External drive partitioning for a QNAP NAS: Use the terminal to make it work with a legacy model

External drive partitioning for a QNAP NAS

Use the terminal to make it work with a legacy model

RÉMINO Bits

I have an old QNAP TS-431K NAS. I replaced some 8 TB HDDs in it with 16 TB ones. I’m using some internal volume as storage for regular backups, like the Time Machine for my Mac. But I find it makes the drive active like crazy.

To reduce the wear and tear on the internal HDDs, I decided to reuse of the 8 TB drives as an external one, plugged in via USB. I wanted to use half of it for Time Machine and the other half for other backups.

But like I said… my NAS model is old and, to my surprise, with all the tools and options it offers for formatting and setting up RAID arrays, its Web GUI just doesn’t offer ways to partition an external drive.

To make things worse, when I try to partition the drive on my Mac, and then try to format the volumes with the NAS, it chokes and stays with “Formatting 0%”…

Fortunately, via the terminal, I found a way to find the drive, partition it, format the volumes, and even encrypt them.

However, before I begin, a warning…

⚠️ WARNING! Doing the following will destroy any data you have on your external drive. If the instructions are incorrectly followed, they may also lead to data loss on your internal drives. In any case, the details below are provided as-is, and I cannot be held responsible for any damages that may occur from following the instructions below.

Contents

Finding the drive

First, eject the drive from the GUI.

Then, while connected to the terminal of the NAS via SSH, plug the drive back in, and try the following:

dmesg | tail -n 20 | grep Attached

If it works, it should display something like this:

[ 5096.475384] sd 10:0:0:0: [sde] Attached SCSI disk

The middle part in square brackets ([]) is the name of the device. In my case, sde. So it can be found as /dev/sde.

Then, if the drive has any partitions already, you may want to confirm them:

cat /proc/partitions | grep sde

Partition the drive

By now, the GUI probably tried to mount the drive again. Eject it from there one more time. It won’t show up in the GUI anymore, but it will still be accessible via the terminal.

The drive I have has a large capacity. While fdisk is popular, it can’t handle that drive, as it’s mostly made to handle Master Boot Record (MBR) partition tables, which only works for drives of up to 2 TB.

In this case, we’ll use parted. Remember, my drive is /dev/sde but yours may be different. First, we’ll use it to list any partition table the drive may already have, which should be similar to /proc/partitions earlier:

parted /dev/sde --script print

Then, we’ll make a new GUID Partition Table (GPT), then two partitions of equal size, both made to handle the Linux ext4 file format:

parted /dev/sde --script mklabel gpt
parted /dev/sde --script mkpart primary ext4 0% 50%
parted /dev/sde --script mkpart primary ext4 50% 100%

As we made two partitions, that will create the numbered drives in /dev. In my case, /dev/sde1 and /dev/sde2.

Encrypt the partitions

As unlikely it may seem, I wouldn’t want someone to just steal my external drive, mount it on their computer, and just go through all my backup data on it. (Although, I’m quite sure my Time Machine backups are also encrypted on their own.)

Although optional, I still recommend we encrypt the drives before we format. For that, we’ll use cryptsetup to format both volumes, which is basically an encrypted wrapper for the actual ext4 volumes we’ll format in later:

cryptsetup luksFormat --type luks1 --cipher aes-cbc-plain --key-size 256 --hash sha1 --iter-time 500 /dev/sde1

Repeat the above for the second drive, e.g. /dev/sde2.

If you still don’t want to encrypt the partitions, you may skip to Format the volumes below.

Gotcha: Passwords are limited to 16 characters

You’ll be asked to pick a password, or key, to encrypt the volume.

I had some issues with that earlier. Then, I found this in the HTML of the GUI:

<input
	type="password"
	size="20"
	autocomplete="off"
	id="ext-comp-3406"
	name="ext-comp-3406"
	class="x-form-text x-form-field x-form-invalid"
	style="width: 128px;"
	maxlength="16"
/>

Ah… Even though luksFormat supports passwords of any reasonable length, QNAP forces you to pick a password of 16 characters or less.

Please do so. If you don’t, you won’t be able to unlock the volume via the GUI later.

Unlock the volumes

Now we made the encrypted volumes, we need to “open” them to make them accessible as normal devices, so we can format.

In the example of /dev/sde1, the below will prompt for your volume’s password. With the last argument being sde2, this will make the encrypted volume accessible as a normal device in /dev/mapper/sde1:

cryptsetup luksOpen /dev/sde1 sde1

Confirm the non-encrypted device is present:

ls -d /dev/mapper/sde1

Of course, don’t forget to repeat this with the second partition.

Format the volumes

At this point, we only made the encrypted wrapper for each volume, but we haven’t formatted in any filesystem, so they can’t hold files and data yet.

Since I won’t be using the drive anywhere but the NAS, I decided to use the ext4 filesystem. You could probably format it in any other available format if you wanted, including exFAT.

I decided to also label my sde1 & sde2 volumes Backup and TimeMachine, respectively:

/sbin/mke2fs /dev/mapper/sde1 -t ext4 -E nodiscard -m0 -F -b 4096 -L Backup
/sbin/mke2fs /dev/mapper/sde2 -t ext4 -E nodiscard -m0 -F -b 4096 -L TimeMachine

Please note, if you decided the skip the encryption earlier, the volumes will be in /dev instead of /dev/mapper. For example, /dev/sde1 and not /dev/mapper/sde2.

Each format will take about a dozen minutes to finish.

Close the volumes

Again, if you skipped encryption earlier, you don’t need to do this.

Now that we made the filesystems, we can safely close the encrypted volumes we opened earlier:

cryptsetup luksClose sde1
cryptsetup luksClose sde2

Turn off the drive and back on again

Alright, it’s time to turn off the drive. But first, make sure all the data in its cache was dumped in the drive itself:

sync

Then turn off the drive, or unplug it, if there is no power button. Wait about 20 seconds for the platter of the HDD to stop spinning. (Unless it’s an SSD… which obviously has nothing spinning in it.)

Once that’s done, plug the drive back in.

After a few seconds, the QNAP NAS should automatically recognise the external drive. From there, you can open the Storage & Snapshots app in the Web admin GUI, go to Storage > External Storage, then see the drive and its two partitions.

If you encrypted them, they will appear as “Locked.” From there, you can right-click the volume, click “Encryption Management” and have the NAS unlock it for you, with your password of 16 characters or less.

See? Despite how fancy the GUI may be, the real deal is in the CLI.

THE POWER OF THE TERMINAL

👋 Hi! I'm Rem, a Web developer since 1998, in Japan since 2006. I'm the author of dress.css and Scrollerful. As you can imagine, my experience is varied, including the early days of the Web being a webmaster writing HTML files and scripts in Perl, saved on floppy disks using Notepad, to now being a tech lead for a team, writing CSS with Tailwind or JavaScript for both the backend and frontend in Neovim. I love photography, typography, and colour theory. Strangely enough, my love for print graphic design was what got me into web development. So, yes, I have a few stories to tell and tips to give, and I'm writing some of them, sometimes, here, on RÉMINO Bits.