Adventures in Networking

Main menu:

autossh.service

[Unit]
Description=AutoSSH tunnel service to support Zabbix monitoring
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=root
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -N -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o UserKnownHostsFile=/home/username/.ssh/known_hosts -i /home/username/.ssh/id_rsa -L 20050:localhost:10050 username@example.com

[Install]
WantedBy=multi-user.target

Real-time Audio Streaming with Raspberry Pi

References:

  • Basic Idea:
    • https://tech.lds.org/forum/viewtopic.php?t=4812&start=30
    • https://tech.lds.org/forum/viewtopic.php?t=18758
  • Raspberry Pi Setup:
    • https://www.zdnet.com/article/raspberry-pi-extending-the-life-of-the-sd-card/
    • https://www.raspberrypi.org/forums/viewtopic.php?p=462982#p462982
      • Not needed with Pi 3!
    • https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html
    • https://ritsch.io/2017/08/02/execute-script-at-linux-startup.html
    • https://medium.com/@mikestreety/use-a-raspberry-pi-with-multiple-wifi-networks-2eda2d39fdd6
  • Sound adapter:
    • https://smile.amazon.com/gp/product/B016CU2PEU/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
  • Darkice, Icecast, etc:
    • https://stmllr.net/blog/live-mp3-streaming-from-audio-in-with-darkice-and-icecast2-on-raspberry-pi/
    • https://github.com/tim273/weather_radio_scripts
    • https://w7apk.com/streaming-radio
    • http://icecast.org/docs/icecast-2.4.1/basic-setup.html
    • http://icecast.org/docs/icecast-2.4.1/auth.html
    • http://wiki.sunfounder.cc/index.php?title=To_use_USB_mini_microphone_on_Raspbian
    • https://wiki.radioreference.com/index.php/Live_Audio/Ubuntu_Darkice
    • http://www.hamblog.co.uk/top-10-amateur-radio-uses-for-raspberry-pi/
  • Internet hosting by:
    • Linode
    • Debian, UFW
  • Client:
    • VLC

rtl_fm.sh

rtl_fm -f 72.1M -s 48000 | play -q -r 48000 -t raw -e s -b 16 -c 1 -V1 -v 4 - sinc 125-3.2k

darkice.cfg

[general]
duration = 0 # duration in s, 0 forever
bufferSecs = 1 # buffer, in seconds
reconnect = yes # reconnect if disconnected

[input]
device = plughw:1,1 # or `pulse' for Pulseaudio
sampleRate = 22050 # sample rate 11025, 22050 or 44100
bitsPerSample = 16 # bits
channel = 1 # 2 = stereo

[icecast2-0]
bitrateMode = vbr # variable bit rate (`cbr' constant, `abr' average)
quality = 1.0 # 1.0 is best quality
format = mp3 # format. Choose `vorbis' for OGG Vorbis
bitrate = 128 # bitrate
server = xx.xx.xx.xx # IP address of the IceCast server
port = 8000 # port for IceCast2 access
password = snajd # source password to the IceCast2 server
mountPoint = lcw.mp3 # mount point on the IceCast2 server .mp3 or .ogg
name = Lewis Center Ward

darkice.service

[Unit]
Description=darkice
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/darkice -c /xxxxx/darkice.cfg

[Install]
WantedBy=multi-user.target

autossh.service

[Unit]
Description=autossh
Wants=network-online.target
After=network-online.target
# sshd.service

[Service]
Type=simple
User=root
ExecStart=/usr/bin/autossh -M 0 -N -q -o "ExitOnForwardFailure=yes" -M 1234 -i /home/xxxxxxxx/.ssh/id_rsa -R 3333:localhost:22 user@example.com
#Restart=always
#RestartSec=60
#ExecStop=/usr/bin/killall -s autossh

[Install]
WantedBy=multi-user.target

Raspberry Pi DNS Server

I have been running dual DNS servers on my home network for a while, see my previous post about setting them up: Debian Server on a Thin Client with a Flash Drive

The inevitable finally happened–after a year of faithful service (and years past its expected life), my primary server (the DevonIT box) finally died. I traced it down to a couple of blown capacitors in the power supply, and while I am perfectly capable of replacing them, I decided to use the opportunity to put my Christmas present to good use.

I decided that if my Raspberry was going to find permanent usage in my stack of equipment it needed a real case on it to protect from electrical shorts and other damage. Why I choose the “blueberry” case for the Raspberry, I can’t explain, I guess I just like the look.

Raspberry Pi

http://www.amazon.com/gp/product/B00A42HTLC/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

 

I first attempted to get this running on an 8GB Class 2 SD I stole from my wife’s camera. While it was technically functional, it was vvveeerrryyy ssslllooowww, convincing me I needed a proper card like this:

Panasonic Gold Series 8GB Class 10 SDHC Memory Card

http://www.adorama.com/PCSDUB08GAK.html

 

I also needed a good power supply. The Pi takes about 500-700 mA by itself, significantly more if you plug in a USB stick or WiFi adapter (potentially 500 mA each). I found most typical cell chargers run in to 500 mA-1 A range. I ended using a 1 A charger I had lying around, but I’d recommend something like this:

USA Raspberry Pi Micro USB Power Supply Charger – 5v 1500ma

http://www.amazon.com/Raspberry-Pi-Micro-Supply-Charger/dp/B00DZLSEVI/ref=pd_sim_pc_4?ie=UTF8&refRID=0KYXTRMBV9RDNRNCK34Z

Alternatively, if you plan to have several devices you’re probably better off with a multi-port charger that can safely supply enough juice:
http://www.amazon.com/gp/product/B00LMIA9L4/ref=ox_sc_sfl_title_4?ie=UTF8&psc=1&smid=ANWBAWAHYG3PL

One word of caution–make sure the charger/power supply is UL listed (or certified by an equivalent regulatory body) . As my father (the electrical inspector) reminded me, if you’re going to run this 24×7 with cables all tucked in a dark corner, the last thing you want to stress about is everything going up in flames because you saved a few dollars buying a cheap charged from Asia.

I went with the standard Raspbian distro downloaded from official sources (http://www.raspberrypi.org/downloads/). The advantage of this is a simple, easy to install distro that is optimized for the Pi, yet resembles standard Debian as closely as possible. The main disadvantage is that it comes loaded with junk not required/desired on a small, headless server. I followed the instructions on this thread to clean up unwanted packages:
http://raspberrypi.stackexchange.com/questions/4745/how-to-uninstall-x-server-and-desktop-manager-when-running-as-headless-server

As of now, I’m down to 800MB of disk space used, and I’m not done yet.

Tasks left to be completed:

  • Continue to search out and remove undesired packages
  • Follow Linux hardening guidelines to make the system more secure
  • Set up remote logging — I have an internal syslog server, but I’m considering trying out https://papertrailapp.com/

Being a busy guy, this posting isn’t nearly as complete and polished as I’d like it to be, but hopefully someone will find it useful.

General OpenSSL Commands

Finding Files or Directories in Linux

find . -type d -exec ls -la {} \;

Debian Server on a Thin Client with a Flash Drive

Recommend 600Mhz+ CPU, 512MB+ RAM, 2GB+ Flash. Raspberry Pi 2 would work great.

On first server (DevonIT 6020A), used internal 128MB IDE Flash for /boot, used external flash for /. Purpose-built internal flash drive is fast for loading kernal. Advantages to this hardware: cheap, built-in power supply.

On second server (Wyse WinTerm?), had trouble with drive re-ordering. Expected same behavior, 512MB flash would be /dev/sda, USB would be /dev/sdb. However, once booting from USB, it became /dev/sda, flash was /dev/sdb. Long story short, went into BIOS and disabled IDE controller. Only disadvantage…slightly slower boot time. Advantage…whole system is on a single removable flash drive that can easily be backed up, replaced, or moved to new hardware. Advantages to this hardware: almost as cheap, newer. External power supply means easier DC power feed.

Use ext2, or see ext3 tweaks at: http://www.cyrius.com/debian/nslu2/linux-on-flash.html

Uncheck GUI, selected DNS, openSSH and base utilities only. Could go back and remove unneeded packages to shrink install even more. Could possible fit in 512MB, but flash is so cheap it’s not worth it unless you are paranoid about security and truly want to limit uneccesary packages. Although that limits future usage as well (no room to play).

Use syslog server for logging

No swap, move all temp directories to ram drive

  • /run
  • /tmp
  • /var

Tweak fstab, remove user mount for USB (what’s the point?)

See http://wiki.debian.org/RunningOnFlash

 

Useful Tips for Linux

Handy reference on frequently used Bash constructs:

http://www.codecoffee.com/tipsforlinux/index-linux.html

Summarize Unique IP Addresses in a Log File

Loops through each log file and dump output to a single file:

for file in `ls *.log`
do
cat $file |awk '{print $4}' |sort |uniq -c |sort -n >> output.txt
done

 

Now consolidate entries from each section of original file to a new file:

cat output.txt |awk '{print $2}' |sort |uniq -c |sort -n >> output2.txt

Where the $4 or $2 is the field to look at (space delimitated)

Bash example: Listing files in a directory

Simple example of how to perform an operation on every file in a directory:

for file in `ls *.pdf`
do
 convert -density 300 $file `echo $file | sed 's/\.pdf$/\.jpg/'`
done

OES 2 Installation and Setup

Complete the installation of SLES 10 first as per https://danobarrjr.net/2010/01/sles-10-installation-and-setup.html.

Install OES Components and Configure eDirectory:

  • Start the OES install:
    • YaST: Software, Add-on Product
  • Select Local Directory or NFS (depending on where your ISO images are)
  • If using NFS, specify the source server’s fully qualified name address
  • Check the ISO Image box and set the path to /install/OES2-SP1-x86_64-CD1.iso
  • Select and install the following packages:
    • Novell Backup / Storage Management
    • Novell eDirectory
    • Novell iManager
    • Novell iPrint (if needed)
    • Novell Linux User Management
    • Novell NCP Server
    • Novell Remote Manager
    • Novell CIFS (if needed – only works on NSS volumes)
    • Novell Storage Services (if needed)
  • eDirectory Configuration – New or Existing Tree
    • Select Existing Tree
    • eDirectory Tree Name: (enter the existing tree name)
    • Check Use eDirectory Certificates
  • eDirectory Configuration – Existing Tree Information
    • IP Address of an existing eDirectory server: (use the IP of a server hold a replica of root)
    • FDN Existing admin name: cn=admin,o=xxxxx
    • Enter Admin Password
  • eDirectory Configuration – Local Server Configuration
    • Enter Server Context: ou=Servers,ou=Sitename,o=XXXX
  • eDirectory Configuration – NTP & SLP
    • Network Time Protocol Server: (use the IP address of a server holding the master replica of root)
    • Select Configure SLP to use an existing Directory Agent
    • Service Location Protocol Scopes: (enter your scope name)
    • Add SLP Directory Agents: XX.XX.XX.XX
  • Novell Modular Authentication Service – accept defaults
  • You’ll now be at the Novell Open Enterprise Server Configuration summary screen
  • Click on LDAP Configuration for Open Enterprise Services
    • Remove the IP address of your master replica server
  • Click on Linux User Management
    • Accept the defaults on the first screen
    • Select All services to LUM-enable
  • IF installing CIFS, click on Novell CIFS
    • Change the Proxy user name to: cn=cifsProxyUser,o=xxxx
    • Set Search context to o=DOC
    • Set the Proxy user password
  • Click Next on the summary screen to start the installation into eDirectory
  • There will be a few miscellaneous prompts to respond to, such as to restart eDirectory
  • iManager/ConsoleOne Tasks:

    • Add an eDirectory replica to new server:
      • In iManager, go to Partition and Replica Management, Replica View
      • Enter SITE.XXXX, click OK
      • Click Add Replica. Select the new server and click OK.

    Configure NSS (not needed if only re-installing the OS for a failed server – following these steps will delete existing NSS pool/volumes):

    • Run nssmu from the command shell
    • Go to Devices, select the logical drive for the NSS pool, and hit F3 to Initialize it (be careful, make sure you have selected the correct drive!)
    • Create new pool named DATA using all of the logical drive
    • Create new volumes on DATA pool

    Turn off oplocks:

    • Edit /etc/opt/novell/nspserv.conf and make sure it has these two lines:
      • OPLOCK_SUPPORT_LEVEL 0
      • CROSS_PROTOCOL_LOCKS 1
    • This change requires a restart of NCP server (reboot)

    Register and Patch the server:

    • Register the server with Novell:
      • At the command prompt:
        suse_register -a email=xxx@xxxxx -a regcode-sles=XXXXXXXXXXXX -a regcode-oes=XXXXXXXXXXXX

    • Update the server using YaST, Software, Online Update (this works in text mode with screen)