Post on 22-Aug-2020
transcript
Building a Low-Power Home Server with Open Source Tools
Scott CourtneyApril, 2009
The Applications (Immediate)
• LAN file server (NAS device)• Remote backup server• VPN gateway• NAT Firewall• DNS, DHCP, and TFTP boot services
The Applications (Future)
• DLNA Media Server• AFS Server• Kerberos 5 Server• LDAP Server• Web-driven Administration• Small-scale Asterisk PBX server
The Design Criteria• High reliability• Low power (< 50W idle)• Small form factor• Encrypted storage: Burglar gets a brick!• “Headless” operation after initial install• All Open Source software• Reasonable performance (“stuff the LAN at
100 Mbit/sec”)• Budgetary cost circa US$500
The Alternatives• Use a small desktop box
– Higher power consumption– Usually have CPU fan (less reliable)– Low-cost models usually low quality
• Hack an off-the-shelf NAS device– Poor performance of low-cost models– Non-x86 processors (tricky installs)– Possible “bricking” the device if the
process goes wheels-up– Most don't support encryption
The Hardware
• Form Factor– Mini-ITX standard footprint (Morex encl.)
• Motherboard– VIA Epia LT Series
• Mass Storage– Two 750 GB SATA II drives in RAID 1– External USB CDROM for installation– External USB drives (2) for backup
Your Mother(board)!• VIA Epia LT10000EG
– 1.0 GHz C7 processor– Two Ethernet ports, lots of USB– Two SATA II (3.0 Gbit/sec) disk ports
• LT15000G has 1.5 GHz, but CPU fan• Also consider Epia SN series
– Four SATA ports (more RAID choices)– At time I bought, enclosures not readily
available
Motherboard VisualsNote absence of CPU fan, one of the least-reliable components in a typical desktop system.
Be sure there is enough open space around cables for ventiliation!
As with many small systems, things get pretty tight around the connections to front and rear panel I/O points. These were a reall challenge to connect!
Mass Storage (Internal)
• Two Seagate Barracuda SATA II drives, 750 GB each
• Currently running software RAID 1– Motherboard has hardware RAID, but at
time of construction Linux didn't yet support it.
– Need to revisit this, because I've upgraded kernel several times since.
Disk DriveMounting
The second drive mounts at right-angles to, and below, the first. No externally visible drives are needed here, so the two upper bays could also hold hard drives.
Remember when deciding drive locations that they need cooling air!
Mass Storage (External)
• External CDROM/DVDROM via USB– Needed only during installation– Notoriously unreliable devices– Why let it sit there sucking power?
• Two external 750 GB USB drives– Rotated for off-site backups– Could have used eSata instead– Off-the-shelf drives and enclosures
Rear Panel View
Abundant connectors for Ethernet and USB
Audio, keyboard, video, and mouse connectors not used
Also has USB connectors on the front – useful for temporary drive hookups!
The Software: Operating System
• Ubuntu Linux Server Edition 8.10– By default, no GUI (less overhead)– Great for headless operation– Widely supported– Debian based distro for easy
maintenance and upgrades– Somewhat less conservative than Debian,
for later device driver support
The Software: Mass Storage
• Logical Volume Manager config– System, swap, and some data volumes
unencrypted, for performance– Private data volumes encrypted strongly
using LUKS (“cryptsetup”)– First data partition contains LUKS “key
file” to decrypt the others– Manually run “access-disks” script once
after each (rare) reboot, enter password one time only
The Software: Backups• Clients back up with a shell script
that invokes “rsync” over SSH– Passwordless PKI login; trusted client users– No point-in-time restores needed for home
server
• Backs up colo server via separate shell script, again using “rsync”
• Backs up self to external USB drives using a third “rsync”-based script
Alternative Backup Strategies...• Could have used Bacula or Amanda
– Point-in-time restore– More robust security– More complex to setup and administer– Decided this was overkill for my needs
• Could have used rdiff-backup– Did use this at one time– Intuitive access to backups, has PIT also– Lousy compatibility between versions!
The Software: File Server
• NFS version 3• Samba version 3• Mass storage managed with Linux
Logical Volume Manager (LVM)• Some LVM partitions encrypted with
LUKS (“cryptsetup”)• Possibly adding AFS support later
Network Diagram
BroadbandModem
Wifi Hub(s)
LAN Switch
Client PCsPrinters
etc.
10.0.0.x
192.168.y.z
Firewall and VPN Configuration• Sits between AT&T U-verse or similar
broadband “modem” and the main switch for the LAN– Standalone wifi access hubs on LAN switch– Broadband modem has outer firewall, this
server has inner, for more robust security– Modem's direct wifi is secondary internet if
server is down (sits on different SSID)
• OpenVPN and a three-rule IPTABLES NAT are all that's needed for VPN gateway
Infrastructure Applications
• DNS server– Slave DNS for Sine Nomine domain as
well as my personal ones– Cache DNS for all other domains
• DHCP and TFTP boot server– Very standard configurations– Assigned fixed IP addresses to most hosts
to allow easy remote support
Other Infrastructure Services
• TFTP– Boot server for Cisco SIP phones– (Future) Boot server for diskless Linux
workstations
• (Future) LDAP– Shared contact database– Possibly useful as SSO authenticator
• (Future) Kerberos 5– Mainly to support AFS
Where Are We Now?• No unscheduled outages since installed• Backups are the envy of some small
corporations (but not SNA)• File server can “stuff the pipeline” at 100
Mbit/sec• Power consumption circa 30 watts• Cost about US$500 when built, less now
Installed and Working!
The rare and elusive black-crested epiabird, in its natural habitat, a secluded stairwell.
Note how the epiabird colllects brightly-colored LAN cables for its elaborate nesting behavior.
Coming “Real Soon Now”...
• uShare DLNA media server– Digital Living Network Architecture– Clients: Playstation 3, XBox 360, others– Play audio, video, still photo albums– “Well I'll be... This thing works now!”
• Asterisk PBX....well, maybe– CPU may not be fast enough– May be easier to outsource VoIP– But it would be seriously fun to do!
Tips for Building Your Own• If hardware RAID not supported, try all_generic_ide boot
parameter.
• Be smarter than me...read the clearly-written instructions in the GRUB menu.lst comments!
• Buy a UPS. Buy a good UPS. Test your good UPS often!
• Google is your friend...these wheels have been invented already.
• Try to use only software from the distro's repository.
• Ask for copies of my RAID 1 install procedure and my custom shell scripts.
• Above all... Yes, this was worthwhile, and yes, it was just as much fun as I hoped it would be!
What I Would Do Differently...
• Probably get the SN-series motherboard– Enclosures now more available– Has four SATA connectors (vs. two)
• Maybe look at a fully fanless design– Case fan is not “as critical” as CPU fan– Give up a lot in CPU speed for these– Possibility of wall-mount flat enclosure
Webliography• http://www.ubuntu.com/
Ubuntu Linux (look at “Server Edition”)
• http://www.howtoforge.com/set-up-raid1-on-a-running-lvm-system-debian-etchhttp://www.debian-administration.org/articles/536Two excellent articles on setting up bootable RAID
• http://www.via.com.tw/en/products/mainboards/VIA Epia motherboards
• http://www.e-itx.com/epro-itx-systems.htmlE-itx Systems (component vendor)
• http://www.logicsupply.com/Logic Supply (component vendor)
• http://www.newegg.com/NewEgg (component vendor)
Contact Info
Scott Courtneyscourtney@sinenomine.nethttp://www.sinenomine.net/
+1 703 723 6673 x1224
This presentation includes vendor recommendations that are the opinion of the presenter only, and do not represent an endorsement
of these products or companies by Sine Nomine Associates.