Virtual hostnames with Debian and dhcp

At $dayjob we have a large number of Linux Virtual Machines runnining on Hyper-V.

Most of these run Scientific Linux / Scientific Linux CERN, but we have a requirement to run debian hosts too.

Some observations that may help others:

Linux Integration Components
Even the latest MS ones (3.4 at last count) don't support debian / ubuntu. Hoever if you're running squeeze (6.0.x) then there's a 3.2 backport kernel available in debian backports that seems to work fine

Templates / DHCP hostnames
I noticed that our debian template host wasn't setting the hostname (assigned via dhcp) so using the example at http://nullcore.wordpress.com/2011/12/09/setting-the-system-hostname-from-dhcp-in-ubuntu-11-10/ I worked on a similar script that doesn't end up with a trailing period in the FQDN and appends to /etc/hosts if needed

lo:<pre>

#!/bin/sh
# Filename:     /etc/dhcp/dhclient-exit-hooks.d/hostname
# Purpose:      Used by dhclient-script to set the hostname of the system
#               to match the DNS information for the host as provided by
#               DHCP.

# Based on http://nullcore.wordpress.com/2011/12/09/setting-the-system-hostname-from-dhcp-in-ubuntu-11-10/

# Do not update hostname for virtual machine IP assignments
if [ "$interface" != "eth0" ]
then
    return
fi

if [ "$reason" != BOUND ] && [ "$reason" != RENEW ] \
   && [ "$reason" != REBIND ] && [ "$reason" != REBOOT ]
then
        return
fi
hostname=${new_host_name}.${new_domain_name}

#echo dhclient-exit-hooks.d/hostname: Dynamic Hostname = $hostname
#echo dhclient-exit-hooks.d/hostname: Dynamic IP address = $new_ip_address

echo $hostname > /etc/hostname
/etc/init.d/hostname.sh

# and append to hosts
grep -q $hostname /etc/hosts
if [ $? -eq 1 ] ; then
     echo "$new_ip_address $hostname $new_host_name" >> /etc/hosts
fi

</pre>

Rant

[aelwell@pcitgtelwell ~]$ man dvbnet
No manual entry for dvbnet
[aelwell@pcitgtelwell ~]$ dvbnet --help

DVB Network Interface Manager
Copyright (C) 2003, TV Files S.p.A

dvbnet: invalid option -- '-'
Segmentation fault (core dumped)
[aelwell@pcitgtelwell ~]$ dvbnet -h

DVB Network Interface Manager
Copyright (C) 2003, TV Files S.p.A

Segmentation fault (core dumped)

that is all.

k-net / ipv6 / toastman / tomato USB

I have a reflashed router using the toastman mod - which works really well *but* the ipv6 configuration pages miss out one crucial setting when configuring the native ipv6 stack from k-net here, notably the WAN ipv6 address...

ssh root@router and
# ip addr add 2A03:4980::XXXX/96 dev vlan2 (IP D'interco)
# ip -6 route add default via  2A03:4980::11:0:1 (Gateway)

and lo, it should now work from clients on lan.

Blogging so I know where to find the info next time...

Alice and Bob go hashing

Alice wants to share some files with Bob over a public medium. Alice's computer is presumed 'secure'

she can easily generate a nice long 'passprase' by generating a cryptographic hash of the plaintext (say sha256sum) and use this as a key for a symmetrical crypt

ie

alice$> echo "hello world" > plaintext # generate sample input file
alice$> sha256sum plaintext # a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447

and then crypt the file


alice$> openssl aes-256-cbc -in plaintext -out ciphertext
enter aes-256-cbc encryption password: [SHA256SUM GENERATED ABOVE]
Verifying - enter aes-256-cbc encryption password: [ditto]
alice$> ls -l plaintext ciphertext
-rw-rw-r--. 1 alice alice 32 Nov  7 16:01 ciphertext
-rw-rw-r--. 1 alice alice 12 Nov  7 16:00 plaintext

Alice can then send the symmetric key to Bob via their normal secure channel (assumed to be working)

and bob can decrypt with

bob$> openssl aes-256-cbc -d -in ciphertext 

enter aes-256-cbc decryption password: [SHA SUM]

hello world

So - is using a hash function a Bad Idea? 

The method is predictable -- yes but Mallory would need to know the plaintext (in which case, game over) to generate quickly, or would need to bruteforce ($time++)

Discussions / comments welcome

Metering Musings

I've been intermittently trying to get our smart metering datafeed out to to a server for better logging, but I don't want to run a 300W PC to tell me my baseload in the house is 300+N W. There are several clamp meter / arduino designs thanks to the folks like OpenEnergyMonitor and Nanode, but things should be easier as there's a nice serial out already documented by ERDF (there's also the upcoming 'linky' interface but we're still on old-school)

How much does all this malarkey cost -- off the shelf there are USB opto interfaces, but they're about €50 each (erk) I originally purchased an arduino datalogger shield (€40 + an arduino) hoping to use it with a nanode, but I  didn't get ethernet sending working (even after the slight hardware mod) - possibly due to known issues with stash depletion

So - where do we go (cheaply) from here? a R-Pi gives me cheap hardware with more stable ethernet but I'd have to interface in the opto tty interface (gpio? usb?) as there's no onboard serial. Plan B is to use my bifferboard and use the console interface: small, yep. Low power, yep. Decent ethernet and OS (openwrt) - yes.

So, time to order some parts and get down to prototyping...

Aaaand we're back

Yay. I now have shiny broadband again thanks to <a href="http://www.k-net.fr/">k-net</a>. One difference between now and last time is that I also have an ipv6 prefix off them, so my home machines are accessible withoit needing port forwarding. Well, would be if I could get the RA working better on the router.

I have a linksys E3000, but that doesn't sipport ipv6 by default, so instead I have one of the TomatoUSB variants installed that does. I'd rather not use stateless config, but pre-assign IP addresses in advance so I can keep say kids machienes in a separate subnet. Overall - seems to work faiely well and the 'sam knows' box seems to have noticed too:

Radio Scrobbling via MQTT

Since I often listen to the most excellent Soma FM during the day (go support them, it's worth it!) I often wish that I could go and stash some similar tunes to listen to when I'm not online. To do this, I sell my soul to CBS and use last.fm to generate similar / listened to by others recommendations.

Sadly Rhythmnbox doesn't scrobble radio stations (even though the scrobble API has a flag for this
track.scrobble(chosenByUser=0) to indicate that its been chosen by a radio service), despite it updating my 'now listening' status on IM. So, in a geeky overkill solution I decided to save time in the long run and use a pub/sub system with MQTT. Oh, and use some python and twitter along the way...

The design is that I have an MQTT publisher that uses the tritter streaming api (via tweepy) and filters for all the somafm twitter streams that Rusty pushes with BigUrl. This gives me near realtime announcements of the start of the track being played (after some trivial split / strip manipulation)

ie

justcovers       Pat Boone - Enter Sandman  (2012-06-25 07:20:30)
digitalis        Zephyrs - Stand Round Hold Hands (Ulrich  (2012-06-25 07:20:37)
secretagentsoma  Eat Static - Love Truncheon  (2012-06-25 07:21:02)
beatblender      Kerry Chandler (Lazy Dog Ben W - Isis  (2012-06-25 07:21:29)
sonicuniverse    In The Country - Only The Birds Can See Us  (2012-06-25 07:21:29)

..which I can then publish to an internal MQTT broker using mosquitto python bindings.

In a separate process I have a subscriber that I can point to the broker and 'subscribe' to the radio station when I'm listening and it scrobbles that information to last.fm. 

All in, an interesting sunday evening work. 

Temp / Humidity update

Since yesterdays posting, I plugged the FTDI outpur from the nanode into my bifferboard (needed to install kmod-usb-serial-ftdi) and have knocked up a simple python script to read the output and post to pachube^Wcosm

and lo:
https://cosm.com/feeds/60594

DHT22 + Arduino

I recently purchased a DHT22 (Also known as RHT03 on Sparkfun) from Proto-Pic temp and humidity sensor with the aim of using it as an outdoor sensor in the garden. Although there are several DHT22 libraries on github I couldn't get the nethoncho one (or the patched forks) to return anything other than checksum error.

However the combined dht11/22 one I found linked on arduino.cc seems to work just fine. Need to test with -ve temps next but an overnight plot on the bench seems reasonable

Despite many forums saying that it needs 5v I've managed to get it working OK with the 3.3v pin on my nanode, next step is to test on a jeenode and send the output via RF. Oh, and then get a solar panel to run the thing...

Prowling round Android

One of the apps I miss from my iphone days is Prowl - This also allowed me to receive IRC messages when away (screen detactched) - Since then I've discovered Notify My Android which does the same thing to android devices, and lo, a quick patch of my script is available

as normal, on github (https://github.com/Elwell/irssi-prowlnotify)

Yubico / Yubikeys

I'm impressed.

I have small keyring with a USB memory stick, 2 yubikeys and a cofee machine cashless RFID key on. Stupidly I left said key in the vending machine. The system operators at work collected it and set about finding the owner. 1st up, they discovered that they can't read any files off yubikeys (heh) but googled the image and found the manufacturers website and said they had found serial #.... and #.....

Having spend the last 2 days rummaging in car / home looking for it, I got an email from yubico saying that <email> had found my key, based on the serial no of the one I purchased. Work also got an email for the other serial no, which they traced to me.

I'm *very* impressed by this level of attention at yubico, and it means when distributing keys within the business it pays to keep track of the serial no (printed under the 2d barcode).

It does raise the question of how (if) one should notify yubico if they're passed on - especially if I overwrite the yubi profile (as I have done) to prove that I am the rightful owner of the key.

Things to consider with revocation / blocking, especially with a distributed architecture like Fedora....

apcupsd via Python to Pachube

In python, the 'default' URL accessing toolkit (urllib2) doesn't support PUT, however I've discovered requests which a) does and b) is in Fedora. So one apt-get install python-requests.noarch and you're off.

So - one trivial script (reusing much of the code for my MQTT variant) you get https://gist.github.com/1903259. The only minor niggle was working out how to prepend the minimum extra json content (version and datastreams) as I'd not used the json libs before. (Hmm yet another github toy - embeddable gists with syntax highlighting. Nice) Update now I have 24h worth of data - plot attached

Cool Stuff

Things you find on the internet...

The Swiss Federal Office for the Environment (FOEN) Hydrology dept monitors the water temp at its gauging stations (http://www.hydrodaten.admin.ch/en/) including the one downstream from Lac Leman. Soneone else is feeding these into pachube as a data feed (https://pachube.com/feeds/43397) which means it's trivial to generate an on demand plot of last weeks water temp:

Machine Tags

Flickr has had machine tags for several years now (and they are a Good Thing), but one of the problems with introducing new namespaces is the lack of any formal definition, so people are free to add as they wish (this is generally a good thing, but can lead to garbage data).

So: I propose a new namespace for the Amateur Radio community called say 'hamradio:' that would then mean an image such as http://www.flickr.com/photos/elwell/5397112294/in/set-72157625667743349/ could be suitably tagged. - The visual information in there shows callsign, date and position - but should it be plotted on the senders locatation, or the site that received it. Or both....

Since I don't have enough time, Someone Else (tm) should create a noticin.gs style QSL lookup that can integrate with hamlog.eu or qrz.com. Or something.

Discuss...

Teleinfo update

I''ve been using a teleinfo shield on a nanode to try and datalog our electricity usage, but the logging to the CSV file kept truncating as if the arduino had locked up. There have been discussions elsewhere that this may be related to the code in arduino 1.0 so I decided to rewrite a step at a time to try and debug the problem.

Some observations on the way:

1) having to flip a jumper over on the shield between programming and run is *very* annoying in a cold garage, so I'm going to rewire it slightly to use SoftwareSerial on a spare input (leave JP1 open and wire from one side of it to a spare pin) - I already have a link since the shield tries to use DIG6 by default which is used by the red LED on a nanode.

2) the arduino IDE doesn't like anything other than 8N! on the serial monitor. close it and use kermit. if you can't read serial with kermit, then it's *very* broken :-)

3q) our usage is going UP not down :-( -- lowest figure I managed to get the baseline to was 340VA

With a very simple logger

    Serial.print(char(meter.read()));

I can stream the output to a kermit session log as

^B
ADCO 040222048573 <
OPTARIF BASE 0
ISOUSC 30 9
BASE 040912359 ,
PTEC TH.. $
IINST 002 Y
IMAX 029 J
PAPP 00340 (
MOTDETAT 000000 B^C

next trick is to try and get the processing organised into blocks and validate the checksum, but my code doesn't seem to detect the stx/etx properly

void loop() {
if(meter.available()>0) {
  if((c = meter.read()) == 02) {     // start of block
    Serial.println("DEBUG: Start Loop");
    while((c = meter.read()) != 03) {      // Loop until end of block
      Serial.print(char(c));
    }
    digitalWrite(LED, LOW); // Flash LED
    delay(50);
    digitalWrite(LED, HIGH);
  }
}
}

so mode debugging called for. Once thats done, then I'll send the values to an emon style display over rfm12b

plaquewatching

Some scribblings that may be of interest to those folks over at open plaques (@openplaques) about the Scottish Film Council, now merged into 'Scottish Screen'

Googling for plaque info reveals that there was a plaque erected in 1996 in Castle Gardens, Dunoon. Later taken down as Eric Campbell came from Cheshire (Ref)

One in Aberfeldy main square unveiled in 1997? for Donald Crisp -- may also be fake (ref) [1353]

Sean Connery unveiled his own one after it had been down for 4 years (ref, ref) after the demolition of S&N plant and building of 'Springside' development [8553]

Chariots of fire at St Andrews (pic pic) [added as 8822]

Duncan Macrae in Millport (pic) [already there as 8521]

Fedora / Netatalk / OS X Lion / TimeMachine

Being the cheapskate that I am, I'm not buying a shiny apple-branded time-capsule for backups when I have a perfectly stylish NAS (since the pic was taken I'm using the via-eden board there's a 1.5TB HDD in the box)

I'd previously used netatalk with leopard under mythbuntu, but following a clean-up and migration to Fedora 16 (Verne) it needed reinstalling (esp as we upgraded to Lion on some of the macs)

So, a HOWTO if anyone is hunting for this and some notes

• You don't need avahi separately anymore - new netatalk includes it
• You need to allow tcp/548 in your iptables rules (I added to /etc/sysconfig/iptables)
  -A INPUT -p tcp -m state --state NEW -m tcp --dport 548 -j ACCEPT
• SELinux. Yeah. probably needs fixing but 'setenforce permissive' worked :-/
• I'm not convinced you need the 'defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1' anymore. 

Here's what I did

1) Create a separate disk partition for time machine and mount it (I'm using LVM and XFS)

$> grep time /etc/fstab
/dev/mapper/linuxvg-timemachinelv /export/timemachine xfs defaults 1 2
$> df -h /export/timemachine
Filesystem                         Size  Used Avail Use% Mounted on
/dev/mapper/linuxvg-timemachinelv  200G  6.0G  194G   3% /export/timemachine

2) create a separate user for the backups (not strictly needed but I chowned /export/rimemachine to that user to sort out permissions

#> useradd timelord
#> passwd timelord
#> chown timelord: /export/timemachine

3) Install and configure netatalk (although 2.2.0 is in Fedora 16, I decided to use the rawhide version of 2.2.2)

#> yum --enablerepo rawhide install netatalk

The config files are in /etc/netatalk and (see the gude at An Esurient Trollop ) you'll need to edit afpd.conf
(I added -mimicmodel Macmini and uams_guest.so to -uamlist: I have a ro media share)

- -tcp -noddp -mimicmodel Macmini -uamlist uams_guest.so,uams_dhx.so,uams_dhx2.so -nosavepassword

and AppleVolumes.default

# Share out the Videos
/export/media/Video Videos options:ro,noadouble
#Time Machine
/export/timemachine TimeMachine options:tm

Startup netatalk

#> systemctl start netatalk.service
#> systemctl enable netatalk.service

 So far so good -- assuming no failures you should see something like this in your logs

afpd[28742]: AFP/TCP started, advertising 192.168.1.251:548 (2.2.2)

Now, onto the mac -- I wasn't seeing the host automatically appear in the finder, but a simple command-k (connect to server) and typing the hostname worked (it expands to afp://hostname automatically), and was prompted for my (normal) username and password to connect to $HOME on the netatalk server.

In the time machine preferences I could then select the remote TimeMachine volume on the NAS, enter my 'timelord' username/password combo and it started to so a backup.

More news (and a rest restore) to follow...

Metering

So I finally got round to wiring in the 'Teleinfo' shield into my EDF meter (see my earlier post for more info) and left it running while we're away. Hacked up an initial couple of graphs using trusty gnuplot: exhibits A and B -

It's rather easy to spot where the fridge-freezer kicks in, but more worrying is the fact that the baseline never dips below 170VA. The only things that should have been running in that time was my via-eden server, with one HDD, the livebox and samknows monitoring box. I suspect I need to investigate more.

Made a minor hack to the shield as digi-6 is used by the LED on a nanode - but digi-7 is free.
Details were tweeted over here. Next up is to get it sending the info out to main box (well, another nanode or my bifferboard) and spitting to pachube and / or a jeelabs display board.

Happy Birthday

I finally got round to assembling my birthday present. Shiny toys FTW :-)