Vagrant & Ansible

I’ve been getting back into Vagrant and Ansible lately, as I decided I needed a platform to do some Continuous Integration testing of Arduino and packaging of arduino-mk; and also building Kodi on a faster platform than my Atom HTPC.

As luck would have it, the Debian package for Ansible 1.9.2 just hit Sid, so I don’t have to build my own from git with “make deb”, which is a bit Ubuntu-centric and doesn’t work too well on Debian.

So I’ve made a Fedora 22 VM that I can make arduino-mk packages on, an Ubuntu 12.04 VM that I’m building Kodi 15 packages on, and an Ubuntu 14.04 VM that I’m using for both. I also made a Debian Jessie and another Ubuntu Trusty VM along the way.

As I am using the new VirtualBox 5.0rc2, Vagrant 1.7.2 needs this patch.

The Precise VM (with 8 cores and 4Gb RAM assigned) builds Kodi in 35mins – about half the time it takes the Atom, which isn’t that impressive, but its an improvement.

Setting up an Ubuntu 12.04 build environment for Kodi again was a right PITA though, mainly as “apt-get build-dep” doesn’t actually fetch half the dependencies, and you need newer versions of libyajl2, libyajl-dev, taglib and JsonSchemaBuilder, as well as now having to install gcc 4.9 as they’ve just switched to C++11 today!

So that’s basically this lot wrapped in an Ansible playbook:

add-apt-repository ppa:ubuntu-toolchain-r/test
apt-get update
apt-get build-deps xbmc
apt-get install libssh-dev libxslt1-dev git libmp3lame-dev swig libcec-dev openjdk-7-jdk gcc-4.9 g++-4.9
dpkg -i libyajl2_2.0.4-4_amd64.deb libyajl-dev_2.0.4-4_amd64.deb libtag1x8_1.8-0precise17_amd64.deb
cp /home/vagrant/kodi/packaging/deps/JsonSchemaBuilder /usr/local/bin/JsonSchemaBuilder
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 60
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.6 40
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 60
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.6 40
update-alternatives --install /usr/bin/x86_64-linux-gnu-gcc x86_64-linux-gnu-gcc /usr/bin/gcc-4.9 60
update-alternatives --install /usr/bin/x86_64-linux-gnu-gcc x86_64-linux-gnu-gcc /usr/bin/gcc-4.6 40
update-alternatives --install /usr/bin/x86_64-linux-gnu-g++ x86_64-linux-gnu-g++ /usr/bin/g++-4.9 60
update-alternatives --install /usr/bin/x86_64-linux-gnu-g++ x86_64-linux-gnu-g++ /usr/bin/g++-4.6 40

Ubuntu 14.04 is much easier, and you just need some basic tasks in your Playbook.yml

- name: install dependencies
  apt: name=xbmc state=build-dep

- name: install libxslt
  apt: name=libxslt1-dev state=present

- name: install git
  apt: name=git state=present

- name: install libcec-dev
  apt: name=libcec-dev state=present

VMWare ESXi

I’ve recently been using VMWare ESXi 5.5 in anger – with real VM’s rather than just testing shell commands. Plus it seems the last couple of versions of VirtualBox can no longer run ESXi as a guest.

Anyway, its soooo Windows-centric vendor-locked its unbelievable. I mean you can’t even load a bunch of ISO’s on a USB stick and put them in the back of the machine, you have to transfer them using the VSphere client over the network. I’ve not tried scp but I doubt that would work due to the cut-down SSH server and shell. Seems its not even called ESXi anymore, its VSphere Hypervisor or something.

Also there’s no way to find the physical network interface name/number/ID from the virtual nics! It seems VMWare assumes everyone is either using flat networks with no vlans/subnets or only use multiple interfaces for nic teaming/bonding; and have never needed to know which ethernet cable should go to which switchport and map to which network device in the VM.

The only good point is that the vmware-tools are now in some distro’s like RHEL so you don’t need to install kernel source, gcc and make to rebuild the kernel modules every time you do an upgrade.

There’s an annoying “feature” with the console – if you click on the console tab in VSphere it shows the console, but if you click the console icon, it then shows another one, and there doesn’t seem to be a way to disconnect the tab one and you get an annoying popup telling you there’s 2 connections all the time!

It still seems a bit flaky regarding screen resizing and networking, and the whole virtual switch thing is a mess as you end up having to define one switch per interface with only that interface in it if you want your guest to have multiple network cards. It seems more like a virtual router to me.

I’ve also installed a CentOS7 virtual machine, but don’t like it much, networking seems very buggy – especially the new interface naming conventions described here, and that NetworkManager doesn’t seem to track changes made with ifconfig. Systemd is a pain and I even found that rpcbind can’t be disabled using the systemdctl command, you have to symlink rpcbind.service and rpcbind.socket to /dev/null

I’ve just soldered the pins on my Arduino Pro Mini, and found its not well documented – probably because its not an official Arduino (its kind of based on the Arduino Mini) its a SparkFun board that’s been revised and cloned a lot. I finally figured out the pinout for uploading using a CP2102 – its RX-RX, TX-TX, GND-GND, 5V-VCC, DTR-DTR and don’t connect the reset pins or use resistors or capacitors as some sites say.

The Makefile for the 5V 16MHz ATmega328p board is:

BOARD_TAG    = pro5v328
MONITOR_PORT = /dev/ttyUSB0
include /usr/share/arduino/Arduino.mk

Rather annoyingly I’d soldered the rear analogue headers on before I realised that it wouldn’t fit breadboard anymore, so I’ve removed them again and may put right-angled headers on at some point. I much prefer the Nano or even Pro Micro.

I just compiled XBMC 14a4 from git and pretty much nothing seems to have changed from 13.2 other than the Kodi name. Had to disable the Google Test Framework to get it to build as its now enabled by default.

I also upgraded the blog to WordPress 4.0

Junos 10

Today I have been mostly installing Junos. Well actually I’ve wasted most of the day trying to get Junos 10.4 to work in Olive under VirtualBox. I understood that it required FreeBSD 7.1, so tried installing it under 7.1 and 7.4 to no avail.

In the end I cloned my Junos 9.0/FreeBSD 4.11 VM, allocated 512Mb instead of 256Mb and installed 10.4 as an upgrade, which also meant I didn’t have to bother removing checkpic.

I wasted a few rounds of installing due to using the export version, which doesn’t include SSH! Also part of the trick of getting it to work under VBox seemed to be to create a serial port as a named pipe – not sure why but that seemed to help get past the bootloader hanging, possibly as it had a TTY to allocate.

I also upgraded my 9.0 to 9.6 which has a bit of a more useful JWeb interface, and also requires 512Mb now.

All of this was to aide my development of a set of NASL scripts to do Junos security compliance auditing. It seems Tenable have worked around the UNIX-only limitation of Nessus’ ssh_cmd() function by putting in a special check for when uname -a fails – i.e. its either IOS or Junos (or unsupported). Of course in Junos shell mode, it will pass (as its FreeBSD) so you have to check that you’re in CLI mode to do the config checking.

Its only taken them four years of me asking for this, and I guess its come as a result of Nessus’s new IOS support for their own compliance plugin and local security checks for Junos patches etc.

Update: I’ve written 20 NASL plugins to do the Junos auditing now and I noticed I was hitting the SSH rate-limit setting in Junos, so my plugins were getting booted off. It was because for each plugin I was calling ssh_cmd() at least once and also a function that checks I could login with the correct level/privileges etc; so was making at least two SSH connection attempts per plugin, which soon hit the 10 connection attempts per minute limit that was configured.

So now I’ve moved all of my ssh_cmd() calls into one big include file which uses a single SSH connection to send 30 or so commands, and populates the knowledgebase with the results. The plugins then have that in their script_dependencies() and don’t use SSH at all, just a couple of calls to get_kb_item() which simplifies the code quite a lot and an entire scan can be done in 10secs!

Plex for Linux and Android

Today I’ve been playing with PMS (Plex Media Server) for Linux, and also Plex Mobile for Android. Both have been pretty disappointing!

The Linux server is closed-source and precompiled for vague platforms like 32-Bit Ubuntu 10.10, but happens to run with some work on 64-Bit, I got it working on 32-Bit 11.04 after some hacking.

It looks like a direct port of the Mac version though as there’s no init script and there are spaces and capital letters in filenames, which actually stops the server from starting (good QA there!)

Then it seems like too much hassle to point a Mac client to it, as you have to have the same NFS mountpoints or something odd, and you can’t manually select a server from the client, you have to rely on stupid ZeroConf/Avahi.

To my surprise though, I ran it in a VirtualBox VM and allocated 256Mb RAM to it and it worked fine – so why does PMS seem to bog down my 2Gb MacMini?

I thought I’d try the Android client. Well that’s the slowest app I’ve ever seen (and paid £3 for) and on Cyanogenmod it doesn’t even play video, only sound works – and no its not due to lack of Flash10!

The promised remote control functionality hasn’t been written yet, although you can see its a direct port of the iOS app as the remote icon is there, it just does nothing!

So once again it seems Plex is not serious about running client or server on non-Apple platforms.

Compiling CM7 on Fedora

I decided to have another go at compiling CM7, this time using Fedora 13 on real hardware rather than an virtualised Ubuntu 10.10, which also means adb/udev is already working from when I rooted the ZTE Blades.

I downloaded and installed the Oracle/Sun JDK 6u24 (which includes the JRE).

Setting up “alternatives” to point to the Oracle JDK instead of OpenJDK/GCJ doesn’t work 100% as at least javadoc, appletviewer and javah have to be manually symlinked:

ln -s /usr/java/jdk1.6.0_24/bin/javadoc /usr/bin/javadoc
ln -s /usr/java/jdk1.6.0_24/bin/appletviewer /usr/bin/appletviewer
ln -s /usr/java/jdk1.6.0_24/bin/javah /usr/bin/javah

None of the below tutorials explained why “alternatives” doesn’t work:

Just for good measure I added the following to ~/.bashrc

export JAVA_HOME="/usr/java/jdk1.6.0_24"

After that the compile worked, except it got stuck at some point with a javadoc problem, a quick “make update-api && mka” fixed that.

The cyanogen wiki instructions are incomplete regarding making an AVD using your ROM. Also CM7 now uses the 2.3.3 v10 API, so the last stage should really be:

cd ~/android-sdk-linux_x86/platforms/
cp -R android-10/ android-10-cyanogen/
cp ~/cyanogenmod/out/target/product/generic/*.img android-10-cyanogen/images/

cd ~/.android/avd/
cp -R Gingerbread.avd/ cyanogenmod.avd/
cp Gingerbread.ini cyanogenmod.ini

Edit ~/.android/avd/cyanogenmod.ini to read:

target=android-10
path=~/.android/avd/cyanogenmod.avd

Edit ~/.android/avd/cyanogenmod.avd/config.ini to read:

hw.lcd.density=240
skin.name=WVGA800
skin.path=platforms/android-10-cyanogen/skins/WVGA800
vm.heapSize=24
hw.ramSize=256
image.sysdir.1=platforms/android-10-cyanogen/images/

Then you end up with:

CM7