This note explains how to set up a cheap Raid 1 NAS with an Odroid or Rasbperry board and two USB-harddisks using OpenMediaVault. Only very cheap and largely available hardware components are used. When very high availability is required it is recommended to hold available a second Oroid/Rasbperry board with a mirrored SD-card containing the NAS operating system. In this way the system has no single point of failure.

1. Hardware

Any Rasbperry like development board will do as long as Armbian supports it. I prefer Odroid-C2 over Rasbperry 3 because of the better performance, larger memory (2GB) and Gigabit-Ethernet. As neither Odroid-C2 nor Rasbperry-3 have USB3 ports cheap USB2 hard-disks will do perfectly.

Prerequisites for Odroid:
  • 1 Odroid-C2

  • 1 SD-card UHS Speed Class 1 (U1), 4GB

  • 1 USB 2 or USB 3 hard-disk containing your data, e.g. films, photos …​

  • 1 empty USB 2 or USB 3 hard-disk with the same size or bigger.

For optimal speed it is recommended to use the separated USB host port for the second HDD via USB OTG host port on C2.

Prerequisites for Rasbperry:
  • 1 Rasbperry 3

  • 1 SD-card Class 10, 4GB

  • 1 USB 2 or USB 3 hard-disk containing your data, e.g. films, photos …​

  • 1 empty USB 2 or USB 3 hard-disk with the same size or bigger.

Note
You can scale up to 5 USB2 disks as Odroid-C2 has 5 USB2 ports. In this case you need to set up a Raid 5 instead of Raid 1 but the method is analogue. For very high availability you might also want to buy a second Odroid/Rasbperry with a second mirrored SD-card as instant replacement.

Designed as a project for my students I installed all devices in a 3€ paint-bucket. This is how it looks like without cover.

mynas

2. Copy Debian 8 on a micro SD card and initial setup

I recommend the Armbian distribution because it supports the hardware better and it also supports a wide range of Rasbperry-like boards.

See also the official documentation.

2.2. Copy image on SD-card

> dd if=Armbian_5.14_Odroidc2_Debian_jessie_3.14.71.raw of=/dev/mmcblk0 bs=8M

[1]

Insert the SD-card in your Odroid or Rasbperry and power-on.

2.3. Login

Login as root on console or via SSH and use password 1234. Change default password. I will call it "naspassword" later.

2.4. Console stuff

> apt-get update
> apt-get upgrade
> dpkg-reconfigure tzdata
> apt-get install mc aptitude cryptsetup keyboard-configuration
> dpkg-reconfigure keyboard-configuration
> service keyboard-setup restart
> update-initramfs -u

3. Install OpenMediaVault

Follow this Howto and substitute kralizec with erasmus.

  1. Add repository

    add this file: /etc/apt/sources.list.d/openmediavault.list
    deb http://packages.openmediavault.org/public erasmus main
    # deb http://downloads.sourceforge.net/project/openmediavault/packages erasmus main
    
    ## Uncomment the following line to add software from the proposed repository.
    # deb http://packages.openmediavault.org/public erasmus-proposed main
    # deb http://downloads.sourceforge.net/project/openmediavault/packages erasmus-proposed main
    
    ## This software is not part of OpenMediaVault, but is offered by third-party
    ## developers as a service to OpenMediaVault users.
    # deb http://packages.openmediavault.org/public erasmus partner
    # deb http://downloads.sourceforge.net/project/openmediavault/packages erasmus partner
    
    # Regular omv-extras.org repo
    deb https://dl.bintray.com/openmediavault-plugin-developers/erasmus jessie main
  2. Set up your keys

    > wget -O - http://packages.openmediavault.org/public/archive.key | apt-key add -
  3. Install

    > apt-get update
    > aptitude install openmediavault openmediavault-keyring
    > omv-initsystem
  4. Install ovmextras (optional)

    > wget http://omv-extras.org/openmediavault-omvextrasorg_latest_all3.deb
    > dpkg -i openmediavault-omvextrasorg_latest_all3.deb
    > apt-get update
  5. Reboot

    > reboot
    Warning
    In order to reconnect via slogin you need to enable SSH in the OpenmediaVault Web-GUI
    Services -> SSH -> Enable

3.1. Login in

web interface
> firefox https://bucketnas.lan # <- replace with your NAS ip here
  • username = admin

  • password = openmediavault

console/ssh
> slogin -l root bucketnas.lan # <- replace with your NAS ip here
  • username = root

  • password = naspassword

3.2. Install plugins (optional)

Interesting modules:

> apt-get install openmediavault-luksencryption openmediavault-webdav openmediavault-minidlna

[2]

3.3. Enable ssl/tls connections (https:…​)

Open Web-GUI and

openmediavault web-gui -> system -> certicats -> ssl -> add -> create
openmediavault web-gui -> general settings -> Web administration -> secure connection

then enable SSL/TLS and choose the above created certificate.

3.4. Change passwords

  1. Web-GUI-adminstrator password

    firefox https://bucketnas.lan # <- replace with your NAS ip here

    Username: admin, initial password: openmediavault

    OpenMediaVault -> General Settings -> Web Administrator Password
  2. Root password

    > slogin -l root bucketnas.lan # <- replace with your NAS ip here

    Initial password is: odroid

    > passwd

4. Copy a single disk to encrypted Raid1

Empty degraded Raid 1
Figure 1. Empty degraded Raid 1

4.1. Prepare empty degraded Raid 1 with one disk

  1. Create partition on empty disk

    It is highly recommended to pre-partition the disks to be used in the array. Since most RAID users are selecting HDDs >2 TB, GPT partition tables are required and recommended. Disks are easily partitioned using gptfdisk.

    • After created, the partition type should be assigned hex code FD00.

    • If a larger disk array is employed, consider assigning disk labels or partition labels to make it easier to identify an individual disk later.

    • Creating partitions that are of the same size on each of the devices is preferred.

    • A good tip is to leave approx 100 MB at the end of the device when partitioning. See below for rationale.

      Warning
      It is also possible to create a RAID directly on the raw disks (without partitions), but not recommended because it can cause problems when swapping a failed disk. When replacing a failed disk of a RAID, the new disk has to be exactly the same size as the failed disk or bigger — otherwise the array recreation process will not work. Even hard drives of the same manufacturer and model can have small size differences. By leaving a little space at the end of the disk unallocated one can compensate for the size differences between drives, which makes choosing a replacement drive model easier. Therefore, it is good practice to leave about 100 MB of unallocated space at the end of the disk. [3]
    > fdisk /dev/sdb
  2. Create empty degraded Raid 1

    > mdadm --create /dev/md1 --level=1 --raid-devices=2 missing /dev/sdb1

    [4]

  3. Create encryption layer on top of our Raid

    > cryptsetup -v luksFormat /dev/md1
  4. Open encryption layer

    cryptsetup luksOpen /dev/md1 md1-crypt
    Enter passphrase for /dev/md1
  5. Create filesystem

    > mkfs.ext4 /dev/mapper/md1-crypt
  6. Mount this disk as destination disk

    > mkdir /mnt/raid1
    > mount -t ext4 /dev/mapper/md1-crypt /mnt/raid1

4.2. Copy data onto the new disk

  1. Mount disk with existing data

    > mkdir /mnt/from
    > mount -t ext4 /dev/sda1 /mnt/from
  2. Copy

    > cd /mnt/from
    > cp -vur * /mnt/raid1
    Copying
    Figure 2. Copying
  3. Unmount

    > umount /mnt/from
    > umount /mnt/raid1
  4. Create /etc/fstab entry

    Mount the Raid via the Web-GUI. It will leave an entry in /etc/fstab [5]. From now on the filesystem should be mounted automatically as soon as you decrypt.

4.2.1. Prepare a second empty disk

  1. Partition /dev/sda1

    Warning
    This deletes the content of /dev/sda1. Make sure that all your data was previously correctly copied on /dev/raid1!
    Important
    The partition /dev/sda1 must have exactly the same size than /dev/sdb1 (or bigger).
    > fdisk /dev/sda

4.2.2. Complete Raid 1, recover and sync

Complete Raid 1, recover and sync
Figure 3. Complete Raid 1, recover and sync
  1. Start sync

    > mdadm --add-spare /dev/md1 /dev/sda1

    As you can see on the following screenshot the synchronisation of 1.36 TB takes 19h and the speed is approx. 20MB/sec which is a very good value for writing USB 2 disks.

    Sync

    Encryption does not have any impact on the speed with our chosen hardware.

5. Start and stop the system

5.1. Stop

Login as root:

> shutdown

5.2. Start

  1. Assemble raid, decrypt and mount

    Login as root:

    > mdadm -A --scan
    mdadm: /dev/md1 has been started with 2 drives.
    > cryptsetup open --type luks /dev/md1 md1-crypt
    Enter passphrase for /dev/md1
    >

    you will be asked your encryption password and the disk should mount automatically under /media/…​.. If not then open it once via Web-GUI it will leave an entry in /etc/fstab [6]. Next time it should be automatic.

    OpenMediaVault -> Storage -> File Systems -> Select `/dev/mapper/md0-crypt` -> mount
  2. restart some sevices, e.g.

    > service minidlna restart

5.3. Sample startscript

This script resides on your NAS. If you want to call it from your client, adapt it using ssh and sshpass.

Sample startscript (please adjust to your needs)
#!/bin/sh
# assemble logical volume
lvchange -ay /dev/vg-sdb1-sdc1/lv-combined
# assemble Raid
mdadm -A --scan
# setup decryption layer (will prompt for passwd)
cryptsetup open --type luks /dev/md1 md1-crypt
# mount filesystem
mount /dev/mapper/md1-crypt
#restart services
service minidlna restart

5.4. Troubleshooting

5.4.1. Logical volume is not available

Problem

One Raid member device is a logical volume and it is not available.

  > lvdisplay
  --- Logical volume ---
  LV Path                /dev/vg-sdb1-sdc1/lv-combined
  LV Name                lv-combined
  VG Name                vg-sdb1-sdc1
  LV Write Access        read/write
  LV Status              NOT available
  LV Size                2.73 TiB
  Current LE             715347
  Segments               2
  Allocation             inherit
  Read ahead sectors     auto
> lvchange -aay

or if link to device is available

> lvchange -ay /dev/vg-sdb1-sdc1/lv-combined
  --- Logical volume ---
  LV Path                /dev/vg-sdb1-sdc1/lv-combined
  LV Name                lv-combined
  VG Name                vg-sdb1-sdc1
  LV Write Access        read/write
  LV Status              available
  # open                 0
  LV Size                2.73 TiB
  Current LE             715347
  Segments               2
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           252:0

5.4.2. Only one Raid member is started

Problem

Raid starts degraded and you see and error message like /dev/md1 has been started with 1 drive (out of 2).

  1. Check the member devices.

    > mdadm -E /dev/dm-0
    
    dm-0:
              Magic : a92b4efc
            Version : 1.2
        Feature Map : 0x1
       Super Offset : 8 sectors
       Unused Space : before=262056 sectors, after=1152 sectors
              State : clean
    Internal Bitmap : 8 sectors from superblock
        Update Time : Tue Aug 16 20:52:39 2016
      Bad Block Log : 512 entries available at offset 72 sectors
           Checksum : 7c33262b - correct
             Events : 64894
    > mdadm -E /dev/sda1
    
    sda1:
              Magic : a92b4efc
            Version : 1.2
        Feature Map : 0x1
       Super Offset : 8 sectors
       Unused Space : before=262056 sectors, after=8 sectors
              State : clean
    Internal Bitmap : 8 sectors from superblock
        Update Time : Tue Aug 16 23:00:46 2016
      Bad Block Log : 512 entries available at offset 72 sectors
           Checksum : 8c9eaaac - correct
             Events : 64898
  2. Stop Raid.

    > mdadm -S /dev/md1
    mdadm: stopped /dev/md1
  3. Check Raid status.

    > mdadm -D /dev/md1
    
    /dev/md1:
            Version :
         Raid Level : raid0
      Total Devices : 0
    
              State : inactive
  4. Assemble the members.

     > mdadm -A /dev/md1 /dev/sda1 /dev/dm-0
     mdadm: /dev/md1 has been started with 1 drive (out of 2).
  5. Add the missing device.

    > mdadm /dev/md1 --add /dev/dm-0
    mdadm: re-added /dev/dm-0
  6. Check Raid status.

    > mdadm -D /dev/md1
    
    /dev/md1:
            Version : 1.2
         Raid Level : raid1
              State : active
     Active Devices : 2
    Working Devices : 2
     Failed Devices : 0
      Spare Devices : 0
             Events : 64905
    
        Number   Major   Minor   RaidDevice State
           2     252        0        0      active sync   /dev/dm-0
           1       8        1        1      active sync   /dev/sda1

6. Install a DNLA/UPnP media server

6.1. NAS configuration

OpenMediaVault has management modules for many common protocols e.g. FTP, NFS, RSync, SMB/CIFS, SNMP, SSH and TFTP.

In order to set up a media server you may want to install the the minidnla-plugin

> apt-get install openmediavault-minidlna

Do not change the default settings, just define some shares on the tab

OpenMediaVault -> Services -> DNLA -> Shares

and enable the server:

OpenMediaVault -> Services -> DNLA -> Settings -> Enable

6.2. Firewall on NAS

A good template including other services can be found in this forum.

mynas firewall

TODO: Add IPv6 settings. Help is appreciated.

6.3. Set up a video/music player client

The Windows 10 Media Player and Yaacc application for Android can connect without any further configuration.

6.3.1. Debian

I recommend the vlc media-player.

vlc -> local network -> Universal Plug'n'Play ->

It may take a minute until_MiniDNLA_ appears in the main window. Please be patient.

6.3.2. Firewall configuration

A simple firewall configuration tool is gufw.

> apt-get install gufw

The following could be a good start:

To Action From

8200/tcp

ALLOW

Anywhere

1900/udp

ALLOW

Anywhere

8200/tcp

ALLOW

Anywhere (v6)

1900/udp

ALLOW

Anywhere (v6)

7. References


1. Convention: Lines starting with > should be executed in a bash shell.
2. NOTE: I could not get openmediavault-webdav working with OpenMediaVault 3.0.13.
3. https://wiki.archlinux.org/index.php/RAID#Create_the_Partition_Table_.28GPT.29
4. In case you have to remount to degraded array later do: mdadm -A --run /dev/md1 /dev/sdb1
5. The line looks like this /dev/mapper/openmediavault-crypt on /media/30abbf98-075e-420c-a8c4-dbccd3f7b60d type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group) (your UUID is different).
6. The line looks like this /dev/mapper/openmediavault-crypt on /media/30abbf98-075e-420c-a8c4-dbccd3f7b60d type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group) (your UUID is different).