I'm experimenting with service separation by having each service run in its own operating system, all of the sharing hardware though. Why ? Separation seems to be the only secure approach to running any software. Check Joanna's blog out. I went with VirtualBox on Debian 7 host, with, well, Debian 7 guests. First I've prepared template VM by creating a new VM and just proceeding with install. Then I tried spawning some clones of that, but having it done manually takes quite some time and is error prone. Did somebody say automation ? Yes ! First, clone a VM, regenerating MAC addresses and making sure the resource caps are good:
vmrunner@storage:~$ cat prepare_vm #!/bin/bash set -e if [ $# -ne 2 ] ; then echo "usage: $0 vm_name vm_number" exit 0 fi VM_NAME="$1" RAM_AMOUNT="128" DISK_SIZE="2000" VM_NUMBER="$2" RDP_PORT=$(($2+3389)) EXECUTION_CAP="50" VBoxManage clonevm fresh.cyplo.net --name $VM_NAME --mode machine --register VBoxManage modifyvm $VM_NAME --vrde on echo "setting RDP listening port to $RDP_PORT" VBoxManage modifyvm $VM_NAME --memory $RAM_AMOUNT VBoxManage modifyvm $VM_NAME --vrdeport $RDP_PORT VBoxManage modifyvm $VM_NAME --nic1 bridged --bridgeadapter1 eth0 VBoxManage modifyvm $VM_NAME --pae on VBoxManage modifyvm $VM_NAME --cpuexecutioncap $EXECUTION_CAP VBoxManage modifyvm $VM_NAME --hpet on VBoxManage modifyvm $VM_NAME --hwvirtex on VBoxManage modifyvm $VM_NAME --pagefusion on VBoxManage modifyvm $VM_NAME --dvd none VBoxManage modifyvm $VM_NAME --autostart-enabled on VBoxManage modifyvm $VM_NAME --macaddress1 auto VBoxManage modifyvm $VM_NAME --macaddress2 auto echo "vm set up, listing all VMs:" VBoxManage list vms
Then run the VM and change it into Debian service host with new name and some software:
vmrunner@storage:~$ cat kickstart_debian #/bin/bash set -e if [ $# -ne 2 ] ; then echo "usage: $0 new_hostname new_domainname" exit 0 fi NEW_HOSTNAME="$1" NEW_DOMAINNAME="$2" NEW_FQDN="$NEW_HOSTNAME.$NEW_DOMAINNAME" aptitude update aptitude dist-upgrade -y aptitude install vim atop sudo -y hostname ifconfig set -v echo "$NEW_FQDN" > /etc/mailname echo "$NEW_HOSTNAME" > /etc/hostname sed -i "s/dc_other_hostnames\='.*'/dc_other_hostnames='$NEW_FQDN'/g" /etc/exim4/update-exim4.conf.conf sed -i "s/127\.0\.1\.1.*/127.0.1.1 $NEW_FQDN $NEW_HOSTNAME/g" /etc/hosts rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server reboot
The script above needs to be run on guest, I'm using scp with known ssh keys to upload it and then run via ssh. This step is to be automated in the future. Points to improve:
- updating all the guests at once [Chef?]
- monitoring all guests at once [Nagios?]
Summarizing, I'm now running a Tor node, file server, caldav, carddav and some other services on my home server. All of them in separate VMs. And it's running quite well with 2GB of RAM. For more info on my home server build check its hardware and basic software.
I think my NAS box build is no longer in much flux, so I thought it'd be nice to describe it. I had some disks laying around, I had them installed and started playing with the software setup.
Disk /dev/sda: 60.0 GB, 60022480896 bytes Disk /dev/sdb: 320.1 GB, 320072933376 bytes Disk /dev/sdc: 160.0 GB, 160041885696 bytes Disk /dev/sdd: 250.1 GB, 250059350016 bytes Disk /dev/sde: 500.1 GB, 500107862016 bytes
First one is an SSD drive, I used it for OS installation. I went for Crunchbang as I was already familiar with it, however now I'm thinking of just getting newest Debian there, as it's finally released. Nothing fancy about the OS, a regular install really.
storage# df -h Filesystem Size Used Avail Use% Mounted on rootfs 53G 2.4G 48G 5% / /dev/sda1 461M 31M 407M 7% /boot
As you can see / filesystem takes little amount of space, hence the next thing I plan on doing is actually move / to USB3.0 pendrive and then free the SATA drive from it's current duties. I'm reluctant to do so right now, as moving swap to pendrive might result in significant wear. I'm thinking of getting more RAM and then getting rid of the swap at all. These stats were acquired after reboot, there are some loads under which I saw swapping occur.
Software + configuration
NAS means SAMBA, right ? That's what I though. RAID5 + SAMBA for Win clients and NFS for others. After a while I got accustomed to this setup and started playing with my photo collection as it was laying on NAS. The problem ? I deleted one photo and wanted it back. It was nowhere to be found. RAID5, although having internal copies for resiliency, was visible as one drive only and happily deleted the data when asked to. What I really needed was a backup solution, not a NAS. My final answer to that:
storage# df -h Filesystem Size Used Avail Use% Mounted on rootfs 53G 2.4G 48G 5% / /dev/md0 294G 36G 243G 13% /mnt/array_back /dev/sde1 459G 35G 401G 8% /mnt/array_front storage# cat /etc/fstab # /dev/mapper/vg_storage-root / ext4 errors=remount-ro 0 1 UUID=b9d32208-edc0-4981-ab74-5da1e7348a1a /boot ext4 defaults 0 2 /dev/mapper/vg_storage-swap none swap sw 0 0 /dev/md0 /mnt/array_back ext4 defaults 0 2 /dev/sde1 /mnt/array_front ext4 defaults 0 2 storage# mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Sun Apr 21 22:47:38 2013 Raid Level : raid5 Array Size : 312318976 (297.85 GiB 319.81 GB) Used Dev Size : 156159488 (148.93 GiB 159.91 GB) Number Major Minor RaidDevice State 0 8 17 0 active sync /dev/sdb1 1 8 33 1 active sync /dev/sdc1 3 8 49 2 active sync /dev/sdd1
One disk [sde] serves as a front for all user operations. After a while, all changes except for deletions are being flushed onto [array_back] which is a RAID5 matrix.
ownCloud. [array_front] is not directly exposed via SAMBA or NFS, it's governed by ownCloud instance, and then only ownCloud sync client on the computer or phone gets to mess with the data. By having such setup I get 3 copies of each file. One on device, one on the front array and one on the back array. What is also cool about ownCloud is that it also handles contacts and calendar storage for me. One more step towards getting all my data off google ! Points for improvement:
- [array_front] is not an array now. It's just a disk. Make it an proper disk array.
- encrypt the data from array_back and send it to S3 and then let it graduate to Glacier
For a long time I've wandered the voids of the intertubes in search for the parts for my NAS/backup/home server solution.
Online backup solutions are fine to some extent, however, someone else than you then is going through that cat picture collections of yours and other private stuff. Also the cloud tends to not be the cheapest option possible.
The need for moar virtual disk space calls for moar physical disk space. To build any reasonable RAID solution you need 4-5 disks at least, plus maybe one for system disk. That is a minimum of 6 disk slots in the computer case. As I have quite some variety of disks laying around I'd like this case to have an option for using either 3.5" or 2.5" disks. Ah, and the whole thing should not take big amounts of space. Hence "Node 304" by Fractal Design.
Although I intend my NAS to be fanless in the future, I couldn't resist to leave the original fans connected. These are beautiful, supersilent, hydraulic bearing fans, all included in the Node's package.
There are really only two things that you need to be wary of: metal where the screwholes are is very soft and it is easy to damage - and that if you have a PSU without detachable cables you're going to have bad time fitting these inside.
By the way, other small but nice thing is a user manual for this case. Nice paper, nice clean print and friendly attitude. Attention to details !
What board supports at least 6 SATA disks, has low power consuption and fits into miniITX format ? Easily obtainable in central Europe ? And not super expensive ?
It took almost 3 months for me to find it, I present to you Asus P8H77-I. All the usual stuff, most of it I don't need, frankly and not so low on power, but hey - 6 SATA in miniITX.
One caveat - it needs 2 power cables connected to function. The usual 24-pin EATX and also 4-pin ATX 12V also called P4. What if your PSU has only those fancy new EPS8 and EPS6 as mine do ? Fear not, connect half of the EPS8 into P4 port and everything shall be okay.
I recently gave a two hours presentation on Erlang 101 along with Fabian. Because of the generous support from Infusion I was able to speak at Institute of Computer Science at University of Wroclaw. The event was a blast, and that is an opinion of the people other than me also ;) Thanks for everyone who was there and you can find the code and slides on github
- support for 16GB of RAM
- contact smartcard reader
- ~2kg weight
- 11-14" matte, non-glossy screen
- good keyboard, with separate [home], [end], [insert], [delete] buttons
- screen resolution of >=1440
- at least 2x USB2.0 and 1x USB3.0
- no optical drive
- no thunderbolt
- no firewire
- HSDPA modem
Is there something similar that you recommend for me to buy/build ?