spksrc icon indicating copy to clipboard operation
spksrc copied to clipboard

Published 20 hours ago verified publisher icon SynoCommunity

add kopia

Open hgy59 opened this issue 2 years ago • 7 comments

Description

  • this is an initial commit with hardcoded password kopia
  • package uses prebuild binaries that are lacking support for 32-bit x86 archs (evansport)

Closes #5842

Checklist

  • [ ] Build rule all-supported completed successfully
  • [ ] New installation of package completed successfully
  • [ ] Package upgrade completed successfully (Manually install the package again)
  • [ ] Package functionality was tested
  • [ ] Any needed documentation is updated/created

Type of change

  • [x] New Package
  • [x] Includes small framework changes

TODO

  • [x] add wizard to enter the server password by user
  • [x] add support for TLS (https) or document manually certificate configuration
  • [x] validate package updates keep configuration data

hgy59 avatar Aug 13 '23 11:08 hgy59

@mdhowle as you requested this package, can you please have a first look at it? You can download packages created by successfully github build action runs. (navigate to checks - build - artifacts and download the zip archive for your model, unpack the zip to get the spk for manual installation).

Currently the web login is hard coded (use kopia/kopia). The kopia command is available in the path in a shell on your Diskstation.

I already configured the package that way, that the kopia server uses the folder /var/packages/kopia/var for the cache and the logs (this folder is a link that you can use independent of the installation volume used).

So I am waiting for your feedback on what is needed to make this package usable for real life scenarios... I already added a todo list above...

And what is your model? (hopefully not a DS415play or DS214play as those have evansport cpu and are not available as prebuilt package).

hgy59 avatar Aug 13 '23 11:08 hgy59

@mdhowle just hold on, I had to delete the gh build actions due to some issues...

hgy59 avatar Aug 13 '23 12:08 hgy59

@mdhowle the installation issue is fixed.

hgy59 avatar Aug 13 '23 13:08 hgy59

Thanks! I was able to test and got it working with some modifications. I have a DS1621+, AMD Ryzen V1500B (amd64)

First, I generated a self-signed certificate with SANs. The client wouldn't work without a SAN. I was unsure if other DSM versions have openssl 1.1.1 available, which has options to add SANs directly. This command should work on all openssl versions though.

openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
  -keyout ${SYNOPKG_PKGVAR}/default.key \
  -out ${SYNOPKG_PKGVAR}/default.crt \
  -days 3560 \
  -subj "/CN=nas.example.com" \
  -extensions san \
  -config <( printf "[req]\ndistinguished_name=req\n[san]\nsubjectAltName=DNS:nas.example.com,IP:10.1.2.3\n")

# Get the fingerprint for later when connecting from the client
openssl x509 -noout -fingerprint -sha256 -inform pem -in ${SYNOPKG_PKGVAR}/default.crt  | awk -F= '{print $2}' | tr -d ':'

When I first tried to create a local repository, I received Connect Error: INTERNAL: internal server error: connect error: error connecting: unable to set up caching: unable to determine cache directory: neither $XDG_CACHE_HOME nor $HOME are defined. I also had an error for not being able to to write to .config.

I added these environment variables to fix these errors, and added the TLS certificate to the arguments

export XDG_CACHE_HOME=${SYNOPKG_PKGVAR}/cache
export KOPIA_CONFIG_PATH=${SYNOPKG_PKGVAR}/config
#...
SERVICE_COMMAND="${SYNOPKG_PKGDEST}/bin/kopia server start --ui --tls-cert-file=${SYNOPKG_PKGVAR}/default.crt --tls-key-file=${SYNOPKG_PKGVAR}/default.key --address=0.0.0.0:${SERVICE_PORT}

Once the sever was running:

  • Created a share in Synology, for example, named repository
  • Gave sc-kopia read/write access
  • Navigated to https://nas.example.com:51515
  • Selected Local Directory or NAS
  • Set the directory to /volume1/repository
  • Set the repository password

Then, I added a user for the client. Adding users from the UI isn't yet supported. We probably need a better way of executing the kopia binary with the appropriate environment variables set. Maybe rename kopia binary to kopia.real and create a shell script named kopia that sets the environment variables and calls kopia.real $@

sudo -u sc-kopia sh -c 'KOPIA_LOG_DIR=/var/packages/kopia/var KOPIA_CACHE_DIR=/var/packages/kopia/var XDG_CACHE_HOME=/var/packages/kopia/var/cache KOPIA_CONFIG_PATH=/var/packages/kopia/var/config kopia server user add matthew@client

# Wait 5-10 minutes for server refresh or stop and start the server to take effect.

On the client:

  • kopia repository connect server --url https://nas01.howle.org:51515 --server-cert-fingerprint=<fp>
  • kopia repository snapshot create <path>

I was able to backup and restore from the repository server.

mdhowle avatar Aug 14 '23 01:08 mdhowle

@mdhowle would you be willing to do another test?

publicarray avatar Apr 21 '24 00:04 publicarray

@hgy59 I hope you don't mind, I worked on your todo list

publicarray avatar Apr 24 '24 22:04 publicarray

Thanks for the update. I was able to setup a repository and create a snapshot from a remote computer.

If possible to change, the kopia URL scheme in the Package Center page uses HTTP, http://nas01.example.com:51515 . It should be https://nas01.example.com:51515

mdhowle avatar Apr 27 '24 23:04 mdhowle

@publicarray to support more targets (evansport and ARMv5) we need to build kopia from source. I already succeeded, but kopia version 0.17.0 depends on go 1.22. So I will first try to update go to v1.22.3 on a dedicated PR.

hgy59 avatar May 08 '24 22:05 hgy59

Thanks @hgy59

How about we release this version as is and add support for the other architectures after the go update?

publicarray avatar May 08 '24 23:05 publicarray