building a low-power home server with open source tools · •logical volume manager config –...

Building a Low-Power Home Server with Open Source Tools

Scott CourtneyApril, 2009

The Applications (Immediate)

• LAN file server (NAS device)• Remote backup server• VPN gateway• NAT Firewall• DNS, DHCP, and TFTP boot services

The Applications (Future)

• DLNA Media Server• AFS Server• Kerberos 5 Server• LDAP Server• Web-driven Administration• Small-scale Asterisk PBX server

The Design Criteria• High reliability• Low power (< 50W idle)• Small form factor• Encrypted storage: Burglar gets a brick!• “Headless” operation after initial install• All Open Source software• Reasonable performance (“stuff the LAN at

100 Mbit/sec”)• Budgetary cost circa US$500

The Alternatives• Use a small desktop box

– Higher power consumption– Usually have CPU fan (less reliable)– Low-cost models usually low quality

• Hack an off-the-shelf NAS device– Poor performance of low-cost models– Non-x86 processors (tricky installs)– Possible “bricking” the device if the

process goes wheels-up– Most don't support encryption

The Hardware

• Form Factor– Mini-ITX standard footprint (Morex encl.)

• Motherboard– VIA Epia LT Series

• Mass Storage– Two 750 GB SATA II drives in RAID 1– External USB CDROM for installation– External USB drives (2) for backup

Your Mother(board)!• VIA Epia LT10000EG

– 1.0 GHz C7 processor– Two Ethernet ports, lots of USB– Two SATA II (3.0 Gbit/sec) disk ports

• LT15000G has 1.5 GHz, but CPU fan• Also consider Epia SN series

– Four SATA ports (more RAID choices)– At time I bought, enclosures not readily

available

Motherboard VisualsNote absence of CPU fan, one of the least-reliable components in a typical desktop system.

Be sure there is enough open space around cables for ventiliation!

As with many small systems, things get pretty tight around the connections to front and rear panel I/O points. These were a reall challenge to connect!

Mass Storage (Internal)

• Two Seagate Barracuda SATA II drives, 750 GB each

• Currently running software RAID 1– Motherboard has hardware RAID, but at

time of construction Linux didn't yet support it.

– Need to revisit this, because I've upgraded kernel several times since.

Disk DriveMounting

The second drive mounts at right-angles to, and below, the first. No externally visible drives are needed here, so the two upper bays could also hold hard drives.

Remember when deciding drive locations that they need cooling air!

Mass Storage (External)

• External CDROM/DVDROM via USB– Needed only during installation– Notoriously unreliable devices– Why let it sit there sucking power?

• Two external 750 GB USB drives– Rotated for off-site backups– Could have used eSata instead– Off-the-shelf drives and enclosures

Rear Panel View

Abundant connectors for Ethernet and USB

Audio, keyboard, video, and mouse connectors not used

Also has USB connectors on the front – useful for temporary drive hookups!

The Software: Operating System

• Ubuntu Linux Server Edition 8.10– By default, no GUI (less overhead)– Great for headless operation– Widely supported– Debian based distro for easy

maintenance and upgrades– Somewhat less conservative than Debian,

for later device driver support

The Software: Mass Storage

• Logical Volume Manager config– System, swap, and some data volumes

unencrypted, for performance– Private data volumes encrypted strongly

using LUKS (“cryptsetup”)– First data partition contains LUKS “key

file” to decrypt the others– Manually run “access-disks” script once

after each (rare) reboot, enter password one time only

The Software: Backups• Clients back up with a shell script

that invokes “rsync” over SSH– Passwordless PKI login; trusted client users– No point-in-time restores needed for home

server

• Backs up colo server via separate shell script, again using “rsync”

• Backs up self to external USB drives using a third “rsync”-based script

Alternative Backup Strategies...• Could have used Bacula or Amanda

– Point-in-time restore– More robust security– More complex to setup and administer– Decided this was overkill for my needs

• Could have used rdiff-backup– Did use this at one time– Intuitive access to backups, has PIT also– Lousy compatibility between versions!

The Software: File Server

• NFS version 3• Samba version 3• Mass storage managed with Linux

Logical Volume Manager (LVM)• Some LVM partitions encrypted with

LUKS (“cryptsetup”)• Possibly adding AFS support later

Network Diagram

BroadbandModem

Wifi Hub(s)

LAN Switch

Client PCsPrinters

etc.

10.0.0.x

192.168.y.z

Firewall and VPN Configuration• Sits between AT&T U-verse or similar

broadband “modem” and the main switch for the LAN– Standalone wifi access hubs on LAN switch– Broadband modem has outer firewall, this

server has inner, for more robust security– Modem's direct wifi is secondary internet if

server is down (sits on different SSID)

• OpenVPN and a three-rule IPTABLES NAT are all that's needed for VPN gateway

Infrastructure Applications

• DNS server– Slave DNS for Sine Nomine domain as

well as my personal ones– Cache DNS for all other domains

• DHCP and TFTP boot server– Very standard configurations– Assigned fixed IP addresses to most hosts

to allow easy remote support

Other Infrastructure Services

• TFTP– Boot server for Cisco SIP phones– (Future) Boot server for diskless Linux

workstations

• (Future) LDAP– Shared contact database– Possibly useful as SSO authenticator

• (Future) Kerberos 5– Mainly to support AFS

Where Are We Now?• No unscheduled outages since installed• Backups are the envy of some small

corporations (but not SNA)• File server can “stuff the pipeline” at 100

Mbit/sec• Power consumption circa 30 watts• Cost about US$500 when built, less now

Installed and Working!

The rare and elusive black-crested epiabird, in its natural habitat, a secluded stairwell.

Note how the epiabird colllects brightly-colored LAN cables for its elaborate nesting behavior.

Coming “Real Soon Now”...

• uShare DLNA media server– Digital Living Network Architecture– Clients: Playstation 3, XBox 360, others– Play audio, video, still photo albums– “Well I'll be... This thing works now!”

• Asterisk PBX....well, maybe– CPU may not be fast enough– May be easier to outsource VoIP– But it would be seriously fun to do!

Tips for Building Your Own• If hardware RAID not supported, try all_generic_ide boot

parameter.

• Be smarter than me...read the clearly-written instructions in the GRUB menu.lst comments!

• Buy a UPS. Buy a good UPS. Test your good UPS often!

• Google is your friend...these wheels have been invented already.

• Try to use only software from the distro's repository.

• Ask for copies of my RAID 1 install procedure and my custom shell scripts.

• Above all... Yes, this was worthwhile, and yes, it was just as much fun as I hoped it would be!

What I Would Do Differently...

• Probably get the SN-series motherboard– Enclosures now more available– Has four SATA connectors (vs. two)

• Maybe look at a fully fanless design– Case fan is not “as critical” as CPU fan– Give up a lot in CPU speed for these– Possibility of wall-mount flat enclosure

Webliography• http://www.ubuntu.com/

Ubuntu Linux (look at “Server Edition”)

• http://www.howtoforge.com/set-up-raid1-on-a-running-lvm-system-debian-etchhttp://www.debian-administration.org/articles/536Two excellent articles on setting up bootable RAID

• http://www.via.com.tw/en/products/mainboards/VIA Epia motherboards

• http://www.e-itx.com/epro-itx-systems.htmlE-itx Systems (component vendor)

• http://www.logicsupply.com/Logic Supply (component vendor)

• http://www.newegg.com/NewEgg (component vendor)

Contact Info

Scott Courtneyscourtney@sinenomine.nethttp://www.sinenomine.net/

+1 703 723 6673 x1224

This presentation includes vendor recommendations that are the opinion of the presenter only, and do not represent an endorsement

of these products or companies by Sine Nomine Associates.