Ga door naar de hoofdinhoud

Tech-tips and News

OpenWRT/LEDE On a Routerboard RB750Gr3 (Hex3)

The Routerboard RB750Gr3 (aka Hex3) is a nice and very affordable (~$60) hardware platform based on the MediaTek MT7621AT. It features gigabit ethernet ports, and a relatively fast multi-core CPU. However, out of the box it runs RouterOS. While this is a feature-full platform, I found configuration difficult and not very pleasant. Hoping that a build of OpenWRT/LEDE would soon become available, I bought an RB750Gr3 a couple of months ago.

A build became available, but it couldn’t be flashed on the RB750Gr3 without external hardware like a bus-pirate. But this has recently changed, and it’s now possible to TFTP boot a LEDE runtime, which allows access to write to the flash/mtd. Using this method it’s now possible to install OpenWRT/LEDE and upgrade uboot on the device without external hardware.

The OpenWRT site documents this procedure nicely, however, it’s still quite a lot of work to build all the required images and files. So I’ve deciced to host the images that I’ve created here, so other people can skip this rather tedious step of building the image.

The files can be found on https://rb750gr3.sigio.nl/

Please update factory.bin with your own MAC address at offset E000. Currently it’s set to 64:D1:54:AA:BB:CC

  • You can then netboot/tftpboot using the file ‘vmlinux-initramfs.elf’ (boot the RB750 and hold RESET until the leds stop flashing)

  • Wait for the system to come up on 192.168.1.1

  • Login as root

  • Copy the factory.bin uboot.bin uboot-env.bin and lede-17.01.2-ramips-mt7621-rb750gr3-squashfs-sysupgrade.bin to the system (in /tmp for example)

  • mtd write (without reboot) the 4 files to the relevant partitions (cat /proc/mtd to see the names/devices)

Monitoring S.M.A.R.T. attributes in Nagios/Icinga

One of my customers is using various (Samsung) SSD’s in their servers, and the first of these have started reaching their end-of-life. SSD’s have a somewhat different failure scenario then spinning metal disks, so monitoring their life-expectancy can be interesting.

Besides just logging and graphing the SMART attributes, it is also handy to have some alerting on when certain thresholds are crossed. To do this, I’ve written a simple nagios/icinga script which will alert on interesting SMART attributes, and will also calculate the percentage of total guaranteed writes on the SSD’s. Since the guaranteed TBW value will differ between various SSD vendors and product-ranges, this value needs to be specified on the command-line by the user.

/images/2016-03-11-153110_1581x46_scrot.png

I’ve integrated this check-script into my normal monitoring-scripts, but it can off-course also be used as a stand-alone tool. If has options to specify the device to smartctl, so disks behind raid-controllers can also be monitored.

The script can be found in my sysadmin repository on github: check_ssd_attribs

Sig-I/O sluit zich aan bij de ITGilde Coöperatie

Vandaag, 2 september 2015, heeft Sig-I/O Automatisering zich aangesloten bij de ITGilde Coöperatie.

/images/ITGilde_Logo_tagline_kleur.jpg

Door het aansluiten bij ITGilde Coöperatie hebben klanten van Sig-I/O automatisering toegang tot de kennis en kunde van een grote groep hoogwaardige freelance Unix en Linux specialisten.

Het volgende werd hierover op de ITGilde website geschreven

Vandaag verwelkomt ITGilde Mark Janssen als 49ste lid van ITGilde. Naast
ITGilde is Mark actief bij de NLUUG en RevSpace . Het motto van Mark
is: “over 5 minuten is het opgelost”.

De reden voor Mark om aan te sluiten bij ITGilde is een kwalitatief
hoogwaardig netwerk met een hoge frequentie van vakgerelateerde
bijeenkomsten; gericht op Linux/Unix ondernemers.

Daarnaast werkt Mark meer dan fulltime en wil toch meer klanten kunnen
helpen dan hij nu aankan. ITGilde is daar de oplossing voor: “ik kan
mezelf maar 1 keer inzetten maar met ITGilde beschik ik nu over een pool
van goede technische Unix/Linux specialisten!”

Welkom Mark!

Read passwords from the 'pass' passwordstore into ansible

Ansible is a great orchestration-tool, and while it has it’s own secure password storage system (Vault), I prefer to use ‘pass’ from http://passwordstore.org

There is no specific ‘pass’ plugin for ansible, but using the ‘pipe’ lookup plugin works quite well

tasks:
  - name: Debug
      debug: msg={{lookup('pipe', 'pass some/password/i/need') }}

This can then be used to store API keys, passwords for various accounts, or other information that needs to remain secret while still being able to share and version your ansible plays.

Update 2017: There is now a passwordstore lookup-plugin for ansible