Andrew's blog
https://blog.etc.gen.nz/
This is a blog, it is it is.enhttps://blog.etc.gen.nz/templates/2k11/img/s9y_banner_small.pngRSS: Andrew's blog - This is a blog, it is it is.
https://blog.etc.gen.nz/
10021Let's Encrypt with Octavia in OpenStack
https://blog.etc.gen.nz/archives/135-Lets-Encrypt-with-Octavia-in-OpenStack.html
<p>I like using <a onclick="_gaq.push(['_trackPageview', '/extlink/catalystcloud.nz']);" href="https://catalystcloud.nz">Catalyst Cloud</a> to host some of my personal sites. In the past I used to use <a href="https://blog.etc.gen.nz/index.php?/plugin/tag/cacert">CAcert</a> for my TLS certificates, but more recently I've been using <a onclick="_gaq.push(['_trackPageview', '/extlink/letsencrypt.org/']);" href="https://letsencrypt.org/">Let's Encrypt</a> for my TLS certificates as they're trusted in all browsers. Currently the LoadBalancer as a Service (LBaaS) in Catalyst Cloud doesn't have built in support for Let's Encrypt. I could use an apache2/nginx proxy and handle the TLS termination there and have that manage the Let's Encrypt lifecycle, but really, I'd rather use LBaaS.</p>
<p>So I thought I'd set about working out how to get Dehydrated (the Let's Encrypt client I've been using) to drive LBaaS (known as Octavia). I figured this would be of interest to other people using Octavia with OpenStack in general, not just Catalyst Cloud.</p>
<p>There's a few things you need to do. These instructions are specific to Debian:</p>
<ol>
<li>Install and configure Dehydrated to create the certificates for the domain(s) you want.
<ul><li><tt>apt install barbican</tt></li></ul>
</li>
<li><a onclick="_gaq.push(['_trackPageview', '/extlink/docs.catalystcloud.nz/load-balancer/layer-4.html']);" href="https://docs.catalystcloud.nz/load-balancer/layer-4.html">Create the LoadBalancer</a> (use the API, ClickOps, whatever), just forward port 80 for now (see sample Apache configs below).</li>
<li>Save the sample hook.sh below to <tt>/etc/dehydrated/hook.sh</tt>, you'll probably need to customise it, mine is a bit more complicated!</li>
<li>Insert the UUID of your LoadBalancer in hook.sh where LB_LISTENER is set.</li>
<li>Create <tt>/etc/dehydrated/catalystcloud/password</tt> as described in hook.sh</li>
<li>Save OpenRC file from the Catalyst Cloud dashboard as <tt>/etc/dehydrated/catalystcloud/openrc.sh</tt></li>
<li>Install jq, openssl and the openstack tools, on Debian this is:
<ul><li><tt>apt install jq openssl python3-openstackclient python3-barbicanclient python3-octaviaclient</tt></li></ul>
</li>
<li>Add <a onclick="_gaq.push(['_trackPageview', '/extlink/docs.catalystcloud.nz/load-balancer/tls-termination.html']);" href="https://docs.catalystcloud.nz/load-balancer/tls-termination.html">TLS termination to your LoadBalancer</a></li>
<li>You should be able to rename the latest certs <tt>/var/lib/dehydrated/certs/$DOMAIN</tt> and then run <tt>dehydrated -c</tt> to have it reissue and then deploy a cert.</li>
</ol>
<p>As we're using <a onclick="_gaq.push(['_trackPageview', '/extlink/letsencrypt.org/docs/challenge-types/#http-01-challenge']);" href="https://letsencrypt.org/docs/challenge-types/#http-01-challenge">HTTP-01 Challenge Type</a> here, you need to have the LoadBalancer forwarding port 80 to your website to allow for the challenge response. It is good practice to have a redirect to HTTPS, here's an example virtual host for Apache:</p>
<pre>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
RewriteEngine On
RewriteRule ^/.well-known/ - [L]
RewriteRule ^/(.*)$ https://www.example.com/$1 [R=301,L]
<Location />
Require all granted
</Location>
</VirtualHost>
</pre>
You all also need this in <tt>/etc/apache2/conf-enabled/letsencrypt.conf</tt>:
<pre>
Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenges
<Directory /var/lib/dehydrated/acme-challenges>
Options None
AllowOverride None
# Apache 2.x
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
# Apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
</pre>
<p>And that should be all that you need to do. Now, when Dehydrated updates your certificate, it should update your LoadBalancer as well!</p>
Sample <tt>hook.sh</tt>:
<pre>
deploy_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" \
CHAINFILE="${5}" TIMESTAMP="${6}"
shift 6
# File contents should be:
# export OS_PASSWORD='your password in here'
. /etc/dehydrated/catalystcloud/password
# OpenRC file from the Catalyst Cloud dashboard
. /etc/dehydrated/catalystcloud/openrc.sh --no-token
# UUID of the LoadBalancer to be managed
LB_LISTENER='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
# Barbican uses P12 files, we need to make one.
P12=$(readlink -f $KEYFILE \
| sed -E 's/privkey-([0-9]+)\.pem/barbican-\1.p12/')
openssl pkcs12 -export -inkey $KEYFILE -in $CERTFILE -certfile \
$FULLCHAINFILE -passout pass: -out $P12
# Keep track of existing certs for this domain (hopefully no more than 100)
EXISTING_URIS=$(openstack secret list --limit 100 \
-c Name -c 'Secret href' -f json \
| jq -r ".[]|select(.Name | startswith(\"$DOMAIN\"))|.\"Secret href\"")
# Upload the new cert
NOW=$(date +"%s")
openstack secret store --name $DOMAIN-$TIMESTAMP-$NOW -e base64 \
-t "application/octet-stream" --payload="$(base64 < $P12)"
NEW_URI=$(openstack secret list --name $DOMAIN-$TIMESTAMP-$NOW \
-c 'Secret href' -f value) \
|| unset NEW_URI
# Change LoadBalancer to use new cert - if the old one was the default,
# change the default. If the old one was in the SNI list, update the
# SNI list.
if [ -n "$EXISTING_URIS" ]; then
DEFAULT_CONTAINER=$(openstack loadbalancer listener show $LB_LISTENER \
-c default_tls_container_ref -f value)
for URI in $EXISTING_URIS; do
if [ "x$URI" = "x$DEFAULT_CONTAINER" ]; then
openstack loadbalancer listener set $LB_LISTENER \
--default-tls-container-ref $NEW_URI
fi
done
SNI_CONTAINERS=$(openstack loadbalancer listener show $LB_LISTENER \
-c sni_container_refs -f value | sed "s/'//g" | sed 's/^\[//' \
| sed 's/\]$//' | sed "s/,//g")
for URI in $EXISTING_URIS; do
if echo $SNI_CONTAINERS | grep -q $URI; then
SNI_CONTAINERS=$(echo $SNI_CONTAINERS | sed "s,$URI,$NEW_URI,")
openstack loadbalancer listener set $LB_LISTENER \
--sni-container-refs $SNI_CONTAINERS
fi
done
# Remove old certs
for URI in $EXISTING_URIS; do
openstack secret delete $URI
done
fi
}
HANDLER="$1"; shift
#if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
if [[ "${HANDLER}" =~ ^(deploy_cert)$ ]]; then
"$HANDLER" "$@"
fi
</pre>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)2022-10-23T05:09:00Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1350https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=135catalystcloudgeeklinuxopenstackInstall Fedora CoreOS using FAI
https://blog.etc.gen.nz/archives/134-Install-Fedora-CoreOS-using-FAI.html
<p>I've spent the last couple of days trying to deploy <a onclick="_gaq.push(['_trackPageview', '/extlink/getfedora.org/en/coreos/']);" href="https://getfedora.org/en/coreos/">Fedora CoreOS</a> to some <a onclick="_gaq.push(['_trackPageview', '/extlink/docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/']);" href="https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/">physical hardware/bare metal</a> for a colleague using the official PXE installer from Fedora CoreOS. It wasn't very pleasant, and just wouldn't work reliably.</p>
<p>Maybe my expectations were to high, in that I thought I could use Ignition to prepare more of the system for me, as my colleague has been able to bare metal installs correctly. I just tried to use Ignition as documented.</p>
<p>A few interesting aspects I encountered:
<ol>
<li>The PXE installer for it has a 618MB initrd file. This takes quite a while to transfer via tftp!</li>
<li>It can't build software RAID for the main install device (and the developers have no intention of adding this), and it seems very finicky to build other RAID sets for other partitions.</li>
<li>And, well, I just kept having problems where the built systems would hang during boot for no obvious reason.</li>
<li>The time to do an installation was incredibly long.</li>
<li>The initrd image is really just running coreos-installer against the nominated device.</li>
</ol>
</p>
<p>During the night I got feed up with that process and wrote a <a onclick="_gaq.push(['_trackPageview', '/extlink/fai-project.org']);" href="https://fai-project.org">Fully Automatic Installer</a> (FAI) profile that'd install CoreOS instead. I can now use setup-storage from FAI using it's standard disk_config files. This allows me to build complicated disk configurations with software RAID and LVM easily.</p>
<p>A big bonus is that a rebuild is a <b>lot</b> faster, timed from typing reboot to a fresh login prompt is 10 minutes - and this is on physical hardware so includes BIOS POST and RAID controller set up, twice each.</p>
<p>I thought this might be of interest to other people, so the FAI profile I developed for this is located here: <a onclick="_gaq.push(['_trackPageview', '/extlink/github.com/catalyst-cloud/fai-profile-fedora-coreos']);" href="https://github.com/catalyst-cloud/fai-profile-fedora-coreos">https://github.com/catalyst-cloud/fai-profile-fedora-coreos</a></p>
<p>FAI was initially developed to deploy Debian systems, it has since been extended to be able to install a number of other operating systems, however I think this is a good example of how easy it is to deploy non-Debian derived operating systems using FAI without having to modify FAI itself.</p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)2020-04-19T06:43:00Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1340https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=134debianfaifedora_coreosgeeklinux.conf.au 2019 - Call for Proposals
https://blog.etc.gen.nz/archives/133-linux.conf.au-2019-Call-for-Proposals.html
<p>At the start of July, the LCA2019 team announced that the Call for Proposals for linux.conf.au 2019 were open! This Call for Proposals will close on July 30. If you want to submit a proposal, you don't have much time!</p>
<p><a onclick="_gaq.push(['_trackPageview', '/extlink/linux.confu.au']);" href="http://linux.confu.au">linux.conf.au</a> is one of the best-known community driven Free and Open Source Software conferences in the world. In 2019 we welcome you to join us in Christchurch, New Zealand on Monday 21 January through to
Friday 25 January.</p>
<p>For full details including those not covered by this announcement visit <a onclick="_gaq.push(['_trackPageview', '/extlink/linux.conf.au/call-for-papers/']);" href="https://linux.conf.au/call-for-papers/">https://linux.conf.au/call-for-papers/</a>, and the full announcement is <a onclick="_gaq.push(['_trackPageview', '/extlink/lists.linux.org.au/pipermail/lca-announce/2018-July/000289.html']);" href="http://lists.linux.org.au/pipermail/lca-announce/2018-July/000289.html">here</a>.</p>
<p><strong>IMPORTANT DATES</strong></p>
<p><ul>
<li>Call for Proposals Opens: 2 July 2018</li>
<li>Call for Proposals Closes: 30 July 2018 (no extensions)</li>
<li>Notifications from the programme committee: early-September 2018</li>
<li>Conference Opens: 21st January 2019</li>
</ul></p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, 2018-07-23T04:57:00Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1330https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=133catalystgeeklcalca2019linux.conf.auossMissing opkg status file on LEDE...
https://blog.etc.gen.nz/archives/132-Missing-opkg-status-file-on-LEDE....html
I tried to install LEDE on my home router which is running LEDE, only to be told that libc wasn't installed. Huh? What's going on?! It looked to all intents as purposes as though libc wasn't installed. And it looked like nothing was installed.<br />
<br />
What to do if opkg list-installed is returning nothing?<br />
<br />
I finally tracked down the status file it uses as being <tt>/usr/lib/opkg/status</tt>. And it was empty. Oh dear.<br />
<br />
Fortunately the info directory had content. This means we can rebuild the status file. <phew> How? This is what I did:<br />
<br />
<blockquote><pre>cd /usr/lib/opkg/info<br />
for x in *.list; do<br />
pkg=$(basename $x .list)<br />
echo $pkg<br />
opkg info $pkg | sed 's/Status: .*$/Status: install ok installed/' >> ../status<br />
done</pre></blockquote><br />
And then for the special or virtual packages (such as libc and the kernel):<br />
<br />
<blockquote><pre>for x in *.control; do<br />
pkg=$(basename $x .control)<br />
if ! grep -q "Package: $pkg" ../status<br />
then<br />
echo $pkg is missing; cat $x >> ../status<br />
fi<br />
done</pre></blockquote><br />
I then had to edit the file tidy up some newlines for the kernel and libc, and set the status lines correctly. I used "install hold installed".<br />
<br />
Now I that I've shaved that yak, I can install tcpdump to try and work out why a VoIP phone isn't working. Joy.
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, 2017-09-17T11:51:56Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1320https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=132catalystgeekledeNetwork boot a Raspberry Pi 3
https://blog.etc.gen.nz/archives/131-Network-boot-a-Raspberry-Pi-3.html
<p>I found to make all this work I had to piece together a bunch of information from different locations. This fills in some of the blanks from the official Raspberry Pi documentation. See <a onclick="_gaq.push(['_trackPageview', '/extlink/www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/net.md']);" href="https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/net.md">here</a>, <a onclick="_gaq.push(['_trackPageview', '/extlink/www.raspberrypi.org/blog/pi-3-booting-part-ii-ethernet-all-the-awesome/']);" href="https://www.raspberrypi.org/blog/pi-3-booting-part-ii-ethernet-all-the-awesome/">here</a>, and <a onclick="_gaq.push(['_trackPageview', '/extlink/www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/net_tutorial.md']);" href="https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/net_tutorial.md">here</a>.<p>
<p><b>Image</b></p>
<p>Download the latest raspbian image from <a onclick="_gaq.push(['_trackPageview', '/extlink/www.raspberrypi.org/downloads/raspbian/']);" href="https://www.raspberrypi.org/downloads/raspbian/">https://www.raspberrypi.org/downloads/raspbian/</a> and unzip it. I used the lite version as I'll install only what I need later.</p>
<p>To extract the files from the image we need to jump through some hoops. Inside the image are two partitions, we need data from each one.</p>
<pre>
# Make it easier to re-use these instructions by using a variable
IMG=2017-04-10-raspbian-jessie-lite.img
fdisk -l $IMG
</pre>
<p>You should see some output like:</p>
<pre>
Disk 2017-04-10-raspbian-jessie-lite.img: 1.2 GiB, 1297862656 bytes, 2534888 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x84fa8189
Device Boot Start End Sectors Size Id Type
2017-04-10-raspbian-jessie-lite.img1 8192 92159 83968 41M c W95 FAT32 (LBA)
2017-04-10-raspbian-jessie-lite.img2 92160 2534887 2442728 1.2G 83 Linux
</pre>
<p>You need to be able to mount both the boot and the root partitions. Do this by tracking the offset of each one and multiplying it by the sector size, which is given on the line saying "Sector size" (typically 512 bytes), for example with the 2017-04-01 image, boot has an offset of 8192, so I mount it like this (it is VFAT):</p>
<pre>
mount -v -o offset=$((8192 * 512)) -t vfat $IMG /mnt
# I then copy the data off:
mkdir -p /data/diskless/raspbian-lite-base-boot/
rsync -xa /mnt/ /data/diskless/raspbian-lite-base-boot/
# unmount the partition now:
umount /mnt
</pre>
<p>Then we do the same for the root partition:</p>
<pre>
mount -v -o offset=$((92160 * 512)) -t ext4 $IMG /mnt
# copy the data off:
mkdir -p /data/diskless/raspbian-lite-base-root/
rsync -xa /mnt/ /data/diskless/raspbian-lite-base-root/
# umount the partition now:
umount /mnt
</pre>
<p><b>DHCP</b></p>
<p>When I first set this up, I used <a onclick="_gaq.push(['_trackPageview', '/extlink/openwrt.org']);" href="http://openwrt.org">OpenWRT</a> on my router, and I had to patch <tt>/etc/init/dnsmasq</tt> to support setting DHCP option 43. As of the writting of this article, a similar patch has been merged, but isn't in a release yet, and, well, there may never be another release of OpenWRT. I'm now running <a onclick="_gaq.push(['_trackPageview', '/extlink/lede-project.org/']);" href="https://lede-project.org/">LEDE</a>, and the the good news is it already has the patch merged (hurrah!). If you're still on OpenWRT, then here's the patch you'll need:</p>
<p><a onclick="_gaq.push(['_trackPageview', '/extlink/git.lede-project.org/?p=source.git;a=commit;h=9412fc294995ae2543fabf84d2ce39a80bfb3bd6']);" href="https://git.lede-project.org/?p=source.git;a=commit;h=9412fc294995ae2543fabf84d2ce39a80bfb3bd6">
https://git.lede-project.org/?p=source.git;a=commit;h=9412fc294995ae2543fabf84d2ce39a80bfb3bd6</a></p>
<p>This lets you put the following in <tt>/etc/config/dnsmasq</tt>, this says that any device that uses DHCP and has a MAC issued by the Raspberry PI Foundation, should have option 66 (boot server) and option 43 set as specified. Set the IP address on option 66 to the device that should be used for tftp on your network, if it's the same device that provides DHCP then it isn't required. I had to set the boot server, as my other network boot devices are using a different server (with an older tftpd-hpa, I explain the problem further down).</p>
<pre>
config mac 'rasperrypi'
option mac 'b8:27:eb:*:*:*'
option networkid 'rasperrypi'
list dhcp_option '66,10.1.0.253'
list dhcp_option '43,Raspberry Pi Boot'
</pre>
<p><b>tftp</b></p>
<p>Initially I used a version of tftpd that was too old and didn't support how the RPi tried to discover if it should use the serial number based naming scheme. The version of tftpd-hpa Debian Jessie works just fine. To find out the serial number you'll probably need to increase the logging of tftpd-hpa, do so by editing <tt>/etc/default/tftpd-hpa</tt> and adding "-v" to the <tt>TFTP_OPTIONS</tt> option. It can also be useful to watch tcpdump to see the requests and responses, for example (10.1.0.203 is the IP of the RPi I'm working with):</p>
<pre>
tcpdump -n -i eth0 host 10.1.0.203 and dst port 69
</pre>
<p>This was able to tell me the serial number of my RPi, so I made a directory in my tftpboot directory with the same serial number and copied all the boot files into there. I then found that I had to remove the init= portion from the cmdline.txt file I'm using. To ease debugging I also removed quiet. So, my current cmdline.txt contains (newlines entered for clarity, but the file has it all on one line):</p>
<pre>
idwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/nfs
nfsroot=10.1.0.253:/data/diskless/raspbian-lite-base-root,vers=3,rsize=1462,wsize=1462
ip=dhcp elevator=deadline rootwait hostname=rpi.etc.gen.nz
</pre>
<p><b>NFS root</b></p>
<p>You'll need to export the directories you created via NFS. My exports file has these lines:</p>
<pre>
/data/diskless/raspbian-lite-base-root 10.1.0.0/24(rw,no_root_squash,sync,no_subtree_check)
/data/diskless/raspbian-lite-base-boot 10.1.0.0/24(rw,no_root_squash,sync,no_subtree_check)
</pre>
<p>And you'll also want to make sure you're mounting those correctly during boot, so I have in <tt>/data/diskless/raspbian-lite-base-root/etc/fstab</tt> the following lines:
<pre>
10.1.0.253:/data/diskless/raspbian-lite-base-root / nfs rw,vers=3 0 0
10.1.0.253:/data/diskless/raspbian-lite-base-boot /boot nfs vers=3,nolock 0 2
</pre>
<p><b>Network Booting</b></p>
<p>Now you can hopefully boot. Unless you into this <a onclick="_gaq.push(['_trackPageview', '/extlink/github.com/raspberrypi/firmware/issues/764']);" href="https://github.com/raspberrypi/firmware/issues/764">bug</a>, as I did. Where the RPi will sometimes fail to boot. Turns out the fix, which is mentioned on the bug report, is to put bootcode.bin (and only bootcode.bin) onto an SD card. That'll then load the fixed bootcode, and which will then boot reliably.</p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, 2017-09-02T11:31:00Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1310https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=131catalystdebiangeekhardwarerpiMythTV on a Raspberry Pi 3
https://blog.etc.gen.nz/archives/130-MythTV-on-a-Raspberry-Pi-3.html
<p>I'm in the process of building a new <a onclick="_gaq.push(['_trackPageview', '/extlink/www.mythtv.org']);" href="http://www.mythtv.org">MythTV</a> front end using a Raspberry Pi 3 to replace our aging VIA EPIA M10000, which has been in use since about 2003.</p>
<p>For MythTV, I'm using MythTV Light from Peter Bennett. I have a dedicated back end that lives in the garage, so the front end is nice and easy. With the VIA front end, I built an IR receiver that plugs into the serial port. For the new box, I decided to try using a Sapphire Remote using Mark Lord's excellent looking driver. However, since his driver uses a Makefile which just install the module into the right place, I decided to use the Debian way of doing things. Below is my approach.</p>
<pre>
apt-get install raspberrypi-kernel-headers dkms
</pre>
Download the tar ball from <a onclick="_gaq.push(['_trackPageview', '/extlink/rtr.ca/sapphire_remote/']);" href="http://rtr.ca/sapphire_remote/">http://rtr.ca/sapphire_remote/</a>. Extract it in <tt>/usr/src/modules</tt> and then rename the directory to <tt>sapphire-remote-6.6</tt> (the version may differ!). Put the following into a file called <tt>dkms.conf</tt> in that directory:
<pre>
PACKAGE_VERSION="6.6"
# Items below here should not have to change with each driver version
PACKAGE_NAME="sapphire-remote"
MAKE[0]="make -C ${kernel_source_dir} SUBDIRS=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build modules"
CLEAN="make -C ${kernel_source_dir} SUBDIRS=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build clean"
BUILT_MODULE_NAME[0]="sapphire"
DEST_MODULE_LOCATION[0]="/extra/"
AUTOINSTALL=yes
REMAKE_INITRD=no
</pre>
And then run:
<pre>
version=6.6
dkms add -m sapphire-remote -v $version
dkms build -m sapphire-remote -v $version
dkms install -m sapphire-remote -v $version
modprobe sapphire-remote
dmesg | tail
</pre>
You should see something like this at the bottom of that <tt>dmesg | tail</tt> command:
<pre>
[89133.468858] sapphire_init: sapphire remote control driver v6.6
[89133.469680] input: sapphire as /devices/virtual/input/input0
</pre>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)2016-08-20T12:17:47Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1302https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=130Allow forwarding from VoiceMail to cellphones
https://blog.etc.gen.nz/archives/128-Allow-forwarding-from-VoiceMail-to-cellphones.html
<p>Something I've been wanting to do with our Asterisk PBX at <a onclick="_gaq.push(['_trackPageview', '/extlink/www.catalyst.net.nz']);" href="http://www.catalyst.net.nz">Catalyst</a> for a while is to allow having callers that hit VoiceMail to be forwarded the callee's cellphone if allowed. As part of an Asterisk migration we're currently carrying out I finally decided to investigate what is involved. One of the nice things about the VoiceMail application in Asterisk is that callers can hit 0 for the operator, or * for some other purpose. I decided to use * for this purpose.</p>
<p>I'm going to assume a working knowledge of Asterisk dial plans, and I'm not going to try and explain how it works. Sorry.</p>
<p>When a caller hits * the VoiceMail application exits and looks for a rule that matches a. Now, the simple approach looks like this within our macro for handling standard extensions:</p>
<pre>
[macro-stdexten]
...
exten => a,1,Goto(pstn,027xxx,1)
...
</pre>
<p>(Where I have a context called pstn for placing calls out to the PSTN).</p>
<p>This'll work, but anyone who hits * will be forwarded to my cellphone. Not what I want. Instead we need to get the dialled extension into a place where we can perform extension matching on it. So instead we'll have this (the extension is passed into macro-stdexten as the first variable - ARG1):</p>
<pre>
[macro-stdexten]
...
exten => a,1,Goto(vmfwd,${ARG1},1)
...
</pre>
<p>Then we can create a new context called vmfwd with extension matching (my extension is 7231):</p>
<pre>
[vmfwd]
exten => 7231,1,Goto(pstn,027xxx,1)
</pre>
<p>I actually have a bit more in there to do some logging and set the caller ID to something our SIP provider will accept, but you get the gist of it. All I need to do is to arrange for a rule per extension that is allowed to have their VoiceMail callers be forwarded to voicemail. Fortunately I have that part automated.</p>
<p>The only catch is for extensions that aren't allowed to be forwarded to a cellphone. If someone calling their VoiceMail hits * their call will be hung up and I get nasty log messages about no rule for them. How do we handle them? Well, we send them back to VoiceMail. In the vmfwd context we add a rule like this:</p>
<pre>
exten => _XXXX,1,VoiceMail(${EXTEN}@sip,${voicemail_option})
same => n,Hangup
</pre>
<p>So any extension that isn't otherwise matched hits this rule. We use ${voicemail_option} so that we can use the same mode as was used previously.</p>
<p>Easy! Naturally this approach won't work for other people trying to do this, but given I couldn't find write ups on how to do this, I thought it be might be useful to others.</p>
<p>Here's my macro-stdexten and vmfwd in full:</p>
<pre>
[macro-stdexten]
exten => s,1,Progress()
exten => s,n,Dial(${ARG2},20)
exten => s,n,Goto(s-${DIALSTATUS},1)
exten => s-NOANSWER,1,Answer
exten => s-NOANSWER,n,Wait(1)
exten => s-NOANSWER,n,Set(voicemail_option=u)
exten => s-NOANSWER,n,Voicemail(${ARG1}@sip,u)
exten => s-NOANSWER,n,Hangup
exten => s-BUSY,1,Answer
exten => s-BUSY,n,Wait(1)
exten => s-BUSY,n,Set(voicemail_option=b)
exten => s-BUSY,n,Voicemail(${ARG1}@sip,b)
exten => s-BUSY,n,Hangup
exten => _s-.,1,Goto(s-NOANSWER,1)
exten => a,1,Goto(vmfwd,${ARG1},1)
exten => o,1,Macro(operator)
[vmfwd]
exten => _XXXX,1,VoiceMail(${EXTEN}@sip,${voicemail_option})
same => n,Hangup
#include extensions-vmfwd-auto.conf
</pre>
<p>And I then build <tt>extensions-vmfwd-auto.conf</tt> from a script that is used to generate configuration files for defining accounts, other dial plan rule entries and phone provisioning files.</p>
<p>With thanks to John Kiniston for the suggestion about the wildcard entry in vmfwd.</p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, 2016-07-24T03:22:59Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1280https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=128asteriskcatalystgeekvoipLCA2015 - Debian Miniconf & nz2015 Debian mini-DebConf
https://blog.etc.gen.nz/archives/127-LCA2015-Debian-Miniconf-nz2015-Debian-mini-DebConf.html
<strong>nz2015 mini-DebConf</strong><br />
<br />
Already attending <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2015.linux.org.au']);" href="http://lca2015.linux.org.au">linux.conf.au</a>? Come a couple of days earlier and attend the mini-DebConf too! There will be a day of talks with a strong focus on the Debian project and a bug squashing day.<br />
<br />
<strong>Debian Miniconf</strong><br />
<br />
After 5 years, the Debian Miniconf is back! Run as part of linux.conf.au 2015, this event will attract speakers talking on topics that suit the broader audience attending LCA. The Debian Miniconf has been one of the largest miniconfs in the history of linux.conf.au.<br />
<br />
For more information about both these events which I'm organising, head over to: <a onclick="_gaq.push(['_trackPageview', '/extlink/nz2015.mini.debconf.org']);" href="http://nz2015.mini.debconf.org">nz2015.mini.debconf.org</a>!
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2014-12-02T00:08:13Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1270https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=127catalystdebianfamilylca2015linux.conf.auCloud - in New Zealand!
https://blog.etc.gen.nz/archives/126-Cloud-in-New-Zealand!.html
I've spent a reasonable chunk of the past year working on a project we launched last month, <a onclick="_gaq.push(['_trackPageview', '/extlink/www.catalyst.net.nz/what-we-offer/cloud-services']);" href="http://www.catalyst.net.nz/what-we-offer/cloud-services">Catalyst Cloud</a>! It is using <a onclick="_gaq.push(['_trackPageview', '/extlink/www.openstack.org/']);" href="http://www.openstack.org/">OpenStack</a> with <a onclick="_gaq.push(['_trackPageview', '/extlink/ceph.com/']);" href="http://ceph.com/">Ceph</a> as the object store. It has taken a lot of work, and it is now very exciting seeing the level of interest there we're receiving about this new service!<br />
<br />
The great part of this is that we can now offer private cloud services to our customers which provides all the flexibility that we've come to expect with the "cloud", but hosted in New Zealand by a New Zealand owned company so no concerns about jurisdiction of your data! Not only are we able to offer private cloud services on our OpenStack cluster(s), but we can also deploy OpenStack onto our customers own hardware using our <a onclick="_gaq.push(['_trackPageview', '/extlink/www.catalyst.net.nz/what-we-offer/cloud-services/on-premises-openstack-cloud']);" href="http://www.catalyst.net.nz/what-we-offer/cloud-services/on-premises-openstack-cloud">ProdStack</a> solution (I get to look directly at the Dashboard shown on that page, which is pretty cool).<br />
<br />
Next up is deploying another OpenStack cluster in our new data centre (which is another project I'm working on). In the near future we also hope to start using <a onclick="_gaq.push(['_trackPageview', '/extlink/www.opencompute.org/']);" href="http://www.opencompute.org/">Open Compute Project</a> hardware for our clusters.
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, 2014-07-10T22:19:05Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1260https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=126catalystgeekopenstackLCA2015 - Debian Miniconf submitted
https://blog.etc.gen.nz/archives/125-LCA2015-Debian-Miniconf-submitted.html
Phew, I've submitted a proposal to run a <a onclick="_gaq.push(['_trackPageview', '/extlink/www.debian.org']);" href="http://www.debian.org">Debian</a> Miniconf at <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2015.linux.org.au/']);" href="http://lca2015.linux.org.au/">linux.conf.au 2015</a> here's hoping that it is accepted!<br />
<br />
The Debian Miniconf was held in 2008 in <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2008.linux.org.au']);" href="http://lca2008.linux.org.au">Melbourne</a>, so I feel it is well overdue to run it again.
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2014-07-10T21:43:25Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1250https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=125catalystdebianfamilygeeklcalca2015linux.conf.auLaptops and networks
https://blog.etc.gen.nz/archives/124-Laptops-and-networks.html
Back in the old days, we had workstations. And only workstations. They lived on a network, and having them work in that network was simple. Printers just worked (thank you printcap), network shares just worked (thank you NFS) and life was good.<br />
<br />
Then along came laptops. We wanted to be more mobile, using our laptops on different networks or even without a network! No one wanted hardcoded printers anymore, or network shares defined in /etc/fstab. Using an Automounter was an option, but if you were on a different network then having the Automounter around would stall tools like nautilus and file indexers etc.<br />
<br />
So we need something which can start up relevant services when you connect to a network, and then stop them when you leave that network.<br />
<br />
To support this, a few years ago I wrote a NetworkManager dispatcher.d script to do just that. When you connect to a specific network (using the NetworkManager UUID or a specific gateway MAC) or a VPN connection then autofs is started, users GTK bookmarks have any bookmarks for their Network shares added and CUPS is restarted.<br />
<br />
When the connection goes away, then autofs is stopped, any GTK bookmarks for the Network shares are removed and any mounts for the Network shares are lazily unmounted.<br />
<br />
I'm not sure if this will of use to anyone else, but if it is I'd love to hear from you. You can <a onclick="_gaq.push(['_trackPageview', '/extlink/git.etc.gen.nz/cgi-bin/gitweb.cgi?p=laptop-tools.git']);" href="http://git.etc.gen.nz/cgi-bin/gitweb.cgi?p=laptop-tools.git" title="gitweb">browse the code</a> or <a onclick="_gaq.push(['_trackPageview', '/extlink/git.etc.gen.nz/laptop-tools.git']);" href="http://git.etc.gen.nz/laptop-tools.git" title="clone">clone the repo</a>.<br />
<br />
Included are sample autofs config files, the dispatcher, and the tools for managing the GTK bookmark files.
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2014-01-28T09:32:36Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1240https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=124catalystfamilygeeklaptoplinuxlinux.conf.au 2014 - Call for papers
https://blog.etc.gen.nz/archives/123-linux.conf.au-2014-Call-for-papers.html
<p>Holy crap, it's the last week of the linux.conf.au 2014 call for papers! We've got a bunch of great submissions, but we want <b>more</b>!</p>
<p>From the <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2014.linux.org.au/media/news/1']);" href="http://lca2014.linux.org.au/media/news/1">CFP Announcement</a>:</p>
<p>The linux.conf.au 2014 papers committee is looking for a broad range of proposals, and will consider submissions on anything from programming and software, to desktop, mobile, gaming, userspace, community, government, space and education. There is only one rule:</p>
<p><b>Your proposal must be related to open source</b></p>
<p>This year, the papers committee is going to be focused on linux on the frontier and deep technical content-- that might range from cybernetics and mobile operating environments to large astronomy projects and big data projects.</p>
<p>However, the conference is to a large extent what the speakers make it -- if we receive many excellent submissions on a topic, then it’s sure to be represented at the conference. Here’s a few ideas to get you started:</p>
<p><ul>
<li>The Cloud - What is it, how can we use it and why is it running on my toaster?</li>
<li>Kernel and core systems: file systems, embedded devices</li>
<li>Networking: peer to peer networking, or tuning a TCP/IP stack</li>
<li>Desktop: office and productivity applications, peripherals, support</li>
<li>Mobile: kernel, applications, programming, challenges, user interfaces</li>
<li>Servers: clusters and supercomputers, databases and cloud computing</li>
<li>Embedded systems: constraints in storage/memory, real-time aspects, open hardware</li>
<li>Virtualisation: benefits, challenges, management, kernel and application support</li>
<li>Systems administration: maintaining large numbers of machines, disaster recovery</li>
<li>Security: application security, network security, cryptography, malware, viruses</li>
<li>Programming: programming languages, software engineering practices, testing, continuous integration/deployment, different development methodologies, version control</li>
<li>Modern web technologies: Open source web browsers, HTML5, CSS3, JavaScript, web apps, accessibility</li>
<li>Audio and video: video editing, VoIP, WebRTC, video player development, live streaming</li>
<li>Open Community: licensing changes, patent threats, open data, open apis.</li>
<li>Free software use: home automation, IT, education, manufacturing, research, government applications, home security</li>
</ul>
</p>
<p>LCA is known for presentations and tutorials that are strongly technical in nature, but proposals for presentations on other aspects of free software and open culture, such as educational and cultural applications of open source, are welcome.</p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2013-07-01T01:42:09Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1230https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=123catalystfamilygeeklca2014linux.conf.aulinux.conf.au 2013 - Call for Proposals
https://blog.etc.gen.nz/archives/122-linux.conf.au-2013-Call-for-Proposals.html
<p>We are pleased to announce that the <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2013.linux.org.au/cfp']);" href="http://lca2013.linux.org.au/cfp">Call for Proposals</a> for <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2013.linux.org.au']);" href="http://lca2013.linux.org.au">linux.conf.au 2013</a> is now open!</p>
<p>The conference will showcase the best of open source and community-driven software and hardware. It will be held in Canberra at the Australian National University from Monday 28 January to Saturday 2 February, 2013, and provides a great opportunity for open source developers, users, hackers, and makers to share their ideas and further improve their projects.</p>
<h2>Important Dates</h2>
Call for proposals opens: 1 June 2012<br />
Call for proposals closes: 6 July 2012<br />
Email notifications from papers committee: 28 August 2012<br />
Early Bird registrations open: 1 October 2012<br />
Conference dates: Monday 28 January to Saturday 2 February 2013<br />
<h2>Information on Proposals</h2>
<p>The linux.conf.au 2013 papers committee is looking for a broad range of proposals, and will consider submissions on anything from programming and software, to desktop, userspace, community, government, and education. There is only one rule:</p>
<p><b>Your proposal must be related to open source.</b></p>
<p>This year, the papers committee is going to be focused on deep technical content, and things we think are going to really matter in the future -- that might range from freedom and privacy to open source cloud systems or to energy efficient server farms of the future.</p>
<p>However, the conference is to a large extent what the speakers make it -- if we receive many excellent submissions on a topic, then it’s sure to be represented at the conference.</p>
<p>For more information see the <a onclick="_gaq.push(['_trackPageview', '/extlink/lca2013.linux.org.au/cfp']);" href="http://lca2013.linux.org.au/cfp">full call for proposals</a> on the linux.conf.au 2013 website.</p>
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2012-06-07T22:58:14Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1220https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=122catalystfamilygeeklcalca2013Wolrd IPv6 Day - Catalyst
https://blog.etc.gen.nz/archives/120-Wolrd-IPv6-Day-Catalyst.html
Excellent, due to a little hack we now have the <a onclick="_gaq.push(['_trackPageview', '/extlink/www.catalyst.net.nz']);" href="http://www.catalyst.net.nz">Catalyst website</a> up on IPv6. Thanks David!<br />
<br />
This is using the same method that we used to get another large NZ site IPv6 enabled for World IPv6 Day.<br />
<br />
Funnily enough we've discovered there is a NZ company that is providing a commercial solution using the same method we're using. Even though it is dirty, and is really, <b>really</b> the wrong way to do it.<br />
<br />
<b>Note:</b> It is worth noting that Catalyst's email server has been IPv6 enabled for several years now, as have our DNS servers.
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2011-06-08T00:39:21Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1200https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=120catalystfamilygeekipv6World IPv6 Day
https://blog.etc.gen.nz/archives/119-World-IPv6-Day.html
In the vein of <a onclick="_gaq.push(['_trackPageview', '/extlink/worldipv6day.org']);" href="http://worldipv6day.org">World IPv6 Day</a>, I've finally re-enabled IPv6 for the etc.gen.nz mailserver and for our <a onclick="_gaq.push(['_trackPageview', '/extlink/www.etc.gen.nz']);" href="http://www.etc.gen.nz">main website</a> (and my <a onclick="_gaq.push(['_trackPageview', '/extlink/git.etc.gen.nz']);" href="http://git.etc.gen.nz">git repo</a>).<br />
<br />
These services used to have IPv6 enabled, but when I moved them from my home server to one hosted in a data centre we lost IPv6 support. However in the last few months, our hosting company has deployed IPv6 support to their hosting facility, and I finally found time to finish setting it up on the server.<br />
<br />
So, we're back on IPv6, just in time for World IPv6 Day!
Andrew's blogandrew@etc.gen.nz (Andrew Ruthven)
catalyst, family, 2011-06-07T21:30:58Zhttps://blog.etc.gen.nz/wfwcomment.php?cid=1190https://blog.etc.gen.nz/rss.php?version=1.0&type=comments&cid=119catalystfamilygeekipv6