Building a Low-Power Home Server with Open Source Tools Scott Courtney April, 2009
The Applications (Immediate) LAN file server (NAS device) Remote backup server VPN gateway NAT Firewall DNS, DHCP, and TFTP boot services
The Applications (Future) DLNA Media Server AFS Server Kerberos 5 Server LDAP Server Web-driven Administration Small-scale Asterisk PBX server
The Design Criteria High reliability Low power (< 50W idle) Small form factor Encrypted storage: Burglar gets a brick! Headless operation after initial install All Open Source software Reasonable performance ( stuff the LAN at 100 Mbit/sec ) Budgetary cost circa US$500
The Alternatives Use a small desktop box Higher power consumption Usually have CPU fan (less reliable) Low-cost models usually low quality Hack an off-the-shelf NAS device Poor performance of low-cost models Non-x86 processors (tricky installs) Possible bricking the device if the process goes wheels-up Most don't support encryption
The Hardware Form Factor Mini-ITX standard footprint (Morex encl.) Motherboard VIA Epia LT Series Mass Storage Two 750 GB SATA II drives in RAID 1 External USB CDROM for installation External USB drives (2) for backup
Your Mother(board)! VIA Epia LT10000EG 1.0 GHz C7 processor Two Ethernet ports, lots of USB Two SATA II (3.0 Gbit/sec) disk ports LT15000G has 1.5 GHz, but CPU fan Also consider Epia SN series Four SATA ports (more RAID choices) At time I bought, enclosures not readily available
Motherboard Visuals Note absence of CPU fan, one of the least-reliable components in a typical desktop system. Be sure there is enough open space around cables for ventiliation! As with many small systems, things get pretty tight around the connections to front and rear panel I/O points. These were a reall challenge to connect!
Mass Storage (Internal) Two Seagate Barracuda SATA II drives, 750 GB each Currently running software RAID 1 Motherboard has hardware RAID, but at time of construction Linux didn't yet support it. Need to revisit this, because I've upgraded kernel several times since.
Disk Drive Mounting The second drive mounts at right-angles to, and below, the first. No externally visible drives are needed here, so the two upper bays could also hold hard drives. Remember when deciding drive locations that they need cooling air!
Mass Storage (External) External CDROM/DVDROM via USB Needed only during installation Notoriously unreliable devices Why let it sit there sucking power? Two external 750 GB USB drives Rotated for off-site backups Could have used esata instead Off-the-shelf drives and enclosures
Rear Panel View Abundant connectors for Ethernet and USB Audio, keyboard, video, and mouse connectors not used Also has USB connectors on the front useful for temporary drive hookups!
The Software: Operating System Ubuntu Linux Server Edition 8.10 By default, no GUI (less overhead) Great for headless operation Widely supported Debian based distro for easy maintenance and upgrades Somewhat less conservative than Debian, for later device driver support
The Software: Mass Storage Logical Volume Manager config System, swap, and some data volumes unencrypted, for performance Private data volumes encrypted strongly using LUKS ( cryptsetup ) First data partition contains LUKS key file to decrypt the others Manually run access-disks script once after each (rare) reboot, enter password one time only
The Software: Backups Clients back up with a shell script that invokes rsync over SSH Passwordless PKI login; trusted client users No point-in-time restores needed for home server Backs up colo server via separate shell script, again using rsync Backs up self to external USB drives using a third rsync -based script
Alternative Backup Strategies... Could have used Bacula or Amanda Point-in-time restore More robust security More complex to setup and administer Decided this was overkill for my needs Could have used rdiff-backup Did use this at one time Intuitive access to backups, has PIT also Lousy compatibility between versions!
The Software: File Server NFS version 3 Samba version 3 Mass storage managed with Linux Logical Volume Manager (LVM) Some LVM partitions encrypted with LUKS ( cryptsetup ) Possibly adding AFS support later
Network Diagram Broadband Modem LAN Switch 192.168.y.z Wifi Hub(s) 10.0.0.x Client PCs Printers etc.
Firewall and VPN Configuration Sits between AT&T U-verse or similar broadband modem and the main switch for the LAN Standalone wifi access hubs on LAN switch Broadband modem has outer firewall, this server has inner, for more robust security Modem's direct wifi is secondary internet if server is down (sits on different SSID) OpenVPN and a three-rule IPTABLES NAT are all that's needed for VPN gateway
Infrastructure Applications DNS server Slave DNS for Sine Nomine domain as well as my personal ones Cache DNS for all other domains DHCP and TFTP boot server Very standard configurations Assigned fixed IP addresses to most hosts to allow easy remote support
Other Infrastructure Services TFTP Boot server for Cisco SIP phones (Future) Boot server for diskless Linux workstations (Future) LDAP Shared contact database Possibly useful as SSO authenticator (Future) Kerberos 5 Mainly to support AFS
Where Are We Now? No unscheduled outages since installed Backups are the envy of some small corporations (but not SNA) File server can stuff the pipeline at 100 Mbit/sec Power consumption circa 30 watts Cost about US$500 when built, less now
Installed and Working! The rare and elusive blackcrested epiabird, in its natural habitat, a secluded stairwell. Note how the epiabird colllects brightly-colored LAN cables for its elaborate nesting behavior.
Coming Real Soon Now... ushare DLNA media server Digital Living Network Architecture Clients: Playstation 3, XBox 360, others Play audio, video, still photo albums Well I'll be... This thing works now! Asterisk PBX...well, maybe CPU may not be fast enough May be easier to outsource VoIP But it would be seriously fun to do!
Tips for Building Your Own If hardware RAID not supported, try all_generic_ide boot parameter. Be smarter than me...read the clearly-written instructions in the GRUB menu.lst comments! Buy a UPS. Buy a good UPS. Test your good UPS often! Google is your friend...these wheels have been invented already. Try to use only software from the distro's repository. Ask for copies of my RAID 1 install procedure and my custom shell scripts. Above all... Yes, this was worthwhile, and yes, it was just as much fun as I hoped it would be!
What I Would Do Differently... Probably get the SN-series motherboard Enclosures now more available Has four SATA connectors (vs. two) Maybe look at a fully fanless design Case fan is not as critical as CPU fan Give up a lot in CPU speed for these Possibility of wall-mount flat enclosure
Webliography http://www.ubuntu.com/ Ubuntu Linux (look at Server Edition ) http://www.howtoforge.com/set-up-raid1-on-a-running-lvmsystem-debian-etch http://www.debian-administration.org/articles/536 Two excellent articles on setting up bootable RAID http://www.via.com.tw/en/products/mainboards/ VIA Epia motherboards http://www.e-itx.com/epro-itx-systems.html E-itx Systems (component vendor) http://www.logicsupply.com/ Logic Supply (component vendor) http://www.newegg.com/ NewEgg (component vendor)
Contact Info Scott Courtney scourtney@sinenomine.net http://www.sinenomine.net/ +1 703 723 6673 x1224 This presentation includes vendor recommendations that are the opinion of the presenter only, and do not represent an endorsement of these products or companies by Sine Nomine Associates.