djurny

  • Posts

    56
  • Joined

  • Last visited

Profile Information

  • Gender
    Male
  • Location
    Taiwan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

djurny's Achievements

  1. Hi, I have a similar possible identical issue. One of my NanoPi R2S systems is running as my VPN gateway (for both data and Pihole DNS). On several occasions my Pihole get shut (pun intended) -- DNS stops working due to my VPN gateway being unreachable on it's LAN side. On the serial console there are no warnings, errors or messages of any kind, bar armbianmonitor. 02:09:48: 408MHz 0.04 1% 0% 0% 0% 0% 0% 50.8°C 0/5 02:09:53: 600MHz 0.04 2% 1% 0% 0% 0% 0% 51.2°C 0/5 02:09:58: 1200MHz 0.27 6% 4% 0% 1% 0% 0% 53.3°C 0/5 02:10:03: 408MHz 0.25 3% 1% 1% 0% 0% 0% 50.8°C 0/5 02:10:08: 408MHz 0.31 1% 0% 0% 0% 0% 0% 51.7°C 0/5 02:10:14: 408MHz 0.41 1% 1% 0% 0% 0% 0% 50.8°C 0/5 02:10:19: 408MHz 0.38 1% 0% 0% 0% 0% 0% 51.7°C 0/5 02:10:24: 408MHz 0.43 1% 1% 0% 0% 0% 0% 50.4°C 0/5 Time CPU load %cpu %sys %usr %nice %io %irq CPU C.St. 02:10:29: 1200MHz 0.55 5% 4% 0% 0% 0% 0% 52.1°C 0/5 02:10:34: 600MHz 0.67 1% 1% 0% 0% 0% 0% 50.8°C 0/5 02:10:39: 408MHz 0.78 1% 1% 0% 0% 0% 0% 51.2°C 0/5 02:10:45: 408MHz 0.87 2% 1% 0% 0% 0% 0% 50.4°C 0/5 02:10:50: 600MHz 0.96 1% 1% 0% 0% 0% 0% 50.8°C 0/5 02:10:55: 408MHz 1.05 1% 1% 0% 0% 0% 0% 52.5°C 0/5 The interesting thing is that the load number seems to increase at some point: where it was average around well below 0.8 before, it started to creep up to around 7.00. 07:23:16: 408MHz 7.05 1% 1% 0% 0% 0% 0% 51.2°C 0/5 07:23:21: 1200MHz 7.05 1% 1% 0% 0% 0% 0% 52.5°C 0/5 07:23:26: 1200MHz 7.04 2% 2% 0% 0% 0% 0% 54.6°C 0/5 After attempting to log in on the serial console, there was nothing in 'top' indicating any processes were hogging up the cores causing high load numbers at all: (Note that I did have to "terminate all tasks" using <BRK>+e to be able to login on the serial console, so the 'top' results might be useless here.) Currently I have added the udev rule to the system to disable TX and RX offloading, as well as to disable the link power management for the RTL8153 device. SUBSYSTEM!="net", GOTO="__rtl815x_end" ACTION!="add", GOTO="__rtl815x_end" ENV{ID_VENDOR_ID}!="0bda", GOTO="__rtl815x_end" ENV{ID_MODEL_ID}!="8153", GOTO="__rtl815x_end" LABEL="__rtl815x_disable_lpm" RUN+="/bin/sh -c 'echo %E{ID_VENDOR_ID}:%E{ID_MODEL_ID}:k > /sys/module/usbcore/parameters/quirks'" LABEL="__rtl815x_disable_offloading" RUN+="/usr/sbin/ethtool -K $name rx off tx off" LABEL="__rtl815x_end" (Bit modified to also apply to any other RTL8153 device, to use the assigned name instead of hardcoded 'lan0'.) Spoilers below on 'blocked task state' show some links to the r8152 module and RTL8153 device. Backtrace of all active CPUs below. As I did spot several references to either suspend states of the RTL8153 (rtl8152_get_link_ksettings, rtl8152_suspend, __pm_runtime_resume), it might be more related to the link power management issue referenced in this thread. In the meantime, as this 'hangup' occurs only perhaps once every 1-2 weeks, I will monitor the system to see if it will happen still after the LPM and RX/TX offloading tweaks. If anyone is interested in some more backtrace content, I can provide. Groetjes,
  2. Hi @tparys, LUKS2 on-disk format is not supported/understood by cryptsetup 1.x, it requires cryptsetup 2.0 or higher. At that time, I do recall I had to build it (cryptsetup 2.x) from source on my Helios4 and Helios64 boxes which were at 4.4.x back then. As mentioned, my memory is failing here as I cannot recollect or find any logs on the actual errors I encountered, but the errors thrown at me by LUKS(1) were putting me on all my wrong feet at that time. Anyhow, I thought it is worth to check out to see if this might help out - or not of course. Groetjes,
  3. Hi @a5s397, I also had some issues with my LUKS encrypted partitions after a kernel upgrade before, but I have a hard time remembering what actually happened and how I managed to get it working again. Perhaps I'm stating the obvious, but are you sure you have a LUKS or LUKS2 type setup on your drive? As for me, I had to recompile LUKS2 in the past to get it to work for sure. Cannot really recall about the ... stopping here, just read your console.txt and you indeed have a LUKS2 format. Can you paste the output of cryptsetup --version and a syslog or dmesg output just before, during and after your first initial attempt to luksOpen your device on the working and non-working setups? Groetjes,
  4. Hi, You can try the following to get an idea of which process is modifying the file: sudo apt-get install auditd sudo auditctl -w /boot/armbianEnv.txt -p wa sudo tail -F /var/log/audit/audit.log The output should show actions performed on the file and (IIRC) the process ID performing those actions, perhaps that might help? e.g.: type=CWD msg=audit(1624526184.097:207): cwd="/home/djurny" type=PATH msg=audit(1624526184.097:207): item=0 name="/boot/" inode=7601 dev=b3:01 mode=040755 ouid=0 ogid=0 rdev=00:00 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(1624526184.097:207): item=1 name="/boot/armbianEnv.txt" inode=43198 dev=b3:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PROCTITLE msg=audit(1624526184.097:207): proctitle=xx type=SYSCALL msg=audit(1624526184.109:208): arch=40000028 syscall=94 per=800000 success=yes exit=0 a0=3 a1=81a4 a2=c80eeb00 a3=81a4 items=1 ppid=9641 pid=9642 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=2 comm="vi" exe="/usr/bin/vim.basic" subj==unconfined key=(null) type=PATH msg=audit(1624526184.109:208): item=0 name=(null) inode=43198 dev=b3:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PROCTITLE msg=audit(1624526184.109:208): proctitle=xx type=SYSCALL msg=audit(1624526184.109:209): arch=40000028 syscall=226 per=800000 success=yes exit=0 a0=1787820 a1=b6e3e1a0 a2=1907fc0 a3=1c items=1 ppid=9641 pid=9642 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=2 comm="vi" exe="/usr/bin/vim.basic" subj==unconfined key=(null) type=CWD msg=audit(1624526184.109:209): cwd="/home/djurny" type=PATH msg=audit(1624526184.109:209): item=0 name="/boot/armbianEnv.txt" inode=43198 dev=b3:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PROCTITLE msg=audit(1624526184.109:209): proctitle=xx Source: Find which process is modifying a file [duplicate] It honestly sounds a bit more like a filesystem that has lost track or a inode mixup somewhere? As someone mentioned, perhaps something else is writing to this file, thinking it is something else? Perhaps try to locate a symbolic (or hard)link to armbanEnv.txt: ## find any symbolic links to armbianEnv.txt sudo find / -xdev -type l -ls | egrep -i -- armbianEnv.txt ## find hardlinks to armbianEnv.txt - need to be on the same filesystem! sudo find / -xdev -samefile /boot/armbianEnv.txt Groetjes,
  5. Hi, To enable the armbianmonitor to show information on the running system on the serial console, I used to have a custom startup script, called from /etc/rc.local. After some time, I thought it was more neat to have this automatically started (and stopped) for login sessions that are started on serial consoles/terminals. This lead (led?) me to the following systemd unit file: [Unit] Description=armbianmonitor on ttyS2 Requires=serial-getty@ttyS2.service After=serial-getty@ttyS2.service After=getty.target BindsTo=serial-getty@ttyS2.service [Service] Type=idle ExecStartPre=-/bin/sleep 10 ExecStart=/usr/bin/armbianmonitor -m TTYPath=/dev/ttyS2 StandardInput=null StandardOutput=tty StandardError=syslog KillSignal=SIGKILL SendSIGHUP=yes [Install] WantedBy=serial-getty@ttyS2.service File goes into /usr/lib/systemd/system/armbianmonitor@ttyS2.service. To 'activate' it, perform the following after creating the file at the specified location: sudo systemctl daemon-reload sudo systemctl enable armbianmonitor@ttyS2 sudo systemctl stop armbianmonitor@ttyS2 sudo systemctl start armbianmonitor@ttyS2 This is currently working for me on OrangePi Zero, NanoPi R2S, Helios4 (@ttyS0) and Helios64. If you do not have serial-getty services started on ttyS2 - like in the example unit file - you will need to modify the 'ttyS2' with the serial console matching your situation. Note that the new armbianmonitor@ttyX service will auto-start when seial-getty@ttyX is started and it will also stop when serial-getty@ttyX is stopped. This is to prevent orphaned armbianmonitors. Fun thing to try is to stop and start serial-getty@ttyX and also see the armbianmonitor service for that tty stop/start in tandem. Hope this helps anyone out there, it's always nice to have serial output available in case things happen (and they always happen unexpectedly). Groetjes, p.s. See below spoiler for auto-adding these unit files based on your currently enabled serial-getty services.
  6. Hi @Elektrický, Nice tutorial, worked great for me. Bought a cheap GPS module: And a pinheader to solder onto the OrangePi Zero board itself. The only thing I had to change was to swap the RX/TX wires, as a straight connection did not work for my GPS board. I did not have any success getting PPS to work through the USB connection (works as ttyACM). I had to use the GPIO dtb overlay and electrical connection as per your tut. gpsd in action: ntp[sec] in action: Thanks a lot! Groetjes, p.s. I still have to figure out why I needed this
  7. Hi, Have you checked "nut" (network UPS tools) to see if they have some prefab solutions? Perhaps a custom nut driver, as I recall they have this type of behavior already available for "regular" UPSes. Groetjes,
  8. Hi @lanefu, For your usecase, best to do the following: for A in /dev/ttyUSB* do ( echo "${A:?}" udevadm info --query property "${A:?}" | egrep -- '^ID_(PATH|SERIAL_SHORT)=' ) | xargs done That will give you either the USB port location in the USB tree (ID_PATH) or any serial number (ID_SERIAL_SHORT) as provided by udev, ready to make rules with. As I bought a lot of low-end USB-serial dongles, they do not have any serial - hence the use of the USB port location. I run the script (attached in earlier post) every time I change something in the hub, or when I plug the hub into another device. Let me know if this helped you! Groetjes,
  9. Hi, sorry, I forgot to mention that the configure-serial-tty script does require some target modification: it depends on the baudrate being fixed on the target, as sending <BRK> both triggers Magic SysRq and optional baudrate switch by *getty. To get this to work on my setup with highish successrate, I reconfigured the target's serial-getty configurations to only work on one baudrate. See parts of my ansible task that sets that puppy up: The ansible task shell script will try to parse the commandline to get the currently configured baudrates. It assumes the baudrates are sorted from high to low, i.e. 1500000,115200,38400,9600 for my NanoPi R2S and Helios64 boxen. It will replace the baudrates with the most-left it had parsed (which should be the highest baudrate). It also will disable the options to *getty that skip setting the baudrate explicitly (i.e. keep-baud and extract-baud). Let me know if this worked out for you! Groetjes,
  10. Hi, See below udevadm rule: And below bash snippet of how to generate it: generate_udev_rule() { # <dev> <name> typeset _DEV="${1:?}" typeset _NAME="${2:?}" typeset _ID_PATH _ID_PATH="$( udevadm info --query property "${_DEV}" | sed -n '/^ID_PATH/ { s/^ID_PATH=//p; q; }' )" printf "ENV{ID_PATH}==\"%s\", SYMLINK+=\"serial/by-name/%s\"\n" \ "${_ID_PATH:?}" \ "${_NAME:?}" } Hope that helps! Groetjes, configure-serial-tty
  11. Hi, I made a small detection script using expect. That will spit out the hosts it found per try and baudraute guesstimate. Afterwards it will query the USB port location using udevadm info and build udev rules on a name basis for the hosts it found on those ports. It's not a generic solution, let me know if you are interested, I'll share when back at my workstation. Groetjes,
  12. Hi, How are you configuring your interfaces? ifup/ifdown or NetworkManager? How many NICs do you have on the system? Both are connected to the same network? Can you share output of: # show current dhcp clients pgrep -al dhclient # show network manager info sudo nmcli dev sh sudo nmcli con sh # show interface info sudo ifconfig -a # show ifup/ifdown config cat /etc/network/interfaces cat /etc/network/interfaces.d/* # show current listening adresses of dnsmasq sudo netstat -anp -Aip Groetjes,
  13. Hi, On my orangepi zero (256MB) running armbian image, I am observing some odd behavior that I do not fully understand. In an effort to 'harden' the orangepi zero configuration (by making the user experience annoying), I have shortened the sudo password prompt timeout. On the orangepi zero board, the following setting results in a timeout of only 2 seconds, instead of 15 seconds: #[BEGIN] Ansible managed ## DMZ special: Authentication always required except for TOOLS djurny ALL = (root) PASSWD: ALL, NOPASSWD: TOOLS ## DMZ special: Stricter timeout settings Defaults:djurny passwd_timeout=0.25 Defaults:djurny timestamp_timeout=0 Defaults:djurny !logfile Defaults:djurny !syslog #[END] The exact same setting works as expected on raspberrypi and also as expected on nanopi R2S (armbian). Even more odd, setting the timeout to 1, the timeout is indeed set to 1 minute. Setting it to any fractional value like 0.3 or 0.5 it seems that the timeout calculation/interpretation is just not working as per manpage. I'm not blocked by this, but if this is something that can be fixed easily, I will. For now, I've just the timeout to 1 minute (still more annoying than 15 minute timeout :-) Anyone have experienced this as well? Groetjes,
  14. I also see the same. Tried simple things, like blacklisting essiv kernel module, but that prevents cryptsetup from working at all. There seems to be a dependency of the authenc kernel module to essiv. Not sure what it was before, as I don't have any box running on older kernel at the moment: filename: /lib/modules/5.10.21-mvebu/kernel/crypto/essiv.ko [..] depends: authenc intree: Y name: essiv [..] Without authenc, crytpsetup starts complaining: Apr 7 22:52:04 localhost kernel: [ 126.468108] device-mapper: ioctl: error adding target to table Apr 7 22:53:36 localhost kernel: [ 218.613317] essiv: Unknown symbol crypto_authenc_extractkeys (err -2) Groetjes,
  15. @jsr my bad for the filename. Will check on my box as soon as I can. Can you also do cryptsetup benchmark? I wonder if the names in crypto and the ones used by cryptsetup might have changed somehow. Can you also share syslog of your box? The Marvell crypto drivers are also announced there, something might be off. (Note I'm not an expert in this crypto business so I might be barking up the verkeerde boom.) Groetjes, Sent from my SM-T500 using Tapatalk