User Tools

Site Tools


timemachine

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
timemachine [2013/01/21 10:01]
birnbacs appended restoring chapter
timemachine [2014/09/21 03:05] (current)
florian Added a missing allow-interfaces that prevent me from getting bonjour on MacOSX
Line 1: Line 1:
-====== File Server with TimeMachine support ​======+====== ​Time Capsule on OpenWRT (Apple ​File Protocol ​Server with Time Machine Support) ​====== 
 + 
 + 
 +====== Working fine with '​force'​ mount option in fstab ====== 
 + 
  
 ===== Intro ===== ===== Intro =====
  
-TimeMachine ​is Apple'​s backup software. ​ It is included with Mac OS X and was introduced with the 10.5 "​Leopard"​ release of Mac OS X. The software is designed to work with the Time Capsule as well as other internal or external drives. ​TimeCapsule ​is (among other things) a wireless router with a built in hard drive. ​TimeCapsule ​will advertise the hard drive on the network and the TimeMachine on client Macs can use TimeCapsule as a storage. The nicest thing about this is that it works with a minimum of user configuration.+Time Machine ​is Apple'​s backup software. It is included with Mac OS X and was introduced with the 10.5 "​Leopard"​ release of Mac OS X. The software is designed to work with internal or external drives, as well as with Apple'​s Time CapsuleTime Capsule ​is (among other things) a wireless router with a built in hard drive. ​ ​It ​will advertize itself ​on network and allow Mac computers to back up wirelessly using Time Machine ​with a minimum of user configuration.  This wiki documents how to make your OpenWRT router behave like a Time Capsule.
  
-Here is how to make your OpenWRT ​router behave like a Time Capsule.+This following configuration ​is for the stable release of Attitude Adjustment 12.09 (r36088). ​ It was developed and tested with a Mac running OSX 10.8.3. ​ These directions have been verified on a Netgear WNDR3800 using a new installation of OpenWRT.  There are many examples on the web for configuring ​a Time Capsule ​on linux systems Many of these contain conflicting,​ incorrect, or superfluous information. ​ This wiki is an attempt to detail the minimum configuration required to run a Time Capsule on OpenWRT. ​ There are three basic steps to configuring Time Capsule:
  
 +  - Formatting, mounting, and configuring an external USB Drive
 +  - Installing and configuring netatalk
 +  - Installing and configuring avahi
  
-===== USB =====+===== Formatting, Mounting and Configuring an External ​USB Drive =====
  
-An external drive will be requiredusually connected via USBCheck out [[doc:​howto:​usb.overview]] and [[doc:​howto:​usb.essentials]].+Time Machine ​will work with other filesystemsbut the Mac native HFS+ is recommended If your router should die, you can simply plug the external drive into your Mac to recover the data.
  
-In short, do this:+Plug the external drive to a Mac and use the Disk Utility to create a single partition. ​ Use the GUID layout for the partitioning and select the "Mac OS Extended (Journalled)"​ format. ​ When this is complete, use the following command (on the Mac) to turn off journalling:
  
 +<​code>​
 +/​usr/​sbin/​diskutil disableJournal /​Volumes/<​name_of_volume>​
 +</​code>​
 +
 +A user name and password will be required to connect to the Time Capsule. ​ Rather than running as root, create a new user and group. ​ For the purposes of this example, the user name is "​tmuser"​ and the group is "​timemachine"​. ​ This can be done manually, or by installing two packages and using the following commands:
 <​code>​ <​code>​
 opkg update opkg update
-opkg install ​kmod-usb-uhci kmod-usb-ohci kmod-usb2 +opkg install ​shadow-useradd shadow-groupadd 
-insmod usbcore +groupadd timemachine 
-insmod uhci +useradd ​-M -G timemachine tmuser 
-insmod usb-ohci +passwd tmuser
-insmod ehci-hcd+
 </​code>​ </​code>​
  
-You may have to reboot.+Create a mount point for the drive and set the ownership of the directory ​to the **//​timemachine//​** group. ​ For this example, the directory /​mnt/​TimeMachine will be used.  Create the read-only file to prevent writing to flash if the disk is not mounted.
  
-===== GUID support and File System =====+<​code>​ 
 +mkdir /​mnt/​TimeMachine 
 +chown root:​timemachine /​mnt/​TimeMachine 
 +touch /​mnt/​TimeMachine/​USB_DISK_NOT_PRESENT 
 +chmod 444 /​mnt/​TimeMachine/​USB_DISK_NOT_PRESENT 
 +</​code>​
  
-There are two possible types of layout of partitions on the drive, the older MBR and the newer GUIDContemporary operating systems generally prefer GUID but most also also support MBRSince version 12.09 (Attitue Adjustment),​ OpenWRT supports mounting GUID-formatted volumes but currently there are no disktools available ​for managing (i.e. formatting and manipulating partitions) such devices.+Install ​the packages required for connecting a USB drive. ​ Check out [[doc:​howto:​usb.overview]] and [[doc:​howto:​usb.essentials]] ​for more details.
  
-Should your router die, you will want to plug the external drive to your Mac to recover the data. Pick a filesystem your Mac can at least read or you will need another machine (Linux?) for recovery. We will assume here that Mac's native HFS+ is used as file system but this is not compulsory. Find details under [doc:howto:usb.storage]]. +<​code>​ 
 +opkg install kmod-usb-storage ​kmod-fs-hfsplus block-mount 
 +</​code>​
  
-  * Plug your external drive into your Mac, lanch the harddisk utility and format as "Mac OS Extended (Journalled)"​ (no uppercase-lowercase options) +  * **mkod-usb-storage:​** Kernel module for USB storage, including all dependencies.  ​ 
-  * Turn off the disk's journalling ​by opening Terminal on the Mac and typing <​code>​ /​usr/​sbin/​diskutil disableJournal /​Volumes/<​name_of_volume></​code>​ +  * **kmod-fs-hfsplus:​** Kernel module for the HFS+ file system that will be used by the time capsule. 
-  * harddisk utility will now display the drive as "Mac OS Extended"​ and lets you re-format it without journalling if you need to +  * **block-mount:** Scripts for automatically mounting ​the drive on boot or when plugged in. 
-  ​Before you mount the drive on OpenWRT you may disable writing to it if the disk is not plugged in. Assuming ​/mnt/shares is your preferred mount point: <​code>​ + 
-touch /mnt/shares/​USB_DISK_NOT_PRESENT +Plug in the external drive and find the device number using the **//blkid//** command: 
-chmod 444 /mnt/shares/USB_DISK_NOT_PRESENT+ 
 +<​code>​ 
 +root@OpenWRT:​~#​ blkid 
 +/dev/mtdblock3: TYPE="​squashfs" ​ 
 +/dev/sda1: LABEL="​EFI"​ UUID="​70D6-1701"​ TYPE="​vfat"​  
 +/dev/sda2: UUID="​b8212b1d-8d11-30e7-9506-eca9ac887034"​ LABEL="​TimeMachine"​ TYPE="​hfsplus"​  
 +root@OpenWRT:​~#​
 </​code>​ </​code>​
-  * Plug the disk into your OpenWRT box and mount the drive. ​The Mac may have created a hidden extra partition of type FAT which you won't need. Therefore, ​the partitions you just created start from the second on the device. <​code>​ + 
-mount -t hfsplus ​/dev/sda2 /mnt/shares +Configure ​the drive to be automounted on startup or when plugged in ​Add ​the following to **/etc/config/fstab**, where ///dev/sda2// is the drive identified using **//blkid//**: 
-</code>  + 
-  * make sure the file system you just mounted is writeable<​code>​ +<​code>​
-touch /mnt/shares/testfile +
-</code> +
-  * If an error occurs, check the logs with <​code>​logread</​code>​ to get your volume mounted +
-  ​Modify ​/etc/config/fstab to have the drive automount next time you plug it in. Here is an example entry in fstab:<​code>​+
 config mount config mount
- option target /mnt/shares + option target ​  ​/mnt/TimeMachine 
- option device /dev/sda2 + option device ​  ​/dev/sda2 
- option fstype hfsplus + option fstype ​  ​hfsplus 
- option options rw + option options ​ ​force,​rw,sync 
- option enabled 1+ option enabled ​ 1
  option enabled_fsck 0  option enabled_fsck 0
 </​code>​ </​code>​
  
-===== Users and Groups ===== +Mount the drive.
- +
-At least one user password will be required for logging in. Netatalk has different ways of storing passwords, depending on the PAM used. DHX2 ignores /​etc/​netatalk/​afppasswd and uses the information in /​etc/​passwd. It is suggested you create a group with at least one user and assign privileges to the group instead of the user+
  
 <​code>​ <​code>​
-groupadd timemachine +/etc/init.d/​fstab start
-chgrp -R timemachine ​/mnt/shares +
-adduser -G timemachine user_1 +
-passwd user_1+
 </​code>​ </​code>​
  
-Bug #12819 has it that netatalk will look up the user's password in /etc/passwd instead of /​etc/​shadow. Therefore, you must copy the hashed password of user_1 from the latter ​to the former file. Fields are separated by colons, the password ​is the second field in both filesAfter copying, the user's entry in passwd could look like this:+If this is successful, you may want to reboot ​the router ​to confirm that the drive is mounted on startup.
  
-<​code>​user_1:​$1$RPZ7VsrM$FsX8dDZ4GTLo3GjI2Uewj/:1003:​1001:::</​code>​+Change the ownership of the mounted disk to the **//​timemachine//​** group:
  
 +<​code>​
 +chown -R root:​timemachine /​mnt/​TimeMachine
 +</​code>​
  
 ===== Netatalk ===== ===== Netatalk =====
  
-Netatalk ​speaks ​the Apple File Protocol ​(AFP) over the network. As of this writing, netatalk 2.2.1-is the version ​of choice+Netatalk ​is the linux package that supports ​the Apple File Protocol ​on linux systems, allowing for file serving, printing, and time servers. ​ It can also be configured to support Time Machine ​over network, replicating the features ​of Apple'​s Time Capsule. ​ Starting with version 2.2, Netatalk supports the latest AFP protocol level 3.3, required to support Time Machine on OSX 10.7 (Lion) and above. ​ Thankfully, netatalk 2.2.1-is included in Attitude Adjustment. ​ For the purposes ​of this installation,​ only a Time Machine share will be configured Start by installing the **//​netatalk//​** package:
  
 <​code>​ <​code>​
 opkg install netatalk opkg install netatalk
-/​etc/​init.d/​netatalk enable 
 </​code>​ </​code>​
  
-Netatalk itself is configured via /​etc/​netatalk/​afpd.conf. ​Find the manpage ​http://netatalk.sourceforge.net/2.2/htmldocs/afpd.conf.5.html. All fields of a definition go in one line or you use escaped CRs. Here is one complete sample ​afpd.conf:+Configure netatalk by adding the line below to **/​etc/​netatalk/​afpd.conf** ​Comment out all other lines. ​ This will configure a server named "​TimeMachine"​ to use the Diffie-Hellman eXchange 2 (DHX2) for authentication. ​ Refer to the man page for [[http://linux.die.net/man/5/afpd.conf|afpd.conf]] for further details on the other options.
  
 <​code>​ <​code>​
-"myShare" ​+"TimeMachine" -uampath /​usr/​lib/​uams -uamlist uams_dhx2.so -nodebug -nouservol -icon -nosavepassword -mimicmodel RackMac
--uampath /​usr/​lib/​uams ​+
--uamlist uams_dhx2.so ​uams_clrtext.so \ +
--nodebug ​+
--nouservol ​+
--icon +
--nosavepassword ​+
--mimicmodel RackMac ​\+
 </​code>​ </​code>​
  
-The uamlist should mention the DHX2 as the first module so it is tried firstDHX2 is the authentication method of choice for the Macalthough it is not perfectly secure and requires so much computing effort that a login procedure is likely to take about 25 seconds in which your router will be 100% busy.+The volumes netatalk will make available are defined in **/​etc/​netatalk/​AppleVolumes.default**. ​ Add the line below to **/​etc/​netatalk/​AppleVolumes.default** to create ​the AFP time machine sharecommenting out all other lines 
  
-The volumes netatalk will make available are defined in /​etc/​netatalk/​AppleVolumes.default. See the manpage http://​netatalk.sourceforge.net/​2.2/​htmldocs/​AppleVolumes.default.5.html for details. 
- 
-These entries in AppleVolumes.default should do: 
 <​code>​ <​code>​
-:DEFAULT: allow:root dbpath:/mnt/shares/​AppleDB/​$v options:upriv ea:ad +/mnt/TimeMachine TimeMachine volsizelimit:150000 ​allow:​@timemachine rwlist:​@timemachine cnidscheme:​dbd options:​searchdb,​usedots,​invisibledots,tm
-:​DEFAULT_CNID_SCHEME:​ dbd +
- +
-/mnt/shares Sleeky ​allow:root,@timemachine rwlist:root,@timemachine cnidscheme:​dbd options:​searchdb,​tm+
 </​code>​ </​code>​
  
-A little bit of background on the CNID scheme: The AFP protocol mostly refers to files and directories by ID and not by name. Netatalk needs a way to store these ID's in a persistent way. To achieve this several different CNID backends (cdb, dbd and last) are available. ​The first line of above config file points to a CNID database ​right on the shared volume. ​Make sure the DB is located in a safe place, i.e. not in /tmp or /varThe destination directory must also be created ​and access ​permissions must be assigned: +The first parameter specifies the location ​of the shared volume, while the second specifies the name.  The Time Machine uses a CNID database ​to reference files on the shared volume. ​ By default, this database will be located in the root directory of the shared volume The size of the shared volume reported to time machine is set using the **//volsizlimit//​** parameter Set this parameter to less than the full size of the disk to reserve space for the database. ​ (If the database can'​t ​be written to or is corrupted, the entire Time Machine repository may be lost)  The **//​allow//​** ​and **//​rwlist//​** parameters specify which users can access ​and write to the time machine. ​ Either specify a user name directly, or just use **//@timemachine//​** to allow access for users in the **//​timemachine//​** group. ​ Reference the [[http://linux.die.net/man/5/applevolumes.default|AppleVolumes.default]] man page for further information on options.
-<​code>​ +
-mkdir /mnt/shares/AppleDB +
-chgrp timemachine /mnt/shares/AppleDB +
-chmod g+rwx /mnt/shares/AppleDB +
-</code>+
  
-The volume you will share is named "​Sleeky"​ in the above example. ​+Restart netatalk and enable on boot:
  
-Start up netatalk and check the log for errors. 
 <​code>​ <​code>​
 +/​etc/​init.d/​afpd stop
 /​etc/​init.d/​afpd start /​etc/​init.d/​afpd start
-logread+/​etc/​init.d/​afpd enable
 </​code>​ </​code>​
- 
-Open the Finder on your client Mac and connect to your router by hitting COMMAND-K. Enter "​afp:​\\<​your OpenWRT router> as server address in the popup dialog. Authenticate as user_1 with the password you assigned. Again, mind that logging in may take some time. If login is not successful, check the syslog. You may also replace the -nodebug statement in /​etc/​netatalk/​afpd.conf with <​code>​-setuplog "​default log_maxdebug <​logfile>"​ \ </​code>,​ try again and check that log. Should you get a popup on your Mac that complains about the CNID database being corrupt, make sure the group you use for accessing (here:​timemachine) has write permissions all through the CNID database directory: 
- 
-<​code>​chgrp -R timemachine /​mnt/​shares</​code>​ 
- 
-You should now be able to read and write to the shared drive. Note that a file user_1 created may not be deleted by user_2 unless the group has write permissions on the file. For new files, this can be controlled by the UMASK of user_1. 
  
 ===== Avahi ===== ===== Avahi =====
  
-Avahi implements a protocol known as Zeroconf or Bonjour to advertise your volume on the network. ​Netatalk 3.0+ will be able to do its own advertising.+Avahi implements a protocol known as Zeroconf or Bonjour to advertise your volume on the network. ​ ​Install the package:
  
 <​code>​ <​code>​
Line 134: Line 128:
 </​code>​ </​code>​
  
-Avahi is configured via /​etc/​avahi/​avahi-daemon.conf,​ see http://​linux.die.net/​man/​5/​avahi-daemon.conf. ​At this time, only two lines need editing:+Avahi is configured via **/​etc/​avahi/​avahi-daemon.conf**, see [[http://​linux.die.net/​man/​5/​avahi-daemon.conf]] Only three lines of the default file need changing: 
 <​code>​ <​code>​
-host-name ​WRTCapsule+host-name=TimeMachine
 enable-dbus=no enable-dbus=no
 +allow-interfaces=br-lan
 </​code>​ </​code>​
  
-The host-name will be displayed on client computers before logging in. Turning off dbus is required to make Avahi read the services files before using dbus to contact ​Netatalk. ​ +The first line defines the host name, which will be displayed on client computers before logging in.  The second line is not in the default file and must be added to disable ​dbus support. ​ dbus is a protocol for communication which can be used to communicate between Avahi and Netatalk ​however, for the purposes of setting up a Time Capsule, it is not required ​Instead,​ the services that Avahi advertises ​are defined ​via the XML files in **/​etc/​avahi/​services** ​Create the file **/​etc/​avahi/​services/​afpd.service**, with the following content:
- +
-What exactly ​Avahi advertises ​is controlled ​via the files in /​etc/​avahi/​services. ​The netatalk service is defined in afpd.service.+
  
-Start Avahi and enable its startup when the router bootstraps. 
 <​code>​ <​code>​
-/etc/init.d/avahi-daemon start +<?xml version="​1.0"​ standalone="​no"?>​ 
-/etc/init.d/avahi-daemon enable+<​!DOCTYPE service-group SYSTEM "​avahi-service.dtd">​ 
 +<​service-group>​ 
 +<name replace-wildcards="​yes">​Time Capsule</name> 
 +  <​service>​ 
 +    <​type>​_afpovertcp._tcp</type> 
 +    <​port>​548</​port>​ 
 +  </​service>​ 
 +  <​service>​ 
 +    <​type>​_device-info._tcp</​type>​ 
 +    <​port>​0<​/port> 
 +    <​txt-record>​model=TimeCapsule<​/txt-record>​ 
 +  </​service>​ 
 +  <​service>​ 
 +    <​type>​_adisk._tcp</type> 
 +    <​port>​9</​port>​ 
 +    <​txt-record>​sys=waMA=XX:​XX:​XX:​XX:​XX:​XX,​adVF=0x100</​txt-record>​ 
 +    <​txt-record>​dk1=adVF=0x83,​adVN=TimeMachine</​txt-record>​ 
 +  </​service>​ 
 +</​service-group>
 </​code>​ </​code>​
  
-Againtheck the log for errorsIf everything workedyou should now see your server (WRTCapsule) ​in a Finder window on the left hand side under "shared volumes"​. ​+This file defines a service group named //"​Time Capsule"//​divided into three sections. ​ The first two sections enable ​the AFP shared volume The text //"​model=TimeCapsule"//​ defines the volume as a time capsuleso that the time capsule icon is displayed ​in the finder. ​ The third section attaches the disk to the service group so that it shows up under the "Select Disk" ​window in the time machine preferences. ​ The //"​XX:​XX:​XX:​XX:​XX:​XX"//​ in the example above should be replaced with the MAC address of the router'​s LAN interface. ​ The section //"​adVN=TimeMachine"//​ should match the name of the volume defined in afpd.conf and AppleVolumes.default.
  
-===== Dbus =====+FIXME (Provide better explanation of XML file details.)
  
-You can also use d-bus for communication between Netatalk ​and Avahi. Remove the "​use-dbus=no"​ statement from /​etc/​netatalk/​afpd.conf. Avahi will now prefer dbus over the configuration in its system folder. ​+Restart Avahi and enable on boot:
  
-Add one entry in /​etc/​dbus-1/​system.conf to allow Avahi to connect to Dbus: 
 <​code>​ <​code>​
- <​policy context="​default"> ​                                       +/etc/​init.d/​avahi-daemon stop 
-    <!-- All users can connect to system bus --> ​                   +/etc/init.d/avahi-daemon start 
-    <allow user="​*"​/>                                                     +/etc/init.d/​avahi-daemon enable
-                                                                           +
-    <!-- Holes must be punched in service configuration files for   +
-         name ownership and sending method calls --> ​               +
-    <​deny own="​*"​/>                                                 +
-    <allow own="​org.freedesktop.Avahi"​/>  <!-- add this line --> +
-    <​deny send_type="​method_call"​/+
-    ...+
 </​code>​ </​code>​
- 
-Find more information on Dbus under http://​linux.die.net/​man/​1/​dbus-daemon-1 (including options for system.conf). 
- 
-Stop netatalk, avahi and dbus and start them in the order dbus - avahi - netatalk. 
  
 ===== Configure TimeMachine ===== ===== Configure TimeMachine =====
  
-You can now use the TimeMachine preferences pane on your client Mac to define your advertised volume as destination drive. TimeMachine will also save your user and password for write access.+You can now use the TimeMachine preferences pane on your client Mac to define your advertised volume as destination drive. ​ When prompted for a user name and password, use //tmuser// and the password set above.  ​TimeMachine will save your login information.
  
 ===== Restore From Your Server ===== ===== Restore From Your Server =====
Line 182: Line 181:
 If the harddisk of your Mac dies and needs reinstallation through TimeMachine,​ your crippled Mac must first see your OpenWRT box. Boot your Mac with a DVD or similar, open a Terminal and type  If the harddisk of your Mac dies and needs reinstallation through TimeMachine,​ your crippled Mac must first see your OpenWRT box. Boot your Mac with a DVD or similar, open a Terminal and type 
 <​code>​mkdir /​Volumes/​TimeMachine <​code>​mkdir /​Volumes/​TimeMachine
-mount -t afp "​afp://<​nslug_ip>/Sleeky" /Volumes/Sleeky+mount -t afp "​afp://<​your OpenWRT route>/TimeMachine" /Volumes/TimeMachine
 </​code>​ </​code>​
  
 You can then use TimeMachine to read back all your saved data from the remote drive. You can then use TimeMachine to read back all your saved data from the remote drive.
  
 +FIXME (fix mounting commands to work with username:​password) ​
 +
 +===== Restore from the USB Disk =====
 +
 +Since the USB disk was formatted using the HFS+ format, umount it from the router and plug it in directly to your Mac for a faster restore.
 +
 +<​code>​
 +/​etc/​init.d/​afpd stop
 +umount /​mnt/​TimeMachine
 +</​code>​
 +
 +When finished, plug it back into the router and restart Netatalk:
 +
 +<​code>​
 +/​etc/​init.d/​afpd start
 +</​code>​
 +
 +===== Recovery from Disk Errors =====
  
 +FIXME If the backup process is interrupted,​ the database can become corrupt and unusable. ​ Time Machine will report that the backup is unusable and will suggest creating a new backup. ​ Need to add a section to cover how to properly set up the time capsule so that it automatically and robustly recovers from these errors.
timemachine.1358758868.txt.bz2 · Last modified: 2013/01/21 10:01 by birnbacs