Archive for the 'How-To' Category

Raspberry Pi NAS for Travelers


20140422_183301

Say you have some type of home NAS or drive array which houses valuable information. And let’s say you want to go traveling for a while (as I plan to do), but leave the box in storage. What’s the best way to bring your data with you, or just a bunch of free space for projects?

For most, ditching the drive in your laptop for something which has more capacity is good enough. But what if you wanted to maintain some level of redundancy for your data?

In my case, I was coming from a 3 x 1TB drive configuration in RAID 5 with battery backed write cache (Dell PERC 5/i), running Openfiler with NFS and SMB.

The answer, of course, is Raspberry Pi.

Obviously the trade off is a drastic decrease in speed, but more than worth the effort to put this little setup together. Also, due to the CPU overhead and complexity, I didn’t want to bother with software RAID and decided instead to use lsyncd.

The kit includes:

1 x Raspberry Pi
1 x Adafruit Pi case
2 x Seagate Slim Traveler 2TB USB drive
1 x Pluggable 4 port USB hub
1 x PowerGen 2.4-Amp USB wall charger

Raspberry Pi alone doesn’t supply enough power for both drives, or even one for that matter. The powered USB hub is necessary for reliable operation of both drives.

Before we begin, we’ll need to install a few packages.

root@raspberrypi:/# apt-get install sysstat ntfs-3g lsyncd bc

Then make sure lsyncd starts on boot:

root@raspberrypi:/# update-rc.d lsyncd defaults

When working with a large directory structure as I was, upping the number of inotify watches was necessary to keep the lsyncd service from stopping unexpectedly.

root@raspberrypi:/# echo "fs.inotify.max_user_watches = 65535" >> /etc/sysctl.conf
root@raspberrypi:/# sysctl -p

Now comes the tricky part. When working with USB drives on Raspberry Pi, the first drive you plug in will always become sda, the second sdb, and so forth. We’ll need to mount each drive by ID, as opposed to sdX so that no matter the order they’re plugged in, each drive will always have the same mount point. I created a /media directory with directories usb001 & usb002. These will serve as mount points for each drive. I found the ID by plugging in one drive, then listing out /dev/disk/by-id. (It’s worth noting that I had already connected each drive to a Windows machine and formatted with NTFS.) Once you have the ID, you can assign the block device to a mount point in /etc/fstab. Then do the same for the second drive.

/etc/fstab:

proc            /proc           proc    defaults          0       0
/dev/mmcblk0p1  /boot           vfat    defaults          0       2
/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1
/dev/disk/by-id/scsi-SSeagate_Backup+_BK_NA763W70-part1 /media/usb001   ntfs-3g defaults 0       0
/dev/disk/by-id/scsi-SSeagate_Backup+_BK_NA763W8P-part1 /media/usb002   ntfs-3g ro 0    0

In my case, usb002 had all of my data and I didn’t want to risk accidentally syncing it with the empty drive; note the read-only (ro) flag in the options column. Once everything finishes, I’ll remove the flag and specify ‘defaults’ like usb001.

To mount both drives:

root@raspberrypi:/# mount /media/usb001 && mount /media/usb002

/etc/lsyncd.conf:

settings = {
     logfile = "/var/log/lsyncd.log",
     statusfile = "/tmp/lsyncd.status"
}

sync {
     default.rsync,
     delay = 0,
     source = "/media/usb002",
     target = "/media/usb001",
     rsync = {
          archive = true,
          compress = false
     }
}

Start lsyncd:

root@raspberrypi:/# service lsyncd start

Monitor disk utilization:

root@raspberrypi:/# watch -n 1 'iostat -d -x'

Monitor disk space:

root@raspberrypi:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
rootfs          7.2G  2.5G  4.4G  36% /
/dev/root       7.2G  2.5G  4.4G  36% /
devtmpfs        211M     0  211M   0% /dev
tmpfs            44M  760K   44M   2% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs            88M     0   88M   0% /run/shm
/dev/mmcblk0p1   56M   19M   38M  34% /boot
/dev/sda1       1.9T  1.2T  663G  65% /media/usb002
/dev/sdb1       1.9T  168G  1.7T  10% /media/usb001

Here’s a little bash script that spits out a percentage. You may need to modify per your own configuration.

/root/lsyncd-monitor.sh:

#!/bin/bash
sda=`df -h | grep sda | awk '{print $5}' | sed 's/%//g'`
sdb=`df -h | grep sdb | awk '{print $5}' | sed 's/%//g'`
pct=$(echo "scale=1; $sda * 100 / $sdb" | bc)
echo "lsyncd: $pct% complete"

Make it executable and then watch the process:

root@raspberrypi:/# chmod a+x lsyncd-monitor.sh
root@raspberrypi:/# watch -n 1 './lsyncd-monitor.sh'

Once the drives sync up and everything looks good, remove the ‘ro’ attribute in /etc/fstab if you set it previously, and use the source drive as your primary Samba share.

Lsyncd will automatically sync additional files, deletes, etc. with the second drive. If you experience any difficulty with Raspberry Pi, lsyncd, or drive complications, simply disconnect and plug directly into another machine.

 

About Benjamin Perove

Ben has been associated with a broad spectrum of technologies starting from an early age, and he's contributed to the success of many businesses and enterprises since 2001. Most of his time is spent building cool stuff. When he's not working, he enjoys reading, playing acoustic guitar, and being with friends. He currently resides in Chiang Mai, Thailand.

Private VLANs w/ VMware vDS and Cisco Nexus 5000: A Configuration Reference

PVLANs
When configuring the networks of a virtualized environment, private VLANs expand the functionality of a standard VLAN.  This article describes the configuration of PVLANs from both the VMware and Cisco perspectives.  The purpose of this article is to provide a brief configuration overview.  It’s likely you already know what PVLANs are and how they work, so I won’t go into much detail there.  For more information about VLANs and PVLANs, check out Cisco’s Securing Networks with Private VLANs and VLAN Access Control Lists.

Usage Scenarios

  1. DMZ security – Servers running in a DMZ can be isolated from one another. Should a DMZ guest be compromised, the guest is unable to communicate with any other guest in the the DMZ (given each are a part of an isolated PVLAN)
  2. Hosted cloud infrastructure – A customer environment (consisting of multiple guests) in a community PVLAN are able to communicate amongst themselves, but cannot communicate with a different community PVLAN
  3. Overcome standard VLAN limitations – While PVLANs exist with their own set of limitations, private VLANs greatly extend the functionality and usefulness of a standard VLAN

Configuration Overview

vlan 2410 int: 192.168.7.1 (primary 2410, secondary 2411)
vlan 2412 int: 192.168.8.1 (primary 2412, secondary 2413)
vlan 2411 – isolated
vlan 2413 – community
bperove-vm1: 192.168.7.10 – dvPortGroup1 – primary 2410, secondary 2411
bperove-vm2: 192.168.7.11 – dvPortGroup1 – primary 2410, secondary 2411
bperove-vm3: 192.168.8.10 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm4: 192.168.8.11 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm5: 192.168.8.12 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm6: 192.168.8.13 – dvPortGroup3 – primary 2412, secondary 2412

Configuration of VMware vDS (DVS)

CDP information for vmnic2

CDP information for vmnic3

dvSwitch Settings

dvPortGroup Settings

VLAN Configuration

vlan 2410
  private-vlan primary
  private-vlan association 2411
vlan 2411
  private-vlan isolated
vlan 2412
  private-vlan primary
  private-vlan association 2413
vlan 2413
  private-vlan community

Interface Configuration

interface Ethernet1/19
  description bperove - bs-tse-i127 - vmnic2
  switchport mode trunk
  switchport trunk allowed vlan 2410-2411

interface Ethernet1/20
  description bperove - bs-tse-i127 - vmnic3
  switchport mode trunk
  switchport trunk allowed vlan 2412-2413



Communication logic

vm1 can ping vlan 2410 int @ 192.168.7.1, but cannot ping vm2
vm2 can ping vlan 2410 int @ 192.168.7.1, but cannot ping vm1
vm3-5 can ping vlan 2412 int @ 192.168.8.1, and can all ping each other
vm6 can ping vlan 2412 int @ 192.168.8.1, vm3-5, and vm3-5 can ping vm6
vm1-2 cannot ping vm3-6

 

About Benjamin Perove

Ben has been associated with a broad spectrum of technologies starting from an early age, and he's contributed to the success of many businesses and enterprises since 2001. Most of his time is spent building cool stuff. When he's not working, he enjoys reading, playing acoustic guitar, and being with friends. He currently resides in Chiang Mai, Thailand.

Bullet-proof Apache: Nikto Security Scanner

apache

If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:

[code]

./nikto.pl -host [ip address]

[/code]

Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

[code]
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP:          10.0.0.1
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -host 10.0.0.1
---------------------------------------------------------------------------
[/code]

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.

 

About Benjamin Perove

Ben has been associated with a broad spectrum of technologies starting from an early age, and he's contributed to the success of many businesses and enterprises since 2001. Most of his time is spent building cool stuff. When he's not working, he enjoys reading, playing acoustic guitar, and being with friends. He currently resides in Chiang Mai, Thailand.

Find Linux CPU Temperature

The easiest way to get a CPU temperature readout from Linux is by looking at an ACPI function called temperature:
[code]
cat /proc/acpi/thermal_zone/THRM/temperature
[/code]

You could also try sensors-detect and then sensors, but I had some trouble detecting the correct modules on 8 year old hardware.

 

About Benjamin Perove

Ben has been associated with a broad spectrum of technologies starting from an early age, and he's contributed to the success of many businesses and enterprises since 2001. Most of his time is spent building cool stuff. When he's not working, he enjoys reading, playing acoustic guitar, and being with friends. He currently resides in Chiang Mai, Thailand.

Dual-Boot a Sansa e260 with Sandisk OG and Rockbox

Hi, thanks for reading. I’m a friend of Ben’s and he’s letting me put down this post. I run a small electronic music blog at astropope.com. If you have seen the post about how to boost wordpress audio with Amazon S3, then you know we are the guinea pigs to test a new breed of online music blogging.

Pompous? Maybe. Fun? Yes. If you like music as much as we do, you probably want to be wearing it around your neck 24/7. In my case, you want it to listen to on your public transportation commute to work. Right? Or you’re having a hard time transporting 100+ gigs of music to your FreeBSD workstation. I know the feeling.

In this article, I am going to show how to set up your Sansa e260 as a “dual boot” with Sandisk’s original firmware and the Rockbox software.

I am not an expert on the technical differences between MSC or MTP, but in order to install the Rockbox software, you MUST have your Sansa in MSC mode. In Sansa’s original operating software, you will need to navigate to the “Settings” part of the wheel menu. Within there, you will find an option to switch between MCP and MTP. Many Google searches will give you quite intoxicating information of the minute details of both protocols.

The first thing it would be nice for you to do is update the firmware (since mine was refurbished, I had to update the firmware). Download the firmware updater and install it. I cannot always guarantee the accuracy of that link, but if it ever goes down, go to sandisk.com and look around.

Once you have updated what I called the “OG” Sansa software, you are ready to start installing Rockbox. You can begin by going to the install page and selecting the appropriate device.

At the time of this version, we are working with version 3.1 of Rockbox and SanDisk Sansa e200. I tried Option 1, the Automatic Install, but this did not work for me as it constantly claimed it could not detect my Sansa device, so I opted for the manual install.

Download the archive for the Rockbox installation and extract the contents to the root of your Sansa’s file system. For example, H:\.rockbox

Once that has been completed, you can access both the Rockbox software and Sandisk original firmware by installing sansapatcher.exe.

You should now have a pretty sweet “dual booting” mp3 player. Upon reboot, it will default to Rockbox, but you can get to the “OG” by pressing left on the main control.

You have any problems, please let us know!

http://www.sandisk.com

http://www.rockbox.org

 

Next Page »

Add this site to your Firefox Search Bar

Twitter Activity

Recent Entries

Topics

Archives