[Ubuntu] Networked UPS with apcupsd, APC 750 and Windows

Due to some serious power outages, I had to install an UPS at the Office of one client. It is an rather small setup: One low-power Ubuntu Server, one Laptop with one TFT Screen, one i3 Desktop with two TFT Screens, one network switch. All in all, about 400VA. I had an old APC Smart UPS 750 VA at hand and used it.
Idea was to connect the UPS via USB directly to the Server and hook Laptop and Desktop to that Server via Network. As soon as the Server found that the whole Powergrid went offline, all pcs should shutdown automatically: Enter apcupsd.

Power installation:
Connect the UPS input to the power grid, connect the UPS out to your PCs. NEVER CONNECT ANY LASER PRINTER TO THAT OUTPUT!
Power up the UPS.

Server installation:
Connect the UPS USB Port to the Server.
Install apcupsd:
sudo apt-get install apcupsd
Configure apcupsd:
sudo vi /etc/apcupsd/apcupsd.conf
In my case I configured that settings:

UPSNAME blaUPS # How you want to name your ups
UPSCABLE smart # in my case, it is a smart cable
UPSTYPE usb # on usb
POLLTIME 60 # poll ups every 60 seconds
ONBATTERYDELAY 10 # delay alarm for 10 seconds
BATTERYLEVEL 10 # on less than 10 percent battery level shutdown server
MINUTES 3 # on less than 3 minutes battery runtime shutdown server
NETSERVER on # activate network server
NISIP 0.0.0.0 # allow access from all nics
NISPORT 3551 # default port for network server

Allow port 3551, tcp through iptables!

Restart apcupsd:
sudo service apcupsd restart

Give status of current apcupsd session:
sudo service apcupsd status

Client installation on Windows:
Download latest version for Windows (i.e. winapcupsd-3.14.13.exe), you only need apcupsd Service and Tray Applet.
Leave everything on default on setup and configure apcupsd.conf

UPSNAME blaUPS # How you want to name your ups
UPSCABLE ether # network to server
UPSTYPE net # on network
DEVICE IP:3551 # for IP, enter the IP of the server
POLLTIME 15 # poll ups every 15 seconds
ONBATTERYDELAY 10 # delay alarm for 10 seconds
BATTERYLEVEL 20 # on less than 20 percent battery level shutdown client
MINUTES 3 # on less than 3 minutes battery runtime shutdown client
NETSERVER on # activate network server
NISIP 127.0.0.1 # allow access only from localhost

And thats it 🙂

[RPi] The cheapest Raspberry Pi Cluster Ever Made v2

Ok, an little update on the PiZero Cluster Front:
Now, that OTG is compiled directly into the "next" kernel of RPi, we can use the OTG USB Virtual Ethernet directly - which makes it a lot easier. So I updated this :).

0. Preparing Minibian Jessie Image
I used some old Appliance Image I created from an Minibian Wheezy Image (https://minibianpi.wordpress.com/) earlier this year - for the 1.) section on the RPi Modell B pre 2.0 and RPi Modell A+. For the 2.) section, I used an special Appliance Image I made from an Minibian Jessie Image. However, I will document needed changes here, to get it running from any source. I recommend the Minibian Jessie Image as starting point, with this changes:

apt-get update apt-get install -y raspi-config keyboard-configuration raspi-config # Default Configuration and Expand Filesystem using raspi-config # Enter Finish and press Yes on Reboot the Device


apt-get install -y rpi-update sudo

apt-get -y dist-upgrade

reboot
rpi-update

reboot
# Create Default User pi

adduser pi

# Enter Password as wanted, i.e. raspberry

# Add user to default groups

usermod -a -G pi,adm,dialout,cdrom,audio,video,plugdev,games,users pi

# Add sbin Paths to pi

echo 'export PATH="$PATH:/sbin:/usr/sbin:usr/local/sbin"' >> /home/pi/.bashrc

# Add user to sudo

visudo

# Add under

# # User privilege specification

# root ALL=(ALL:ALL) ALL

pi ALL=(ALL:ALL) ALL

# Save and Exit

reboot

# Disable root login sudo passwd -l root

or - and default RPi Jessie Image.

1. Building mpich 3
# Update and Install Dependencies, then reboot sudo apt-get update sudo apt-get -y dist-upgrade sudo apt-get install -y build-essential sudo reboot

# Make MPICH 3.2 cd ~ wget http://www.mpich.org/static/downloads/3.2/mpich-3.2.tar.gz tar -xvzf mpich-3.2.tar.gz cd mpich-3.2 # This will take some time sudo ./configure --disable-fortran # This will take several cups of tea ;) sudo make sudo make install

# Create SSH on Master, distribute to Slaves
cd ~ ssh-keygen -t rsa –C "raspberrypi"
Default location should be set to /home/pi/.ssh/id_rsa if you're using the standard user pi. Then choose this command to distribute the key to all your "slave maschines":
cat ~/.ssh/id_rsa.pub | ssh pi@IP_OF_SLAVES "mkdir .ssh;cat >> .ssh/authorized_keys"
( Was taken from http://www.southampton.ac.uk/~sjc/raspberrypi/ - he was the original father of the RPi Clusters and his work inspired me already years ago - so please read and support his work :)! Additional infos can be found at http://westcoastlabs.blogspot.co.uk/2012/06/parallel-processing-on-pi-bramble.html)
You could also just
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
to your own authorized files, shutdown your Master Pi after that and clone the card several times for all your Clients. This way, you would only need to do the work once - however, maybe you should release the keys in ~/.ssh/ so that only your Master Pi could command the slaves

2. PiZero on Virtual Ethernet
I build my MPICH as mentioned in 1) on an Minibian Jessie image (SDCard running on an RPi B). Then I installed the new RPi Kernel and prepared the image for OTG Ethernet, using the new information provided by NicoHood:

#install new kernel with OTG support sudo BRANCH=next rpi-update


# This is required in the config.txt

echo "device_tree=bcm2708-rpi-zero.dtb" | sudo tee -a /boot/config.txt
# Regarding the readme this is applied automatically for a pi zero (and yes it works without) - so not really needed

# echo "dtoverlay=dwc2" | sudo tee -a /boot/config.txt
# Only use this, if the new kernel causes sd card errors

# echo "dtoverlay=mmc" | sudo tee -a /boot/config.txt
# permanently add the g_ether (or any other) module, add it to /etc/modules

echo "dwc2" | sudo tee -a /etc/modules

echo "g_ether" | sudo tee -a /etc/modules
# Add settings to network interfaces

echo '

allow-hotplug usb0

iface usb0 inet static

address 192.168.7.2

netmask 255.255.255.0

network 192.168.7.0

broadcast 192.168.7.255

gateway 192.168.7.1

dns-nameservers 8.8.8.8' | sudo tee --append /etc/network/interfaces
# Some additional tweaks:

Add
# Turn HDMI Off

/usr/bin/tvservice -o

# Turn HDMI Back On

#/usr/bin/tvservice -p

# Turn ACT LED Off on Pi Zero echo none | tee /sys/class/leds/led0/trigger echo 1 | tee /sys/class/leds/led0/brightness

to your /etc/rc.local before exit 0 to turn off the HDMI Interface on boot,
as well as the LED of the Pi Zero to use less energy. Found on:
http://www.midwesternmac.com/blogs/jeff-geerling/raspberry-pi-zero-conserve-energy and http://www.midwesternmac.com/blogs/jeff-geerling/controlling-pwr-act-leds-raspberry-pi

This was enough to create an Pi Zero Slave Image.
Shutdown the RPi now with
sudo shutdown -h now
remove the Power and insert the SDcard into your Pi Zero.

On the Master Machine, I did following changes:
# Add settings to network interfaces echo ' allow-hotplug usb0 iface usb0 inet static address 192.168.7.1 netmask 255.255.255.0 network 192.168.7.0 broadcast 192.168.7.255' | sudo tee --append /etc/network/interfaces


# Allow Ipv4 Forward

echo 'net.ipv4.ip_forward=1' | sudo tee --append /etc/sysctl.conf
# Install iptables

sudo apt-get install -y iptables
# Define NATing rules

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo iptables -A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT
# Save NAT rules / load iptables on interface up

sudo touch /etc/iptables_masq.rules

sudo chown pi:pi /etc/iptables_masq.rules

sudo iptables-save > /etc/iptables_masq.rules
Add

pre-up iptables-restore < /etc/iptables_masq.rules
under the eth0 section in the network interfaces

sudo vi /etc/network/interfaces

i.e.
auto eth0
iface eth0 inet dhcp
        pre-up iptables-restore < /etc/iptables_masq.rules

( Info taken from: http://serverfault.com/questions/405628/routing-traffic-on-ubuntu-to-give-raspberry-pi-internet-access )

#After that, I shutdown the RPi via sudo shutdown -h now #removed power from it.

Then I attached the Pi Zero to the Hub of Pi B via an Micro USB Cable by using the Micro USB OTG Slot on the Pi Zero, connecting it to the Hub of the Pi Modell B. Next, I powered up the Pi B - and both booted.

I pinged 192.168.7.2 - which was the IP of the Pi Zero - and it answered. Now I only had to use cat ~/.ssh/id_rsa.pub | ssh pi@192.168.7.2 "mkdir .ssh;cat >> .ssh/authorized_keys" from Section 0 to get the SSH Key, created in Step 0 onto the Pi Zero and could use that to automatically login in into the Pi Zero.
With the new IP of the RPi B and Pi Zero in the machinefile of mpich I could then use my both RPis with higher speed and nearly zero costs for cabeling and power :)!
The clou: I don't need an additional powersupply for the Pi Zero - nor network adapters, RJ45 cabling, an switch - only one USB A to USB Micro cable per Pi Zero - and maybe an big, active USB Hub ;)!

Now, I need to get more Pi Zeros - I plan on using an Modell B as Master with an big active USB Hub to support 4 Pi Zeros - or an Modell B+ with an REALLY BEFFY USB Supply to work them all the same RPi - but that would come down to trying this... And I got only one Pi Zero - so I need some more time (or some sponsors?) to get me more RPi Zeros to try and see, whether this approach does scale ;)!

Best thing: This can also be used to try the awesome work of http://blog.hypriot.com/ to build an Docker Cluster from that - cool, ain't it?

[RPi] Measuring RPi Zero USB Network Speed with iperf

As I saw Jeff Geerlings Website and his iperf Benchmarks of different RPis (Link), I wondered how the RPi Zero would perform by using the USB Virtual Ethernet Interface on my Windows 7 x64 PC.

So I got the latest iperf 2 Version (iPerf 2.0.5-3) from the iperf Website at https://iperf.fr/iperf-download.php, installed iperf from the Raspbian Jessie Packages and launched the iperf Server on my Windows 7 x64 PC via iperf -s. The PC was attached to an Gigabit Switch via an Gigabit Ethernet Interface - so no bottleneck here.

Then I started the iperf tests via iperf -c IP -t 20 -i 2.
And these are results:

RPi Modell B Version pre 2
------------------------------------------------------------
Client connecting to 192.168.2.4, TCP port 5001
TCP window size: 43.8 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.98 port 37217 connected with 192.168.2.4 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 13.9 MBytes 58.2 Mbits/sec
[ 3] 2.0- 4.0 sec 13.9 MBytes 58.2 Mbits/sec
[ 3] 4.0- 6.0 sec 13.6 MBytes 57.1 Mbits/sec
[ 3] 6.0- 8.0 sec 14.4 MBytes 60.3 Mbits/sec
[ 3] 8.0-10.0 sec 14.5 MBytes 60.8 Mbits/sec
[ 3] 10.0-12.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 12.0-14.0 sec 14.5 MBytes 60.8 Mbits/sec
[ 3] 14.0-16.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 16.0-18.0 sec 14.5 MBytes 60.8 Mbits/sec
[ 3] 18.0-20.0 sec 14.5 MBytes 60.8 Mbits/sec
[ 3] 0.0-20.0 sec 143 MBytes 60.0 Mbits/sec

60 MBit/s? Well... That is not as good as thought...

RPi Modell B v2
------------------------------------------------------------
Client connecting to 192.168.2.4, TCP port 5001
TCP window size: 43.8 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.161 port 55453 connected with 192.168.2.4 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 14.1 MBytes 59.2 Mbits/sec
[ 3] 2.0- 4.0 sec 14.1 MBytes 59.2 Mbits/sec
[ 3] 4.0- 6.0 sec 14.0 MBytes 58.7 Mbits/sec
[ 3] 6.0- 8.0 sec 14.8 MBytes 61.9 Mbits/sec
[ 3] 8.0-10.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 10.0-12.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 12.0-14.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 14.0-16.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 16.0-18.0 sec 14.5 MBytes 60.8 Mbits/sec
[ 3] 18.0-20.0 sec 14.6 MBytes 61.3 Mbits/sec
[ 3] 0.0-20.0 sec 145 MBytes 60.7 Mbits/sec

60.7 MBit/s - ok, the RPi Modell B v2.0 got double the RAM (512 MB) than the old version - but that did not have impact on the network speed.

RPi 2 Modell B
------------------------------------------------------------
Client connecting to 192.168.2.4, TCP port 5001
TCP window size: 43.8 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.111 port 38411 connected with 192.168.2.4 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 22.6 MBytes 94.9 Mbits/sec
[ 3] 2.0- 4.0 sec 22.4 MBytes 93.8 Mbits/sec
[ 3] 4.0- 6.0 sec 22.5 MBytes 94.4 Mbits/sec
[ 3] 6.0- 8.0 sec 22.5 MBytes 94.4 Mbits/sec
[ 3] 8.0-10.0 sec 22.4 MBytes 93.8 Mbits/sec
[ 3] 10.0-12.0 sec 22.5 MBytes 94.4 Mbits/sec
[ 3] 12.0-14.0 sec 22.4 MBytes 93.8 Mbits/sec
[ 3] 14.0-16.0 sec 22.5 MBytes 94.4 Mbits/sec
[ 3] 16.0-18.0 sec 22.4 MBytes 93.8 Mbits/sec
[ 3] 18.0-20.0 sec 22.5 MBytes 94.4 Mbits/sec
[ 3] 0.0-20.0 sec 225 MBytes 94.2 Mbits/sec

94.2 Mbits/s is a good value, the matches with Jeff ones - so I am feeling a bit better after the bad measurements of the RPi 1 B pre/2.0's...

RPi Zero
------------------------------------------------------------
Client connecting to 192.168.7.1, TCP port 5001
TCP window size: 43.8 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.7.2 port 37992 connected with 192.168.7.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 21.9 MBytes 91.8 Mbits/sec
[ 3] 2.0- 4.0 sec 22.1 MBytes 92.8 Mbits/sec
[ 3] 4.0- 6.0 sec 22.2 MBytes 93.3 Mbits/sec
[ 3] 6.0- 8.0 sec 22.1 MBytes 92.8 Mbits/sec
[ 3] 8.0-10.0 sec 22.1 MBytes 92.8 Mbits/sec
[ 3] 10.0-12.0 sec 22.2 MBytes 93.3 Mbits/sec
[ 3] 12.0-14.0 sec 22.2 MBytes 93.3 Mbits/sec
[ 3] 14.0-16.0 sec 22.2 MBytes 93.3 Mbits/sec
[ 3] 16.0-18.0 sec 22.1 MBytes 92.8 Mbits/sec
[ 3] 18.0-20.0 sec 22.2 MBytes 93.3 Mbits/sec
[ 3] 0.0-20.0 sec 222 MBytes 92.9 Mbits/sec

Finally - and that does come in as a surprise: I though the Pi Zero - attached via USB Ethernet would give me any value between some Mbit and some really odd numbers - but it closely matches an really solid 100 MBit Interface - so... Thats cool :)!

Telekom blocking SMTP Servers without asking Users

Sometimes, you see things you just want to refuse to believe.
While it is true that most problems and quirks of software or hardware are due to really profound reasons and can be fixed quickly, sometimes you just cannot find them easily, if something unexpected happend - something which you never even thought of or you just found to be impossible.
My gamechanger - for the WORST - has been Telekom, which I happily would like to propose for the next BigBrother Award:
To cut a long story short: A friend of mine did order an Webhosting Account at all-inkl.com - and this did work without any problem.
I did configure some Domain Redirection, Mail Accounts, included them to the Android Phone of that friend - everything was working just fine.
However, as soon as the person arrived at home, Mail did not work anymore on the phone.
After trying to track down the problem for far too long, I did call the (very nice) support and got some immediate help:
"Are you using a Telekom Line?" - well... Yeah? - "Oh.. Well, they include SMTP Whitelists in the new routers, to stop spammers and we are not on this whitelist... So you can recieve but not send mail..." - WAIT. WHAT?!
A quick check on the WIFI Symbol, IP Range of the Phone and an Network IP DOT 1 in the friendly browser later - "Speedport W724v - What can I do for you?" - Well, [D|F|S][a-z][a-z][a-z]!
Turns out, the new W724V, Entry 2 and Hybrid Home Routers of the Telekom "feature" an SMTP Server WHITELISTE. So if you try to use your nice myname.de SMTP Server - nop'! You have to include your own Servers to that list, otherwise connection will be blocked - regardless if you try to communicate via Port 25 or 587 via SSL or encrypted formats. Really, hot, bad, nasty stuff.
One could mention that fighting spamers is a good idea, but this approach is as china-like as it is 1984.
So, kudos Telekom - you just made it impossible for "non-IT people" to use their own not Telekom and al. hosted SMTP service!
More can be found on this german site: http://all-inkl.com/wichtig/anleitungen/programme/e-mail/speedport-w724v-hybrid/liste-der-sicheren-e-mail-server_399.html

Netflow on Ubuntu

Netflow consists of three parts:
The collector, which collects the connection data on a host,
the capture, which receives data from collectors and writes them to disk in binary format,
the dump tool, which presents the data

We use fprobe as collector and nfcapd as capture tool:

sudo apt-get install fprobe nfdump

fprobe wants to be configured during the installation. It asks for the interface which should be listend upon and where the flow collector does listen. In our example, eth0 should be listend upon and the flow collector is situated on the same computer. Please use 127.0.0.1:9995 for that.

You can edit the frpobe file again:

/etc/default/fprobe
#fprobe default configuration file


INTERFACE="eth0"

FLOW_COLLECTOR="127.0.0.1:9995"

#fprobe can't distinguish IP packet from other (e.g. ARP) OTHER_ARGS="-fip"

nfcapd needs to be configured by hand.
You need to set nfcapd_start to yes:

/etc/default/nfdump
# nfcapd is controlled by nfsen nfcapd_start=yes

To change the destination folder of the capture files, change the hardcoded DATA_BASE_DIR in /etc/init.d/nfdump

After that, start the services:
sudo service fprobe stop sudo service nfdump stop sudo service fprobe start sudo service nfdump start

After that, you can evaluate the resulting data
cd /var/cache/nfdump nfdump -R REPLACE_WITH_FIRST_FILE_BEGINNING_WITH_nfcapd.
You can also define a filter with " ", i.e. nfdump -R nfcapd.201510260926 "port 3720" or "ip 8.8.8.8"

Additional infos:
http://nfdump.sourceforge.net/

Click to access Netflow.pdf

Click to access ripe50-plenary-tue-nfsen-nfdump.pdf

SSH Socks Proxy

Very easy and handy is to use an SSH Server as Socks Proxy:
ssh -D 8080 username@my_ssh_server

Or use Putty:
Enter the IP Address of your SSH Server, Port and go to Connection -> SSH -> Tunnels.
In Source Port enter the Port where the Proxy should be available. I.e. 8080
Then choose "Dynamic".
Leave Destination Port Empty and the IP Configuration on "Auto".

After connecting to your SSH Server, you can configure i.e. Firefox to use your Socks 5 Server on IP 127.0.0.1 and Port 8080.

[1841] Reset Password / Config, ROMMON Upgrade and Software Upgrade on Cisco 1841

1.) Reset Password / Config

- Connect to the router via Serial Cable

- Power on the router, but send a break during the first 60 seconds of boot time to get to the rommon CLI

- enter confreg 0x2142 followed by a reset

- Router is booting up, as soon as it does enter the system configuration dialog, answer the question with no

- enable

- conf t

- config-register 0x2102

- exit

- wr mem (because I just want to overwrite the old config :)!)

2.) ROMMON Upgrade

- Get the latest / needed ROMMON upgrade from Cisco

- Copy it i.e. to your CF card via Card Reader, TFTP or other means

- Boot up the router and enter privleged / enable mode

- Enter the upgrade command: upgrade rom-monitor file flash:<Filename>

- Answer yes to get the process starteted

- After the upgrade the router will reload

3.) Software Upgrade

- Get the latest/needed image from Cisco

- Just copy it to the CF card via Card Reader, TFTP or other means

- Reload

[Win7+] Software Accesspoint

Sometimes you just need to give wireless access to one of your little toys (i.e. Tablets, Smartphones, Raspberry Pis with Wifi - you name it) - but you got no wifi accesspoint with you. Starting with Windows 7, this ain't a problem anymore. You can setup an software ap in just a minute:

Enter following code into your command line interface to start an software accesspoint with the SSID WiBridge and the password mh28-dyi9-txwt:

netsh wlan set hostednetwork mode=allow ssid="WiBridge" key="mh28-dyi9-txwt" keyUsage=persistent netsh wlan start hostednetwork

You can check upon your ap via:

netsh wlan show hostednetwork

And you can stop it with:

netsh wlan stop hostednetwork

Update HP Procurve via XModem

I got an old HP Procurve Switch and wanted to upgrade the firmware.
After booting the switch, we configure the serial link to an Baudrate of 115200, so we won't have to wait all-night for the update to finish.

config console baud-rate 115200 exit write memory reload

After reloading the switch and configuring our terminal software to 115200 baud, we can start the XModem Upload via:

copy xmodem flash primary

After that command, the switch waits for an XModem datatransfer to beginn. So, just upload your new firmware image via your terminal software, using XModem.

Another reload after copying the image will complete the setup.

[Talk] Wearables & IoT Presentation

My introduction to Wearables & IoT at the Saarcamp 2014:

Download: IOT_Saarcamp.pdf (3 MB)