Bellman

From Bellman
Jump to navigation Jump to search

Bellman is a very small Linux server. Currently its primary job is to run Docker containers.

Bellman.jpg

"What's the good of Mercator's North Poles and Equators,
Tropics, Zones, and Meridian Lines?"'
So the Bellman would cry: and the crew would reply
"They are merely conventional signs!"
--Lewis Carroll, The Hunting of the Snark

todo

complete backups (see section below)

8/5/20 There is a partial rsync of Supermicro Bellman on Wenda in ~bwilson/bellman.

Stupid AppArmor complaint

I finally fixed the error that was being logged once per minute endlessly,

[192526.044351] audit: type=1400 audit(1649031318.465:3607): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/snap/bin/" pid=845699 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I put this in /etc/apparmor.d/local/usr.sbin.ntpd

 /snap/bin/ r,

then I did this and checked for errors.. I deleted /etc/apparmor.d/disable/usr.sbin.rsyslogd to eliminate a whine

systemctl reload apparmor.service
systemctl status apparmor.service


Audio notes

For a few months Bellman lived in my structured media panel. Now he and Wenda are back in the lab again where they can be on a UPS.

Bellman is powered on all the time so it should look like this,

Murre line out => line in Bellman line out => Speakers

But there is no line out on Bellman. I have a single headphone jack for an audio connector. So much for that idea.

Streaming audio to speakers connected directly.

  1. Test bellman audio.
    1. Output to speakers, set up alsamixer and play a file and see if sound comes out.
  • play /usr/share/sounds/sound-icons/violoncello-7.wav
    1. Input from microphone array

They say there is one?

In the old Supermicro days, it was possible to route the audio through Bellman via this magic command from https://askubuntu.com/questions/211136/get-the-audio-from-line-in-to-output-to-the-speaker

#manually start the module-loopback
pactl load-module module-loopback
#configure your system to load module-loopback on startup
#this places load-module module-loopback at the end of
#the /etc/pulse/default.pa pulseaudio configuration file.
sudo sh -c ' echo "load-module module-loopback" >>  /etc/pulse/default.pa '

Now sound can pass through. Since Bellman is always running, he gets to be connected directly to the speakers. This command will not work without a display,

pavucontrol

Streaming audio to another sink

How I can route audio from Docker containers to a speaker somewhere else in the house? I want the Pi Zero living in the kitchen needs to accept a stream over WiFi. https://bbs.archlinux.org/viewtopic.php?id=136474

Software

Ubuntu Server 20.04 LTS

Custom install

Installed node.js directly from a tar.xz file for Room Assistant. Also installed these, probably a mistake to do it this way. :-) but the Docker version does not work.

build-essential libavahi-compat-libdnssd-dev bluetooth libbluetooth-dev libudev-dev libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev

And I had to do this

sudo npm i --global --unsafe-perm room-assistant

I had to do this too

sudo setcap cap_net_raw+eip $(eval readlink -f `which node`)
sudo setcap cap_net_raw+eip $(eval readlink -f `which hcitool`)
sudo setcap cap_net_admin+eip $(eval readlink -f `which hciconfig`)

apt packages

This is a list of things added after a basic installation of Ubuntu. The goal this time out is to put every service into a Docker container, so packages added is minimal.

emacs-nox
docker
docker-compose
mlocate 
pulseaudio pulseaudio-utils avahi-daemon
pavumeter pavucontrol ubuntu-sounds
net-tools
nfs-common (needed to mount synology volumes locally, notably /green/music)
lm-sensors (use "sensors-detect" to config and "sensors" to read core temperatures)
timeshift

From Supermicro Bellman, not (yet) needed on NUC Bellman

conda
yaml-mode
dnsutils

I had X11 installed here, but not sure why so I pulled it. Maybe because I was using pulseaudio server?

Getting VNC working

2021-03-31 This has been removed, not sure what I was thinking I needed it for.

I'd prefer to just run X11 clients directly on my Windows Desktop but running UltraVNC is easier. See https://www.ubuntu18.com/install-vnc-server-ubuntu-18/ for setup help.

Install this ~/.vnc/xstartup file

#!/bin/sh 

unset SESSION_MANAGER
xrdb $HOME/.Xresources
xsetroot -solid red
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
startxfce4 &

Make sure it's executable!

After update xstartup I had to restart the server, "systemctl restart vncserver@1" did it.

This useless tool kept crashing so I removed it,

apt purge xiccd

Firewall

This is all different under Ubuntu. Hmm.

See https://blog.daknob.net/debian-firewall-docker/ for ideas.

I use my own bash script to load iptables rules. See /usr/local/bin, /etc/network, and /var/lib/vastra.

Email

Based on standard Ubuntu exim installation. I am using sendgrid (free level) as my smart host.

Mail for bwilson is sent to brian@wildsong.biz via /etc/aliases

/etc/exim4/passwd.client contains the API key.

/etc/exim4/update-exim4.conf.conf

dc_eximconfig_configtype='satellite'
dc_other_hostnames='bellman'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='wildsong.biz'
dc_relay_domains=
dc_minimaldns='false'
dc_relay_nets=
dc_smarthost='smtp.sendgrid.net:587'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=
dc_mailname_in_oh='true'

Printing

The Brother printer is currently connected to Wenda not Bellman. When it was, I found the Linux drivers for my HL-L2320D printer didn't work, so I set up a raw driver on Bellman and then used the appropriate driver (manually selected) on client computers. It works fine.

Allow remote access

cupsctl --remote-admin --remote-any --share-printers

I also had to edit and add to /etc/cups/cupsd.conf

HostNameLookups on

and then

systemctl restart cups

NFS mounts

The Synology is automounted via the autofs package on /net/wenda/volume1/* I had to uncomment the /net line in /etc/auto.master to enable this.

Backups

Ubuntu Timeshift is an rsync wrapper! LOL

borgjs setup

It's been dockerized! Yep.

See ~bwilson/Backups/README.md

Output goes to an attached USB drive.

First time out, you must initialize the repository.

fdisk /dev/sdb
mkfs.btrfs /dev/sdb1
mount /dev/sdb1 /media/Backups
borg init -e none /media/Backups

I opt for no encryption when going to an attached hard drive.

See https://github.com/vesparny/borgjs

Home Assistant backups

Nightly backup of sqlite3 databases and loose files in config directory, to /net/wenda/volume1/Wildsong/Backups/home-assistant/

Psono backups

Psono database gets backed up nightly to the Synology via a scripts, backup.sh The backup files are date stamped, and stored in /net/wenda/volume1/Wildsong/Backups/psono/

The data is stored fully encrypted so dumping these is of no use if you are trying to recover a lost password. They are only for recovering from a crash.

BBR congestion

See https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ for example.

Is kernel ready?

uname -a
Linux bellman 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 GNU/Linux
grep 'CONFIG_TCP_CONG_BBR' /boot/config-$(uname -r)
grep 'CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)
egrep 'CONFIG_TCP_CONG_BBR|CONFIG_NET_SCH_FQ' /boot/config-$(uname -r)

sudo -s 
cat > /etc/sysctl.d/10-custom-kernel-bbr.conf <<EOF
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOF

'''sysctl --system'''
* Applying /etc/sysctl.d/10-custom-kernel-bbr.conf ...
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
* Applying /etc/sysctl.d/30-postgresql-shm.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.d/asterisk.conf ...
kernel.core_uses_pid = 1
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t
fs.suid_dumpable = 2
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1

That's that.

Services that run here

  • git moved to Synology Wenda (see Running my own git server)
  • Brother printer moved to Wenda
  • gpsd welll --- not in Astoria, not yet anyway. :-(
  • ssh to allow remote access
  • fail2ban to cut off break in attempts via ssh

DNS

I tried to get dnsmasq to happily live in a container and failed (it would not come back up on reboots.) So dnsmasq runs on the host.

Network syslog

To allow devices such as [[Granstream GXV3240] phones to spit out logging information, I enable rsyslog from remote hosts: In /etc/rsyslog.conf you must uncomment 2 lines and restart rsyslogd:

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

Services in Docker containers

/etc/docker/daemon.json looks like this

{
   "data-root": "/var/lib/docker",
   "storage-driver": "overlay2",
   "dns" : ["127.0.0.11", "1.0.0.1", "1.1.1.1"],
   "dns-search":["wildsong.biz"]
}
service containers notes
Home Assistant home-assistant, node red, mosquitto Compose
Proxy proxy, letsencrypt Stack
Squeezebox squeezebox compose Squeezebox server SqueezeBox See Streaming media for installation notes.
Traccar traccar anyd mysql Stack
Unifi Stack
$ docker stack ls
NAME                SERVICES            ORCHESTRATOR
dnsmasq             1                   Swarm
proxy               3                   Swarm
traccar             2                   Swarm

See also, Asterisk in Docker geoserver Vault and others...

History

2022-03-02 Installed Docker from the Docker repo per https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository so I can use buildx now.

2020-12-03 Installed exim4 and configured to use Sendgrid.

2020-12-01 Moved dnsmasq from Docker container to host, it just was not restarting properly when I rebooted and that would take my entire network offline.

2020-10-18 Moved from garage to structured media panel.

2020-08-05 Intel NUC edition hardware arrived. Installed Ubuntu Server 20.04.1 LTS.

2020-07-29 Bellman, Supermicro edition completely went dark. I set up Tern as a temporary replacement and ordered an Intel NUC.

2020-01-20 - started generating errors: NMI: IOCK error (debug interrupt?) for reason 61 on CPU 0. Then it would not restart. I ended up replacing the CR2032 (did not help) and then reseating the connectors. Fixed. This system is getting long in the tooth.

2019-10-04 - fix for networking, applied on Dart too.

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

2019-10-03 - Upgraded to Debian Buster (10) and this broke Docker because of the move from iptables to nftables. Must fix ASAP. All Dockers are broken. How dismaying. Repeat after me: "It's only a hobby."

2019-05-09 - Added docker-compose for elasticsearch and per recommendations of ElasticSearch docker docs, changed vm.max_map_count; it was 65530 and I set it: sysctl -w vm.max_map_count=262144

2019-04-26 - Moving NVMe WDC Black drive from Murre to Bellman.

2018-03-20 - Installed 8TB Archive drive, for TimeMachine and Owncloud storage. Moved from 120GB SSD to 750GB Samsung Evo 840. Installed clean copy of Stretch on the SSD.

2017-09-06 - Upgrade to 32GB RAM, yay! I need to do something with all that space. I did move /tmp to RAM; see SSD optimizations. I also removed a lot of dead code including lightdm (how'd that get in there?)

bwilson@bellman:~$ free
              total        used        free      shared  buff/cache   available
Mem:       32937080     2287376    27811208       25700     2838496    30153064


2017-08-25 - Migrated mariabdb and owncloud to Docker

2017-07-25 - Migrated logitech media server to Docker

2017-07-25 - Upgraded to Debian 9 (Stretch)

2016-10-16 - Seeing disk errors in the WDC. It's 6 years old! REPLACE!!! Installed new Seagate Barracuda ST2000DM006 2TB $70 10-26-16 Added a fan in the hard drive section of the case, too.

2016-01-26 - Installed VirtualBox 5.0.14 and Vagrant 1.8.1 (from DEB files, repos are too old) and started migration of services.

2015-12-?? - Moved to hardware formerly used for Vastra2

2015-07-10 - Added lm-sensors and added temperature tracking to Cacti.

2015-07-01 - Replaced APC UPS with Cyberpower. Installed monitoring software.

2015-06-19 - reconnected the MX330 printer and shared it.

2015-06-18 - upgraded to Debian 8 Jessie

2013-12-29 - returned from X-Mas and discovered Bellman won't boot. Snarks about a degraded RAID. Darn.

2013 Mar - Installed Linux Mint 14 so that I could use Makerware with my new Replicator 2

2013 Jan - Seagate Barracuda 2TB Green drive died. ST2000DL003 S/N 5YD77CTE Replaced with a Barracuda 2TB mirror

2011 Dec - Been doing PostGIS experiments so I upgraded the hardware.

2010 Jan - I just started this section but I have had this machine online for at least a couple years now.

2015-06-19 back up

Note this includes /home but not /green.

cd /
tar --one-file-system czvf /mnt/bellman_root.tar.gz .

2013-12-29 Rescue from boot fail

I no longer need a desktop environment on the small server, because I moved my main desktop next to the 3D printer. So I put Debian back on the server again. So I am going to try a Debian rescue image.

Diagnosis

Step 1. Build rescue thumbdrive. Download from http://debian.osuosl.org/ and copy image to thumbdrive

sudo cp debian-live-7.2-amd64-rescue.iso /dev/sdX
sudo sync
sudo eject /dev/sdX

where X is the appropriate drive letter, do NOT use the wrong letter!

Step 2. Boot Bellman with the thumb drive

Step 3. Look around

Using hdparm -i

  • sda Vertex SSD S/N OCZ-9UDI676M56Z4IR8P
  • sdb Seagate 2TB ST2000DM001-9YN164 S/N Z240BVP5
  • sdc Seagate 2TB ST2000DM001-9YN164 S/N Z240A0H1
  • sdd rescue drive
# fdisk -l /dev/sda

Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0009c7c9

  Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048   218460159   109229056   83  Linux
/dev/sda2       218462206   234440703     7989249    5  Extended
/dev/sda5       218462208   234440703     7989248   82  Linux swap / Solaris

sdb and sdc don't have partition tables as they are used in a RAID (see 2013 Jan entry)

See LVM page

cat /proc/mdstat 
Personalities : [raid1] 
md126 : active raid1 sda[1]
      117218240 blocks [2/1] [_U]
      
md127 : active raid1 sdb[0] sdc[1]
      1953514496 blocks [2/2] [UU]
      
unused devices: <none>

mdadm --detail /dev/md126
/dev/md126:
        Version : 0.90
  Creation Time : Thu Feb 21 06:23:36 2013
     Raid Level : raid1
     Array Size : 117218240 (111.79 GiB 120.03 GB)
  Used Dev Size : 117218240 (111.79 GiB 120.03 GB)
   Raid Devices : 2
  Total Devices : 1
Preferred Minor : 126
    Persistence : Superblock is persistent

    Update Time : Thu Feb 21 06:30:49 2013
          State : clean, degraded 
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
  Spare Devices : 0

           UUID : 9f48e120:81a0f612:edd8d016:611227ea
         Events : 0.12

    Number   Major   Minor   RaidDevice State
       0       0        0        0      removed
       1       8        0        1      active sync   /dev/sda

mdadm --detail /dev/md127
/dev/md127:
        Version : 0.90
  Creation Time : Mon Jan  7 04:12:45 2013
     Raid Level : raid1
     Array Size : 1953514496 (1863.02 GiB 2000.40 GB)
  Used Dev Size : 1953514496 (1863.02 GiB 2000.40 GB)
   Raid Devices : 2
  Total Devices : 2
Preferred Minor : 127
    Persistence : Superblock is persistent

    Update Time : Mon Dec 30 17:21:21 2013
          State : clean 
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

           UUID : 462f6c0c:68770b3a:b268e686:64f77a36
         Events : 0.131

    Number   Major   Minor   RaidDevice State
       0       8       16        0      active sync   /dev/sdb
       1       8       32        1      active sync   /dev/sdc

Looks like there are 2 RAID's, and md126 is the broken one. It should be the SSD and something else? Time to open the box and see what's in there.

fdisk /dev/md126

Command (m for help): p

Disk /dev/md126: 120.0 GB, 120031477760 bytes
255 heads, 63 sectors/track, 14592 cylinders, total 234436480 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0009c7c9

      Device Boot      Start         End      Blocks   Id  System
/dev/md126p1   *        2048   218460159   109229056   83  Linux
/dev/md126p2       218462206   234440703     7989249    5  Extended
/dev/md126p5       218462208   234440703     7989248   82  Linux swap / Solaris

Command (m for help): 

Conclusion - I was planning on doing RAID mirror and never got the second drive installed. I think I might have used it in Stellar instead. Steller's drive failed and needed immediate replacement. Something failed on the SSD and now it's not booting, but this has nothing to do with the hardware from what I can tell. It complains about the RAID missing a drive but that's not new.

2014 Jan 01 rebuild

Do as in the Linux Mint section below

Also note:

PRESERVE MYSQL!!

/etc/hdparm.conf

2013 Jan data mirror build

apt-get install mdadm lvm2
mdadm --create --metadata=0.90 --level=mirror --raid-devices=2 /dev/md0 /dev/sdb /dev/sdc
cat /proc/mdstat 
pvcreate /dev/md0 
vgcreate vg_mirror /dev/md0 
lvcreate --verbose --extents 100%FREE -n lv_mirror vg_mirror
mkfs.ext4 /dev/vg_mirror/lv_mirror 
mount /dev/vg_mirror/lv_mirror /green
dd if=/dev/zero of=/green/swapfile1 bs=1024 count=1048576

2013 Mar Linux Mint rebuild

Had to install mdadm and lvm2 but then it recognized the LVM drives All I had to do was mount the RAID on /green.

sudo apt-get install synaptic nfs-kernel-server ssh mysql-server phpmyadmin ntp winbind smartmontools postfix

Re-install dropbox

Re-install squeezeboxserver from Logitech. http://bellman:9000/

Set up cups again

Copy over /etc/exports file

Need AFP support for Apple Timemachine. See Netatalk 3 on Debian

December 2011 upgrade

Bellman had an Intel Little Falls Atom 230 mini-itx main board + 2GB RAM until Dec 2011. Bellman used to be an Athlon desktop system, I recycled the name because I like it.

Hardware

Intel NUC edition, born 8/5/2020

  • Intel NUC10i5FNH (Newegg 7/29/20)
    • 4 core i5 CPU
    • WiFi (Intel Wi-Fi 6 AX201)
    • Bluetooth 5
    • IR sensor
    • Thunderbolt port (USB-C)
    • 7.1 HD Audio, L+R mic
  • Kingston Technology Corp. HX429S17IBK2/32 32GB 2933MHZ DDR4 (2 16GB SODIMM) (Newegg 7/29/20) Note, MAX is 64GB
  • WD Black 512GB Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from Supermicro)
  • Corsair Neutron at /workspace 240GB /dev/sda s/n 124479060000190702E2
  • Nortek Zigbee/Zwave HubZ controller

The SSD has a copy of Ubuntu on it, I probably set things up before overwriting the NVMe drive.

Audio

I note that it says it has a microphone array, and that appears to show up in dmesg so I guess it's true? This might mean I need to move the computer up someplace where it can listen to me?

It says it has a DSP too.

Supermicro version, deceased 7/29/20

Local copy of motherboard manual File:SuperMicro SYS5018A.pdf

Audio output: NuForce UDAC 2

Newegg 03/26/2019 2 Noctua 40mm x 20mm system fans
Newegg 09/03/2017 Inv 153021116
Newegg 10/16/2016 Inv 143374043
Newegg 11/21/2014 Inv 120335149

  • SUPERMICRO SYS-5018A-FTN4 1U Rackmount Server Barebone FCBGA 1283 DDR3 1600/1333
  • SUPERMICRO MCP-220-00051-0N Single 2.5" Fixed HDD Mounting Bracket
  • 4 x Kingston 8GB 204-Pin DDR3 SO-DIMM ECC Unbuffered DDR3 1600 (PC3 12800) Server Memory Model KVR16LSE11 (3 added 2017-09-07)
  • sda = Samsung SSD 840 EVO 750GB
  • sdb = Seagate Archive 8TB (Installed 3/18/18, purchased 9/03/17)
  • WD Black 512GB Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from Murre)

eth0 00:25:90:F7:37:72

Bellman is configured to bring up a management interface on this ethernet interface too. (Optionally there is a separate management interface. This server has 5 ethernet ports, 4 on the motherboard and 1 on the management card.) Since it's a Supermicro possibly it can be pwned at any time by the Chinese. Since I don't use Bellman to control centrifuges or do weapons research I live with it.