lannycox.com

I recently ran into an odd GRUB-related issue after using Macrium Reflect to clone a 120GB SSD containing a Linux Mint install to a larger 250GB drive.

Any attempt to update or install packages returned the following error from the package manager –

Setting up grub-efi-amd64-signed (1.187.6+2.06-2ubuntu14.4) ...
mount: /var/lib/grub/esp: special device /dev/disk/by-id/ata-Samsung_SSD_850_EVO_120GB_S21TNSAG124403L-part2 does not exist.
dpkg: error processing package grub-efi-amd64-signed (--configure):
installed grub-efi-amd64-signed package post-installation script subprocess returned error exit status 32

In addition to the obvious hassle of pop-up errors from the graphical update manager, this also affected my ability to install some additional software that relied on the package version in question. It needed to be fixed, and a wipe-and-load didn’t sound like a pleasant option.

A bit of research into the specific error code being thrown revealed that the issue likely related to the ESP (EFI System Partition) flag not being set on the new, cloned boot drive for the Linux installation.

Off to parted we go –

Yeah, there it is. Let’s select the drive and set the ESP flag –

(parted) select /dev/sde
Using /dev/sde

(parted) set 1 esp on
(parted) p

Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sde: 250GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Disk Flags:

Number Start End Size File system Name Flags
1 1049kB 250GB 250GB ext4 boot, esp

(parted) quit
Information: You may need to update /etc/fstab.

This was followed by a sudo apt –fix-broken install to get the troublesome package installed and configured. This returned two ncurses-style screens, one of which essentially confirmed the cause of my issue –

 The second was a warning message that didn’t seem to make a difference in the end –

I’m uncertain why I saw the second error, as GRUB seemingly worked fine from the specified device after a quick reboot to ensure I hadn’t unintentionally wrecked my boot drive.

I’m curious whether this whole mess could’ve been avoided by doing a dd of the two drives instead of relying on Macrium Reflect (a convenient, yet hefty, pricey and proprietary piece of work in itself). There’s something to be said about using the right tool for the job..

With the growing popularity and computing power of the Raspberry Pi single-board computer, many engineers and vintage computer enthusiasts have begun exploring the Pi’s viability as an emulator for legacy minicomputer and mainframe systems. The open nature of the platform’s hardware and software lend itself well to emulation projects, and the board’s GPIO connector allows for a wide variety of interfacing possibilities for peripherals and I/O.

The PiDP-8 kit from Oscar Vermeulen takes advantage of these features by making use of a Raspberry Pi, the SimH emulator software, and a wooden enclosure with LEDs and switches to simulate the DEC PDP-8/I front panel and run the PDP’s OS-8 operating system.

First Impressions

Shipping was quick! The kit found its way from Europe to North America within 3 days, even with a local holiday adding to the turnaround time. The contents were packaged impeccably, with the acrylic front panel covered in protective film to prevent damage. The parts I received were all high-quality, and there were no cosmetic defects or faulty components to be found.

The kit does not include a Pi, but supports all models with the exception of the now-antiquated Pi A and Pi B. I used a spare Pi 3B as I wanted to take advantage of the “glow” effect on the front panel LEDs to simulate the PDP-8/Is incandescent lamps –  this feature was not supported on the lower-cost Pi Zero and Zero W.

Preparing the Pi

Material satisfaction aside, it’s vital to note that the PiDP-8’s SimH emulator doesn’t require a front panel to work, and the simulated PDP-8 system can be used in a Linux terminal session on a bare Pi. Initial configuration is a simple process, especially if you have a little experience with the Raspbian setup utility. I used Balena’s Etcher utility on a Windows laptop to write the pre-fab PiDP-8 image to a Micro-SD card, though the software can also be manually installed on an existing Raspbian system if necessary. Once the SD card was prepared, I connected a HDMI monitor and USB keyboard to the Pi, logged in, and changed the default password for the pidp8i user account.

Next, a little work was needed to enable remote access. The sudo dpkg-reconfigure openssh-server command generated SSL keys, and the raspi-config utility was used to enable the SSH service and configure the Pi’s Wi-Fi connection. I also took this opportunity to name the host and edited /boot/config.txt to disable the Pi 3’s persistent undervoltage warnings, as I wasn’t concerned that my power supply would perform poorly with the device given the low power requirements of my application.

Spacers, Switches, Soldering, Satisfaction

With the Pi setup complete, I set it aside and began work on the front panel PCB. Populating the PCB, while not particularly difficult in general, was admittedly a bit of a tedious journey. To put an optimistic spin on the process, less-experienced hobbyists should look at this as a great opportunity to develop basic kit assembly skills by repetition. Bending pins, aligning components, double-checking polarity, soldering, snipping, and testing continuity are all covered along the way.

Diodes and resistors came first – 27 and 15 of each, respectively. I made sure to populate the diodes as instructed by the polarity markings printed on the PCB. I also used a strip of masking tape to help hold these components in place before soldering, as the pins are thin and slip out of the PCB easily.

Next, I set about populating the LEDs, which are supported by an assortment of thin plastic spacers. Again, there are a lot of LEDs to solder (89 in total), and care must be taken to ensure that their polarity is correct. The kit includes an LED cover bracket that helped ensure proper spacing and alignment.

I followed up by installing the IC socket and GPIO pin header that connects the Pi and PCB. I’d recommend a little clear tape over the IC socket before soldering the first few pins, similar to that used with the diodes and resistors, as it’ll slip out of the PCB otherwise. The GPIO header was an easy solder job with its thicker pins, despite its smaller pin spacing.

Mounting the Pi was easy enough, though it was a bit difficult to affix the plastic mounting nuts onto their stand-offs. I suspect the threads were a little off, as I did have to use more force than expected.

Time for an LED test! It looked really cool, worked on the first try. and I was overly pleased with myself (don’t worry – my ego will be deflated before long).

Positioning and soldering the switches was by far the most difficult step in assembly. Some of the thicker mounting pins were bent slightly, and I had to straighten most of the switches using a pair of needle-nose pliers before affixing them to the PCB. Though the official instructions recommend soldering only one of the mounting pins and the three leads, I’d recommend soldering all mounting points on the PCB to add stability.

Final Touches

With the board assembled, it was time to connect the Pi and place the kit in its wooden case. I drilled a hole about 1.5cm in diameter through which I threaded the USB Micro-B cable used to power the Pi. I intended to keep my back panel as simple as possible, and this was the only cable used, though there are a multitude of options for Ethernet connectivity, serial console connections, removable connectors/cables, and almost any peripheral one could imagine to interface with the Pi.

Finally, I affixed a couple of small wooden support blocks to the inside of the case, drilled a few mounting holes, screwed the  PCB assembly into the holes, and laid the acrylic front panel into the case. Project complete!

I then realized I had removed the LED cover bracket and forgotten to re-affix it before I finished the build. Oops. Can’t easily remove the front panel to get to it, either. Double oops. Luckily, it’s not an essential component, and the finished product still looks fine without it. I feel this highlights an important caveat of the project – the front panel is tension-fitted to the edges of the case, and it’s very difficult to remove without cosmetic damage once it’s attached. I decided against removing it and elected to leave my assembled kit as-is.

To conclude, this was a fun and functional build that can be used to teach basic kit-building skills, use of the Pi, as well as OS-8 and the PDP-8’s software environment. I won’t go too far into specifics, but there are a lot of fun games and utilities included on the disk images linked from the PiDP-8 site, and I’d highly recommend taking a look. Vermeulen offers a similar PiDP-11 kit that’s a little more pricey than it’s predecessor, but boasts a molded plastic case reflecting the 11’s more “space-age” aesthetic. I’ll be picking this kit up in the near future and hope to put together a similar review and build report once it’s assembled.

Obsolescence Guaranteed: PiDP-8/I (Official Website)

As part of a batch order through Digikey, I recently picked up SparkFun’s USB Breadboard Power Supply kit. This is a small and convenient drop-in module that connects to a breadboard and provides 5V and 3.3V power sources through a USB 2.0 Type-B connector.

Though I had a great time building and using this kit, I also wanted to provide an analysis of the circuit as I feel it could use some documentation for the novice kit builder at which it is targeted. While this is a fairly simple kit to work with, I had trouble finding step-by-step instructions and think it’s important for a kit of this sort to educate the builder while serving a practical purpose.

Here is the schematic provided by SparkFun:

Let’s start at the left side of the image with the USB input. The USB 2.0 standard specifies a power source of 5 volts at 500 milliamps. The 5 volt line is connected through an SPDT-style slide switch. The 2 data pins on the USB plug are left unconnected as they don’t serve a practical purpose in this circuit.

From here, we have two more components between the 5V input line and the LM317 input pin. R3 is a PTC-type resettable fuse – this is similar to a thermistor and serves as a protection mechanism for the circuit. If the amount of current delivered exceeds 500mA, R3 will cut the input line until the overcurrent is removed. Capacitor C1 then serves as a filter to cut high-frequency noise or “ripple” from the input power source.

The circuit centers around the LM317 voltage regulator. This 3-pin IC can output up to 1.5A of current at voltages ranging from 1.2V all the way up to 37V. In our application, it’ll accept the 5V source from the USB connector and output 3.3V from its output pin.

The LM317 uses two resistors labelled R1 and R2 to set the 3.3V output voltage. This voltage is determined by the formula V = 1.25V * (1+R2/R1). Substituting the values of our resistors, this gives us 1.25 * 1+(390/240), which equals 3.28125 volts, which is within a 1% tolerance of our target of 3.3V.

The resulting 3.3V line is then connected to two capacitors. C2 and C3 are 10uF and 0.1uF capacitors respectively and are intended to provide ripple rejection and improve transient response.

Completing the circuit, we have two more branches – one is to our power LED, which is marked as LED2 and is protected by a 330 ohm resistor labelled as R4. Finally, the other branch leads to JP3, which is our final 3.3V output.

I don’t have too much to say about the actual soldering process – it’s fairly straightforward and should be a reasonable challenge for a novice. I would mostly suggest being mindful of the orientations of the polarized components – those are the LM317 voltage regulator, power LED, and electrolytic capacitors. There are two helpful guides for placing the components, those being the schematics, and also the markings on the PCB.

Beyond the more obvious applications of this circuit, we should now also have a good idea of how this type of design could be adapted. For instance, we could swap the USB input with a 5V DC power supply connector, or we could alter the output voltage by replacing our two adjustment resistors with a pair using different resistance values. I suggest taking a look at the LM317 datasheet provided by Texas Instruments, as it provides some additional sample circuits and describes how this power supply could easily be converted to a battery charger with the addition of a shutoff transistor.

To sum up, this is a great starter kit with practical value that can be had for under 20 dollars. In my case, I already have a computer with a USB port sitting on my bench, so I no longer need to use up an AC outlet for a wall wart power supply. It’s great for anyone needing a quick 5V or 3.3V power source to their breadboard, and is an excellent way to learn about basic power supply design and the use of the LM317.

You can purchase the kit here – https://www.sparkfun.com/products/8376

I recently scheduled my RHCE exam for February, meaning I’ll be spending the next month studying the course material and ensuring I have the necessary skills under my belt. I had originally intended to complete the test last July, but suffered from burnout following an extended period studying for RHCSA and was forced to re-schedule.

IT certs and self-paced learning can be tricky. They require a strong time commitment and can often be overwhelming in their breadth. The educational market is flooded with 1000-page study guides for 20-objective simulation-based exams, and it’s sometimes difficult to separate the essential portions from the “fluff” or extraneous topics. Further complicating matters, test objectives may not always reflect the most common tasks for a sysadmin or engineer, leading to frustration and resentment over failed exams.

While I’m generally interested in the topics I study, I always find myself fighting distraction. Studying is rewarding, but it’s easy to get pulled astray by the instant gratification of unrelated reading, video games, and the like. Sometimes personal circumstances get in the way as well. This leads to under-preparedness, and if the student’s confidence isn’t there, the natural inclination is to re-schedule the exam rather than fall short and waste the money spent on registration.

Pacing is also important: over-studying can also be detrimental, and the student should ideally prepare with a degree of desperation and eagerness to learn in a short period. If I set my test date too far in the future, I’m more likely to skip study days and feel less motivated by the time the test rolls around.

I feel that personal accountability is the main tool to combat these challenges. Announce your intent to write an exam on a certain date to your friends, family, and boss. If possible, join a study group, or find others writing a similar exam and offer peer support. Many computer-based training sites will offer some sort of scheduling to go along with their course material – take advantage of this functionality, make a schedule, and hold yourself to it.

Past experience has shown me that a little luck goes a long way as well.

As a study aid, I’ll be adding a few short, RHCE-relevant articles in the next while. Though there’s no shortage of information on the exam topics available online, I still hope that they will be helpful to prospective students and sysadmins.

SSH is an important and commonly-used tool for remote shell access to Linux and Unix systems. This post will cover some tips for effectively using SSH and the closely-related SSHFS to run commands and access files on a remote host.

We’ll work with a pair of client and server computers running a Red Hat or Debian-based Linux distribution, then configure key-based authentication between the two. We’ll then use SSH to login to the server from the client (without using a password!), look at how we can run commands on our server without interactively logging in, then use SSHFS to remotely mount the server’s filesystem to our client computer. Most of the commands described will need to be run with superuser privileges, either by prefacing them with sudo or using the su command to switch to a superuser account.

Key-Based Authentication

First, we’ll want to ensure the SSH daemon is running on our server with the systemctl status sshd command. If the sshd service is not running or enabled, we may need to start it on a one-off basis (systemctl start sshd), enable it (systemctl enable sshd if we want the service to start persistently in the future when the server is rebooted), and/or install it (if it’s missing entirely – yum install openssh-server for Red Hat-based distros or apt install openssh-server for Debian-based distros should do the trick in this case).

Once we know the sshd service is running on the server, we can head back to our client to configure key-based authentication. This enables us to store a private encryption key on the client side, upload a corresponding public key to the server, then use these two keys to authenticate and communicate via SSH with the server.

The ssh-keygen command generates the private and public keys (using a random “seed” value), then prompts us to secure the key pair with a passphrase. This is not necessary, but can be used to provide an additional layer of protection.

user@CLIENTPC:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is: (fingerprint here)
The key’s randomart image is:
(randomart image here)

Next, we use the ssh-copy-id command to upload the public key to the server. The key is stored in the ~/.ssh/authorized_keys directory for the target user account on the server.

user@CLIENTPC:~$ ssh-copy-id user@SERVERPC
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/user/.ssh/id_rsa.pub”
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
user@SERVERPC’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘user@SERVERPC'”
and check to make sure that only the key(s) you wanted were added.

Once this is complete, we can edit the /etc/ssh/sshd_config configuration file on the server to enable authentication using a key pair without the use of a password. This carries the advantage of preventing unauthorized individuals from logging into your account by guessing your credentials, as well as saving you the hassle of remembering an extra password.

The lines to change in the configuration files are as follows –

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Once these changes are saved, restart the sshd service using the systemctl restart sshd command to apply your changes. Future logins via SSH from your client machine to the corresponding account on the server will no longer require a password to be entered, as the client is authenticated and communications are encrypted using the private/public key pair.

It is important to note that this change affects all users, and key-based authentication will be required once these changes are made. If you lose your private key, you’re unable to log in via SSH until the config file on the server is edited to re-enable password authentication.

Remote Commands without Interactive Login

While SSH enables interactive login to a host machine, this isn’t always necessary or preferable. We may only need to quickly run a single command on a server, in which case we can pass it as part of our SSH connection string –

user@CLIENTPC:~ $ ssh user@SERVERPC echo “Hello World!”
Hello World!

Note that the output of the command is streamed to the console of the client machine specifically. For this reason, if I had passed ssh user@SERVERPC echo “Hello World!” > myfile, the “Hello World!” output would have been saved to a file called myfile on the client PC, not to the server.

At face value, this doesn’t seem to be much more than a marginal time-saver. However, this also enables us to script commands to be executed on a remote machine (or machines) in sequence. For example, I could write a script to query for free disk space on a series of servers and save the output to a single text file on my client machine.

SSHFS

One of my favorite SSH-related tools is SSHFS, which enables us to mount a remote server’s file system locally through SSH without the need for any additional file-sharing services such as NFS or Samba.

As this tool is separate from SSH, it usually isn’t installed by default on most distros. This can be resolved with yum install fuse-sshfs on Red Hat-based systems or apt install sshfs on Debian systems.

Once SSHFS is installed on the client, we should first create a mount point (ex. mkdir /mnt/mymountdir).

We then mount the remote target to our client PC. In its simplest form using the client and server examples mentioned above, the command would be as follows –

sshfs root@SERVERPC:/ /mnt/mymountdir/

This particular example enables us to mount an entire remote system to our client. However, we could also tailor our command to mount a more narrow portion of our filesystem such as a user’s home directory, if needed.

Once we’re done, we can unmount the filesystem with umount /mnt/mymountdir/ , as we would for any other mounted filesystem.

Though we’ll be prompted for a password in the example provided above, key-based authentication can be configured for SSHFS as well. Using this sort of authentication would also allow us to use SSHFS with the /etc/fstab file to automatically mount a filesystem at boot time, allowing for persistent file sharing over a local network or the Internet on any system supporting the SSH protocol.