Month: December 2019

Zoneminder, time zones, and php-fpm

I’m in the process of installing Zoneminder on our new server. It was a fairly straightforward process — stop Zoneminder on the old server, dump the SQL database, fix the DEFINER values since I’m using a central database server instead of a server on localhost, install Zoneminder, copy the config file, set up the database user, pull in the SQL file, and start it all up.

Visiting the website, I get “ZoneMinder is not installed properly: php’s date.timezone is not set to a valid timezone”. I’d forgotten to set the timezone in php.ini. Added ‘date.timezone = “America/New_York”‘, restarted httpd and Zoneminder. And got the same error.

<?php
error_reporting(E_ALL);
var_dump(ini_get('date.timezone'),date_default_timezone_get());
?>

It’s not set. This isn’t a funky Zoneminder thing — this is a PHP problem. I realized that PHP now runs as its own service. Restarting httpd is insufficient. Restarted php-ftm and the time zone I’d set in php.ini showed up. This is a case where a reboot would have sorted it … but good to remember that, when changing PHP settings, the php service needs to be restarted.

Did you know … Teams meetings now include closed captioning?

When you record a Teams meeting, Stream can generate a transcript of the meeting. Great for making meeting minutes or creating searchable content from meetings. But it doesn’t help someone who doesn’t here so well *participate* in the call. And the attendee at a noisy aeroport? They’re stuck waiting for the transcript to be generated. Microsoft had demonstrated a few new meeting features earlier in the year — background replacement and live captioning. While I still cannot drop the company logo behind me … live captioning has started to show up in tenants. This is currently in preview — which means you may encounter glitches. Instead of waiting for a transcript to be generated for a recorded meeting, live captions provide real-time on-screen transcription.

To turn on live captioning, click the ellipsis in the call control bar and select “Turn on live captions”.

A real-time transcript will appear in the lower left-hand corner of the screen. The text is large and easily read — at least on my desktop.

Their transcription engine picks up random background noise as interjections — the “oh” in my test, of instance, wasn’t actually uttered. Participating in a discussion with esoteric terms might yield a lot of mis-transcriptions. But it did a decent job with Z-Wave, DSLAM, and antidisestablishmentarianism.

Samba and SELinux

I had a horrendous time trying to get the Samba share on our new server working. It worked insomuchas I could map a drive to the share … but I couldn’t actually see any files. Increasing the log level (smb.conf)

log level = 10 passdb:5 auth:5

showed that, yeah, I was getting a lot of access denied errors.

[2019/12/14 23:04:53.249959, 10, pid=17854, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:5438(create_file_unixpath)
create_file_unixpath: NT_STATUS_ACCESS_DENIED
[2019/12/14 23:04:53.249982, 10, pid=17854, effective(0, 0), real(0, 0)] ../../source3/smbd/open.c:5716(create_file_default)
create_file: NT_STATUS_ACCESS_DENIED
[2019/12/14 23:04:53.250012, 3, pid=17854, effective(0, 0), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3254(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:296
[2019/12/14 23:04:53.250038, 10, pid=17854, effective(0, 0), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3142(smbd_smb2_request_done_ex)
smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3304

Many, many iterations of samba configs later, I wondered if SELinux was causing a problem. Temporarily disabling SELinux allowed files to be seen in the mapped drive … so that was the problem. I needed to tweak the SELinux settings to allow Samba to actually share files.

semanage fcontext -a -t samba_share_t "/data(/.*)?"

And

setsebool -P samba_export_all_rw=1

I2C 1602 LCD Display Formatting

We’re setting up an Arduino Uno as a humidity/temperature/lux sensor. A little LCD display came with the kit, so we are playing around with writing to the display. Building out the 2×16 display in Excel was an easy way to organize the information … and I didn’t have to keep re-counting out to find that the humidity output starts at column 11:

Adding CSS To Header

I am currently working on a website that sources in a header and footer — not an uncommon thing to do as this ensures a consistent look across the site. The lead-in code starts head, closes head, starts body, and defines the common page elements (nav bar, etc). The footer then defines some more common page elements and closes body. This approach creates a problem when you want to add CSS. Now you could use style tags within the HTML, but I would rather not have the same style definition twenty times. Yeah, I’d make a single variable out of it and print the style-definition-variable twenty times … but I’d rather have my CSS sourced in from a style-sheet file.

Since I’m already using jQuery to dynamically append elements — add table rows as data is pulled back from the server — I wondered if you could append something to the header. Yes, you can!

/**
* This function appends a CSS file to the document head
*
* @param {string} strFileName Path to CSS file
* @return n/a
*
* @example
*
* loadCSSStylesheetToHead('/path/to/file.css')
*/
function loadCSSStylesheetToHead(strFileName){
var file = document.createElement("link");
file.setAttribute("rel", "stylesheet");
file.setAttribute("type", "text/css");
file.setAttribute("href", strFileName);
document.head.appendChild(file);
}

This allows me to after-the-fact add css from a style-sheet file into the document head.

This is the end

With contestants who think lying about harassment is a good game strategy, and a guy finally removed for unwanted touching … I wonder if this is the end of Survivor. Will next season feature an alliance that outright lies to eliminate competition at key moments in the game? Gain a majority by eliminating a player on the other side.

Apache — Switching to PHP-FPM

A few system updates ago, PHP fell over completely because of some multi-processing module. The quick fix was to change the multi-processing module and avoid having to figure out what changed and how to use php-fpm. Part of moving my VM’s to the new server, though, is cleaning up anything I’ve patched together as a quick fix. And, supposedly, php-fpm is a lot faster than the old-school Apache handler. Switching was a lot less involved than I had expected.

Install php-fpm:

dnf install php-fpm

Edit 00-mpm.conf

My quick fix was to switch to a non-default multi-processing module. That change is reverted to re-enable the ‘event’ module

vim /etc/httpd/conf.modules.d/00-mpm.conf

Configure Apache PHP Module

Verify the socket name used in /etc/php-fpm.d/ — Fedora is configured from /etc/php-fpm.d/www.conf with a socket at /var/run/php-fpm/www.sock

cp /etc/httpd/conf.modules.d/15-php.conf /etc/httpd/conf.modules.d/15-php.conf.orig
vi /etc/httpd/conf.modules.d/15-php.conf

# Handle files with .php extension using PHP interpreter

# Proxy declaration
<Proxy "unix:/var/run/php-fpm/www.sock|fcgi://php-fpm">
    	ProxySet disablereuse=off
</Proxy>

# Redirect to the proxy
<FilesMatch \.php$>
	SetHandler proxy:fcgi://php-fpm
</FilesMatch>

#
# Allow php to handle Multiviews
#
AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

Enable php-fpm to auto-start, start php-fpm, and restart Apache

systemctl enable php-fpm
systemctl start php-fpm
systemctl restart httpd

Voila — phpinfo() confirms that I am using FPM/FastCGI

We’ll see if this actually does anything to improve performance!

External Access to libvirt VMs

Instead of trying to map individual ports over to guest OS’s, I am just routing traffic to the VM bridge from the host.

Testing to ensure it works:

systemctl start firewalld
firewall-cmd –direct –passthrough ipv4 -I FORWARD -i br5 -j ACCEPT
firewall-cmd –direct –passthrough ipv4 -I FORWARD -o br5 -j ACCEPT
firewall-cmd –reload

Permanent setup:

systemctl enable firewalld
firewall-cmd –permanent –direct –passthrough ipv4 -I FORWARD -i br5 -j ACCEPT
firewall-cmd –permanent –direct –passthrough ipv4 -I FORWARD -o br5 -j ACCEPT
firewall-cmd –reload

Then I just added a static route for the network defined on br5 to the VM host.