Brute Networking

Building brute networks

Previous Entry Share Next Entry
Ideal home storage
Router
brutenet
Hi! In this article I will describe some problems of home data storage and my approach to them.

* Storage choosing *


There are plenty of devices on the market.
Today I believe good home storage need to have:

- Transfer speed at least 30 Mbytes/sec to and from over SMB (or your main protocol) or greater
- Support at least RAID1, can use at least 2 disks
- Support Ethernet RJ-45 connection
- Support SMB and HTTP protocols (can access all data using both)
- Support automatic backup to external disk
- Debugging capabilities (who is using my storage? what are disks, processor and memory doing?)
- Reliable notifications via sound and email (hardware failures, backup failures, low free space and other)
- Reliable disaster recovery, good technical support and well-discussed on the internet (forums etc.)

So I chose QNAP TS-239 Pro II+

* Choosing disks *


When choosing disks you should:

- Plan needed capacity for 3-8 years ahead
- If you want to use disk actively, if you information is important - use server disks, else use consumer disks.
- Check disks officially compatible with your storage. This is vital. For QNAP use http://www.qnap.com/pro_compatibility.asp
- Check forums for issues with the disk chosen

So I chose two Hitachi Ultrastar 7K3000 HUA723030ALA640 server disks

* Network devices *


If you want to get more than 8 Mbytes/sec, choose gigabit switch. In general model it is not very important. You usually do not need Jumbo frames or some management capabilities for home usage.

Better minimise the number of network devices between your computers and Storage.

* Initial setup *


Important notice:

- Download latest firmware
- Follow other vendor recommendations for initial setup. For QNAP it is in the current manual http://www.qnap.com/download.asp?pl=1&p_mn=179
- Better insert both disks at once and create your RAID1 from scratch
- I do not recommend putting NAS outdoors, in a box, cupboard, closet, or any other cold/hot/wet environment.

* Advanced setup *


When your RAID is up and running, begin tuning your NAS. I recommend that you enter web interface and check all the pages and tabs. These are most important:

- Setup NTP. This will help you understand, what is NAS doing looking at your PC clock and understand time in logs



- Setup at least minimal password strength. This will help you if you or you friend forgets about security.



- When setting up DNS servers, I recommend that you use some public DNS server (e.g. I use Google 8.8.8.8) AND your provider's DNS server. This gives maximum reliability.



- If provider does not give you static IP-address and you want to access your NAS from Internet (your friends or your vacations), set up DDNS. I use no-ip. Note that User name must be with domain.



- I recommend the following hardware settings



(these are optimal. If you have problems, you may need to disable Write cache)
(I recommend to turn standby mode off, increasing you HDD life. If you have noise or hot problems, turn it on)

- I do not recommend using QNAP High Security Level, because the system is already pretty secure. If you will need in future, you can block some hosts using Medium Security Level.



- I recommend that you turn on Network Access Protection for all protocols that you use.



- I recommend these power settings if you are not sure:



* Disk management *


I recommend that you enable temperature alarm at 50 degrees C. Researches show that best temperature for HDD is 35-45 degrees C and minimal spindowns.

I recommend that you enable automatic rapid tests once a month. If your disk is older that 5 years, you may enable tests every week.



I recommend that you enable Bitmap on the RAID. This may help you in a disaster and does not require much performance or disk space. Best choise is to enable Bitmap after you initially write all the main data on the disks.



I recommend that you don't use iSCSI at home. This protocol does not support sharing and has little benefits over standard ones (SMB, AFP, HTTP). iSCSI may be used for special purposes like virtual machines.

* Setup notifications *


I recommend that you setup notifications, so that you know when something is wrong with your NAS and you are not at home. I use email notifications, because I check email often.

To setup email notifications you can create a google account for your NAS and send mail through it. This keeps your main email password secure:



(Note, that you need to check authentication and SSL/TLS boxes)
(Note, that you can use any Sender, even non-existent)

Do not forget to enter your real email address on Alert Notification page:



* Setup protocols *


Microsoft networking: usually standalone + local master browser for home.





For others use default settings.

* Security *


Recommendations:

- Disable all services that you are not going to really need (usually FTP, NFS, Telnet, SFTP is not needed. Also turn off Apple Networking if you use Windows)
- Divide all your data into Public and Private folders. This will help you to grow.
- Use group permissions instead of user permissions even if you have little users for now. This will help you to grow.
- Always passwords where you can use them. Use SNMP community (not public).

* Data protection *


Usually home users have 3 types of data:

+ Not important data (movies, downloads, games etc.) - this data can be stored on cheap desktop drives in a PC

+ Important data. You do not want to loose this data, but it is not a catastrophy. This data can be stored on a NAS RAID1 (or RAID5) and also you can make a tree of the data and put it in a "very important" data location.

+ Very important data. You do not want to loose this data and it is a catastrophy. This data can be stored on a NAS RAID1 (or RAID5) and be automatically backed up to an external USB-drive. Usually this data is less then 10% of Important data and 2.5 inch drive is enough for backup.



To use external backup I connected 2.5 inch usb disk to QNAP, created Critic folders in both Public and Private and set up backup in web interface (I also backup Cacti scripts folder):



Also I:

- periodically backup QNAP settings to Private/Critic folder
- automatically backup all configurations (/mnt/HDA_ROOT and /mnt/ext) to Private/Critic folder using the following cron job:
- backup Gmail, Google documents, ICQ and Skype logs, mobile phone address book (online data) yearly to this folder Private/Critic/Backup.
15 3 1 * * /share/Main/Private/Critic/Backup/QNAP/backup.sh

[/] # cat /share/Main/Private/Critic/Backup/QNAP/backup.sh
/bin/tar -czf mntext.tgz /mnt/ext
/bin/tar -czf HDA_ROOT.tgz /mnt/HDA_ROOT


To make trees of my data I use the following windows bat script yearly (it resides in Private/Critic/Backup/tree):

SET mycd=%cd%
SET par=/F /A
mkdir %date%
x:
cd x:\
tree %par% > %mycd%\%date%\tree-x-%date%.txt
z:
cd z:\
tree %par% > %mycd%\%date%\tree-z-%date%.txt
n:
cd n:\public
tree %par% > %mycd%\%date%\tree-npu-%date%.txt
n:
cd n:\private
tree %par% > %mycd%\%date%\tree-npr-%date%.txt


Trees help me to remember, which files (software versions or movies) I used and download them again if needed, when my PC disks fail.

Also, I greatly recommend that you enable Network Recycle Bin. This will help you to recover files that you or your friends deleted by mistake.



* Monitoring *


Latest QNAP firmware (I use 3.4.4) has new features for monitoring: better CPU/memory monitoring with TOP processes, good logs of System events and Connections (does not include SMB and HTTP connections on Web server, only Administration and Web File Manager)

I recommend that you turn on System Connection Logs, so that if somebody tries to hack you, you can go there and see, what happened:



To further extend monitoring and debugging capabilities I use the following:

- Cacti for monitoring resources
- Awstat for monitoring web server access
- Ntop for detailed information about traffic (usually disabled, I enable it when needed)
- Additional console applications (iotop to know what processes are using disks, sysstat for detailed information about resources, tcpdump for sniffing traffic when needed, iptraf for online traffic statistics)

Most of these are installed with Optware IPKG (), some are directly downloaded with wget.

To save changes on reboot I use my script /etc/config/autorun.sh, which is run from flash disk /tmp/config/autorun.sh (see http://wiki.qnap.com/wiki/Autorun.sh):

ln -sf /etc/config/profile /etc
ln -sf /share/Public/Critic/System/awstats/db /var/lib/awstats
ln -sf /etc/config/awstats /etc
ln -sf /share/Public/Critic/System/awstats /usr/local
ln -s /opt/bin/perl /usr/bin/
/share/MD0_DATA/Private/Critic/Backup/QNAP/ramdisk-load.sh


To prevent Cacti disk access every 5 minutes I moved all RRA, Cacti mysql database and some scripts to ramdisk (using ln -s).

ln -s /var/cacti/mysql /share/Main/.@mysql/cacti
ln -s /var/cacti/site/include /share/Web/cacti/
ln -s /var/cacti/site/cli /share/Web/cacti/
ln -s /var/cacti/site/lib /share/Web/cacti/
ln -s /var/cacti/site/resource /share/Web/cacti/
ln -s /var/cacti/site/rra /share/Web/cacti/

[/var/cacti] # du -ch
1.1M ./mysql
7.0K ./site/resource/script_queries
5.0K ./site/resource/script_server
19K ./site/resource/snmp_queries
32K ./site/resource
132K ./site/cli
40K ./site/lib/adodb/lang
59K ./site/lib/adodb/datadict
392K ./site/lib/adodb/drivers
835K ./site/lib/adodb
1.7M ./site/lib
152K ./site/include/jscalendar/lang
212K ./site/include/jscalendar
74K ./site/include/treeview
471K ./site/include
61K ./site/scripts
7.2M ./site/rra
9.5M ./site
11M .
11M total


To avoid problems you also have to copy several files to /var/cacti/site:

cp /share/Web/cacti/cmd.php /var/cacti/site/
cp /share/Web/cacti/script_server.php /var/cacti/site/


They are backed up from ramdisk to disk every hour and loaded in autorun.sh (see above):

47 1-21 * * * /share/Main/Private/Critic/Backup/QNAP/ramdisk-save.sh

[/] # cat /share/Main/Private/Critic/Backup/QNAP/ramdisk-save.sh
cd /share/MD0_DATA/Private/Critic/Backup/QNAP/
/bin/tar -czf ramdisk-cacti.tgz /var/cacti


Storing something on ramdisk is not generally recommended, but I wanted to avoid excessive noise and disk wear. I also disabled mysql binary logs for cacti in /etc/my.cnf, which prevents mysql from constantly writing to binary log:

log-bin=mysql-bin
binlog-ignore-db=cacti


Awstats setup guide can be seen here: http://wiki.qnap.com/wiki/AWStats



Do not forget to move log files from /mnt/ext to your big disk. Also, I use logrotate for apache logs:

[/] # cat /opt/etc/logrotate.conf
compress

"/usr/local/apache/logs/access_log" /usr/local/apache/logs/error_log {
rotate 5
size=200k
sharedscripts
postrotate
/usr/local/apache/bin/apachectl restart
endscript
}


I run cacti and awstat only when I am not going to sleep, because they make a little noise, although cacti mainly uses ramdisk:

*/5 7-21 * * * /mnt/ext/opt/apache/bin/php /share/Web/cacti/poller.php >/dev/null 2>&1
57 1-21 * * * /usr/local/awstats/tools/awstats_updateall.pl now


Do not forget to copy all your crontab to /etc/config/crontab. I usually edit with "crontab -e", then copy everything to /etc/config/crontab and then update cron with "/etc/init.d/crond.sh restart".

Here are my cacti graphs. Note that I did not collect some parameters all the time and they have gaps:
































I also ping internet site for ping latency and collect information from my main PC into cacti.

You can download my QNAP cacti templates and scripts at http://dl.dropbox.com/u/1350128/qnap-review/qnap-cacti.rar

  • 1
(Deleted comment)
Very nice reading, I'm trying to get cacti installed on my nas, it is a TS219, so this should be similar with your installation, and I was wondering if you have a howto on how you succeeded in doing this?

This might help you. I read all the topic, not only the first post.

[HOWTO] - Install CACTI
http://forum.qnap.com/viewtopic.php?p=106885

I also found that one, and I thought that I could done it very clean by using the mySql database of the nas instead, and that this would make it easier.

And then I'm also not sure about:
mysql>GRANT ALL PRIVILEGES ON CACTIDB.* TO 'root'@'NAS' IDENTIFIED BY 'admin';
should I leave the ' ' in the command or not.

I use databases daily, how I never did set on up.

you can use nas mysql.
just grant all privileges to the user you need (better not use root). use phpmyadmin to simplify your tasks.

I recommend that you ask about cacti installation in the qnap thread. If you have questions about my article and my cacti templates, you can ask me here or on qnap forum too:
http://forum.qnap.com/viewtopic.php?f=11&t=47879

After some experimenting I got it all running, and it even survives a reboot. There are some small things missing in the walk trough, like you can use ipkg install perl to install perl, but you have to create autorun.sh and add some lines to it so that perl is still found after a reboot.)
Could you help me on how to use your template ans scripts. Where to put them, how to call them.
Any help is appreciated.

Import templates into cacti, copy scripts to cacti/scripts folder.
Then enable debug and gradually turn the templates on, looking for errors.
This is usually a pretty long way with different errors, most of errors mean access and installation requirements.
Use cacti forums to get help debugging particular errors.

After some experimenting I got it all running, and it even survives a reboot. There are some small things missing in the walk trough, like you can use ipkg install perl to install perl, but you have to create autorun.sh and add some lines to it so that perl is still found after a reboot.)
Could you help me on how to use your template ans scripts. Where to put them, how to call them.
Any help is appreciated.

Could you also share your other scripts with us, ramdisk-load.sh, ramdisk-save.sh, ...

  • 1
?

Log in