Month: April 2022

Blast from the ActiveX past by way of iDRAC6

Recently we acquired a Dell PowerEdge R610. It’s got the goodies and we plan on running a bunch of VMs on there for shits and giggles.

But beware if you’re trying to use iDRAC6. It’s a nifty technology for sure but it has left behind by the Internet moving forward. Now, there are plenty of guides out there on how to get it to work in “modern” settings i.e. Windows 10, Linux ≥ 2020:

But it was this comment that turned us on to the real solution for this:

First we need to obtain and configure a VM for our purposes:
1. Go to Virtual Machines – Microsoft Edge Developer and download the VM for your platform of choice. Since iDRAC6 is from 2008 we went with a Windows 7, IE8 32-bit VM; as we want the ability to manage this from a local workstation we went with a VirtualBox VM.
2. Import it into VirtualBox. You may want to adjust the hardware settings and give it a bit more RAM.
3. Turn it on. You may want to adjust the graphical settings.
4. Open IE and go to the iDRAC IP address or URL. We’ll use https://idrac6.lan. Click Continue to this Website (not recommended).
5. Once the site loads, on the top right go to Tools → Internet Options → Security tab → Trusted Sites. Click the Sites button.
6. In the “Add this website to the zone” enter the iDRAC URL, e.g. https://idrac6.lan. Click Add.
7. Make sure to remove the checkmark from Require server verification (https:) for all sites in this zone.
8. Click Close, then click OK to close the Internet Options window.

Next we need to configure iDRAC:
1. Login to iDRAC.
2. On the left menu make sure you’re in the System menu item.
3. On the top of the main pane go to Console/Media → Configuration.
4. Configure the Virtual Console:
– Enabled: Checked
– Max Sessions: 4
– Remote Presence Port: 5900
– Video Encryption Enabled: Remove this checkmark
– Local Server Video Enabled: Checked
– Plug-in Type: Native. This is the specific setting that makes iDRAC6 choose between ActiveX or Java.
5. Leave Virtual Media on teir defaults.
6. Click Apply
7. Log out of iDRAC, close IE.

At this point you should be able to connect to the virtual console:
1. Open IE and log back into iDRAC.
2. Go to the System left menu, then on the top tab menu go back to Console/Media.
3. Click Launch Virtual Console. IE will freeze for a few moments while it talks to iDRAC and then it will request permission to install the ActiveX control. It will freeze again while it’s installing. Once everything is done the Virtual Console should start it. If it doesn’t or it’s too slow (like moving at >5 FPS), close IE, log back into iDRAC, and restart the virtual console.

Now you have a functioning VM that can give you longer term access to iDRAC6 servers without having to deal with Java bullshit… at least until the iDRAC6 default certificate expires in June of 2024

iDRAC6 - Configuration page, with CA Root Certification Information for the website showing an expiration date of 2024/June/03

When you reboot the VM Windows 7 will download a whole bunch of updates but you should be able to keep using the virtual console. Just make sure to take a snapshot of the VM and you should be good to go.

A fair warning is also necessary:


DO NOT USE THIS VM TO ACCESS THE INTERNET. YOU WILL GET HACKED


We also tried to use the virtual console with Video Encryption enabled but we couldn’t get it to work.

Running thunderbolts through crystallized rock to make it think is already magical enough

At the heart of the problem is that the SELinux policies themselves are sort of magical. The policies have probably been provided by the maintainers of your Linux distribution, e.g., Fedora Linux. There’s nowhere on the system where you can view the policies and look up why something might or might not work. The policies also change over time, without any warning.

Source: SELinux is unmanageable; just turn it off if it gets in your way

Red Hat has made it clear the best way to manage SELinux is for you to outsource it to someone, preferably them. I get it, security of this sort is complex, but having to trust random internet postings for instructions on how to do a small task is how we ended up with github readmes saying “just curl this into bash as root”.

At the court

        <a href="https://www.flickr.com/people/nullrend/">nullrend</a> posted a photo:

At the court

Trying to spend a bit more time at the gym after neglecting working out for a few months…

Hennepin Avenue

        <a href="https://www.flickr.com/people/nullrend/">nullrend</a> posted a photo:

Hennepin Avenue

Hennepin is closed for road work again. Between new buildings and road work happening every year, this Avenue has been completely closed to motorized traffic for years now. Time to make it pedestrians only.

clusterduck28: madhyanas:cannot stress enough the importance of having a bucket in your house. a…

clusterduck28:

madhyanas:

cannot stress enough the importance of having a bucket in your house. a big plastic bucket. helps with housework. helps with morale. get yourself a bucket today

I do not have a bucket and this makes me more sad than the inexorable passage of time in an universe almost hostile in its indifference to life.

https://nullrend.tumblr.com/post/681933996281708544

Oh, Photoprism

mariadb_1 | 2022-04-11 18:17:42 0 [ERROR] InnoDB: preallocating 507904 bytes for file ./photoprism/faces.ibd failed with error 28 mariadb_1 | 2022-04-11 18:17:42 0 [ERROR] [FATAL] InnoDB: Error (Out of disk space) in rollback. mariadb_1 | Fatal signal 6 while backtracing photoprism_mariadb_1 exited with code 139

We recently got our hands on some enterprise hardware and we’re now using it to run some VMs and whatnot. One of the projects I’ve had for a long time is trying to figure out a way to have a web gallery. After looking around at the available options we decided to give a shot to Photoprism.

Requirements aren’t complicated:
– Display pictures and associated metadata quickly, as a gallery.
– Have wide compatibility for various filetypes, including RAW and video files.
– Mobile app helps but it’s not a hard requirement. Web first, preferably with minimum javascript thrown in.

We have about 46 thousand files including pictures and videos, consuming 265 GB of storage. A bit more than what most people would have sure, but any cloud picture solution would definitely charge a good chunk of money to store all of them.

Now, on to PhotoPrims itself. It does Docker Compose but… fine, whatever, you want me to do the devops shit, fine. It’s easy to install, after all:

# mkdir -p /opt/photoprism
# wget https://dl.photoprism.app/docker/docker-compose.yml
# vi docker-compose.yml

You just edit docker-compose.yml with the bits and pieces you need specific to your installation and you’re good to go. Being lazy I mounted pictures storage via CIFS from the storage server. Tried to get it to work directly in Docker but it kept telling me to kick rocks.

Then you run the actual service:

# docker-compose up -d

Starts up a server accesible on the local network at http://server:2342. The documentation does state securing the connection is an exercise left to the reader, but as I only plan to run this on my LAN and accessible only via VPN, it’s fine.

This is where we started running into issues. The first VM created for it had 2 vCPUs, 8GB RAM, 16GB HDD VM. It ran out of drive space after thrashing CPU for a bit. We upgraded the VM to 8 vCPU, 32BM RAM, 32GB HDD. It ran out of disk space after thrashing the CPU cores for a bit longer.

Mmmkay, now we have a bad time going here. Upgraded VM to 16 vCPU, 64GB RAM, 64 GB HDD. It ran out of disk space again after thrashing the CPU cores for a solid 20 hours. We get it, it’s using TensorFlow for AI stuff but as a comparison Digikam is able to do the same things but doesn’t consume nearly as many resources, for as long.

We suppose it really wants you to be using modern hardware of the sort that is incredibly expensive and to find given the current supply chain issues worldwide.

Lights

        <a href="https://www.flickr.com/people/nullrend/">nullrend</a> posted a photo:

Lights