares/admin/opt/
                  fi
                  if test -n "${REAL_OPT_DIR}"; then
                      if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
                          mkdir -p /opt
                          mount -o bind ${REAL_OPT_DIR} /opt
                      fi
                  fi
                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
          };
          script stop = {
                  umount /opt
          };
  }
  • Add optware to the end of default.runlevel
echo "optware" >> /etc/initng/runlevel/default.runlevel
  • Tell initng to start Optware
ngc --start optware
After a reboot, /opt should be mounted, and any packages that install scripts in /etc/init.d/ (eg openssh) should have them executed at start-up time.

Install Git

  • Create user git in the unicorn interface (or user will not be available after reboot).
  • Edit /etc/passwd as follows:
git:x:503:100:None:/shares/git:/opt/bin/git-shell
  • Enable user git in /etc/ssh/sshd_config:
    -AllowUsers root netbackup
    +AllowUsers root netbackup git
     Match User root
     Match User netbackup
 	    ForceCommand /usr/bin/nas-backup-server-runner
    +Match User git
  • Create and edit /shares/git/.ssh as usual
  • Restart sshd
ngc --restart sshd
  • In /etc/shadow, make sure that user is not disabled.
git:!:16485:0:99999:7:::            <--- no password and login forbidden
git:*:16485:0:99999:7:::            <--- no password but login allowed

Most of the above is now done in our script init.d/S80config.

Git needs a lot of memory when compressing its database (occurs at each fetch!). To limit this, run as root:

git config --system pack.windowmemory 128m
git config --system pack.packsizelimit 1g
git config --system pack.threads 1
git config --system core.bigFileThreshold 16m

Then as user git, in all relevant projects (typically those with big files)

cd ~/git/minecraft_nosaves.git
git config --local core.bigFileThreshold 10m

Install rsync

We do via user git, so:

  • Set /bin/bash as shell for user git in /etc/passwd
  • Set PermitUserEnvironment yes in /etc/ssh/sshd_config
  • Create file /shares/git/.ssh/environment to add rsync into path:
PATH=/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin

Startup script

Create the file /opt/etc/init.d/S80config (chmod 755):

#! /bin/sh

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then 
    # Enable ssh login with user git
    sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
    # Enable user environment for user git (in order to set PATH)
    sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
    # Restart sshd
    ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi

Create the hosts include file /opt/etc/hosts.inc:

# ###hosts.inc### additional hosts for lacie-cloudbox
172.19.3.1      local.gateway            # Static
172.19.3.2      manticore                # Static?
172.19.100.1	gryphon
172.19.100.2	minimoy                  # DHCP Static        00:24:54:02:98:8d
172.19.100.3	unicorn                  # obsolete
172.19.100.4	beqleunxp1nb103          # obsolete
172.19.100.5	nxl67002ux               # obsolete
172.19.100.6	griffin                  # DHCP Static        68:b5:99:f2:4d:99
172.19.100.7	lambada                  # obsolete
172.19.100.8	reddragon
172.19.100.9    leviathan                # obsolete
172.19.100.10   nxl67063                 # obsolete
172.19.100.11   mandala                  # DHCP Static        00:1b:24:fa:a2:9b
172.19.100.12   nxl67002                 # obsolete
172.19.100.13   nxl67063ux               # obsolete
172.19.100.14   nxl67170ux               # DHCP Static        b8:ca:3a:cc:07:bf
172.19.100.15   pc-112-597               # DHCP Static        b8:ca:3a:93:91:27
172.19.100.16   zyratastic
172.19.100.17   graphicdaemon
172.19.100.18   xbmcbuntu                # DHCP Static        00:01:2e:4e:46:05 00:01:2e:4e:46:06
172.19.100.19   zavcxl0005               # DHCP Static        48:0f:cf:27:ad:ad
# 172.19.100.98	lacie-cloudbox           # Static
172.19.100.99	mnemosyne                # Static
172.19.100.102	minimoy-wlan             # DHCP Static        00:26:5e:37:83:ea
172.19.100.105	nxl67002ux-wlan          # DHCP Static
172.19.100.106	griffin-wlan             # DHCP Static        00:24:d7:7d:4e:94
172.19.100.107	apple-pi                 # Static
172.19.100.111  mandala-wlan             # DHCP Static        00:1d:92:13:d2:7d
172.19.100.114  nxl67170ux-wlan          # DHCP Static        84:3a:4b:22:0d:0c
172.19.100.116  zyratastic-wlan
172.19.100.118  xbmcbuntu-wlan           # DHCP Static        0c:d2:92:54:c1:53
172.19.100.119  zavcxl0005-wlan          # DHCP Static        ac:fd:ce:40:c5:31
172.19.100.120	galaxy

Install Unison

  • ipkg provides unison 2.27.57. It can be installed via ipkg install unison.
ipkg list | grep unison
# unison - 2.27.57-2 - A cross-platform file-synchronization tool.
  • To get a more recent version, see Unison to compile from source. v2.40.102 is the same as on Ubuntu Trusty 14.04.

Netconsole server

On lacie-cloudbox:

  • First install netcat:
ipkg install netcat
  • Then start the server:
mkdir -p /shares/beq06659/netconsole
nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&

On the client, at reboot/wake-up:

NETCON_TGTHOST=lacie-cloudbox
NETCON_PORT=6666
echo "[------------] Redocking on $(date +"%Y-%m-%d %H:%M:%S")..." | nc -w 1 -u -p 6665 $NETCON_TGTHOST $NETCON_PORT
if [ -n "$NETCON_TGTHOST" ]; then 
    NETCON_TGTIP=$(getent hosts $NETCON_TGTHOST|awk '{print $1}')
    ping -c 1 $NETCON_TGTIP >/dev/null
    NETCON_TGTMAC=$(arp -n $NETCON_TGTIP|awk '/ether/{print $3}')
    echo "Setting up netconsole for location '$LOCATION' ($NETCON_TGTHOST,$NETCON_TGTIP/$NETCON_TGTMAC)"
    sudo rmmod netconsole 2> /dev/null
    sudo modprobe netconsole netconsole=@/,$NETCON_PORT@$NETCON_TGTIP/$NETCON_TGTMAC
else 
    echo "netconsole - Unknown location $LOCATION"
fi

Install Optware-ng

Optware-ng is more up-to-date version of Optware. In particular it provides Perl 5.22 with threads, which is necessary to run some autoconf utilities (aclocal).

Our NAS is a armv5tel with kernel 2.6.31-14 (see uname -a), so we pick the ARMv5 EABI legacy feed.

  • Create an /opt mount point:
mkdir /shares/admin/opt-ng
mkdir /opt
mount -o bind /shares/admin/opt-ng /opt
feed=http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy
ipk_name=$(wget -qO- $feed/Packages | awk '/^Filename: ipkg-static/ {print $2}')
wget -O /tmp/$ipk_name $feed/$ipk_name
tar -C /tmp -xvzf /tmp/$ipk_name ./data.tar.gz
tar -C / -xzvf /tmp/data.tar.gz
rm -f /tmp/$ipk_name /tmp/data.tar.gz
echo "src/gz optware-ng $feed" > /opt/etc/ipkg.conf
echo "dest /opt/ /" >> /opt/etc/ipkg.conf
  • Update PATH (if not in /root/.profile already):
export PATH=/opt/bin:/opt/sbin:$PATH
  • Update and install a few packages:
ipkg install perl par2cmdline
ipkg install perl-compress-zlib perl-archive-zip
  • Install optware-devel
ipkg install optware-devel
# ERROR!
# ...
# Downloading http://ipkg.nslu2-linux.org/optware-ng/buildroot-armv5eabi-ng-legacy/libc-dev_1.0.15-3_arm.ipk.
# To remove package debris, try `ipkg remove libc-dev`.
# To re-attempt the install, try `ipkg install libc-dev`.
# Configuring ncurses-base.
# ...
# update-alternatives: Linking //opt/bin/patch to /opt/bin/patch-patch
# Collected errors:
#  * check_data_file_clashes: Package libc-dev wants to install file /opt/include/iconv.h
# 	But that file is already provided by package  * libiconv
#  * opkg_install_cmd: Cannot install package optware-devel.

# Fix the error with:
ipkg install --force-overwrite libc-dev
# If this fails:
#   Collected errors:
#    * pkg_get_installed_files: Failed to open //opt/lib/ipkg/info/libc-dev.list: No such file or directory.
#  try to remove package first, and install again:
ipkg remove libc-dev
ipkg install --force-overwrite libc-dev

# Resume optware-devel install:
ipkg install optware-devel
  • Install dhcp, vim, procps, git...
ipkg install dhcp vim procps git iotop atop procps
  • Restore /opt/etc/rc.optware, /opt/etc/rsyncd.conf, /opt/etc/dhcpd.conf, /opt/etc/init.d/S80config
cp /shares/admin/opt/etc/rc.optware /opt/etc
cp /shares/admin/opt/etc/dhcpd.conf /opt/etc
cp /shares/admin/opt/etc/rsyncd.conf /opt/etc
cp /shares/admin/opt/etc/init.d/S80config /opt/etc/init.d/
cp /shares/admin/opt/etc/hosts.inc /opt/etc

File /opt/etc/rc.optware:

#!/bin/sh

# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
#
for i in /opt/etc/init.d/S??* ;do

        # Ignore dangling symlinks (if any).
        [ ! -f "$i" ] && continue

        case "$i" in
           *.sh)
                # Source shell script for speed.
                (
                        trap - INT QUIT TSTP
                        set start
                        . $i
                )
                ;;
           *)
                # No sh extension, so fork subprocess.
                $i start
                ;;
        esac
done

File /opt/etc/dhcpd.conf:

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "hell";
option domain-name-servers 192.168.1.1;

default-lease-time 86400;
max-lease-time 864000;

option time-offset 0;
option routers 192.168.1.1;
# option ntp-servers 195.13.1.153;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

# subnet 10.152.187.0 netmask 255.255.255.0 {
# }

# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.16 192.168.1.63;
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

# subnet 10.254.239.32 netmask 255.255.255.224 {
#   range dynamic-bootp 10.254.239.40 10.254.239.60;
#   option broadcast-address 10.254.239.31;
#   option routers rtr-239-32-1.example.org;
# }

# A slightly different configuration for an internal subnet.
# subnet 10.5.5.0 netmask 255.255.255.224 {
#   range 10.5.5.26 10.5.5.30;
#   option domain-name-servers ns1.internal.example.org;
#   option domain-name "internal.example.org";
#   option routers 10.5.5.1;
#   option broadcast-address 10.5.5.31;
#   default-lease-time 600;
#   max-lease-time 7200;
# }

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

# host passacaglia {
#   hardware ethernet 0:0:c0:5d:bd:95;
#   filename "vmunix.passacaglia";
#   server-name "toccata.fugue.com";
# }

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
# host fantasia {
#   hardware ethernet 08:00:07:26:c0:a5;
#   fixed-address fantasia.fugue.com;
# }

host manticore {
  hardware ethernet 00:1d:7e:0c:24:5f;
  fixed-address 192.168.1.2;
}

host tvsettopbox {
  hardware ethernet f4:5f:d4:9e:20:2e;
  fixed-address 192.168.1.64;
}

host minimoy-wlan {
  hardware ethernet 00:26:5e:37:83:ea;
  fixed-address 192.168.1.102;
}

host griffin-wlan {
  hardware ethernet 00:24:d7:7d:4e:94;
  fixed-address 192.168.1.106;
}

host apple-pi     {
  hardware ethernet b8:27:eb:30:66:7f;
  fixed-address 192.168.1.107;
}

host mandala-wlan {
  hardware ethernet 00:1d:92:13:d2:7d;
  fixed-address 192.168.1.111;
}

host nxl67170ux.wlan {
  hardware ethernet 84:3a:4b:22:0d:0c;
  fixed-address 192.168.1.114;
}

host zyratastic-wlan {
  hardware ethernet 24:0a:64:69:09:57;
  fixed-address 192.168.1.116;
}

host graphicdaemon-wlan {
  hardware ethernet 54:27:1e:76:40:df;
  fixed-address 192.168.1.117;
}

host xbmcbuntu-wlan {
  hardware ethernet 0c:d2:92:54:c1:53;
  fixed-address 192.168.1.118;
}

host zavcxl0005-wlan {
  hardware ethernet ac:fd:ce:40:c5:31;
  fixed-address 192.168.1.119;
}

host alpha-blue {
  hardware ethernet f4:09:d8:97:c1:78;
  fixed-address 192.168.1.121;
}

host minimoy {
  hardware ethernet 00:24:54:02:98:8d;
  fixed-address 192.168.1.202;
}

host griffin {
  hardware ethernet 68:b5:99:f2:4d:99;
  fixed-address 192.168.1.206;
}

host mandala {
  hardware ethernet 00:1b:24:fa:a2:9b;
  fixed-address 192.168.1.211;
}

host nxl67170ux {
  hardware ethernet b8:ca:3a:cc:07:bf;
  fixed-address 192.168.1.214;
}

host pc-112-597 {
  hardware ethernet b8:ca:3a:93:91:27;
  fixed-address 192.168.1.215;
}

host zyratastic {
  hardware ethernet 74:d0:2b:b8:10:2d;
  fixed-address 192.168.1.216;
}

host graphicdaemon {
  hardware ethernet 10:c3:7b:1a:b2:1a;
  fixed-address 192.168.1.217;
}

host xbmcbuntu {
  hardware ethernet 00:01:2e:4e:46:05;
  fixed-address 192.168.1.218;
}

# xbmcbuntu 2nd ethernet
host xbmcbuntu2 {
  hardware ethernet 00:01:2e:4e:46:06;
  fixed-address 192.168.1.218;
}

host zavcxl0005 {
  hardware ethernet a0:d3:c1:9c:59:56;
  fixed-address 192.168.1.219;
}

# host galaxy {
#   hardware ethernet --:--:--:--:--:--;
#   fixed-address 192.168.1.120;
# }

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

# class "foo" {
#   match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
# }

# shared-network 224-29 {
#   subnet 10.17.224.0 netmask 255.255.255.0 {
#     option routers rtr-224.example.org;
#   }
#   subnet 10.0.29.0 netmask 255.255.255.0 {
#     option routers rtr-29.example.org;
#   }
#   pool {
#     allow members of "foo";
#     range 10.17.224.10 10.17.224.250;
#   }
#   pool {
#     deny members of "foo";
#     range 10.0.29.10 10.0.29.230;
#   }
# }

File /opt/etc/rsyncd.conf:

# rsyncd.conf
# 
# configure according to your needs

uid = nobody
gid = everyone
use chroot = yes
max connections = 5
syslog facility = local3
pid file = /var/run/rsyncd.pid
secrets file = /opt/etc/rsyncd.secrets

#[backup]
#        path = /share/hdd/data/backup
#        comment = nslu2 backup
#        read only = no
#		 auth users = harry
#		 hosts allow = 192.168.10.10
#		 hosts deny = *

File /opt/etc/init.d/S80config:

#! /bin/sh

echo "Running $0 on $(date)" >> /root/s80config.log

# Enable /bin/bash as shell for user git to also allow rsync + git in ssh login
sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/bin/bash_}' /etc/passwd
# sed -ri '/^git/{s_/home_/shares/git_; s_/bin/false_/opt/bin/git-shell_}' /etc/passwd

# Change permission for /shares/git or sshd will complain (or add 'StrictModes off to /etc/ssh/ssh_config)
chmod go-w /shares/git

# Configure sshd
if ! grep -q git /etc/ssh/sshd_config; then 
    # Enable ssh login with user git
    sed -ri '/^AllowUsers/s/$/ git/;$aMatch User git' /etc/ssh/sshd_config
    # Enable user environment for user git (in order to set PATH)
    sed -ri $'/^PermitRootLogin/{a PermitUserEnvironment yes\n}' /etc/ssh/sshd_config
    # Restart sshd
    ngc --restart sshd
fi

# Add git to path
if ! grep -q /opt/bin /etc/environment; then echo "PATH=/opt/bin:/opt/sbin" >> /etc/environment; fi

# Add extra addresses to /etc/hosts
if ! grep -q "###hosts.inc###" /etc/hosts; then cat /opt/etc/hosts.inc >> /etc/hosts; fi

# Start netconsole listener
# Requires: ipkg install netcat
# if ! pgrep -f "nc -l -p 6666" >/dev/null 2>/dev/null; then 
#     echo "Starting netconsole listener"
#     mkdir -p /shares/beq06659/netconsole
#     nc -l -p 6666 -u >/shares/beq06659/netconsole/zavcxl0005-netconsole&
# fi

File /opt/etc/hosts.inc:

# ###hosts.inc### additional hosts for lacie-cloudbox
192.168.3.1     local.gateway            # Static
192.168.3.2     manticore                # Static?
192.168.1.201	gryphon
192.168.1.202	minimoy                  # DHCP Static        00:24:54:02:98:8d
192.168.1.203	unicorn                  # obsolete
192.168.1.204	beqleunxp1nb103          # obsolete
192.168.1.205	nxl67002ux               # obsolete
192.168.1.206	griffin                  # DHCP Static        68:b5:99:f2:4d:99
192.168.1.207	lambada                  # obsolete
192.168.1.208	reddragon
192.168.1.209   leviathan                # obsolete
192.168.1.210   nxl67063                 # obsolete
192.168.1.211   mandala                  # DHCP Static        00:1b:24:fa:a2:9b
192.168.1.212   nxl67002                 # obsolete
192.168.1.213   nxl67063ux               # obsolete
192.168.1.214   nxl67170ux               # DHCP Static        b8:ca:3a:cc:07:bf
192.168.1.215   pc-112-597               # DHCP Static        b8:ca:3a:93:91:27
192.168.1.216   zyratastic
192.168.1.217   graphicdaemon
192.168.1.218   xbmcbuntu                # DHCP Static        00:01:2e:4e:46:05 00:01:2e:4e:46:06
192.168.1.219   zavcxl0005               # DHCP Static        48:0f:cf:27:ad:ad
# 192.168.1.98	lacie-cloudbox           # Static
192.168.1.99	mnemosyne                # Static
192.168.1.102	minimoy-wlan             # DHCP Static        00:26:5e:37:83:ea
192.168.1.105	nxl67002ux-wlan          # DHCP Static
192.168.1.106	griffin-wlan             # DHCP Static        00:24:d7:7d:4e:94
192.168.1.107	apple-pi                 # Static
192.168.1.111   mandala-wlan             # DHCP Static        00:1d:92:13:d2:7d
192.168.1.114   nxl67170ux-wlan          # DHCP Static        84:3a:4b:22:0d:0c
192.168.1.116   zyratastic-wlan
192.168.1.118   xbmcbuntu-wlan           # DHCP Static        0c:d2:92:54:c1:53
192.168.1.119   zavcxl0005-wlan          # DHCP Static        ac:fd:ce:40:c5:31
192.168.1.120	galaxy
  • Create the start script /etc/initng/optware-ng.i:
#!/sbin/itype
# This is a i file, used by initng parsed by install_service

    service optware-ng {
          need = unicorn/ready;
          stdall = /var/log/messages;
          script start = {
                  if test -z "${REAL_OPT_DIR}"; then
                      REAL_OPT_DIR=/shares/admin/opt-ng/
                  fi
                  if test -n "${REAL_OPT_DIR}"; then
                      if ! grep ' /opt ' /proc/mounts >/dev/null 2>&1 ; then
                          mkdir -p /opt
                          mount -o bind ${REAL_OPT_DIR} /opt
                      fi
                  fi
                  [ -x /opt/etc/rc.optware ] && /opt/etc/rc.optware
          };
          script stop = {
                  umount /opt
          };
  }
  • Add the service to /etc/initng/runlevel/default.runlevel, and start it:
echo optware-ng >> /etc/initng/runlevel/default.runlevel
ngc --start optware-ng

/root configuration

file README:

DHCP Server
-----------

/opt/etc/dhcpd.conf
    config file

/opt/etc/dhcpd.leases
    current leases

file backup_all.txt:

unison backup.prf          # Make sure that pc-112-567 is up
unison photos.prf          # Make sure that mnemosyne is up
unison archives.prf        # Make sure that mnemosyne is up
unison musics.prf          # Make sure that mnemosyne is up

file CLEAR_MEMORY.sh:

#! /bin/sh

# Run this script to free memory for backuppc

pkill -SIGSTOP -f unicorn            # I stop it first so that it can't react
pkill -SIGKILL -f unicorn            # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd           # media server stuff
pkill -SIGKILL twonky                # media server stuff
pkill -SIGKILL php-cgi               # php-cgi server launcher by lighttpd

# Might also need to STOP/KILL python process, but should kill only the 'unicorn' one
#pkill -SIGSTOP python...

# The following might help as well, because twonky keep restarting
#     ngc -d unicorn

Shares

family
  • Mount with
sudo mount //lacie-cloudbox/beq06659 /mnt/any -o noperm,iocharset=utf8,sec=ntlm,username=public,password=


beq06659
  • Mount with
sudo mount //lacie-cloudbox/beq06659 /mnt/any -o noperm,iocharset=utf8,sec=ntlm,username=beq06659

Backup

Backup Mnemosyne

We use unison.

BackupPC

Fix broken pipe errors

Backuppc requires lot of memory (rsync). To free as much as possible, I kill all python stuff (except ublock-daemon) and all media stuff:

pkill -SIGSTOP -f unicorn            # I stop it first so that it can't react
pkill -SIGKILL -f unicorn            # then kill it
sleep 1 && pkill -SIGSTOP -f unicorn # then stop it again because it respawns
pkill -SIGSTOP -f mt_daapd
pkill -SIGSTOP twonky
pkill -SIGSTOP php-cgi
pkill -SIGKILL -f mt-daapd           # media server stuff
pkill -SIGKILL twonky                # media server stuff
pkill -SIGKILL php-cgi               # php-cgi server launcher by lighttpd

Duplicity (Obsolete)

This section is OBSOLETE — I no longer use duplicity


  • Backup done with deja-dup, which use duplicity as back-end
  • Duplicity can't access samba share. Instead mount samba share locally, and use file:///smb/lacie-cloudbox/sharename instead. Note the triple slash.
  • View available backup:
duplicity collection-status file:///smb/lacie-cloudbox/beq06659
  • List file in current backup
duplicity list-current-files file:///smb/lacie-cloudbox/beq06659

Metadata information is stored in ~/.cache/duplicity. Attention, it seems this can grow quite large.

BURP server

See Burp.

DHCP Server

  • install
# Install the service
ipkg install dhcp
mkdir /opt/var/run
# Edit the configuration
vi /opt/etc/dhcpd.conf
# Restart the service
/opt/etc/init.d/S56dhcpd
  • DHCP daemon configuration: /opt/etc/dhcpd.conf
  • Current leases are at /opt/etc/dhcpd.leases
  • Now I disabled the dhcpd, and will try again the one on vDSL+ router:
cp /opt/etc/dhcpd.conf /opt/etc/dhcpd.conf.bak     # Backup config if we want to reinstall
ipkg remove dhcp
  • DHCP server on the VDSL+ router is a huge pile of sh*te, so I enable it again:
ipkg install dhcp
cp /opt/etc/dhcpd.conf.bak /opt/etc/dhcpd.conf
/opt/etc/init.d/S56dhcpd

To do

  • Current backup only includes files that are readable by user beq06659. It should include all files.
  • Exclude some unnecessary folders. Organize these folders to ease future backup.
  • Backup / filesystem (at least /etc, /usr/local)
Backup solutions
  • deja-dup
  • Need one setup for each pc
  • No centralized management. Backup job could happen all at the same time. Same files between pc are stored multiple times.
  • Easy to setup
  • How to backup root filesystem?
  • duplicity
  • backuppc
  • How to install?
  • Will the NAS have enough memory?
  • bacula
  • Package readily available in OptWare
  • rsnapshot

See question on bacula/backuppc/rsnapshot at http://serverfault.com/questions/282228/bacula-vs-backuppc

Rooting NAS and install new app
  • TBC

Troubleshoot

sshd

  • See log at /var/log/messages
  • Check sshd config /etc/ssh/sshd_config:
  • Make sure user is authorized:
 AllowUsers root netbackup git
  • If user home is on /shares mount, then disable StrictModes
StrictModes no
  • Enable user environment
PermitUserEnvironment yes
then
env > ~/.ssh/environment
vi ~/.ssh/environment                # Remove useless variables
  • Edit /etc/passwd:
git:x:503:100:None:/shares/git:/opt/bin/git-shell
  • Restart sshd:
ngc --restart sshd

git

  • Check that environment is ok [3]
ssh git@lacie-cloudbox  "which git-upload-pack"

ntp

  • Box loses regularly time synchronization, which then affects backuppc
  • Workaround: log into https://lacie-cloudbox/, and reset ntp (uncheck / check ntp server).

slow performance, lot of swapping

The Lacie-Cloudbox only has 256MB physical memory, and some processes takes a lot of memory. When doing some unusual tasks, we can disable (stop) temporarily these processes, without apparently damage:

pkill -SIGSTOP twonky        # Usually consuming around 100MB+
pkill -f -SIGSTOP unicorn    # A python process running /usr/lib/unicorn/run.py (and consuming 100MB+)

To restart:

pkill -SIGCONT twonky
pkill -f -SIGCONT unicorn