Cristian Livadaru's blog

... think again ...

Fencing With IPMI on Debian Wheezy

Setting up the first cluster on Debian wheezy (7.0) caused some issues when trying to fence with IPMI. First issue was that the node tried a “clean” shutdown before really powering down. To solve this issue, you need to tell GRUB to disable ACPI. Edit /etc/default/grub and add “acpi=off” to GRUB_CMDLINE_LINUX_DEFAULT

1
GRUB_CMDLINE_LINUX_DEFAULT="quiet acpi=off"

Second issue: I wanted the fencing to just power off the node, not reboot it. Turns out, Pacemaker prior to version 1.1.10, ignores the ‘action=”…”’ and debian wheezy installs Pacemaker 1.1.7-1. To solve this, you need to set the pcmk_reboot_action instead. Thanks to clusterlabs.org for this hint. The CRM configuration would look something like this:

1
2
3
primitive impi-fencing-store2 stonith:fence_ipmilan \
        params pcmk_host_list="store2" ipaddr="1.1.1.2" login="foo" passwd="bar" lanplus="true" pcmk_reboot_action="off" \
        op monitor interval="60s"

Provisioning Gigaset IP Pro

I don’t know what drugs the people at gigaset are consuming, but this is by far the sickest provisioning I have ever seen. If you can’t use the gigaset provided provisioning server (because you need to use the contact form, to contact gigaset and beg the to create an account for you! wtf?)

So, first of all on your web server you need some special directories. Let’s assume our provisioning url will be: http://192.168.0.10/device on your web server under device you need to create sub directories depending on the phone model you want to provision. In this example I will be using the gigaset N510IP Pro. This device expects a directory 42/2 to be present. For more details check the gigaset wiki

Looking at the wiki you will see that some files will be requested as well:

  • master.bin
  • version.bin
  • wl_xx.bin
  • baselines.bin
  • siu_444.bin
  • configuration XML

You can get a template for the xml from the gigaset wiki

but this List is missing some files. Not sure if they are needed but here are my files under the device directory

1
2
3
4
5
6
7
8
9
10
11
12
13
.
|-- 42
|   |-- 2
|   |   `-- master.bin
|   `-- webuil
|       `-- 194
|           `-- version.bin
|-- xxxx.xml
`-- sifs
    |-- sifsroot.bin
    |-- sih_4xx.bin
    |-- sit_44x.bin
    `-- siu_444.bin

So, where do you get the files? Searching through the gigaset wiki there is no reference to the files. The answer is, you need to download them from the gigaset provisioning server - http://profile.gigaset.net/device

master.bin version.bin sifsroot.bin sih_4xx.bin sit_44x.bin siu_444.bin

After you have all files, copy them to your server in the correct directory and edit the siu_444.bin file. It’s a bin file but still can be edited. The original content look like this:

1
^@F^CDhttp://prov.gigaset.net/apredirect/redirect.do?mac=%MACD&dvid=%DVID^@

so in our case, if we have a xml file on the server, we will edit it like this:

1
^@F^CDhttp://192.168.0.10/device/%MACD.xml^@

This will make the gigaset request http://192.168.0.10/device/.xml where will be the MAC address from the phone. The XML File is some other twisted sick stuff which I will not go into now. But it’s important to update the version on each edit (see comments in file):

1
<VERSION value="1001131110"/>^M

Give the handsets a name. This would be the first handset:

1
<SYMB_ITEM ID="BS_AE_Subscriber.stMtDat[0].aucTlnName[0]" class="symb_item" value='"Handset1"'/>

this the second

1
<SYMB_ITEM ID="BS_AE_Subscriber.stMtDat[1].aucTlnName[0]" class="symb_item" value='"Handset2"'/>

and so on.

Also enable each account used. For 5 accounts it would look like this:

1
2
3
4
5
<SYMB_ITEM ID="BS_IP_Data1.ucB_SIP_ACCOUNT_IS_ACTIVE_1" class="symb_item" value="0x1"/>
<SYMB_ITEM ID="BS_IP_Data1.ucB_SIP_ACCOUNT_IS_ACTIVE_2" class="symb_item" value="0x1"/>
<SYMB_ITEM ID="BS_IP_Data1.ucB_SIP_ACCOUNT_IS_ACTIVE_3" class="symb_item" value="0x1"/>
<SYMB_ITEM ID="BS_IP_Data1.ucB_SIP_ACCOUNT_IS_ACTIVE_4" class="symb_item" value="0x1"/>
<SYMB_ITEM ID="BS_IP_Data1.ucB_SIP_ACCOUNT_IS_ACTIVE_5" class="symb_item" value="0x1"/>

and do not forget to add you provisioning url to the configuration, otherwise it will be replaced by the default:

1
<SYMB_ITEM ID="BS_IP_Data1.aucS_DATA_SERVER[0]" class="symb_item" value='"http://192.168.0.10/device"'/>

Amazon, You’re Drunk, Go Home

Looks like someone at amazon was in a bad mood. What we ordered, 4 extensions for a stair gate, nothing really large.

I was wondering why amazon sent me 4 emails that the item was shipped, well I found out today. Every extension was sent with a separate package, the result after unwrapping

wtf? amazon?

Installing Homer Sip Capture on Debian

1
apt-get install git-core build-essential mysql-server libmysqlclient-dev bison flex
1
2
3
4
5
6
7
cd /usr/src
git clone --depth 1 git://git.sip-router.org/sip-router kamailio
cd src
make FLAVOUR=kamailio cfg
make modules-cfg include_modules="db_mysql sipcapture"
make modules
make instal
1
cp modules/sipcapture/examples/kamailio.cfg /usr/local/etc/kamailio/

Create tables

1
mysql -p homer_db < modules/sipcapture/sql/create_sipcapture.sql

Sending Mail With Postfix on Redhat 5.5 Over Amazon SES

I’m not really a fan of redhat, neither of sendmail. Today I had to set up mail send on a Red Hat Enterprise Linux Server release 5.5 where sendmail was already installed. This was the easy part to fix. First remove sendmail, forcing it to ignore dependencies.

1
rpm -e sendmail  --nodeps

Then install postfix

1
yum install postfix

Now to the SES part, well, no need to reinvent the wheel, just check out this debian Howto for SES

For red hat of course you need to do use yum install stunnel. Unfortunately there is no start up script. Here you can get a startup script for stunnel That’s it. … did I mention I don’t like red hat?

Openfire SSL With Intermediate CA

I have delayed this for over a year and every day just clicking away the warning about the expired cert. Now I finally allocated some time to solve this issue. The Openfire Web interface doesn’t really tell you what to do and how to paste the certificate contents. First go to Server Settings -> Server Certificates -> Import

Paste your private key in the first field. In the certificate field paste your certificate first, followed by the intermediate certificate. The important part is: you must not have a line break after —–END CERTIFICATE—– or —–END RSA PRIVATE KEY—–

These lines must be the last line of the text box else the import will fail! This should save me some time in 2014 :)

Create Shared Objects With Distribution Lists in Zimbra

If you need a shared object (calender, address book) with multiple users, the best way to do this is by using a distribution list. So let’s get started. First create a distribution list and add all your users you want to it. You might also want to disable the option “Can receive mail” and also enable “Hide in GAL” to avoid some confusion.

Then create a resource where you will create your shared object. By using a resource you can create your shared calender or address book without wasting a license.

After you created the resource, click on view mail, go to the calender and add a share.

Use the distribution address as email for the share.

Now go back to the distribution list and click edit.

Go to the shares tab and click ob publish shares.

Enter the mail of the resource, click on find shares, select the desired share and click on “Publish selected share”

The advantage of using this method is that newly added users to the distribution list will automatically get permissions for the share and as soon as a user is removed from the distribution list the share permissions will be revoked!

Windows XP NTP With OPSI

UPDATE 2013-01-12: Works with Win7 as well

I have a couple of Windows XP connected to a Windows Domains which runs UCS and OPSI. My problem was that Windows XP always had a wrong time due to the fact that the user has no permission to change the time and the logon script is executed with user permission. But since there is also OPSI, why not create a OPSI Package which runs with admin permissions. After a bit of google search I came across a OPSI package from mozilla. Unfortunately it didn’t really help. The values where all set as expected but XP still refused to update. After some more reading of the w32time parameters I came up with a working [OPSI] package

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[Initial]
Message=Set Time Servers
StayOnTop=false

[Aktionen]
Registry_set_time_servers
Winbatch_disable_appletimesrv
Winbatch_resync_w32tm

[Registry_set_time_servers]
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
set "NTPServer"=REG_SZ:"192.168.0.2,0x1"
set "Type"=REG_SZ:"NTP"

[Winbatch_disable_appletimesrv]
sc config AppleTimeSrv start= disabled
sc stop w32time
sc start w32time

[Winbatch_resync_w32tm]
w32tm /config /update /manualpeerlist:192.168.0.2 /syncfromflags:MANUAL