News items for tag linux - Koos van den Hout

2021-06-18 Raspberry pi in the utility closet gathering temperature readings 3 months ago
After reinstalling the Raspberry Pi in the utility closet so it can run newer software I did the steps to install zigbee2mqtt on it which was quite possible this time.

I migrated the settings and the database from my first run of zigbee2mqtt on a linux laptop and on the first try no communication started with the zigbee dongle.

On the second try (different usb port) things started working. The zigbee dongle is currently plugged directly into the Raspberry and as several manuals say this is not an ideal configuration. Those manuals are right: suddenly the sensor about 4 meters away isn't seen. I will need to improve the situation and move the dongle or its antenna to a better location.
Zigbee2MQTT:info  2021-06-18 22:28:15: MQTT publish: topic 'zigbee2mqtt/0x00158d0006fafb00', payload '{"battery":100,"humidity":62.52,"linkquality":147,"pressure":1023,"temperature":27.77,"voltage":3175}'

Tags: , , ,
2021-06-16 Raspberry pi monitoring the smart meter is now reinstalled 3 months ago
Because the installation of zigbee2mqtt was not possible on the Raspberry pi in the utility closet I decided to do a reinstallation with Raspbian buster. According to some on-line opinions reinstalling is better than a distro upgrade on a microsd card.

I was lucky to have a spare MicroSD card and a spare Raspberry Pi available. I did the whole installation on the spare and made sure to set up everything already so things would start running. And the thing that I missed was fixed easily with the old configuration still available. The Raspberry Pi in the utility closet was only running the smart meter monitoring, but now it is upgraded it can do more things, and running zigbee2mqtt for checking on wireless sensors in the house is next.

Tags: , ,
2021-06-11 I will need a fresh raspberrypi install for zigbee2mqtt 3 months ago
I started looking at the instructions for running zigbee2mqtt and the instructions for installing npm/nodejs gave me a lot of error messages on the raspberrypi running in the utility closet and checking the smart meter.

It turns out it needs an upgrade from Raspbian jessie. This Raspberry Pi is dedicated to reading the smart meter since August 2016 and it has been running fine gathering the smart meter data.

The raspbian forums state that it is better to upgrade by reinstallation on a different SD card. So I guess it's time to rebuild the smartmeter Pi if I want it to run the zigbee sensor network.

Update:
I installed all the software on a linux laptop and now I have a running zigbee2mqtt.
Read the rest of I will need a fresh raspberrypi install for zigbee2mqtt

Tags: , ,
2021-06-07 Backup to the home NAS 3 months ago
I still had the unfinished business of not having a good backup when half a filesystem ended in lost+found and it took a whole day to recover from that problem. And I still found missing things today.

I have no working tapedrives left, but a good amount of disk storage available. I still like amanda as backup program, so I looked into the vtapes (virtual tapes) option. The sample amanda.conf explains this nicely:
# To use vtapes, create some slotN directories (slot0, slot1, etc.) under
# /var/amanda/vtapes and use this tapedev:
## tapedev "chg-disk:/var/amanda/vtapes"
tapedev "chg-disk:/scratch/nasback/vtapes"
So I created those writeable by the amanda user.

I try to only backup data that I can't get by a reinstallation. So I backup /etc (configuration), /var (system data), /home (user data) and a few other directories.

Tags: ,
2021-06-02 Uncomplicated Firewall (UFW) : don't confuse it or you will be locked out 3 months ago
I am looking at better protection inside my home network since there is a mix of "trusted" and "not so trusted" devices in the house. I consider devices that just need Internet access to talk to some server out there (the well-known "cloud" better known as "Someone else's computer") and are (mostly) black boxes untrusted compared to systems that are installed with a known operating system and where I can control what they can and can't do.

One of the things I wanted to improve are local host-based firewalls. The firewall in the router linux machine is the result of years of fine-tuning and experience so I manage that by hand. But for somewhat standard hosts I want simple firewalls that are easily managed.

I tried ufw, the Uncomplicated Firewall and on the first (test) machine it went fine without a problem. On the second machine where there are already a few active firewall rules managed by fail2ban something hickupped and before I knew it ufw managed to leave me with an unreachable machine.

The error message from ufw-init was something about being unable to initialize firewall rule ufw-track-output and the net result was that the machine became unreachable. I needed console access to get back in again. Removing/purging the ufw package didn't help, after reinstalling it and trying again the same error came up and the system was unreachable again.

It turns out ufw leaves its own rules in iptables/ip6tables active (prefixed with 'ufw') and this confused ufw-init. I tried removing them by hand (lots of work) or with a very small shell script, but in the end rebooting the machine and only reinstalling ufw after that reboot got me back to a normal usable situation.

Tags: , ,
2021-05-16 Ending with half a filesystem in /lost+found 4 months ago
Some visitors may have noticed this website wasn't working for about a day. That's because I had to rebuild the webserver. There was a filesystem-related panic somewhere yesterday causing the main filesystem to be mounted read-only.

I assumed I could use fsck on the read-only filesystem to get things back to normal again but this turned out wrong: I ended with an unbootable disk and the complete contents of /etc and /home in /lost+found with mostly unusable filenames (numbers).

The fastest solution was to rebuild a webserver from scratch and start making things run again. This took most of the day. Yes, I need to get backups working again, even without a tapedrive.

The weird part is that this was about a filesystem in a virtual machine and the hardware host shows absolutely no problems at that time and has no problems with the disks backing this storage.

Another virtual machine also had issues around the same time, but those did not result in disk problems:
sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_TIMEOUT
sd 0:0:0:0: [sda] tag#0 CDB: Write(10) 2a 00 00 88 19 20 00 00 08 00
blk_update_request: I/O error, dev sda, sector 8919328
Buffer I/O error on dev sda1, logical block 1114660, lost async page write
A few days earlier both virtual systems logged a strange timing issue with a hang on all CPUs.

I'm also seeing some weird kernel messages on other virtual machines around the same time:
wozniak kernel: [5150105.764208] rcu: INFO: rcu_sched self-detected stall on CPU
So I guess it is time for some hardware checks.

Tags: ,
2021-05-07 Anti-spam measures blocking legitimate e-mail 4 months ago
I am using fail2ban to deal with spamming attempts. Some of the spam senders are quite good at trying the same stupidity again 3 minutes later because the error codes are just for non-criminal mail senders. My logs kept filling up with the same stupidity over and over and over again. So I set up fail2ban to block the offending IPs to keep my logs readable.

But this stopped e-mail based alerts from a certain service. I know, e-mail isn't instant messaging.

The error message was:
gosper sm-mta[14317]: ruleset=check_relay, arg1=xx.xx.xx.xx, arg2=xx.xx.xx.xx, relay=xx.xx.xx.xx [xx.xx.xx.xx], reject=421 4.3.2 Connection rate limit exceeded.
This triggered fail2ban directly because I didn't expect normal traffic to exceed this, but the alerts from the service could. So I whitelisted the sending IP in the sendmail access config to make sure the notifications flow.

I also updated the specific bit of fail2ban configuration to only block this after three errors.

Tags: , ,
2021-04-14 Year 2038 is coming! 5 months ago
Interesting kernel message in Linux today:
[ 3906.977410] ext2 filesystem being mounted at /media/koos/disk supports timestamps until 2038 (0x7fffffff)
So that filesystem (and lots of others) will give issues in 2038. Things need work before that date!

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newstag.cgi,v 1.34 2020/12/31 15:36:31 koos Exp $ in 0.018650 seconds.