Nextcloud ios app crashes when photo sync enabled

I recently installed Nextcloud on my home server running k3s. As soon as the ios app started to try and sync photos and videos, the ios app would crash. After a bit of digging, I checked the ingress-nginx logs (I’m using kubernetes ingress-nginx) I could see this error as soon as the sync was started:

10.0.0.7 - fherbert [11/Dec/2021:18:53:35 +0000] "PUT /remote.php/dav/files/fherbert/Photos/2020/02/20-02-16%2010-16-55%207082.jpg HTTP/2.0" 413 176 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/4.1.0" 205 0.000 [-] [] - - - - 6e8208e2ec7fd5fbf30e66ab874d4692
2021/12/11 18:53:35 [error] 1260#1260: *1316538 client intended to send too large body: 4723855 bytes, client: 10.0.0.7, server: cloud.herbert.org.nz, request: "PUT /remote.php/dav/files/fherbert/Photos/2020/02/20-02-16%2010-12-11%207081.jpg HTTP/2.0", host: "cloud.herbert.org.nz"

I’d seen this 413 error before from nginx, to fix this I needed to allow a larger custom max body size by adding the following annotation to my nextcloud ingress resource:
kubectl annotate ingress nextcloud nginx.ingress.kubernetes.io/proxy-body-size=256m

Futijsu Air Conditioner ASTA18LCC won’t start up

I’ve got a Futijsu Air Conditioner in my office which decided not to turn on when we hit the coldest part of year 🙁
When operating normally, the unit would beep and the ‘Operation’ indicator light would turn red as soon as the remote tried to turn the unit on, but on this cold morning nothing happened.
In this past I’ve had the fuse blow so after checking the fuse was OK, I checked the outside condenser unit for dead animals which normally try to crawl up the wiring and short out the wires – but no remains this time! I checked for power on the outside unit and there was nothing. There was power going to the inside unit, and a quick trace of the cables shows the inside unit controls the power feed to the outside unit. This indicated an issue with the inside unit.
After prying and pulling and unscrewing every screw I could find (one was at the rear of the unit which I had to blindly unscrew), I managed to remove the outer case and with some more prying an pulling I managed to get to the main control PCB.

Main Control PCB

I did a quick search on the internet to see if there were any of these boards (K02DR-C-C) available, a few items came up, one on Aliexpress for NZ$133, one for US$26.56 on yoycart.com which I haven’t heard of before. So I thought I’d check the board and quickly noticed IC2 had suffered a high current event. IC2 was a TNY264PN which according to the datasheet is a power supply controller which includes a MOSFET used for switching in the AC to DC conversion power circuit. Pin 5 (Drain pin) had been melted away.

Pin5 TNY26PN

Checking other components around this IC, everything else seemed the be normal. I noticed some foreign material burnt onto the electrolytic capacitor (C4) so I’m guessing some little insect was trying to find a warm place to live and shorted Pins 7 and Pin 5 making short work of both the insect and Pin 5.
A replacement IC was ordered initially from AliExpress but due to the slow delivery time (I’m too cheap to pay for DHL) it was 4 weeks later and still no replacement chip. I had some other parts for another project to get so ordered a replacement from Digi-Key (US$0.96) and less than 7 days later the replacement IC arrived, the faulty IC was removed and a new one installed. With anticipation and only 2 screws left over, power was turned on, the remote pressed, the unit beeped, the Operation LED was RED, and the vents opened – all fixed for less than US$1.

ovirt ansible module and osx delegate_to: localhost

When running an ansible playbook using the ovirt module on os x (and maybe any os) and using delegate_to: localhost I kept getting the following error:

ovirtsdk4 version 4.2.4 or higher is required for this module

That’s even after I had installed ovirtsdk using pip3 (my ansible runs using python3). Turns out when ansible runs under delegate_to: localhost it doesn’t use the normal python path, using the python_requirements_facts module you can check what the actual path to python ansible was using when running under delegate_to: localhost, here is the output from my python requirement facts:

"python": "/usr/local/Cellar/ansible/2.7.10/libexec/bin/python3.7",
"python_system_path": [
"/tmp/ansible_python_requirements_facts_payload_bt3it94z/ansible_python_requirements_facts_payload.zip",
"/usr/local/Cellar/ansible/2.7.10/libexec/lib/python37.zip",
"/usr/local/Cellar/ansible/2.7.10/libexec/lib/python3.7",
"/usr/local/Cellar/ansible/2.7.10/libexec/lib/python3.7/lib-dynload",
"/usr/local/opt/python/Frameworks/Python.framework/Versions/3.7/lib/python3.7",
"/usr/local/Cellar/ansible/2.7.10/libexec/lib/python3.7/site-packages"

So checking if ovirt module was installed in this path showed it wasn’t

/usr/local/Cellar/ansible/2.7.10/libexec/bin/pip3 list | grep ovirt

So I had to install ovirtsdk into the ‘local’ ansible path (making sure it could access the libxml2 header files):

/usr/local/Cellar/ansible/2.7.10/libexec/bin/pip3 install --global-option=build_ext --global-option="-I/usr/local/Cellar/libxml2/2.9.7/include/libxml2" ovirt-engine-sdk-python

I then tested to make sure it could run the ovirtSDK, I created the following script to test:

#!/usr/local/Cellar/ansible/2.7.10/libexec/bin/python3

from distutils.version import LooseVersion
from enum import Enum
import ovirtsdk4 as sdk
import ovirtsdk4.version as sdk_version
HAS_SDK = (LooseVersion(sdk_version.VERSION) >= LooseVersion('4.2.4'))
if HAS_SDK:
  print("Version OK")
else:
  print("Version FAIL")

I ran this and got:

ImportError: pycurl: libcurl link-time ssl backend (openssl) is different from compile-time ssl backend (none/other)

OK, so my pycurl module needs to be built with openssl support:

/usr/local/Cellar/ansible/2.7.10/libexec/bin/pip3 uninstall pycurl
export CPPFLAGS=-I/usr/local/opt/openssl/include
export LDFLAGS=-L/usr/local/opt/openssl/lib
/usr/local/Cellar/ansible/2.7.10/libexec/bin/pip3 install pycurl --global-option="--with-openssl"

After this running my test script was successful and I am able to use the ovirt ansible module using delegate_to: localhost!

 

 

Ansible and the lookup file module removes line endings from file

The lookup file module is useful for reading in local files (not remote ones) and saving the contents into a variable. One gotcha that caught me recently was the default action to run rstrip() which according to the documentation removes whitespace from the end of the looked up file. What it doesn’t mention is that is also removes the trailing newline ‘\n’ character from the file. Normally this isn’t a problem except I was using it to read in a ssl certificate and send it to a fluentd server which then wouldn’t complete it’s startup and listen on ports – it just hung. Checking the certificate with openssl showed that at least openssl thought the certificate file was valid, and so did ruby (tested with OpenSSL::PKey::RSA.new() and File.read()). Turns out fluentd specifically checked for the newline character at the end of the ssl certificate file.

So until we upgrade to the very latest version of fluentd with this fix, we need to run the lookup module with the rstrip=False parameter like so:

lookup('file', '/etc/foo.txt', rstrip=False)

sipe-collab on fedora 27

Install the required packages:

yum install libpurple-devel libtool intltool pkgconfig glib2-devel libxml2-devel gettext-devel gmime-devel nss-devel openssl-devel farstream02-devel gstreamer1-devel gstreamer1-plugins-base-devel libnice-devel libpurple-devel freerdp-devel

mkdir ~/git
cd ~/git
git clone https://github.com/tieto/sipe.git
cd sipe
autoreconf -i
intltoolize
./configure --prefix=/usr
make
su -c "make install"

802.1x From Fedora 27

The enterprise wireless I was connecting to required that your wifi mac address be known. By default, NetworkManager randomises your wifi mac address (https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/).
So to disable this just for this particular network, I run the following command (where SSID is the name of the wireless network):
nmcli connection modify SSID 802-11-wireless.cloned-mac-address preserve

As per the linked page, if you want to disable it globally, add the following to /etc/NetworkManager/NetworkManager.conf:

[device]
wifi.scan-rand-mac-address=no

Freerouter with Kicad on OSX

The online version of the freerouter tool is no longer available ( http://www.freerouting.net/ )

The source is now available and to get the ‘Export a Specctra Design and Launch FreeRoute’ button active in PCBNew on OS X, you need to download the Freerouting.jar file. Since the Kicad source code looks for a file named freeroute.jar you’ll need to rename your downloaded file this. Place your renamed file in /Applications/Kicad/kicad.app/Contents/MacOS/ and now when you are in PCBNew and click ‘Tools -> Freeroute’ the ‘Export a Specctra Design and Launch FreeRoute’  button will be active.

Deploying windows template from VSphere using theforeman

Foreman is a great open source server lifecycle management tool which can also be used as a ENC (external Node Classifier) for puppet. It comes prepackaged with the ability to use VSphere as a compute resource. This means you can deploy VM’s from within foreman. The majority of the supported deployment scenarios are based on linux based operating systems. There are a few missing bit for deploying a windows vm from template. The major one being the ability to apply a customization spec to the windows deployment. This isn’t completely due to the lack of support in foreman but rather due to the missing pieces in the Fog.io library.
A patch has recently been added into foreman to support cloudinit userdata but this also was missing a critical bit of code which should be committed to theforeman soon.
The next issue is to get fog.io to use this user data, I’ve submitted a pull request which when accepted will mean you can pass the windows customization spec from theforeman to VSphere.

But how do you setup foreman to send this customization spec? Below are the steps required (you will need to apply the outstanding pull requests to both foreman and fog.io).
1. Create a new Provisioning template of type user_data, the contents of which being a yaml formatted customization spec, eg (the encryptionkey has been shortened and passwords changed, the product ID use here is the standard volume license one):

---
 encryptionKey:
   - 48
   - -126
   - 3
   - -37
   - 48
   - -126
   - 2
   - -61
   - -96
 identity:
   Sysprep:
     guiRunOnce:
       commandList:
         - 'commandtosysprep.cmd'
         - 'schtasks /create /tn "PostForemanBuild" /tr "\\example.com\sysvol\example.com\scripts\PostForemanBuild.bat \"<%= foreman_url("built") %>\"" /sc ONSTART /ru SYSTEM'
         - 'schtasks /Run /tn "PostForeManBuild"'
     guiUnattended:
       autoLogon: true
       autoLogonCount: 1
       password:
         plainText: false
         value: 'dlasdassdasdxczxcxzckjhakjsasupersecretencryptedpassword=='
       timeZone: 290
     identification:
       domainAdmin: 'joindomain@example.com'
       domainAdminPassword:
         plainText: false
         value: 'dlasdassdasdxczxcxzckjhakjsasupersecretencryptedpassword=='
       joinDomain: 'EXAMPLE.COM'
     licenseFilePrintData:
       autoMode: 'perSeat'
     userData:
       computerName: <%= @host.shortname%>
       fullName: 'IT'
       orgName: 'YourORG'
       productId: 'D2N9P-3P6X9-2R39C-7RTCD-MDVJX'
   nicSettingMap:
     -
       adapter:
         dummy: foo
   globalIPSettings:
     dnsSuffixList:
       - example.com
   options:
     changeSID: true
     deleteAccounts: false

Associate this template with your windows operating system (the same operating system you will choose when setting up your host).
Add the windows template to use from Vsphere: Infrastructure -> Compute Resources -> Select your Vsphere resource -> Images, add your template here. Enable the image for User Data.
When creating your host, on the operating system, select the operating system (windows) that you associated the user_data template to. Select ‘Image Based’. Complete other tabs as normal.
Once you click submit, the user_data template will get passed from foreman to fog.io to Vsphere and your windows template with be customized!

The final piece in this deployment puzzle was to get puppet installed and the windows vm report back to foreman that it the build is complete. As you can see in the user_data template I achieve this by creating a scheduled task to run a job which connects to sysvol where the post foreman script is located. I had to setup a scheduled task as this runs as system which has permissions to mount sysvol. The script takes a single argument which is the foreman build url with token.
The contents of this batch file is:

Start /wait %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -Command "start-transcript c:\postlog.txt; . \\example\sysvol\example.com\scripts\install_puppet.ps1; Invoke-WebRequest -Uri %1" 

Start /wait schtasks /change /tn "PostForemanBuild" /DISABLE

shutdown.exe /r /t 00

The install puppet powershell script is one I found here