Synology, Raspbian, NFS and Nobody…

It took me a couple of weeks (or months) to… Not fix a problem… Even discover that I had a problem.

Once I discovered that I even had a problem… And I have a feeling this issue has been causing me a number of permission annoyances… I was able to use some “Google-fu” and resolve it in less than an hour.

With the actual fix taking < 5 mins.

Problem

From one of my Raspberry Pi’s running Raspbian I was seeing files with weird ownership info… Specifically files were owned by “nobody”.  I suppose I originally considered this a quirk of NFS… But then I noticed that this same thing was not happening on my other Pi.

The problem presented itself via many annoying “access denied” or “operation not permitted” failure messages when working in NFS mounted directories.

The final straw was when I could not run dos2unix successfully on a text file.  Such a simple operation… Very interesting, especially when I stopped watching TV and paid more attention to the error message.

dos2unix: Failed to change the owner and group of temporary output file ./d2utmpte0dzV: Operation not permitted

Resolution

The fix is very simple… Force my clients to connect via NFSv3 instead of v4.

In /etc/fstab I added the option “nfsvers=3” to all my mounts.

192.168.222.34:/public /public nfs nfsvers=3,rsize=8192,wsize=8192,timeo=14,intr 0 0

Once added and re-mounted… Either manually or via a quick and easy reboot… Things started working as expected.

Additional Thoughts

This issue was the result of new behavior.  I recently updated my Synology DSM from v4.2 to v4.3.  I have a feeling that this enabled NFSv4 on my Synology NAS.  This could explain why I was seeing things differently between my Pi’s… I’ve been working on and rebooting one often lately, but the other has been up for many weeks and once the NFS mount is established I’m pretty sure the version does not change.

I believe I saw results for bugs and issues related to NFSv4 along this same vein that were not Synology related… So this issue may not be specific to Synology’s NFS support / implementation.

During my troubleshooting I had a need to confirm that the NFS version could be the issue… So I obviously needed to confirm what version of the NFS protocol was being used.  The quick and easy command to determine that is “nfsstat”.

Preface: Common ownCloud Path

(This is part of My ownCloud Adventure)

For any adventure to come to a successful conclusion, the proper preparations must first be made.

With my previous experience working with the Raspberry Pi I was able to quickly get a dedicated server setup and connected to my Synology NAS via NFS.

I should mention here, to plant a seed of thought, that throughout my endeavors the security posture of my system has been a constant consideration.  As an example, with my NFS configuration there are mounts available on my network that I did not give my ownCloud host access to… I am just not comfortable with some files being remotely accessible.

While not exhaustive, there are some common tasks that should probably be performed when setting up a new Raspbian instance:

SD Card Images

Throughout my adventure I made extensive use of Win32 Disk Imager to create images of the SD card.  This allowed me to configure common features once and just reload an image to start over if needed.

For example, I have an image that I created after performing my basic Raspbian updates and configurations.  After that I have an image with SSL certs and MySQL already taken completed.  This definitely made it much easier to go from Apache2, to lighttpd and finally end up at nginx with a “clean” system.

SSL Certs

To allow any of the webservers to utilize HTTPS, generating SSL certificates is the first task.  There are MANY resources available out there, but here are the basic commands I performed.

  1. cd /etc/sll
  2. sudo mkdir localcerts
  3. sudo openssl req -newkey rsa:2048 -x509 -days 365 -nodes -out /etc/ssl/localcerts/myServer.fqdn.pem -keyout /etc/ssl/localcerts/myServer.fqdn.key
  4. sudo chmod 600 localcerts/meister*

These commands result in 2 files as output:  a PEM certificate & a key.  Both are used by any webserver to enable HTTPS.

You will be asked a number of questions during key generation.  Since this results in a self-signed key, answer them however you like.  Except for the FQDN question, I’m not sure any of them even technically matter.  And in the case of the FQDN question, I didn’t care if its value matched my dynamic DNS name or not.

The one important technical detail is that if you do not want to enter a password every time your webserver starts, then do not enter a password when prompted.

Good Resources:

MySQL

ownCloud supports multiple database backends, but I chose MySQL since its familiar to me (although I do wish MariaDB were available in the Raspbian repository).

  1. sudo aptitude
    1. Install MySQL server
    2. The install will ask for a ‘root’ password for your new database server
  2. mysql_secure_installation
    • A script that performs a number of standard bets practice configurations.  Be sure to follow its recommendations!
  3. mysql -u root -p
    • No need to put your password in as an option, you will be prompted
  4. At the “mysql>” prompt
    • create database myOcDbase;
    • create user ‘myOcUser’@’localhost’ identified by ‘myUserPass’;
    • create user ‘myOcUser’@’127.0.0.1’ identified by ‘myuserPass’;
    • grant all privileges on myOcDbase.* to ‘myOcUser’@’localhost’;
    • grant all privileges on myOcDbase.* to ‘myOcUser’@’127.0.0.1’;
    • exit

Good Resource:  http://dev.mysql.com/doc/refman/5.5/en/index.html

Acquiring ownCloud

Getting a hold of ownCloud is not difficult and can be accomplished via various means.

I originally dabbled with manually adding an ownCloud repository to my system’s repo list.  I just followed the instructions found for Debian off ownCloud’s Linux packages install link.

  1. cd /etc/apt/sources.list.d
  2. sudo nano owncloud.list
    • Enter:  “deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/ /”
    • save and exit
  3. cd
  4. wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/Release.key
  5. apt-key add – < Release.key
  6. sudo apt-get update
  7. sudo apt-get install owncloud

While this method did work and is not a bad way to go, especially considering its many advantages… I was unsure of how quickly the repository would be updated with new versions, so I instead elected to go with the manual install.

  • cd
  • wget http://download.owncloud.org/community/owncloud-5.0.10.tar.bz2
    • As versions change, this link will change.  So be sure to get the latest Tar link.
  • tar -xjvf owncloud-5.0.10.tar.bz2
  • mv owncloud owncloud_5.0.10
  • cp -r owncloud_5.0.10 /var/www
  • cd /var/www
  • sudo chmod -R www-data:www-data owncloud_5.0.10
  • sudo ln -s owncloud_5.0.10 owncloud
    • Using a symbolic link in this fashion can help in the future with manual updates.  Just follow ownCloud’s manual update instructions and pre-position the latest version’s directory under /var/www and re-do the symlink for a quick and easy upgrade

And that seems to wrap up the common activities across each of the volumes in my adventure.

My ownCloud Adventure

I recently came across a project that very quickly caught my interest.

Its called ownCloud.

Its open source and gives you your own personal Drop Box like cloud.  It has a number of available features that could give one the ability to move off Google… If they work properly, which I cannot say at this time as I have yet to dive into those features.

If that all sounds interesting, I do encourage you to go take a look.

As the title says, getting my own ownCloud instance up and running has been an adventure.  As concerning as that may initially sound, I suppose I should clarify from the beginning that the adventure is ALL of my own doing.  Overall, the actual installation and configuration of my personal ownCloud instance has gone exceptionally smoothly… With only one, not so minor, issue.

The one “not so minor” issue is that the provided Gallery application does not work for me.  This may have something to do with the fact that I’m running ownCloud off a dedicated, but still resource limited, Raspberry Pi connected via NFS to a Synology NAS and (at this point) only have PHP configured to use 256MB of memory per script… But (without any evidence) I do believe there is an underlying issue with the gallery app.  I also believe it will be fixed in time.  So for me, patience is required…

Unless an alternative gallery app, such as Gallery2, fills the void.  Unfortunately, while it showed some initial promise by actually displaying my root picture folder, my inability to go below the root level found a bug…

I guess I’m just a natural at this software testing stuff.

Back to my adventure though…

I now have an ownCloud 5.x instance adequately running on a dedicated Raspberry Pi, using Raspbian for the OS and nginx as the webserver.  Its configured with SSL, PHP APC and MySQL.

(For apparently limited philosophical reasons I would have preferred to go with MariaDB, but at this time it is not available via the repositories, so my philosophical reasons appear to be limited as I preferred the easy install route rather than building MariaDB myself).

It seems I took a cue for many great adventures though, and given away the ending.  So I suppose its time to start the beginning…

I did not start with nginx.  My adventure actually started with Apache, as that’s what I’ve had the most experience using.  I also did not go from Apache straight to nginx.  I had a brief fling with lighttpd.

So for proper documentation purposes, I plan to detail my adventure across several “volumes”.

I did mention that I started with the ending, but I think I’ll continue following the popular adventure recipe and consider the ending more of a new beginning…

Raspbian – NFS w/Synology

Synology stuff first…

  • Enabled NFS file sharing on my Synology
  • For each share on my Synology NAS, had to go into NFS Permissions and create a rule
    • Disabled “Asynchronous”

Then followed these instructions…

First, install the necessary packages. I use aptitude, but you can use apt-get instead if you prefer; just put apt-get where you see aptitude:

sudo aptitude install nfs-common portmap

(nfs-common may already be installed, but this will ensure that it installs if it isn’t already)

On the current version of Raspbian, rpcbind (part of the portmap package) does not start by default. This is presumably done to control memory consumption on our small systems. However, it isn’t very big and we need it to make an NFS mount. To enable it manually, so we can mount our directory immediately:

sudo service rpcbind start

To make rpcbind start automatically at boot:

sudo update-rc.d rpcbind enable

Now, let’s mount our share:

Make a directory for your mount. I want mine at /public, so:

mkdir /public

Mount manually to test:

sudo mount -t nfs 192.168.222.34:/public /public

  • (my server share path) (where I want it mounted locally)

Now, to make it permanent, you need to edit /etc/fstab (as sudo) to make the directory mount at boot. I added a line to the end of /etc/fstab:

192.168.222.34:/public /public nfs rsize=8192,wsize=8192,timeo=14,intr 0 0

The rsize and wsize entries are not strictly necessary but I find they give me some extra speed.

 

Notes:

  • Everything basically needs to be done via sudo
  • With multiple shares, each needs to be mounted independently.  Such as…
    • /public/dir1
    • /public/dir2

 

Source: http://www.raspbian.org/RaspbianFAQ