newspaint

Documenting Problems That Were Difficult To Find The Answer To

Category Archives: SysAdmin

Bash Script to Run Apt-Get Upgrades on All LXC Running Containers

If you have several LXC containers on your system that you want to upgrade in a loop you could use a sensible infrastructure management platform like Ansible.

Here, however, is a simple BASH script for logging into each running LXC host one at a time and letting you answer yes or no to the apt-get upgrade taking place:

#!/bin/bash

# declare an array variable
declare -a LINES

# store each line about running LXC containers into array
LINENUM=0
while IFS= read -r line; do
  echo "  processing LINENUM=$LINENUM, $line"
  LINES[$LINENUM]="$line"
  LINENUM=$((LINENUM + 1))
done <<< "$(sudo lxc-ls -f)"

# iterate through each line in the array
INDEX=0
while [[ $INDEX -lt $LINENUM ]]; do
  # squash up the spaces and delete commas from line
  CLEANLINE=`echo "${LINES[$INDEX]}" |tr -s ' ' |tr -d ,`

  # extract the hostname and ipaddress fields
  HNAME=`echo "$CLEANLINE" |cut '-d ' -f1`
  IPADDR=`echo "$CLEANLINE" |cut '-d ' -f5`

  # ssh into host if a valid IP address is present
  if [ `echo "$IPADDR" |grep -E '^([0-9]+[.]){3}([0-9]+)$'` ]; then
    echo "== $HNAME ($IPADDR) =="
    ssh -t ubuntu@$IPADDR 'echo "== $(hostname) =="; sudo apt-get update; echo "== $(hostname) =="; sudo apt-get upgrade;'
  else
    :
  fi

  INDEX=$((INDEX + 1))
done

This script makes use of BASH arrays. In addition it was discovered that attempting to change variables inside a read loop that was piped was fruitless because the pipe was run inside its own shell and thus the variable changes were lost.

Conditionally adding a directory to PATH if not already in PATH

In BASH it is possible to check that a directory is not already in the PATH environment variable before adding it.

The basic string-in-string search function was adopted from this forum post.

stringContains() { [ -z "${1##*$2*}" ]; }
stringBegins()   { [ -z "${1##$2*}"  ]; }
stringEnds()     { [ -z "${1##*$2}"  ]; }

# call as inPath "$PATH" "/my/new/path"
inPath() {
  if stringBegins   "$1" "$2:";  then return 0; fi
  if stringEnds     "$1" ":$2";  then return 0; fi
  if stringContains "$1" ":$2:"; then return 0; fi
  if [ "$1" == "$2" ];           then return 0; fi
  return 1;
}

If you wanted to, say, add “/home/myuser/bin” if it didn’t already exist, you could add the above functions and the following:

if inPath "$PATH" "/home/myuser/bin"; then
  : # do nothing
else
  PATH="$PATH:/home/myuser/bin"
fi

Windows 10 TCP/Internet Slow With Chrome and OpenWRT Router

So I was having issues getting a Windows 10 laptop running Google Chrome connected via wifi to a router running OpenWRT Chaos Calmer 15.05.1.

The Windows 10 laptop would take a long time to establish a connection and then a long time for any data to transfer at an incredibly slow rate.

At first I thought it was Google Chrome but downloaded Firefox and was still having the same issues.

There are many proposed solutions but the commands that appeared to make a magical difference and instantly speed things up were:

netsh interface tcp show global
netsh interface tcp set global autotuning=disabled

At this stage things did not magically get better.

Then I tried:

netsh interface tcp show heuristics
netsh interface tcp set heuristics enabled

Now the Internet suddenly got quicker.

To undo these changes (if they don’t work for you):

netsh interface tcp set global autotuning=normal
netsh interface tcp set heuristics disabled

Also, because I messed around with the MTU on the WiFi interface I had to run the following to restore things to a relatively normal default:

netsh interface ipv4 set subinterface “WiFi” mtu=1458 store=persistent

Adding Huawei E160E To OpenWRT

I wanted to add a Huawei E160E USB 3G modem to OpenWRT but had some trouble getting it to work.

I used documentation from three places:

In this case I used a latest snapshot from the LEDE project. It turns out the router would simply lose networking, I’d be unable to SSH or access it via the web, after several minutes. Perhaps this was because I was forcing kmod’s with a slightly incompatible kernel. In the end I went back to Chaos Calmer 15.05.1 from OpenWRT which seemed to be more stable for me.

It turned out that I needed to add some more packages, specifically:

  • usbutils – to run “lsusb” to see when my USB devices had been detected
  • kmod-usb-uhci – ultimately I needed a kmod to see the USB controller in order to detect attached devices
  • kmod-usb2 – just in case the UHCI controller module above didn’t work

Note that when adding kmods then opkg might reject it with a LEDE build if package slightly out of sync with the kernel build, in which case use –force-depends (don’t do this, it might result in an unstable router):

opkg install --force-depends kmod-usb-uhci

Now, also ensure that the /etc/modules.d/usb-serial has the following line:

usbserial vendor=0x12d1 product=0x140c maxSize=4096

The vendor and product values are taken from the output of lsusb:

# lsusb
Bus 001 Device 002: ID 12d1:140c Huawei Technologies Co., Ltd. E180v

Once connected the signal strength can be obtained on the command line by running:

# comgt -d /dev/ttyUSB3
SIM ready
Waiting for Registration..(120 sec max)
Registered on Home network: "50502",2
Signal Quality: 13,99

The result can be looked up in the table at this link:

Value RSSI dBm Condition
2 -109 Marginal
3 -107 Marginal
4 -105 Marginal
5 -103 Marginal
6 -101 Marginal
7 -99 Marginal
8 -97 Marginal
9 -95 Marginal
10-93OK
11-91OK
12-89OK
13-87OK
14-85OK
15 -83 Good
16 -81 Good
17 -79 Good
18 -77 Good
19 -75 Good
20 -73 Excellent
21 -71 Excellent
22 -69 Excellent
23 -67 Excellent
24 -65 Excellent
25 -63 Excellent
26 -61 Excellent
27 -59 Excellent
28 -57 Excellent
29 -55 Excellent
30 -53 Excellent

Turning Off DHCP Server on Netgear Wireless Cable Gateway CGD24N

The Netgear Wireless Cable Gateway model CGD24N supplied by Bigpond in Australia can spend a second life as a simple Ethernet switch. However it assigns DHCP addresses out of the box which can really upset a home network if you’re not expecting it.

Your wireless router might be assigning addresses from one range but you keep finding guest devices assigned something from the 192.168.100.0/24 range.

It’s not that straightforward to find the DHCP on/off switch. The steps to find it are thus:

1. Log in to gateway admin interface, select NAT from menu

Select NAT from menu on left-hand side

Select NAT from menu on left-hand side

2. Turn NAT on, click apply

Select NAT on checkbox, click apply

Select NAT on checkbox, click apply

3. Select LAN IP from left hand menu

Select LAN IP from left hand menu

Select LAN IP from left hand menu

4. Select DHCP no radio button, click apply

Select DHCP no radio button, click apply

Select DHCP no radio button, click apply

How To Change TLS Bind Port In Asterisk

Asterisk doesn’t make it necessarily easy to change the port that TLS is bound to.

In sip.conf I’d set a different port (6000):

tlsbindaddr=0.0.0.0:6000

But when I set sip set debug on I would see a message like the following on answer:

<--- Reliably Transmitting (no NAT) to 5.6.7.8:42849 --->
  P/2.0 200 OK
Via: SIP/2.0/TLS 192.168.1.3:42849;branch=z9hG4bKPjBFu7pgHTfOHCaNamaqTKTq3wenp-G.oY;alias;received=5.6.7.8;rport=42849
From: "myext" ;tag=mQqEvydONdU7yOGgCi2.OiDu8lSfXZuK
To: <sip:test@myhost.com>;tag=as378489ee
Call-ID: tAYfXG5BEF9w8lY.ghupqOtwNyV3J18G
CSeq: 12562 INVITE
Server: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: <sip:test@1.2.3.4:5061;transport=TLS>
Content-Type: application/sdp
Require: timer
Content-Length: 387

The problem was that the Contact: header was advertising the wrong TLS port to the extension which would then attempt to contact the wrong port in response to the answered call (so no audio would start getting received by the extension).

The solution was to add to sip.conf:

externtlsport=6000

As mentioned in another article if the advertised IP address is wrong in this Contact: header then you may also want to specify:

externip=1.2.3.4

Converting XPS to PDF using MuPDF on Ubuntu Linux

I had a recently generated “.xps” file sent to me and needed it in PDF form for convenient viewing. The following took place on Xubuntu Trusty Tahr 14.04 LTS.

The “xpstopdf” tool failed me with a poorly converted document (just a single rectangle, no text).

Then I installed “mupdf”:

~$ sudo apt-get install mupdf
~$ mupdf mydocument.xps

This it rendered to my satisfaction to the screen. Next I wanted a PDF file!

But when I tried using “mudraw“, the associated tool installed with the “mupdf-tools” Ubuntu package, I got the following error:

~$ sudo apt-get install mupdf-tools
~$ mudraw -o /tmp/mydocument.pdf /tmp/mydocument.xps
error: empty page tree, cannot insert page
error: cannot draw '/tmp/mydocument.xps'

In the end I decided to try compiling the latest version available from MuPDF‘s download page (I downloaded “mupdf-1.9a-source.tar.gz” published 2016-04-21).

~$ wget 'http://mupdf.com/downloads/mupdf-1.9a-source.tar.gz'
~$ tar -xvzf mupdf-1.9a-source.tar.gz
~$ cd mupdf-1.9a-source
~$ sudo apt-get install mesa-common-dev libxcursor-dev libxshmfence-dev libxext-dev libxrandr-dev libxinerama-dev
~$ nice make -j 3
~$ ./build/release/mutool draw -o /tmp/mydocument.pdf /tmp/mydocument.xps

This time my PDF was rendered without any errors!

Want to Slow Linux ZFS Flushing/Syncing to Disk Every 5 Seconds?

So you’ve got ZFS on Linux and you notice your hard drive LED light up every 5 seconds. How can you slow that down?

The zfs_txg_timeout parameter is described as:

~# modinfo zfs |grep zfs_txg_timeout
parm:           zfs_txg_timeout:Max seconds worth of delta per txg (int)

You can check the current value of this parameter:

~# cat /sys/module/zfs/parameters/zfs_txg_timeout
5

To verify this is the parameter you want to change, set this to 10 and count the number of seconds between the hard drive light coming on:

~# echo 10 >/sys/module/zfs/parameters/zfs_txg_timeout

Once you know this is the parameter causing the hard drive activity you can tell the ZFS module the default you want it to start with on next boot by editing /etc/modprobe.d/zfs.conf and adding a line similar to the following:

options zfs zfs_txg_timeout=30

Take care when changing this number as it may result in a higher probability of lost data in the event of a power outage.

Disabling the Alarm/Beep on APC UPS Back-UPS 1400 on Ubuntu 14.04

Note this was also done on a APC UPS Back-UPS 700 as well as a APC UPS Back-UPS 1400.

So you don’t want to be interrupted by long piercing beeps from your APC-branded UPS every minute when the power goes out. That’s fair. Perhaps it is night time and the power goes out occasionally. You just want your server to keep humming as long as it can. If the power stays off for two hours straight, then fine, it can die, but if the power recovers in that time you just don’t want to know about it. You bought your un-interruptable power supply (UPS) to increase reliability in, perhaps, an area with an unreliable electricity supply.

Note that for some people the alarm is important to them: they must take action in the event of a power outage. This guide is not for you.

If you have Ubuntu Linux 14.04 Trusty Tahr then it is actually very easy to disable the alarm on your UPS.

Attach USB cable from computer to UPS

Attach USB cable from computer to UPS

First connect your UPC to your PC (or laptop) via USB cable.

Connect the USB cable to the back of the UPS

Connect the USB cable to the back of the UPS

Confirm that it is found by running lsusb:

user@host:~$ lsusb
Bus 003 Device 013: ID 051d:0002 American Power Conversion Uninterruptible Power Supply

Next install apcupsd via apt-get:

user@host:~$ sudo apt-get install apcupsd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  apcupsd-doc
Suggested packages:
  apcupsd-cgi
The following NEW packages will be installed:
  apcupsd apcupsd-doc
0 upgraded, 2 newly installed, 0 to remove and 12 not upgraded.
Need to get 891 kB of archives.
After this operation, 2,378 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://www.mirrorservice.org/sites/archive.ubuntu.com/ubuntu/ trusty/universe apcupsd-doc all 3.14.10-2build1 [608 kB]
Get:2 http://www.mirrorservice.org/sites/archive.ubuntu.com/ubuntu/ trusty/universe apcupsd amd64 3.14.10-2build1 [282 kB]
Fetched 891 kB in 0s (4,839 kB/s)
Selecting previously unselected package apcupsd-doc.
(Reading database ... 378817 files and directories currently installed.)
Preparing to unpack .../apcupsd-doc_3.14.10-2build1_all.deb ...
Unpacking apcupsd-doc (3.14.10-2build1) ...
Selecting previously unselected package apcupsd.
Preparing to unpack .../apcupsd_3.14.10-2build1_amd64.deb ...
Unpacking apcupsd (3.14.10-2build1) ...
Processing triggers for doc-base (0.10.5) ...
Processing 1 added doc-base file...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up apcupsd-doc (3.14.10-2build1) ...
Setting up apcupsd (3.14.10-2build1) ...
update-rc.d: warning:  start runlevel arguments (1 2 3 4 5) do not match apcupsd Default-Start values (2 3 4 5)
update-rc.d: warning:  stop runlevel arguments (0 6) do not match apcupsd Default-Stop values (0 1 6)
Please check your configuration ISCONFIGURED in /etc/default/apcupsd
Processing triggers for ureadahead (0.100.0-16) ...
user@host:~$ 

Now you’ll have to sudo vi /etc/apcupsd/apcupsd.conf and comment out the following lines and replace them with the following:

#UPSCABLE smart
UPSCABLE usb

#UPSTYPE apcsmart
#DEVICE /dev/ttyS0
UPSTYPE usb

Now you’re ready to run apctest which is documented on the apcupsd page:

user@host:~$ sudo apctest
2016-07-16 18:48:25 apctest 3.14.10 (13 September 2011) debian
Checking configuration ...
Attached to driver: usb
sharenet.type = Network & ShareUPS Disabled
cable.type = USB Cable
mode.type = USB UPS Driver
Setting up the port ...
Doing prep_device() ...

You are using a USB cable type, so I'm entering USB test mode
Hello, this is the apcupsd Cable Test program.
This part of apctest is for testing USB UPSes.

Getting UPS capabilities...SUCCESS

Please select the function you want to perform.

1)  Test kill UPS power
2)  Perform self-test
3)  Read last self-test result
4)  View/Change battery date
5)  View manufacturing date
6)  View/Change alarm behavior
7)  View/Change sensitivity
8)  View/Change low transfer voltage
9)  View/Change high transfer voltage
10) Perform battery calibration
11) Test alarm
12) View/Change self-test interval
 Q) Quit

Select function number: 6

Current alarm setting: ENABLED
Press...
 E to Enable alarms
 D to Disable alarms
 Q to Quit with no changes
Your choice: Select function: D

New alarm setting: DISABLED

1)  Test kill UPS power
2)  Perform self-test
3)  Read last self-test result
4)  View/Change battery date
5)  View manufacturing date
6)  View/Change alarm behavior
7)  View/Change sensitivity
8)  View/Change low transfer voltage
9)  View/Change high transfer voltage
10) Perform battery calibration
11) Test alarm
12) View/Change self-test interval
 Q) Quit

Select function number: Q

user@host:~$

Fairly straightforward.

Note you may want to uninstall the apcupsd package from your system now.

user@host:~$ sudo apt-get remove apcupsd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apcupsd-doc
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  apcupsd
0 upgraded, 0 newly installed, 1 to remove and 12 not upgraded.
After this operation, 749 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 379108 files and directories currently installed.)
Removing apcupsd (3.14.10-2build1) ...
Please check your configuration ISCONFIGURED in /etc/default/apcupsd
Please check your configuration ISCONFIGURED in /etc/default/apcupsd
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1) ...
user@host:~$

Lenovo TS-140 Ethernet Card Halt

I had my Ethernet interface effectively just die after 33 days uptime in Linux and running continuously for many, many months.

What was particularly bizarre was that I had an identical Lenovo TS-140 running beside it attached to the same Ethernet switch – that was running a GUI and it completely froze at this point. At least with the first console server I was able to access it and make a copy of the logs for later analysis after rebooting.

From /var/log/dmesg I had the following:

[2931914.307645] ------------[ cut here ]------------
[2931914.307663] WARNING: CPU: 0 PID: 0 at /build/linux-Mxzr_W/linux-3.13.0/net/sched/sch_generic.c:264 dev_watchdog+0x276/0x280()
[2931914.307668] NETDEV WATCHDOG: eth0 (e1000e): transmit queue 0 timed out
[2931914.307671] Modules linked in: btrfs raid6_pq xor ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c nf_conntrack_netlink nfnetlink_queue nfnetlink_log nfnetlink bluetooth xt_LOG xt_limit ts_bm xt_comment xt_string xt_conntrack xt_HL xt_nat veth xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec kvm snd_hwdep snd_pcm mei_me snd_page_alloc serio_raw snd_timer mei snd shpchp lpc_ich soundcore mac_hid nf_nat_sip nf_conntrack_sip nf_nat nf_conntrack zfs(POX) zunicode(POX) zcommon(POX) znvpair(POX) spl(OX) zavl(POX) hid_generic usbhid hid dm_crypt usb_storage crct10dif_pclmul crc32_pclmul i915 aesni_intel aes_x86_64 lrw e1000e gf128mul psmouse glue_helper ablk_helper i2c_algo_bit cryptd ptp drm_kms_helper pps_core drm ahci libahci video wmi
[2931914.307793] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P           OX 3.13.0-85-generic #129-Ubuntu
[2931914.307797] Hardware name: LENOVO ThinkServer TS140/ThinkServer TS140, BIOS FBKT82AUS 04/02/2014
[2931914.307800]  0000000000000000 ffff88051ea03d98 ffffffff8172b6a7 ffff88051ea03de0
[2931914.307808]  0000000000000009 ffff88051ea03dd0 ffffffff810699cd 0000000000000000
[2931914.307814]  ffff8800361a0000 ffff8804fc73e880 0000000000000001 0000000000000000
[2931914.307820] Call Trace:
[2931914.307824]  <IRQ>  [<ffffffff8172b6a7>] dump_stack+0x64/0x82
[2931914.307845]  [<ffffffff810699cd>] warn_slowpath_common+0x7d/0xa0
[2931914.307851]  [<ffffffff81069a3c>] warn_slowpath_fmt+0x4c/0x50
[2931914.307863]  [<ffffffff8164ef86>] dev_watchdog+0x276/0x280
[2931914.307870]  [<ffffffff8164ed10>] ? dev_graft_qdisc+0x80/0x80
[2931914.307878]  [<ffffffff81076956>] call_timer_fn+0x36/0x150
[2931914.307884]  [<ffffffff8164ed10>] ? dev_graft_qdisc+0x80/0x80
[2931914.307892]  [<ffffffff8107798f>] run_timer_softirq+0x21f/0x310
[2931914.307900]  [<ffffffff8106f00c>] __do_softirq+0xfc/0x310
[2931914.307908]  [<ffffffff8106f595>] irq_exit+0x105/0x110
[2931914.307919]  [<ffffffff8173e755>] smp_apic_timer_interrupt+0x45/0x60
[2931914.307926]  [<ffffffff8173d0dd>] apic_timer_interrupt+0x6d/0x80
[2931914.307929]  <EOI>  [<ffffffff815dc5e2>] ? cpuidle_enter_state+0x52/0xc0
[2931914.307946]  [<ffffffff815dc5d8>] ? cpuidle_enter_state+0x48/0xc0
[2931914.307954]  [<ffffffff815dc72c>] cpuidle_idle_call+0xdc/0x220
[2931914.307963]  [<ffffffff8101e4de>] arch_cpu_idle+0xe/0x30
[2931914.307971]  [<ffffffff810c1eb5>] cpu_startup_entry+0xc5/0x2b0
[2931914.307980]  [<ffffffff81719777>] rest_init+0x77/0x80
[2931914.307990]  [<ffffffff81d34f70>] start_kernel+0x438/0x443
[2931914.307998]  [<ffffffff81d34941>] ? repair_env_string+0x5c/0x5c
[2931914.308006]  [<ffffffff81d34120>] ? early_idt_handler_array+0x120/0x120
[2931914.308014]  [<ffffffff81d345ee>] x86_64_start_reservations+0x2a/0x2c
[2931914.308021]  [<ffffffff81d34733>] x86_64_start_kernel+0x143/0x152
[2931914.308026] ---[ end trace 7c85c7d5a955f5e4 ]---
[2931914.308063] e1000e 0000:00:19.0 eth0: Reset adapter unexpectedly
[2931918.468625] e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
[2931938.327046] e1000e 0000:00:19.0 eth0: Reset adapter unexpectedly
[2931942.327873] e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx

Almost exactly the same set of messages described in this bug thread (but with no solution at time of writing).

A few solutions were proposed. This one proposed disabling TSO, GSO and GRO using ethtool:

ethtool -K eth0 gso off gro off tso off

But I decided to try turning active power state management off in the kernel after seeing the following in /var/log/dmesg:

[    0.114082] ACPI FADT declares the system doesn't support PCIe ASPM, so disable it
[    0.147241] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI]
[    0.147621] acpi PNP0A08:00: FADT indicates ASPM is unsupported, using BIOS configuration

So I followed the recommendation in this post by adding pcie_aspm=off to /etc/default/grub as follows:

GRUB_CMDLINE_LINUX_DEFAULT="pcie_aspm=off nosplash"

… and then re-ran sudo update-grub.

Note that I cannot tell you if this definitively works. This Ethernet crash only happened once in the 14 months I’ve had the server. Hopefully it won’t happen again.