Weird rocketry » sysadmin

OpenWRT Chaos Calmer 15.05 on Dlink DIR-320 with CDMA modem

bananos — Thu, 07 Apr 2016 11:53:19 +0000

The goal of this article is to install latest OpenWRT firmware on a very popular DIR-320 Wi-Fi router (BRCM47XX based). The reason why you might do this is to be able to connect modern hardware(modems) to this pretty old legacy device.

Official firmware 3G modem support list is pretty limited and uses old kernel. On the other hand, there is an alternative DD-WRT firwmare with linux kernel 2.6.x which is pretty old also. Therefore, the only viable option is installing OpenWRT which ships the latest linux kernels 3.18.xx.

As a bonus sub-topic we’ll consider setting up an external CDMA(EVDO) modem and using it to access internet.

In order to proceed and experiment by yourself the following is necessary:

Dlink DIR-320 router (rev. A1/A2 only!, be careful as there are B1/B2/NRU versions which are completely different hardware!)
RJ45 CAT5 Patch cable
USB to Serial adapter (I’ve been able to successfully use cheap PL2303TA based USB TTL to RS232)
USB flash card or hard drive
USB 3G modem (in my case it’s Sierra AirCard 250U)
USB Hub (external power source is highly recommended)
x86_64 Linux host system (i’m using Ubuntu 15.10 x86_64)
a lot of patience :)

Install OpenWRT using Image builder for brcm47xx/legacy

On your host linux system, download and unpack OpenWRT image builder packages:

bananos@ubby:$ wget "https://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/OpenWrt-ImageBuilder-15.05.1-brcm47xx-legacy.Linux-x86_64.tar.bz2"
bananos@ubby:$ tar -xvvf "OpenWrt-ImageBuilder-15.05.1-brcm47xx-legacy.Linux-x86_64.tar.bz2"

After that, we’re going to assemble our custom firmware out of pre-built packages. Image builder was created specifically to overcome the slowness and complexity of compiling OpenWRT from sources.

bananos@ubby:$ sudo apt-get install -y subversion build-essential libncurses5-dev zlib1g-dev gawk git ccache gettext libssl-dev xsltproc
bananos@ubby:$ cd "OpenWrt-ImageBuilder-15.05.1-brcm47xx-legacy.Linux-x86_64"
bananos@ubby:$ make image PROFILE="Broadcom-b43" PACKAGES="base-files libc libgcc busybox kmod-usb2 kmod-usb-ohci kmod-usb-uhci kmod-usb-storage kmod-fs-ext4 block-mount kmod-scsi-core -dropbear mtd uci -opkg netifd fstools swconfig wpad-mini nvram -otrx kmod-leds-gpio kmod-gpio-button-hotplug kmod-ledtrig-default-on kmod-ledtrig-timer kmod-ledtrig-netdev dnsmasq iptables -ip6tables ppp ppp-mod-pppoe kmod-nf-nathelper firewall odhcpd odhcp6c"

make[1]: Entering directory '/home/bananos/Projects/openwrt_dir320/image_builder/OpenWrt-ImageBuilder-15.05.1-brcm47xx-legacy.Linux-x86_64'
echo 'Building images for brcm47xx - Broadcom SoC, all Ethernet, BCM43xx WiFi (b43, default)'
Building images for brcm47xx - Broadcom SoC, all Ethernet, BCM43xx WiFi (b43, default)
echo 'Packages: base-files block-mount busybox dnsmasq firewall fstools iptables kernel kmod-b43 kmod-b43legacy kmod-fs-ext4 kmod-gpio-button-hotplug kmod-leds-gpio kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-nf-nathelper kmod-scsi-core kmod-usb-ohci kmod-usb-storage kmod-usb-uhci kmod-usb2 libc libgcc mtd netifd nvram odhcp6c odhcpd ppp ppp-mod-pppoe swconfig uci wpad-mini'
Packages: base-files block-mount busybox dnsmasq firewall fstools iptables kernel kmod-b43 kmod-b43legacy kmod-fs-ext4 kmod-gpio-button-hotplug kmod-leds-gpio kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-nf-nathelper kmod-scsi-core kmod-usb-ohci kmod-usb-storage kmod-usb-uhci kmod-usb2 libc libgcc mtd netifd nvram odhcp6c odhcpd ppp ppp-mod-pppoe swconfig uci wpad-mini
echo

rm -rf /home/bananos/Projects/openwrt_dir320/image_builder/OpenWrt-ImageBuilder-15.05.1-brcm47xx-legacy.Linux-x86_64/build_dir/target-mipsel_mips32_uClibc-0.9.33.2/root-brcm47xx
.....

Note the - symbol before some of the packages, this means that those must be excluded from resulting build. As a result our target image will have almost nothing except external usb support and bare linux kernel. This is due to really tiny capacity of the internal router storage(4Mb). In order to increase it we’ll be using external USB storage(extroot) which is covered in detail in the next sections of this article.

Make sure you have active connection to internet as Image Builder will download some packages from the online repository. At the end of the build, you should be able to find a bunch of prepackaged firmwares in bin/ directory:

bananos@ubby:$ ls bin/brcm47xx/ | grep "asus"

openwrt-15.05.1-brcm47xx-legacy-asus-wl-300g-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-320gp-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-330ge-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-500gp-v1-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-500gp-v2-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-500w-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-520gu-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-550ge-squashfs.trx
openwrt-15.05.1-brcm47xx-legacy-asus-wl-hdd25-squashfs.trx

Our file of interest is openwrt-15.05.1-brcm47xx-legacy-asus-wl-500gp-v2-squashfs.trx since Asus WL500gp-V2 uses the same hardware as Dlink DIR-320 Rev A.

Firmware Flashing

There are a lot of firmware flashing instructions on the net, but we’ll be using the most generic and reliable via TFTP. Create the following bash file named flash.sh:

#!/bin/bash
echo "=================================================================="
echo "This script will upload dd-wrt firmware (firmware.bin)"
echo "in the current directory to 192.168.0.1 "
echo "during the router's bootup. "
echo ""
echo "* Set your ethernet card's settings to: "
echo "     IP:      192.168.0.10 "
echo "     Mask:    255.255.255.0 "
echo "     Gateway: 192.168.0.1 "
echo "* Unplug the router's power cable. "
echo ""
echo "Press Ctrl+C to abort or any other key to continue... "

read

echo ""
echo "* Re-plug the router's power cable. "
echo ""
echo "=================================================================="
echo "Waiting for the router... Press Ctrl+C to abort. "
echo ""

try(){
ping -c 1 -w 1 192.168.0.1
}
try

while [ "$?" != "0" ] ;
do
try
done
echo "*** Start Flashing **** "
atftp --no-source-port-checking -p -l firmware.bin 192.168.0.1
echo "Firmware successfully loaded!"

The script’s usage instructions are pretty self-explanatory, but before using it we must do a few more things:

bananos@ubby:$ chmod +x flash.sh
bananos@ubby:$ cp bin/brcm47xx/openwrt-15.05.1-brcm47xx-legacy-asus-wl-500gp-v2-squashfs.trx firmware.bin
bananos@ubby:$ sudo apt-get install -y atftp atftpd

Assuming that your USB-to-Serial adapter was detected as /dev/ttyUSB0, let’s open serial terminal to be able to observe what is happening on the router in real time:

bananos@ubby:$ sudo bash -c "screen /dev/ttyUSB0 115200"

Now, prepare your ethernet network card settings and

plug port #1 of your router to linux machine
run ./flash.sh and press any key to see a lot of connect: Network is unreachable messages
plug router power cable and wait for the flashing process to finish

In the serial console you’ll notice something similar to this:

Decompressing...........done

CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Thu Jul 19 10:53:24 CST 2007 (root@redhat9)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.

Initializing Arena
Initializing Devices.
Boot partition size = 262144(0x40000)
et0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 4.150.3.0
CPU type 0x29029: 240MHz
Total memory: 32768 KBytes

Total memory used by CFE:  0x80300000 - 0x803C0720 (788256)
Initialized Data:          0x80337730 - 0x8033AE50 (14112)
BSS Area:                  0x8033AE50 - 0x8033C720 (6352)
Local Heap:                0x8033C720 - 0x803A0720 (409600)
Stack Area:                0x803A0720 - 0x803C0720 (131072)
Text (code) segment:       0x80300000 - 0x80337730 (227120)
Boot area (physical):      0x003C1000 - 0x00401000
Relocation Factor:         I:00000000 - D:00000000

alpha bootcode ver 0.1.2
cmd = ifconfig eth0 -addr=192.168.0.1 -mask=255.255.255.0
We disable the arp for self.
We disable the arp for self.
Device eth0:  hwaddr 00-90-4C-C0-00-01, ipaddr 192.168.0.1, mask 255.255.255.0
        gateway not set, nameserver not set
cmd = go;
cmd = load -raw -addr=0x803c0720 -max=0x3a0000 :
Loader:raw Filesys:tftp Dev:eth0 File:: Options:(null)
Loading: entry point=803C0720
........... 3674112 bytes read
Entry at 0x803c0720
cmd = flash -noheader -mem -size=0x381000 0x803c0720 flash1.trx
Reading from 0x803c0720: Programming...done. 3674112 bytes written
Dest=80001000, source =803c0720, filename=flash1.trx
cmd = boot -raw -z -addr=0x80001000 -max=0x3a0000 flash0.os:
Loader:raw Filesys:raw Dev:flash0.os File: Options:(null)
Loading: entry point=80001000
.. 3712 bytes read
Entry at 0x80001000
Closing network.
Starting program at 0x80001000
[    0.000000] Linux version 3.18.23 (buildbot@builder1) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r48532) ) #1 Tue Mar 1 09:18:44 CET 2016
[    0.000000] CPU0 revision is: 00029029 (Broadcom BMIPS3300)
[    0.000000] bcm47xx: Using ssb bus
[    0.000000] ssb: Found chip with id 0x5354, rev 0x03 and package 0x00
[    0.000000] can not parse nvram name (null)boardnum(null) with value  got -22
[    0.000000] can not parse nvram name (null)rxpo2g(null) with value 0xfff8 got -34
[    0.000000] ssb: Sonics Silicon Backplane found at address 0x18000000
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 02000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x01ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x01ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x01ffffff]
[    0.000000] Primary instruction cache 16kB, VIPT, 4-way, linesize 16 bytes.
[    0.000000] Primary data cache 16kB, 2-way, VIPT, cache aliases, linesize 16 bytes
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 8128
[    0.000000] Kernel command line:  noinitrd console=ttyS0,115200
[    0.000000] PID hash table entries: 128 (order: -3, 512 bytes)
[    0.000000] Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.000000] Memory: 28956K/32768K available (2605K kernel code, 103K rwdata, 316K rodata, 164K init, 267K bss, 3812K reserved)
[    0.000000] NR_IRQS:128
[    0.000000] MIPS: machine is Unknown Board
[    0.060000] Calibrating delay loop... 239.61 BogoMIPS (lpj=1198080)
[    0.070000] pid_max: default: 32768 minimum: 301
[    0.070000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.070000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.080000] NET: Registered protocol family 16
[    0.100000] Switched to clocksource MIPS
[    0.110000] NET: Registered protocol family 2
[    0.110000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.110000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.110000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.110000] TCP: reno registered
[    0.110000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.110000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.110000] NET: Registered protocol family 1
[    0.110000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.120000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.120000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.120000] msgmni has been set to 56
[    0.120000] io scheduler noop registered
[    0.120000] io scheduler deadline registered (default)
[    0.120000] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    0.130000] console [ttyS0] disabled
[    0.150000] serial8250.0: ttyS0 at MMIO 0xb8000300 (irq = 3, base_baud = 1562500) is a U6_16550A
[    0.450000] console [ttyS0] enabled
[    0.470000] serial8250.0: ttyS1 at MMIO 0xb8000400 (irq = 3, base_baud = 1562500) is a U6_16550A
[    0.490000] physmap platform flash device: 02000001 at 1c000000
[    0.490000] physmap-flash.0: Found 1 x16 devices at 0x0 in 8-bit bank. Manufacturer ID 0x000001 Chip ID 0x0000f6
[    0.500000] Amd/Fujitsu Extended Query Table at 0x0040
[    0.510000]   Amd/Fujitsu Extended Query version 1.1.
[    0.510000] physmap-flash.0: Swapping erase regions for top-boot CFI table.
[    0.520000] number of CFI chips: 1
[    0.530000] 6 bcm47xxpart partitions found on MTD device physmap-flash.0
[    0.540000] Creating 6 MTD partitions on "physmap-flash.0":
[    0.540000] 0x000000000000-0x000000040000 : "boot"
[    0.550000] 0x000000040000-0x0000003f0000 : "firmware"
[    0.560000] 0x00000004001c-0x00000004090c : "loader"
[    0.570000] 0x00000004090c-0x000000146000 : "linux"
[    0.580000] 0x000000146000-0x0000003f0000 : "rootfs"
[    0.580000] mtd: device 4 (rootfs) set to be root filesystem
[    0.590000] 1 squashfs-split partitions found on MTD device rootfs
[    0.600000] 0x000000380000-0x0000003f0000 : "rootfs_data"
[    0.600000] 0x0000003f0000-0x000000400000 : "nvram"
[    0.710000] libphy: Fixed MDIO Bus: probed
[    0.710000] b44: Broadcom 44xx/47xx 10/100 PCI ethernet driver version 2.0
[    0.730000] libphy: b44_eth_mii: probed
[    0.850000] b53_common: found switch: BCM5325, rev 0
[    0.860000] b44 ssb0:0: attached PHY driver [Broadcom B53 (1)] (mii_bus:phy_addr=1:1e)
[    0.870000] b44 ssb0:0 eth0: Broadcom 44xx/47xx 10/100 PCI ethernet driver 00:90:4c:c0:00:01
[    0.880000] bcm47xx-wdt bcm47xx-wdt.0: BCM47xx Watchdog Timer enabled (30 seconds, Software Timer)
[    0.890000] GPIO_WDT: failed to register misc device
[    0.890000] TCP: cubic registered
[    0.890000] NET: Registered protocol family 17
[    0.900000] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    0.910000] Bridge firewalling registered
[    0.920000] 8021q: 802.1Q VLAN Support v1.8
[    0.940000] VFS: Mounted root (squashfs filesystem) readonly on device 31:4.
[    0.950000] Freeing unused kernel memory: 164K (802f7000 - 80320000)
[    2.620000] init: Console is alive
[    2.630000] init: - watchdog -
[    5.430000] usbcore: registered new interface driver usbfs
[    5.430000] usbcore: registered new interface driver hub
[    5.440000] usbcore: registered new device driver usb
[    5.640000] SCSI subsystem initialized
[    5.670000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    5.680000] ehci-platform: EHCI generic platform driver
[    5.680000] ehci-platform ehci-platform.0: EHCI Host Controller
[    5.690000] ehci-platform ehci-platform.0: new USB bus registered, assigned bus number 1
[    5.700000] ehci-platform ehci-platform.0: irq 6, io mem 0x18003800
[    5.730000] ehci-platform ehci-platform.0: USB 2.0 started, EHCI 1.00
[    5.730000] hub 1-0:1.0: USB hub found
[    5.740000] hub 1-0:1.0: 2 ports detected
[    5.750000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    5.760000] ohci-platform: OHCI generic platform driver
[    5.770000] ohci-platform ohci-platform.0: Generic Platform OHCI controller
[    5.780000] ohci-platform ohci-platform.0: new USB bus registered, assigned bus number 2
[    5.790000] ohci-platform ohci-platform.0: irq 6, io mem 0x18003000
[    5.850000] hub 2-0:1.0: USB hub found
[    5.860000] hub 2-0:1.0: 2 ports detected
[    5.870000] uhci_hcd: USB Universal Host Controller Interface driver
[    5.890000] usbcore: registered new interface driver usb-storage
[    6.680000] init: - preinit -
[    7.170000] b44 ssb0:0 eth0: Link is up at 100 Mbps, half duplex
[    7.180000] b44 ssb0:0 eth0: Flow control is off for TX and off for RX
[    7.460000] random: mktemp urandom read with 11 bits of entropy available
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[    8.980000] b44 ssb0:0 eth0: Link is Up - 100Mbps/Full - flow control off
[   11.010000] mount_root: loading kmods from internal overlay
[   11.380000] block: attempting to load /etc/config/fstab
[   11.390000] block: unable to load configuration (fstab: Entry not found)
[   11.400000] block: no usable configuration
[   11.400000] mount_root: jffs2 not ready yet, using temporary tmpfs overlay
[   11.460000] b44 ssb0:0 eth0: powering down PHY
[   11.490000] procd: - early -
[   11.500000] procd: - watchdog -
[   12.000000] b44 ssb0:0 eth0: Link is Down
[   12.410000] procd: - ubus -
[   13.430000] procd: - init -
Please press Enter to activate this console.
[   17.510000] NET: Registered protocol family 10
[   17.530000] Loading modules backported from Linux version master-2015-03-09-0-g141f155
[   17.540000] Backport generated by backports.git backports-20150129-0-gdd4a670
[   17.560000] nf_conntrack version 0.5.0 (455 buckets, 1820 max)
[   17.670000] xt_time: kernel timezone is -0000
[   17.730000] cfg80211: Calling CRDA to update world regulatory domain
[   17.740000] ip_tables: (C) 2000-2006 Netfilter Core Team
[   17.770000] cfg80211: World regulatory domain updated:
[   17.770000] cfg80211:  DFS Master region: unset
[   17.780000] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[   17.790000] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[   17.800000] cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz, 92000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   17.810000] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[   17.820000] cfg80211:   (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[   17.830000] cfg80211:   (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[   17.840000] cfg80211:   (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[   17.840000] cfg80211:   (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[   17.850000] cfg80211:   (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[   18.230000] PPP generic driver version 2.4.2
[   18.240000] NET: Registered protocol family 24
[   18.410000] b43-phy0: Broadcom 5354 WLAN found (core revision 13)
[   18.440000] b43-phy0: Found PHY: Analog 6, Type 5 (LP), Revision 0
[   18.450000] b43-phy0: Found Radio: Manuf 0x17F, ID 0x2062, Revision 1, Version 0
[   18.470000] Broadcom 43xx driver loaded [ Features: PNL ]
[   18.550000] Broadcom 43xx-legacy driver loaded [ Features: PLD ]
[   26.610000] b44 ssb0:0 eth0: Link is up at 100 Mbps, full duplex
[   26.610000] b44 ssb0:0 eth0: Flow control is off for TX and off for RX
[   28.030000] b44 ssb0:0 eth0: Link is Up - 100Mbps/Full - flow control off
[   31.430000] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[   31.450000] jffs2_build_filesystem(): unlocking the mtd device... done.
[   31.450000] jffs2_build_filesystem(): erasing all blocks after the end marker... ^[[A^[[A
[   34.450000] b44 ssb0:0 eth0: powering down PHY
[   34.530000] b44 ssb0:0 eth0: Link is up at 100 Mbps, full duplex
[   34.540000] b44 ssb0:0 eth0: Flow control is off for TX and off for RX
[   34.580000] device eth0.1 entered promiscuous mode
[   34.580000] device eth0 entered promiscuous mode
[   34.600000] br-lan: port 1(eth0.1) entered forwarding state
[   34.610000] br-lan: port 1(eth0.1) entered forwarding state
[   35.830000] done.
[   35.830000] jffs2: notice: (845) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   36.610000] br-lan: port 1(eth0.1) entered forwarding state
[   80.480000] random: nonblocking pool is initialized

BusyBox v1.23.2 (2016-03-01 08:53:11 CET) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER (15.05.1, r48532)
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
root@OpenWrt:/#

After successful flash procedure, reboot your router by powering it off and setting your ethernet network card back to DHCP (that’s necessary because the default router DHCP server assigns addresses in 192.168.1.XXX subnet, which is different from 192.168.0.XXX which we used for flashing purposes)

Turn on the device once again and wait until wired connection with your host system establishes. After that, you may happily telnet into the router:

bananos@ubby:$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------

BusyBox v1.23.2 (2016-03-01 08:53:11 CET) built-in shell (ash)

.....

Congrats! The first, most important step is completed. In the next section we’ll configure extroot to be able to install additional OpenWrt packages such as LuCI and various kernel modules.

Setting up extroot

Connect your USB drive to linux host system. The first thing we’re going to do is partitioning. Assuming that your newly inserted disk is /dev/sdb I would suggest somewhat similar to this:

bananos@ubby:$ sudo fdisk -l /dev/sdb
Disk /dev/sdb: 28 GiB, 30005821440 bytes, 58605120 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xa58948b4

Device     Boot   Start      End  Sectors   Size Id Type
/dev/sdb1            63  2008124  2008062 980.5M 82 Linux swap / Solaris
/dev/sdb2       2008125  6024374  4016250   1.9G 83 Linux
/dev/sdb3       6024375 58605119 52580745  25.1G 83 Linux

In my case, I’m using 1.8 inch TOSHIBA MK3008GAL hard drive. To make partitioning table similar to above mentioned you may use GUI tool called GParted or use plain fdisk. Primary partition usage is as follows:

/dev/sdb1 is for swapping purposes due to a low (32Mb) amount of RAM
/dev/sdb2 is for root filesystem (rootfs /)
/dev/sdb3 is for home directory (/home)

After partitioning, format rootfs and /home into ext4 filesystems:

bananos@ubby:$ sudo umount /dev/sdb2
bananos@ubby:$ sudo mkfs.ext4 /dev/sdb2
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 502031 4k blocks and 125696 inodes
Filesystem UUID: 69b17872-9486-4113-8d9f-59a5e4221027
Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

bananos@ubby:$ sudo umount /dev/sdb3
bananos@ubby:$ sudo mkfs.ext4 /dev/sdb3

....

bananos@ubby:$ sudo mkswap /dev/sdb1
Setting up swapspace version 1, size = 980.5 MiB (1028120576 bytes)
no label, UUID=457a57b6-aae0-410a-8832-4e182e15e04b

Now, connect USB drive to your router, turn it on, and telnet once again:

root@OpenWrt:/# logread | grep "sda"
Tue Mar  1 08:15:13 2016 kern.notice kernel: [    7.290000] sd 0:0:0:0: [sda] 58605120 512-byte logical blocks: (30.0 GB/27.9 GiB)
Tue Mar  1 08:15:13 2016 kern.notice kernel: [    7.320000] sd 0:0:0:0: [sda] Write Protect is off
Tue Mar  1 08:15:13 2016 kern.debug kernel: [    7.320000] sd 0:0:0:0: [sda] Mode Sense: 03 00 00 00
Tue Mar  1 08:15:13 2016 kern.err kernel: [    7.330000] sd 0:0:0:0: [sda] No Caching mode page found
Tue Mar  1 08:15:13 2016 kern.err kernel: [    7.330000] sd 0:0:0:0: [sda] Assuming drive cache: write through
Tue Mar  1 08:15:13 2016 kern.info kernel: [    7.400000]  sda: sda1 sda2 sda3
Tue Mar  1 08:15:13 2016 kern.notice kernel: [    7.440000] sd 0:0:0:0: [sda] Attached SCSI disk

We’ve just used logread to make sure that hard drive was successfully detected by kernel. Now, let’s proceed to creating external rootfs:

root@OpenWrt:/# ls -l /dev/sda
brw-r--r--    1 root     root        8,   0 Jan  1  1970 /dev/sda
root@OpenWrt:/# block detect
config 'global'
        option  anon_swap       '0'
        option  anon_mount      '0'
        option  auto_swap       '1'
        option  auto_mount      '1'
        option  delay_root      '5'
        option  check_fs        '0'

config 'swap'
        option  uuid    '457a57b6-aae0-410a-8832-4e182e15e04b'
        option  enabled '0'

config 'mount'
        option  target  '/mnt/sda2'
        option  uuid    '69b17872-9486-4113-8d9f-59a5e4221027'
        option  enabled '0'

config 'mount'
        option  target  '/mnt/sda3'
        option  uuid    '37582519-c560-45d3-9a4e-9a95d255b33a'
        option  enabled '0'

We’ve just seen that usb hard drive is present at /dev/sda and has 3 partitions. Next, we’ll create a so-called pivot-overlay:

root@OpenWrt:/# mount /dev/sda2 /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ; umount /mnt
./
./.fs_state
./work/
./work/work/
./upper/
./upper/etc/
./upper/etc/uci-defaults/
./upper/etc/uci-defaults/11_migrate-sysctl
./upper/etc/uci-defaults/03_network_migration
./upper/etc/uci-defaults/odhcpd.defaults
./upper/etc/uci-defaults/10_migrate-shadow
./upper/etc/uci-defaults/10-fstab
./upper/etc/uci-defaults/12_network-generate-ula
./upper/etc/uci-defaults/09_fix_crc
./upper/etc/config/
./upper/etc/config/dhcp
./upper/etc/config/fstab
./upper/etc/config/firewall
./upper/etc/config/network
./upper/etc/config/system
./upper/etc/config/wireless
./upper/etc/ethers
./upper/etc/dnsmasq.time

The above mentioned command will mount /dev/sda2 as /mnt, then will copy everything from /overlay to /mnt and unmount partition. Now, create fstab template:

root@OpenWrt:/# block detect > /etc/config/fstab ; vi /etc/config/fstab

After editing your fstab file it should look like following:

config 'global'
        option  anon_swap       '0'
        option  anon_mount      '0'
        option  auto_swap       '1'
        option  auto_mount      '1'
        option  delay_root      '5'
        option  check_fs        '1'

config 'swap'
        option  enabled '1'
        option  device '/dev/sda1'

config 'mount'
        option  target  '/overlay'
        option  enabled '1'
        option  device  '/dev/sda2'
        option  fstype  'ext4'
        option  options 'rw,relatime,data=ordered,async,errors=remount-ro'
        option  enabled_fsck '1'

config 'mount'
        option  target  '/home'
        option  enabled '1'
        option  device '/dev/sda3'
        option  fstype  'ext4'
        option  options 'rw,relatime,data=ordered,async,errors=remount-ro'
        option  enabled_fsck '1'

Don’t forget to create /home directory by entering mkdir -p /home! Now, reboot your router and check that everything was mounted correctly:

root@OpenWrt:/# df -h
Filesystem                Size      Used Available Use% Mounted on
rootfs                    1.9G      2.9M      1.7G   0% /
/dev/root                 2.3M      2.3M         0 100% /rom
tmpfs                    14.2M     44.0K     14.2M   0% /tmp
/dev/sda2                 1.9G      2.9M      1.7G   0% /overlay
overlayfs:/overlay        1.9G      2.9M      1.7G   0% /
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/sda3                24.6G     43.9M     23.2G   0% /home

root@OpenWrt:/# swapon -s
Filename                                Type            Size    Used    Priority
/dev/sda1                               partition       1004024 0       -1

We can see here, that rootfs(/) partition now has 1.7G of free space, and there’s almost 998M of swap. That’s it! External root filesystem is ready to use. In the next step, we’ll install opkg package manager, to be able to do something useful with our fresh linux system.

Installation of package manager (opkg)

A bare linux system is of no use if we’re not able to install additional software. That’s what we’ll accomplish in this section. Since we don’t have access to internet(yet) from the router itself, we’ll download opkg binary package manually and install it on the working system.

As an additional option you may consider downloading all of the OpenWRT binary packages to newly prepared usb drive if you have plenty of free space. That’s very useful if there will be no access to internet from the router itself during spontaneous connection failures or maintenance periods.

Re-attach hard drive to linux host system and assuming that
/media/bananos/69b17872-9486-4113-8d9f-59a5e4221027 is your /home directory mentioned above, download all packages:

root@ubby:$ cd `/media/bananos/69b17872-9486-4113-8d9f-59a5e4221027` && mkdir repo && cd repo
root@ubby:$ wget -r --no-parent --reject "index.html*" "https://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/"
......

FINISHED --2016-03-31 16:48:54--
Total wall clock time: 7m 23s
Downloaded: 4508 files, 307M in 2m 9s (2.39 MB/s)

This will download all packages from https://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/ preserving directory structure. Let’s make it more clean:

root@ubby:$ mv downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/* .
root@ubby:$ rm -rf downloads.openwrt.org/
root@ubby:# ls
base luci  management  packages  routing  telephony

Now, let’s install opkg manager by copying corresponding package to rootfs:

root@ubby:$ cp base/opkg_9c97d5ecd795709c8584e972bfdf3aee3a5b846d-9_brcm47xx.ipk /media/bananos/37582519-c560-45d3-9a4e-9a95d255b33a/opkg.ipk
root@ubby:$ cd /media/bananos/37582519-c560-45d3-9a4e-9a95d255b33a/

root@ubby:$ 7z x opkg.ipk

7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,2 CPUs)

Processing archive: opkg.ipk
Extracting  opkg
Everything is Ok
Size:       71680
Compressed: 64546

root@ubby:$ tar -xvf opkg
./debian-binary
./data.tar.gz
./control.tar.gz

root@ubby:$ rm control.tar.gz opkg.ipg debian-binary rm opkg

Unplug USB-hdd from host system and replug it back to router, run telnet and check that data.tar.gz is at /overlay:

root@OpenWrt:/# ls /overlay/
data.tar.gz  etc          lost+found   upper        work
root@OpenWrt:/# mv /overlay/data.tar.gz /
root@OpenWrt:/# tar -xzvf data.tar.gz
./
./lib/
./lib/upgrade/
./lib/upgrade/keep.d/
./lib/upgrade/keep.d/opkg
./bin/
./bin/opkg
./usr/
./usr/lib/
./usr/lib/opkg/
./usr/sbin/
./usr/sbin/opkg-key
./etc/
./etc/uci-defaults/
./etc/uci-defaults/20_migrate-feeds
./etc/opkg/
./etc/opkg/customfeeds.conf
./etc/opkg/distfeeds.conf
./etc/opkg.conf

If everything was correct and you extracted tar package directly to / then it is possible to run opkg itself:

root@OpenWrt:/# opkg --version
opkg version 0.1.8

Now, if you have working internet connection it is possible to install additional OpenWRT packages like LuCI, but we’re going to leverage our offline repo we’ve created above. Open /etc/opkg/distfeeds.conf and create following file contents:

#src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/base
#src/gz chaos_calmer_luci http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/luci
#src/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/packages
#src/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/routing
#src/gz chaos_calmer_telephony http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/telephony
#src/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05.1/brcm47xx/legacy/packages/management

src/gz chaos_calmer_base file:///home/repo/base
src/gz chaos_calmer_luci file:///home/repo/luci
src/gz chaos_calmer_packages file:///home/repo/packages
src/gz chaos_calmer_routing file:///home/repo/routing
src/gz chaos_calmer_telephony file:///home/repo/telephony
src/gz chaos_calmer_management file:///home/repo/management

run update procedure:

root@OpenWrt:/# opkg update
Downloading file:///home/repo/base/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_base.
Downloading file:///home/repo/base/Packages.sig.
Signature check passed.
Downloading file:///home/repo/luci/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_luci.
Downloading file:///home/repo/luci/Packages.sig.
Signature check passed.
Downloading file:///home/repo/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading file:///home/repo/packages/Packages.sig.
Signature check passed.
Downloading file:///home/repo/routing/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_routing.
Downloading file:///home/repo/routing/Packages.sig.
Signature check passed.
Downloading file:///home/repo/telephony/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_telephony.
Downloading file:///home/repo/telephony/Packages.sig.
Signature check passed.
Downloading file:///home/repo/management/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_management.
Downloading file:///home/repo/management/Packages.sig.
Signature check passed.

Now, it is possible to install any additional software we like. For example, let’s install nano text editor:

root@OpenWrt:/# opkg install nano
Installing nano (2.4.1-1) to root...
Downloading file:///home/repo/packages/nano_2.4.1-1_brcm47xx.ipk.
Installing libncurses (5.9-2) to root...
Downloading file:///home/repo/base/libncurses_5.9-2_brcm47xx.ipk.
Installing terminfo (5.9-2) to root...
Downloading file:///home/repo/base/terminfo_5.9-2_brcm47xx.ipk.
Configuring terminfo.
Configuring libncurses.
Configuring nano.

Make sure internet works

If you have access to an internet via LAN cable (i.e. you do have another router running DHCP in your network with internet access), plug your DIR-320 WAN port into your network. Make sure, it gets dynamic IP:

root@OpenWrt:/# ifconfig

br-lan    Link encap:Ethernet  HWaddr 00:90:4C:C0:00:01
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fd47:5a3c:26b2::1/60 Scope:Global
          inet6 addr: fe80::290:4cff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3926 (3.8 KiB)

eth0.2    Link encap:Ethernet  HWaddr 00:90:4C:C0:00:01
          inet addr:192.168.0.194  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::290:4cff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:223 errors:0 dropped:0 overruns:0 frame:0
          TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:50169 (48.9 KiB)  TX bytes:9778 (9.5 KiB)

Make sure that your existing network uses different subnet. By default, OpenWRT is configured to use 192.168.1.X subnet, so you should use something like 192.168.0.X or 192.168.2.X. Verify that you’re able to download content from the internet:

root@OpenWrt:/# wget http://httpbin.org/ip -O /dev/null
Connecting to httpbin.org (54.175.219.8:80)
null                 100% |*******************************|    32   0:00:00 ETA

If you’re not able to get any content outside your network, it is most likely a problem with firewall. One of the symptoms of this problem is that when you issue ping command, there will be following output ping: sendmsg: Operation not permitted.

To allow all traffic in any direction(don’t do this in production environment!), do the following:

root@OpenWrt:/# echo "iptables -P INPUT ACCEPT" >> /etc/firewall.user
root@OpenWrt:/# echo "iptables -P OUTPUT ACCEPT" >> /etc/firewall.user
root@OpenWrt:/# echo "iptables -P FORWARD ACCEPT" >> /etc/firewall.user
root@OpenWrt:/# /etc/init.d/firewall restart

LuCI installation

LuCI is a web-based GUI for managing OpenWRT. A lot of essential configuration which is pretty cumbersome to do via command-line could be easily made through LuCI.

Before installing LuCI packages I would strongly suggest setting up kmod-zram and zram-swap packages if you’re not using external HDD swap, but instead rely on slow, error-prone flash memory. Zram is a special linux kernel module which makes part of your RAM compressed and behave like swap.

Now, let’s proceed:

root@OpenWrt:/# opkg update && opkg install --force-overwrite wget ca-certificates coreutils dropbear
root@OpenWrt:/# opkg install ip fdisk usbutils screen htop
root@OpenWrt:/# opkg install luci luci-proto-3g luci-proto-ipv6 luci-proto-openconnect luci-proto-ppp luci-proto-relay

After successfull installation of the above mentioned packages, reboot and plug your linux host into one of the 4 LAN ports of the router. Since LuCI is not yet configured, it is not possible to access it via WAN, therefore we’re going to setup it from the internal router network. Open up your favorite browser and go to http://192.168.1.1/cgi-bin/luci

From now on, you may fully configure your router by setting up root password, enabling Wi-Fi, etc.

3g/CDMA modem configuration

Now, the most interesting part — how do we connect external CDMA modem to the router and make sure it will function as a WAN interface for LAN clients? At the time of this writing, I had in my hands a used Sierra AirCard 250U:

In this part of the article, we’re going to setup it to act as an external WAN interface. First off, disconnect ethernet cable from router’s WAN port and connect modem. Make sure you’re using USB-hub with external power supply, since 3G modems may drain a lot of current from single USB port and you might experience a lot of weird issues.

Open up terminal console using ssh (telnet should be already disabled if you’ve configured router’s root password):

bananos@ubby:$ ssh  root@192.168.1.1
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password:

When CDMA modem is powered on, it is possible to see it in the list of connected usb devices:

root@OpenWrt:~# lsusb
Bus 001 Device 007: ID 1199:0301 Sierra Wireless, Inc.
Bus 001 Device 008: ID 198f:0220 Beceem Communications Inc. BCSM250 WiMAX Adapter
Bus 001 Device 004: ID 0424:2512 Standard Microsystems Corp. USB 2.0 Hub
Bus 001 Device 003: ID 05ac:0221 Apple, Inc. Aluminum Keyboard (ISO)
Bus 001 Device 005: ID 067b:2506 Prolific Technology, Inc. Kaser 8gB micro hard drive
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 05ac:1006 Apple, Inc. Hub in Aluminum Keyboard
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

In this example I’m using Apple Keyboard as USB hub :) Aricard 250U may actually work in CDMA/WiMax mode, and is detected as two separate devices Sierra Wireless, Inc. and Beceem Communications Inc. BCSM250 WiMAX Adapter. Now, let’s search for Sierra support in software packages:

root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg list | grep sierra
kmod-usb-net-sierrawireless - 3.18.23-1 - Kernel support for Sierra Wireless devices
kmod-usb-serial-sierrawireless - 3.18.23-1 - Kernel support for Sierra Wireless devices

Luckily, there is kernel support for Sierra devices and we’re going to leverage that! This is exactly the case where modern linux kernel shines in all its beauty. On top of this kernel modules we need to install some other generic stuff:

root@OpenWrt:~# opkg install kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan kmod-usb-serial-ipw
root@OpenWrt:~# opkg install comgt usb-modeswitch coreutils-stty
root@OpenWrt:~# opkg install kmod-usb-net-sierrawireless kmod-usb-serial-sierrawireless
root@OpenWrt:~# reboot

Make sure that sierra kernel support is functioning:

root@OpenWrt:~# lsmod | grep sierra
sierra                  6048  0
sierra_net              5600  0
usbnet                 15872  1 sierra_net

As this point, we have a serial interface to CDMA modem at /dev/ttyUSB0. Verify that modem responds to AT commands:

root@OpenWrt:~# gcom info -d /dev/ttyUSB0
##### Wireless WAN Modem Configuration #####
Product text:
====

Manufacturer: Sierra Wireless, Inc.
Model: AC250U Rev 2.0 (3)
Revision: p3012901,8815 [May 28 2010 14:42:39]
QCOM: SWI6085_FP.01.28
BOOT: SWI6085_PP.01.29.01 2010/05/28 18:13:46
APPL: SWI6085_PP.01.29.01 2010/05/28 18:13:46
USB VID: 0x1199 PID: 0x0301
ESN: 09612160827
0x60B98F3B
+GCAP: +CIS707-A, CIS-856, CIS-856-A, +MS, +ES, +DS, +FCLASS
SKU: 0x132BD1
OK
====
Manufacturer:           ERROR
IMEI and Serial Number: 09612160827
Manufacturer's Revision:
p3012901,8815 [May 28 2010 14:42:3
Hardware Revision:

Network Locked:

Customisation:

Band settings:          (
)
APN:

##### END #####

Now, switch to LuCI and go to Network->Interfaces. Stop WAN6 unless you're going to use IPv6 and edit WAN interface.

When editing existing WAN interface, change Protocol to UMTS/GPRS/EV-DO, click Switch protocol button and wait for additional parameters to appear:

On this screen you should enter provider specific info (take a look at your contract/prepaid plan details). Since my modem is connected to Ukraine's CDMA Intertelecom my connection parameters are:

Protocol: UMTS/GPRS/EV-DO
Modem device: /dev/ttyUSB0 (we've tested above that it actually responds to AT commands)
Service type: CDMA/EV-DO
APN: empty
PIN: empty
PAP/CHAP username: IT
PAP/CHAP password: IT
Dial number: #777

Note, that your interface will now be named 3g-wan and since there is a flag called Bring up on boot in the Advanced tab your CDMA connection will be established automatically on power up. To make sure that everything works, open up terminal once again:

root@OpenWrt:~# logread | grep -E "chat|ppp"
Tue Apr  5 19:38:31 2016 daemon.notice pppd[6810]: pppd 2.4.7 started by root, uid 0
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (BUSY)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (NO CARRIER)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (ERROR)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (NO DIAL TONE)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (NO ANSWER)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: abort on (DELAYED)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: report (CONNECT)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: timeout set to 10 seconds
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: send (AT^M)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: expect (OK)
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: AT^M^M
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: OK
Tue Apr  5 19:38:32 2016 local2.info chat[6821]:  -- got it
Tue Apr  5 19:38:32 2016 local2.info chat[6821]: send (ATZ^M)
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: timeout set to 30 seconds
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: expect (OK)
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: ^M
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: ATZ^M^M
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: OK
Tue Apr  5 19:38:33 2016 local2.info chat[6821]:  -- got it
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: send (ATDT#777^M)
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: expect (CONNECT)
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: ^M
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: ATDT#777^M^M
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: CONNECT
Tue Apr  5 19:38:33 2016 local2.info chat[6821]:  -- got it
Tue Apr  5 19:38:33 2016 local2.info chat[6821]: send (^M)
Tue Apr  5 19:38:33 2016 daemon.info pppd[6810]: Serial connection established.
Tue Apr  5 19:38:33 2016 daemon.info pppd[6810]: Using interface 3g-wan
Tue Apr  5 19:38:33 2016 kern.info kernel: [ 8554.840000] 3g-wan: renamed from ppp0
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: Connect: 3g-wan < --> /dev/ttyUSB0
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: PAP authentication succeeded
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: local  IP address 10.227.181.163
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: remote IP address 172.17.4.100
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: primary   DNS address 192.168.4.3
Tue Apr  5 19:38:33 2016 daemon.notice pppd[6810]: secondary DNS address 192.168.4.7
Tue Apr  5 20:08:32 2016 daemon.info pppd[6810]: LCP terminated by peer
Tue Apr  5 20:08:32 2016 daemon.info pppd[6810]: Connect time 30.0 minutes.
Tue Apr  5 20:08:32 2016 daemon.info pppd[6810]: Sent 826328 bytes, received 547992 bytes.
Tue Apr  5 20:08:33 2016 daemon.info pppd[6810]: Terminating on signal 15
Tue Apr  5 20:08:35 2016 daemon.notice pppd[6810]: Connection terminated.
Tue Apr  5 20:08:36 2016 daemon.notice pppd[6810]: Modem hangup
Tue Apr  5 20:08:36 2016 daemon.info pppd[6810]: Exit.
Tue Apr  5 20:08:37 2016 daemon.notice pppd[7884]: pppd 2.4.7 started by root, uid 0
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (BUSY)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (NO CARRIER)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (ERROR)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (NO DIAL TONE)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (NO ANSWER)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: abort on (DELAYED)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: report (CONNECT)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: timeout set to 10 seconds
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: send (AT^M)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: expect (OK)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: AT^M^M
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: OK
Tue Apr  5 20:08:38 2016 local2.info chat[7896]:  -- got it
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: send (ATZ^M)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: timeout set to 30 seconds
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: expect (OK)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: ^M
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: ATZ^M^M
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: OK
Tue Apr  5 20:08:38 2016 local2.info chat[7896]:  -- got it
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: send (ATDT#777^M)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: expect (CONNECT)
Tue Apr  5 20:08:38 2016 local2.info chat[7896]: ^M
Tue Apr  5 20:08:39 2016 local2.info chat[7896]: ATDT#777^M^M
Tue Apr  5 20:08:39 2016 local2.info chat[7896]: CONNECT
Tue Apr  5 20:08:39 2016 local2.info chat[7896]:  -- got it
Tue Apr  5 20:08:39 2016 local2.info chat[7896]: send (^M)
Tue Apr  5 20:08:39 2016 daemon.info pppd[7884]: Serial connection established.

These are the logs from pppd daemon and CHAT script, responsible for sending AT commands to modem. As you can see there may be random hangups, but the connection is automatically re-established which is very nice.

And when you enter ifconfig command you should see 3g-wan interface too:

root@OpenWrt:~# ifconfig
3g-wan    Link encap:Point-to-Point Protocol
          inet addr:10.227.196.50  P-t-P:172.17.4.100  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:977 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:529666 (517.2 KiB)  TX bytes:324250 (316.6 KiB)

In case you’re interested in diving deeper into how things work, I’d recommend looking at these files:

/etc/config/network contains network configuration
/lib/netifd/proto/3g.sh shell logic responsible for running pppd daemon

Measuring signal strength

The last problem you’ll probably stumble upon — is how to measure signal strength, especially if you’re setting up standalone solution at a remote location with a modem connected to an external antenna. This is usually accomplished by sending special AT command to modem. Note, however, that most software and examples over internet are targeted towards more popular GRPS/UMTS modems, and they will probably won’t work.

Before using serial protocol to communicate with modem, we must shutdown existing 3g-wan connection, because otherwise we’ll get cat: read error: Resource temporarily unavailable:

root@OpenWrt:~# ifdown wan

Note, that ifdown won’t accept 3g-wan as interface, but oddly enough the above command works. For now, let’s focus on how to send AT commands to modem:

run screen
open 2 consoles

In the first console run cat /dev/ttyUSB0 (this is a place to look for modem replies) and in the second run echo -ne "at!status?\r\n" > /dev/ttyUSB0. Switch back consoles and you should see something like this:

root@OpenWrt:~# cat /dev/ttyUSB0
at!rssi?
-83

OK

A range from -60 dbm to -90 dBm is considered adequate. Using this special AT command you may now run it in a loop with small delay, observe signal strength in the second console and properly adjust external antenna. Also, there seems to be an unofficial OpenWRT package specifically for signal monitoring called 3ginfo, but I’ve not tried it and not sure if it works for CDMA/EVDO modems.

TL;DR;

Seriously, If you want to avoid all the hassle of setting up CDMA modem and OpenWRT, just buy yourself a device which combines WiFi router and 3g modem — MiFi will do just fine :)

Download openwrt-15.05.1-brcm47xx-legacy-asus-wl-500gp-v2-squashfs.trx (MD5: 420e24e9a042c01585d818c14afa11d3)

CloudWatch custom metrics

bananos — Wed, 16 Dec 2015 15:40:08 +0000

In this post we’re going to investigate how to create custom metrics for the AWS CloudWatch service. In some cases it’s not enough to have default set of AWS metrics which are already defined for you in dashboard. Let’s say you want to monitor the number of active customers on your website, or you would like to know the number of failed requests to your API backend.

Whatever it is, CloudWatch will allow you to record any time-based data using AWS APIs.

Install AWS CLI

First off, in order to post data to CloudWatch you need to install and setup command-line tools to work with AWS APIs:

$ pip install awscli

If you don’t know what pip is, head over pip installation manual.
Once AWS CLI is installed the aws command should be available via your command shell:

$ aws
usage: aws [options]   [ ...] [parameters]
To see help text, you can run:

aws help
aws: error: too few arguments

Before issuing real commands to AWS service you need to configure cli tools:

$ aws configure
AWS Access Key ID [****************KCEQ]:
AWS Secret Access Key [****************x++s]:
Default region name [us-west-2]:
Default output format [json]:

After successfull configuration you should be able to use command-line interface for AWS, for example, let’s list all available EC2 instances:

$ aws ec2 describe-instances | grep "PublicDnsName" | awk '{$1=$1};1' | uniq
"PublicDnsName": "ec2-44-148-96-212.us-west-2.compute.amazonaws.com",
"PublicDnsName": "ec2-42-25-174-143.us-west-2.compute.amazonaws.com",
"PublicDnsName": "ec2-44-68-194-93.us-west-2.compute.amazonaws.com",
"PublicDnsName": "ec2-44-69-229-202.us-west-2.compute.amazonaws.com",

Choose a metric

Let’s say that we want to monitor application API status by periodically requesting specific endpoint and checking HTTP response code. In our example we’ll use http://httpbin.org/status/200 URL to demo.

We will consider HTTP 200 response code as a service alive event and treat it as 1, and any other response code(including timeout) as a service failure event or 0.

The following bash code(service_mon.sh) will output HTTP response code:

#!/bin/bash
CODE=`curl -k -s -o /dev/null -w "%{http_code}" http://httpbin.org/status/200`
echo $CODE

Run it and verify that script outputs 200:

$ ./service_mon.sh
200

Choose metric name

We’re going to name our metric ServiceStatus and will report it to CloudWatch using cloudwatch subcommand. Modify above mentioned service_mon.sh script to be the following:

#!/bin/bash

# get response code
CODE=`curl -k -s -o /dev/null -w "%{http_code}" http://httpbin.org/status/200`
if [ "$CODE" -eq 200 ] ; then
aws cloudwatch put-metric-data --metric-name ServiceStatus --namespace CL_AGENTS --value 1 --unit "Count"
else
aws cloudwatch put-metric-data --metric-name ServiceStatus --namespace CL_AGENTS --value 0 --unit "Count"
fi

Note CL_AGENTS in cmd parameters, this is a convenient group name for all your metrics, typically you’d want to put your application name in there. In this example we’re specifying a type for our data called Count, this is not the only possible option. Here’s a list of other units:

[ Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits,
Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second,
Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None ]

Periodic script execution

Put the script we’ve written into crontab:

# m h  dom mon dow   command
*/5 * * * * /mnt/service_mon.sh

This will post service status to CloudWatch every 5 minutes. Here’s how it might look like in web based AWS console:

You may also report multiple values at the same time using JSON file:

[
{
"MetricName": "ServiceStatus",
"Timestamp": "Wednesday, June 12, 2013 8:28:20 PM",
"Value": 1,
"Unit": "Count"
},
{
"MetricName": "ServiceStatus",
"Timestamp": "Wednesday, June 12, 2013 8:30:20 PM",
"Value": 0,
"Unit": "Count"
}
]

To do bulk reporting use this format:

$ aws cloudwatch put-metric-data --namespace "CL_AGENTS" --metric-data file://metric.json

Setup alarms

Up until now our metric is almost useless, except that we may see nice graphs in the CloudWatch. To do it more usable, let’s add alarm if our API is down:

Select ServiceName metric in the CL_AGENTS namespace we’ve just created
Click Create Alarm button on the right side of the graph
In the subsequent popup, select alarm details:

Gotchas

Keep in mind that CloudWatch will store your time-series data only for 2 weeks (14 days), therefore if you want more history and insights for your data you’re probably will be better off using custom database like InfluxDB for example
Make sure to setup aws cli under the same user which your crontab is using, otherwise AWS configuration won’t be accessible for cron and your monitoring script will not work

Installing optware on Dune HD-TV 102

bananos — Sun, 03 Nov 2013 22:36:18 +0000

Dune company has given us a miryad of excellent media players, especially by producing high quality software. In this article I’ll give you step-by-step instructions on how to convert your media player into full-fledged NAS with ability to download torrents and perform any task a generic linux box could do.

Root access

First off, you need to obtain a retail model Dune HD-TV 102w (with ‘w’ postfix), this is the only model which has appropriate firmware for getting root access.

Download dune_service_telnetd.dsf, copy it to usb-flash drive and insert into Dune. Power on device, go to Sources, find that file and press OK to execute it. Once this is done, telnetd service will be available until next reboot. To make it permanent, run the following:

telnet root@dune_ip
login: root
password: 

tangox[~] touch /config/telnetd
tangox[~] sync

HDD Partition

Connect USB-HDD disk drive to Dune to be able to install Optware and store torrents media. We’re going to re-format the disk and create 3 partitions. Here’s a sample list:

tangox[~] fdisk -l /dev/sda

Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks  Id System
/dev/sda1               1         499     4008186  83 Linux
/dev/sda2             500         624     1004062+ 82 Linux swap
/dev/sda3             625       19457   151276072+ 83 Linux

As you can see we’re going to use sda1 to store Optware, sda2 for swap and sda3 for video content.
To do that you may use fdisk, mkfs.ext3 and mkswap commands like this:

# after fdisk partitioning
tangox[~] mkswap /dev/sda2
tangox[~] mkfs.ext3 /dev/sda1
tangox[~] mkfs.ext3 /dev/sda3

Initialize swap

Dune a has special mechanism to autostart some services during initial boot. We’re going to put some preliminary startup work there.
Create file /mnt/config/boot/bootstrap.sh and put following contents inside:

#!/bin/sh
# Turn on swap partition
swapon /dev/sda2

Then, make sure that file is executable:

tangox[~] chmod +x /mnt/config/boot/bootstrap.sh

Give nice names to HDD partitions

In order for HDD partitions to look nice in Dune GUI (sources menu section), will do some more tuning.
First off, issue df command:

tangox[~] df
Filesystem                Size      Used Available Use% Mounted on
tmpfs                    92.7M      3.1M     89.6M   3% /tmp
/dev/sda3               142.0G     57.8G     77.0G  43% /D
/dev/mtdblock4          105.2M     75.6M     29.5M  72% /app
/dev/loop0              262.3M    262.3M         0 100% /tango3
/dev/mtdblock5          100.0M      8.1M     91.9M   8% /mnt
/dev/sda1                 3.8G    132.3M      3.4G   4% /tmp/mnt/storage/34611c58-ba35-4256-b546-8038078575ab
/dev/sda3               142.0G     57.8G     77.0G  43% /tmp/mnt/storage/566c9eb8-8239-4af5-9ea5-609ddc035e6f

You’ll see those ugly long directory names, which we want to change. Go to /tmp/mnt/storage/34611c58-ba35-4256-b546-8038078575ab and create the file dune_folder.txt with the following contents:

storage_name=opt
system_files=*

Because this is a system partition for our Optware we’re going to hide every file from being visible by end-user. Go to next directory and create similar file:

tangox[~] cd /tmp/mnt/storage/566c9eb8-8239-4af5-9ea5-609ddc035e6f
tangox[~] echo "storage_name=media" >> dune_folder.txt
tangox[~] echo "system_files=*.part" >> dune_folder.txt

This set of folder settings will make uncompleted torrent files hidden from Dune menus. Once you’re done, reboot, telnet again and run df command one more time:

tangox[~] df
Filesystem                Size      Used Available Use% Mounted on
tmpfs                    92.7M      3.1M     89.6M   3% /tmp
/dev/sda3               142.0G     57.8G     77.0G  43% /D
/dev/mtdblock4          105.2M     75.6M     29.5M  72% /app
/dev/loop0              262.3M    262.3M         0 100% /tango3
/dev/mtdblock5          100.0M      8.1M     91.9M   8% /mnt
/dev/sda1                 3.8G    132.3M      3.4G   4% /tmp/mnt/storage/opt
/dev/sda3               142.0G     57.8G     77.0G  43% /tmp/mnt/storage/media

Things will look more nicer! Now, let’s make aliases for opt and media folders by symlinking them to root. Make sure your system don’t have any important data at /opt as we’re going to delete it. Now, open /mnt/config/boot/bootstrap.sh file and modify it to look as following:

#!/bin/sh
# Turn on swap partition
swapon /dev/sda2

# symlink optware and media folders
rm -rf /opt
ln -s /tmp/mnt/storage/opt /opt
ln -s /tmp/mnt/storage/media /media

Now reboot, and ensure that there are valid /opt and /media symlinks at root path.

Optware installation

Finally we’re ready to install additional software. Create optware installation script at /opt/install.sh:

#!/bin/sh
# Source code: http://www.nslu2-linux.org/wiki/Optware/HomePage
feed=http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/unstable/
# install ipkg
ipk_name=`wget -qO- $feed/Packages | awk '/^Filename: ipkg-opt/ {print $2}'`
/usr/bin/wget "$feed/$ipk_name"
/bin/tar -xOvzf $ipk_name ./data.tar.gz | tar -C / -xzvf -
mkdir -p /opt/etc/ipkg
echo "src cross $feed" > /opt/etc/ipkg/feeds.conf

# install uc-libC
ipk_name=`wget -qO- $feed/Packages | awk '/^Filename: uclibc-opt/ {print $2}'`
/usr/bin/wget "$feed/$ipk_name"
/bin/tar -xOvzf $ipk_name ./data.tar.gz | tar -C / -xzvf -

To do that you may should use vi editor which is available by default. Ensure that the file is executable and run it:

tangox[~] chmod +x /opt/install.sh
# run it
tangox[opt] ./install.sh

Connecting to ipkg.nslu2-linux.org (140.211.169.161:80)
ipkg-opt_0.99.163-10 100% |*************************************************************************************************************| 75831  00:00:00 ETA
./
./opt/
./opt/bin/
./opt/bin/ipkg
./opt/bin/ipkg-opt
./opt/bin/update-alternatives
./opt/etc/
./opt/etc/ipkg.conf

.....................................

Connecting to ipkg.nslu2-linux.org (140.211.169.161:80)
uclibc-opt_0.9.28-13 100% |*************************************************************************************************************|   832k 00:00:00 ETA
./
./opt/
./opt/etc/
./opt/lib/
./opt/lib/ld-uClibc-0.9.28.so
./opt/lib/ld-uClibc.so.0
./opt/lib/libc.so

......................................................

If you’ve been observing messages above chances are high that you now have a working skeleton of optware system.
Let’s check this by typing:

tangox[opt] /opt/bin/ipkg --version
ipkg version 0.99.163

This means that package management system has been installed and works fine. From this time on you have the ability to install tons of additional linux software precompiled for MIPS architecture! You may get the list of available software by typing ipkg --list, and we’ll continue our tuning process.

Fix PATH variable

Let’s make using optware more convenient, open /mnt/config/boot/bootstrap.sh and add following lines:

# fix PATH for new packages
echo "export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/bin/X11:/usr/local/bin" >> /root/.bashrc
echo "export PATH=/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/bin/X11:/usr/local/bin" >> /etc/profile

Optware autostart hack

In order to autostart all neccessary services we’re going to do some additional hacking. At first, it seems that adding call of autostart script to /mnt/config/boot/bootstrap.sh will do the trick, but after numeruos attempts to do just that things didn’t work. My guess is that at /mnt/config/boot/ stage external storage is not mounted yet, so everything under /opt is not available.

To overcome that, I’ve managed to create a bit ugly, but working solution, i.e. to autostart services using crond, which is available by default on device. The idea is simple: start optware only once, and if it is started already just do nothing. Let’s write some scripts to achieve that.

Create /opt/etc/rc.optware file with following contents:

#!/bin/sh
# Start all init scripts in /opt/etc/init.d
# executing them in numerical order.
for i in /opt/etc/init.d/* ;do

    # Ignore dangling symlinks (if any).
    [ ! -f "$i" ] && continue

    case "$i" in
       *.sh)
        # Source shell script for speed.
        (
            trap - INT QUIT TSTP
            set start
            . $i
        )
        ;;
       *)
        # No sh extension, so fork subprocess.
        $i start
        ;;
    esac
done

Create /opt/etc/optware-cron.sh with following contents:

#!/bin/sh
# After reboot this file will be absent!
FLAG_FILE=/var/run/optware.started

# if file not found, run optware
if [ ! -f $FLAG_FILE ]; then
 touch $FLAG_FILE
 /opt/etc/rc.optware
fi

Make sure both files are executable:

tangox[opt] chmod +x optware-cron.sh rc.optware

Open our /mnt/config/boot/bootstrap.sh file and add following lines:

killall crond
echo "*/1 * * * * /opt/etc/optware-cron.sh" >> /tmp/cron/crontabs/root
/usr/sbin/crond

This will modify crond config during startup and will make sure that optware-cron.sh file will be launched once per every minute.

Reboot your dune and ensure that everything works fine. Next, we’re going to add some useful software like transmission!

Install transmission

tangox[opt] ipkg install transmission

Let’s create startup script for Transmission daemon, open /opt/etc/init.d/S60transmission and type in:

#!/bin/sh
# Exit if the package is not installed
test -f /opt/bin/transmission-daemon || exit 0

function start_daemon() {
    /sbin/start-stop-daemon --start --quiet --exec /opt/bin/transmission-daemon  --auth --config-dir=/opt/etc/transmission/ --username="your_username" --password="your_password" --download-dir=/media/ --allowed=* --logfile=/opt/var/log/transmissiond.log
}

case "$1" in
  start)
    echo  "Starting transmission-daemon"
    start_daemon
    ;;
  stop)
    echo  "Stopping transmission-daemon"
    /sbin/start-stop-daemon --stop --quiet --exec /opt/bin/transmission-daemon
    ;;
  restart)
    echo -n "Stopping transmission-daemon"
    /sbin/start-stop-daemon --stop --quiet --exec /opt/bin/transmission-daemon
    for i in 1 2 3 ;
    do
        sleep 1
        echo -n "."
    done
    echo  "Restarting transmission-daemon"
    start_daemon
    ;;
  *)
    echo "Usage: /opt/etc/init.d/S60transmission {start|stop|restart}"
    exit 1
esac

exit 0

Don’t forget to make this script executable and make sure you provide valid your_username and your_password. Verify that transmission daemon works by typing in the terminal:

tangox[opt] /opt/etc/init.d/S60transmission start
tangox[opt] ps -Af | grep trans
 1500 root       0:04 /opt/bin/transmission-daemon --auth --config-dir=/opt/etc/transmission/ --username="your_username" --password="your_password" --download-dir=/media/ --allowed=* --logfile=/opt/var/log/transmissiond.log

If everything went fine the last command should output transmission process running in the background, you might also observe it by running top command.

Reboot your dune once again, open your favorite web browser and point it to http://dune_ip:9091 you should see basic auth dialog from your Transmission web interface. From this point you’re free to download any torrent media which will be instantly accessible for playback once completed.

Some useful tips

1) I would highly recommend desktop client for transmission called Transmission Remote GUI it has more control and features than default web interface.

2) Find out power management section in main dune menu and set sleep mode to never. You need your device to be online 7×24 don’t you?

3) Install openssh tools, setup public key based authentication and turn off passwordless telnet to increase security

How to setup TimeMachine on a network drive with disk quota

bananos — Wed, 17 Oct 2012 21:45:37 +0000

Well, once you bought your NAS or configured a dedicated PC with network drive you’ll obviously want to setup Time Machine. The problem is, once configured to backup to a networked drive your TimeMachine will eat all available space.

For those lucky ones, who shared a dedicated disk partition on their drive — there’s no problem at all. But I was not one of them. Recently, I’ve purchased a used Buffalo LS-WXL Linkstation duo inserted two new 1TB drives and configured it as a RAID0 array. As a result, almost whole 2Tb partition became available for sharing — despite how hard I tried to figure out xfs quotas on target partition, no success.

Well, there are bad and good news.

The good news is that you may limit your Time Machine disk quota by using something called sparse disk bundles.
The bad news is that you’ll need root access to your NAS in order to apply permissions hack to make it work with latest versions of Time Machine

Let’s proceed!

Create sparse bundle on your mac

Open terminal, and create 1024g sparse disk:


# Get the MACADDR of network port
$ MAC=$(ifconfig en0 | perl -ne 's/.*ether (\w+:\w+:\w+:\w+:\w+:\w+).*/$1/ && s/://g && print;')
$ echo $MAC
001122334455

# Create name of sparsebundle
$ SBNAME=$(hostname)_$MAC.sparsebundle
$ echo $SBNAME
amber_001122334455.sparsebundle

# Create sparse image
# You should modify 1024g to the size of your maximum Time Machine backup size.
$ hdiutil create -fs HFS+J -size 1024g -type SPARSEBUNDLE -volname "Time Machine" $SBNAME
$ ls $SBNAME
Info.bckup    Info.plist    bands        token

Once this is done, copy sparse bundle directory into your network volume:


# mine network disk is called /Volume/tm
$ cp -R $SBNAME /Volumes/tm

Create a separate user for TimeMachine

It is a good practice to create a special user specifically for network drives that will be used for TimeMachine backup.

I called mine tm:

Apply hack with access rights

On MacOS X versions prior to 10.6.3, this step would be not necessary, but on latest versions TimeMachine automatically resizes your sparse bundle to occupy the whole space. We’ll deny it using access rights hack.

To be able to continue, you should access your NAS using root credentials.


# login to your NAS via ssh
$ ssh -i ~/.ssh/my.key root@nas
Warning: Permanently added 'nas,192.168.1.227' (RSA) to the list of known hosts.
Last login: Wed Oct 17 19:35:37 2012 from amber

# go to the destination of your shared network volume
root@NAS:~$ cd /mnt/array1/tm/

# check out that sparse bundle has been successfully copied
root@NAS:/mnt/array1/tm$ ls -l
drwxrwsrwx    4 tm       hdusers      4096 Oct 17 19:08 amber_001122334455.sparsebundle/

The main idea behind access right hack is pretty simple: deny TimeMachine user from write access to specific files:


# Give read-only access for tm user
root@NAS:/mnt/array1/tm$ cd amber_001122334455.sparsebundle
root@NAS:/mnt/array1/tm/amber.sparsebundle$  chown root:root Info.*
root@NAS:/mnt/array1/tm/amber.sparsebundle$  chmod a+r-w Info.*

# Check access rights:

root@NAS:/mnt/array1/tm/amber.sparsebundle# ls -l
-r--r--r--    1 root     root          500 Oct  9 20:36 Info.bckup
-r--r--r--    1 root     root          500 Oct  9 20:36 Info.plist
drwxrwsrwx    3 tm       hdusers   1155072 Oct 17 19:08 bands/

Configure TimeMachine

The last step is to configure TimeMachine to backup to network disk. It’s the same process as with usual hdd.

Once TimeMachine is configured, let’s verify that it is backing up normally and will not occupy the whole disk space.

Open Spotlight and type Console — a special program to see your software logs. Matching string for TimeMachine will be backupd

At the console logs you should see something like this:


10/9/12 8:39:36.012 PM com.apple.backupd: Starting standard backup
10/9/12 8:39:36.026 PM com.apple.backupd: Attempting to mount network destination URL: afp://tm@NAS._afpovertcp._tcp.local/tm
10/9/12 8:39:36.480 PM com.apple.backupd: Mounted network destination at mountpoint: /Volumes/tm-1 using URL: afp://tm@NAS._afpovertcp._tcp.local/tm
10/9/12 8:39:53.925 PM com.apple.backupd: Resizing backup disk image from 1024.0 GB to 1834.2 GB
10/9/12 8:39:53.938 PM com.apple.backupd: Could not resize backup disk image (DIHLResizeImage returned 35)
10/9/12 8:39:53.939 PM com.apple.backupd: Renaming /Volumes/tm-1/amber_c82a141a607c.sparsebundle to /Volumes/tm-1/amber.sparsebundle
10/9/12 8:39:53.971 PM com.apple.backupd: Running backup verification
10/9/12 8:39:55.349 PM com.apple.backupd: QUICKCHECK ONLY; FILESYSTEM CLEAN
10/9/12 8:40:57.454 PM com.apple.backupd: Backup verification passed!
10/9/12 8:40:58.953 PM com.apple.backupd: QUICKCHECK ONLY; FILESYSTEM CLEAN
10/9/12 8:41:01.105 PM com.apple.backupd: Disk image /Volumes/tm-1/amber.sparsebundle mounted at: /Volumes/Time Machine
10/9/12 8:41:01.113 PM com.apple.backupd: Backing up to: /Volumes/Time Machine/Backups.backupdb
10/9/12 8:41:01.117 PM com.apple.backupd: Ownership is disabled on the backup destination volume.  Enabling.
10/9/12 8:41:12.304 PM com.apple.backupd: Backup content size: 95.2 GB excluded items size: 18.1 GB for volume sys
10/9/12 8:42:20.556 PM com.apple.backupd: Backup content size: 668.6 GB excluded items size: 248.4 GB for volume storage
10/9/12 8:42:20.564 PM com.apple.backupd: 596.84 GB required (including padding), 1023.05 GB available
10/9/12 8:42:20.616 PM com.apple.backupd: Waiting for index to be ready (101)

The message we’re most interested in is com.apple.backupd: Could not resize backup disk image (DIHLResizeImage returned 35), which means that our access rights hack worked and TimeMachine will be limited by 1024GB.

However, reporting will show you the whole disk size as available — don’t be confused by this:

Related info

Installing OpenVZ on Amazon EC2

bananos — Thu, 01 Dec 2011 13:49:27 +0000

Imagine, that your system is pretty complicated and consists of a number of components, each deployed into separate machine. For development & testing needs it’s always too costly to keep up & running all these machines. It’s not that as easy to make modification into your system structure, i.e. adding new machines with different roles, etc.

One solution is to virtualize all your stuff & isolate environment of each component. An easy way would be to buy a hardware & setup hardware virtualization such as XEN for instance, but there is more popular approach — using Amazon EC2 cloud services.

In this post I’m going to show you how to setup OpenVZ virtualization on Amazon EC2 node (which, actually itself is virtualized XEN node)

We’re going to use as a base a CentOS 5.6 Amazon image with pv-grub enabled (this is required to be able to boot into custom kernel)

Ok, from the AWS console start CentOS 5.6/x64 (centos-5.6-64bit-ebs-pvgrub / ami-a14f1ce4), obtain public DNS name & make sure that default ssh 22 port is enabled:


ssh -i ~/aws_ssh.key root@ec2-50-18-60-65.us-west-1.compute.amazonaws.com

Install OpenVZ & some dependencies


yum -y install gcc.x86_64 gcc-c++.x86_64 java-1.6.0-openjdk iptables openssl-devel zlib-devel pkgconfig glib2-devel

#Open VZ, Install XEN-compatible kernel!
wget -O /etc/yum.repos.d/openvz.repo http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
yum --enablerepo=openvz-kernel-rhel5 -y install ovzkernel-xen.x86_64 ovzkernel-xen-devel.x86_64 vzctl.x86_64 vzquota.x86_64

Override some kernel parameters


echo "net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.accept_source_route = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296" > /etc/sysctl.conf
# reload from disk
sysctl -p

#Substitute default kernel by OpenVZ
sed -i 's/kernel/ovzkernel/' /etc/sysconfig/kernel

Install ntpd

This will help to sync time between all virtual machines.

yum install -y ntp.x86_64
/usr/sbin/ntpdate 0.rhel.pool.ntp.org europe.pool.ntp.org
# start on next boot
chkconfig ntpd on

Enable rpmforge repo

Chances are pretty high that you’ll want something from this repo (latest git for example), so you’d better install it now.

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget -O /tmp/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -Uvh /tmp/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
yum -y install --enablerepo=rpmforge git.x86_64

Setup firewall

#Setup firewall
echo "*filter" > /etc/sysconfig/iptables
echo "COMMIT" >> /etc/sysconfig/iptables

Install OpenVZ kernel to boot by default

For some reason, yum install process does not add OpenVZ kernel into grub bootlist, therefore we’re doing it manually:

WP_GFM HttpError: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Check your /boot/grub/menu.lst, it should look like following:

default=1
title centos5.6
  root (hd0)
  kernel /boot/vmlinuz-2.6.18-238.5.1.el5xen root=/dev/sda1
  initrd /boot/initrd-2.6.18-238.5.1.el5xen.img

title CentOS-openvz-xen
  root (hd0)
  kernel /boot/vmlinuz-2.6.18-274.3.1.el5.028stab094.3xen root=/dev/sda1
  initrd /boot/initrd-2.6.18-274.3.1.el5.028stab094.3xen.img

Reboot and then login again to check that you’re on OpenVZ kernel:


ssh -i ~/aws_ssh.key root@ec2-204-236-152-176.us-west-1.compute.amazonaws.com
Last login: Tue Nov 29 05:34:50 2011 from 94.45.135.130
[root@ip-10-176-46-67 ~]# uname -a
Linux ip-10-176-46-67 2.6.18-274.7.1.el5.028stab095.1xen #1 SMP Mon Oct 24 21:00:35 MSD 2011 x86_64 x86_64 x86_64 GNU/Linux

Download & install OpenVZ CentOS5 template:

wget http://download.openvz.org/template/precreated/centos-5-x86_64.tar.gz

#Symlink OpenVZ CentOS template
[ -d /vz/template/cache ] || mkdir -p /vz/template/cache
ln -s /root/centos-5-x86_64.tar.gz /vz/template/cache

Create your first OpenVZ container(VM)

vzctl create 101 --ostemplate centos-5-x86_64 > /dev/null
vzctl set 101 --ipadd 10.0.102.101 --save > /dev/null
vzctl set 101 --nameserver 8.8.8.8 --save > /dev/null
vzctl set 101 --name "APP1" --save > /dev/null
vzctl set 101 --onboot yes --save > /dev/null

Try to login into APP1 shell:

vzctl enter 101

At this point, if you was able to create APP1 container, you can setup other components of your system — Database, Cache server, whatever you want.

Setting up NGINX SSL reverse proxy for Tomcat

bananos — Fri, 25 Nov 2011 13:39:27 +0000

Setting up Tomcat in some cases can be pain in the ass, especially when your application is pretty complex, in terms of large number of upstream servers which you all want to proxy via SSL.

In my case, I was playing around with Shindig — an OpenSocial container, which itself is a Java servlet delivered via Apache Tomcat server.

The goal was to reverse proxy Shindig through SSL, i.e. it should be able to access it via

https://localhost/gadgets/

with localhost being served by Nginx.

Initial schema

Initial nginx config


daemon off;

worker_processes  2;
error_log /var/log/nginx_error.log info;
user bananos staff;

events {
    worker_connections  1024;
}

http {
    include /opt/nginx/conf/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
    ignore_invalid_headers on;
    index index.html;
    client_header_timeout 240;
    client_body_timeout 240;
    send_timeout 240;
    client_max_body_size 100m;
    proxy_buffer_size 128k;
    proxy_buffers 8 128k;

    upstream tomcat_server {
	# Tomcat is listening on default 8080 port
        server 127.0.0.1:8080 fail_timeout=0;
    }

    server {
        server_name localhost;
        listen 443;

        ssl on;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        #make sure you already have this certificate pair!
	ssl_certificate /var/certs/server.crt;
        ssl_certificate_key /var/certs/server.key;
        ssl_session_cache shared:SSL:10m;

	# www-root, we're serving static files from here, accessible via https://localhost/
        location / {
            root  /var/www;
            index index.html index.htm;
        }

	# Our endpoint for tomcat reverse-proxy, assuming your endpoint java-servlet knows
	# how to handle http://localhost/gadgets  requests
        location /gadgets {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
	    proxy_set_header X-Forwarded-Proto https;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            # note, there is not SSL here! plain HTTP is used
	   proxy_pass http://tomcat_server;
        }
     }
}

Tomcat config

And here the magic begins, the main point to not miss here is

Tomcat needs to be explicitly told that it’s being proxied through 443(SSL) port!

Here is a sample Tomcat config which is usually found at


{$CATALINA_HOME}/conf/server.xml







  
  
  
  
  
  
  
  
  

  


    


  
  

    
    

    
    proxyPort="443"
               scheme="https"
                />

As it turned out proxyPort property was the key to proxying Tomcat via Nginx.