Using a Synology host for NFS file mounts with Fedora 31.

Often I use NFS as a simple way to keep my home directory consistent across multiple (and ephemeral) VM’s at a time. The Synology NAS makes this really easy.

Enable NFS on your Synology NAS.

The default NFS version is v3, v4 can be enabled. I’m using v3 for this demonstration.  Open the control panel and check the “enable NFS” box.

control-panel1

Create an NFS export on the Synology NAS.

Create a new shared folder and give it a name and select a volume to back it.

control-panel2

You can encrypt the folder if you wish.

control-panel3

You can use the back end Synology features such as file compression and quotas.

control-panel4

Make a note of your settings. As this has a folder of “nfsexports” and it’s on “volume3”, my NFS export path will be “/volume3/nfsexports”

control-panel5

You can add specific users for security, I usually configure a specific host to have access. I also squash users.

control-panel7

I’m now in a position where I can mount the NFS volume on my Fedora server. The only issue is that Fedora will be expecting NFS v4 out of the box, and i’m running v3.

To resolve this I edit the NFS client configuration on my server to expect v3 by default. This can also be done on the command line with options

The config file options are

[root@hansolo nfs]# grep -v ^# /etc/nfsmount.conf
[ NFSMount_Global_Options ]
Defaultvers=3
Nfsvers=3

The command-line test is

 mount -t nfs -o nfsvers=3 192.168.0.241:/volume3/nfsexports /mnt -vv

At this point I can go back to the Fedora cockpit and mount my nfs volume

Log in to cockpit as the administrative user

cockpit-1

Click on Storage and select NFS mounts

fedora-1

Specify the mount credentials

fedora-2

Then check it’s been mounted

fedora-3

It’s as simple as that.

Any, and all comments welcome.

Matt –

 

 

 

 

Using a Synology host for NFS file mounts with Fedora 31.

Use iSCSI block storage from your Synology NAS, with Fedora.

iSCSI has become something of a staple in the world of Linux block storage. It’s quick, it’s reliable I wouldn’t consider it the most secure option but it does “just work”.

I often use iscsi block storage for persistent container storage, as well as a cheap way to add more disk to my VM.

This used to be something of a chore, with iscsiadm and manually copying and pasting long target names, trying to keep track of what is where. Remembering what order to do things, and testing over and over. The Cockpit package within Fedora makes this totally simple now.

This walkthrough will show you how to use your Synology NAS with Fedora 31 to mount remote storage within minutes. NOTE: I’m not using CHAP authentication, as this is just for my own vm’s. In a production environment, you should be using “at least” CHAP.

Ok, what you will need – a volume on your NAS and a local area network. Ideally a Fedora (https://getfedora.org/) vm to test.

Configure the LUN on the NAS

The LUN is the block of storage you want to present. The target is the device that will present that storage to the rest of the network.

Create the LUN

Log into the Synology NAS as an administrator and select the iscsi manager icon.

iscsi-manager

Click on LUN, and create.

Give your LUN a meaningful name, and select how much space you want to allocate from the Synology Volume.

iscsi-manager-2

In order to access the LUN you are creating, you’ll need a target. This can be done at the same time by selecting “Create a new iscsi target”.

iscsi-manager-3

Here you can give your target a sensible name, and the complex “iqn” name will be generated automatically. If you were running a production system you would enable chap authentication at this point on the target.

iscsi-manager-4

Now that is finished, we can see our target with a mapped LUN. How simple was that?

iscsi-manager-6

 

Configuring the client (the Linux box)

In your web browser, connect to your Fedora server with your administrative user. I’m connecting as root for testing, but ideally, this should be your user with SUDO privileges,

cockpit-1

Once logged in, click on the storage tab and scroll down to iscsi targets. This is a list of iscsi targets that your Linux box is aware of. As we don’t have any, we’ll need to add a target and scan for available LUNS.

cockpit-2

To scan for LUNS on a target, click the + button and you’ll be asked for a server address. This is the IP, or hostname of your synology server. Click Next to start scanning.

cockpit-3

Here you can see a list of targets that it’s found. You are probably wondering why we see 3 targets when we only created 1 ? Well, we have IPv6 enabled so they all present the same lun, it’s just a mixture of ipv4 and ipv6 interfaces. As I use ipv4, i’ll be selecting that one and clicking add.

cockpit-4

 

When we now look at our storage drivesin cockpit, we can see a new disk drive. This is the LUN we selected in the previous step. It can be formatted and treated like any other disk.

cockpit-5

Click on the new Synology drive and you can create a partition table on that disk.

cockpit-6

Personally, I like ext4 and I’ve chosen to zero the disk. I’ll be mounting it on  /home/iscsi

cockpit-9

When this completes, you’ll have a 1gb drive mounted from your synology server to the directory /home/iscsi of 1gb. As seen below.

cockpit-11

That’s it. A really simple, effective way to add more disks to a VM or physical hosts without having to touch a screwdriver.

Please let me know if you have any comments or feedback.

Matt

 

Use iSCSI block storage from your Synology NAS, with Fedora.

Automatic backups to a USB disk on your Synology NAS

Context

I’m a hobbyist photographer and I have about 30’000 images that I keep on my Synology drive. My NAS is a core part of my workflow, but bad things do happen. If they do, I still need to be able to access my images while I’m getting my NAS repaired, or replaced.

I don’t have time to do any of this manually, so I’ve automated the process of backing up my images once a week or on-demand from my NAS to my external USB disk.

You will need…

  1. A USB disk large enough to hold all your images. Ideally, a disk that you can leave plugged in for an extended period of time.
  2. A Synology NAS
  3. Some photos
  4. Shell access to your Synology NAS drive.

 

For this example, I will be using the username “myork” and my NAS is called “yoda”.

 

 

Setup Steps

Plug your external USB drive into the back of your Synology NAS. If it is a USB 3 device, be sure to use the blue USB ports if available.

You should be able to see it in the external drives tab of your Synology NAS web console.

external-disk-settings

here you can see it’s been mounted automatically and a new shared folder called usbshare1 will now be visible in your folder list.

disk-list

 

Collect the information about your files and your external disk.

Log into your Synology web console and ensure SSH is enabled.

enable-ssh

Once the service has been enabled, you can then ssh into the Synology NAS.

ssh myork@yoda
...
myork@yoda:~$

As we know the drive is mounted under the name “usbshare1” we can get the full path from the ssh console.

myork@yoda:~$ mount | grep -i usbshare | awk '{print $3}'
/volumeUSB1/usbshare

The result tells us where the Synology OS has mounted the disk on “/volumeUSB1/usbshare”. Now we need to locate all of our photos.

Fortunately, we can do this from the Synology web console. Open the file browser and get the properties of your photo folder.

get-vol-name

 

Make a note of the location. In my case it is /volume1/photo.

Now, we can use a tool called rsync to help up backup our files.

 

The command will look like

/bin/rsync -avzh /volume1/photo /volumeUSB1/usbshare/

 

where /volume1/photo is the source of my files, and /volumeUSB1/usbshare/ is the destination (my external USB disk).

 

Create the task

In the control panel of the Synology web console, click “Task Scheduler”

udscript

Give the task a useful name and run it as your own user. Do not use root as this is the UNIX/Linux super-user and any mistake could damage your system. In my case, I’m using the myork user.

run-user

Click the task settings tab, and put the command into the “user-defined script” box. Feel free to get it to email you if you want that. The option around abnormal termination relies upon the command exiting with a non-zero exit code, which will work with rsync.

runscript-command

Now select when you’d like this to run. Please bear in mind that a disk copy could take some time to run, so you’ll probably want to run this once a week, or maybe daily.

runwhen

You can then attempt a test run of your script and see if your backups are created.

test-run

That’s about it. If you find this useful, or your have any suggestions, please let me know.

Thanks

Matt

Automatic backups to a USB disk on your Synology NAS

A Linux Admins guide to using Synology NAS

Recently I replaced my Synology DS1815+ for a DS1819+. I decided to rebuild from scratch (while migrating my data). I’ve used Synology for about 10 years and I’ve also got a strong background in Linux, so I decided to write a series of articles that describe how I use my Synology NAS with my Linux desktop.

I should make it clear that Fedora & Red Hat are my distro of choice, although most of what I will demonstrate is transferrable to other distributions.

Disclaimer, I work for Red Hat, but this is a personal blog not affiliated with them in any way. My thoughts and blogs are my own.

I encourage, and welcome feedback. If something doesn’t work, doesn’t make sense, then please feel free to reach out to me.

Posts

Configure the SSH server on your Synology NAS.

Automatic USB backups from your Synology NAS

Using Synology for iscsi block storage with Fedora

Using your Synology NAS for NFS with Fedora 31

A Linux Admins guide to using Synology NAS

Configure the SSH server on your Synology NAS.

As a Linux admin, the first tool I reach for when a new device appears on my network is SSH.

For anyone familiar with SSH, you’ll need a few things.

  1. A remote user to connect with
  2. A remote SSH server
  3. A public/private key pair of the correct type
  4. Permission on that server to log in

In order to use SSH, there are a few things you’ll want to configure on your NAS.

Enable the SSH service

From the Synology Web console…

  1. Open the control panel
  2. Scroll down to Terminal & SNMP
  3. Change the port number to suit taste.
  4. Check “Enable SSH service”.
  5. Click Apply.

 

enable-ssh

Test the SSH service.

In this example, my Synology NAS hostname is yoda. My username is myork.

Attempt to log in from the command line

$ ssh myork@yoda
The authenticity of host 'yoda (192.168.0.241)' can't be established.
ECDSA key fingerprint is SHA256:9v9azyqMIubJzRlIeJbo45Snr6jkZaRLAC5QGM56jn8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'yoda,192.168.0.241' (ECDSA) to the list of known hosts.
myork@yoda's password: 
$

 

Configure SSH keys

Generate the SSH public and private key pair.

$ ssh-keygen  
Generating public/private rsa key pair.
Enter file in which to save the key (/home/myork/.ssh/id_rsa): 
/home/myork/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/myork/.ssh/id_rsa.
Your public key has been saved in /home/myork/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:gKak7Eza2WkuEETS/8L4tlmbMGS4SP0taPrXGhb1GGY myork@fedoralaptop.local
The key's randomart image is:
+---[RSA 3072]----+
|oo               |
|...  .           |
|. ..o .E         |
|oo.+. +.+        |
|.=o+oo .S.       |
|Bo.*=.+          |
|o+++**o.         |
|  +o+*o+         |
| ..+=o+          |
+----[SHA256]-----+

Copy the ssh key to the Synology NAS.

$ ssh-copy-id myork@yoda
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'myork@yoda'"
and check to make sure that only the key(s) you wanted were added.

 

Log into the server. Notice you are still asked to enter a password. This is because depending on how your home directory was created, the permissions need to be corrected.

$ ssh 'myork@yoda'
myork@yoda's password: ########

Correct the permissions on the home directory. Replace myork with your username.

$ sshuser="myork"
$ chmod myork:users /volume1/homes/${sshuser}/
$ chmod myork:users /volume1/homes/${sshuser}/.ssh
$ chmod myork:users  /volume1/homes/${sshuser}/.ssh/authorized_keys
$ chmod 755 /volume1/homes/${sshuser}/
$ chmod 700 chmod 755 /volume1/homes/${sshuser}/.ssh
$ chmod 600 chmod 755 /volume1/homes/${sshuser}/.ssh/authorized_keys

 

Update the SSHD config file to allow remote login. First, your user will need to be in the “Administrator” group to elevate privileges. This can be done via the Synology GUI.

ssh-admin-user

You can now elevate privileges using the sudo command. We need to make sure the following lines are uncommented. If they don’t exist, they should be added. I’m using vim as it’s my favourite editor. Just replace it with your preference.

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
$ sudo vim /etc/ssh/sshd_config
RSAAuthentication yes PubkeyAuthentication yes

Then restart the ssh daemon.

$sudo synoservicectl --reload sshd

You should now be able to log in without a password to your new Synology workstation.

Configure the SSH server on your Synology NAS.

RHEL8 – Where did my network scripts go ?

In RHEL8 the old network scripts have been deprecated. However, if you want you can addd them back in.

Red Hat have provided them in a package called network-scripts

$ sudo yum install network-scripts.x86_64

This adds all your favourite scripts back in

$ sudo rpm -ql network-scripts
/etc/rc.d/init.d/network
/etc/sysconfig/network-scripts
/etc/sysconfig/network-scripts/ifcfg-lo
/etc/sysconfig/network-scripts/ifdown
/etc/sysconfig/network-scripts/ifdown-bnep
/etc/sysconfig/network-scripts/ifdown-eth
/etc/sysconfig/network-scripts/ifdown-ippp
/etc/sysconfig/network-scripts/ifdown-ipv6
/etc/sysconfig/network-scripts/ifdown-isdn
/etc/sysconfig/network-scripts/ifdown-post
/etc/sysconfig/network-scripts/ifdown-routes
/etc/sysconfig/network-scripts/ifdown-sit
/etc/sysconfig/network-scripts/ifdown-tunnel
/etc/sysconfig/network-scripts/ifup
/etc/sysconfig/network-scripts/ifup-aliases
/etc/sysconfig/network-scripts/ifup-bnep
/etc/sysconfig/network-scripts/ifup-eth
/etc/sysconfig/network-scripts/ifup-ippp
/etc/sysconfig/network-scripts/ifup-ipv6
/etc/sysconfig/network-scripts/ifup-isdn
/etc/sysconfig/network-scripts/ifup-plip
/etc/sysconfig/network-scripts/ifup-plusb
/etc/sysconfig/network-scripts/ifup-post
/etc/sysconfig/network-scripts/ifup-routes
/etc/sysconfig/network-scripts/ifup-sit
/etc/sysconfig/network-scripts/ifup-tunnel
/etc/sysconfig/network-scripts/ifup-wireless
/etc/sysconfig/network-scripts/init.ipv6-global
/etc/sysconfig/network-scripts/network-functions
/etc/sysconfig/network-scripts/network-functions-ipv6
/usr/lib/.build-id
/usr/lib/.build-id/df
/usr/lib/.build-id/df/fce1383c3b10c1e20c4e4684d16a35c65cad1d
/usr/sbin/ifdown
/usr/sbin/ifup
/usr/sbin/usernetctl
/usr/share/doc/network-scripts
/usr/share/doc/network-scripts/examples
/usr/share/doc/network-scripts/examples/ifcfg-bond-802.3ad
/usr/share/doc/network-scripts/examples/ifcfg-bond-activebackup-arpmon
/usr/share/doc/network-scripts/examples/ifcfg-bond-activebackup-miimon
/usr/share/doc/network-scripts/examples/ifcfg-bond-slave
/usr/share/doc/network-scripts/examples/ifcfg-bridge
/usr/share/doc/network-scripts/examples/ifcfg-bridge-port
/usr/share/doc/network-scripts/examples/ifcfg-eth-alias
/usr/share/doc/network-scripts/examples/ifcfg-eth-dhcp
/usr/share/doc/network-scripts/examples/ifcfg-vlan
/usr/share/doc/network-scripts/examples/static-routes-ipv6
/usr/share/doc/network-scripts/sysconfig.txt
/usr/share/man/man8/ifdown.8.gz
/usr/share/man/man8/ifup.8.gz
/usr/share/man/man8/usernetctl.8.gz

Feedback welcome as always!

RHEL8 – Where did my network scripts go ?

Configure Packer and Vagrant on RHEL8 with libvirt

I’ve finally gotten around to installing RHEL8 as my primary desktop. One of my main use cases is to automatically build and configure vm’s using vagrant for testing.

A few things are subtly different on RHEL8, so I thought i’d share my learning (and some of the hacks i’ve put in place until I can investigate further).

Installation

Install Prerequisites

sudo yum -y install libvirt  \
                    libvirt-devel  \
                    ruby-devel  \
                    libxslt-devel \ 
                    libxml2-devel  \
                    libguestfs-tools-c  \
                    ruby-devel  \
                    gcc

Start the libvirt service

sudo systemctl enable --now libvirtd

Download packer into a Packer subdirectory (customise to taste)

mkdir ~/Packer
cd ~/Packer
curl -o ./packer.zip https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip
unzip packer.zip

Download vagrant CentOS rpm (I’l probably tweak this later, but it works fine for now)

mkdir ~/Vagrant
cd ~/Vagrant
curl -o  vagrant_2.2.4_x86_64.rpm https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.rpm

sudo yum install -y ./vagrant_2.2.4_x86_64.rpm

Install the vagrant libvirt plugin

CONFIGURE_ARGS='with-ldflags=-L/opt/vagrant/embedded/lib with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib' GEM_HOME=~/.vagrant.d/gems GEM_PATH=$GEM_HOME:/opt/vagrant/embedded/gems PATH=/opt/vagrant/embedded/bin:$PATH vagrant plugin install vagrant-libvirt

Test your vagrant project by specifying the provider

vagrant up --provider=libvirt

The following worked fine for me, let me know if you get any issues.

References

https://github.com/vagrant-libvirt/vagrant-libvirt#provider-options

 

Configure Packer and Vagrant on RHEL8 with libvirt