Quickly done NAS with Webmin (DIY NAS)

Looking for a better NAS than the one my girlfriend own (Synology). Caveat : she don’t care about it, she understand nothing on it, I hate those slow graphical « web desktop » interfaces, I need a lot of free Ram, I want to install everything I need, I bet free/libre NAS are better.

There is three active NAS projects. They can be use on personal and small networks (but not limited to). Have a look : FreeNAS (FreeBSD), NAS4Free (derived from FreeNAS 7), and OpenMediaVault (Debian, from former FreeNAS leader). OpenFiler is for bigger needs and seems unmaintained.

FreedomBox or Yunohost (and others, look at Wikipedia) target end users. They are easy to set up and maintained. While they are not NAS project, they can, in some parts, do the job at home.

SME Server (Centos, also known as e-smith) and  Superb Mini Server (Slackware) provides something like ADSL boxes on steroids, coming with webmail and email server, virus protection, printer server, etc.

But what did I choose ? I find easier to install Debian with the Webmin control panel. I don’t really need Webmin, but as I tends to do a lot of daily work from the web browser, I keep it open in a tab. It let me do what I want, help to not forget something to configure, has a lot of modules, can report (by email) about problems and new packages, can burn CD/DVD, etc. All in all, it takes only a few minutes to install a Debian server and the webmin package — Debian is not mandatory, you can use your favorite distribution.

Installer Linux en copiant

On n’a pas toujours une distribution sous la main pour réinstaller Linux (ou tout autre Unix, comme la famille BSD) sur un nouveau disque dur. Or c’est très facile d’installer le système en se contentant de copier les fichiers d’une autre installation.

Branchons le nouveau disque et démarrons sur l’ancien!

Pour faire simple ici, je partitionne le nouveau disque en deux : une partition de swap et tout dans le même système de fichier. Je place la partition de swap à la fin du disque et j’active la partition du système de fichier (on la rend bootable).

Copier les fichiers

  • Créer le système de fichier et le swap sans oublier de vérifier l’état du disque (noter les UUID ou les obtenir plus tard avec lsblk -f ou blkid). Monter le système de fichiers dans /mnt.
  • Tout copier, sauf /proc /sys /dev /run et /mnt, avec ~# cp -a source /mnt/ ou bien ~# cp -a -t /mnt/ source qui est plus pratique.
  • Créer /proc /sys /dev /run et /mnt (vides)
  • Voir la doc Linux From Scratch pour le remplissage de /dev :
~# mknod -m 600 /mnt/dev/console c 5 1
~# mknod -m 666 /mnt/dev/null c 1 3
~# mount -v --bind /dev /mnt/dev
  • Refaire /mnt/etc/fstab avec les UUID, il vaut mieux éviter les /dev parce que l’ordre des périphérique pourrait schanger quand on enlèvera l’ancien disque.

Installer le chargeur de démarrage (bootloader)

J’installe GRUB, la procédure est identique avec les autres. Il faut le faire depuis le nouveau système de fichier, en changeant la racine pour /mnt (chroot).

  • Monter les systèmes de fichiers virtuels :
~# mount -vt devpts devpts /mnt/dev/pts -o gid=5,mode=620
~# mount -vt proc proc /mnt/proc
~# mount -vt sysfs sysfs /mnt/sys
~# mount -vt tmpfs tmpfs /mnt/run
  • Changer la racine ~# chroot /mnt ; la racine / devient /mnt, toutes les opérations suivantes se font dans le chroot (/etc est en fait /mnt/etc, c’est transparent).
  • Modifier /etc/initramfs-tools/conf.d/resume (partition de swap pour l’hibernation) es refaire l’initramfs ~# mkinitramfs.
  • Modifier /boot/grub/grub.cfg ou utiliser grub-mkconfig (avec l’option -o et le nom du fichier de sortie, sinon ça n’en créera pas). Comme on a plusieurs disques, il vaut mieux utiliser des UUIDs plutôt que des noms de périphériques qui pourraient changer (de toute façon, GRUB ne nomme pas les périphériques comme sous Linux).
  • Installer GRUB ~# grub-install /dev/[nouveau disque]
  • Sortir du chroot, éteindre et redémarrer sur le nouveau disque.

Ou bien installer Grub une fois le système démarré

Pas facile d’avoir en tête le montage des systèmes de fichiers virtuels! On peut faire autrement, installer Grub sans chroot : il faut ajouter une entrée dans le fichier grub.cfg du disque source afin de pouvoir démarrer sur le nouveau disque (en gros, recopier l’entrée de l’ancien en changeant l’UUID). Redémarrer. Une fois démarré sur le nouveau disque, on lance ~# grub-mkconfig -o /boot/grub/grub.cfg puis ~# grub-install /dev/[nouveau disque], sans oublier de refaire l’initramfs.

 

P2V tools – Physical to virtual system conversion

How to virtualize a physical computer ?

While you can find a lot of web pages and blogs asserting that you need to change some esoteric things (Windows registry and so on) in the running system before running it virtualized, fact is that it is not true :

You just need to clone the harddrive(s) in a file. End of story.

Basic disk utilities can do that (under Linux, BSD and MacOSX one can use dd), many backup tools too. Later on, you will convert the file to the desired virtualization format, which is trivial to do (tools depends on your virtual hypervisor engine).

Things are a bit more complicated if your system use several disks or partitions. But once again you just need to clone them. Several small utilities can do that for you, directly converting disks images in one file only. Under Windows, Microsoft provide the small and freely available Disk2vhd (go to the Windows Sysinternals page and download the utility) or you may prefer an automated tool like the free AOMEI Backupper. Again, many free tools exists, P2V is trivial.

Odoo installation on a minimal Centos 7.x / RedHat 7.x web server

This how-to describe a minimal Odoo installation on Centos or RedHat. It can be easily adapted to any Linux distribution (Debian, Ubuntu, SuSE, Mandriva, Arch Linux, …). This a simple, easy and rock-solid way to install Odoo for small groups.

An eye on the doc

First steps — just for those who forget something

Create one user account, add the user to the wheel group. This will let you use sudo. Add your ssh-key, from local to remote :

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@IP

Install yum utilities and some of your favorite’s command-line tools. Yum utilities comes with the useful yum-config-manager. Even if you don’t use it, it can show you the whole params of each repositories. Here below I install  Lynx text browser to read html pages in Midnight-Commander.

# yum install yum-utils
# yum install nano mlocate screen wget mc lynx unzip

Install postgresql-server and start it, otherwise Odoo will not be able to create odoo user.

# yum install postgresql-server
# postgresql-setup initdb
$ systemctl start postgresql

Enable EPEL repository

We need complementary packages, not provided by distribution repository. Basicaly we have two solutions :

  1. add Software Collections packages
  2. add new repositories

Software Collections are installed in parallel from distribution’s package. Our server will only run Odoo, so there is no need to separate packages. It is easier to add repositories.

EPEL is Extra Packages for Enterprise Linux. The epel-release package is included in the CentOS Extras repository that is enabled by default. One just need to type :

# yum install epel-release

To clear any cached information, and to make sure the changes are immediately recognized :

# yum clean all 
# yum update

If you need, install some more utilities from Epel. I like p7zip.

Add Odoo repository

Odoo provide package. You can download it or install from nightly builds repository (both are the same).

# yum-config-manager --add-repo=https://nightly.odoo.com/10.0/nightly/rpm/odoo.repo
# yum clean all
# yum update
# yum install odoo
$ systemctl start odoo

Download wkhtmltopdf and install it. Do not use the package from Epel repository as it can’t handle headers and footers.

A bit of testing

Stop Firewalld and connect to http://[your-hostname]:8069/ default login/password is admin/admin. Create a dummy or template database. Don’t install applications, just configure Administrator account :
in configuration menu, go to users and change Administrator’s timezone, email, and choose a solid password. You will be disconnected. Login with the new params. If it’ ok, disconnect again and stop Odoo server. Restart Firewalld to protect your web server.

Basical configuration

Odoo master password, Firewalld, fail2ban, services.

Choose a new Odoo master password. You may play with a password generator. Add it to odoo.conf :

# nano /etc/odoo/odoo.conf

[options]
; This is the password that allows database operations:
admin_passwd = whatever big and solid
db_host = False
db_port = False
db_user = odoo
db_password = False
addons_path = /usr/lib/python2.7/site-packages/odoo/addons

Need to open the port on Firewalld. We create Odoo service that we will enable on the firewall public zone.

# nano /etc/firewalld/services/odoo.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>Odoo</short>
 <description>
  Open Odoo default port.
 </description>
 <port protocol="tcp" port="8069"/>
</service>

Enable Odoo on public zone ; the –permanent option needs to be the first option for all permanent calls (1). Don’t forget to reload the firewall !

# firewall-cmd --permanent --zone=public --add-service=odoo
# firewall-cmd --reload

Similarly, enable http and https services:

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload

Install and start Fail2ban, then enable services on startup :

# systemctl enable postgresql
# systemctl enable odoo
# systemctl enable fail2ban

And start Odoo again. Connect to Odoo.

A template database

Now we will setup a « template » database. Something with all the basics that we need. Start with security and backup :

Install Letsencrypt and Database Auto-Backup module from OCA’s server tools repository. Download zip from https://github.com/OCA/server-tools/

Setup auto-backup. Test it : make a backup, get it, try to restore.

You will certainly need to increase the time-out on your server. Beware that as long as you db grows, the backup grows as well. But the heavier part will certainly be the multiples files (images, documents, …) that Odoo will generates for you.

Use Letsencrypt to get an SSL certificate as soon as domains are moved on your server.

Web environment ribbon is a very useful utility for those who works on several Odoo instances. You will got a red ribbon on the top left corner in every page (ribbon name and color can be changed).

Add users, configure company, email servers, etc.

Backup or duplicate your database with Odoo database manager. You will leave your first copy untouched. It will be used as a template. For further installations, just duplicate your template and install everything you need.

If you want a server admin panel

Avoid extra dependencies (PHP, MySQL, …). If you can, choose Perl based or Python based software if possible.

  • Webmin use Perl, it have a lots of modules, is actively developped, but old ;
  • BlueOnyx is built with Java and Perl, based on a product developped by Cobalt, it’s solid but  a bit old ;
  • Ajenti use Python but does only a few things so far, it is recent and light ;
  • A few other ones doesn’t need MySQL, but use PHP.

Accelerate Odoo

Depending on what you need you will configure Postgresql, Odoo and Nginx web server for speed and efficiency.

How-to move Odoo to another server

On the old server Odoo is setup with e-commerce website. On the new server, avoid extra dependencies if Odoo doesn’t need them (web server, php, …).

First steps

  1. keep a TODO-list
  2. create a subdomain, to test your paiement module on the new server
  3. install your ssh-key
  4. install some command-line tools : midnight-commander, nano editor, mlocate, wget, screen, unzip
  5. might want to install a graphical web-server admin. I like Webmin, because it’s well maintained, depends only of Perl and use its own web server.
  6. install a networked resource monitoring tool with graphs output, like Munin (or webminstats if you use Webmin)
  7. install Postgresql, create necessary users and configure it. Refer to Odoo install documentation.
  8. install Odoo, setup Odoo with workers and debug log
  9. stop firewall to access Webmin and Odoo, you will configure the firewall later (TODO list)

Setup Odoo

  1. create a dummy database with all necessary modules, add all modules you had on the old server. Test it (might want to include demo datas to test it extensively — check ‘evaluate Odoo’ when you are creating the database).
  2. test your credit card paiement module
  3. backup your old Odoo database
  4. create a new, empty, database on the new server
  5. restore your old database on the new database. test it extensively
  6. install letsencrypt Odoo module, first install python-pip, then do
    sudo pip install acme-tiny
    sudo pip install IPy
  7. install auto backup odoo module on the new server and test it : do a backup/restore operation. First install python-pip and do
    sudo pip install pysftp
  8. install nginx and set it up
  9. install fail2ban
  10. open necessary ports on the firewall and restart it