next generation filesystems
Level-up your filesystems and plug your Openmediavault install into, er, some functionality-enhancing plug-ins.
filesystems and indeed the media that they live on have come a long way. Cassettes, cartridges and punchcards didn’t even have a filesystem to speak of: data was just read as a single stream. From there we moved on to directory-less layouts, through to 8.3 filenames, then on to more recognisable features such as permissions and, latterly, journalling. Traditionally, storage has been stratified such that the RAID layer – be it software RAID via MD in the Linux kernel, hardware RAID via a dedicated controller, or so called ‘fake raid’ through the BIOS – is totally separate from the filesystem layer. As we’ve seen, though, RAID only protects against drive failure.
If you have, say, a two-drive RAID1 system, and one of your drives starts writing jibberish without outright failing, then the RAID layer can deduce something is wrong (since the same file will have different contents) – but it has no way of telling which drive is broken. There’s no easy way around this that doesn’t involve either adding a new checksumming layer, or combining filesystem, redundancy and checksumming into one. Unsurprisingly, it’s this latter approach that has gained popularity, and it’s one of the defining features of Sun’s ZFS (see box, left), Microsoft’s barely seen REFS, and Linux’s Btrfs. Apple’s new APFS filesystem includes checksums for metadata, but not user data.
We’ll concentrate on Btrfs here, because it’s been a bit neglected in the preceding pages. Besides the extra resilience it provides through using ‘copy on write’ – in a sense, the natural evolution of a filesystem journal – it also has its own built-in device-spanning capabilities. This means there’s no need for mdadm or LVM, although you can use Btrfs on top of these if you want.
Another great feature is snapshots. You can take a freeze-frame of a whole filesystem and it will initially take up zero space. As that filesystem changes, the changes are stored incrementally in the snapshot and it begins to grow. This means that with very little effort you can take daily snapshots of your drive and revert any one of them when something goes wrong, be it fatfingered deletion, cosmic-ray strike or SATA cables becoming the new catnip. Btrfs snapshots are one of the ways that Linux Mint’s Timeshift backup tool can do its magic.
next gen-ing your nas
Using SMB to access your Openmediavault shares is all well and good, but you’ll see faster transfers if you use
rsync to copy files instead, which you can also configure to push-to and pull-from remote rsync servers within the Services section of the GUI. Neither of these protocols are very useful for streaming movies, and indeed lots of movie players baulk when given remote URIS (such as smb://) instead of local paths. Especially, as it turns out, on KDE Plasma: either use
VLC or mount your shares as CIFS volumes from /etc/ fstab. This will save you getting lost in a clueless web of Kio/phonon/gstreamer unholy couplings here.
It’s possible, but not necessarily smart or fun, to mount these shares remotely, provided you’re willing to open up the right ports (137, 139, 445) on your router’s and possibly your distro’s firewall. We’d recommend sticking with SSH mounts for remote access, which just involves TCP port 22. When you create a new OMV user (as we recommended in step 6 of the walkthough), you can add them to the SSH group to enable them to access. By default, luxuries like the Bash shell and a home directory aren’t set up, but they can be in a few clicks if you want to work on your OMV box like a regular Debian server.
You can also add your user to the ‘sudo’ group, but for remote access we’d strongly recommend setting up public key logins and disabling passwords. You can add a public key by selecting your user and choosing Edit > Public keys > Add. If you’ve already set up a key with
ssh-keygen on your local machine, you can convert it to the required RFC4716 format with
$ ssh-keygen -e -f ~/.ssh/id_rsa.pub and paste the output into the box.
Installing the Omv-extras.org plug-in will avail you of a whole bunch of community plugins. These include Let’s Encrypt integration, so that remote connections can access the admin panel securely over HTTPS. It also allows you to set up Docker, which can in turn run Nextcloud and plenty more. Omv-extras also enables you to enable the Plex repository, which would let your NAS stream movies to anywhere with a web browser. The Gui-based Let’s Encrypt setup requires you to (temporarily) forward port 80, which might be tricky on some routers since they’ll want to serve their own web interface there – but it’s absolutely a wise thing to do if you’re accessing your vault from far away.
One last thing: you might suddenly find you can’t log in via SSH – in our case it was after changing the default password, which is another thing you should definitely do – either using the admin account or via public key with any added accounts. This could be a strange but recurrent filesystem permissions problem. You’ll see an error like this in the logs:
sshd[21546]: Authentication refused: bad ownership or modes for directory /
If you can get a root shell (add your user to the sudo group from the GUI), you can fix this with:
$ sudo chmod og-wt /
As usual, we’ve learned things the hard way so that you don’t have to…