| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| advanced:target [2018/10/03 00:36] – dan | advanced:target [2018/10/05 00:40] – [Create a replication user] dan |
|---|
| ====== Building a FreeNAS replication target on an Odroid HC2 ====== | ====== Building a FreeNAS replication target on an Odroid HC2 ====== |
| | |
| | **THIS IS A VERY ROUGH WORK IN PROGRESS. DON'T RELY ON THIS FOR ANYTHING OTHER THAN ENTERTAINMENT. IT WILL EAT YOUR DATA, KICK YOUR DOG, AND POSSIBLY BURN YOUR HOUSE DOWN** |
| | |
| The [[https://www.hardkernel.com/main/products/prdt_info.php?g_code=G151505170472|Odroid HC2]] is a single-board computer that comes equipped with a SATA interface and a heatsink designed to mount a hard drive. It's designed to serve as a simple home NAS, and a version of OpenMediaVault is available specifically for the HC2. However, the board runs Linux, and there's also an OS image of Ubuntu 18.04 available. Since Ubuntu supports ZFS pretty well, it should be trivial to set up one of these to serve as a replication target for a FreeNAS system. Or so I thought. | The [[https://www.hardkernel.com/main/products/prdt_info.php?g_code=G151505170472|Odroid HC2]] is a single-board computer that comes equipped with a SATA interface and a heatsink designed to mount a hard drive. It's designed to serve as a simple home NAS, and a version of OpenMediaVault is available specifically for the HC2. However, the board runs Linux, and there's also an OS image of Ubuntu 18.04 available. Since Ubuntu supports ZFS pretty well, it should be trivial to set up one of these to serve as a replication target for a FreeNAS system. Or so I thought. |
| |
| |
| ===== Rebuild the kernel ===== | ===== Rebuild the kernel ===== |
| To ensure you have the headers for the running kernel installed, run the following commands (taken from the [[https://wiki.odroid.com/odroid-xu4/software/building_kernel#y|Hardkernel wiki]]): | In order to build ZFS, you must have the headers for the running kernel installed on the system. Since there does not appear to be a linux-headers package available matching the kernel version installed on the Odroid, this means you'll need to rebuild the kernel. To do this, run the following commands (taken from the [[https://wiki.odroid.com/odroid-xu4/software/building_kernel#y|Hardkernel wiki]]): |
| <code> | <code> |
| sudo apt update && sudo apt upgrade | sudo apt update && sudo apt upgrade |
| These instructions are taken from the [[https://github.com/zfsonlinux/zfs/wiki/Building-ZFS|ZFSonLinux Wiki]]. First, install the necessary dependencies: | These instructions are taken from the [[https://github.com/zfsonlinux/zfs/wiki/Building-ZFS|ZFSonLinux Wiki]]. First, install the necessary dependencies: |
| <code> | <code> |
| sudo apt install build-essential autoconf libtool gawk alien fakeroot zlib1g-dev uuid-dev libattr1-dev libblkid-dev libselinux-dev libudev-dev parted lsscsi ksh libssl-dev libelf-dev | sudo apt install autoconf libtool gawk alien fakeroot zlib1g-dev uuid-dev libattr1-dev libblkid-dev libselinux-dev libudev-dev parted lsscsi ksh libssl-dev libelf-dev |
| </code> | </code> |
| Then download, build, and install the ZFS code: | Then download, build, and install the ZFS code: |
| <code> | <code> |
| zpool create -o ashift=12 dozer /dev/disk/by-id/ata-WDC_WD80EMAZ-00M9AA0_VAGA2PLD | zpool create -o ashift=12 dozer /dev/disk/by-id/ata-WDC_WD80EMAZ-00M9AA0_VAGA2PLD |
| | </code> |
| | |
| | ===== Enable encryption, and create an encrypted dataset ===== |
| | **FreeNAS doesn't support OpenZFS encryption at this time, and it's not possible to replicate from a non-encrypted dataset to an encrypted one. This documentation is left for the sake of completeness.** |
| | |
| | The idea of this system is to be a standalone storage "brick", which could be left at a remote location where you might not fully trust the network operator. ZFS on Linux supports dataset encryption for this purpose, and material for this section is drawn from this [[https://datacenteroverlords.com/2017/12/17/zfs-on-linux-with-encryption-part-2/|blog post]]. You'll first need to enable that feature on your pool: |
| | <code> |
| | zpool set feature@encryption=enabled dozer |
| | </code> |
| | Then, create the encrypted dataset: |
| | <code> |
| | zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase dozer/encrypted |
| | </code> |
| | The system will prompt you for a passphrase, which you'll need whenever you mount that dataset. Minimum length is eight characters. |
| | |
| | ===== Create a replication user ===== |
| | For the sake of security, it would be best if replication to this device ran as a user other than root. First, create a user in the FreeNAS web GUI called ''zfsuser''. Note the numeric userid for that user. |
| | |
| | Then, on the Odroid, as root, run |
| | <code> |
| | adduser zfsuser -u userid -s /bin/false |
| | </code> |
| | where "userid" is the numeric user ID noted on the FreeNAS box. |
| | |
| | Generate a SSH keypair for that user: |
| | <code> |
| | sudo -u zfsuser ssh-keygen |
| | </code> |
| | Now allow that user to make changes on the encrypted dataset: |
| | <code> |
| | zfs allow -ldu zfsuser create,destroy,diff,mount,readonly,receive,release,send,userprop dozer/backup |
| </code> | </code> |
| |