TS-451 - can I automate unlocking of the volumes?

[Mastiff]

My plan is to have the NAS in a different location then my private server is, so I will have backup in case of a fire or burglary. We're talking about 2 km, in different communities, so the risk of burglars taking out both buildings at the same time is pretty much non-existent. I do not do online storage, I don't care for anybody else having my personal data, however secure they claim they are.

So the plan was to have a set time for the NAS to be on (probably very third nigth between 02 and 04, have the server sync with it during that time and then hav ethe NAS go to sleep again. The problem is that I want to have the data on the NAS encrypted. It's a bit easier and quicker to carry that out of a house than a 4U server case that's in a locked, full size 42U cabinet. And then the encryption bites me in the **. Because to do an automatic sync I also need to do an automatic unlock. So can I automate that FROM THE SERVER in any way? I have read that it's possible with scripts run on the NAS, but I want to make it possible only from the server, so nobody can get my personal data from it. To start with there are very incriminating pictures there, since I was 18 in the mid 80's and have a bunch of pictures scanned. Red leather suits, white shirts and a poodle hairdo is not something I would like everybody to see! And of course tax papers and lots of other stuff, but the poodle hairdo trumps that easily.

So is there a way to do this? The automation part I can do no problem. I can run almost any type of script and commands from Girder. If it can be done in command line, it can be done. Thanks in advance!

[dolbyman]

google came up with this

https://helpdesk.qnap.com/index.php?/Kn ... nd-mounten

[Mastiff]

Thanks! But I'm afraid I'm not very fluent in neither Linux nor German. But isn't that a shell command that has to be run in the desktop of QTS? That would be kind of convoluted, to set up a solution to log in automatically, fire the script language and enter the commands.

[dolbyman]

the actual commands are in "english" and there is always google translatr

[Mastiff]

Well, my experience with any machine translation is rather grim. Also it's still Linux... I forgot to say that my server is Windows Server, and there will be no Linux anywhere in this setup.

[dolbyman]

The automation part I can do no problem. I can run almost any type of script and commands from Girder. If it can be done in command line, it can be done.

I thought you could do any script you wanted to .. those (if working) would have to be parsed via SSH to the QNAP (the one that needs to be unlocked)

[Mastiff]

I admit it, I left out a detail I can do almost any type of Windows script, but the format didn't ring any bells at all. But I now see that it mentiones Windows and Putty at the bottom and that should be possible. So thanks for pointing me in the right direction, I hope that will get me there.

[dolbyman]

quick translation for the German descriptions (native German)

Code: Select all

1.) Determine if device was encrypted:
# cryptsetup luksDump /dev/mapper/cachedev1

2.) Decrypt encrypted device:
# storage_util --encrypt_pwd pwd={Passwort}
# cryptsetup -v luksOpen /dev/mapper/cachedev1 ce_cachedev1

3.) Making sure device exists under /dev/mapper/ :
# ll /dev/mapper/

4.) Making sure the decrypted device contains a file system:
#dumpe2fs_64 -h /dev/mapper/ce_cachedev1

5.) Mount encrypted device:
# mount -t ext4 /dev/mapper/ce_cachedev1 /share/CE_CACHEDEV1_DATA/

[Mastiff]

Thanks again! That explains why you found that so easily in Google! I understand a little bit of German, but mostly what is needed in a restaurant and a hotel, I take occasional motorcycle trips from my own Norway to ride the Autobahn (Honda Blackbird, 310 kmh top speed, 160 nice for longer hauls with my wife on the back).

[Jrm81Jrm81]

Mastiff,
Did you ever figure it out? This is exactly what I’m trying to do. It’s quite confusing how qnap seemingly overlooked this.

[dolbyman]

have you tried the code I posted ?

[Mastiff]

I'm sorry, I never got that far because a lightning strike in the power system killed my NAS.