Shared Storage in Akamai Connected Cloud
A common request from customers is to have a fault tolerant, file-based storage service where common configurations and shared files can be stored easily and mounted to their instances without having to make local copies of these files. Unfortunately today, the Akamai Connected Cloud does not have such a service like the AWS EFS or FSx. Fortunately, I can make this easy for you. The file storage platform you will build today can serve files over both NFS, SMB and iSCSI. The platform can create a RAID protected (and encrypted if you want) array over multiple Linode Volumes, reaching a capacity of 40TB per array, or more. The system also has a simple graphical interface to guide you through all sorts of advanced features and functionality. This build will make use of the Linode VLAN network to securely serve files to instances, Cloud Firewall to protect the web interface on the Public Internet and 2 Apache servers sharing a common filesystem. Both Apache servers will serve the same php page from behind a NodeBalancer. Your final architecture will look like this:
Now, to not break the bank, the following components should be used. Keep in mind this is a PoC level deployment and not for production. In production, proper instance RAM sizing and filesystem sizing should be taken into account. But for this purpose, cost is king.
- 1 NodeBalancer
- 2 Nanodes connected to the Public Internet and VLAN
- 1 Linode 4GB connected to the Public Internet and VLAN
- 3 Linode Volumes of 20GB each
- 1 Firewall policy to only allow HTTP to the management interface of the filer
- 1 Firewall policy to only allow HTTP to the web tier from NodeBalancer
It goes without saying, you will need an Akamai Connected Cloud account to build this architecture. And, as always, if you do not have one, you can SIGN UP HERE and receive a $100 credit. Let’s get this built.
Step 1 — Create the Storage Volumes for the Filer Array
To start, build the filer using TrueNAS. This is a fairly simple process. But it does require some back end trickery in the Akamai Connected Cloud console. The first thing you will need to do is create the 3 Linode Volumes. Click the blue “Create” button and select “Volume.”
Use the following settings:
Label: NAS_VOL_1
Region: Pick any Region Close EXCEPT Fremont, CA or Tokyo, JP
Do not attach any Linodes
Size: 20 GB
Then click “Create Volume.”
Back at the Volumes overview page, click the … at the end of the line for the Volume you just created. Select “Clone.” Use this to create Volumes with labels NAS_VOL_2 and NAS_VOL_3.
Step 2 — Create the Filer Firewall Policy
The next step is to create a firewall policy to protect the filer you are creating. At the top of the page, click the blue “Create” and select “Firewall.” Use the following settings:
Label: HTTP_ONLY
Linodes: Leave this blank for now
Click “Create Firewall”
When you are returned the the Firewall Policy overview screen, click the name of the firewall policy you just created (HTTP_ONLY). In the policy, click “Add An Inbound Rule.” Select “HTTP” from the “Preset” drop down menu. At the bottom, click “Add Rule.”
Change the “Default Inbound Policy” to “Drop” and click “Save Changes.”
Step 3 — Create the Filer Shell Linode
Use the same blue “Create” button at the top of the page to create your Linode shell instance that will hold the filer. This time select “Linode” from the menu.
Click the “x” on the Distro to clear the “Images” selection.
Next select the same region you created the 3 Volumes in: I used Chicago.
Now select a “Linode Plan.” For testing only, you can use the Shared CPU 4 x 8 (Linode 4GB). However, if this will be for production, I would recommend using the 2 x 24 High Memory instance (or greater) due to the way ZFS works.
Give it a label of “TRUENAS_1”
Select your “HTTP_ONLY” Firewall policy from the drop down menu under “Firewall”
Click “Create Linode”
This will take you to the overview page of your new Linode.
Step 4 — Configure the Shell Linode for Installation
Next you will create a TEMP disk to hold the TrueNAS ISO file by clicking on “Storage” and then “Add A Disk”
Use the following settings:
Label: TEMP
Filesystem: raw
Size: 5120 MB
And then click “Create”
Next you will use this TEMP disk and a Volume to pull in the ISO and image the TEMP disk with the ISO to act as a virtual DVD. To do so, click the three dots in the top right of the page:
/dev/sda=TEMP
/dev/sdb=NAS_VOL_1
Click “Reboot Into Rescue Mode”
Once your Linode is in the Running state, Click the “Launch LISH Console” from the upper right. Once you have a Finnix prompt up, do an lsblk and make sure you see both your 5GB disk on /dev/sda and your 20GB vol on /dev/sdb. Run the following commands:
mkfs.ext4 /dev/sdb
mount /dev/sdb /mnt
cd /dev/mnt
curl -o truenas.iso https://download.sys.truenas.net/TrueNAS-SCALE-Cobia/23.10.0.1/TrueNAS-SCALE-23.10.0.1.isoIf this link fails, you will need to go out to the TrueNAS scale downloads page and get a updated link. When the ISO finishes downloading, use dd to image TEMP by typing:dd if=/mnt/truenas.iso of=/dev/sda bs=4M status=progress
When this completes, close the LISH Console window. Then click “Power Off” from the Linode overview page for TRUENAS_1.
Now you will need to create a Disk for which to install the TrueNAS software to. This will be your system boot disk after install time. To do this, create the “TRUENAS_1_SYSTEM” disk by clicking on “Storage” and then click “Add A Disk” just like you previously did to create the “TEMP” disk.
Use the following settings:
Label: TRUENAS_1_SYSTEM
Filesystem: raw
Size: 76800 or the maximum for your Linode
Click “Create”
The last step to prep for the installation is to create a boot config. This tells the Linode which disks to use, which one is the boot disk, and which network interfaces to install. To create your boot config — click “Configurations” and then “Add Configuration”
Modify the following settings:
Label: NAS_SYSTEM
Boot Settings:
Kernel: Direct Disk
Block Device Assignments:
/dev/sda = TEMP
/dev/sdb = TRUENAS_1_SYSTEM
Leave eth0 as Public Internet and select VLAN for eth1. Type BACKEND in the VLAN entry box and click Create “BACKEND”
Then click “Add Configuration” at the very bottom.
Step 5 — Install TrueNAS into the Shell Linode
Click “Boot” on your new config.
Confirm the Boot and then open the LISH Console again by clicking on the “Launch LISH Console” button from the top right.
When you see this screen, arrow down and then up again to stop the timer. Select the “Start TrueNAS SCALE Installation” and hit Enter. **This is a very important step, as the installer may hang if you let it auto select the installation.
After selecting the installation starter, click “Glish” in bar above to switch to the graphical console. Yes this is hokey — but it works. You should now see the installation menu:
Place your cursor over the “OK” and left click. Then hit Enter.
You will be presented with a warning because the Demo system does not have sufficient RAM for a production installation. But this is not for PROD. So arrow left to “Yes” and click Enter.
Hit your space bar to select the only disk available at this time, and hit Enter. You will add the Volumes after installation of the main system.
Accept the warning and hit Enter again. Next leave the WebUI user at the default of admin and hit Enter. Then give admin a cool password. I’m using ‘password’ so you can’t use that one. Hit Enter.
Now accept the default 16GB for swap and hit Enter once again to create swap.
You want to allow EFI boot. So leave this at the default “Yes”, and hit Enter. Then sit back and let the install run for the next few minutes. You should soon see a success message. This should take no more than 5 minutes.
Now close the LISH console window and power down the Linode from the Linode overview screen using the “Power Off” button. Confirm the power off.
And now the last step before you have a functional NAS is to modify the boot config. Edit the configuration by clicking “Edit” next to your config.
Change the following settings:
Under Block Device Assignments change
/dev/sda should reflect TRUENAS_1_SYSTEM
/dev/sdb should reflect NAS_VOL_1
Now Click the “Add A Device” 2 times to add /dev/sdc and /dev/sdd
/dev/sdc can be set to NAS_VOL_2
/dev/sdd should be set to NAS_VOL_3
Scroll to the bottom and click “Save Changes”
Now click “Boot” again to the right of your config. And confirm the boot.
Step 6 — Configure TrueNAS
Once the Linode is Running, click the IP Address to copy it to your clipboard.
Open a new tab in your browser and paste the IP. It may take a minute for the system to fully come up. So be patient. Then enter your username of ‘admin’ and your super secret password into the login screen and click “Log In”
Now you need to make the system available on the VLAN you set up. To do so, click “Network” from the menu on the left. You should see two interfaces. One will have the public IP you pasted in your browser, The other will only have IPv6. Click the pencil icon on that second interface.
Uncheck “DHCP” and then click “Add” down at the bottom next to “Aliases.”
Use the following settings:
IP Address: 192.168.1.100 / 24
You can click skip when it prompts for a new Default Gateway. However, you will need to click the pencil icon on the first Network Connection, and re-enable DHCP, as it removes it from both Interfaces. **This is a very important step.
Click “Test Changes” and then click “Save Changes.”
Now the network should be setup properly on the virtual appliance. The next step is to create the pool. To do so, click “Datasets” from the left side. Then click “Create Pool”
Use the following settings:
Name: NAS_POOL
leave encryption off for this exercise and click “Next”
Data
Layout: RAIDZ1 — If you create a NAS for production with much larger drives, dRAID may be better for you.
Disk Size: 20 GiB (This should match the size of 1 Linode Volume that you created in step 1).
Width: 3 — This is the number of Disks to use in the set.
Number of VDEVs: 1
We are not going to enable any other features here. ZFS uses RAM for read and write caching. So unless you have a specific situation where it would warrant this, do not enable it. So click “Save And Go To Review” And then “Create Pool”
Confirm the pool.
The last item for a basic setup is to create an NFS Share. Accomplishing this is simple. Click “Shares” from the menu on the left. On the line “UNIX (NFS) Shares” click “Add” and use the following settings:
Path: /mnt/NAS_POOL
Description: Whatever you want to put here
Network — click “Add” and enter 192.168.1.0 and /24
Scroll to the very bottom and click “Advanced Options” Just for demo purposes, set “MapAll User” to root and “MapAll Group” to root. In a real world scenario you will want to place proper controls. So do not do this in production. Click “Save” and you will be prompted to enable the NFS service on boot, click “Enable Service”
Now Restart from the Power menu in the upper right. Confirm the Restart. And if all goes well, the NAS should come back up. This is to test that the network Interfaces are properly set and the NFS service automagically starts.
When the NAS comes back up, it will take you right back to where you left off. So you can easily validate that NFS is running and your share is created. Your NAS is now officially created, online and serving a data share. Now you need to create the Ubuntu Linodes to run your Apache site that will be mounted from your new NAS.
Step 7 — Create the Web Servers
Go back to the Akamai Connected Cloud console and click the blue “Create” and select “Linode.”
Use the following settings:
Images: Ubuntu 23.10
Region: Use the same region you used for Volumes and the NAS.
Linode Plans: Click Shared CPU and select the Nanode 1 GB.
Linode Label: APACHE_1
Root Password: Give it a good root pass
Firewall: leave this blank
VLAN: Select BACKEND
IPAM Address: 192.168.1.10/24
Scroll to the bottom and click “Create Linode”
After the instance provisions, you will need to configure it. You can do this via the LISH console or SSH. Once the instance is in a running state, click “Launch LISH Console” and login using root and your root password. Run the following commands:
apt update && apt instal -y apache2 nfs-common php
hostnamectl hostname APACHE1
vi /etc/fstabGo to the last line and type ‘o’ and then enter the following line
192.168.1.100:/mnt/NAS_POOL /var/www/html nfs defaults 0 0
Hit Esc and then type :x (colon x) to save the file.
These commands did the following: They installed the nfs binaries required to mount an NFS share, installed Apache2 and installed PHP. Then opened the fstab file and entered the mount point information so the NFS share mounts at boot on to the default html directory for Apache. This will allow Apache to use a shared webpage across multiple servers. The next step is to reboot the instance to mount the NFS share. Then clone this instance so you have 2. In your Akamai Connected Cloud console, click “Reboot.” Confirm the reboot. And when the instance comes back to a running state, click the … and select “Clone”
In the resulting Window, select APACHE_1. Then select the same region you have been working in. Keep the “Linode Plan” at Nanode 1GB. Change the label to APACHE_2. And then click “Create Linode”
In the new APACHE_2 Linode overview screen, click “Configurations” and “Edit”
Scroll to the bottom and change the IPAM Address associated to the VLAN to reflect 192.168.1.11/24. Click “Save Changes”. And then power up your Linode with the “Power On” button. Click “Launch LISH Console” and login using your root user and previously set root password.
Run the following commands:
hostnamectl hostname APACHE2
cd /var/www/html
curl -o index.php https://php-mysql-demo.us-iad-1.linodeobjects.com/index.phpThese commands set the system variable for hostname to a unique hostname that will be pulled into your webpage. The curl command pulls in a php page from a bucket and places it in the NFS share now mounted by both Apache servers.
Now the last thing to do to verify this installation is to check both Apache servers via http to ensure both have the new page. Enter the Public IP listed on each Apache server’s Linode overview page into a web browser. You should get a colorful message back that tells you which server you are using. The very last thing to do is to add a NodeBalancer to this and firewall off the Webservers.
Step 8 — Load Balance Web Servers
First off we have to add Private IPs to the Instances — Yeah I know, A VLAN is private. But these private IPs talk to the Load Balancers on a special subnet. So in each of the Apache servers’ Linode Overview page, click “Network” and scroll to the bottom. Click “Add and IP Address”
In the resulting window, select “Private” under IPv4 and click “Allocate”. Repeat this process for the other Apache server.
Now, to create the NodeBalancer, select the blue “Create” at the top of the screen and click “NodeBalancer.”
Use the following settings:
NodeBalancer Label: WEBSERVERS
Region: Select the same region you have placed all your other assets in
Configuration: Change “Protocol” to “TCP” and “Session Stickiness” to “None”
**This is to more effectively show the change from 1 Apache Server to another.
Add your APACHE_1 and APACHE_2 nodes as “Backend Nodes” — Give each a label of its name
Finally click “Create NodeBalancer”
Make a note of the IP Address of your new NodeBalancer.
Step 9 — Firewall the Web Servers
The last step is to move the Apache servers to a firewall policy that will only allow traffic from the NodeBalancers. Again click the blue “Create” and this time select “Firewall” Make your new policy label WEBSERVERS and click “Create Firewall” Add APACHE_1 and APACHE_2.
Click your new WEBSERVERS policy. Change the “Default Inbound Policy” to “Drop” and click “Add An Inbound Rule.”
Select the “HTTP” preset, but change “Sources” to reflect “IPv4 / Netmask.” Add 192.168.128.0/17, then click “Add Rule”
Click “Save Changes”
Step 10 — Test
You should now no longer be able to reach your Apache servers on their individual Public IPs, and only now through the NodeBalancer IP. Enter the NodeBalancer IP in your browser and hit Enter. You should see the PHP page from one of your Apache servers. Click refresh a bunch of times or check from another web browser. You should get responses from both APACHE1 and APACHE2.
Hopefully you have learned something here that you can use in the real world. Stay tuned for future Akamai Connected Cloud tutorials where I will explore additional considerations such as clustering, auto-scaling, geographical distribution and replication.