User Tools

Site Tools

Trace: ubuntu_14.04_as_an_iscsi_and_nfs_smb_netatalk_storage_box
ubuntu_14.04_as_an_iscsi_and_nfs_smb_netatalk_storage_box

Table of Contents

NAS storage box on Ubuntu 14.04

Initial installation and configuration

Netboot

Install Ubuntu via netinstall.iso

Additional packages to install/remove

apt-get install openssh-server vlan ifenslave-2.6 ntp ntpdate iotop
apt-get remove apparmor

VLAN and bonding mdoules

echo 8021q >> /etc/modules
echo bonding >> /etc/modules
echo mii >> /etc/modules

Network

/etc/network/interfaces
auto eth0
iface eth0 inet manual
bond-master bond0
  
auto eth1
iface eth1 inet manual
bond-master bond0

auto eth2
iface eth2 inet static
address 192.168.0.4
netmask 255.255.255.0

auto eth3
iface eth3 inet static
address 192.168.1.4
netmask 255.255.255.0
  
auto bond0
iface bond0 inet static
bond-mode 802.3ad
bond-miimon 100
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 4
bond-slaves none
address 172.16.2.25
netmask 255.255.255.0
gateway 172.16.2.1
dns-nameservers 208.67.222.222 208.67.220.220
dns-search mngt.bh.helux.nl

auto vlan11
iface vlan11 inet static
address 172.16.3.25
netmask 255.255.255.0
vlan-raw-device bond0

NTP

Remove all server lines. add your own:

/etc/ntp.conf
.
.
server router iburst
.
.
service ntp stop
ntpdate router
service ntp start

ZFS

apt-get install python-software-properties
apt-add-repository ppa:zfs-native/stable
apt-get update
apt-get install ubuntu-zfs

Set ZFS memory usage

Manual

echo 32212254720 > /sys/module/zfs/parameters/zfs_arc_max
cat /sys/module/zfs/parameters/zfs_arc_max

Persistent

/etc/modprobe.d/zfs.conf
#
# yes you really DO have to specify zfs_arc_max IN BYTES ONLY!
# 16GB=17179869184, 8GB=8589934592, 4GB=4294967296, 2GB=2147483648, 1GB=1073741824, 500MB=536870912, 250MB=268435456
#
# 28GB is configured below
options zfs zfs_arc_max=30064771072

iSCSI installation

Install the packages 

apt-get install lio-utils
apt-get install --no-install-recommends targetcli python-urwid

Configure iSCSI

lvcreate -L 500G storage-vg -n iscsi
Logical volume "iscsi" created
targetcli
targetcli GIT_VERSION (rtslib GIT_VERSION)
Copyright (c) 2011-2013 by Datera, Inc.
All rights reserved.
Loaded iscsi_target_mod kernel module.
Created '/sys/kernel/config/target/iscsi'.
/backstores> /
/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- fileio ................................................................................................... [0 Storage Object]
  | o- iblock ................................................................................................... [0 Storage Object]
  | o- pscsi .................................................................................................... [0 Storage Object]
  | o- rd_dr .................................................................................................... [0 Storage Object]
  | o- rd_mcp ................................................................................................... [0 Storage Object]
  o- ib_srpt ........................................................................................................... [0 Targets]
  o- iscsi ............................................................................................................. [0 Targets]
  o- loopback .......................................................................................................... [0 Targets]
  o- qla2xxx ........................................................................................................... [0 Targets]
  o- tcm_fc ............................................................................................................ [0 Targets]
/> /backstores/
/backstores/*        /backstores/fileio/  /backstores/iblock/  /backstores/pscsi/   /backstores/rd_dr/   /backstores/rd_mcp/  
...path
/> /backstores/iblock create iscsi1 /dev/storage-vg/iscsi
Generating a wwn serial.
Created iblock storage object iscsi1 using /dev/storage-vg/iscsi.
/> /iscsi create
Created target iqn.2003-01.org.linux-iscsi.storage.x8664:sn.506b452ff8f4.
Selected TPG Tag 1.
Successfully created TPG 1.
/> cd
/iscsi/iqn.20...52ff8f4/tpgt1> set parameter AuthMethod=None
Parameter AuthMethod is now 'None'.
/iscsi/iqn.20...52ff8f4/tpgt1> set attribute authentication=0
Parameter authentication is now '0'.
/iscsi/iqn.20...52ff8f4/tpgt1> portals/ create
Using default IP port 3260
Automatically selected IP address 192.168.130.10.
Successfully created network portal 192.168.130.10:3260.
/iscsi/iqn.20...52ff8f4/tpgt1> luns/ create /backstores/iblock/iscsi1 
Selected LUN 0.
Successfully created LUN 0.
/iscsi/iqn.20...52ff8f4/tpgt1> cd /
/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- fileio ................................................................................................... [0 Storage Object]
  | o- iblock ................................................................................................... [1 Storage Object]
  | | o- iscsi1 .................................................................................. [/dev/storage-vg/iscsi activated]
  | o- pscsi .................................................................................................... [0 Storage Object]
  | o- rd_dr .................................................................................................... [0 Storage Object]
  | o- rd_mcp ................................................................................................... [0 Storage Object]
  o- ib_srpt ........................................................................................................... [0 Targets]
  o- iscsi .............................................................................................................. [1 Target]
  | o- iqn.2003-01.org.linux-iscsi.storage.x8664:sn.506b452ff8f4 ........................................................... [1 TPG]
  |   o- tpgt1 ........................................................................................................... [enabled]
  |     o- acls ........................................................................................................... [0 ACLs]
  |     o- luns ............................................................................................................ [1 LUN]
  |     | o- lun0 .......................................................................... [iblock/iscsi1 (/dev/storage-vg/iscsi)]
  |     o- portals ...................................................................................................... [1 Portal]
  |       o- 192.168.130.10:3260 ............................................................................... [OK, iser disabled]
  o- loopback .......................................................................................................... [0 Targets]
  o- qla2xxx ........................................................................................................... [0 Targets]
  o- tcm_fc ............................................................................................................ [0 Targets]
/> acls/ create iqn.1998-01.com.vmware:esxi1-3aaface1
No such path /acls
/> cd
/iscsi/iqn.20...52ff8f4/tpgt1> acls/ create iqn.1998-01.com.vmware:esxi1-3aaface1
Successfully created Node ACL for iqn.1998-01.com.vmware:esxi1-3aaface1
Created mapped LUN 0.
/iscsi/iqn.20...52ff8f4/tpgt1> acls/ create iqn.1998-01.com.vmware:esxi2-77fcafc4
Successfully created Node ACL for iqn.1998-01.com.vmware:esxi2-77fcafc4
Created mapped LUN 0.
/iscsi/iqn.20...52ff8f4/tpgt1> cd
/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- fileio ................................................................................................... [0 Storage Object]
  | o- iblock ................................................................................................... [1 Storage Object]
  | | o- iscsi1 .................................................................................. [/dev/storage-vg/iscsi activated]
  | o- pscsi .................................................................................................... [0 Storage Object]
  | o- rd_dr .................................................................................................... [0 Storage Object]
  | o- rd_mcp ................................................................................................... [0 Storage Object]
  o- ib_srpt ........................................................................................................... [0 Targets]
  o- iscsi .............................................................................................................. [1 Target]
  | o- iqn.2003-01.org.linux-iscsi.storage.x8664:sn.506b452ff8f4 ........................................................... [1 TPG]
  |   o- tpgt1 ........................................................................................................... [enabled]
  |     o- acls ........................................................................................................... [2 ACLs]
  |     | o- iqn.1998-01.com.vmware:esxi1-3aaface1 .................................................................. [1 Mapped LUN]
  |     | | o- mapped_lun0 ............................................................................................. [lun0 (rw)]
  |     | o- iqn.1998-01.com.vmware:esxi2-77fcafc4 .................................................................. [1 Mapped LUN]
  |     |   o- mapped_lun0 ............................................................................................. [lun0 (rw)]
  |     o- luns ............................................................................................................ [1 LUN]
  |     | o- lun0 .......................................................................... [iblock/iscsi1 (/dev/storage-vg/iscsi)]
  |     o- portals ...................................................................................................... [1 Portal]
  |       o- 192.168.130.10:3260 ............................................................................... [OK, iser disabled]
  o- loopback .......................................................................................................... [0 Targets]
  o- qla2xxx ........................................................................................................... [0 Targets]
  o- tcm_fc ............................................................................................................ [0 Targets]
/> saveconfig
WARNING: Saving storage.lan current configuration to disk will overwrite your boot settings.
The current target configuration will become the default boot config.
Are you sure? Type 'yes': yes
Making backup of srpt/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Successfully updated default config /etc/target/srpt_start.sh
Making backup of qla2xxx/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Successfully updated default config /etc/target/qla2xxx_start.sh
Making backup of loopback/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Successfully updated default config /etc/target/loopback_start.sh
Making backup of fc/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Successfully updated default config /etc/target/fc_start.sh
Making backup of LIO-Target/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Generated LIO-Target config: /etc/target/backup/lio_backup-2014-05-07_14:41:31.533418.sh
Making backup of Target_Core_Mod/ConfigFS with timestamp: 2014-05-07_14:41:31.533418
Generated Target_Core_Mod config: /etc/target/backup/tcm_backup-2014-05-07_14:41:31.533418.sh
Successfully updated default config /etc/target/lio_start.sh
Successfully updated default config /etc/target/tcm_start.sh

iSCSI initiators ESXi

ESXi shell 

esxcli iscsi adapter list
Adapter  Driver     State   UID                                          Description           
-------  ---------  ------  -------------------------------------------  ----------------------
vmhba38  iscsi_vmk  online  iqn.1998-01.com.vmware:supermicro1-1c5f6261  iSCSI Software Adapter

iSCSI initiators

iqn.1998-01.com.vmware:supermicro1-1c5f6261
iqn.1998-01.com.vmware:supermicro2-6b09d927
iqn.1998-01.com.vmware:mini1-6d96513a
iqn.1998-01.com.vmware:mini2-483a9876

Samba installation

Packages

apt-get install libcups2 samba samba-common cups-common bind9utils smbldap-tools

Configure as a PDC with an LDAP backend

/etc/samba/smb.conf
[global]
	dos charset = CP932
	workgroup = HELUX
	server string = Samba Server %v
	map to guest = Bad User
	passdb backend = ldapsam:ldap://ldap.mngt.rtd.helux.nl/
	passwd program = /usr/sbin/smbldap-passwd -u "%u"
	passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%U
	max log size = 100000
	time server = Yes
	deadtime = 10
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	load printers = No
	printcap name = cups
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	delete user script = /usr/sbin/smbldap-userdel "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	delete group script = /usr/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
	add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
	logon script = logon.bat
	logon path =
	logon drive = H:
	logon home =
	domain logons = Yes
	os level = 65
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap admin dn = cn=admin,dc=helux,dc=nl
	ldap group suffix = ou=Group
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Computer
	ldap passwd sync = yes
	ldap suffix = dc=helux,dc=nl
	ldap ssl = no
	ldap user suffix = ou=People
	idmap config * : backend = tdb
	admin users = root
	create mask = 0640
	directory mask = 0750
	nt acl support = No
	case sensitive = No
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

[netlogon]
	path = /home/netlogon/
	browseable = No

[profiles]
	path = /home/profiles
	read only = No
	create mask = 0600
	directory mask = 0700
	guest ok = Yes
	profile acls = Yes
	browseable = No
	csc policy = disable

[home]
	path = /home/%U
	valid users = %U
	read only = No

[music]
	path = /mnt/storage/music
	guest ok = Yes

[scanner]
	path = /mnt/storage/scanner
	valid users = %U
	read only = No

[share]
	path = /mnt/storage/share
	valid users = %U
	read only = No

[sabnzbd]
	path = /mnt/storage/sabnzbd
	guest ok = Yes

[transmission]
	path = /mnt/storage/transmission
	guest ok = Yes
mkdir /home/netlogon /home/profiles
smbpasswd -W
service samba restart

Netatalk for AFP shares

Install packages

apt-get install netatalk

Configure netatalk and define shares

/etc/netatalk/afpd.conf
.
.
-ipaddr 172.16.3.13 -tcp -noddp -uamlist uams_dhx2.so -nosavepassword
/etc/netatalk/AppleVolumes.default
.
.
# The line below sets some DEFAULT, starting with Netatalk 2.1.
:DEFAULT: options:upriv,usedots

# The "~" below indicates that Home directories are visible by default.
# If you do not wish to have people accessing their Home directories,
# please put a pound sign in front of the tilde or delete it.
~/ $u cnidscheme:dbd options:usedots,upriv
/mnt/storage/music music cnidscheme:dbd options:usedots,upriv
/mnt/storage/photo photo cnidscheme:dbd options:usedots,upriv
/mnt/storage/sabnzbd sabnzbd cnidscheme:dbd options:usedots,upriv
/mnt/storage/scanner scanner cnidscheme:dbd options:usedots,upriv
/mnt/storage/share share cnidscheme:dbd options:usedots,upriv
/mnt/storage/transmission transmission cnidscheme:dbd options:usedots,upriv
/mnt/storage/video video cnidscheme:dbd options:usedots,upriv
/mnt/storage/vmware vmware cnidscheme:dbd options:usedots,upriv
/mnt/storage/timemachine timemachine cnidscheme:dbd options:usedots,upriv,tm volsizelimit:500000

# End of File
service netatalk restart

Configure Avahi-daemon

/etc/avahi/services/netatalk.service
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>
service avahi-daemon restart

NFS server

Install packages

apt-get install nfs-kernel-server

Configure NFS

/etc/default/nfs-common NEED_STATD="yes" STATDOPTS="--port 662 --outgoing-port 2020" . NEED_GSSD="no" 






/etc/default/nfs-kernel-server


.
RPCNFSDCOUNT=32
.
.
RPCMOUNTDOPTS="--manage-gids -p 892 --no-nfs-version 4"
.
.
NEED_SVCGSSD="no"
.






/etc/modprobe.d/local.conf


options lockd nlm_udpport=32769 nlm_tcpport=32803
options nfs callback_tcpport=32764








Exports






/etc/exports


/mnt/storage/vmware 172.16.2.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 46.44.183.176/28(ro,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.4.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.6.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage/vmware/iso 172.16.0.0/16(ro,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage 172.16.2.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.3.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage/home 172.16.2.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.3.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 46.44.183.176/28(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 5.200.9.240/28(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.4.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.5.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.6.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check) 172.16.7.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage/sabnzbd 172.16.3.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage/transmission 172.16.3.0/24(rw,insecure,sync,no_wdelay,no_root_squash,no_subtree_check)
/mnt/storage/video 172.16.3.0/24(rw,insecure,sync,no_wdelay,no_subtree_check)








Modify /etc/fstab






Add data=journal to NFS filesystems which need speed (VMware)





/etc/fstab


.
.
/dev/mapper/system-storage /mnt/storage    ext4    noatime,data=journal         0       2




service nfs-kernel-server restart






Firewall settings








SSH access




ufw allow from any to any proto tcp port 22






NFS




ufw allow from 172.16.0.0/16 to any port 111
ufw allow proto tcp from 172.16.0.0/16 to any port 2049
ufw allow proto tcp from 172.16.0.0/16 to any port 32803
ufw allow proto udp from 172.16.0.0/16 to any port 32769
ufw allow from 172.16.0.0/16 to any port 892
ufw allow from 172.16.0.0/16 to any port 875
ufw allow from 172.16.0.0/16 to any port 662






check_MK




ufw allow proto tcp from 172.16.4.14 to any port 6556






iSCSI




ufw allow proto tcp from 192.168.0.0/24 to 192.168.0.3 port 3260
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.3 port 3260






Netatalk




ufw allow proto tcp from 172.16.0.0/16 to any port 548






Samba




ufw allow proto udp from 172.16.0.0/16 to any port 137
ufw allow proto udp from 172.16.0.0/16 to any port 138
ufw allow proto tcp from 172.16.0.0/16 to any port 139
ufw allow proto tcp from 172.16.0.0/16 to any port 445






Avahi




ufw allow from 172.16.0.0/16 to any port 5353






NFS from DMZ




ufw allow from 94.142.242.32/28 to any port 111
ufw allow proto tcp from 94.142.242.32/28 to any port 2049
ufw allow proto tcp from 94.142.242.32/28 to any port 32803
ufw allow proto udp from 94.142.242.32/28 to any port 32769
ufw allow from 94.142.242.32/28 to any port 892
ufw allow from 94.142.242.32/28 to any port 875
ufw allow from 94.142.242.32/28 to any port 662


ufw allow from 46.44.183.176/28 to any port 111
ufw allow proto tcp from 46.44.183.176/28 to any port 2049
ufw allow proto tcp from 46.44.183.176/28 to any port 32803
ufw allow proto udp from 46.44.183.176/28 to any port 32769
ufw allow from 46.44.183.176/28 to any port 892
ufw allow from 46.44.183.176/28 to any port 875
ufw allow from 46.44.183.176/28 to any port 662


ufw allow from 5.200.9.240/28 to any port 111
ufw allow proto tcp from 5.200.9.240/28 to any port 2049
ufw allow proto tcp from 5.200.9.240/28 to any port 32803
ufw allow proto udp from 5.200.9.240/28 to any port 32769
ufw allow from 5.200.9.240/28 to any port 892
ufw allow from 5.200.9.240/28 to any port 875
ufw allow from 5.200.9.240/28 to any port 662


service ufw enable






PowerChute Network Shutdown




apt-get install default-jre
cd /var/tmp
tar -xvzf pcns310Linux-x86-64.tar.gz
cd Linux_x64/


update-alternatives --config java
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-7-openjdk-amd64/jre  /bin/java
Nothing to configure.




Use /usr/lib/jvm/java-7-openjdk-amd64/jre as Java path





Update the firewall



ufw allow proto tcp from 172.16.0.0/16 to any port 6547 
ufw allow from 172.16.0.0/16 to any port 3052



	





                    
                                    


                
ubuntu_14.04_as_an_iscsi_and_nfs_smb_netatalk_storage_box.txt · Last modified:  by herwarth


                            


            


            
            

                
Page Tools

                

                    
                

            

        


        



    
    

                Donate
        Powered by PHP
        Valid HTML5
        Valid CSS
        Driven by DokuWiki