Linux : sheevaplug as a perfect NAS – Reloaded

Since more than 2 years now, I’m using a Sheevaplug as a low power NAS (see this article). Until now, I was using a Debian 6 “squeeze”, with an old 2.6 kernel.

I had some trouble with Samba, like crash with high usage on small files (eg. Kodi’s library update). In addition, after 2 years of Debian, I was still not convinced and I wanted to use my favorite distro : Archlinux.

I’m using the same “NAS softwares”, but a little bit more tuned…

Base install

At the time I dit the whole install (October, 12), following the official Archlinux Arm install doc was not working.

SDCard install

On a SDCard, I created a small FAT partition (128 Mb), and another ext4 partition with the remaining space. As always, I optimized the SDCard (see this article). and formated the ext4 partition with (SDCard as /dev/sdb):

Then I deployed Archlinux base system on the SDCard (from my Laptop):

After that, booting required to use the serial connection (usb cable) to set some uboot variables. I plugged the cable to my laptop and switched on the Sheevaplug. Then I used GNU Screen to connect to the Sheevaplug. I had to do this very quickly in order to interrupt the boot process by pressing <enter> as soon as the Sheevaplug booted:

System configuration

Setup the base system

First actions I did :

  • change the hostname (/etc/hostname)
  • create a new user
  • delete the default “alarm” user (userdel alarm then rm -R /home/alarm)
  • change root password
  • change /etc/systemd/journald.conf to lesser SDCard write : SyncIntervalSec=10m
  • custom mount options in /etc/fstab for root filesystem :

Install Yaourt and prepare for AUR

I set optimized CCFLAGS and CXXFLAGS in /etc/makepkg.conf and added the following parameters to the default ones (see https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html and https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html) :

Then, I installed yaourt by

  • installing base-devel : pacman -S base-devel
  • adding my user to /etc/suders (yaourt refuse to run as root, for safety reasons)
  • adding archlinuxfr repo to /etc/pacman.conf : Server = http://repo.archlinux.fr/arm

At this point, I had to manualy install package-query for arm as yaourt depends on it, but package-query does not exists as compiled package for arm devices

System tools

Cronie for cron (https://wiki.archlinux.org/index.php/Cron#Cronie) :

I changed /etc/anacrontab to make cronjobs execution during the night :

Then I installed hdparm and a systemd rc.local implementation to easily put some customisations at boot.

/etc/rc.local with customization :

Finaly :

NAS Softwares

Samba and network optimizations

As always the Archlinux wiki was a very good start point. The important steps are :

  • setting “hosts allow” to restrict accesses
  • set “encrypt passwords = yes”
  • set “security = user”
  • create users according to systems accounts with “smbpasswd -a <login>”

I found 2 great articles about network optimizations:
https://linuxengineering.wordpress.com/2014/08/03/performance-tuning-with-pogoplug-v4 (similar to Sheevaplug, but a little less powerfull)
http://datatag.web.cern.ch/datatag/howto/tcp.html

I ended up with the following customizations with which I currently have 18.6 Mb/s when reading and 17.8 Mb/s when writting.

/etc/sysctl.d/10-iptuning.conf :

/etc/samba/smb.conf (network settings only) :

Regain : a search engine

Regain is a nice and simple search engine, initialy made for desktop search. It is composed of a crawler and a web interface for searching… So it can also be used as a server search engine.

It requires java (6 or 7) and tomcat6 to run. Installation guide can be found in Regain manual. I installed it in /opt/regain and made symlink for the webapp to be found by tomcat (in /var/lib/tomcat6/webapps)

I also installed pdfbox to better index pdf files. I had to change the source url in the PKGBUILD (yaourt -S pdfbox) because the default site was too slow (see http://www.apache.org/dyn/closer.cgi for mirrors)

I activated the use of PDFBox by uncommenting the dedicated “preparator” in /var/lib/tomcat6/conf/regain/SearchConfiguration.xml.

With tomcat6 started at this point, regain just displayed a message saying that there was no index. Building one needed to launch the indexer :

It can take a lot of time depending on the number of files to index…

With an index, the web interface allowed to search and see some “google like” results. But clicking on a result did nothing !… Regain is a desktop search engine, so it generates links like “file:///” which simply can’t work from a workstation.

Chance is, regain allows to change links prefixes. With Windows workstations, links like “\\server\share” should work, but I only have Linux and Mac OS X clients. So the only “universal” prefix that could be recognized by any browser was… the (not so) good plain old ftp protocol (ftp://server/). This protocol is clearly not secure and FTPS or SFTP don’t work with all browsers. So I choosed to use a simple FTP connection for search result consultations. It’s not secure, but I only use the search from time to time, so un-encrypted passwords are only passing my network very few times.

Main options of my vsftpd :

  • local users only
  • limit to true users
  • set home of all users to /home (for chroot)
  • CHROOT users

Then in /var/lib/tomcat6/conf/regain/SearchConfiguration.xml, I added the following rewrite rules for all results :

I could have used tomcat to securely access files in https by activating directory listing, but it would have meant

  • to give tomcat user right to access all files – not that secure
  • to duplicate system accounts for access restriction – not really nice
  • to chroot tomcat user to where NAS sources are – not sure it could work correctly
  • to set a signed certificate – hmm… that’s just a home network 😉

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.