Benpro - Blog

FLOSS and Japan things

This is a rant but also a PSA.

On their website: OneCloud is our KVM based virtualization infrastructure, available in two versions: General Purpose and Storage.

I set up a storage machine for a NFS filer purpose. I had two major incidents... In two months!

After about one month uptime: Machine down, cannot be powered on again. Asked support to resolve the issue: Took a long time but the machine was restored.

Again, after about one month uptime: Machine running but disk not responding, kernel put the partition in read only mode. Fact is the disk was not even visible anymore. Restarted the machine in the panel, then drama. After a fsck -y the server is back. But I can see that their storage solution is not reliable.

Do not use OneProvider Cloud, also called OneCloud at least for their storage machines, if you want reliable storage.

On the other hand, I am really happy with Hetzner, too bad that their storage is only SSD... Expensive! I want HDD storage.

Note: This guide is for RPi 4 Model B, Raspberry Pi OS (Raspbian) and external disk drive (no SD card used, except for /boot). Kernel used is v7l+.

I like to encrypt all the devices I own, except for servers which can be troublesome to decrypt it... Anyway, here is a memory guide on how I configured encryption on an external disk for a RPi 4 B and boot on it.

Install required packages

# apt install busybox cryptsetup initramfs-tools lvm2

Prepare configuration

  • Set CRYPTSETUP=Y in /etc/cryptsetup-initramfs/conf-hook.
  • Add a kernel post-install hook:
# cat <<EOF > /etc/kernel/postinst.d/mkinitramfs
#!/bin/sh -e
version=\$1
if ! (echo "\$version" | grep -q "v7l+"); then exit 0; fi
mkinitramfs -o /boot/initramfs.gz "\$1"
EOF
chmod +x /etc/kernel/postinst.d/mkinitramfs

Encrypt the disk and copy filesystem

On a freshly written SD card Raspberry Pi image.

# cryptsetup luksFormat /dev/sda
# cryptsetup open /dev/sda crypted
# pvcreate /dev/mapper/crypted
# vgcreate /dev/mapper/crypted vg0
# lvcreate -nrootfs -L30G vg0
# lvcreate -nhome -L100G vg0
# mount /dev/vg0/home /mnt/
# rsync -avh --progress /home/ /mnt/
# mount /dev/vg0/rootfs /mnt
# rsync -avh --progress --exclude="{/proc/**, /sys/**, /dev/**, /tmp/**, /home/** , /mnt}" / /mnt/

Note: I don't delete sources files on the SD card, as it can be useful to boot on the SD card later, for a rescue mode.

Configure fstab and crypttab

  • fstab:
/dev/mapper/vg0-rootfs  /               ext4    defaults,noatime  0       1
/dev/mapper/vg0-home  /home               ext4    defaults,noatime  0       1
  • crypttab:
crypted	/dev/sda	none	luks

Prepare an initramfs image

The RPi bootloader directly access the kernel image on the SD card, partition /boot and don't need an initramfs like traditional machines. But, as we want to decrypt and mount LVM volumes we need an image which contains the required tools.

# mkinitramfs -o /boot/initramfs.gz

Check that the image has cryptsetup and LVM tools:

# lsinitramfs /boot/initramfs.gz | grep -e cryptsetup -e lvm

Note: It may fail to detect root device, in this case at next reboot you will have to manually luksOpen and vgchange -ay in busybox to be able to boot correctly. After that “manual” boot, you can redo mkinitramfs and it should works.

Final steps with RPi bootloader

  • Add to /boot/config.txt:
initramfs initramfs.gz followkernel
  • Modify /boot/cmdline.txt to add new root device and crypt device:
root=/dev/mapper/vg0-rootfs cryptdevice=/dev/sda:crypted

Also, remove quiet or splash to see the boot process and to be able to have a prompt asking for your LUKS password.

And you're done!

Main source: robpol86.com website.

Rasbian Buster doesn't have wireguard packages available. There are only available on Raspbian Bullseye (testing). To install them we can use APT Preferences.

Enable the mirror and set apt pinning

# echo "deb http://archive.raspbian.org/raspbian/ testing main" > /etc/apt/sources.list.d/raspbian-testing.list
# cat << EOF > /etc/apt/preferences.d/raspbian-testing
Package: *
Pin: release a=testing,n=bullseye
Pin-Priority: 50

Package: wireguard wireguard-*
Pin: release a=testing,n=bullseye
Pin-Priority: 999
EOF
# apt update

Check that apt policy is OK and install it

# apt policy
[̉...]
50 http://archive.raspbian.org/raspbian testing/main armhf Packages
     release o=Raspbian,a=testing,n=bullseye,l=Raspbian,c=main,b=armhf
[...]
Pinned packages:
     wireguard-dkms -> 1.0.20201112-1 with priority 999
     wireguard-tools -> 1.0.20200827-1 with priority 999
     wireguard -> 1.0.20200827-1 with priority 999

# apt install wireguard

Note: Wireguard is not built on the raspberry kernel so it will be compiled as a module with DKMS which take a few minutes.

This mid-September I will go to Japan for one year with a Working Holliday Visa as I'm taking a sabbatical leave.

I have booked the first 18 days in a standard hostel in Tokyo. My plan is to live in Tokyo the first three to four-month finding a part job and taking Japanese class.

After that, I will go to Sapporo, because of the amazing Snow Festival in February. Then, I will explore the country from north to south by hitchhiking. I'm not sure how many months I will hitchhike. I will maybe make some stops on big cities (Osaka, Fukuoka, ...).

Back to the subject of this post.

Where to stay in Tokyo for ~70,000¥/month (mid term staying)?

  • Apartment? A hassle for strangers and way too expensive
  • AirBNB? Too expensive
  • Hotel? Too expensive
  • Hostel? Well 3 month in a hostel is kinda uncomfortable, budget matches though
  • Share-house (also called Guesthouse)? Yes, that's the way to go.

Except I really struggle to find a good share-house with a private room.

Here is a list of housing sites I found while exploring the web.

List of Share-houses

There are many websites/agencies, it seems infinite...

Sakura House

https://www.sakura-house.com/en One of the most know agencies for strangers. They are very slow to respond by mail. Many houses have only one shower... For 10+ rooms. That's a hassle. One thing I like is the rent you see is the true rent you will pay, no hidden fees.

Oakhouse

https://www.oakhouse.jp/eng/ Maybe the second one popular after Sakura House. They have a contract fee from 30,000¥ to 50,000¥ and you need to add maintenance fee to the total rent. They seem to have better-designed houses than Sakura.

DK House

http://www.e-guesthouse.com/eng/ They are big buildings with many rooms (100+), many showers, many facilities and so on. All rooms are the same. They have 30,000¥ contract fee and you need to add the common fee to the total rent.

Fontana: Tokyo City Apartments

http://www.tokyocityapartments.net/ This website is shady... Their houses too. Looks like there are no hidden fees though.

ComeOnUp Sharehouses

http://www.comeonup-house.com/en They have hidden fees for hot water shared between tenants.

Bamboo House

https://www.bamboo-house.com/roomgallery.php They have fees of 9,000¥ for common utilities.

Borderless House

https://www.borderless-house.com/jp/ They have fees of 7,000¥ to 12,000¥ for common utilities.

BeGoodJapan

https://bgj.co.jp/ They don't display the price on the website...

Fujimi House

https://fujimihouse.jp/?lang=en No hidden fees. The rent displayed is what you'll pay.

My choice

Edit: I have found a room with Sakura House for 66,000¥.

I opened a Pixelfed instance on https://pix.benpro.fr, my account is benoit.

If you have an Activity Pub software (like Mastodon) you can follow me with @[email protected]. And a reminder that you can follow my blog posts with @[email protected] and my toots with @[email protected].

I love Activity Pub.

Quick install guide on a Debian Buster LXD container

Install these packages and follow the very basic official documentation.

# apt install php7.3-intl php7.3-gd php-imagick php-gmp php7.3-zip php7.3-soap composer php7.3-fpm nginx-full mariadb-server redis-server php7.3-bcmath php7.3-curl php7.3-simplexml php7.3-xml php7.3-mysql optipng pngquant jpegoptim gifsicle

Beware to run php artisan key:generate after composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader.

For the database you can do these steps.

mysql> GRANT ALL PRIVILEGES ON pixelfed.* TO [email protected] IDENTIFIED BY '<insertPassword>' WITH GRANT OPTION;
mysql> CREATE DATABASE pixelfed;

You'll need to add a systemd unit to start horizon job queue system.

/etc/systemd/system/pixelfed.service:

[Unit]
Description=Pixelfed task queueing via Laravel Horizon
After=network.target
Requires=php7.3-fpm.service
Requires=redis.service
Requires=mariadb.service
Wants=nginx.service

[Service]
User=www-data
Type=simple
ExecStart=/usr/bin/php /home/pixelfed/artisan horizon
Restart=on-failure

[Install]
WantedBy=multi-user.target

Finally, if you're behind a HTTPS proxy doing the TLS termination you'll need to adapt your nginx configuration.

Old blog lekernelpanique.fr is dead. Long live new blog blog.benpro.fr! Archive of old blog: https://archive.benpro.fr/lekernelpanique.fr/