op5 widgets for Smashing released on github


example smashing dashboard for op5

We (say Niklas) developed a set of widgets to integrate op5 (nagios derivate) with the smashing.io dashboard, which is now available on github.

https://github.com/kmggroup/op5widgets

References

Quickly clean up your Wifi connections in OSX


Introduction

Today I realized that I had connected to a couple of hundred wifi networks over the last couple of years. This had clogged up my network preferences, and I no longer had a good overview of my favorite network locations.

To clean this up, I did not feel like clicking through each and every one of these, so I found this (http://www.techrepublic.com/article/pro-tip-manage-wi-fi-with-terminal-commands-on-os-x/) which helped me with the CLI. Now I could:

  • List all networks to a file
  • Edit this file and remove my favorite networks from this file
  • Use this file to remove the unwanted networks
#--- count networks
malu@kmg-mcp001.local:/Users/malu $networksetup -listpreferredwirelessnetworks en0 | sort -f | sed -e 's/^[[:space:]]*//g' | grep -v "Preferred networks"  | wc -l
197

#--- list networks into a file
networksetup -listpreferredwirelessnetworks en0 | sort -f | sed -e 's/^[[:space:]]*//g' | grep -v "Preferred networks" > wifinetworks.txt

#--- edit the wifinetworks and remove your favorites, the ones to keep
vi wifinetworks.txt

#--- the next command will create a script to remove the networks in wifinetworks.txt, so use it with care
cat wifinetworks.txt | xargs -L1 -IX echo sudo networksetup -removepreferredwirelessnetwork en0 "X" > removewifi.sh

#--- check the removewifi.sh script and remove any favorites, then execute it
bash removewifi.sh

#--- count networks
malu@kmg-mcp001.local:/Users/malu $networksetup -listpreferredwirelessnetworks en0 | wc -l
   19

 

Physical firewall for VMWare networks


Introduction

Sometimes you need to figure out some weird configurations. In this post I will try and justify the joy of VLANs in the following setup.

  • A VMWare host with only one network interface (NIC), like a Intel NUC SWIFT CANYON NUC6I5SYH, which is an excellent lab computer. It also takes on VMWare out of the box like a charm, with no hassle.
  • An APU2C4 with pfSense
  • A perimeter (DMZ) network for internet facing systems
  • A secure(r) network for application servers etc

I want to have a perimeter network with my proxy server, and my application servers on a secured network. I also want to use a physical firewall outside my VMWare environment, which is the odd bird in this cage.

Normally, I would be setting up a pfSense in a virtual machine, which is easy enough and would have saved me quite some headaches. But now I want to use my physical box, the APU2C4, as firewall, so I have to share the network card on my VM Host system.

This setup is classic and simple. No magic, but since we only have one network interface on the VMWare host, you will need to use some tricks to make this happen.

I created two networks, kmg-perimeter with VLAN id 90 and kmg-secure with VLAN id 91. These are both connected to the same network card (the one and only NIC on the VM host).

On the firewall, I set up two VLAN interfaces with the corresponding VLAN id tagging on the same interface. Physically, I connected the NIC on the firewall to the NIC on the Intel NUC.

From here on, you are good to go. You pretend that you have two networks, which are firewalled just as you would normally do it if you had multiple physical network cards on your VMWare server.

As an example, I add one more VLAN interface, which I will call DEMONETWORK.

  • Interfaces->Assign->VLANs->Add

  • Interfaces->Assign->Interface Assignments->Add

  • Interfaces->OPT3 (your interface might have gotten a different name).
    • Enable the interface and give it a proper name (i.e DEMONETWORK)

  • Firewall->Rules->DEMONETWORK
    • Here you define the rules coming into this new interface

That’s it!

 

 

Quickly create an img file from a raspbian SD card on OSX


Introduction

Bottom line (given that your SD card is /dev/disk2):

$ ddCount=$(sudo fdisk /dev/disk2 | grep Linux | awk '{printf "%i", ($11+$13)*512/1024/1024 + 1}')
$ diskutil unmountdisk /dev/disk2

Unmount of all volumes on disk2 was successful

$sudo dd if=/dev/rdisk2 bs=1m count=$ddCount | gzip > myimage.img.gz

Long story:

Sometimes you need to make a backup of an SD card with your favorite installation on it. This recipe will show you how to do this in the most efficient way on Apple, Mac OSX. This is of course not a good replacement of making notes and automating your installations. But for the times when you really need to make an image copy of your SD card, it is helpful.

Most recipes online will simply tell you to use “dd” to make an image of the whole card. This will create an image that is the size of your SD card, which is rarely necessary. A base installation of Raspbian Lite clocks in at around 1 GB, and the base partition created when you first install Raspbian on an SD card is “only” 1.7GB. If you can keep the root (/) partition at this size until you make your backup, you save both time and space on your harddrive. Most people use larger SD cards than 1.7GB nowadays, often 32GB – 128GB. I personally try and get as small SD cards as I can, and the current sweet spot for price/performance is found around 16GB. That will change.

The first thing that normally happens when you start up your Raspberry Pi, is that rasbpian will resize your root partition from 1.7 GB to the size of your SD card. In the good old days you had to do this yourself though the use of the “raspi-config” command. In the later releases, the resize is done at the first boot.

So, the basic recipe for optimizing

  • Create your initial installation (install Raspbian on an SD card)
  • Make sure that you do not expand the root filesystem at first boot (edit /boot/cmdline.txt)
  • Do your stuff/set up your environment
  • Make a backup of the SD card
    • Get the size of the partitions
    • Use dd to get only the good parts

Initial installation

  • Download the image
  • Unzip it
  • dd the image to your SD card

Be cautious. Make sure you use the correct “/dev/rdiskX” file, as you _WILL_ destoy the destination, replacing it with your image. You figure out the correct disk name by using “diskutil list”. When you “dd” the image, use the “/dev/rdiskX” device, NOT the “/dev/diskX” device. The latter will be much slower.

$ diskutil list
...
/dev/disk2 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *16.1 GB    disk2
   1:             Windows_FAT_32 boot                    43.7 MB    disk2s1
   2:                      Linux                         1.7 GB     disk2s2

$ sudo dd if=2017-09-07-raspbian-stretch-lite.img of=/dev/rdisk2 bs=1m

 

Root filesystem expansion

The root filesystem expansion will happen at first boot. It is initialized through a script called by _init=/usr/lib/raspi-config/init_ressize.sh in the /boot/cmdline.txt. After it has resized the filesystem, it removes the init= clause and reboots. You should remove this from the cmdline.txt file before booting the first time, in order to keep the root filesystem as small as possible.

$cat /Volumes/boot/cmdline.txt 

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=a8790229-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet init=/usr/lib/raspi-config/init_resize.sh


#--- edit the file and remove init=...

$cat /Volumes/boot/cmdline.txt 

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=a8790229-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet

Whenever you would like to expand the filesystem, you can do so by running “sudo raspi-config” on the command line of your raspberry pi, and resize it.

Setup your environment

This is where you do your thing. Install some software, play around. Go wild!

Backup SD card

This is where the magic happens. Or at least the essence of this blog entry. You will need to figure out the last block of the linux partition (your root partition), and only create an image until that point.

  • Figure out the SD card partition layout
  • Calculate the number of MB you should read from the SD card
  • Create the image, using “dd” and a block size of 1MB

You get this from the partition table, which you display by using the “fdisk” command.

$ sudo fdisk /dev/disk2
Disk: /dev/disk2 geometry: 1955/255/63 [31422464 sectors]
Signature: 0xAA55

         Starting       Ending
 #: id  cyl  hd sec -  cyl  hd sec [     start -       size]
------------------------------------------------------------------------
 1: 0C    0 130   3 -    5 210  42 [      8192 -      85405] Win95 FAT32L
 2: 83    5 220  24 -  209 202  59 [     94208 -    3276162] Linux files*
 3: 00    0   0   0 -    0   0   0 [         0 -          0] unused      
 4: 00    0   0   0 -    0   0   0 [         0 -          0] unused      

Here you can see that the linux partition starts at block 94208 and goes on for another 3276162 blocks.

Use the “hdiutil imageinfo” command to get the block size:

$ sudo hdiutil imageinfo /dev/disk2 | grep block-size
 block-size: 512

You now have all info needed to calculate the end of your SD card partitions, numMB = round((94208 + 3276162) * 512 / 1024 / 1024) + 1. The +1 is for when the number of blocks does not and at an even MB boundary. I throw in one more MB for good measure. You could in principle skip part of the calculation, if your dd-command would use the disk block size (bs=512) instead of “bs=1m”, but the copy would take forever to complete. In my example, I will read 1646 MB from the card, which is a few kB too much, but you can skip the calculation and use 1700, 1800, or 2000 MB as well without over shooting too much.

$ diskutil unmountdisk /dev/disk2 
$ #--- jessie: sudo dd if=/dev/rdisk2 bs=1m count=1646 | gzip > myimage.img.gz
#--- stretch
$ sudo dd if=/dev/rdisk2 bs=1m count=1800 | gzip > myimage.img.gz

To write this image back to your SD card:

$ diskutil unmountdisk /dev/disk2
$ gzcat myimage.img.gz | sudo dd of=/dev/rdisk2 bs=1m

Edits:

  • Mats Karlsson noted that one can use “xz -e9v” instead of gzip, to produce a file that is ca 30%
  • malu@kmg-mcp001.local:/temp/raspberry/raspiMake $ls -latrh my* -rw-r–r–  1 malu  wheel   347M Sep 19 11:48 myimage.img.gz -rw-r–r–  1 malu  wheel   225M Sep 19 11:58 myimage.img.xz

    Raspbian Stretch (September 2017) is just a bit larger than Jessie, add a few MB toyour dd command (I use 1800)

Rsync faster with AES-NI and ssh options


Introduction

Copying files per ssh is very convenient, but the default encryption(1) usually takes its toll on the CPU, and the result is that you do not fill the available network bandwidth. The solution is to use a less CPU intensive cipher, which often leads to using a less secure encryption scheme. On a local network this is rarely an issue.

Earlier I was often using blowfish or arc4 as preferred ciphers, but in newer Linux distros (i.e Ubuntu 16.04LTS) these are no longer supported. Nowadays there are some default ciphers that are supported using hardware accelerated AES-NI instructions, helping to offload the ciphering in the CPU. aes128-gmc@openssh.com and aes256-gcm@openssh.com is such ciphers.

  • Quick and easy
cd /path/to/your/files
time rsync -av --delete -e "ssh -T -o Compression=no -x -c aes256-gcm@openssh.com" . someuser@remote.system:/mnt/remote_filesystem
time rsync -av --delete -e "ssh -T -o Compression=no -x -c aes128-gcm@openssh.com" . someuser@remote.system:/mnt/remote_filesystem

On a 1gbit connection, I often see >110MB/s with the command line above.

References

  • https://turecki.net/content/getting-most-out-ssh-hardware-acceleration-tuning-aes-ni
  • man ssh_config => Default ciphers
maglub@myserver:~$ ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

Installing pfSense on an APU2C4


Introduction

This will describe how I installed pfSense on a APU2C4. The culprit in my case is that I use OSX (10.11, El Capitan), so the creation of the boot USB stick and the serial console access is a bit different than for Linux and Windows.

  • PC Engines APU2C4 -> http://www.pcengines.ch/apu2c4.htm
  • 16GB, msata16d
  • OSX 10.11 (El Capitan)
  • My serial port is /dev/tty.UC-232AC (Aten UC232A USB Serial Konverter Kabel, Roline Nullmodem-Kabel, BU-BU)

Steps:

  • Download
  • Create the USB key (Windows and OSX) with TinyCore (http://www.pcengines.ch/tinycore.htm)
  • Boot from the USB stick with Serial console access
  • Write pfSense image to your boot media for the APU2C4

 

Recipe

  • Format the USB key as FAT32, Master Boot Record, using Disk Utility

 

malu@kmg-mcp001.local:/Users/malu/dev/peaq/ansible
$diskutil list /dev/disk0 (internal, physical): 
#: TYPE NAME SIZE IDENTIFIER 
0: GUID_partition_scheme *1.0 TB disk0 
1: EFI EFI 209.7 MB disk0s1 
2: Apple_CoreStorage Macintosh HD 999.7 GB disk0s2 
3: Apple_Boot Recovery HD 650.0 MB disk0s3 
/dev/disk1 (internal, virtual): 
#: TYPE NAME SIZE IDENTIFIER 
0: Apple_HFS Macintosh HD +999.3 GB disk1 
Logical Volume on disk0s2 
C26F5AD7-5784-41BD-8AD1-DB7CEB1BE62B 
Unencrypted /dev/disk2 (external, physical): 
#: TYPE NAME SIZE IDENTIFIER 
0: FDisk_partition_scheme *7.8 GB disk2 
1: DOS_FAT_32 TINY 7.8 GB disk2s1 

malu@kmg-mcp001.local:$ diskutil unmountdisk /dev/disk2 
Unmount of all volumes on disk2 was successful

  • Copy a boot sector to the USB stick as described here: http://www.pyrosoft.co.uk/blog/2013/01/09/creating-a-bootable-usb-stick-from-osx/
 mkdir mbr
 cd mbr
 curl -L -O http://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-5.00.zip
 unzip syslinux-5.00.zip 'mbr/mbr.bin'
 sudo dd conv=notrunc bs=440 count=1 if=mbr/mbr.bin of=/dev/disk4
  • Make the USB disk bootable (my USB disk is /dev/disk2, you must find your own through “diskutil list”) (print, f 1, write, print, exit)

 

 malu@kmg-mcp001.local:/Users/malu/dev/peaq/ansible $sudo fdisk -e /dev/disk2
 fdisk: could not open MBR file /usr/standalone/i386/boot0: No such file or directory
 Enter 'help' for information

fdisk: 1> print

Disk: /dev/disk2 geometry: 949/255/63 [15248832 sectors]
 Offset: 0 Signature: 0xAA55
 Starting Ending
 #: id cyl hd sec - cyl hd sec [ start - size]
 ------------------------------------------------------------------------
 1: 0B 1023 254 63 - 1023 254 63 [ 2 - 15248830] Win95 FAT-32
 2: 00 0 0 0 - 0 0 0 [ 0 - 0] unused
 3: 00 0 0 0 - 0 0 0 [ 0 - 0] unused
 4: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

fdisk: 1> f 1

Partition 1 marked active.

fdisk:*1> write

Writing MBR at offset 0.

fdisk: 1> print

Disk: /dev/disk2 geometry: 949/255/63 [15248832 sectors]
 Offset: 0 Signature: 0xAA55
 Starting Ending
 #: id cyl hd sec - cyl hd sec [ start - size]
 ------------------------------------------------------------------------
 *1: 0B 1023 254 63 - 1023 254 63 [ 2 - 15248830] Win95 FAT-32
 2: 00 0 0 0 - 0 0 0 [ 0 - 0] unused
 3: 00 0 0 0 - 0 0 0 [ 0 - 0] unused
 4: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

fdisk: 1> exit

  • Download a TinyCore iso image (any image will do)
wget http://distro.ibiblio.org/tinycorelinux/4.x/x86/release/TinyCore-4.7.7.iso

  • Use Unetbootin to write this image to your USB stick, which will result in this:

 

malu@kmg-mcp001.local:/Volumes/TINY $ls -la
 total 15592
 drwxrwxrwx@ 1 malu staff 4096 Sep 6 10:57 .
 drwxrwxrwt@ 6 root admin 204 Sep 6 10:57 ..
 drwxrwxrwx 1 malu staff 4096 Sep 6 10:55 .Spotlight-V100
 drwxrwxrwx@ 1 malu staff 4096 Sep 6 10:55 .Trashes
 -rwxrwxrwx 1 malu staff 4096 Sep 6 10:55 ._.Trashes
 drwxrwxrwx 1 malu staff 4096 Sep 6 10:57 .fseventsd
 drwxrwxrwx 1 malu staff 4096 Sep 6 10:57 boot
 drwxrwxrwx 1 malu staff 4096 Sep 6 10:57 cde
 -rwxrwxrwx 1 malu staff 60928 Sep 6 10:57 menu.c32
 -rwxrwxrwx 1 malu staff 684 Sep 6 10:57 syslinux.cfg
 -rwxrwxrwx 1 malu staff 612 Sep 6 10:57 ubnfilel.txt
 -rwxrwxrwx 1 malu staff 5385191 May 10 2013 ubninit
 -rwxrwxrwx 1 malu staff 2491968 May 10 2013 ubnkern
 -rwxrwxrwx 1 malu staff 36 Sep 6 10:57 ubnpathl.txt
  • Download pfSense media
wget https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.4-RELEASE-4g-amd64-nanobsd.img.gz
  • Copy TinyCore files from PCEngines over to the USB stick
malu@kmg-mcp001.local:/Volumes/TINY $cd /Volumes/TINY
malu@kmg-mcp001.local:/Volumes/TINY $tar xvf /temp/pcengines/apu_tinycore.tar
malu@kmg-mcp001.local:/Volumes/TINY $cp /temp/pcengines/pfSense-CE-2.3.2-RELEASE-* .

  • Copy the pfSense image to the USB stick
malu@kmg-mcp001.local:/Volumes/TINY $cp /temp/pcengines/pfSense-CE-2.3.2-RELEASE-4g-amd64-nanobsd.img.gz .
  • Start up the serial terminal.
screen /dev/tty.UC-232AC 115200 8N1
  • When you connect the power, you should more or less immediately (within a couple of seconds) see the following:
PCEngines apu2
 coreboot build 20160307
 ...
 PCengines Press F10 key now for boot menu:

Press <F10> to get the boot menu:

Select boot device:

1. USB MSC Drive JetFlash Transcend 16GB 1.00
2. ata0-0: SATA SSD ATA-10 Hard-Disk (15272 MiBytes)
3. Payload [memtest]
4. Payload [setup]
  • Chose <1> for your USB key.
gzip -dc pfSense-CE-2.3.2-RELEASE-4g-amd64-nanobsd.img.gz | pv | dd of=/dev/sda bs=10M
  • Unplug the USB key, power cycle, and you are done!

References:

  • https://unetbootin.github.io/
  • http://www.pcengines.ch/newshop.php?c=48881
  • http://www.pcengines.ch/pdf/apu2.pdf
  • http://www.pyrosoft.co.uk/blog/2013/01/09/creating-a-bootable-usb-stick-from-osx/
  • https://forum.pfsense.org/index.php?topic=106444.0

Install Domoticz and Razberry2 on Raspbian 2017-01-11


I just installed domoticz with the following setup:

  • Razberry2
  • Raspberry Pi 3
  • Raspbian Jessie, 2017-01-11

There are a couple of things to keep in mind, for the Razberry2 to work properly, especially with the later jessie releases:

  • The serial port has to be turned ON
  • Console on the serial port has to be turned OFF
  • Bluetooth has to be disabled
  • hciuart.service can optionally be disable (to get rid of an error message during boot)

So, the minor issue is that when you use “raspi-config” to turn off the serial console, it does not only turn off the console output on the serial port. It also turns off the serial port, which is not really what we want. That is why most people get a bit confused and fiddle around until they figure out that the “enable_uart=0” entry in /boot/configure.txt should be “enable_uart=1”, and never think of why it happened to be that way.

The “console output” to serial is configured in /boot/cmdline.txt with the entry “console=serial0,115200”, which we need to get rid of, but still make sure that there is no “enable_uart=0” in /boot/config.txt.

Unless you really want to, there is no need to redistribute the GPU RAM mapping.

So, a working setup (as of 2017-01-20) is:

  • Create an SD card with 2017-01-11-raspbian-jessie.img
  • Before you unmount it from your PC, change the following files on the SD card:

/boot/cmdline.txt

cat /boot/cmdline.txt
 dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait

/boot/configure.txt

 enable_uart=1
 dtoverlay=pi3-disable-bt

  • Boot the raspberry pi
  • Disable the hciuart service
 sudo systemctl stop hciuart
 sudo systemctl disable hciuart

  • Ensure you have a /dev/ttyAMA0 file
 ls -la /dev/ttyAMA0
 crw-rw---- 1 root dialout 204, 64 Jan 20 08:19 /dev/ttyAMA0
  •  Install domoticz as described above by kent
 mkdir ~/domoticz
 cd ~/domoticz
 wget https://releases.domoticz.com/releases/release/domoticz_linux_armv7l.tgz
 tar xvfz domoticz_linux_armv7l.tgz
 rm domoticz_linux_armv7l.tgz
 sudo cp domoticz.sh /etc/init.d
 sudo chmod +x /etc/init.d/domoticz.sh
 sudo update-rc.d domoticz.sh defaults
 sudo service domoticz.sh start
  • Go to “Setup”->”Hardware”
  • Add a OpenZWave USB device with the serial port: /dev/ttyAMA0

Done.

Monitoring Synology DS1511+ with OP5/Nagios


The basics: https://www.nickebo.net/monitoring-a-synology-nas-from-op5/

root@op5-system:~# snmpwalk -c public -v2c 192.168.2.85 SYNOLOGY-SYSTEM-MIB::synoSystem
SYNOLOGY-SYSTEM-MIB::SystemStatus.0 = INTEGER: Normal(1)
SYNOLOGY-SYSTEM-MIB::Temperature.0 = INTEGER: 48
SYNOLOGY-SYSTEM-MIB::PowerStatus.0 = INTEGER: Normal(1)
SYNOLOGY-SYSTEM-MIB::SystemFanStatus.0 = INTEGER: Normal(1)
SYNOLOGY-SYSTEM-MIB::CPUFanStatus.0 = INTEGER: Normal(1)
SYNOLOGY-SYSTEM-MIB::ModelName.0 = STRING: “DS1511+”
SYNOLOGY-SYSTEM-MIB::SerialNumber.0 = STRING: “B1J4N00273”
SYNOLOGY-SYSTEM-MIB::Version.0 = STRING: “DSM 4.3-3776”
SYNOLOGY-SYSTEM-MIB::UpgradeAvailable.0 = INTEGER: Checking(3)

snmpwalk -c public -v2c 192.168.2.85 SYNOLOGY-DISK-MIB::synoDisk

root@op5-system:/usr/share/snmp/mibs# grep “OBJECT IDENTIFIER” SYNO*.txt
SYNOLOGY-DISK-MIB.txt:synoDisk OBJECT IDENTIFIER
SYNOLOGY-RAID-MIB.txt:synoRaid OBJECT IDENTIFIER
SYNOLOGY-SPACEIO-MIB.txt:SpaceIO OBJECT IDENTIFIER
SYNOLOGY-STORAGEIO-MIB.txt:StorageIO OBJECT IDENTIFIER
SYNOLOGY-SYSTEM-MIB.txt:synology OBJECT IDENTIFIER
SYNOLOGY-SYSTEM-MIB.txt:synoSystem OBJECT IDENTIFIER ::= { synology 1 }
SYNOLOGY-SYSTEM-MIB.txt:Fan OBJECT IDENTIFIER ::= { synoSystem 4 }
SYNOLOGY-SYSTEM-MIB.txt:DSMInfo OBJECT IDENTIFIER ::= { synoSystem 5 }
SYNOLOGY-UPS-MIB.txt:synoUPS OBJECT IDENTIFIER
SYNOLOGY-UPS-MIB.txt:upsDevice OBJECT IDENTIFIER ::= { synoUPS 1 }
SYNOLOGY-UPS-MIB.txt:upsInfo OBJECT IDENTIFIER ::= { synoUPS 2 }
SYNOLOGY-UPS-MIB.txt:upsInfoMfr OBJECT IDENTIFIER ::= { upsInfo 6 }
SYNOLOGY-UPS-MIB.txt:upsInfoFirmware OBJECT IDENTIFIER ::= { upsInfo 10 }
SYNOLOGY-UPS-MIB.txt:upsInfoLoad OBJECT IDENTIFIER ::= { upsInfo 12 }
SYNOLOGY-UPS-MIB.txt:upsInfoDelay OBJECT IDENTIFIER ::= { upsInfo 14 }
SYNOLOGY-UPS-MIB.txt:upsInfoTimer OBJECT IDENTIFIER ::= { upsInfo 15 }
SYNOLOGY-UPS-MIB.txt:upsInfoTest OBJECT IDENTIFIER ::= { upsInfo 16 }
SYNOLOGY-UPS-MIB.txt:upsInfoPower OBJECT IDENTIFIER ::= { upsInfo 20 }
SYNOLOGY-UPS-MIB.txt:upsInfoRealPower OBJECT IDENTIFIER ::= { upsInfo 21 }
SYNOLOGY-UPS-MIB.txt:upsInfoStart OBJECT IDENTIFIER ::= { upsInfo 25 }
SYNOLOGY-UPS-MIB.txt:upsBattery OBJECT IDENTIFIER ::= { synoUPS 3 }
SYNOLOGY-UPS-MIB.txt:upsBatteryCharge OBJECT IDENTIFIER ::= { upsBattery 1 }
SYNOLOGY-UPS-MIB.txt:upsBatteryVoltage OBJECT IDENTIFIER ::= { upsBattery 2 }
SYNOLOGY-UPS-MIB.txt:upsBatteryRuntime OBJECT IDENTIFIER ::= { upsBattery 6 }
SYNOLOGY-UPS-MIB.txt:upsInput OBJECT IDENTIFIER ::= { synoUPS 4 }
SYNOLOGY-UPS-MIB.txt:upsInputVoltage OBJECT IDENTIFIER ::= { upsInput 1 }
SYNOLOGY-UPS-MIB.txt:upsInputTransfer OBJECT IDENTIFIER ::= { upsInput 2 }
SYNOLOGY-UPS-MIB.txt:upsInputCurrent OBJECT IDENTIFIER ::= { upsInput 5 }
SYNOLOGY-UPS-MIB.txt:upsInputFrequency OBJECT IDENTIFIER ::= { upsInput 6 }
SYNOLOGY-UPS-MIB.txt:upsOutput OBJECT IDENTIFIER ::= { synoUPS 5 }
SYNOLOGY-UPS-MIB.txt:upsOutputVoltage OBJECT IDENTIFIER ::= { upsOutput 1 }
SYNOLOGY-UPS-MIB.txt:upsOutputFrequency OBJECT IDENTIFIER ::= { upsOutput 2 }
SYNOLOGY-UPS-MIB.txt:upsOutputCurrent OBJECT IDENTIFIER ::= { upsOutput 3 }
SYNOLOGY-UPS-MIB.txt:upsAmbient OBJECT IDENTIFIER ::= { synoUPS 6 }
SYNOLOGY-UPS-MIB.txt:upsAmbientTemperature OBJECT IDENTIFIER ::= { upsAmbient 1 }
SYNOLOGY-UPS-MIB.txt:upsAmbientHumidity OBJECT IDENTIFIER ::= { upsAmbient 2 }
SYNOLOGY-UPS-MIB.txt:upsDriver OBJECT IDENTIFIER ::= { synoUPS 7 }
SYNOLOGY-UPS-MIB.txt:upsServer OBJECT IDENTIFIER ::= { synoUPS 8 }

The MIBs are found on the Synology:

synology02> pwd
/usr/syno/share/snmp/mibs
synology02> find . -type f -name ‘SYNOLOGY*MIB.txt’
./SYNOLOGY-SPACEIO-MIB.txt
./SYNOLOGY-DISK-MIB.txt
./SYNOLOGY-STORAGEIO-MIB.txt
./SYNOLOGY-SYSTEM-MIB.txt
./SYNOLOGY-UPS-MIB.txt
./SYNOLOGY-RAID-MIB.txt

On the OP5 server, the MIBs has to be copied to /usr/share/snmp/mibs, after which they are available for snmpwalk and check_snmp.

Two additional snmp check commands (which I picked up from http://www.it-slav.net/blogs/2013/12/15/howto-monitor-netgear-readynas-rn104-with-op5-monitor-or-nagios/#more-2314):

# command ‘custom_check_snmp_v2c_ranges’
define command{
command_name custom_check_snmp_v2c_ranges
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -P 2c -o $ARG1$ -w $ARG2$ -c $ARG3
$ -C$ARG4$ -m: -l $ARG5$
}

# command ‘custom_check_snmp_v2c_regexp’
define command{
command_name custom_check_snmp_v2c_regexp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -P 2c -o $ARG1$ -R $ARG2$ -C$ARG3
$ -m: -l $ARG4$
}

# service ‘L0 syno – Disk 1’
define service{
use default-service
host_name synology02
service_description L0 syno – Disk 1
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-DISK-MIB::DiskStatus.0!Normal!public!”Disk 1:”
}

# service ‘L0 syno – Disk 2’
define service{
use default-service
host_name synology02
service_description L0 syno – Disk 2
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-DISK-MIB::DiskStatus.1!Normal!public!”Disk 2:”
}

# service ‘L0 syno – Disk 3’
define service{
use default-service
host_name synology02
service_description L0 syno – Disk 3
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-DISK-MIB::DiskStatus.2!Normal!public!”Disk 3:”
}

# service ‘L0 syno – Disk 4’
define service{
use default-service
host_name synology02
service_description L0 syno – Disk 4
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-DISK-MIB::DiskStatus.3!Normal!public!”Disk 4:”
}

# service ‘L0 syno – Disk 5’
define service{
use default-service
host_name synology02
service_description L0 syno – Disk 5
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-DISK-MIB::DiskStatus.4!Normal!public!”Disk 5:”
}

# service ‘L0 syno – Power Status’
define service{
use default-service
host_name synology02
service_description L0 syno – Power Status
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-SYSTEM-MIB::PowerStatus.0!Normal!public!”Power:”
}

# service ‘L0 syno – System Status’
define service{
use default-service
host_name synology02
service_description L0 syno – System Status
check_command custom_check_snmp_v2c_regexp!SYNOLOGY-SYSTEM-MIB::SystemStatus.0!Normal!public!”Status:”
}

# service ‘L0 syno – Temperature Disk 1’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature Disk 1
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-DISK-MIB::DiskTemperature.0!45!50!public!”Disk 1 temperature”
}

# service ‘L0 syno – Temperature Disk 2’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature Disk 2
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-DISK-MIB::DiskTemperature.1!45!50!public!”Disk 2 temperature”
}

# service ‘L0 syno – Temperature Disk 3’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature Disk 3
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-DISK-MIB::DiskTemperature.2!45!50!public!”Disk 3 temperature”
}

# service ‘L0 syno – Temperature Disk 4’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature Disk 4
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-DISK-MIB::DiskTemperature.3!45!50!public!”Disk 4 temperature”
}

# service ‘L0 syno – Temperature Disk 5’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature Disk 5
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-DISK-MIB::DiskTemperature.4!45!50!public!”Disk 5 temperature”
}

# service ‘L0 syno – Temperature System’
define service{
use default-service
host_name synology02
service_description L0 syno – Temperature System
check_command custom_check_snmp_v2c_ranges!SYNOLOGY-SYSTEM-MIB::Temperature.0!50!55!public!”System temperature”
}

Network interface naming in Ubuntu 16 back to eth0


In Ubuntu 16 the network interface naming is changed, so you won’t have your usual “ethX” naming.

If you, for any reason, would like to revert back to the old behavior, do the following:

  • Add the following line to /etc/default/grub


GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0 biosdevname=0"

  • Run “sudo update-grub”
  •  Reboot

That’s all.

wpa_supplicant in debian /ubuntu/ raspbian – getting it to work on your raspberry pi


Hi again,

This time, I will go through a couple of things that I learned today, which has bugged me for quite some time. It also took me forever to figure it out why I could not get it to work the way I wanted to. It also was not made easier with a recent change in the network management of Raspbian Jessie. Proper wifi configuration (on the command line) on the Raspberry Pi 3 with its built in wifi is simple, but not easy. This blog entry is about the scenario whan you do all your configuration on the command line. I have no clue on how to do it through any GUI tools.

What I wanted to do, could in principle be easily solved by the first two examples below, but I really wanted to both understand what I was doing, as well as having a flexible solution where my raspberry pi would also be a bit more mobile. By setting the ssid and wpa2 passwords directly in the /etc/network/interfaces file, I would have to remember and reconfigure the wifi configuration (prefreably before I unplug the device) if I were to move a raspberry pi from my home to my office (since they have different ssid:s and network configurations).

So i will touch these topics, since they are closely related:

  • Proper use of wpa_supplicant.conf in a wifi setup
  • Why on earth the raspberry pi claims a DHCP Ip address on eth0, wlan0, etc even if you configure a static IP address

For the quick solution, there are basically two scenarios:

  • If you want wifi, and are ok with DCHP: stay with the default configuration of /etc/network/interfaces, and just add a “network” section to /etc/wpa_supplicant/wpa_supplicant.conf
  • If you want wifi and a static IP address: The key items to remember is: id_str in /etc/wpa_supplicant/wpa_supplicant.conf and wpa-roam instead of wpa-conf in /etc/network/interfaces.

In the “jessie” release of Raspbian, the /etc/network/interfaces configuration changed from using wpa-roam to using wpa-conf to fit with the change to use a system component called dhcpcd. Basically, without any reconfiguration the dhcpcd daemon will monitor the states of any network interface (also eth0) and request an IP address from your DHCP server (which most likely is your internet router at home). In the bulk of installations, this is perfectly ok, even for advanced users, and for beginners it just works out of the box. The default configuration of the /etc/network/interfaces file will now expect you to use the stansa “iface xxx inet manual” instead of “iface xxx inet dhcp”. The DHCP stansa will still work, but is sort of redundant, since dhcpcd should be taking care of your DHCP requests.

Most how-to’s on the internet, showing you how to set up a static ip address on an interface, will work as expected (almost). You will get a static ip addres configured on your interface, but in the background you will also get a second ip address through the dhcpcd daemon, which you sadly will not see with the ifconfig -a command. You will, though, see it with either “hostname -I” or ip addr show“. One side effect (which is also merely more than an annoyance) is that you get a second route to your default gateway. Since the route you configure with your static ip configuration takes precedence, you will not even notice it, but it is there (which is seen by using “netstat -nr” or “ip route show“.

Wifi configurations that come quickly to a decently round up linux admin (which would not at all use the wpa_supplicant.conf):

  • Putting the ssid and WPA2 password directly in the /etc/network/interfaces, using DHCP


allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "MY_SSID"
wpa-psk "MY_SECRET_PASSWORD"

  • Using the ssid and WPA password directly in the /etc/network/interfaces, using static IP configuration


allow-hotplug wlan0
iface wlan0 inet static
wpa-ssid "MY_SSID"
wpa-psk "MY_SECRET_PASSWORD"
address 192.168.3.11
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
dns-nameservers 192.168.3.1

Although both these ways of configuring the wifi on my raspberry pi works, they are both very static. As mentioned above, I would have to re-configure the /etc/network/interfaces file before I shut the raspberry pi down if I were to move it to another wifi network. I would like to just shut it down, move it, and start it up with a working configuration.

In the second case I would also get that “shadow” ip address:


pi@raspberrypi:~ $ hostname -I
192.168.3.11 192.168.3.133

The difference between “wpa-conf” and “wpa-roam” in the /etc/network/interfaces file, is that when you use “wpa-conf” you should not be moving your gear around that much. If you want to use DHCP, just set up your network in the /etc/wpa_supplicant/wpa_supplicant.conf or directly in your /etc/network/interfaces file. One network to rule them all. If you move your device, you should be prepared before you shut down, or be prepared for a big hassle when you arrive at your new destination. When using “wpa-roam” you should either accept that you get a shadow IP address, or disable the wlan0 interface in the dhcpcd configuration, or turn off dhcpcd once and for all.

I set up a simple test, which still turned out to be 20 scenarios to go through. Sorry for the crappy table format. The table is mostly for show. Green is where the configuration is ok, yellow is where it looks to work at first glance but there is something lurking in the background.

Test# Config file:
/etc/network/interfaces
DHCPCD enabled ->
“sudo update-rc.d dhcpd enable; sudo shutdown -r”
DHCPCD disabled ->
“sudo update-rc.d dhcpd enable; sudo shutdown -r now”
1 allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
 
works (ping 192.168.3.1)
dhclient -v … is running
works (ping 192.168.3.1)
dhclient -v … is running
2 allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf 
works (ping 192.168.3.1)
no dhcp client running after reboot
does not work, but if you start the dhclient manually, you will get an ip address
3 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf 
invalid config without the “address” variable invalid config without the “address” variable
4 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.3.11 
Works (ping 192.168.3.1)
ifconfig show only one IP address
“ip addr show” shows 2 ip addresses
“netstat -nr” show a default route (from dhcp)
Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 1 ip addresses
“netstat -nr” show no default route (from dhcp)
5 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.3.11
# bad gateway address
gateway 192.168.3.99 
Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 2 ip addresses
“netstat -nr” show 2 default routes (from dhcp), but the bad one has precedence
when removing the bad route “sudo route del -net 0.0.0.0 gw 192.168.3.99” all works
Works (ping 192.168.3.1), but no default route
ifconfig show only one IP address
“ip addr show” shows 1 ip addresses
“netstat -nr” show no default route (from dhcp)
6 allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1 
does not work, missing required variable: address does not work, missing required variable: address
7 allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1 
Works (ping 192.168.3.1)
ifconfig show only one IP address
“ip addr show” shows 1 ip addresse (dhcp)
“netstat -nr” show a default route (from dhcp)
does not work, although “sudo wpa_cli status” show proper connection to the ssid
running “dhclient -v …” gives wlan0 an IP address
8 allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1 
Works (ping 192.168.3.1)
proper gw, dns, all
wpa_cli status” show proper connection
“ip addr show” shows 2 ip addresses
“netstat -nr” shows 2 routes to the default gateway
Works (ping 192.168.3.1)
proper gw, dns, all
wpa_cli status” show proper connection
“ip addr show” shows only 1 ip address
9 command line:
echo “denyinterfaces wlan0” | sudo tee -a /etc/hdcpcd.conf
sudo service dhcpcd restart/etc/network/interfacesconfiguration:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface stg inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

 

Works as expected. Static IP set.
Ping 192.168.3.1 ok
proper gw, dns, all
wpa_cli status” show proper wifi connection
“ip addr show” shows 1 ip address
“hostname -I” shows 1 ip address
“netstat -nr” shows 1 default route
n/a, will work, see test 8
10 command line:
echo “denyinterfaces wlan0” | sudo tee -a /etc/hdcpcd.conf
sudo service dhcpcd restart/etc/network/interfacesconfiguration:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.confiface default dhcp

 

Works as expected. DHCP address.
“wpa_cli status” show proper wifi connection
dhclient -v … is running
Ping 192.168.3.1 ok
proper gw, dns, all
wpa_cli status” show proper wifi connection
“ip addr show” shows 1 ip address
“hostname -I” shows 1 ip address
“netstat -nr” shows 1 default route
n/a, will work, see test 8

You can ignore your wlan0 interface by doing the following (which will survive a reboot).


echo "denyinterfaces wlan0" | sudo tee -a /etc/dhcpcd.conf
sudo service dhcpcd restart

In the end, the choice is yours. If you are decently experienced and you disable dhcpcd, you will not lose much at all. I would even recommend it.

  • Disable dhcpcd


sudo update-rc.d dhcpcd disable
sudo service dhcpcd stop
# sudo shutdown -r now

  • /etc/wpa_supplicant/wpa_supplicant.conf


country=GB
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid=”AT_HOME”
psk=”SUPERSECRET”
id_str=”HOME_SSID”
priority=15
}

network={
ssid=”OFFICE_SSID”
psk=”SUPERSECRET”
id_str=”OFFICE”
priority=14
}

 

  • /etc/network/interfaces


auto lo
iface lo inet loopback

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

iface HOME inet static
address 192.168.2.11
netmask 255.255.255.0
gateway 192.168.2.1
broadcast 192.168.2.255
dns-nameservers 192.168.2.1

iface OFFICE inet static
address 192.168.3.11
netmask 255.255.255.0
gateway 192.168.3.1
broadcast 192.168.3.255
dns-nameservers 192.168.3.1

Useful commands:

  • wpa_cli status
  • sudo iw wlan0 scan | grep -i ssid
  • hostname -I
  • iwconfig wlan0
  • ip addr show
  • ip route show

References:

  • https://wiki.debian.org/WPA
  • http://manual.aptosid.com/en/inet-setup-en.htm
  • https://www.raspberrypi.org/forums/viewtopic.php?t=110606
1 2 3