pmeerw's blog

Thu, 24 May 2018

Adding space to a Linux LVM volume

The steps can be done when the disk is online; only creating the partition required a reboot for me.

Growing the filesystem
  1. Create a physical LVM volume: pvcreate /dev/sdaN; check using pvdisplay
    $ pvcreate /dev/sdaN
      Physical volume "/dev/sdaN" successfully created
    
    $ pvdisplay
       --- Physical volume ---
      PV Name               /dev/sda1
      VG Name               vg-name
      ...
     
      --- Physical volume ---
      PV Name               /dev/sda2
      VG Name               vg-name
      ...
     
      "/dev/sdaN" is a new physical volume of "100.00 GiB"
      --- NEW Physical volume ---
      PV Name               /dev/sdaN
      VG Name
      PV Size               100.00 GiB
      Allocatable           NO
      PE Size               0
      Total PE              0
      Free PE               0
      Allocated PE          0
      ...
    
  2. Extend the volume group: vgextend vg-name /dev/sdaN; check using lvdisplay
    $ vgextend vg-name /dev/sdaN
      Volume group "vg-name" successfully extended
    
    $ lvdisplay
     
      --- Logical volume ---
      LV Name                /dev/vg-name/root
      VG Name                vg-name
      ...
    
  3. Extend the logical volume to all free space available: lvextend -l+100%FREE /dev/vg-name/root
    $ lvextend -l+100%FREE /dev/vg-name/root
    
  4. Resize the file system: resize2fs /dev/mapper/vg--name-root
    $ resize2fs /dev/mapper/vg--name-root
    
Partition type code for LVM is 8e.

Some more useful commands
lvmdiskscan -l to scan for LVM physical volumes
vgdisplay -v to summarize lot of information about a volume group
lvs to find the logical volumes and there size; also try the --segments argument

posted at: 11:16 | path: /configuration | permanent link

Wed, 23 May 2018

let's encrypt: auto-renew

Note to myself about let's encrypt auto-renew: Put letsencrypt in /etc/cron.weekly, edit the services that need to be restarted. The first snippet is for a relatively modern, systemd-enabled, system (Ubuntu 16.04), the second snippet target an ancient system (Ubuntu 14.04): The script assumes that the letsencrypt tool in installed (via Ubuntu PPA).

Recent systems:
#!/bin/sh
letsencrypt renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
res=$(find /etc/letsencrypt/live/ -type l -mtime -1)
if [ -n "$res" ]; then
  echo "letsencrypt: new keys"
  systemctl restart apache2
  systemctl restart postfix
  systemctl restart dovecot
else
  echo "letsencrypt: nothing to do"
fi
Ancient systems:
#!/bin/sh
letsencrypt renew --pre-hook "/etc/init.d/apache2 stop" --post-hook "/etc/init.d/apache2 start"
res=$(find /etc/letsencrypt/live/ -type l -mtime -1)
if [ -n "$res" ]; then
  echo "letsencrypt: new keys"
  /etc/init.d/apache2 restart
  #/etc/init.d/postfix restart
  #/etc/init.d/dovecot restart
else
  echo "letsencrypt: nothing to do"
fi

posted at: 10:37 | path: /configuration | permanent link

Mon, 03 Jul 2017

DNS CAA

DNS CAA allows the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

Let's encrypt support is, as do recent versions of the bind DNS server. https://sslmate.com/labs/caa/ helps to get the DNS record correct. SSL Labs already checks for the CAA record.

Put this in your BIND zone file:

@	CAA	0 issue "letsencrypt.org"

posted at: 22:09 | path: /configuration | permanent link

Mon, 04 Jul 2016

Adventures with a Chinese PoE IP camera: Jooan JA-703KRB-T-P

It is a 1 MP IP camera (bullet design) with PoE (IEEE 802.3af) support. Hardware looks good, software is crap. Web interface is Chinese and requires Active-X or something to become functional.

One can telnet to port 9527 to get some kind of console with a login (admin / [blank]); there is a help command:

----------------------Console Commands----------------------------
                 232 Comm dump
              485Pro 485 Protocol!
             ability Net Ability Utility!
                  ad AD debug interface!
               alarm Alarm status!
            autoshut auto shut the DVR

             bitrate Dump BitRate infomation!
                 cfg Config Help Utility!
                comm Comm Input String
              encode Encode commands!
               front front board utility!

                  fs Fs debug interface!
                heap Dump heap status!
                help Try help!
           infoframe InfoFrame Console Utility!
                 log Log utility!
              netitf NetInterFace Dump!
                netm NetManager Dump!
               onvif Onvif debug msg!
              packet Packet usage!
                 ptz ptz dump!
                quit Quit!
              reboot Reboot the system!
              record Record console utility!
            resource CPU usage!
                 rtp RTP Dump!
               shell Linux shell prompt!
            shutdown Shutdown the system!
                snap Snap Console Utility!
              thread Dump application threads!
                time Set SystemTime!
               timer Dump application timers!
             upgrade Upgrade utility!
                user Account Information!
                 ver version info!
             xmcloud XmCloud Dump!
To see details, please use 'cmd -h'
My firmware version seems to be:
V4.02.R12.00006510.10010.140300, BuildTime: 2015-09-10 10:20:36
One can see available users and permissions with user -a, even passwords are shown:
{
   "Groups" : [
      {
         "AuthorityList" : [
            "ShutDown",
            "ChannelTitle",
            "RecordConfig",
            "Backup",
            "StorageManager",
            "Account",
            "SysInfo",
            "QueryLog",
            "DelLog",
            "SysUpgrade",
            "AutoMaintain",
            "GeneralConfig",
            "TourConfig",
            "TVadjustConfig",
            "EncodeConfig",
            "CommConfig",
            "NetConfig",
            "AlarmConfig",
            "VideoConfig",
            "PtzConfig",
            "PTZControl",
            "DefaultConfig",
            "Talk_01",
            "IPCCamera",
            "ImExport",
            "Monitor_01",
            "Replay_01"
         ],
         "Memo" : "administrator group",
         "Name" : "admin"
      },
      {
         "AuthorityList" : [ "Monitor_01", "Replay_01" ],
         "Memo" : "user group",
         "Name" : "user"
      }
   ],
   "Users" : [
      {
         "AuthorityList" : [
            "ShutDown",
            "ChannelTitle",
            "RecordConfig",
            "Backup",
            "StorageManager",
            "Account",
            "SysInfo",
            "QueryLog",
            "DelLog",
            "SysUpgrade",
            "AutoMaintain",
            "GeneralConfig",
            "TourConfig",
            "TVadjustConfig",
            "EncodeConfig",
            "CommConfig",
            "NetConfig",
            "AlarmConfig",
            "VideoConfig",
            "PtzConfig",
            "PTZControl",
            "DefaultConfig",
            "Talk_01",
            "IPCCamera",
            "ImExport",
            "Monitor_01",
            "Replay_01"
         ],
         "Group" : "admin",
         "Memo" : "admin 's account",
         "Name" : "admin",
         "NoMD5" : null,
         "Password" : "tlJwpbo6",
         "Reserved" : true,
         "Sharable" : true
      },
      {
         "AuthorityList" : [ "Monitor_01" ],
         "Group" : "user",
         "Memo" : "default account",
         "Name" : "default",
         "NoMD5" : null,
         "Password" : "OxhlwSG8",
         "Reserved" : false,
         "Sharable" : false
      }
   ]
}
In order to play a video stream (Stream 0, 1280x720, 15 fps):
vlc rtsp://192.168.1.17:554/user=admin_password=tlJwpbo6_channel=1_stream=0.sdp?real_stream
or (Stream 1, 704x576, 25 fps):
vlc rtsp://192.168.1.17:554/user=admin_password=tlJwpbo6_channel=1_stream=1.sdp?real_stream

The camera seems to be based on a Hisilicon Hi3518E.pdf SoC (ARM9 with H.264/MJPEG). Hacking already done, seems easys to get serial. buildroot is available...

Telnet password for root is: xmhdipc Here we go:

# cat /proc/cpuinfo
Processor       : ARM926EJ-S rev 5 (v5l)
BogoMIPS        : 218.72
Features        : swp half thumb fastmult edsp java 
CPU implementer : 0x41
CPU architecture: 5TEJ
CPU variant     : 0x0
CPU part        : 0x926
CPU revision    : 5

Hardware        : hi3518
Revision        : 0000
Serial          : 0000000000000000

posted at: 22:58 | path: /configuration | permanent link

Sun, 04 Sep 2011

Reviving old hardware: Tevion MD-9458 scanner with Linux

Getting an Tevion MD-9458 USB flat-bed scanner (manufactured September 2001) to work with Ubuntu/Linux:

More information is on the Sane gt68xx-backend page.

posted at: 15:20 | path: /configuration | permanent link

Made with PyBlosxom