最後更新: 2019-03-11

目錄

• 火牛
• Login as admin & sudo
• Build-in User
• Power-off by power button
• Power-off by power button
• Apps 's Network Port(TCP)
• 常用 Setting
• Set IP By CLI
• Restart Service By CLI
• Synology 自家的 RAID Format
  ------------ APP ------------
• App Version
• PhotoStation
• Hyper Backup
• Time Machine Backup (舊)
• Cloud Station Server
• Cloud Station Backup
• CloudSync
• Synology Cloud Station Drive
• Storage Analyzer
• Synology VMM(Virtual Machine Manager)
  ------------------------------
• btrfs
• iSCSI
• User Home Service
• Shared Folder Sync
• rsync
• Synology NAS Migration
• dss file
• Resource Monitor - Usage History
• "@eaDir" Folder
• Update Local SSL Certificate By Script
• Log Center
• Replace HDD
• Ugrage RAID Level
• Scheduling a Task
• Disk Space Warning
• Docker
• 512n & 4K native drive
• 安全設定: 自動封鎖 & 信任用戶端
• Troubleshoot
• Models

 

---

火牛

 

918+    # 4-pin, 12V, 8.33A    # 918+

[-----]
|  .  |    <-- 金屬頂針
|+   +|    <-- 正極
\ - - /
 \___/

 

 

---

Login as admin & sudo

 

sudo is only available from 6.0 and up.

login as root with the admin password same as DSM version < 6.0

 

---

Build-in User

 

"Authenticated Users" & "SYSTEM" Group

The options of Authenticated Users and SYSTEM in the User or group drop-down menu are created in order to match the privilege settings of Windows ACL.

Their privilege scopes are as follows:

• users: This is the default group for all users.
• Authenticated Users includes accounts excluded from https and guest.
• SYSTEM includes accounts in https and anonymous.

 

---

Power-off by power button

 

press the power button and hold it (about 3-5 seconds)

you hear a beep sound and the Power LED starts blinking.

 

---

Apps 's Port

 

控制某 Service Listen 什麼 Port

DSM

Control Panel > Network > DSM Settings > DSM ports (HTTP, HTTPS)

Default: 5000 (HTTP), 5001 (HTTPS)

DS file, File Station

Control Panel > Application Portal > File Station

Default: 5000 (HTTP), 5001 (HTTPS)

Hyper Backup (目的地端) 

Default: 6281 (多版本備份), 22 (如果通過 SSH 加密), 873 (遠端資料複製)

Cloud Station, DS cloud

Default: 6690

iSCSI

Default: 3260

CIFS

Default: smbd: 139/TCP (netbios-ssn), 445/TCP (microsoft-ds)

 

---

常用 Setting

 

 * To enable password strength rules         # Control Panel > User > Advanced

 

---

Set IP By CLI

 

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPV6INIT=no
IPADDR=192.168.123.41
NETMASK=255.255.255.0

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=DiskStation
GATEWAY=192.168.123.1

/etc/rc.network restart

 

---

Restart Service By CLI

 

synoservicectl --restart sshd

--start
--stop
--restart
--reload
--status

synoservicectl --status ftpd

ftpd start/running

 

---

Enable ssh tcp forwarding

 

/etc/ssh/sshd_config

AllowTcpForwarding yes

# Reload sshd

synoservicectl --reload sshd          # DSM 6

sshd reloaded.

Or

kill -HUP `cat /var/run/sshd.pid`

 

---

Synology 自家的 RAID Format - SHR, F1

 

SHR

[1]

Classic RAID creates the storage volume based upon the smallest disk within the array.

Unlike Classic RAID, SHR divides each drive volume into smaller chunks and creates additional redundant storage.

By using SHR, you can use the unavailable volume as smaller usable chunks,

therefore maximizing storage capacity of each drive.

[2]

Unlike Classic RAID, SHR makes the newly upgraded storage readily available for use.

If the drives are replaced with larger ones,

the upgraded storage can be used as soon as two of the disks are upgraded to form a redundant storage array.

Singe Disk to RAID1 (DSM 7.2)

# SHR 上由單碟到雙碟只會成為 RAID1

# 十多分鍾後就開始看到同步情況 (它是一個 Linux MD RAID 來)

RAID F1

它是一種為 SSD 基於 RAID 5 設計而成的 RAID

F 是指 Flash, 而 1 是指以單一 SSD 為集中寫入容錯位元

 => 盡可能以每次一台, 而非一大批 SSD 故障

原理:

differs from RAID 5 by selecting one SSD in the array for distribution of additional parity bits,

effectively writing more data to one SSD than to others in the group.

=> allows for a single disk to complete its estimated life cycle before any others in the array.

This provides a single, predictable failure point, which is within the fault tolerance of the array.

 

 

---

App Version

 

Synology Package Version 係要跟 DSM Version 的 !!

https://archive.synology.com/download/Package/Git/

i.e. DSM 6.2.3-25426 Update 3 只可以裝  2.33.0-0126 但安唔到  2.33.0-1016

 

---

PhotoStation

 

Help

https://www.synology.com/zh-tw/knowledgebase/DSM/help/PhotoStation/photo

相薄的資料夾

"home/photo"

"Photo Station Uploader"

該功能會運用電腦的系統資源來以較快的速度產生縮圖並壓縮影片

權限

瀏覽至您要編輯的相簿。

按一下更多來修改資訊、相簿權限及使用者在相簿中執行特定任務的權限

若要一次編輯全部現有相簿的權限類型，請前往設定 > 相片並按一下存取權限。

權限類型如下:

公開相簿：所有觀看者皆可檢視此相簿。
私人相簿：擁有適當存取權限的使用者可以檢視此相簿。
密碼鎖定：如果您選擇此選項，請在密碼標頭下方輸入密碼。除非使用者輸入正確的密碼來解鎖相簿，否則此相簿會被鎖定。

---

Time Machine Backup (舊)

 

1 Create a user for Time Machine and set quota limit

2 Create a shared folder for Time Machine backup

3 Set the shared folder as Time Machine's backup target

Control Panel -> File Services

AFP Section -> Enable AFP service

 * port 548/tcp

Advanced Tab -> Enable Bonjour Time Machine broadcast via AFP -> Set Time Machine Folders

 

---

Cloud Station Server

 

!! Cloud Station will save the historical version in the database.

   so If you have kept the database during uninstall the Cloud Station server,

   the storage space will not be released even though you uninstall the application.

 => "@cloudstation" Folder 會愈來愈大

If you did not remove the database when you uninstalled,

re-install, uninstall, click "Please DO NOT keep the database this time."

Deleting all the historical versions to reclaim space

Open "Cloud Station Server" -> Go to Overview from the left menu -> Open "Version Explorer"

For each folder on the left menu execute "Action" - "Clear version database"

 

---

Cloud Station Backup

 

Client Side:

Package: Synology Cloud Station Backup

 * set backup rules

Web Panel: Version Explorer

 - Manage backed up files and historical versions

The following file types and drive types are not supported in Cloud Station Backup:

Windows folders with these attributes:

• Hidden files
• OFFLINE
• REPARSE_POINT
• SYSTEM
• TEMPORARY

=================

NAS Side:

Package: Install "Cloud Station Server"

Folder permission: R/W

Applications permission: Cloud Station Server

Settings

Cloud Station Server -> Settings -> Sync Settings -> Enable 某 folder

Cloud Station Server -> Settings -> Others -> Database Location

 

---

CloudSync

 

https://www.synology.com/en-global/knowledgebase/DSM/help/CloudSync/cloudsync

 

---

Synology Cloud Station Drive

 

功能

NAS 和個人電腦之間同步檔案

目的

即便在沒有網路連線的情況下, 您依然可以瀏覽及編輯檔案,

且所有修改皆會在重新連上網路後自動同步至您的 NAS 及個人電腦

Network

Port: 6690/tcp # 無得改, 因為它沒有用 Application Porta

Installation

• NAS: Cloud Station Server
• APP: DS cloud
• PC: Synology Cloud Station Drive

PC

非全綠 tick icon

This icon indicates your file or folder has been downloaded to a local computer and can be viewed offline.

You may right-click on the file, select Synology Drive > Free up space to manually delete the local file and release the space.

However, when your computer is low on disk capacity, these local copies will be automatically deleted to release space.

The icons will change to the cloud icon and these files and folders are still available when online.

全綠 tick icon

This icon indicates that the file has been permanently pinned to the local computer and can be viewed offline.

When your computer is low on disk capacity, these permanently pinned copies will not be automatically deleted to release space.

 

---

Storage Analyzer

 

synology check shared folder size

https://www.synology.com/en-us/knowledgebase/DSM/help/StorageAnalyzer/StorageAnalyzer_desc

 

---

Synology VMM(Virtual Machine Manager)

 

Private / External virtual switch

External virtual switch

When you assign multiple physical network interfaces to an external virtual switch,

the system will automatically select a physical network interface to bridge the virtual network interface with,

in order to provide load balancing and fault tolerance.

Private virtual switch

You should choose a host on which the private virtual switch will be created.

To perform live migration of virtual machines, it is required that the destination host is connected to the same

virtual switch as the virtual machine.

---

btrfs

 

btrfs creat with one of the following RAID types:

  - RAID 1
  - RAID 5
  - RAID 6
  - RAID 10
  - RAID F1
  - Synology Hybrid RAID (SHR/SHR-2) with more than one drive

Manage

 - scrubbing (file self-healing)
 - defragmentation

Cloud Station

Btrfs does not require double the storage space for Cloud Station's file versioning and history data.

Quotas

Per shared folders

Data consistency of backups

Clone entire shared folders

Go to Control Panel > Shared Folder.

Select the desired shared folder in Btrfs file system.

Click Create > Clone.

* Only shared folders on Btrfs volumes can be cloned.

Integrity Protection

Enable advanced data integrity protection (Default: Disable. 只有在建立 Folder 時 enable 它([email protected]))

The file self-healing feature is currently available for the shared folders located in a Btrfs volume

Snapshot Replication

 

---

iSCSI

 

Basic Setting

命名: esxi-lun, esxi-tg, iqn.synology:MyNAS.esxi-tg

在 Synology 上建立 iscsi (lun & target)

建立步驟

1. Create iSCSI LUN

# DSM 6.2

iSCSI Manager > iSCSI LUN Tab > Click "Create" Button >

Remark:

• LUN type: File Level
• Space Allocation: Thin Provisioning

2. mapping iSCSI LUNs to iSCSI Targets

LUN type

• iSCSI LUN (File-Level)
• iSCSI LUN (Block-Level)

File-Level LUN

Regular file LUNs

provide better overall I/O performance

Advanced file LUNs

support hardware acceleration commands, including VMware VAAI, Windows ODX, LUN snapshots and

 clone to enhance storage efficiency and data protection.

Target Setting

Allow multiple sessions from one or more iSCSI initiators:

For iSCSI MPIO or MC/S, allow multiple sessions or Initiators to communicate with the same Target.

cluster-aware file system, such as VMware Virtual Machine File System(vmfs), or Oracle Clustering File System.

Maximum receive/send segment bytes:

Adjusting the sending or receiving segment frame can yield differences in iSCSI performance.

CRC Checksum

 - Header digest

 - Data digest

performs a checksum over each iSCSI Protocol Data Unit (PDU)

Mapping

設定 target 有幾多個 LUNs

Masking

made accessible or be denied by different iSCSI Initiators, based on the IQN of the iSCSI Initiator

Edit -> Masking -> "Default privileges"

* Default: RW

CHAP

CHAP

Pass: 12~16 Char

Mutual CHAP

require both initiators and Targets to authenticate each other before facilitating communications.

Masking & CHAP 其中一樣認證失敗都是呢個 log

iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)

Settings

Internet Storage Name Service (iSNS)

iSNS protocol allows automated discovery, management and configuration of

iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network.

 

iscsi Advanced file LUNs

 

在 ext4 的 advanced file LUN 情況:

/volume3/@iSCSI 內有 Folder

EP  EP_unmap  LUN  Snapshot  tmp

File Fast Clone:

physical data blocks will be copied only upon modification of the cloned files,

which will save storage space

Setting: File Services -> Advanced

Snapshot

On certain models, you will have to go to Package Center and install "Snapshot Replication"

for functions including restoring iSCSI LUNs, taking and cloning iSCSI LUN snapshots.

Snapshot feature is supported on advanced LUNs only

 * If you took a snapshot or created a clone,

    and the status turned out to be Abnormal/Crashed,

    please delete this snapshot/clone and create another one.

To clone an iSCSI LUN or snapshot:

Snapshot Replication -> Snapshots -> iSCSI LUN

Plugin

Snapshot Manager for X

plugin for Windows Server allows you to create application-consistent snapshots in DSM

Windows

when a snapshot is triggered on DSM,

Synology Snapshot Manager will use the Microsoft Volume Shadow Copy Service (VSS) technology

to produce consistent point-in-time copies of data

VMware

when a snapshot is triggered on DSM, vCenter Server will be notified and

flush all the data from memory to the LUN to guarantee data consistency.

Once the snapshot is complete, vCenter Server will resume normal I/O operation of VMware datastore.

Remark

snapshoot timezone

* Use GMT +0 timezone

Snapshot Replication -> Setting -> Advanced

 

---

User Home Service

 

It is referring to the 'user home service' which you can disable in:

Control Panel -> User -> Advanced -> Enable user home service

The 'homes' folder contains a home folder for each user. The 'home' folder is linked to the relevant folder within 'homes',

ie. if logged in as admin the home folder will be the same as homes/admin.

* Once the local user home service is disabled, the domain user home service will also be disabled concurrently.

 

---

Shared Folder Sync

 

log

ssh nas

grep s2s_syncer /var/log/messages

 

---

rsync

 

當啟動 Synology 的 rsync 服務後 (當選了 "啟動 rsync 服務"),

預設是要透過 ssh 去 rsync 的 (不是 873/tcp).

它沒有 chroot 到 share folder, 所以目的地要 Full Path (ie. /volume1/test)

即使 rsyncd 會被啟動, 及有 Listen 873/tcp, 但連 873 會出 error

@ERROR: account system disabled
rsync error: error starting client-server protocol (code 5) at main.c(1648) [sender=3.1.2]

要選 "啟動 rsync 帳戶", 之後加入相對應的帳戶, 那才連到 873/tcp

(DSM 會生成 rsyncd 的 module, 但)

自定 rsyncd

 * 必須設定 "auth users", 否則 rsyncd 會成了無掩雞籠

 * 設定了 "auth users" 後, 必須設定 "secrets file"

secrets file = /etc/rsyncd.secrets
[test]
    uid = root
    gid = root
    read only = no
    path = /volume1/test
    auth users = datahunter

Note:

 * If the backup module and the shared folder share the same name, the backup module setting will be used.

 

---

Synology NAS Migration

 

# Prepare

0. Disable file sharing service on NEW NAS

1. Setup "Shared Folder Sync" on both NAS ( OLD --> NEW )

2. Sync

# Onsite

3. tell ALL user save file

4. Disable file sharing service on OLD NAS ( Or disconnect both NAS from network and link it directly )

5. Sync again

6. import dss file (User ...)

8. Shutdonw OLD NAS & Enable file sharing service on NEW NAS

 

---

dss file (Backup)

 

The configbackup.dss is a tar.gz containing 2 files :

_Syno_UserBkp.db : SQLlite commands to create tables like user_app_privilege_tb, group_id_tb, user_id_tb, and some inserts (users and groups)

configbackup : a text file with user passwords, shares, ...

 

---

Resource Monitor - Usage History

 

historical performance metrics:

Time Range:

• Real Time
• 1 Day
• 1 Week
• 1 Month
• 1 Year

 

---

"@eaDir" Folder

 

This directory is used by the indexing service.

Disable the Service Creating & Delete Them

SSH in as root and run the following

cd /usr/syno/etc.defaults/rc.d/

chmod 000 S66fileindexd.sh S66synoindexd.sh S77synomkthumbd.sh S88synomkflvd.sh S99iTunes.sh

find . -type d -name "@eaDir" -print0 | xargs -0 rm -rf

 

---

Update Local SSL Certificate By Script

 

get_ssl.sh

#!/bin/bash

# 行 letsencrypt 的 server
Server=192.168.123.14
SSL_Path=/etc/letsencrypt/live/datahunter.org/
Local_SSL_Path=/usr/syno/etc/certificate/system/default

cd $Local_SSL_Path

# 要設定用 key login
scp $Server:$SSL_Path/chain.pem ./
scp $Server:$SSL_Path/fullchain.pem ./
scp $Server:$SSL_Path/cert.pem ./
scp $Server:$SSL_Path/privkey.pem ./

# restart Application Portal
synoservicectl --reload nginx

chmod 700 get_ssl.sh

ssh-keygen -f /root/.ssh/id_rsa -N ''

將 /root/.ssh/id_rsa.pub 的內容放到建立 SSL 的 Server 上 (/root/.ssh/authorized_keys)

其他 App 的 SSL

grep ssl /etc/nginx/app.d/server.FileStation.conf

    listen 6001 default_server ssl;
    listen [::]:6001 default_server ssl;
    ssl_certificate /usr/syno/etc/certificate/AppPortal/FileStation_AltPort/fullchain.pem;
    ssl_certificate_key /usr/syno/etc/certificate/AppPortal/FileStation_AltPort/privkey.pem;

rm -f /*.pem

Local_SSL_Path=/usr/syno/etc/certificate/system/default

FS_SSL_Path=/usr/syno/etc/certificate/AppPortal/FileStation_AltPort

ln -s $Local_SSL_Path/fullchain.pem $FS_SSL_Path/fullchain.pem

ln -s $Local_SSL_Path/privkey.pem $FS_SSL_Path/privkey.pem

 

---

Log Center

 

Archive logs(SYNOSYSLOGDB__LOCALARCH.DB)

要安 "log center" 先有 Archive 功能

Local logs (System, Connection, and File Transfer logs) are saved in a system partition (/var/log/synolog)that has limited storage.

By enabling Archive local logs to the storage location specified.

If you did not enable archive log function,

previous log will be deleted when accumulated log exceeds log database's maximum retainable log number.

File Station  20,000
FTP           20,000
SMB           100,000
AFP           20,000
WebDAV        20,000

Settings:

Archive logs as text format in addition to default format:

Saves archives as a plain text files in addition to the default SQLite files.

Archive logs separately according to device:

Saves separate archives for individual client devices that send logs to the Synology NAS.

Transfer Log

File Services -> Enable Transfer Log

File Station -> Settings  -> Enable File Station Log

Log File 的位置

/var/log/synolog

 

---

Replace HDD

 

1) 確定那 HDD 有問題

Storage Manager -> HDD/SSD -> Select HDD -> Action -> Switch Drive Indicator Status

Set the amount of time the drive indicator remains "alert" for, which can be between 1 minute and 60 minutes.

設定後 HDD 的 LED 會 綠 -> 橙

2) 換好 HDD 後 Repair RAID

 * The size of the replacement drive must be larger or equal to the size of the smallest drive in the storage pool.

 * The status of the drive for replacement must be Initialized (已經 Sync 好 OS) or Not Initialized.

Storage Manager -> Storage Pool -> Select "Pool" -> Action -> Repair

Select the replacement drive which you would like to add to the volume.

 

---

Ugrage RAID Level

 

支援 Upgrade 程度

• Basic -> RAID 1 / RAID 5
• RAID 1 -> RAID 5
• RAID 5 -> RAID 6
• SHR-1 -> SHR-2

Step

1. Open "Storage Manager"
2. Go to "Storage Pool" Tab
3. Select the storage pool you wish to change and ->"Action" drop-down menu -> click "Change RAID Type"

 

---

PetaSpace (Add-on)

 

將多個 volumes 合併為一個大型的 volume

 * 2 bay nas 沒有此 Add-on

 

---

UPNP

 

External Access

 

---

Scheduling a Task

 

/root/scrpits/get_ssl.sh

Scheduling a Task on a Synology NAS

Control Panel > Task Scheduler > Create > Scheduled Task > User-defined scripts

 

---

Disk Space Warning

 

Control Panel > Notifications > Advanced > "Internal Storage" Section > "Volume in low capacity" item

My Settins

Every time when volume capacity drops 1% below = "critical" value

When volume capacity drops below = "warning" value

 

---

Docker

 

 

 

 

 

 

 

 

---

512n & 4K native drive

 

a non-4K native drive can only replace a non-4K native drive.

=> You can mix 512n and 512e, but not 4kn with 512n/e

 

---

安全設定: 自動封鎖 & 信任用戶端

 

在控制台（Control Panel） > 安全性（Security） > 自動封鎖（Auto Block）可進行自動封鎖的設定

自動封鎖(IP)

適用於透過

• SRM
• SSH
• FTP
• WebDAV
• File Station
• Download Station
• VPN Server
• Synology 行動應用程式

信任用戶端

信任用戶端: 只要該用戶端曾經成功登入, 便將永遠受信任

DSM 桌面右上角的人形圖示 > 個人設定

 

---

Troubleshoot

 

[1] Synology smb ghost folder

徵狀

 - 那 ghost folder 唔能夠 access

 - 按 "清除 SMB 快取" 解決唔到

 - 建立同名 Share 之後再刪除依然存在

Fix

修改 /etc/samba/smb.conf 並刪除那 Share

/sbin/restart smbd

smbd start/running, process 9494

清除 SMB 快取

按一下此按鈕來刪除以下 SMB 快取檔案以作為疑難排解之用：

• /var/cache/samba/netsamlogon_cache.tdb
• /var/lib/samba/winbindd_cache.tdb
• /var/lib/samba/share_info.tdb
• /var/lib/samba/registry.tdb
• /run/samba/connections.tdb
• /run/samba/gencacche.tdb
• /run/samba/gencache_notran.tdb