Category: Technology

December 11, 2019

External Access to libvirt VMs

Instead of trying to map individual ports over to guest OS’s, I am just routing traffic to the VM bridge from the host.

Testing to ensure it works:

systemctl start firewalld
firewall-cmd –direct –passthrough ipv4 -I FORWARD -i br5 -j ACCEPT
firewall-cmd –direct –passthrough ipv4 -I FORWARD -o br5 -j ACCEPT
firewall-cmd –reload

Permanent setup:

systemctl enable firewalld
firewall-cmd –permanent –direct –passthrough ipv4 -I FORWARD -i br5 -j ACCEPT
firewall-cmd –permanent –direct –passthrough ipv4 -I FORWARD -o br5 -j ACCEPT
firewall-cmd –reload

Then I just added a static route for the network defined on br5 to the VM host.

December 10, 2019

Migrating from Hyper-V to libvirt

We finally got a new server, and I’m starting to migrate our servers to the new box. We currently have a Windows virtualization platform (Hyper-V) — Windows Data Center edition was supposed to provide unlimited licenses for standard servers running on the host, so it seemed like a great deal. Except “all of the Windows servers” turned out to be, well, one. So we decided to use Fedora on the host. Worst case, that would mean re-installing a few servers. But I wanted to try converting the existing Hyper-V VMs.

Install libvirt and associated packages:

dnf -y install bridge-utils libvirt virt-install qemu-kvm virt-top libguestfs-tools qemu-img virt-manager

Start libvirtd and set it to auto-start on boot:

systemctl start libvirtd
systemctl enable libvirtd

Create an XML file with the definition for a new bridge:

[root@localhost ~]# cat br5.xml

Build a new bridge from this definition and set it to auto-start on boot:

[root@localhost ~]# virsh net-define br5.xml
Network br10 defined from br5.xml

[root@localhost ~]# virsh net-autostart br5
Network br5 marked as autostarted

Verify the network is running and set to auto-start

[root@localhost ~]# virsh net-list –all
Name State Autostart Persistent
———————————————-
br5 active yes yes

View the IP address associated with the bridge:

[root@localhost ~]# ip addr show dev br5
5: br5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:33:3f:0c brd ff:ff:ff:ff:ff:ff
inet 10.1.2.1/24 brd 10.1.2.255 scope global br10
valid_lft forever preferred_lft forever

Copy the VHDX from Hyper-V to the Linux host and convert it to a qcow2 image:

qemu-img convert -O qcow2 fedora02.vhdx fedora02.qcow2

If needed, sysprep to clean up system SSH host keys, persistent network MAC configuration, and removing user accounts.
virt-sysprep -a fedora02.qcow2

When finished, use virt-manager to create a host by importing an existing HDD. Provided the drive type remains the same (SATA, in my case), the server boots right up.

December 10, 2019

MS Teams on Linux

RPM and DEB packages appeared on the Teams download site —https://teams.microsoft.com/downloads#allDevicesSection — I haven’t installed it yet, but I’ll probably get it installed this evening to check it out.

December 9, 2019

Strange Windows 10 / MS Paint Bug

My arrow keys were moving my mouse pointer. And, unlike all of the search results which said I had turned on some ease-of-use feature …

It seems like there is an odd bug between Windows 10 build 1903 and MS Paint. I had a pbrush window open and had selected some of the image (something I was pasting into a usage document). Somehow the “arrow keys move this selection around in pbrush” translated into the arrow keys moving my mouse pointer around everywhere else. Simply closing pbrush sorted the problem.

It’s not something I can reproduce at will — opening pbrush, pasting in whatever screen shot I’ve got in my clipboard, selecting and grabbing a section of it … and the arrow keys are not moving the mouse pointer. But some combination of this process has, twice today, caused the arrow keys to move the mouse pointer. At least it’s an easy fix 🙂

December 9, 2019

Git: Using Soft Reset To Clean Up Un-pushed Commits

I missed a file when I was cleaning up debugging lines. I made the change and included it in a second commit, but I’d rather not have two commits for the same purpose. I hadn’t pushed my changes yet, so these commits only exist on my workstation … which means I can reset and bundle the changes into a single commit.

Find commit number that is one before the duplicate debug logging cleanup — this is the point to which you want to reset. In my case, it is the commit start with b443348c

Reset there with “–soft” — this doesn’t change anything on the file system (i.e. I don’t have to clean up those debug lines again) but puts the changes back into the staging area.

Now those files are staged again, so I can make a single commit for removing debug logging from my code.

Voila! I can push these changes and not clutter our history with my error.

December 6, 2019

Did you know you can control who can present during a Teams Meeting?

Did you know you can control who can present during a Teams Meeting? As of Dec 2019, you can!

There were a few cool Teams features that, when used inappropriately, disrupt the meeting. Anyone can mute other attendees — great when I notice someone is taking another call and can mute them; not great if I accidentally mute the presenter. Anyone can share their screen — great when we’re taking turns showing something and don’t need to transfer control; not great when you accidentally share your screen in the middle of someone’s presentation. And this occurs during meetings among respectful, professional business associates. The amount of control individual meeting participants get invite goofing off (while you can tell who just took over presenting, you cannot tell who just muted you for the seventh time).

Microsoft has introduced “roles” for meetings. As the meeting organizer, you can establish who has what role. By default (i.e. when you don’t define any roles), everyone can do everything. But, after you create the meeting, you can edit it and select “Meeting Options”

Two options will be presented — you can control who can bypass the lobby (avoid having external parties waiting if you anticipate their attendance) and define who can present. The terminology is a bit odd here, but this is the selection that defines who has what roles within a meeting.

As the person who scheduled the meeting, you are the organizer — you can elect to only allow yourself to present. If you select to allow “Specific people” or “People in my organization” to present, they are assigned the “presenter” role. Everyone else is an “attendee”. What can a presenter or attendee do? Consult the MS documentation for a complete list. The big ones, though … an attendee cannot share their screen. The option is grayed out, and they’ll be advised that only organizers and presenters can share.

Attendees cannot start or stop recording — the option, again, is grayed out.

And attendees cannot mute or unmute anyone through the participant listing. This means they cannot mute someone else — the microphone icon will disappear when they put their mouse over it. But it also means they cannot mute or unmute themselves here. They will need to use the meeting control bar to mute or unmute.

What if you’ve restricted someone as an attendee and need them to share their screen? You can modify their role in the participant listing — mouse over their listing and use the ellipsis to select “More options” and select “Make presenter” (or, if you wish to demote a presenter to attendee status, select “Make attendee”).

December 6, 2019

Displaying An Image Tooltip

JQuery developers seem to have put a lot of effort into filtering HTML components out of tooltips … which, as someone who visits a website … is A Good Thing. But what’s a good security consideration can be a massive pain when building a website. I have a form which takes an internal ID number, and I have an image showing people how to find that internal ID number. I want a little question mark after the field name that pops up the image as a tooltip on mouseover events. And clears the image on mouseout.

JavaScript:

// Show finding equipment ID image "tooltip" 
$('#ShowEquipmentIDTip').hover(
	function(){
        	$('#FindingEID').css({ "display": "block" });
    	}
	,function(){
        	$('#FindingEID').css({ "display": "none" });
    	}
);

HTML:

<div class="col-md-2 col-sm-2 col-lg-2 col-xs-2 text-left">
	<span><strong>Equipment ID(s): <a id="ShowEquipmentIDTip" href="#">(?)</a></strong></span>
	<div id="FindingEID" style="position: relative;top: 20;left: 60;width: 100%;height: 100%;z-index:99;display:none"><img src="/groomsGenerateCircuitReport/images/Tip-FindingEquipmentID.png" /></div>
</div>

Moving your mouse over the ShowEquipmentIDTip a element displays the div which contains my image “tooltip” and moving the mouse away sets the display back to none.

November 29, 2019

Recovering a bricked Netgear router

Netgear provides instructions for using TFTP to write firmware to a basically bricked router (it boots into a recovery mode, indicated by a flashing power light). The instructions are, unfortunately, specific to Windows. To use a Linux computer to recover the router

(1) Plug your computer into the router & unplug everything else, as in the instructions. Hard-code an IP address. Then verify that the router shows up in your arp table:

arp -a

If the router does not appear, add it — you’ll need to get the device MAC address from the sticker on the back of the device.

arp -s 192.168.1.1 ??-??-??-??-??-??

(2) If you don’t already have a TFTP client, install one. Once you have a client, follow the instructions to get the router into recovery mode. On the Linux computer, run “tftp 192.168.1.1”

You’ll be in a TFTP console. Type binary and hit enter to set the transfer mode to binary. Then use put /path/to/file.name to upload the firmware file to the device. Wait and proceed with device setup.

November 27, 2019

Shell Script: Path To Script

We occasionally have to re-home our shell scripts, which means updating any static path values used within scripts. It’s quick enough to build a sed script to convert /old/server/path to /new/server/path, but it’s still extra work.

The dirname command works to provide a dynamic path value, provided you use the fully qualified path to run the script … but it fails spectacularly whens someone runs ./scriptFile.sh and you’re trying to use that path in, say, EXTRA_JAVA_OPTS. The “path” is just . — and Java doesn’t have any idea what to do with “-Xbootclasspath/a:./more/path/goes/here.jar”

Voila, realpath gives you the fully qualified file path for /new/server/path/scriptFile.sh, ./scriptFile.sh, or even bash scriptFile.sh … and the dirname of a realpath is the fully qualified path where scriptFile.sh resides:

#!/bin/bash 
DIRNAME=`dirname $(realpath "$0")`
echo ${DIRNAME}

Hopefully next time we’ve got to re-home our batch jobs, it will be a simple scp & sed the old crontab content to use the new paths.

November 22, 2019

Memory upgrade on Flex 3 1580

The vendor specs for a Lenovo Flex 3 1580 say it supports up to 8GB of RAM. There are some forum threads that say the D3CN35WW BIOS update supports up to 16GB, but the vendor spec hasn’t been updated so it’s chancy. I finally decided to chance it – I’ve got a few Docker VMs that I use for development, a Citrix published app that I need to access, and I like to have a dozen tabs open in Firefox. All of this means that I regularly run out of memory.

I ordered a 16GB module from Amazon, installed it … and

It works!