Otter: Difference between revisions

From Wildsong
Jump to navigationJump to search
← Older editNewer edit →
VisualWikitext
Brian Wilson (talk | contribs)
Bureaucrats, restrict, Administrators, uploaders
11,470 edits
Brian Wilson (talk | contribs)
Bureaucrats, restrict, Administrators, uploaders
11,470 edits
Line 45: Line 45:
# Replace a single Packet8 phone line with a cheaper Asterisk based system.
# Replace a single Packet8 phone line with a cheaper Asterisk based system.
# Replace a WiFi access point.
# Replace a WiFi access point.
# Act as a file server for Windows and Linux.
# Act as a file server for Windows (Samba) and Linux (NFS). (DONE)
# Act as a print server.
# Act as a print server.
# Act as a DHCP server.
# Act as a DHCP server. (DONE)
# Act as an OpenVPN client (to connect my network to my work network.)
# Act as an OpenVPN client (to connect my network to my work network.)
# Change lcd program to control shorewall firewall instead of my own script
# Change lcd program to control shorewall firewall instead of my own script

Revision as of 03:50, 18 October 2007

Otter is a Toshiba Magnia SG20.

Ubuntu 7.0.4 image made with Acronis "True Image" and the MD5 for the image

I have to admit it to myself, I don't have time to support more releases of this project for other users. Sorry.


Goals

Set up as a general purpose home server, replacing as many small dedicated boxes as possible. These boxes include a gateway router, a VOIP telephone adapter, an ethernet switch, and a WiFi access point.

I prepared a couple images for general release based on Ubuntu 7.0.4, they are still available on this server but I can't do any more right now. Too busy.

I feel the computers I use should use no more energy than required to get the job done, and they should be as quiet as possible. You should have to check the LED on the front panel to see if it's on.

Using Otter as my SOHO server is part of my Carbon diet.


What I like about the SG20

  1. It came with Linux on it. It can be upgraded and hacked in many ways.
  2. Low power consumption.
  3. It's small.
  4. Has a generic Intel CPU that is fast enough for a SOHO server.*
  5. Uses generic PC components for drives and memory.
  6. Has extra goodies hidden away inside like the video slot.
  7. The serial LCD display.
  • Compare with a Via C3 which is not quite a 686 so it crashes if you try to run 686 code on it.

What I don't like

  1. Noisy slow hard drives
  2. Noisy fans
  3. No externally accessible serial port.
  4. No USB ports.

I know I could hack the daughter board to add a serial port so that I could use it as a serial console but am not willing to invest the time in populating the board to install one. Lack of USB ports is remedied on the newer SG30.

The todo list

  1. Replace a Linksys gateway/firewall router.
  2. Replace a single Packet8 phone line with a cheaper Asterisk based system.
  3. Replace a WiFi access point.
  4. Act as a file server for Windows (Samba) and Linux (NFS). (DONE)
  5. Act as a print server.
  6. Act as a DHCP server. (DONE)
  7. Act as an OpenVPN client (to connect my network to my work network.)
  8. Change lcd program to control shorewall firewall instead of my own script

History

10-2007-- third Ubuntu install, using a release candidate of 7.10

06-2007-- put the first Ubuntu image up on this site

03-2007-- I've had it for several years now. I used it with the stock Redhat 7.2 for about a year, then shut it down for a while. When I started writing this page, I did most of the upgrades described here.

Official documentation

Here is a copy of the File:SG20customization.pdf

Hardware

SG20 Specs as reported by system tools.

Disks

It had two 30 GB drives when I got it. I replaced the second hard drive with an 80 GB leftover from a laptop upgrade.

The 30 GB drive is a Toshiba MK3017. The 80 GB drive is a MHV2080AT that came in my Sharp PC-M4000 laptop.

These are both 4200 rpm drives; I'd like to replace one or both with 7200 rpm drives but probably won't for a while.

Memory

I pulled a 512MB PC133 DIMM out of a computer that I got dumpster diving, it works fine. It's not ECC, so I had to hookup an AGP video card and keyboard and turn off ECC in BIOS. While I was in there I set it to boot from the network. I can PXEboot from a Linux desktop system into a rescue mode.

Fans

The stock power supply fan was too noisy, so I hacked out the case a bit for more air flow. Then I put a 80 mm fan on top of the power supply and run it at a low speed.

Serial ports

> How did you add the serial port?

There are some SMD parts missing on the motherboard. When you add them you have access to /dev/ttyS1. 

U15 is a Maxim MAX3243_T but I used a MAX3243E
C150 0.1µF
C149 0.1µF
C151 0.1µF
R247 330R
R246 330R
R248 -
C147 ???
C148 0.1µF

JS2 /dev/ttyS1 2x5 header
1-DCD U15-8 R5IN C158 -> GND
2-RxD U15-7 R4IN C154 -> GND
3-TxD U15-10 T2OUT C152 -> GND
4-DTR U15-11 T3OUT C153 -> GND
5-GND
6-DSR U15-6 R3IN C156 -> GND
7-RTS U15-9 T1OUT C157 -> GND
8-CTS U15-5 R2IN C155 -> GND
9-RI U15-4 R1IN C159 -> GND

I used a ribbon cable from JS2 to a 9 pin male D-SUB connector which I placed at the back of the case between the parallel port and the power supply connector.

Around U14 you find the same for /dev/ttyS0, but you can't use that because /dev/ttyS0 is already used for driving the LCD or reading the switches.

My description is not very detailed but I hope it gives you enough information to get it done. Take a look at the datasheet. As always, you do it at your own risk and you should know what you do... It was three years ago when I added the serial interface to my SG20. I took photos but did not find the time to document it on my homepage. Now my 21 month old daughter absorbs all the available time... ;-)

Just as an idea for experimentation: Maybe you can use a serial PCMCIA card instead of doing the changes to the motherboard. I think that it will not work at all, because during grub and boot there would be no PCMCIA drivers. But I'm not sure...

With console=ttyS1,38400 as additional kernel parameter you can select one of the grub menu entries and with earlyprintk=serial,ttyS1,38400 you get the boot messages on the serial line. You have to delete this parameters if you later want to use the serial port for other purposes.

Rolf

Software

The SG20 came with a customized version of RedHat 7.1 Linux. It works fine. There are a few bugs that allow hackers to take over the system, specifically in the ftp server. If you don't run the ftp server or you don't use it exposed directly to the Internet, you are probably fine leaving the stock 7.1 install on it.

Being a hacker I basically can't leave things alone, so I have installed Ubuntu 7.0.4 (the latest version, it goes with the obsession.)

A few people on the SG20 Yahoo mailing list wanted copies, which of course increased the amount of work by 2 orders of magnitude, but that's okay.

Ubuntu

I have installed Ubuntu versions 6.04, 7.04 and 7.10.

The basic process consists of moving the hard drive to a desktop machine, installing and configuring the software, then moving the drive back to the SG20 and booting.

Actually on the desktop I ran the hard drive connected to a VMware virtual machine and tested it right there until things looked close enough to work on the SG20. Then after moving the hard drive back and forth between the SG20 and my desktop computer eight or ten more times, the first image was ready!

I have started a more detailed page on performing the Ubuntu installation on Magnia SG20

Creating the image This section will tell you what tools I used to build the release image.

Installing the image This section will tell you how you can install it.

Post-install configuration This section will tell you how to customize settings for your computer... including

expanding filesystem to fill hard drive ethernet ports, wireless, ppp, caller id, fax firewall passwords

mysql openvpn postfix privoxy ssh

There is a special program to control the Magnia LCD. I did not write it, I just grabbed the SG30 copy and modified it.

  1. Default IP address on the LAN is 192.168.123.101
  2. Set for DHCP on the WAN port.
  3. Login via ssh, not telnet.
  4. Usernames and passwords: superuser: root / admin regular user: sshuser / user
  5. Firewall is set to accept no connections from outside (WAN).

Set up for image

The first partition on the first drive (hda) is 3 GB; it contains the root filesystem. The second partition is 1/2 GB and is used as 'swap' space. The rest of the drive is allocated to the third partition and it's mounted at /home.

This is the /etc/fstab file contents 

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>    <options>     <dump>  <pass>
proc            /proc           proc      defaults      0       0
LABEL=root      /               ext3      defaults      1       1
LABEL=swap      none            swap      sw            0       0
LABEL=home      /home           reiserfs  defaults      1       2

By using LABEL entries instead of device entries (like /dev/hda1), I can move the image between virtual, regular, and RAID drives without editing the /etc/fstab file.

The second release has EVMS volumes set up as RAID1 using device names /dev/evms/roota, /dev/evms/swapa, and /dev/evms/homea

I recommend the use of one of the other journaling filesystems over EXT3 for large (> 1 GB) partitions. My preference is XFS but on the SG20 image I used reiserfs because it is supported in Acronis True Image. I keep the root filesystem on EXT3 because it makes things easier when using recovery tools. (Also I could not get it to boot from EVMS volumes.)

Installing Ubuntu from the TIB image

What you need to do this installation

  • A desktop PC
  • Either Windows with Acronis True Image installed or a True Image rescue cd (in which case you don't need Windows) You can download the 15-day trial version (or buy the commercial) of True Image Backup. This is a Windows program, most of the people using SG20's are Windows users and are learning Linux. (If you don't have Windows, get a friend to install the program and make a CDROM for you.)
  • a 2.5 to 3.5 hard drive adapter like this one from Newegg for $6

step by step

  1. Install True Image on the Windows desktop machine.
  2. Download the Ubuntu image (link near top of this page) onto the desktop
  3. Shut down your desktop and SG20
  4. Take the first drive (the one on the right as you look from the front) out of your SG20 and connect it to the desktop using the adapter.
  5. Boot the desktop and start True Image or boot the desktop from the TIB cdrom.
  6. Follow instructions there to restore from the Ubuntu image onto the SG20 hard drive. You want to restore the entire drive from this image.
  7. Power off the desktop
  8. You should be able to unhook the desktop's primary hard drive and connect the SG20 drive in its place and boot from it
  9. You can login as root and partition the remaining space if you want. (see next section.
  10. You could also delete a directory I left around accidentally. At the command prompt type rm -rf /var.old
  11. Shut down again (type "shutdown")
  12. Put the drives back where they belong. Boot the SG20 and it should now be running Ubuntu Server 7.0.4


Rescue methods

Boot from network (PXEboot)

You can bypass the hard drive and boot your Magnia from another server on your network. It's not easy, as you first have to get BIOS access on the SG20 to switch it on, but once the BIOS is set, it's set forever.

If you want to try "PXEbooting" your SG20, you need to use the boot menu in the BIOS to set the network adapter to use "LAN" for booting. Note that the actual port that you connect is the WAN port; the SG20 will not boot off any of the etherswitch "LAN" network ports.

When once PXEboot is enabled on the Magnia, when you power it up, it checks the network for a boot server. Finding one, it boots from the server. Failing that, it next tries to boot from its internal hard drive.

Therefore to enable "rescue mode" with PXEboot, you create a PXEboot environment on your server and then power up the Magnia. If all goes well the Magnia boots from the boot server and when it's done you connect via ssh, use command line wizardry to repair whatever damage you did to make the hard drive unusable, and shut it down. Then you disable the boot server, and power up the Magnia again. Hopefully this time it fires up from its own hard drive and all is well.

For my boot environment, I use the "Trinity Rescue Kit", build 279 and was able to ssh into the Magnia. I hacked the TRK startup scripts to allow this; by default TRK will require entering a new root password from the Magnia console (which is not hooked up, that's the whole point of the netboot.)

Having network booting means that I have another option when the system won't boot from its internal drives. I can PXEboot, then use ssh to log into the machine and see what happened when it booted, see if it properly detected the hard drives and peripherals and so on.

More notes on PXEboot

Example troubleshooting session

For example, right now my Magnia is not bootable from the hard drive but I can see this by typing 'dmesg' after booting with TRK: 

Probing IDE interface ide0...
hda: TOSHIBA MK3017GAP, ATA DISK drive
hdb: FUJITSU MHV2080AT, ATA DISK drive

This means that it's seeing both drives; I had to change the jumpers on the 80 GB drive from Master to CSEL (cable select) mode by adding a jumper before the Magnia could see it. I just added this drive from a laptop that I upgraded.

Using the TRK, I can mount /dev/hda1 (where I installed Ubuntu) and edit critical system files. The problem turned out to be in the configuration of the network interfaces. I installed Ubuntu onto the 30 GB drive using a VMWare virtual machine and it set up the ethernet interface wrong.

It was finding the network card as '/dev/eth2' instead of '/dev/eth0' so it was not working.

Using an Ubuntu desktop system as a PXEboot server

Fixing boot problems

Does it say something like "MBR failure" or does it print "LI" and lock up? You need to update the master boot record.

The "master boot record" (MBR) is a special sector on the hard drive that has to contain a tiny program that loads the grub boot loader. If it does not then the boot process can't proceed.

I have the hard drive in a separate machine, so I have access to its cdrom drive. So I use the Trinity Rescue Kit cdrom, boot from it, hit "enter" and then use the grub command. The SystemRescueCD is good, too. 

# grub
grub> root (hd0,0)
grub> setup (hd0)
Here is a screenshot


You should be able to pop out the cdrom and reboot now.

Change your passwords!

You should bring the system up for the first time disconnected from the Internet, change your passwords.

You can either connect via ssh and use the commands 

sudo passwd sshuser
sudo passwd root

or you can connect via webmin and use its password changer.

If you need an ssh client for Windows, I recommend 'putty'.

Adding more packages

My installation includes the options for DNS and LAMP services. DHCP is turned on. So is ssh.

Other packages that I added

I enabled the 'universe' packages by uncommenting the appropriate line in /etc/apt/sources.list. I added the repository for webmin to sources.list, too. Then I added more packages.

release 1

I also added the packages necessary to compile the lcd/fan control program.

release 2

  • oclock to test X11 connections, and for fun, run with "oclock -transparent &"
  • synaptic X11 GUI package manager
  • xauth to allow connecting to X11 applications such as synaptic
  • evms evmsn evmsgui evms-bootdebug support for RAID
  • mgetty mgetty-fax added to support incoming calls on modem line and faxing
  • shorewall added shorewall, which is supported in webmin
  • nfs-kernel-server so I can share files with other Linux boxes
  • cupsys-client added to allow webmin to do printer management
  • privoxy web advertising blocker
  • postfix mail handler added but you will need to reconfigure

To allow X11 clients such as oclock, synaptic and evmsgui to run I changed X11Forwarding from "no" to "yes" in /etc/ssh/sshd_config

To use any X11 client, you have to have an X11 server running on your desktop (any version of Linux with a graphical environment or on Windows, cygwin/X). Then you connect with an ssh client to the SG20 and type the command name. If it worked in a few seconds the window will pop up on your desktop.

Notes on EVMS

Other changes

Change VERBOSE=no to VERBOSE=yes in /etc/default/rcS so that more information is logged at boot.

Add ons

Firewall

For the first release I looked at shorewall and thought it was too complicated. Then I found out it's supported in webmin so I will probably use it now. I also looked "firestarter" and it requires an X client. Now that I have installed other X clients this might be okay too.

On the first release, I gave up on canned packages and wrote a simple set of rules myself. I put the script in /usr/local/sbin/firewall.sh and called it from /etc/network/interfaces so that it gets loaded when the system brings up the network interface. I also wrote a script /usr/local/sbin/firewall-off.sh that simply turns the firewall rules off, opening the machine up again. These two scripts can be run from the push buttons in lcd-2.2

WiFi access point

The goal is to run as wifi access point not a wifi client.

Add more packages 

apt-get install hostap-utils hostapd

Web server

Apache is running but nothing special is installed.

Database server: mysql username and password: root/admin (set with "mysqladmin password admin")

Printing services

I installed cupsys to allow the system to work as a print server. This was one of my primary goals for this system, to allow printing from any of my computers on my little Canon inkjet printer.

This also requires USB support. If you have an SG-30, fine. I happen to have an SG-20 which does not have built in USB ports so I got a PCMCIA card. I plugged in a pair of USB headphones to try the USB card out and the Magnia froze up, so I might end up not using the USB printer after all. Oh well. :-(

I modified /etc/cups/cupsys.conf so that its built-in web server listens on all ethernet addresses, not just localhost. Connect with a browser to port 631, http://mymagnia:631/ for example. You should consider editing /etc/cups/cupsys.conf file to allow connections only from your local network.

Support for Windows clients with Samba

I installed Samba so that you can share file and print services with Windows clients. I installed 'swat' so that you can change the Samba configuration using a web browser. I installed 'inetd' since swat runs as an inetd service. Connect to it with a web browser. It runs on port 901. So for example, http://mymagnia:901/

Update: I installed swat but did not test it so I did not notice the xinetd package was missing. Ray Day reports that you can get swat going by doing the following: 

# apt-get install xinetd
# update-inetd --enable swat
# cd /etc/xinetd.d
# nano swat

# default: off 
# description: SWAT is the Samba Web Admin Tool. Use swat \
#              to configure your Samba server. To use SWAT, \
#              connect to port 901 with your favorite web browser.
service swat
{
       port    = 901
       socket_type     = stream
       wait    = no
       only_from = 192.168.2.7
       user    = root
       server  = /usr/sbin/swat
       log_on_failure  += USERID
       disable = no
}

The IP address following "only_from" is the IP of my windows PC. Either put your own desktop computer's ip address or leave the line out to allow unrestricted access.

Ctrl X and say 'Y' to save. Then do: 

# /etc/init.d/xinetd restart

Now you can go to http://192.168.x.x:901/ What ever your SG20 IP is. Put in your name and password and you are in.

DHCP

I installed and configured the dhcp3-server package. It assigns numbers in the range 192.168.123.101-199. This is set in the file /etc/dhcp3/dhcpd.conf

Retrieved from "https://wiki.wildsong.biz//index.php?title=Otter&oldid=4704"