By John Belthoff / In Blogs / Posted Jan 28, 2016
I recently had the oppurtunity to build a NAS, (Network Attached Storage), device for a client. For years I have used NAS devices and have never quite been happy with the offerings from the several manufacturers. Some of the reasons for this was the hardware choices in the pre-build NAS devices, especially in a SOHO users price range, were always skimp a little. So I was happy to get the green light to build one for my client to get a little more power and some extra data protection.
Keep in mind I chose to max out this hardware because my client required that but you could certainly can get excellent performance from lower priced hardware so don't think the following is the only way to go. My main concern was to use a quality XEON processor and use ECC Ram. As it turns out, the folowing build maxes out a Gb network for file transfers with plenty headroom to spare. Let's get started...
I chose to use 2 different set of mirrored disks. The Seagate, an excellent NAS drive, has an RPM of 5400 which is fine for standard long term storage of regular files. However for the Media Shares I chose the HGST 4TB Deskstar which have an RPM of 7200 with better seek time because this client has an extensive media collection which is streamed via a Plex Media Server which gives that service a little extra performance.
I chose BTRFS over ZFS because some of the limitations of the ZFS file system. I also chose to build the entire server directly from a Minimal CentOS 7 server install from the terminal. I don't need fancy Web GUI's so it's fine for me and seeing as this server sits in a closed room, there is not much need for a desktop or fancy interface.
What follows is the main build terminal commands I used to make the system work. This unit is part of a WInows Active Directory so it is joined to a domain using SAMBA (Version 4.2.3). It uses the latest Linux Kernel, 4.3.3-1.el7.elrepo.x86_64, at least at the time of this writing, and an upgraded BTRFS built from source - (btrfs-progs v4.3.1).
So far, file transfers over the network share are running at 113 Mb/s which is as good as it gets. Also, we are able to stream 5 Full HD Transcoded Plex streams and only use about 75% of the CPU.
I hope this helps you if you decide to build your own NAS. If you have any problems with this please contact me and I will try to help you out.
First, let's install some needed dependencies and update the minimal server.
## Centos 7 Minimal Server yum install -y git libuuid-devel libattr-devel zlib-devel libacl-devel e2fsprogs-devel libblkid-devel lzo-devel asciidoc xmlto autoconf autoheader automake gcc yum -y update shutdown -r now
Build and install BTRFS
## Install New BTRFS Tools git clone git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git cd btrfs-progs ./autogen.sh ./configure bindir=/usr/sbin make yum -y remove btrfs-progs make install make clean cd ../ rm -rf btrfs-progs ## Btrfs Version btrfs version ## before btrfs-progs v3.19.1 ## after btrfs-progs v4.3.1
Install ELRepo RPM - Update Kernel and Set boot order.
## Install ELRepo RPM rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm ## Install Lates Kernel yum -y --enablerepo=elrepo-kernel install kernel-ml ## Update Boot Order - May need to alter for UEFI boot egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \' ## CentOS Linux (4.3.3-1.el7.elrepo.x86_64) 7 (Core) ## CentOS Linux (3.10.0-327.3.1.el7.x86_64) 7 (Core) ## CentOS Linux (3.10.0-327.el7.x86_64) 7 (Core) ## CentOS Linux (0-rescue-3321f82521434996c6d08be35c18345a) 7 (Core) grub2-set-default 0 ## Update again! yum -y --enablerepo=elrepo-kernel update shutdown -r now
Seeing as we are joining an existing domain, lets set some some params and install SAMBA. Out domain is "cooldomain.net" with an IP Address of "10.108.149.87". We will give this computer a name of "nas".
## Add following Hostname vi /etc/hosts 10.108.149.87 nas.cooldomain.net centos ## Install Samba 4 yum -y --enablerepo=elrepo-kernel install samba* ntpdate ntp bind-utils ## Check Version smbd -V -- Version 4.2.3 ## NTP Server Stuff - Set the time to the domain controller's time systemctl enable ntpd.service ntpdate dc-main.cooldomain.net ## Update NTP Config - Set DC to first server in the list vi /etc/ntp.conf server dc-main.cooldomain.net iburst prefer ## Start NTP systemctl start ntpd.service ## DNS zone resolution vi /etc/resolv.conf search cooldomain.net nameserver 10.108.149.17 nameserver 10.108.149.19 ## Test DNS host -t A dc-main.cooldomain.net ## Local hostname resolution getent hosts centos
Let's configure SAMBA
## Find the Samba Config file
smbd -b | grep CONFIGFILE
## Configure Samba
vi /etc/samba/smb.conf
[global]
netbios name = NAS
security = ADS
workgroup = COOLDOMAIN
realm = COOLDOMAIN.NET
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
# Rnas Config Values
max protocol = SMB3
encrypt passwords = yes
printcap name = /dev/null
allow trusted domains = 0
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
# Important: The ranges of the default (*) idmap config
# and the domain(s) must not overlap!
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 20000-99999
# idmap config for domain COOLDOMAIN
idmap config COOLDOMAIN:backend = rid
idmap config COOLDOMAIN:range = 100000-999999
# Use template settings for login shell and home directory
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
## Test it
testparm
## Join the domain - Follow the prompts
net ads join -U administrator
## libnss_winbind
vi /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
## Start the Deamons
systemctl enable nmb.service
systemctl start nmb.service
systemctl enable smb.service
systemctl start smb.service
systemctl enable winbind
systemctl start winbind
## Testing Winbindd user/group retrieval
wbinfo -u
wbinfo -g
## Testing OS Commands
getent passwd
getent group
## Open Firewall
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
### DONE WITH SAMBA!!! ###
Now that we are done with SAMBA, let's setup our BTRFS file systems and mirror our disks.
## Creating BTRFS Shares - Find the disks!!!!
ls -l /dev | grep sd
brw-rw----. 1 root disk 8, 0 Dec 19 20:52 sda
brw-rw----. 1 root disk 8, 1 Dec 19 20:52 sda1
brw-rw----. 1 root disk 8, 2 Dec 19 20:52 sda2
brw-rw----. 1 root disk 8, 16 Dec 19 20:52 sdb
brw-rw----. 1 root disk 8, 32 Dec 19 20:52 sdc
## Create Mirror & Mount it
mkfs.btrfs -m raid1 -d raid1 /dev/sd[bc]
mkdir -p /data-shares
mount /dev/sdb /data-shares/
## fstab
-- Get the UUID of the mirror
btrfs device scan
## Do some preliminary steps...
btrfs fi label /data-shares/ Shares
btrfs fi show /data-shares
btrfs balance start /data-shares
## Add the New Mirror to fstab
vi /etc/fstab
UUID=d5756c6e-6297-4239-889b-623437861e33 /data-shares/ btrfs defaults,autodefrag,skip_balance 0 0
## Create a Subvolume - This is optional
btrfs subvolume create /data-shares/sharedfolder
btrfs subvolume list /data-shares
## Change Permissions - Use your values here...
chown -R jbelthoff /data-shares/sharedfolder
chgrp -R nasusers /data-shares/sharedfolder
## Add share to smb.conf
vi /etc/samba/smb.conf
[Shared Folder]
path = /data-shares/sharedfolder
read only = no
comment = "Crashplan Local Backup"
browseable = 0
admin users = "+admin","@COOLDOMAIN\domain admins"
write list = "COOLDOMAIN\JBelthoff","@COOLDOMAIN\nasusers","+admin","COOLDOMAIN\Administrator"
valid users = "COOLDOMAIN\JBelthoff","@COOLDOMAIN\nasusers","+admin","COOLDOMAIN\Administrator"
## Reload Samba
smbcontrol all reload-config
## Set SELinux!!!!
chcon -t samba_share_t /data-shares/sharedfolder
#####################################################################
## ALL DONE ! #######################################################
#####################################################################
At this point you should be able to connect from your windows machine. Simply map a network drive.