By default, these AVC denials are not logged in /var/log/audit/audit.log which makes this problem harder to spot (if you want, you can enable all audit-messages by running semodule -DB).

There are at least two relevant entries in Bugzilla:

• Bug 771245 – nagios-plugins-disk fails when checking /boot on RHEL6.2 boxes
• Bug 768055 – SELinux silent denials of Nagios NRPE check of /boot

Fortunately, there is a simple workaround while we wait for an updated selinux-policy package. As root, do the following:

chcon -t nagios_unconfined_plugin_exec_t /usr/lib64/nagios/plugins/check_disk

Or, for 32-bit systems:

chcon -t nagios_unconfined_plugin_exec_t /usr/lib/nagios/plugins/check_disk

No need to restart anything; just wait until Nagios re-checks the service and the problem should be gone. Enjoy!

The onboard web interface does not seem to offer a way to configure these presets – but there is another way!

I have written a couple of small shell scripts (for Linux or Mac OS X) that allow you to set a preset, move to a preset and even take a snapshot right from the command line.

The first script stores the current camera position into the specified preset.

You need to open a web browser or camera app (my favorite: Live Cams Pro on iPad/iPhone) and set the camera position.

Then, run this script, specifying the preset number (for example, “foscam_set 0” to set the first preset):

#!/bin/bash
# Store current camera position in specified preset (0..16)

# Commandline handling
#
preset=$1
if [ -z $preset ];
then
    echo "Syntax: $0 <preset>, where preset is a number (0..16)"
    exit 1
fi

# Address (or address:port number) where to reach the camera
# Username / password to access camera functions
#
CAMERA=192.168.1.2
USERNAME=theUsername
PASSWORD=thePassword

# Presets are set using URL with command (30 + preset*2), and recalled using URL with command (31 + preset*2)
#
command=$((30 + 2*$preset))
echo "Storing current camera position in preset ${preset} (command = ${command})"
wget -O - http://${CAMERA}/decoder_control.cgi?command=${command}\&user=${USERNAME}\&pwd=${PASSWORD}

Next, a script to move the camera to a specified preset (for example, “foscam_go 3“:

#!/bin/bash
# Move camera to specified preset (0..16)

# Commandline handling
#
preset=$1
if [ -z $preset ];
then
    echo "Syntax: $0 <preset>, where preset is a number (0..16)"
    exit 1
fi

# Address (or address:port number) where to reach the camera
# Username / password to access camera functions
#
CAMERA=192.168.1.2
USERNAME=theUsername
PASSWORD=thePassword

# Presets are set using URL with command (30 + preset*2), and recalled using URL with command (31 + preset*2)
#
command=$((31 + 2*$preset))
echo "Moving camera to preset ${preset} (command = ${command})"
wget -O - http://${CAMERA}/decoder_control.cgi?command=${command}\&user=${USERNAME}\&pwd=${PASSWORD}

Finally, a demo script that moves the camera to a preset, takes a snapshot and stores it locally (based on a post by 1994MGoBlue):

#!/bin/bash
# Take snapshots of certain preset camera locations

# Address (or address:port number) where to reach the camera
# Username / password to access camera functions
#
CAMERA=192.168.1.2
USERNAME=theUsername
PASSWORD=thePassword

# The camera should normally be in this position
DEFAULT_PRESET=3

# Seconds to sleep after issuing a camera move command, allow it to reach new position.
# You may have to change this value to your needs
DELAY=10

# Presets are set using URL with command (30 + preset*2), and recalled using URL with command (31 + preset*2)
#
for preset in 0 1 2 3 4;
do
    command=$((31 + 2*$preset))
    echo "Taking snapshot in preset ${preset} (command = ${command})"

    # Move camera, delay, take snapshot (stored in /tmp/)
    wget -O - http://${CAMERA}/decoder_control.cgi?command=${command}\&user=${USERNAME}\&pwd=${PASSWORD}
    sleep ${DELAY}
    wget -O /tmp/preset-${preset}.jpg http://${CAMERA}/snapshot.cgi?user=${USERNAME}\&pwd=${PASSWORD}
done

# Done, send camera back to default position
command=$((31 + 2*$DEFAULT_PRESET))
wget -O - http://${CAMERA}/decoder_control.cgi?command=${command}\&user=${USERNAME}\&pwd=${PASSWORD}

Enjoy!

… ook namens onze veestapel, Bommel, Blacky en Koetje

This plug contains a separate receiver and transmitter board. After consulting the schematic, it appears that the receiver is hooked up to the AIO pin, while the transmitter is connected to the DIO pin. This information is needed when reconfiguring the software for the actual Port socket you plugged the OOK433 into.

There are two solder jumpers that need to be made (marked in the picture on the right):

• The upper one selects supply voltage. According to current documentation, the rightmost two pads need to be bridged, selecting +3V.
• The lower solder jumper should always be bridged (except if a resistor R1 is to be installed)

Note that the Receiver and Transmitter modules have “+5V’ and “+12V” markings on them – apparently, they also work at this much lower voltage.

After making these two solder jumpers, continue assembly. I soldered a 6-pin header (not included with the kit)  to the Port connector so I can plug it straight into a JeeNode.

The trick here is to apply some solder to one pad and one pin first. Then, hold the header in place while re-heating the solder on that pad. The remaining pads can now be soldered properly. The picture shows the solder jumpers I made, as well as the preparations for soldering the 6-pin header in place.

Make sure you get shiny solder joints that are properly heated (lead-free solder tends to shine a bit less than the 60/40 I use).

Next up: the transmitter module. Note that when soldering, you usually work from “lowest” to “highest” component. This makes life easier. Simply insert the transmitter module into the 3 holes and solder it. Note that the module has an antenna connector (marked “ANT”) for adding a straight-wire antenna, approx. 17cm in length. This corresponds to 1/4 wavelength at 433MHz.

Finally, the receiver module. Insert it into the 4 holes and solder it. This module also has an antenna connector, you may want to add a 17cm straight-wire antenna here as well.

The end result is in the picture below. Now for the moment of truth: trying to make it work with a JeeNode and a software sketch.

This is where my trouble began. I used various sketches with my new KAKU remote, to no avail:

• kaku_demo
• KlikAanKlikUit_A_type
• ookRelay
• ookScope2
• recv433_test

I searched the blog and forums using Google (“site:jeelabs.net OOK433″) and found several people struggling to make the OOK433 Plug work. Several issues appear to be at play here:

1. Confusion regarding the correct supply voltage; it seems that +3V is not enough.
   This means that you would need to bridge the leftmost two pads on the upper solder jumper, instead of the rightmost two pads.
2. Confusion regarding port numbers / Arduino pin numbers.
   The KlikAanKlikUit_A_type sketch is the only one that seems to clearly document where the Plug is expected to be for the sketch to work.
3. Confusion regarding the antennas being “optional” or not.
   I have no antennas connected at the moment, but I’m using the remote at close range so it should not be a problem.
4. Confusion regarding the different KAKU protocols out there.
   I think I have the most recent protocol, with house code (A-D on my remote). The old protocol apparently does not have that.

All in all, quite a few variables

I decided to go ahead with the ookScope2.ino sketch – that appears to be a fairly recent sketch; hopefully that code works as expected. First hurdle: determining which port to plug the OOK433 Plug into…

The code contains this line:

#define OOK_PIN   2   // this is the input pin with the signal to be analyzed

This might refer to AVR pin PD2, Arduino pin “Digital 2″ but that would mean it’s connected to the RFM12B INT line! Not very likely… I tried the code, and apart from the [ookScope] identifier, nothing happened. So, where does that OOK433 Plug need to go for the sketch to work?

OK, back to the schematic I talked about at the start of this post. The OOK433 receiver module appears to be connected to the AIO pin. If I want to use the plug in Port 3, I need to find the proper value for AIO3. That would be Analog 2 / Digital 16 (hey, ’2′ looks familiar but it didn’t work).

I then tried seting OOK_PIN to 16 (Digital 16), plugged the OOK433 into Port 3 and behold! The sketch starts, and emits binary garbage on the serial output! This is promising!

Next up: install the JeeRev / JeeMon software on my Mac according to instructions. Unfortunately, that didn’t result in a nice bar graph display – the bars remain at zero, even though I pressed the remote buttons. Perhaps the ookScope2.ino sketch doesn’t work with this version of the JeeMon software? What’s next? Debugging the JeeMon installation? Nah…

Anyway, my head hurts after reading through the various forum and blog posts – once I get this working I’ll post “part 2″ of this adventure

P.S.: I think we as a community should work on improving the “Out of Box Experience” for the JeeLabs hardware. Detailed assembly instructions, a simple test sketch with clear instructions on setting up the test bed – life would be so much easier If possible, add a low-level hardware diagnostics mode in that test sketch to help isolate the cause of any hardware-related problems. For example, try communicating over the SPI / I2C bus. If that doesn’t work, you might have to inspect your soldering. And most importantly: find a way to reduce @JCW’s workload – it would not be realistic to expect him to do all the work on documentation / test sketches etc.

Still massively enjoying the JeeLabs learning experience, one (steep) step at a time

Onwards!

After soldering the control board to the LCD display,I tried compiling the lcd_demo.ino demo sketch. No luck – it seems that the code no longer compiled with Arduino 1.0.

I added the include-file that was missing:

#include <PortsLCD.h>

and suddenly… nothing happened.

I verified the connections – everything looked good. Oh well – “if all else fails, read the manual”. There were no detailed assembly instructions for this kit, so I had to search through various posts to help debug the issue.

Turns out that you have to set two solder jumpers (Logic to 3v3, Backlight to 3v3) as well as short out a current limiting resistor (which is not actually present on the board). Click the annotated image on the left for a (blurry) close-up.

This still did not seem to solve the problem – the backlight worked, but still no text on the display. After adjusting the contrast level with the trimpot (near the read arrow in the image), the display finally sprang to life. I had to rotate it completely counter-clockwise.

The test assembly looks like this – battery holder on top, JeeNode in the middle, LCD Plug at the bottom of the image. The LCD Plug is connected to Port 1 on the JeeNode.

The basic approach is this:

1. Use Cobbler as you normally would (you will trigger several SElinux denials, so expect errors)
2. Extract the relevant SElinux audit messages; convert them into a local policy
3. Load your local policy
4. Repeat steps 1..3 until everything works as expected

First attempt: the “cobbler import” command fails; rsync cannot access files on the mounted DVD ISO. Time to start writing a local policy!

The following command generates a basic SElinux policy from the SElinux audit messages:

  cat /var/log/audit/audit.log | audit2allow -l -v -m local > local.te

The resulting local.te file (ASCII, open it in your favorite editor) will list various items, some if which are not related to the Cobbler / Rsync operations. Edit the file to taste. Now, compile and load that policy:

  checkmodule -M -m -o local.mod local.te
  semodule_package -o local.pp -m local.mod
  semodule -v -i local.pp

Note: every invocation of “audit2allow -l” will overwrite your local.te policy file with new events since the last time a policy module was loaded. This is why you should keep backup copies of the previous versions so you can merge new events in with the existing ones.

In the end, you will end up with a policy in local.te like this:

module local 1.0;

require {
    type cobblerd_t;
    type cobbler_var_lib_t;
    type iso9660_t;
    type public_content_t;
    type rpm_var_lib_t;
    type rsync_etc_t;
    type security_t;
    type tmp_t;
    class capability { sys_module fsetid };
    class dir { add_name create getattr open read remove_name rmdir search write };
    class file { create getattr open read unlink write };
    class lnk_file create;
    class unix_dgram_socket create;
}

#============= cobblerd_t ==============
allow cobblerd_t cobbler_var_lib_t:lnk_file create;
allow cobblerd_t iso9660_t:dir { open read search getattr };
allow cobblerd_t iso9660_t:file { open read getattr };
allow cobblerd_t public_content_t:dir { write rmdir remove_name };
allow cobblerd_t rpm_var_lib_t:dir { open read search getattr write };
allow cobblerd_t rsync_etc_t:file create;
allow cobblerd_t security_t:dir read;
allow cobblerd_t self:capability fsetid;
allow cobblerd_t self:unix_dgram_socket create;
allow cobblerd_t tmp_t:dir { add_name create remove_name rmdir write };
allow cobblerd_t tmp_t:file { create getattr open read unlink write };

I’m setting up a small electronics lab with some basic equipment like the Rigol DS1052E oscilloscope (approx. 300 Euros; I “upgraded” mine to the DS1102E firmware to increase the scope’s bandwidth to 100MHz).

One of my first projects is building a Wireless Sensor Network (WSN) to measure humidity, temperature, brightness and motion in several locations at home. The necessary hardware is depicted on the right.

I’ve added a simple resistor ladder network to one of the analog inputs, allowing me to measure battery voltage; these units are supposed to be powered from rechargable batteries for at least a year. Standby power consumption of these devices is in the micro-Amp range; much better than a standard Arduino. The JeeNode comes with an onboard RF12B wireless module (not visible in the picture; it’s below the PIR board) for communications.

While experimenting with the software, I wanted to take a closer look at the actual PIR sensor output signal. The Rigol oscilloscope has all kinds of handy features that assist in analysing and measuring these signals. It can store screenshots on a USB stick, or be remote controlled from a PC – excellent value for money!

As you can see, the display is only 320 pixels wide (QVGA) but that is enough for my modest needs

I tried triggering the PIR as short as possible. The PIR open collector output is pulled low (negative edge) if motion is detected. The minimum output pulse width was approx. 570 milliseconds wide. If the sensor sees continuing motion, the output will remain low for that period (at least, in Continuous trigger mode).

The accompanying “sketch” (Arduino-talk for a program that you write) sends out packets at regular intervals (once per minute, or less), containing all the telemetry info. If motion is detected, an interrupt is generated that causes a packet to be sent out immediately.

I modified a receiver “sketch” to decode the telemetry info and generate a human-readable report:

ROOM-18 1695b 221* 1 38% 22.6C 4.638V 0
 -> ack-18
ROOM-25 1695b 21* 0 46% 19.6C 5.180V 0
ROOM-18 1695b 221* 1 38% 22.7C 4.638V 0
 -> ack-18
 ? 17 166 224 91 134 200 17 70 143 23 173 91 150 205 3 49 236 76 147 243 149
 ? 45 230 233 2 36 124 197 34 202 40 8 137 155 8 37 81 182 185 91 22 183
ROOM-18 1695b 221* 0 38% 22.7C 4.638V 0

Here, I have two JeeNodes (ID 18 and 25), each outfitted with a Room Board. The 433MHz band is crowded, so you’ll see spurious traffic (indicated by ‘?’). If a proper Room Node packet is recognized, it is decoded and displayed.

The report indicates the source of the transmission (ROOM-18 or ROOM-25); free RAM (1695 bytes); brightness (0-255); motion (0-1); humidity; temperature and battery voltage. The last “0″ is the Low Battery indicator.

Regular transmissions are not acknowledged; it’s no problem if you lose a couple of data points. If the PIR is triggered however, acknowledgements are requested to ensure that the central node registers this event.

I’m still working on the central node software; I’ll probably just parse the data and stick it in a RRD file or database…

Electronics + Software = hours of fun!

Kernel panic - not syncing: No init found. Try passing init= option to kernel.

It appears that “yum update” installs the new kernel:

[root@c3p0 boot]# rpm -qa |grep ^kernel-
kernel-2.6.32-131.17.1.el6.x86_64
kernel-firmware-2.6.32-131.17.1.el6.noarch
kernel-firmware-2.6.32-71.29.1.el6.noarch
kernel-2.6.32-71.29.1.el6.x86_64

… but no initramfs is created under /boot:

[root@c3p0 boot]# ls -l /boot
total 25561
-rw-r--r--. 1 root root 100203 Oct 6 20:44 config-2.6.32-131.17.1.el6.x86_64
-rw-r--r--. 1 root root 97911 Jun 27 21:08 config-2.6.32-71.29.1.el6.x86_64
drwxr-xr-x. 3 root root 1024 Aug 16 12:58 efi
drwxr-xr-x. 2 root root 1024 Dec 1 17:15 grub
-rw-r--r--. 1 root root 13435614 Aug 16 12:59 initramfs-2.6.32-71.29.1.el6.x86_64.img
drwx------. 2 root root 12288 Aug 16 12:54 lost+found
-rw-r--r--. 1 root root 165827 Oct 6 20:47 symvers-2.6.32-131.17.1.el6.x86_64.gz
-rw-r--r--. 1 root root 160602 Jun 27 21:11 symvers-2.6.32-71.29.1.el6.x86_64.gz
-rw-r--r--. 1 root root 2279162 Oct 6 20:44 System.map-2.6.32-131.17.1.el6.x86_64
-rw-r--r--. 1 root root 2228188 Jun 27 21:08 System.map-2.6.32-71.29.1.el6.x86_64
-rwxr-xr-x. 1 root root 3882992 Oct 6 20:44 vmlinuz-2.6.32-131.17.1.el6.x86_64
-rwxr-xr-x. 1 root root 3795744 Jun 27 21:08 vmlinuz-2.6.32-71.29.1.el6.x86_64

Also, in /etc/boot/grub.conf, the initrd entry is missing for the new kernel:

[root@c3p0 boot]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS Linux (2.6.32-131.17.1.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-131.17.1.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
title CentOS (2.6.32-71.29.1.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-71.29.1.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
	initrd /initramfs-2.6.32-71.29.1.el6.x86_64.img

I remember seeing this problem before on a fairly recent Fedora system, probably Fedora 14 or 15, but never on older CentOS / RHEL releases.

My guess is that this is a problem with Dracut. You can re-generate the initramfs by running dracut (as root, of course), but I’d rather not have to perform emergency surgery on lots of (virtual) machines…

Anyway, the command line would look like this:

dracut initramfs-${version}.img ${version}
dracut initramfs-2.6.32-131.17.1.el6.x86_64.img 2.6.32-131.17.1.el6.x86_64

There are several ways to plug a Room Board into the JeeNode. The pictures below should help you verify the correct “Port” settings for each configuration:

One of these devices, a Kenwood TH-D72, has a built-in Silicon Labs CP210x chip. The Mac OS X driver supplied by Silicon Labs is not very stable; it has caused my Mac to crash several times already. Uninstalling this driver is not as easy as uninstalling other applications on Mac; normally, you just drag the app into the trash – done. However, these drivers are supplied in “pkg” (package) format. Uninstalling software packages is a bit more involved.

Open Terminal and type the following commands:

macbookpro-ed:/ ed$ pkgutil --pkgs |grep silabs
com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver.pkg
com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver64.pkg

macbookpro-ed:/ ed$ pkgutil --lsbom com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver.pkg
.
./SiLabsUSBDriver.kext
./SiLabsUSBDriver.kext/Contents
./SiLabsUSBDriver.kext/Contents/Info.plist
./SiLabsUSBDriver.kext/Contents/MacOS
./SiLabsUSBDriver.kext/Contents/MacOS/SiLabsUSBDriver
./SiLabsUSBDriver.kext/Contents/Resources
./SiLabsUSBDriver.kext/Contents/Resources/English.lproj
./SiLabsUSBDriver.kext/Contents/Resources/English.lproj/InfoPlist.strings

macbookpro-ed:/ ed$ pkgutil --lsbom com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver64.pkg
.
./SiLabsUSBDriver64.kext
./SiLabsUSBDriver64.kext/Contents
./SiLabsUSBDriver64.kext/Contents/Info.plist
./SiLabsUSBDriver64.kext/Contents/MacOS
./SiLabsUSBDriver64.kext/Contents/MacOS/SiLabsUSBDriver64
./SiLabsUSBDriver64.kext/Contents/Resources
./SiLabsUSBDriver64.kext/Contents/Resources/English.lproj
./SiLabsUSBDriver64.kext/Contents/Resources/English.lproj/InfoPlist.strings

The first command looks for all PKG receipts pertaining to the Silicon Labs drivers. The next commands list the contents (Bill of Materials) for each driver package. Uninstalling the drivers can now be accomplished in several ways:

Leave the PKG, but disable the drivers (safest, but least clean):

This method does not actually uninstall the drivers. Locate the driver kext (kernel extensions) and rename to disable them:

mdfind SiLabsUSBDriver.kext
cd /System/Library/Extensions/
sudo mv SiLabsUSBDriver.kext SiLabsUSBDriver.kext_DISABLED
sudo mv SiLabsUSBDriver64.kext SiLabsUSBDriver64.kext_DISABLED

Reboot to verify that the driver is actually disabled. For example, plug in the USB device and check Console.app for a corresponding error message indicating that no driver could be found:

2011-11-29 8:34:56.000 PM kernel: 0 0 AppleUSBCDC: start - initDevice failed

Remove all files listed in the PKG Bill of Materials (clean, but less safe):

mdfind SiLabsUSBDriver.kext
cd /System/Library/Extensions/
sudo rm -rf SiLabsUSBDriver.kext
sudo rm -rf SiLabsUSBDriver64.kext
sudo pkgutil --forget com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver.pkg
sudo pkgutil --forget com.silabs.siliconLabsVcpDriver.SiLabsUSBDriver64.pkg

Reboot to verify that the drivers are now completely gone.