News items for tag homeserver - Koos van den Hout

2017-11-10 Really disabling framebuffer on a modern linux 1 week ago
Framebuffer is nice but I want it really disabled on my new homeserver 2017 because that will end up in the attic where I don't want a repeat of the earlier Linux-related radio interference problem. And for virtual machines it's a bit of overkill too.

To disable framebuffer in both grub and the running Linux it has to be disabled twice. Both in /etc/default/grub which now has these two lines:
GRUB_CMDLINE_LINUX_DEFAULT="nomodeset"

GRUB_TERMINAL=console

Tags: , ,
2017-11-10 NFSv4 on the synology isn't complete NFSv4 until you do some special configuration 1 week ago
This solution fails at the moment I start using rsync to sync directories to the Synology. Update when I find out where that goes wrong.

I am now using a synology for storage in the home network. Linux clients use NFS to access the Synology, and nowadays the default NFS version is version 4, which does things quite differently from version 3. NFS version 4 is supposed to use user names with NFS domain names and rpc.idmapd instead of numeric user and group IDs.

After serious debugging I found out NFSv4 with the synology doesn't use names as I expected. I kept looking at nfs client settings but eventually I used tcpdump, wireshark and tshark to find out owner names aren't used at all. Numerical UIDs are used as text in the NFSv4 answers, even for files that have an owner that is known in the synology. As if the nfs4_disable_idmapping=0 is never set for the NFS server.

I confirmed this with capturing the NFS traffic with tcpdump and analyzing the pcap files with wireshark and tshark. I indeed see:
                        reco_attr: Owner (36)
                            fattr4_owner: 1026
                                length: 4
                                contents: 1026

A lot of google searching confirms this, including anyone have nfsv4 actually working? - Synology Forum. The next step is to adjust the idmapping in the running kernel on the synology, using:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Now I indeed see the right strings in the NFSv4 traffic, but the idmapd on the client doesn't translate for some reason. Fixing the /etc/idmapd.conf file helped.

The next step is to make this change permanent on the synology. Adding a file /etc/modules.local.conf with
module_nfsd_args="nfs4_disable_idmapping=0"
does the trick. This I learned from reading the startup file /etc/rc.subr which loads the kernel modules.

And now I see the right data in the NFS traffic:
                        reco_attr: Owner (36)
                            fattr4_owner: koos@idefix.net
                                length: 15
                                contents: koos@idefix.net
And the user mapping works. On an older system I have UID 501, on the synology I have UID 1026 and on a new system I have UID 1000, and I'm owner of the files everywhere.

Tags: , ,
2017-10-11 Haproxy on the new home server and devuan upgrades 1 month ago
I got around again to working on the new homeserver 2017 and I worked on the installation of a 'testing' virtual machine with virt-install. This test machine also runs devuan linux. The first application I was testing on there is haproxy.

haproxy I noticed some defaults I did not expect (such as preferring IPv4 over IPv6). It seems the 'stable' devuan has the same age issues as 'stable' debian. Otherwise haproxy does what it is supposed to and I may standardize on it.

Upgrading was easy, I looked at Upgrading Devuan Jessie to Ascii and just changed jessie to ascii in /etc/apt/sources.list and did an apt-get dist-upgrade. The only minor issue afterwards is that the system now insists on using framebuffer video, which I find overkill for a virtual machine. VGA 80x25 is fine.

Tags: , , ,
2017-07-28 Already doing a casemod on the new home server 3 months ago
The new homeserver 2017 has arrived and I'm working on installing it. But first I had to do my first 'casemod' which was just rerouting a few cables. The case comes with a fan control, but I want all fan control to come from the mainboard and monitor the fans from the operating system. So I disconnected the fans from the case fan control and reconnected them to fan connectors on the mainboard that allow for voltage based fan control and monitoring.

The case is a bit overkill, but looks really good and offers lots of routes for airflow. New to me was that the case has cableguides which allow it to look really nice internally and have really good airflow. So I used those cableguides when I rerouted the fan cables and even tie-wrapped the cables to keep them looking nice.

Tags: ,
2017-04-19 En nu is de MTU wel naar 1500 van de VDSL PPPoE sessie 7 months ago
Recent postte 'Coen' in xs4all.adsl een stappenplan om onder Ubuntu 12.04 de MTU van de PPP verbinding naar 1500 bytes te krijgen. Alle lof dus naar Coen, want met zijn stappenplan is het me wel gelukt en is alles nu doorgaand MTU 1500, wat minder issues zou moeten geven.
Na een gezellig avondje stoeien is het gelukt om dit met terugwerkende
kracht voor Ubuntu 12.04 op te lossen met een nieuwe pppd en pppoe versie.

Voor wie durft en bovendien wat Linux ervaring heeft hier de te volgen
stappen:

Nieuwe pppd builden:

mkdir ppp
cd ppp
apt-get source ppp
cd ppp-2.4.5/
wget -O debian/patches/zz_pppoe1500
"http://git.ozlabs.org/?p=ppp.git;a=patch;h=fd1dcdf758418f040da3ed801ab001b5e46854e7"
dch -i
dpkg-buildpackage -us -uc

[[ppp en ppp-dev installeren]]

Nieuwe pppoe builden:

mkdir pppoe
cd pppoe
wget -4
http://archive.ubuntu.com/ubuntu/pool/universe/r/rp-pppoe/rp-pppoe_3.11-0ubuntu1.dsc
wget
http://archive.ubuntu.com/ubuntu/pool/universe/r/rp-pppoe/rp-pppoe_3.11.orig.tar.gz
wget
http://archive.ubuntu.com/ubuntu/pool/universe/r/rp-pppoe/rp-pppoe_3.11-0ubuntu1.debian.tar.xz
tar -xzvf rp-pppoe_3.11.orig.tar.gz
cd rp-pppoe-3.11/
tar -xf ../rp-pppoe_3.11-0ubuntu1.debian.tar.xz
dch -i
dpkg-buildpackage -us -uc

[[pppoe installeren]]

Mtu op 1500 zetten: klaar!
Vanaf een losse client leek toch nog MTU 1492 gebruikt te worden, dus heb ik /etc/radvd.conf aangepast om expliciet MTU 1500 mee te geven:
interface eth0.3
{  
   AdvSendAdvert on;
   AdvLinkMTU 1500;
En dan de verdere opties. En dan werkt het inderdaad:
koos@kernighan:~$ tracepath6 ping.xs4all.nl
 1?: [LOCALHOST]                        0.018ms pmtu 1500
 1:  eth0-3.idefix.net                                     1.983ms 
 1:  eth0-3.idefix.net                                     1.858ms 
 2:  lo0.dr12.d12.xs4all.net                              17.910ms 
 3:  0.ae22.xr3.3d12.xs4all.net                           17.957ms 
 4:  no reply

Tags: , , ,
2017-02-06 Squeezing a bit more powersaving from Linux 9 months ago
The c't magazine this month had a few tips on linux powersaving. I tried them on the homeserver and saw indeed a very slight reduction in power use as logged by the UPS.

For powersaving in sound card(s):
# echo 1 > /sys/module/snd_hda_intel/parameters/power_save
This can cause plopping sounds on some sound cards.

For powersaving in disk communication:
# cd /sys/class/scsi_host/
# for i in host*/link_power_management_policy; do echo min_power > "$i"; done

Tags: , ,
2017-01-23 Ontbrekende stukje grotere MTU met VDSL op DrayTek Vigor 130 en Ubuntu 10 months ago
Ongeveer een jaar geleden ging ik over op het Draytek Vigor 130 VDSL modem om weer een configuratie te krijgen waar ik maximale controle heb.

Het nog openstaande punt is dat ik de ppp configuratie graag naar een MTU van 1500 bytes wil. En dat dat toen niet lukte in Vigor VDSL modem in gebruik en Xs4all VDSL met DrayTek Vigor 130 VDSL modem en PPP eindpunt op Linux (ubuntu) server.

Wat ik al goed had was de MTU van de ethernet interfaces hoger en het vinkje op de Draytek aangepast. Maar als ik de mtu/mru hoger forceerde in de ppp opties ging het mis.

Nu kwam voorbij in xs4all.general over dit onderwerp:
> 1500 wordt ondersteund door Xs4all en je test eerst bij 1492 welk pakket
> via ping erdoor gaat zonder in stukken gebroken te worden.
> Daarna zet je de MTU naar 1500 en kijkt of je inderdaad 8 bits meer door
> router kunt drukken zonder dat die gebroken wordt.

Wel zorgen dat het apparaat waar je de PPPoE termineert RFC4638
implementeert.
Die moet dan in de PADI een extra tag plaatsen (PPP payload is 1500
bytes), en de BRAS zet dat ook weet in zijn PADO antwoord.
Zo maar een grotere MTU gebruiken gaat niet werken...
De PPPoE sessie komt bij mij vanaf de thuisserver met rp-pppoe. Even zoeken leverde mij op dat voor rp-pppoe met MaxPayload onderhandeling ik minstens 3.11 nodig heb, en bij de huidige ubuntu versie zit nog 3.8. Tijd om een nieuwere versie te testen.

Update: Daarvoor moeten zowel de pppoe binary als de rp-pppoe.so plugin voor pppd bijgewerkt worden, en dat lukt me op dit moment even niet. Gelukkig had ik de oude pppoe binaries expres klaar staan en kon ik dus heel snel terug.
Read the rest of Ontbrekende stukje grotere MTU met VDSL op DrayTek Vigor 130 en Ubuntu

Tags: , , ,
2016-11-10 Backup to .. the cloud! 1 year ago
So I now have some cloudstorage space available also via webdav and I am working on using this for backups. The main idea is to have a daily backup to the cloud service and do the tape backups less often.

I still want incremental backups so I can go back to specific older versions of files. So I want to use amanda for backups. I installed the davfs2 package to be able to mount the webdav filesystem and access it from Linux. The first few clues come from Set Up Virtual Tapes - Amanda Howto but I had to switch to the chg-multi driver as described in Backup to Virtual Tapes on a non-UNIX Filesystem - Amanda Howto because the webdav filesystem does not support symlinks.

I/O performance during the backup isn't ideal and the vdsl uplink is completely full during the filetransfer. Maybe I need to slow down the backup process a bit and ratelimit the webdav transfer.

Tags: , ,
2016-10-26 Ok, allow-hotplug means some other process has to start the interface 1 year ago
Today I rebooted the homeserver greenblatt for kernel updates and noticed PPPoE over VDSL did not come up at all.

It turns out allow-hotplug in /etc/network/interfaces which I added after the previous boot to speed up boottime a bit means something else has to trigger the 'ifup' of the interface. So now there is a ifup pppdray & in /etc/rc.local.

Interesting datapoint is that all IPv6 bindings came up perfectly so I guess that IPv6 bug is triggered by some race condition in configurations of interfaces.

Tags: ,
2016-07-22 Not waiting for dynamic interfaces to come up during boot 1 year ago
I had to shutdown the homeserver greenblatt to allow for work on our electricity meter and I noticed during boot-up it complained:
waiting for network configuration
waiting an additional 60 seconds for network configuration
According to networking - "waiting for network configuration" Problem - Ask Ubuntu this is caused by some error in /etc/network/interfaces but I could not figure out which one until I read about the difference between the auto and allow-hotplug settings for an interface. What I had was:
auto pppdray
iface pppdray inet ppp
        provider dray-vdsl
Which caused the boot process to wait until the PPPoE over VDSL link was completely up and running (which was not going to happen at that time).

Solution, change it to:
# set to allow-hotplug: not needed to boot
allow-hotplug pppdray
iface pppdray inet ppp
        provider dray-vdsl
So the startup continues.

The problem noted at the previous boot Boot-time IPv6 on the homeserver not working was still happening and I had to reconfigure interfaces and restart services to get everything stable, so disabling duplicate address detection did not help.

Update 2016-10-26: Found out using allow-hotplug means I have to ifup that interface some other way: Ok, allow-hotplug means some other process has to start the interface. One learns in slow iterations if you don't want to reboot constantly.

Tags: ,
2016-01-14 Boot-time IPv6 on the homeserver not working 1 year ago
I shutdown and rebooted the homeserver to get an updated kernel and look at some other things. After booting up again I noticed the problem with IPv6 not active on interfaces that started early was happening again. No linklocal addresses configured, no global addresses configured. This affects all ethernet interfaces and ppp0 for the link to the outside world. I also noticed this problem after the upgrade, see Upgrading the homeserver to Ubuntu 12.04 but the problem remains even with an updated kernel (currently 3.2.0-97-generic).

I have no idea what causes this and how to fix it. It seems related to Debian bug #726569: haproxy doesn't start on boot due to missing IPv6 address on interface but in that case the address is configured but just not available to applications to bind to. Related Beware the IPv6 DAD Race Condition - Andrew Ayer suggests the same (duplicate address detection race condition) but has disabling duplicate address detection (DAD) as workaround.

Tags: , ,
2016-01-10 UBA PSK63 prefix contest 2016 results will wait a bit... 1 year ago
It seems there is some internal corruption in the fldigi program I use for amateur radio digital mode connections. Normally this shows as some strange artefacts on the screen, which means it is time to stop and start fldigi, and reset the outgoing serial number to the right number when I am busy in a contest. The more active use during a contest also seems to be a trigger.

Anyway, this internal corruption hit me hard today: right in the last minutes of the UBA PSK63 prefix contest 2016 the program hung during logging an entry, leaving me with a 0 byte logfile on disk, so all records of digimode contacts gone.

I can recover everything and still submit my results: restore the logbook.adif file from tape, add entries created after the last backup from cqrlog and add the serial numbers again to the fldigi contacts log from the fldigi text log since cqrlog copies the logentries from fldigi but without the 'contest' information. But that processing will have to wait a bit as other things take priority. The log has to be submitted before januari 17, 23:59 UTC.

Restoring the file from tape was extra interesting since I just got an error message
amrecover - can't talk to tape server: service amidxtaped: 
from amrecover. This turns out to be a known bug in amanda 3.3.0 in ubuntu 12.04 LTS: Bug #1074574 “known issue: amrecover - can't talk to tape server...” : Bugs : amanda package : Ubuntu and Bug #1077105 “amrecover - can't talk to tape server: service ami...” : Bugs : amanda package : Ubuntu. I applied the changes noted in the bugreports and after that I could restore the file.

Update: The rest of the restore operation was a matter of importing the right records back from cqrlog into fldigi and adding the serial numbers from the fldigi text log. This was just a lot of searching and typing.

Tags: , , , ,
2015-10-26 Warning for the next reboot 2 years ago
Interesting information in the message of the day:
*** /dev/sda1 will be checked for errors at next reboot ***
*** /dev/mapper/vgsw-camera will be checked for errors at next reboot ***
*** /dev/mapper/vgsw-scratch will be checked for errors at next reboot ***
*** /dev/sdc1 will be checked for errors at next reboot ***
*** /dev/sdc2 will be checked for errors at next reboot ***
*** /dev/sda6 will be checked for errors at next reboot ***
Which translates to 'your next system startup will take up to an hour' for me.

This explains why logging in sometimes takes a while: this check probably wakes the disks from sleep some of the time.

I'll go do some of those filesystem checks by hand: I don't want to be offline for up to an hour when I reboot.

Tags: , ,
2015-07-30 Saving a bit on power use: putting disks to sleep again 2 years ago
I noticed one of the harddisks in the home server greenblatt wasn't in standby mode when idle for a long time. This was noticeable since the UPS load value was a bit higher than I expect for a complete idle machine.

A few years ago I set up spindown to set the disks to standby on inactivity and this wasn't happening. A peek at the internal statistics turned out that since the two ubuntu upgrades in april this disk wasn't going into standby mode. It turned out that since the kernel upgrades it doesn't listen to sg_start --stop anymore so I had to change the relevant part of /etc/spindown.conf to:
[Disk 0]
id = ata-WDC_WD15EADS-...
spindown = 1
command = hdparm -y
And a few watts are saved again. The interesting part is that the sg_start --stop command still works fine for the WDC_WD10EADS disk.

Tags: , ,
2015-06-20 A fast-changing security world 2 years ago
At work I reviewed something about TLS security I wrote in May 2014 and noticed I had to make some serious adjustments for the May 2015 state. SSLv3 is no longer accepted, SHA1 is no longer an accepted hashing algorithm and other changes.

This week on the home server greenblatt I had two different impacts from the latest OpenSSL update: SSL communications with the Fritz!Box was failing and SSL in sendmail was failing, both due to the latest insights into the security of the Diffie-Hellman key exchange.

These insights are very very new: in April I did a course in the Certified Information Systems Security Professional (CISSP) common body of knowledge and I learned the default Diffie-Hellman parameters were safe. Now we learn to generate them for each individual system at the same strength as the private key. Knowledge of cryptographic quality ages fast at the moment.

Tags: , , , ,
2015-05-21 A Linux-related radio interference problem 2 years ago
Recently I noticed serious interference very visible on 14.070 MHz. Where it annoyed me a lot since that is the regular frequency for 20 meter PSK31 where I make most of my contacts at the moment. I also saw some interference at 28.120 MHz, the PSK31 frequency in the 10 meter band.

Noise on 14.070 MHz
The noise in the fldigi waterfall, click for the full fldigi screen.
The interference showed as steady carriers about 58 Hz apart and sounded like a serious buzzing noise. The first conclusion was that one of the over the horizon radars decided to drop on that part of the 20 meter band.

But later on the interference stayed at exact the same frequency. And active over the horizon radar is also quite visible on the Utwente websdr as I noted before when I noticed interesting interference in the 10 meter amateur band. This specific interference wasn't visible there.

So I kept searching locally for the source. I was afraid a nearby neighbour was using a new interfering CFL or power supply which would make it hard to diagnose and fix.

My own equipment was also a serious suspect. One piece of hardware that recently changed near the antenna was the monitor for the server. The monitor changed from an old CRT to a less-old LCD screen. The power supply wasn't the culprit, but searching further it turned out the video signal to the monitor was! And then I saw what else changed: after upgrading the homeserver to Ubuntu 10.04 and upgrading the homeserver to Ubuntu 12.04 it started coming up in framebuffer mode. Which has a different video frequency from the 80x50 textmode I used earlier.

The problem goes away completely when I unplug the video cable from the computer. I had an extension cable without ferrite cores because an earlier monitor needed the extra length. Removing the extension cable makes the level of interference drop a lot but it's not away completely. So the solution is to unplug the monitor cable from the computer.

Then things are back to the 'normal' noise level on 20 meters and 10 meters. It's still a city environment.
Listen to audio attachment:
MP3 media: Noise on 14.070 MHz (rightclick, select save-as to download)

Tags: , , ,
2015-04-27 Upgrading the homeserver to Ubuntu 12.04 2 years ago
And to get to a version of Ubuntu with support available I kept doing and did 'do-release-upgrade' again today on the homeserver greenblatt.

Again the upgrade was running for a while. A big improvement is that the process now uses screen so I was able to attach to that running console from other sessions and answer questions.

After the upgrade the reboot came, and after the reboot I noticed resolving was broken. This was traced back to the ppp0 interface for the connection to the outside world and the internal interface for services having started completely without IPv6 support. Doing an ifdown and ifup helped, but this should all start correct automatically.

I noticed the new Postgresql 9.1 is already installed, but Postgresql 8.4 is the default version available over port 5432, so I can do the pg_upgradecluster when I have time for that.

Later I noticed some packages were held back. I traced this back to /etc/apt/preferences still being optimized for Ubuntu 8.04 hardy and hardy-backports. I emptied the preferences file and it all sorted itself out and now everything is up to date.

This was probably the reason Postgresql 8.4 was left installed and active. After the updates above apt-get autoremove was going to delete Postgresql 8.4.
Read the rest of Upgrading the homeserver to Ubuntu 12.04

Tags: , , ,
2015-04-26 Upgrading the homeserver to Ubuntu 10.04 2 years ago
This weekend was about the last weekend that I could have access to Ubuntu 10.04 LTS for upgrading my homeserver greenblatt from Ubuntu 8.04 to Ubuntu 10.04 which will run out of support this month, making it unavailable as an upgrade path. I postponed this for way too long because I expected a lot of work fixing things, especially asterisk which runs our home phone system.

The solution to asterisk was simple: I disabled it and reprogrammed a Gigaset C450IP base to deal with our VoIP provider directly. After all the upgrading is done I'll go fix things with the OpenVox ISDN card in a test machine and when all is stable again I will move things to production.

For the rest it was a matter of typing 'do-release-upgrade' and hope for the best. Reconfiguring packages took the longest and the biggest issue was that the upgrade from Postgres 8.3 to Postgres 8.4 wasn't done automatically but I had to do this myself using the hints from How tu [sic] upgrade Postgresql 8.3 database file to 8.4 - stackoverflow.

The documentation says to do this beforehand but Postgresql 8.4 isn't available before the upgrade and it took a bit of fiddling to have Postgresql 8.3 available after the upgrade. But then pg_upgradecluster ran. It complained about a few tables and the end result I noticed was that those tables were dropped out of the upgrade completely. I re-enabled Postgresql 8.3 and migrated those databases or tables using pg_dump. Not a complete smooth upgrade but I think it went ok.

Tags: , , ,
2015-02-24 More work on getting asterisk to work as an ISDN network terminator on the test server 2 years ago
I dug up all the tools needed to test the isdn setup in the test server: an old sitecom ISDN card with HFC-S chipset, an ISDN cross cable, a fritzbox with external S0 bus and an analog phone set.

It took me a while to get all 3 channels in the ISDN card active in Asterisk, I 'missed' the fact that the oslec echo canceller wasn't loaded due to a module versioning problem. At first it showed:
root@metcalfe:~# lsdahdi
### Span  1: DAHDI_DUMMY/1 "DAHDI_DUMMY/1 (source: HRtimer) 1" (MASTER)
### Span  2: ZTHFC1 "HFC-S PCI A ISDN card 0 [NT] " AMI/CCS
  1 BRI        Clear       (In use)
  2 BRI
  3 BRI
The switch from oslec to mg2 fixed things:
root@metcalfe:~# lsdahdi
### Span  1: ZTHFC1 "HFC-S PCI A ISDN card 0 [NT] " AMI/CCS
  1 BRI        Clear       (In use) (EC: MG2 - INACTIVE)
  2 BRI        Clear       (In use) (EC: MG2 - INACTIVE)
  3 BRI        Hardware-assisted HDLC  (In use)
### Span  2: DAHDI_DUMMY/1 "DAHDI_DUMMY/1 (source: HRtimer) 1" (MASTER)
But whatever I tried: no dialtone. Time to also hook up a SIP phone to initiate calls the other way.
Read the rest of More work on getting asterisk to work as an ISDN network terminator on the test server

Tags: , ,
2015-02-23 Preparing for upgrades and testing speed improvements for my homepage 2 years ago
As part of a needed upgrade on my homeserver I will also have to deal with Apache 2.4 and the changes needed there. Because some other things will change completely like asterisk I used an old server with comparable packages to do the same upgrades and test the results.

As keen visitors to my page may have noticed I am interested in the performance. This test-setup also gives me room to experiment with some possible new methods. I have to establish a baseline on that server first since it has different hardware.
Read the rest of Preparing for upgrades and testing speed improvements for my homepage

Tags: , , , ,
  Older news items for tag homeserver ⇒
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps