My Little RAID, Pt. 3

Well, now we have our hardware and software picked out; time to install. First up, FreeBSD. Obviously I want the release version, not the bleeding-edge version. And I want to install from CD so I can keep it from touching the net until I get the firewall set up.

I’m running a Pentium 4 in the HP, so I chose the “amd64” version. Download the ISO, burn to CD. Easy-peasy. Boot up, follow the prompts with defaults, except I turn off network configuration (I’ll do that later), and when I am selecting software, I include the NFS server feature. This is my primary sharing method, since all my home machines run Unix of one sort or another. Let it cycle through and reboot, and vióla! Lemon-squeezy.

Now here’s where GEOM gets interesting. I have two drives in the machine. Other systems (e.g. OpenFiler) will insist you use a separate boot drive. But with FreeBSD and GEOM, I just installed to the primary drive as if my IQ was normal. According to the manual, I can not only boot from the RAID, I can set it up after the initial installation.

Now that the OS is installed, I have to decide if I want to get any other software installed prior to setting up the RAID. I toy with loading Emacs (the editor of champions), but I am bugged by the note in the instructions that GEOM will blindly write metadata to the last sector of the drive, and that setting up the RAID is safest immediately after a clean install. I can live with vi until I get it all set up. I’m not sure why they couldn’t check the last sector first, and move it if it’s in use…perhaps they’re waiting for me to do it. It is Free Software, after all.

What sort of RAID am I? I initially wanted to do RAID0+1 (sometimes called RAID10, which is confusing when two RAID5’s are also called RAID10); this level is when you stripe across a mirror. That is, the mirror function duplicates data, and the stripe function spreads the reads and writes out across the mirror’ed drives. Well, it turned out that it would require 4 drives for this; they expect you to set up two mirrors (or more), so that the stripe function has something to work on. A bit more reading and I discovered that mirror itself will distribute the reads and writes via any of several different algorithms. (I chose “round-robin”, where they simply alternate.)

The nice thing about doing this as a mirror is that if one drive fails, the other is perfectly fine by itself. In the face of a larger catastrophe that leaves me only one drive, I can go to any machine and install the one remaining drive and pull all the data off it. With fancier gear like hardware RAID-5 cards, if the card goes, and you can’t find an exact replacement, you are just stuck. I like simple. But this level of redundancy is also the most expensive: by 100%. I have two drives, but the space of one. If I add a third drive, I can drastically lower the cost in both dollars and available storage.

So, I now have to convert my lonesome drive into a RAID. It turns out that you just create the RAID device file, then add the primary drive into this. It will now show your RAID as “degraded” because you only have the one drive. At this point, you tweak the startup scripts (vi is your friend) to use the mirror device instead of the disk device. And reboot to ensure it all works.

It did, so now I just have to add the second drive to the mirror. As soon as I did this, it fired off a RAID rebuild task in the background. Smart little software. I was really excited at how cool this all was, until I got a “Fatal double fault”. WTF? Sounds a bit like Captain Kirk’s “double red alert” in “The Conscience of the King”. Or else the FreeBSD kernel developers watch way too much tennis.

Back to Google, with nothing much to show for it. This is apparently a kernel panic message, and doesn’t seem specifically related to the GEOM code. Or perhaps I missed a step during setup. The only way to find logs is to reboot, so I did that. When it started back up, I saw the RAID rebuild pick up and keep going. I decided to let it run and see what happened.

Here’s a bit of screenshot of this point in my Quest:

Only 3 hours later, it’s done. I now have a fully redundant drive system, with FreeBSD installed. I reboot to be sure, and it all looks good. Time to bring up the shields.

There are several projects that have split off of the original Berkeley Software Distribution 4.4BSD release. One project I’ve mentioned in the last episode was OpenBSD. This project is focused on security. The developers have not only gone over every line of source code doing security audits, they have created new software such as OpenSSH, which cryptographically guards the entrance to most enterprise servers all over the world. NSA never leaves home without it.

But I am more interested in the OpenBSD firewall software; “PF”. This stands for “packet filter”, and that’s what it does. It pushes all your network traffic, in and out, through a user-defined sieve of rules. Don’t want doubleclick tracking you on the web? Just add a rule. Don’t want your iPad to leak anything back to Apple? Just add a rule.

I was not about to deploy this box on my network until I had these two things working: SSH and PF. SSH was pretty easy, it’s installed by default because everyone uses it. PF took more work. It’s different from any other filtering software I’ve used, and my first few flails at it just locked me out of the machine. Via the net, that is. I still had a keyboard attached, but since I had removed the display I ended up having to type blindly into the machine to disable the firewall so I could ssh back in via the net.

Eventually I found the magic incantations to allow all traffic from my local LAN, but nothing in from outside. I even turned on logging. I don’t really trust things I can’t monitor. I feel safe with this now, although I’m still learning and would feel better if I could see it dropping some packets in the log file. But I’ll learn, bit by bit.

With all this working, I moved the box to it’s proper home, and wired it up. I then started installing the rest of my software needs: audio players, media players, etc. I will need to have X11R6 installed so I have something to launch videos from. (I know I could use a simple “framebuffer” device, but this is what I know; fancy comes later.)

And that’s about where I’ve gotten this weekend. The box is home, and I started syncing all my audio and video archives to it from the old media center. It ran the network at 80Mb/s, which I believe is about as fast as you get get 100Mb ethernet up to, due to signalling overhead. So with a full pipe, it took about 3.5 hours to move all my videos, and about half that to move my audio files.

Once I get the TV connected, X11R6 configured, and videos playing, I’ll write more. But for now, it does what I started out to do: it stores all my precious files on a RAID system.