Differences

This shows you the differences between two versions of the page.

timemachine [2013/01/21 10:01]
birnbacs appended restoring chapter
timemachine [2014/09/21 03:05] (current)
florian Added a missing allow-interfaces that prevent me from getting bonjour on MacOSX
Line 1: Line 1:
-====== File Server with TimeMachine support ======+====== Time Capsule on OpenWRT (Apple File Protocol Server with Time Machine Support) ====== 
 + 
 + 
 +====== Working fine with 'force' mount option in fstab ====== 
 + 
===== Intro ===== ===== Intro =====
-TimeMachine is Apple's backup software. It is included with Mac OS X and was introduced with the 10.5 "Leopard" release of Mac OS X. The software is designed to work with the Time Capsule as well as other internal or external drives. TimeCapsule is (among other things) a wireless router with a built in hard drive. TimeCapsule will advertise the hard drive on the network and the TimeMachine on client Macs can use TimeCapsule as a storage. The nicest thing about this is that it works with a minimum of user configuration.+Time Machine is Apple's backup software. It is included with Mac OS X and was introduced with the 10.5 "Leopard" release of Mac OS X. The software is designed to work with internal or external drives, as well as with Apple's Time Capsule. Time Capsule is (among other things) a wireless router with a built in hard drive. It will advertize itself on a network and allow Mac computers to back up wirelessly using Time Machine with a minimum of user configuration.  This wiki documents how to make your OpenWRT router behave like a Time Capsule.
-Here is how to make your OpenWRT router behave like a Time Capsule.+This following configuration is for the stable release of Attitude Adjustment 12.09 (r36088).  It was developed and tested with a Mac running OSX 10.8.3.  These directions have been verified on a Netgear WNDR3800 using a new installation of OpenWRT.  There are many examples on the web for configuring a Time Capsule on linux systems. Many of these contain conflicting, incorrect, or superfluous information.  This wiki is an attempt to detail the minimum configuration required to run a Time Capsule on OpenWRT.  There are three basic steps to configuring Time Capsule:
 +  - Formatting, mounting, and configuring an external USB Drive
 +  - Installing and configuring netatalk
 +  - Installing and configuring avahi
-===== USB =====+===== Formatting, Mounting and Configuring an External USB Drive =====
-An external drive will be required, usually connected via USB. Check out [[doc:howto:usb.overview]] and [[doc:howto:usb.essentials]].+Time Machine will work with other filesystems, but the Mac native HFS+ is recommended. If your router should die, you can simply plug the external drive into your Mac to recover the data.
-In short, do this:+Plug the external drive to a Mac and use the Disk Utility to create a single partition.  Use the GUID layout for the partitioning and select the "Mac OS Extended (Journalled)" format.  When this is complete, use the following command (on the Mac) to turn off journalling:
 +<code>
 +/usr/sbin/diskutil disableJournal /Volumes/<name_of_volume>
 +</code>
 +
 +A user name and password will be required to connect to the Time Capsule.  Rather than running as root, create a new user and group.  For the purposes of this example, the user name is "tmuser" and the group is "timemachine".  This can be done manually, or by installing two packages and using the following commands:
<code> <code>
opkg update opkg update
-opkg install kmod-usb-uhci kmod-usb-ohci kmod-usb2 +opkg install shadow-useradd shadow-groupadd 
-insmod usbcore +groupadd timemachine 
-insmod uhci +useradd -M -G timemachine tmuser 
-insmod usb-ohci +passwd tmuser
-insmod ehci-hcd+
</code> </code>
-You may have to reboot.+Create a mount point for the drive and set the ownership of the directory to the **//timemachine//** group.  For this example, the directory /mnt/TimeMachine will be used.  Create the read-only file to prevent writing to flash if the disk is not mounted.
-===== GUID support and File System =====+<code> 
 +mkdir /mnt/TimeMachine 
 +chown root:timemachine /mnt/TimeMachine 
 +touch /mnt/TimeMachine/USB_DISK_NOT_PRESENT 
 +chmod 444 /mnt/TimeMachine/USB_DISK_NOT_PRESENT 
 +</code>
-There are two possible types of layout of partitions on the drive, the older MBR and the newer GUID. Contemporary operating systems generally prefer GUID but most also also support MBR. Since version 12.09 (Attitue Adjustment), OpenWRT supports mounting GUID-formatted volumes but currently there are no disktools available for managing (i.e. formatting and manipulating partitions) such devices.+Install the packages required for connecting a USB drive. Check out [[doc:howto:usb.overview]] and [[doc:howto:usb.essentials]] for more details.
-Should your router die, you will want to plug the external drive to your Mac to recover the data. Pick a filesystem your Mac can at least read or you will need another machine (Linux?) for recovery. We will assume here that Mac's native HFS+ is used as file system but this is not compulsory. Find details under [doc:howto:usb.storage]]. +<code> 
 +opkg install kmod-usb-storage kmod-fs-hfsplus block-mount 
 +</code>
-  * Plug your external drive into your Mac, lanch the harddisk utility and format as "Mac OS Extended (Journalled)" (no uppercase-lowercase options) +  * **mkod-usb-storage:** Kernel module for USB storage, including all dependencies.   
-  * Turn off the disk's journalling by opening Terminal on the Mac and typing <code> /usr/sbin/diskutil disableJournal /Volumes/&lt;name_of_volume&gt;&lt;/code&gt; +  * **kmod-fs-hfsplus:** Kernel module for the HFS+ file system that will be used by the time capsule. 
-  * harddisk utility will now display the drive as "Mac OS Extended" and lets you re-format it without journalling if you need to +  * **block-mount:** Scripts for automatically mounting the drive on boot or when plugged in. 
- * Before you mount the drive on OpenWRT you may disable writing to it if the disk is not plugged in. Assuming /mnt/shares is your preferred mount point: &lt;code&gt+ 
-touch /mnt/shares/USB_DISK_NOT_PRESENT +Plug in the external drive and find the device number using the **//blkid//** command: 
-chmod 444 /mnt/shares/USB_DISK_NOT_PRESENT+ 
 +<code> 
 +root@OpenWRT:~# blkid 
 +/dev/mtdblock3: TYPE="squashfs"  
 +/dev/sda1: LABEL=&quot;EFI&quot; UUID=&quot;70D6-1701&quot; TYPE="vfat"  
 +/dev/sda2: UUID=&quot;b8212b1d-8d11-30e7-9506-eca9ac887034&quot; LABEL="TimeMachine" TYPE="hfsplus";  
 +root@OpenWRT:~#
</code> </code>
-  * Plug the disk into your OpenWRT box and mount the drive. The Mac may have created a hidden extra partition of type FAT which you won't need. Therefore, the partitions you just created start from the second on the device. <code> + 
-mount -t hfsplus /dev/sda2 /mnt/shares +Configure the drive to be automounted on startup or when plugged in. Add the following to **/etc/config/fstab**, where ///dev/sda2// is the drive identified using **//blkid//**: 
-</code>  + 
-  * make sure the file system you just mounted is writeable<code> +<code>
-touch /mnt/shares/testfile +
-</code> +
-  * If an error occurs, check the logs with <code>logread</code> to get your volume mounted +
-  * Modify /etc/config/fstab to have the drive automount next time you plug it in. Here is an example entry in fstab:<code>+
config mount config mount
- option target /mnt/shares + option target   /mnt/TimeMachine 
- option device /dev/sda2 + option device   /dev/sda2 
- option fstype hfsplus + option fstype   hfsplus 
- option options rw + option options force,rw,sync 
- option enabled 1+ option enabled 1
option enabled_fsck 0 option enabled_fsck 0
</code> </code>
-===== Users and Groups ===== +Mount the drive.
- +
-At least one user password will be required for logging in. Netatalk has different ways of storing passwords, depending on the PAM used. DHX2 ignores /etc/netatalk/afppasswd and uses the information in /etc/passwd. It is suggested you create a group with at least one user and assign privileges to the group instead of the user. +
<code> <code>
-groupadd timemachine +/etc/init.d/fstab start
-chgrp -R timemachine /mnt/shares +
-adduser -G timemachine user_1 +
-passwd user_1+
</code> </code>
-Bug #12819 has it that netatalk will look up the user's password in /etc/passwd instead of /etc/shadow. Therefore, you must copy the hashed password of user_1 from the latter to the former file. Fields are separated by colons, the password is the second field in both files. After copying, the user's entry in passwd could look like this:+If this is successful, you may want to reboot the router to confirm that the drive is mounted on startup.
-<code>user_1:$1$RPZ7VsrM$FsX8dDZ4GTLo3GjI2Uewj/:1003:1001:::</code>+Change the ownership of the mounted disk to the **//timemachine//** group:
 +<code>
 +chown -R root:timemachine /mnt/TimeMachine
 +</code>
===== Netatalk ===== ===== Netatalk =====
-Netatalk speaks the Apple File Protocol (AFP) over the network. As of this writing, netatalk 2.2.1-4 is the version of choice. +Netatalk is the linux package that supports the Apple File Protocol on linux systems, allowing for file serving, printing, and time servers.  It can also be configured to support Time Machine over a network, replicating the features of Apple's Time Capsule.  Starting with version 2.2, Netatalk supports the latest AFP protocol level 3.3, required to support Time Machine on OSX 10.7 (Lion) and above.  Thankfully, netatalk 2.2.1-5 is included in Attitude Adjustment.  For the purposes of this installation, only a Time Machine share will be configured. Start by installing the **//netatalk//** package:
<code> <code>
opkg install netatalk opkg install netatalk
-/etc/init.d/netatalk enable 
</code> </code>
-Netatalk itself is configured via /etc/netatalk/afpd.conf. Find the manpage http://netatalk.sourceforge.net/2.2/htmldocs/afpd.conf.5.html. All fields of a definition go in one line or you use escaped CRs. Here is one complete sample afpd.conf:+Configure netatalk by adding the line below to **/etc/netatalk/afpd.conf**. Comment out all other lines.  This will configure a server named "TimeMachine" to use the Diffie-Hellman eXchange 2 (DHX2) for authentication.  Refer to the man page for [[http://linux.die.net/man/5/afpd.conf|afpd.conf]] for further details on the other options.
<code> <code>
-"myShare" +"TimeMachine" -uampath /usr/lib/uams -uamlist uams_dhx2.so -nodebug -nouservol -icon -nosavepassword -mimicmodel RackMac
--uampath /usr/lib/uams +
--uamlist uams_dhx2.so uams_clrtext.so \ +
--nodebug +
--nouservol +
--icon +
--nosavepassword +
--mimicmodel RackMac \+
</code> </code>
-The uamlist should mention the DHX2 as the first module so it is tried first. DHX2 is the authentication method of choice for the Mac, although it is not perfectly secure and requires so much computing effort that a login procedure is likely to take about 25 seconds in which your router will be 100% busy.+The volumes netatalk will make available are defined in **/etc/netatalk/AppleVolumes.default**.  Add the line below to **/etc/netatalk/AppleVolumes.default** to create the AFP time machine share, commenting out all other lines.
-The volumes netatalk will make available are defined in /etc/netatalk/AppleVolumes.default. See the manpage http://netatalk.sourceforge.net/2.2/htmldocs/AppleVolumes.default.5.html for details. 
- 
-These entries in AppleVolumes.default should do: 
<code> <code>
-:DEFAULT: allow:root dbpath:/mnt/shares/AppleDB/$v options:upriv ea:ad +/mnt/TimeMachine TimeMachine volsizelimit:150000 allow:@timemachine rwlist:@timemachine cnidscheme:dbd options:searchdb,usedots,invisibledots,tm
-:DEFAULT_CNID_SCHEME: dbd +
- +
-/mnt/shares Sleeky allow:root,@timemachine rwlist:root,@timemachine cnidscheme:dbd options:searchdb,tm+
</code> </code>
-A little bit of background on the CNID scheme: The AFP protocol mostly refers to files and directories by ID and not by name. Netatalk needs a way to store these ID's in a persistent way. To achieve this several different CNID backends (cdb, dbd and last) are available. The first line of above config file points to a CNID database right on the shared volume. Make sure the DB is located in a safe place, i.e. not in /tmp or /var. The destination directory must also be created and access permissions must be assigned: +The first parameter specifies the location of the shared volume, while the second specifies the name. The Time Machine uses a CNID database to reference files on the shared volume. By default, this database will be located in the root directory of the shared volume. The size of the shared volume reported to time machine is set using the **//volsizlimit//** parameter. Set this parameter to less than the full size of the disk to reserve space for the database.  (If the database can't be written to or is corrupted, the entire Time Machine repository may be lost)  The **//allow//** and **//rwlist//** parameters specify which users can access and write to the time machine.  Either specify a user name directly, or just use **//@timemachine//** to allow access for users in the **//timemachine//** group.  Reference the [[http://linux.die.net/man/5/applevolumes.default|AppleVolumes.default]] man page for further information on options.
-<code> +
-mkdir /mnt/shares/AppleDB +
-chgrp timemachine /mnt/shares/AppleDB +
-chmod g+rwx /mnt/shares/AppleDB +
-</code>+
-The volume you will share is named "Sleeky" in the above example. +Restart netatalk and enable on boot:
-Start up netatalk and check the log for errors. 
<code> <code>
 +/etc/init.d/afpd stop
/etc/init.d/afpd start /etc/init.d/afpd start
-logread+/etc/init.d/afpd enable
</code> </code>
- 
-Open the Finder on your client Mac and connect to your router by hitting COMMAND-K. Enter "afp:\\<your OpenWRT router> as server address in the popup dialog. Authenticate as user_1 with the password you assigned. Again, mind that logging in may take some time. If login is not successful, check the syslog. You may also replace the -nodebug statement in /etc/netatalk/afpd.conf with <code>-setuplog "default log_maxdebug <logfile>" \ </code>, try again and check that log. Should you get a popup on your Mac that complains about the CNID database being corrupt, make sure the group you use for accessing (here:timemachine) has write permissions all through the CNID database directory: 
- 
-<code>chgrp -R timemachine /mnt/shares</code> 
- 
-You should now be able to read and write to the shared drive. Note that a file user_1 created may not be deleted by user_2 unless the group has write permissions on the file. For new files, this can be controlled by the UMASK of user_1. 
===== Avahi ===== ===== Avahi =====
-Avahi implements a protocol known as Zeroconf or Bonjour to advertise your volume on the network. Netatalk 3.0+ will be able to do its own advertising.+Avahi implements a protocol known as Zeroconf or Bonjour to advertise your volume on the network. Install the package:
<code> <code>
Line 134: Line 128:
</code> </code>
-Avahi is configured via /etc/avahi/avahi-daemon.conf, see http://linux.die.net/man/5/avahi-daemon.conf. At this time, only two lines need editing:+Avahi is configured via **/etc/avahi/avahi-daemon.conf**, see [[http://linux.die.net/man/5/avahi-daemon.conf]]. Only three lines of the default file need changing: 
<code> <code>
-host-name WRTCapsule+host-name=TimeMachine
enable-dbus=no enable-dbus=no
 +allow-interfaces=br-lan
</code> </code>
-The host-name will be displayed on client computers before logging in. Turning off dbus is required to make Avahi read the services files before using dbus to contact Netatalk.  +The first line defines the host name, which will be displayed on client computers before logging in. The second line is not in the default file and must be added to disable dbus support.  dbus is a protocol for communication which can be used to communicate between Avahi and Netatalk however, for the purposes of setting up a Time Capsule, it is not required. Instead, the services that Avahi advertises are defined via the XML files in **/etc/avahi/services**. Create the file **/etc/avahi/services/afpd.service**, with the following content:
- +
-What exactly Avahi advertises is controlled via the files in /etc/avahi/services. The netatalk service is defined in afpd.service.+
-Start Avahi and enable its startup when the router bootstraps. 
<code> <code>
-/etc/init.d/avahi-daemon start +<?xml version="1.0" standalone="no"?> 
-/etc/init.d/avahi-daemon enable+<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> 
 +<service-group> 
 +<name replace-wildcards="yes">Time Capsule</name> 
 +  <service> 
 +    <type>_afpovertcp._tcp</type> 
 +    <port>548</port> 
 +  </service> 
 +  <service> 
 +    <type>_device-info._tcp</type> 
 +   <port>0</port> 
 +    <txt-record>model=TimeCapsule</txt-record> 
 +  </service> 
 +  <service> 
 +    <type>_adisk._tcp</type> 
 +    <port>9</port> 
 +    <txt-record>sys=waMA=XX:XX:XX:XX:XX:XX,adVF=0x100</txt-record> 
 +    <txt-record>dk1=adVF=0x83,adVN=TimeMachine</txt-record> 
 +  </service> 
 +</service-group>
</code> </code>
-Again, theck the log for errors. If everything worked, you should now see your server (WRTCapsule) in a Finder window on the left hand side under "shared volumes". +This file defines a service group named //"Time Capsule"//, divided into three sections.  The first two sections enable the AFP shared volume. The text //"model=TimeCapsule"// defines the volume as a time capsule, so that the time capsule icon is displayed in the finder.  The third section attaches the disk to the service group so that it shows up under the "Select Disk" window in the time machine preferences.  The //"XX:XX:XX:XX:XX:XX"// in the example above should be replaced with the MAC address of the router's LAN interface.  The section //"adVN=TimeMachine"// should match the name of the volume defined in afpd.conf and AppleVolumes.default.
-===== Dbus =====+FIXME (Provide better explanation of XML file details.)
-You can also use d-bus for communication between Netatalk and Avahi. Remove the "use-dbus=no" statement from /etc/netatalk/afpd.conf. Avahi will now prefer dbus over the configuration in its system folder. +Restart Avahi and enable on boot:
-Add one entry in /etc/dbus-1/system.conf to allow Avahi to connect to Dbus: 
<code> <code>
- <policy context="default">                                       +/etc/init.d/avahi-daemon stop 
-    <!-- All users can connect to system bus -->                   +/etc/init.d/avahi-daemon start 
-    <allow user="*"/>                                                     +/etc/init.d/avahi-daemon enable
-                                                                           +
-    <!-- Holes must be punched in service configuration files for   +
-        name ownership and sending method calls -->               +
-   <deny own="*"/>                                                 +
-    <allow own="org.freedesktop.Avahi"/>  <!-- add this line --> +
-   <deny send_type="method_call"/+
-    ...+
</code> </code>
- 
-Find more information on Dbus under http://linux.die.net/man/1/dbus-daemon-1 (including options for system.conf). 
- 
-Stop netatalk, avahi and dbus and start them in the order dbus - avahi - netatalk. 
===== Configure TimeMachine ===== ===== Configure TimeMachine =====
-You can now use the TimeMachine preferences pane on your client Mac to define your advertised volume as destination drive. TimeMachine will also save your user and password for write access.+You can now use the TimeMachine preferences pane on your client Mac to define your advertised volume as destination drive. When prompted for a user name and password, use //tmuser// and the password set above.  TimeMachine will save your login information.
===== Restore From Your Server ===== ===== Restore From Your Server =====
Line 182: Line 181:
If the harddisk of your Mac dies and needs reinstallation through TimeMachine, your crippled Mac must first see your OpenWRT box. Boot your Mac with a DVD or similar, open a Terminal and type If the harddisk of your Mac dies and needs reinstallation through TimeMachine, your crippled Mac must first see your OpenWRT box. Boot your Mac with a DVD or similar, open a Terminal and type
<code>mkdir /Volumes/TimeMachine <code>mkdir /Volumes/TimeMachine
-mount -t afp "afp://<nslug_ip>/Sleeky" /Volumes/Sleeky+mount -t afp "afp://<your OpenWRT route>/TimeMachine" /Volumes/TimeMachine
</code> </code>
You can then use TimeMachine to read back all your saved data from the remote drive. You can then use TimeMachine to read back all your saved data from the remote drive.
 +FIXME (fix mounting commands to work with username:password)
 +
 +===== Restore from the USB Disk =====
 +
 +Since the USB disk was formatted using the HFS+ format, umount it from the router and plug it in directly to your Mac for a faster restore.
 +
 +<code>
 +/etc/init.d/afpd stop
 +umount /mnt/TimeMachine
 +</code>
 +
 +When finished, plug it back into the router and restart Netatalk:
 +
 +<code>
 +/etc/init.d/afpd start
 +</code>
 +
 +===== Recovery from Disk Errors =====
 +FIXME If the backup process is interrupted, the database can become corrupt and unusable.  Time Machine will report that the backup is unusable and will suggest creating a new backup.  Need to add a section to cover how to properly set up the time capsule so that it automatically and robustly recovers from these errors.

Back to top

timemachine.1358758868.txt.bz2 · Last modified: 2013/01/21 10:01 by birnbacs