Friday, May 11, 2018

 

RPI3 fedora 27, hyperion relay and fun with the latch of street door

Use the installer:


arm-image-installer --image=Fedora-Server-armhfp-27-1.6-sda.raw.xz --media=/dev/mmcblk0 --target=rpi3 --norootpass --addkey=/home/jfclere/.ssh/id_rsa.pub

resize the image with the graphic tool:


gparted /dev/mmcblk0

boot the PI and find its address:

nmap -sn 192.168.1.0/24 (ifconfig to get the laptop address).
Nmap scan report for 192.168.1.39
Host is up (-0.057s latency).
MAC Address: B8:27:EB:D4:2E:85 (Raspberry Pi Foundation)

ssh -l root 192.168.1.39 you are in!!!

remove the auto configure

/bin/systemctl disable initial-setup.service

setting timezone:

ls -lt /usr/share/zoneinfo/Europe/Zurich
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime

install wifi: (PI3)

curl https://fedora.roving-it.com/brcmfmac43430-sdio.txt -o /lib/firmware/brcm/brcmfmac43430-sdio.txt
reboot

Done:
+++
root@localhost ~]# nmcli device status
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  eth0
lo      loopback  unmanaged  --
wlan0   wifi      unmanaged  --
+++
nmtui
SSID PI2
Mode
Channel
Security
Addresses 10.0.0.201/24
[X] Never use this network for default route
[X] Require IPv4 addressing for this connection
[X] Automatically connect
+++

add dhcp server and configure it.

yum install dhcp-server
use https://github.com/jfclere/tomcatPI/blob/master/conf/master/dhcpd.conf
enable and start it.
/bin/systemctl enable dhcpd
/bin/systemctl start dhcpd

add named and configure it.

use https://github.com/jfclere/tomcatPI/blob/master/conf/master/named.conf
copy the configuration files in /etc/bind (mkdir /etc/bind)
enable and start it.
/bin/systemctl enable named
/bin/systemctl start named

Don't forget the firewall on the PI:
firewall-cmd --permanent --zone=FedoraServer --add-port=53/tcp
firewall-cmd --permanent --zone=FedoraServer --add-port=53/udp
firewall-cmd --reload

Look to the previous blog and enable the services

/bin/systemctl disable initial-setup.service
/bin/systemctl enable named
/bin/systemctl enable dhcpd


Getting the GPIO working...

+++
[root@localhost ~]# yum search gpio
Last metadata expiration check: 2:55:33 ago on Mon 30 Apr 2018 06:50:28 CEST.
=================================================================== Summary & Name Matched: gpio ===================================================================
libgpiod-utils.armv7hl : Utilities for GPIO
sgpio.armv7hl : SGPIO captive backplane tool
libgpiod-devel.armv7hl : Development package for libgpiod
python2-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
python3-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
libgpiod.armv7hl : C library and tools for interacting with linux GPIO char device
+++

install + try:
+++
[root@localhost ~]# python3 jfcgpio.py
Segmentation fault (core dumped)
+++
Oops... broken :-(

install libgpiod-utils trying...

+++
[root@localhost ~]# /usr/bin/gpioinfo
gpiochip0 - 54 lines: 
        line   0:      unnamed       unused   input  active-high
        line   1:      unnamed       unused   input  active-high
...
+++
[root@localhost ~]# /usr/bin/gpiodetect
gpiochip0 [pinctrl-bcm2835] (54 lines)
gpiochip1 [raspberrypi-exp-gpio] (8 lines)
+++
Yes:
gpioset -m time -s 1 gpiochip0 18=1
LED ON!!!

install httpd and start it.

/bin/systemctl enable httpd
/bin/systemctl start httpd

open firewall for httpd
+++
[root@localhost ~]# firewall-cmd --get-default-zone
FedoraServer
+++
So use FedoraServer ;-)
+++
firewall-cmd --permanent --zone=FedoraServer --add-port=80/tcp
firewall-cmd --reload
+++

Arrange the permission (selinux = tricky).

+++
[root@localhost ~]# audit2allow -a


#============= httpd_sys_script_t ==============
allow httpd_sys_script_t gpio_device_t:chr_file { ioctl open read write };
allow httpd_sys_script_t initrc_var_run_t:file { lock open read };
allow httpd_sys_script_t pam_var_run_t:dir { add_name write };
allow httpd_sys_script_t pam_var_run_t:file { create getattr lock open read write };
allow httpd_sys_script_t self:capability { audit_write dac_read_search setgid setuid sys_resource };
allow httpd_sys_script_t self:netlink_audit_socket { create nlmsg_relay };
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t shadow_t:file { getattr open read };
allow httpd_sys_script_t sudo_db_t:dir getattr;
allow httpd_sys_script_t system_dbusd_t:dbus send_msg;
allow httpd_sys_script_t systemd_logind_t:dbus send_msg;

#============= systemd_logind_t ==============
allow systemd_logind_t httpd_sys_script_t:dbus send_msg;
+++
audit2allow -a -M door
semodule -i door.pp
(Not working... Need more time).

disabling selinux :_(

+++
[root@localhost ~]# sestatus
SELinux status:                 disabled
+++

For the details on httpd configuration, html, cgi look to https://github.com/jfclere/door

Sunday, September 10, 2017

 

Getting DS1307 on RPI3 with fedora 24

1 - Add in the /boot/config.txt:
dtoverlay=i2c-rtc,ds1307

In dmesg:
+++
[    5.536541] rtc-ds1307 1-0068: rtc core: registered ds1307 as rtc0
[    5.540786] rtc-ds1307 1-0068: 56 bytes nvram
+++
the modules are loaded a boot now...
+++
[root@pc-8 ~]# i2cdetect -y 1
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- UU -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --
+++

[root@pc-8 ~]# hwclock -r
2017-09-09 17:58:49.868784+1:00
(well not too bad after 2 months (+~1 minute)

2 -  Get chrony to resynchronize my hardware clock (if I have a connection!)
In /etc/chrony.conf:
+++
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Serve time even if not synchronized to any NTP server.
local stratum 10
+++

3 - Get the hard clock set at the RPI3 start time:
creates a /etc/systemd/system/hwclock.service
+++
[Unit]
Description=Setup date and time via hwclock

[Service]
Type=oneshot
ExecStart=/usr/sbin/hwclock --hctosys

[Install]
WantedBy=multi-user.target
+++
and do:
systemctl enable hwclock

System time is set corrctly...
+++
[root@pc-8 ~]# timedatectl status      Local time: Sat 2017-09-09 19:35:58 CEST
  Universal time: Sat 2017-09-09 17:35:58 UTC
        RTC time: Sat 2017-09-09 17:35:58
       Time zone: Europe/Zurich (CEST, +0200)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
+++
Don't forget the firewall...
firewall-cmd --permanent --zone=FedoraServer --add-port=123/udp
firewall-cmd --reload

4 - make sure the clients (HypriotOS in my case) use the time server:

Add the RPI3 address in /etc/systemd/timesyncd.conf for (here 10.0.0.201 is the RPI3 with the hardware clock):
+++
[Time]
Servers=10.0.0.201
+++
service systemd-timesyncd restart




Sunday, October 16, 2016

 

Having fun with raspberry pi 3 and Astro Hat.

********* basic installation ********

From: https://fedoraproject.org/wiki/Raspberry_Pi
fdisk /dev/mmcblk0
unmount and reinsert
looking for the images:
https://dl.fedoraproject.org/pub/fedora/linux/releases/24/Spins/armhfp/images/
There are a bunch of them...
https://dl.fedoraproject.org/pub/fedora/linux/releases/24/Server/armhfp/images/
Only one I have picked this one.
losetup --partscan --find --show /home/jfclere/Downloads/Fedora-Server-armhfp-24-1.2-sda.raw /dev/loop0
mount -r /dev/loop0p3 /tmp/img/
mkfs.vfat /dev/mmcblk0p1
mkswap /dev/mmcblk0p2
mkfs.ext4 /dev/mmcblk0p3
mkdir /tmp/rpi/
mount /dev/mmcblk0p3 /tmp/rpi/
mkdir /tmp/rpi/boot/
mount /dev/mmcblk0p1 /tmp/rpi/boot/
cp -rpv /tmp/img/* /tmp/rpi/
sync (takes ages)
losetup -d /dev/loop0
[root@jfcpc NOTES]# blkid | grep mmcblk0
/dev/mmcblk0: PTTYPE="dos"
/dev/mmcblk0p1: SEC_TYPE="msdos" UUID="DB85-3C4A" TYPE="vfat"
/dev/mmcblk0p2: UUID="5f07dbe9-2619-481e-b0b3-5f37a7f011bf" TYPE="swap"
/dev/mmcblk0p3: UUID="8df2bd5c-4692-4f80-96ec-da2e9697a713" TYPE="ext4"
edit and ajust /tmp/rpi/etc/fstab
/tmp/rpi/boot/cmdline.txt Add
"dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p3 rootfstype=ext4 elevator=deadline rootwait"
https://www.raspberrypi.org/documentation/configuration/config-txt.md (configuration stuff).
/tmp/rpi/boot/config.txt (do we need something?...) empty for the moment...
copy the boot and modules
download the firmware:
https://github.com/raspberrypi/firmware
what is: https://github.com/raspberrypi/firmware/archive/master.zip
it is like https://github.com/modcluster/mod_cluster/archive/master.zip (just a zip repo).
dowload and unzip
So https://github.com/raspberrypi/firmware/tree/master/boot
[root@jfcpc NOTES]# cp -r /home/jfclere/Downloads/firmware-master/boot/* /tmp/rpi/boot/
So https://github.com/raspberrypi/firmware/tree/master/modules (for + and -v7+ no idea how it is choosen)
Once running doing more /proc/cpuinfo:
+++
processor : 0
model name : ARMv7 Processor rev 4 (v7l)
+++
guessing we use the -v7+ ;-)
[root@jfcpc NOTES]# cp -r /home/jfclere/Downloads/firmware-master/modules/* /tmp/rpi/lib/modules/
sync
umount /tmp/rpi/boot/
umount /tmp/rpi/
network: (trying to check it)...
In fact the fedora24 use systemd
/tmp/rpi/etc/systemd/ (there something run at the first boot).
/tmp/rpi/etc/systemd/system/default.target -> /lib/systemd/system/multi-user.target
/tmp/rpi/lib/systemd/system/systemd-firstboot.service ?
and it run /usr/bin/systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password
+++
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password
+++
For the curious:
+++
[jfclere@jfcpc ~]$ rpm -qf /usr/bin/systemd-firstboot
systemd-229-13.fc24.x86_64
+++
--locale=en_US.UTF-8
--timezone=Europe/Paris
--root-password=Changeit2016
+++
nmap -sn 192.168.1.0/24
found the PI:
+++
Nmap scan report for pc-151.home (192.168.1.111)
Host is up (0.047s latency).
MAC Address: B8:27:EB:C1:44:41 (Raspberry Pi Foundation)
+++
scanning it:
+++
[root@jfcpc Downloads]# nmap 192.168.1.111
Starting Nmap 7.12 ( https://nmap.org ) at 2016-09-07 22:15 CEST
Nmap scan report for pc-151.home (192.168.1.111)
Host is up (0.0044s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin
MAC Address: B8:27:EB:C1:44:41 (Raspberry Pi Foundation)
Nmap done: 1 IP address (1 host up) scanned in 4.60 seconds
+++
Some how the password stuff failed... The stuff still asks :-(
copy my fedora laptop password that helps...
+++
[root@pc-151 ~]# ps -ef | grep tty1
root 343 1 0 18:23 tty1 00:00:00 /bin/bash /usr/libexec/initial-setup/run-initial-setup
root 348 343 12 18:23 tty1 00:00:23 /usr/bin/python3 /usr/libexec/initial-setup/initial-setup-text --no-stdout-log
root 720 696 0 18:26 pts/0 00:00:00 grep --color=auto tty1
+++
In it:
/bin/systemctl disable initial-setup.service (so it remove itself).
and it is a python script...
trying... mount
/dev/mmcblk0p3 on /run/media/jfclere/a440011a-a5ea-4eb7-ae01-95c8cd981673
[root@jfcpc Downloads]# grep ENCRYPT_METHOD /tmp/img/etc/login.defs
ENCRYPT_METHOD SHA512
echo -n root:Changeit2016 | chpasswd -c SHA512 -R /run/media/jfclere/a440011a-a5ea-4eb7-ae01-95c8cd981673 ?
selinux problems :-( and doesn't work.
echo -n root:Changeit2016 | chpasswd -c SHA512 in PI works...
setting timezone:
ls -lt /usr/share/zoneinfo/Europe/Zurich
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime
easy :D
Done forget to remove the base fedora kernel components (yum might get funny overrwise)...
dnf remove kernel kernel-core kernel-modules

************** configure wifi *************

The goal is to get a sort of captive portal to run an easy demo, the raspberry is acting as an AP and dhcp server and name server
+++
[root@pc-111 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
lo loopback unmanaged --
+++
no wifi.
https://fedoraproject.org/wiki/Raspberry_Pi
$ cd /lib/firmware/brcm/
$ curl -O https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm80211/brcm/brcmfmac43430-sdio.bin
$ curl -O https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/master/brcm80211/brcm/brcmfmac43430-sdio.txt
reboot?
iw list
+++
Supported interface modes:
* IBSS
* managed
* AP
+++
it can do AP cool...
dnf install NetworkManager-tui NetworkManager-wifi
nmtui
SSID=PI
Mode <Access Point>
Channel <Automatic>
Security <None>
Addresses 10.0.0.201/24
[X] Never use this network for default route
[X] Require IPv4 addressing for this connection
[X] Automatically connect
from https://fedoraproject.org/wiki/Raspberry_Pi
From the laptop:
+++
wlp4s0 IEEE 802.11 ESSID:"PI"
Mode:Managed Frequency:2.412 GHz Access Point: B8:27:EB:94:11:14
+++
in PI:
++++
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b8:27:eb:94:11:14 txqueuelen 1000 (Ethernet)
+++
hm laptop doesn't get IP?
try dhcp (server?) 10.0.0.0 (give 10.0.0.201 to the PI)
Look to /etc/dhcp/dhcpd.conf
The important:
subnet 10.0.0.0 netmask 255.255.255.0 {
so it listens on 10.0.0.201
option domain-name "mysrv.world";
option domain-name-servers 10.0.0.201;
so the name are resolved by the bind of PI.
option routers 10.0.0.201
so it is the routers for the interface (we can use the PI as router!!!).
Looks nearly OK...
+++
Listening on LPF/wlan0/b8:27:eb:94:11:14/10.0.0.0/24
Sending on LPF/wlan0/b8:27:eb:94:11:14/10.0.0.0/24
+++
ifconfig on the laptop:
+++
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.200 netmask 255.255.255.0 broadcast 10.0.0.255
+++
nmap -sn 10.0.0.0/24 (it finds the PI)
+++
[root@jfcpc APACHE-2.4.x]# nmap -sn 10.0.0.0/24
Starting Nmap 7.12 ( https://nmap.org ) at 2016-09-14 23:41 CEST
Nmap scan report for 10.0.0.201
Host is up (0.014s latency).
MAC Address: B8:27:EB:94:11:14 (Raspberry Pi Foundation)
Nmap scan report for 10.0.0.200
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 32.09 seconds
+++
easy... 192.168.1.109 (connected).
to find the address:
nmap -sn 192.168.1.0/24
(doesn't help... well run it as root = better...)
+++
Nmap scan report for pc-111.home (192.168.1.108)
Host is up (0.0067s latency).
MAC Address: B8:27:EB:7A:A6:98 (Raspberry Pi Foundation)
Nmap scan report for pc-111.home (192.168.1.109)
Host is up (0.0067s latency).
+++
name server: (based on http://serverfault.com/questions/396958/configure-dns-server-to-return-same-ip-for-all-domains)
yum install bind
/etc/named.conf
listen-on port 53 { 10.0.0.201; };
allow-query { 10.0.0.0/24; };
recursion no;
zone "." IN {
type master;
file "/etc/bind/db.fakeroot";
};
And in /etc/bind/db.fakeroot:
+++
@ IN SOA ns.domain.com. hostmaster.domain.com. ( 1 3h 1h 1w 1d )
IN NS 10.0.0.201
* IN A 10.0.0.201
+++
Don't forget the firewall on the PI:
firewall-cmd --permanent --zone=FedoraServer --add-port=53/tcp
firewall-cmd --permanent --zone=FedoraServer --add-port=53/udp
firewall-cmd --reload


********* Getting tomcat running *********


yum install java should be ready for tomcat).
yum install java maven
git clone https://github.com/jfclere/tomcatPI
cd tomcatPI/demo
java -jar ./target/demo-1.0-SNAPSHOT-jar-with-dependencies.jar
Don't forget the firewall (again).
firewall-cmd --permanent --zone=FedoraServer --add-port=80/tcp
firewall-cmd --reload

******** Getting Astro Hat examples running ********

HAT: https://github.com/RPi-Distro/python-sense-hat
https://github.com/raspberrypi/hats
https://github.com/RPi-Distro/python-sense-hat (looks the good one...)
A lot needs to be install gcc/python-devel/gcc-gfortran/redhat-rpm-config (hard to guess this one!) and building takes ages...
libz-devel, jpeg-devel
testing... /root/python-sense-hat/examples
mssing https://github.com/RPi-Distro/RTIMULib cmake/gcc-c++
in RTIMULib/RTIMULi/build (mkdir ) cmake ... make make install.
in RTIMULib/Linux need qt-devel
in RTIMULib/Linux/python (probably the only one really needed!).
./python-sense-hat/examples/colour_cycle.py (works...)
./RTIMULib/Linux/build/RTIMULibCal/RTIMULibCal (to get the RTIMULib.ini to pur in /etc according to the doc).
******* Playing with the 8X8 frame buffer ****
+++
[root@jfcpc java]# pwd
/home/jfclere/tomcatPI/demo/src/main/java
[root@jfcpc java]# java -cp . org.jfclere.tomcatPI.PIFrameBuffer
file is 4096Exception in thread "main" java.io.IOException: No such device
at sun.nio.ch.FileChannelImpl.map0(Native Method)
at sun.nio.ch.FileChannelImpl.map(FileChannelImpl.java:926)
at org.jfclere.tomcatPI.PIFrameBuffer.main(PIFrameBuffer.java:22)
+++ OK ++++ It can't read it :-(
According to Python code:
from sense_hat import SenseHat
The LED matrix is an RGB565 framebuffer
(more or less working now committed).
https://github.com/jfclere/tomcatPI/blob/master/demo/src/main/java/org/jfclere/tomcatPI/PIFrameBuffer.java

********* Sending information to ActiveMQ and consuming it *******


yum install stomppy
install activemq on laptop
check stomp port:
INFO | Listening for connections at: stomp://jfcpc:61613?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector stomp started
http://127.0.0.1:8161/admin/ (we receive something binary UTF8 encoded string).
write a STOMP logic to send message to ActiveMQ (running on my laptop)
https://github.com/jfclere/tomcatPI/tree/master/python
write a small jms client to consum the messages from the raspberry
https://github.com/jfclere/tomcatPI/tree/master/reader




Saturday, December 19, 2015

 

Where you noted your ssh key needs renew

After updating to fedora23 I noted I cant use ssh from my laptop to servers I use to connect it. I have got the weird message ssh -vvv:  
debug1: Roaming not allowed by server

Obviously it isn't a server problem, while try to understand I have found:
 https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

Of course adding
PubkeyAcceptedKeyTypes=+ssh-dss
in .ssh/config helps
Checking the key shows that I need new key pairs soon:
-rw-------. 1 jfclere jfclere   736 Nov 22  2006 id_dsa
-rw-r--r--. 1 jfclere jfclere   619 Nov 22  2006 id_dsa.pub

I have being using the same keys for ~10 years in fact!!!
Well mostly only inside Red Hat vpn, time to change keys and spot the server I am using only from time to time...

Thursday, December 23, 2010

 

Tethering with Fedora 14 with iphone

It looks very easy now:
yum install libimobiledevice (really needed?)
dmesg tells:
+++
[ 3202.355929] ipheth 1-8.4:4.2: Apple iPhone USB Ethernet device attached
[ 3202.355982] usbcore: registered new interface driver ipheth
+++
In network manager I am able to confgure it but not to activate it (may be I have something wrong in my box).

Using dhclient wwan0
gets it working :D

Note that the iphone is running 4.2.1 and my provider is swisscom

Wednesday, June 03, 2009

 

mod_cluster 1.0.0.GA release

mod_cluster brings a dynamic configuration to mod_proxy. In fact mod_cluster is a replacement of mod_proxy_balancer and it uses some of the new features of httpd-trunk like slotmem.
The improvements to mod_proxy/mod_jk are:
- Dynamic configuration of contexts (no more 404 or 400 when an application is been redeployed).
- Load information received from the node of the cluster.
- Asynchronous cping/cpong via a STATUS message from the cluster.
- Minimal configuration.
Paul also blogged on the topic see http://pferraro.wordpress.com/
For more see http://www.jboss.org/mod_cluster/ try it and join the growing community.

Tuesday, April 14, 2009

 

Using Tomcat with mod_heartmonitor (part 2)

This is the second blog on the topic using Tomcat with mod_heartmonitor, here it is using HTTP instead multicast sockets... Well no one like multicast sockets but everyone likes the HTTP protocol no?
In the httpd.conf file add something like the following (to the httpd.conf the previous blog):


<Location /HeartbeatListener>
SetHandler hearthbeat
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 10.33.144.4
</Location>


In the server.xml add ProxyList to the HeartbeatListener:


<Listener className="org.apache.catalina.ha.backend.HeartbeatListener" Port="8009" ProxyList="127.0.0.1:7779" />


Have fun!!!

This page is powered by Blogger. Isn't yours?