Timezone in the shell was alredy set correctly. If you cannot read, please stop posting for a while.
In my case, as I said, system has correct TZ. I don't recall what fixed it, but error was real, GUI seemed to forget whatever I selected and press Save.
what "man timedatectl" has to do with php and omv-engined errors?
Cockpit SSL certsCode
The M.2 to 5x SATA card overheated on heavy disk ops, so I put a heat sink on JMB585 chip. Its custom cut for size and I drilled two holes in the floor to tie it. Ahh, and there is foam sticked to card bottom, PCB is very thin, it adds support when plugging SATA cables in.
The errors were crazy, disk was remounted as read only, but snapraid continued writing on data2 :))
There is a plugin that does this but I stopped maintaining it because certbot is a moving target
Yes, plugin following another piece of sw is a pain. But I think its not needed, just giving users a way to enter path to their certificates will be sufficient, imho. They already have autorenewal configured by other means (I use acme.sh and dns-01 validation).
I installed Cockpit from OMV Extras and my browser refuses to connect to it because of self-signed SSL cert and used URL is not IP but omv.domain.name FQDN.
OMV GUI is working nice, with SSL cert configured in System / General.
Why Cockpit (omv.domain.name:9090) is presenting self-signed cert and not the OMV GUI one, and how to fix it, please?
Side note, Cockpit looks much more secure than Portainer, using real OMV user accounts for login.
I did have a look at FreeNAS and it does look promising, but when reading more about free NAS solutions I read a remark that FreeNAS is open BSD based and OMV is based on Debian
This is not a big issue with FreeNAS, the issue is memory. Before deciding on OMV (+snapRaid) I installed FreeNAS. It looked nice :)) Then I checked memory usage. It was at 2.5GB and slowly creeping up. Without any data drives attached! Some python processes, lots of them. And in docs they say 1GB RAM per one data drive, so I uninstalled it. OMV does not use any RAM it looks like :))
Lol, I'm building NAS only. The board was cheapest I could find thats
- not mATX
- DC Jack
- M.2 slot for SATA ports
- x86, not ARM, for performance.
Arduino was an unexpected bonus. Same as battery terminals on Drobot :))
I use 2 NAS in 2 different locations, the opposite keyfile for encryption lies on the other NAS.
Interesting, very! I dont have second NAS, lol. Is your OS partition encrypted too?
My points against remote keyfile:
- system needs to come live by itself after power outage.
- OS must be encrypted and keyfile for OS drive needs to be local to auto boot.
- OS drive keyfile shoud be hard to access, hence TPM.
If OS is secured, it is safe to store data drives keyfile there. If not, whats the point of encrypting at all?
Btw, my steps for data drives.
So there is no way to specify path to cert and key files? Only hard import available? How do we do automatic renewal using cron jobs then? The renewal command updated cert files on the disk, not in OMV database ...
I see that in /etc/nginx/sites-available/openmediavault-webgui it links to uuid-ed files.
Will it work, and stay working, If I do
Try iCloud, you can make an account without giving credit card.
First, thanks a lot for OMV.
I was following this guide michaelxander.com/diy-nas till I hit "After every reboot, all encrypted drives need to be unlocked through the Web UI".
That did not seem right, if we dont trust our OS to keep LUKS key, why we trust the whole setup? Encrypting root partition is not part of this mini guide, it's a must, but will be next step. This only makes all encrypted data drives auto-unlocked, mounted and in a MergerFS pool on boot.
- these steps do not mess with /etc/fstab
- sda, sdb and sdc are data drives (data and parity). Its not where OS is installed (my OS drive is mmcblk0)
- wdkey - can be any name, as well as /etc/luks-keys (you may use /root/keyfile for example)
- assuming clean install and drives configured exactly as in michaelxander's guide (stop after doing 4.5. Create MergerFS pool).
1. generate keyfile
dd if=/dev/urandom of=/etc/luks-keys/wdkey bs=1024 count=4
chmod 0400 /etc/luks-keys/wdkey
2. add key to a LUKS slot
cryptsetup -v luksAddKey /dev/sda /etc/luks-keys/wdkey
cryptsetup -v luksAddKey /dev/sdb /etc/luks-keys/wdkey
cryptsetup -v luksAddKey /dev/sdc /etc/luks-keys/wdkey
Enter any existing passphrase:
Key slot 0 unlocked.
Key slot 1 created.
3. create /etc/crypttab
/etc/crypttab is read before fstab, so that dm-crypt containers can be unlocked before the file system inside is mounted.
The unlocking process will map the partitions to a new device name using the device mapper. This alerts the kernel that device is actually an encrypted device and should be addressed through LUKS using the /dev/mapper/dm_name so as not to overwrite the encrypted data.
Use blkid to get uuid (Use uuid of /dev/sdx ones, not /dev/mapper/sdx-crypt). No new line at the end.
The fist item in each line, target, "sda-crypt", must be equal to output of blkid : "/dev/mapper/sda-crypt"
vi /etc/crypttab (Content should look like this)
sda-crypt UUID=2505567a-9e27-4efe-a4d5-15ad146c258b /etc/luks-keys/wdkey luks
sdb-crypt UUID=12345678-9abc-def012345-6789abcdef01 /etc/luks-keys/wdkey luks
sdc-crypt UUID=c67c557c-21b9-11eb-82d8-170fd1bb7315 /etc/luks-keys/wdkey luks
chmod 400 /etc/crypttab
4. backup luks headers
Encryption > Select drive > Recovery > Backup
5. Thats it, reboot
Next challenge is Secure Boot with onboard TPM module, like Windows Bitlocker.
Goal is to have Luks encrypted OS to boot without entering Luks password.
I hardly recommend this to anyone, too much work :)) This is challenging build because its small case, only 11 litres.
Btw, drives are in, 3x 12TB WDs, 210 MB/s each, shucked from WD Elements 12TB. They seem to be 7200 RPM, despite saying 5400 everywhere.
And internal UPS, yay.
To be continued for sure.
MB: Seeed Studio Odyssey X86J4105864. $218 USD
- Intel® Celeron® J4105, Quad-Core 1.5-2.5GHZ
- 8 GB RAM, soldered on, max for this CPU
- 64 GB eMMC for OS, soldered on
- Dual-Band Frequency 2.5GHz/5GHz WiFi/ Bluetooth 5.0
- Dual intel Gigabit Ethernet
- Integrated Arduino Coprocessor ATSAMD21 ARM® Cortex®-M0+
- Raspberry Pi 40-Pin Compatible
- 2 x M.2 PCIe (B Key and M Key)
- M.2 to 2x SATA card (M.2 to 5x SATA card also bought)
- Jonsbo U1 Plus Silver Mini ITX Case w/Tempered Glass
- 2x ICYDOCK 3 Bays SCSI U160 Disk Array Module. $10 each, backplane removed.
- 5 Inch Touch Display for Raspberry pi 3. $35. Will be mounted behind tempered glass side panel.
Power: AC adapter -> DFRobot -> Regulator -> drives and MB
- DFRobot DFR0580. Power Manager For 12V Lead-Acid Battery
- AC adapter 24V/4.5A inside the case
- DC-DC regulator 9-18V to 12V/12A
- Power Sonic PS1220 12V 2.5AMP SLA Lead Acid Battery. About 15 mins run time with 6x HDD. I will use embedded Arduino to shut down the OS if battery goes below 10V.
Maybe you find here something thats looks strange
The problem is in GUI. It does not accept ot saves specified Time Zone. System has correct TZ, logs show
"php: Unknown or deprecated time zone [tz=]"
"omv-engined: Unknown or deprecated time zone [tz=]"
Setting timezone in GUI does not work for some reason. Latest OMV, installed yesterday.