Troubleshooting VPN on Ubiquiti Dream Machine Pro

The Dream Machine Pro is a very capable machine but it being in the SMB space makes it difficult to work with at times; especially figuring out why VPN doesn’t work because it doesn’t expose any of the logs through the UI.

To be able to look at the details of the configuration, SSH must be enabled. The username name is “root” and the password is set under System. I haven’t quite figured out what the Network level SSH credentials are for. The following are useful commands to troubleshoot VPN:

1
2
3
4
# ipsec statusall
# ipsec restart
# strongctl --log
# /var/log/messages
Posted in Uncategorized | Leave a comment

Synology Shrink Volume

Synology DSM 7 does not expose the functionality to shrink volumes within the GUI. It is definitely possible and must be done via SSH as the root user or sudo.

1
2
sudo btfrs filesystem resize -- -1024G /volume1
sudo lvm lvreduce -L -1024G /dev/mapper/vg-volume1

DSM should pickup that the volume changed sizes and allow you to extend another volume.

Posted in Uncategorized | Leave a comment

Apple Bluetooth Keyboard Drivers on Windows 10

While the Apple Bluetooth keyboard generally works once connected to Windows, Bootcamp drivers are required for special keys like the Delete key. They can only be downloaded from a Mac with Bootcamp.

Bootcamp Drivers (as of May 2021):

Posted in Uncategorized | Leave a comment

Hot-Swap with Intel RAID (Rapid Storage Technology – RST/RSTe)

It is 100% possible to hot-swap with Intel RAID when it is enabled and configure with an array of drives. As in, just pull the drive and put a new drive in while the OS is still running. There is not an option to configure it to automatically rebuild the array however. The rebuild option is only available in the Windows utility.

  1. Pull the drive to be replace.
  2. Push in new drive.
  3. In Intel RSTe utility, select the volume and click “Rebuild” on the right panel.

Rebuilding a 4x 1TB array took about 4 hours.

Posted in Uncategorized | Leave a comment

Ubuntu Hot-Swap MDADM Array and Extend/Grow

Step-by-step guide

  1. Mark the drive as failed
    1
    $ sudo mdadm --manage /dev/md0 --fail /dev/sdb1
  2. Remove the drive from the array
    1
    $ sudo mdadm --manage /dev/md0 --remove /dev/sdb1
  3. View the mdadm status
    1
    $ cat /proc/mdstat
  4. If you prefer to shut down the system for a cold swap, do it now. Before the hot swap, put the drive into standby with the following command
    1
    $ sudo hdparm -Y /dev/sdb

    Make sure you know which drive you are going to remove before issuing this command. Operations to the disk will wake up the drive again.
  5. Remove the SATA signal cable first and then the SATA power cable.
  6. Mount the new drive and connect SATA power. I let the drive spin up for 5-10 seconds before connecting the SATA signal cable. If you did a cold swap, power on the system at this point.
  7. Identify the new drive and what device name it has. In my case, the new drive was conveniently named /dev/sdb, the same as the old one.
  8. Copy the partitioning setup from the other drive in the array to the new disk. (This is for a RAID1 setup)
    Make sure the order is correct, otherwise we will erase the operational drive!
    1
    $ sfdisk -d /dev/sdc | sfdisk /dev/sdb
  9. Add the new drive to the RAID array
    1
    $ sudo mdadm --manage /dev/md0 --add /dev/sdb1
  10. The RAID array will now be rebuilt and the progress is indicated by the
    1
    $ cat /proc/mdstat

    output. To have a more dynamic update of the progress use the following:
    1
    $ watch cat /proc/mdstat
Posted in Uncategorized | Leave a comment

LXD Guest Migration to New Host

LXD makes it easy to move containers around. LXD expects the new host to be completely setup along with the resources the guest requires or the copy will not proceed.

1
2
3
# destination
lxc config set core.https_address 192.168.0.1:8443
lxc config set core.trust_password YourPassword
1
2
3
4
# source
lxc remote add NewHost 19.168.0.1:8443
lxc copy ContainerName NewHost:ContainerName --mode="push"
# WARNING: do not ctrl-c the copy it will mess up the host LXD and must be reinstalled.
Posted in Uncategorized | Leave a comment

Fix Ubuntu Grub Boot Error

This error happens usually when the /boot folder is full and grub doesn’t update/install properly when the system is updated.

1
2
3
error: symbol 'grub_file_filters' not found.
Entering rescue mode...
grub rescue>

One way to fix this is to boot with a Live USB image, mount the boot drive, and update/install grub again.

1
2
3
4
5
6
7
mount /dev/<vg/root> /mnt
mount -t proc none /mnt/proc
mount -o bind /dev /mnt/dev
mount -t sysfs /sys /mnt/sys
chroot /mnt
grub-install /dev/sda
update-grub
Posted in Uncategorized | Leave a comment

Install Windows 10 via Linux PXE

Windows 10 setup does *not* work via PXE ram disk when the iso is directly loaded. A Pre-Environment must be loaded first for to load setup from a mapped network share where the iso image has been dumped.

This guide assumes some prerequisites:
1. working PXE environment
2. pre-built Windows PE image
3. Samba/Windows share with the dumped Windows 10 image

pxelinux config file should contain the following bit to load Windows PE.

1
2
3
label Windows PE x64
  kernel memdisk
  append iso initrd=images/WinPE_x64.iso

PE will load into a command prompt.

1
2
3
initpe
net use * \\192.168.0.220\tftpboot\images\win10
z:\setup

Make sure the shared directory has read and execute rights; otherwise, it will show “Access is denied”.

Posted in Uncategorized | Leave a comment

Analysis of the Intel AXXRMM4LITE iKVM Module

Intel line of server motherboards have iKVM built-in but it must be enabled with a separate licensing module that plugs into the motherboard. I got one recently and was curious as to how this “license” works.

For the AXXRMM4LITE module, it is a single SPI flash (Winbond 25X10CLNIG) with an 8-pin connector. To my surprise, the flash is completely empty. The BMC/BIOS only checks for the presence of an SPI fash.

SPI flash
8-pin connector pin-out
Posted in Uncategorized | 3 Comments

JIRA Bulk Link via API

JIRA can’t natively perform bulk actions on issue links. I needed to move some links to a different link type. Here’s a quick script in Javascript that runs with NodeJS.

It querys for all the relevant issues using JQL and then iterates over each issue and link that matches the link type.

'use strict';

const request = require('request');
const async = require('async');

const user = 'youruser';
const pass = 'yourpass';
const url = 'http://yourjira';
const api = url + '/rest/api/2/';

// find all issues of type 'work package'
request({
  auth: {
    user: user,
    pass: pass
  },
  url: api + 'search',
  method: 'post',
  json: true,
  body: {
    jql: 'project = TEST AND issuetype = "Work Package"',
    maxResults: 100,
    fields: ['issuelinks']
  }
}, (err, res, body) => {
  // console.log(JSON.stringify(body, null, 4));

  // for each link type of acceptance criteria, delete, relink as '
  async.eachSeries(body.issues, (issue, doneIssue) => {
    console.log('processing ' + issue.key);
    async.eachSeries(issue.fields.issuelinks, (link, doneLink) => {
      if (link.outwardIssue && link.outwardIssue.fields.issuetype.name === 'Acceptance Criteria' && link.type.name === 'Contains') {
        console.log('processing link '+ link.id);
        async.series([
          function (done) {
            request({
              auth: {
                user: user,
                pass: pass
              },
              url: api + 'issueLink' + '/' + link.id,
              method: 'delete',
              json: true
            }, done);
          },
          function (done) {
            request({
              auth: {
                user: user,
                pass: pass
              },
              url: api + 'issueLink',
              method: 'post',
              json: true,
              body: {
                type: {
                  name: 'Requirements'
                },
                inwardIssue: {
                  'key': issue.key
                },
                outwardIssue: {
                  'key': link.outwardIssue.key
                }
              }
            }, done);
          }
        ], doneLink);
      } else {
        doneLink();
      }
    }, doneIssue);
  }, (err) => {
    console.log('complete');
  });
});

Posted in Uncategorized | Tagged , | Leave a comment