Category Archives: Systems

Tips on Operating Systems mostly focus on Linux and Mac OS X
Trucs et astuces, tests autour des systèmes d’exploitation, principalement Linux et MacOsX

Transfer UDP over SSH

When you want to transfer some UDP protocol from a remote server not directly accessible from your local host you can use a combination of SSH and socat to make this communication possible.

The application case is, as an exemple, a SNMP communication with a server in a DMZ to get metrics in a local area dashboard. Like in this exemple.

You have an intermediate host where SSH is accessible you can use as a gateway.

1- on the local host (on the left side), create a SSH tunnel with a TCP port forwarding (here 10000).

ssh -L 10000:localhost:10000 **gateway_host_ip**

2- on the gateway host, route the traffic received from the port we have previously associated to the UDP target host:port

socat tcp4-listen:10000,reuseaddr,fork UDP:**target_host_ip**:**udp_port**

3 – on the local host, route the traffic received from the given UDP port to the previously associated TCP port for tunnelling

socat -T15 udp4-recvfrom:**udp_port**,reuseaddr,fork tcp:localhost:10000

That’s it.

Posted in Systems | Tagged , , | Leave a comment

Centos 7 – install a mongo cluster with 3 replica set

This post is describing how to setup a Mongo Db database in a clustering mode. I choose to deploy 3 replica set on 3 different bare metal server running centos 7 and to add 1 arbiter to reduce vote problem during a server crash or reboot.

You will find the different steps to make this configuration running, the way to secure it in a vlan and to activate the authentication.

I also added some elements on the way to backup it. Feel free to propose enhancement and links in the comments.

Continue reading

Posted in Systems | Tagged , , , , | 1 Comment

RF433 – Raspberry PI GPIO kernel driver for interrupt management

You may have read some of my post about RF433 and Raspberry PI. Basically with RPI 1, I was using wiringPi interrupt handler to manage the RF433 decoding. The problem is that with RPI2 and RPI B+ the delay to take an interrupt that was becomes unpredictable. And the timing constraints are not respected. As a consequence part of the messages are loss because for these delay.

One of the solution (the software one) is to be more efficient to proceed the interrupts and the way to do this is to compile a kernel driver for directly handling the interrupts. This is what this post is about. This comes to complete the RFRPI code and associated hardware. A complete source code and software for using it is on the rfrpi bitbucket repository.

Challenge of the coming days : write a kernel driver to manage interruption quicker on a raspberry pi 2. I’m happy to find a lot of example on Internet and in particular this one, that is really looking like what I’m trying to do. This post is describing all the step needed to do this.

Continue reading

Posted in Systems | Tagged , , , | 13 Comments

I2C activation on raspberry PI B+ and 2

The new version of kernel now activate the device-tree standard, it means that instead of having all module activated by default with some stopped by a blacklist system, now, all are disable and activated only when described in a device tree.

Device tree details the system architecture and dependencies following configuration files. The device tree can be owned by the shield itself in an attached eprom.

As a consequence, now, i2c / spi are not activated by default. So if you need to activate it on startup. For this, edit /boot/config.txt and add line at the end like :

dtparam=i2c_arm=on   # for i2c 1
dtparam=i2c_vc=on    # for i2c 0
dtparam=spi=on
dtparam=i2s=on

dtparam=i2c_arm=on,i2c_vc=on

Then reboot

Posted in Systems | Tagged , , | Leave a comment

How to avoid ssh session closing on inactivity

CentOs 7 have a built-in configuration to close the inactive ssh session. In term of security it is a good thing but when killing a session after 1 minute of inactivity start to be a mess when you have multiple session opened in parallel.

This can be avoid on the client side by configuring a keep-alive period on the client side. To activate a such keepalive, you just have to connect with the following command line:

ssh -o ServerAliveInterval=5 login@server.com

This will configure client to send a NULL packet every 5 seconds to keep the session opened.

Posted in Systems | Tagged , | Leave a comment

Allow nginx to access a remote DB on a Centos

If you try to access a remote database with nginx or httpd server, you will have a connection problem with error code (13) even if mysql/mariadb client works well in command line. The reason for that is a security limitation set by default not allowing httpd servers sur connect a remote DB.

To disable this limitation and make all work, just type in the command line :

# setsebool -P httpd_can_network_connect 1

You can list all the existing flags for httpd by using getsebool

# getsebool -a | grep httpd

In case you expect SELinux to be the cause of your problem, you can enable / disable it with the following functions

# setenforce 1
# setenforce 0

If you need to check what is the permission missing for SELinux you can run the audit

# tail -100 /var/log/audit/audit.log | audit2allow

 

Posted in Non classé, Systems | Tagged , , , | 4 Comments