Page turner, part 2

Sourcecode: https://github.com/Spodah/IoT-experiments/blob/master/pageturner/pageturner.ino

Pictures:

This slideshow requires JavaScript.

Problems solved with duct-tape:
The arm designed to push the page up (for the other arm to flip it) kept falling apart.
The legos keeping the servo(attached to said arm) were not heavy enough to keep it in place.

Enduring problems: Due to the simplistic design of the device, calibration is quite tricky and has to be done manually. Fixing this would require a significant amount of added complexity, and is not viable due to time constraints.

Video: https://www.youtube.com/watch?v=GDleW4Zk974&feature=youtu.be

Sources:
http://terokarvinen.com/2017/prototyypin-rakentaminen-bus4tn007-8-w22

Page turner, part 1

The goal of this project is to create an electronic page turner, capable of flipping through pages of an open book one by one.
Similar products on youtube:
https://www.youtube.com/watch?v=ir5ZanXy6nc
https://www.youtube.com/watch?v=6AjmEL5pcvc
https://www.youtube.com/watch?v=CKVff6EtwCs
https://www.youtube.com/watch?v=WwXqKcQ21u0

Source code: https://github.com/Spodah/IoT-experiments/blob/master/pageturner/pageturner.ino

Pictures:

This slideshow requires JavaScript.

Parts used:
Arduino Uno: https://www.arduino.cc/en/main/arduinoBoardUno
Arduino Sensor Shield v4.0: https://cotswoldarduino.files.wordpress.com/2015/07/arduino-sensor-shield.pdf
2x SG90 9g micro servo: http://www.micropik.com/PDF/SG90Servo.pdf
Numerous LEGOs
Copious amounts of duct-tape

Interesting difficulties: The wheel(which is for pushing the page up for the second servo to catch and flip it) appears to be impossible to secure to the servo with duct-tape alone. A more complex solution is needed and will quite possibly be detailed in the next part.

Sources:
http://terokarvinen.com/2017/prototyypin-rakentaminen-bus4tn007-8-w22
http://botbook.com/code.html

Playing with Puppet part 2

I started the exercise at 22:24 local time. The exercise was done HP pavillion p6-2020sc using Kubuntu 16.04.2 from live-USB. All the files and code can be found at https://github.com/Spodah/puppet-practices

I begun by creating a script that would: set keyboard to Finnish layout, install puppet and git, clone puppet-practices repository from github, and run git and ipython modules from the repository.

kubuntu@kubuntu:~$ nano startup.sh
kubuntu@kubuntu:~$ setxkbmap fi
kubuntu@kubuntu:~$ nano startup.sh
kubuntu@kubuntu:~$ startup.sh
startup.sh: command not found
kubuntu@kubuntu:~$ bash startup.sh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
augeas-lenses debconf-utils facter git-man hiera libaugeas0 liberror-perl puppet-common ruby-augeas ruby-deep-merge ruby-json
ruby-nokogiri ruby-rgen ruby-safe-yaml ruby-selinux ruby-shadow virt-what
Suggested packages:
augeas-doc git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-arch git-cvs git-mediawiki
git-svn mcollective-common augeas-tools puppet-el vim-puppet etckeeper ruby-rrd
The following NEW packages will be installed:
augeas-lenses debconf-utils facter git git-man hiera libaugeas0 liberror-perl puppet puppet-common ruby-augeas ruby-deep-merge
ruby-json ruby-nokogiri ruby-rgen ruby-safe-yaml ruby-selinux ruby-shadow virt-what
0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,666 kB of archives.
After this operation, 35.2 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 augeas-lenses all 1.4.0-0ubuntu1 [263 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial/universe amd64 debconf-utils all 1.5.58ubuntu1 [57.5 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-json amd64 1.8.3-1build4 [43.9 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial/universe amd64 facter all 2.4.6-1 [75.1 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial/main amd64 liberror-perl all 0.17-1.2 [19.6 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial/main amd64 git-man all 1:2.7.4-0ubuntu1 [735 kB]
Get:7 http://archive.ubuntu.com/ubuntu xenial/main amd64 git amd64 1:2.7.4-0ubuntu1 [3,006 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-deep-merge all 1.0.1+gitf9df6fdb-1 [8,226 B]
Get:9 http://archive.ubuntu.com/ubuntu xenial/universe amd64 hiera all 2.0.0-2 [21.6 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaugeas0 amd64 1.4.0-0ubuntu1 [154 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-augeas amd64 1:0.5.0-3build4 [10.6 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-nokogiri amd64 1.6.7.2-3build1 [88.3 kB]
Get:13 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-rgen all 0.7.0-2 [70.0 kB]
Get:14 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-safe-yaml all 1.0.4-1 [17.5 kB]
Get:15 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-shadow amd64 2.4.1-1build4 [9,490 B]
Get:16 http://archive.ubuntu.com/ubuntu xenial/universe amd64 puppet-common all 3.8.5-2 [1,015 kB]
Get:17 http://archive.ubuntu.com/ubuntu xenial/universe amd64 puppet all 3.8.5-2 [12.3 kB]
Get:18 http://archive.ubuntu.com/ubuntu xenial/universe amd64 ruby-selinux amd64 2.4-3build2 [46.2 kB]
Get:19 http://archive.ubuntu.com/ubuntu xenial/universe amd64 virt-what amd64 1.14-1 [13.0 kB]
Fetched 5,666 kB in 3s (1,557 kB/s)
Selecting previously unselected package augeas-lenses.
(Reading database ... 162826 files and directories currently installed.)
Preparing to unpack .../augeas-lenses_1.4.0-0ubuntu1_all.deb ...
Unpacking augeas-lenses (1.4.0-0ubuntu1) ...
Selecting previously unselected package debconf-utils.
Preparing to unpack .../debconf-utils_1.5.58ubuntu1_all.deb ...
Unpacking debconf-utils (1.5.58ubuntu1) ...
Selecting previously unselected package ruby-json.
Preparing to unpack .../ruby-json_1.8.3-1build4_amd64.deb ...
Unpacking ruby-json (1.8.3-1build4) ...
Selecting previously unselected package facter.
Preparing to unpack .../facter_2.4.6-1_all.deb ...
Unpacking facter (2.4.6-1) ...
Selecting previously unselected package liberror-perl.
Preparing to unpack .../liberror-perl_0.17-1.2_all.deb ...
Unpacking liberror-perl (0.17-1.2) ...
Selecting previously unselected package git-man.
Preparing to unpack .../git-man_1%3a2.7.4-0ubuntu1_all.deb ...
Unpacking git-man (1:2.7.4-0ubuntu1) ...
Selecting previously unselected package git.
Preparing to unpack .../git_1%3a2.7.4-0ubuntu1_amd64.deb ...
Unpacking git (1:2.7.4-0ubuntu1) ...
Selecting previously unselected package ruby-deep-merge.
Preparing to unpack .../ruby-deep-merge_1.0.1+gitf9df6fdb-1_all.deb ...
Unpacking ruby-deep-merge (1.0.1+gitf9df6fdb-1) ...
Selecting previously unselected package hiera.
Preparing to unpack .../archives/hiera_2.0.0-2_all.deb ...
Unpacking hiera (2.0.0-2) ...
Selecting previously unselected package libaugeas0.
Preparing to unpack .../libaugeas0_1.4.0-0ubuntu1_amd64.deb ...
Unpacking libaugeas0 (1.4.0-0ubuntu1) ...
Selecting previously unselected package ruby-augeas.
Preparing to unpack .../ruby-augeas_1%3a0.5.0-3build4_amd64.deb ...
Unpacking ruby-augeas (1:0.5.0-3build4) ...
Selecting previously unselected package ruby-nokogiri.
Preparing to unpack .../ruby-nokogiri_1.6.7.2-3build1_amd64.deb ...
Unpacking ruby-nokogiri (1.6.7.2-3build1) ...
Selecting previously unselected package ruby-rgen.
Preparing to unpack .../ruby-rgen_0.7.0-2_all.deb ...
Unpacking ruby-rgen (0.7.0-2) ...
Selecting previously unselected package ruby-safe-yaml.
Preparing to unpack .../ruby-safe-yaml_1.0.4-1_all.deb ...
Unpacking ruby-safe-yaml (1.0.4-1) ...
Selecting previously unselected package ruby-shadow.
Preparing to unpack .../ruby-shadow_2.4.1-1build4_amd64.deb ...
Unpacking ruby-shadow (2.4.1-1build4) ...
Selecting previously unselected package puppet-common.
Preparing to unpack .../puppet-common_3.8.5-2_all.deb ...
Unpacking puppet-common (3.8.5-2) ...
Selecting previously unselected package puppet.
Preparing to unpack .../puppet_3.8.5-2_all.deb ...
Unpacking puppet (3.8.5-2) ...
Selecting previously unselected package ruby-selinux.
Preparing to unpack .../ruby-selinux_2.4-3build2_amd64.deb ...
Unpacking ruby-selinux (2.4-3build2) ...
Selecting previously unselected package virt-what.
Preparing to unpack .../virt-what_1.14-1_amd64.deb ...
Unpacking virt-what (1.14-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Processing triggers for systemd (229-4ubuntu16) ...
Processing triggers for ureadahead (0.100.0-19) ...
ureadahead will be reprofiled on next reboot
Setting up augeas-lenses (1.4.0-0ubuntu1) ...
Setting up debconf-utils (1.5.58ubuntu1) ...
Setting up ruby-json (1.8.3-1build4) ...
Setting up facter (2.4.6-1) ...
Setting up liberror-perl (0.17-1.2) ...
Setting up git-man (1:2.7.4-0ubuntu1) ...
Setting up git (1:2.7.4-0ubuntu1) ...
Setting up ruby-deep-merge (1.0.1+gitf9df6fdb-1) ...
Setting up hiera (2.0.0-2) ...
Setting up libaugeas0 (1.4.0-0ubuntu1) ...
Setting up ruby-augeas (1:0.5.0-3build4) ...
Setting up ruby-nokogiri (1.6.7.2-3build1) ...
Setting up ruby-rgen (0.7.0-2) ...
Setting up ruby-safe-yaml (1.0.4-1) ...
Setting up ruby-shadow (2.4.1-1build4) ...
Setting up puppet-common (3.8.5-2) ...
Setting up puppet (3.8.5-2) ...
Setting up ruby-selinux (2.4-3build2) ...
Setting up virt-what (1.14-1) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Processing triggers for systemd (229-4ubuntu16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Cloning into 'puppet-practices'...
remote: Counting objects: 98, done.
remote: Compressing objects: 100% (70/70), done.
remote: Total 98 (delta 30), reused 68 (delta 10), pack-reused 0
Unpacking objects: 100% (98/98), done.
Checking connectivity... done.
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.69 seconds
Notice: /Stage[main]/Git/File[/etc/bash.bashrc]/content: content changed '{md5}d80b5c72ee089f1e43de3f084a69495c' to '{md5}a2b11437823218db218caf1a649a64eb'
Notice: /Stage[main]/Git/File[/etc/.gitconfig]/ensure: defined content as '{md5}6c8d7e517ff0240b002d0d8a247e3beb'
Notice: Finished catalog run in 0.20 seconds
Error: Could not run: Could not find file -

setxkbmap fi
sudo apt-get install -y git puppet
git clone https://github.com/Spodah/puppet-practices.git
sudo puppet apply --modulepath /home/kubuntu/puppet-practices -e class{"git:"}
sudo puppet apply --modulepath /home/kubuntu/puppet-practices - e class{"ipython:"}

The error was caused by an extra space on line 5, between – and e.

kubuntu@kubuntu:~$ bash startup.sh
Reading package lists... Done
Building dependency tree
Reading state information... Done
git is already the newest version (1:2.7.4-0ubuntu1).
puppet is already the newest version (3.8.5-2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
fatal: destination path 'puppet-practices' already exists and is not an empty directory.
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.68 seconds
Notice: Finished catalog run in 0.18 seconds
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.64 seconds
Notice: /Stage[main]/Ipython/File[/tmp/ipython]/ensure: defined content as '{md5}38028b51833135efa362820b0daa7f8e'
Notice: /Stage[main]/Ipython/Package[ipython3]/ensure: ensure changed 'purged' to 'latest'
Notice: Finished catalog run in 7.22 seconds

Now the script is working as it should. Next, I opened a new tab in terminal for testing.

kubuntu@kubuntu:~$ mv startup.sh puppet-practices/startup.sh
kubuntu@kubuntu:~$ cd puppet-practices/
kubuntu@kubuntu:~/puppet-practices$ git config --global user.email "jpuroila@gmail.com"
kubuntu@kubuntu:~/puppet-practices$ git config --global user.name "Juuso Puroila"
kubuntu@kubuntu:~/puppet-practices$ gpush
[master 9cf6dd1] Add bashscript to jumpstart using liveUSB.
1 file changed, 5 insertions(+)
create mode 100644 startup.sh
Already up-to-date.
warning: push.default is unset; its implicit value has changed in
Git 2.0 from 'matching' to 'simple'. To squelch this message
and maintain the traditional behavior, use:

git config --global push.default matching

To squelch this message and adopt the new behavior now, use:

git config --global push.default simple

When push.default is set to 'matching', git will push local branches
to the remote branches that already exist with the same name.

Since Git 2.0, Git defaults to the more conservative 'simple'
behavior, which only pushes the current branch to the corresponding
remote branch that 'git pull' uses to update the current branch.

See 'git help config' and search for 'push.default' for further information.
(the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
'current' instead of 'simple' if you sometimes use older versions of Git)

Username for 'https://github.com': spodah
Password for 'https://spodah@github.com':
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 439 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To https://github.com/Spodah/puppet-practices.git
39655f6..9cf6dd1 master -> master
kubuntu@kubuntu:~/puppet-practices$

This demonstrates that the script worked correctly, that Git is working correctly, and that Puppet is working correctly. The environment was now sane and working.

My next goal was to configure UFW to block incoming traffic except from ports 22, 80 and 443, as would be standard for a webserver.

kubuntu@kubuntu:~/puppet-practices$ mkdir ufw
kubuntu@kubuntu:~/puppet-practices$ cd ufw/
kubuntu@kubuntu:~/puppet-practices/ufw$ cd ..
kubuntu@kubuntu:~/puppet-practices$ ls
apache exercise2.md git ipython LICENSE README.md ssh ssh_client startup.sh ufw
kubuntu@kubuntu:~/puppet-practices$ sudo apt-get install tree
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
tree
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 40.6 kB of archives.
After this operation, 138 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/universe amd64 tree amd64 1.7.0-3 [40.6 kB]
Fetched 40.6 kB in 0s (148 kB/s)
Selecting previously unselected package tree.
(Reading database ... 166335 files and directories currently installed.)
Preparing to unpack .../tree_1.7.0-3_amd64.deb ...
Unpacking tree (1.7.0-3) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up tree (1.7.0-3) ...
kubuntu@kubuntu:~/puppet-practices$ tree
.
├── apache
│   ├── manifests
│   │   └── init.pp
│   └── templates
│   ├── 000-default.conf.erb
│   ├── apache2.conf.erb
│   └── se-000-default.conf.erb
├── exercise2.md
├── git
│   ├── manifests
│   │   └── init.pp
│   └── templates
│   ├── bash.bashrc.erb
│   └── gitconfig.erb
├── ipython
│   └── manifests
│   └── init.pp
├── LICENSE
├── README.md
├── ssh
│   ├── manifests
│   │   └── init.pp
│   └── templates
│   └── sshd_config.erb
├── ssh_client
│   ├── manifests
│   │   └── init.pp
│   ├── readme.md
│   └── templates
│   └── ssh_config.erb
├── startup.sh
└── ufw

15 directories, 17 files
kubuntu@kubuntu:~/puppet-practices$ mkdir ufw/manifests
kubuntu@kubuntu:~/puppet-practices$ mkdir ufw/templates
kubuntu@kubuntu:~/puppet-practices$ nano ufw/manifests/init.pp
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.47 seconds
Notice: Finished catalog run in 0.11 seconds

First, I merely created the module and ensured that ufw is installed.

kubuntu@kubuntu:~/puppet-practices$ nano ufw/manifests/init.pp
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.68 seconds
Notice: Finished catalog run in 0.14 seconds
kubuntu@kubuntu:~/puppet-practices$ sudo ufw status
Status: inactive
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ssh:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.83 seconds
Notice: /Stage[main]/Ssh/Package[ssh]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Ssh/File[/etc/ssh/sshd_config]/content: content changed '{md5}bd3a2b95f8b4b180eed707794ad81e4d' to '{md5}29d0f7095278b6cbde7e64eea3aec68e'
Notice: /Stage[main]/Ssh/Service[ssh]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 8.40 seconds
kubuntu@kubuntu:~/puppet-practices$ sudo service
service servicemenudeinstallation servicemenuinstallation
kubuntu@kubuntu:~/puppet-practices$ man service
kubuntu@kubuntu:~/puppet-practices$ sudo service --status-all
[ + ] acpid
[ - ] alsa-utils
[ - ] anacron
[ + ] apparmor
[ + ] apport
[ + ] avahi-daemon
[ - ] bluetooth
[ - ] bootmisc.sh
[ - ] checkfs.sh
[ - ] checkroot-bootclean.sh
[ - ] checkroot.sh
[ + ] console-setup
[ + ] cron
[ - ] cryptdisks
[ - ] cryptdisks-early
[ + ] cups
[ + ] cups-browsed
[ + ] dbus
[ + ] grub-common
[ - ] hostname.sh
[ - ] hwclock.sh
[ + ] irqbalance
[ - ] kerneloops
[ + ] keyboard-setup
[ - ] killprocs
[ + ] kmod
[ - ] lvm2
[ + ] lvm2-lvmetad
[ + ] lvm2-lvmpolld
[ - ] mountall-bootclean.sh
[ - ] mountall.sh
[ - ] mountdevsubfs.sh
[ - ] mountkernfs.sh
[ - ] mountnfs-bootclean.sh
[ - ] mountnfs.sh
[ + ] network-manager
[ + ] networking
[ + ] ondemand
[ - ] plymouth
[ - ] plymouth-log
[ - ] pppd-dns
[ + ] procps
[ + ] puppet
[ + ] rc.local
[ + ] resolvconf
[ - ] rsync
[ + ] rsyslog
[ - ] saned
[ + ] sddm
[ - ] sendsigs
[ + ] ssh
[ - ] thermald
[ + ] udev
[ + ] ufw
[ - ] umountfs
[ - ] umountnfs.sh
[ - ] umountroot
[ - ] unattended-upgrades
[ + ] urandom
[ - ] uuidd
[ + ] whoopsie
[ - ] x11-common

Next, enabling the firewall. As can be seen, while service –status-all command reports it to be enabled, UFW itself says that it is disabled. It appears that I have to use exec resource to enable it.

kubuntu@kubuntu:~/puppet-practices$ nano ufw/manifests/init.pp
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.72 seconds
Notice: /Stage[main]/Ufw/Exec[ufw enable]/returns: executed successfully
Notice: Finished catalog run in 1.16 seconds
kubuntu@kubuntu:~/puppet-practices$ sudo ufw status
Status: active

Now UFW is active. Next, I added the desired rules to ufw(sudo ufw allow 22 | sudo ufw allow 80 | sudo ufw allow 443) and went to search for the desired configuration file. It turns out that there are two of them: /etc/ufw/user.rules and /etc/ufw/user6.rules

kubuntu@kubuntu:~/puppet-practices$ cp /etc/ufw/user.rules ufw/templates/user.rules.erb
cp: cannot open '/etc/ufw/user.rules' for reading: Permission denied
kubuntu@kubuntu:~/puppet-practices$ sudo cp /etc/ufw/user.rules ufw/templates/user.rules.erb
kubuntu@kubuntu:~/puppet-practices$ sudo cp /etc/ufw/user6.rules ufw/templates/user6.rules.erb
kubuntu@kubuntu:~/puppet-practices$ man chown
kubuntu@kubuntu:~/puppet-practices$ sudo chown
_apt dnsmasq list proxy sshd systemd-timesync
avahi games lp pulse sync usbmux
avahi-autoipd gnats mail puppet sys uucp
backup hplip man root syslog uuidd
bin irc messagebus rtkit systemd-bus-proxy whoopsie
colord kernoops news saned systemd-network www-data
daemon kubuntu nobody sddm systemd-resolve
kubuntu@kubuntu:~/puppet-practices$ sudo chown kubuntu ufw/templates/user.rules.erb
kubuntu@kubuntu:~/puppet-practices$ sudo chown kubuntu ufw/templates/user6.rules.erb
kubuntu@kubuntu:~/puppet-practices$ nano ufw/templates/user.rules.erb
kubuntu@kubuntu:~/puppet-practices$ nano ufw/manifests/init.pp
kubuntu@kubuntu:~/puppet-practices$ sufo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
No command 'sufo' found, did you mean:
Command 'sumo' from package 'sumo' (universe)
Command 'sudo' from package 'sudo' (main)
Command 'sudo' from package 'sudo-ldap' (universe)
sufo: command not found
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.91 seconds
Notice: Finished catalog run in 0.36 seconds

Next, I changed a rule in ufw to see if restarting it works.

kubuntu@kubuntu:~/puppet-practices$ sudo ufw allow 2222
Rule added
Rule added (v6)
kubuntu@kubuntu:~/puppet-practices$ sudo puppet apply --modulepath /home/kubuntu/puppet-practices/ -e class{"ufw:"}
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.89 seconds
Notice: /Stage[main]/Ufw/File[/etc/ufw/user.rules]/content: content changed '{md5}b1d67a1bf2e623ecf6d1acccbe2b053e' to '{md5}d923f93c4e8f5c5244b3db0faa9cc18b'
Notice: /Stage[main]/Ufw/File[/etc/ufw/user6.rules]/content: content changed '{md5}7ddf56500edc7660f8155b0e32f6b910' to '{md5}5df31e42b0efc24b1d1aa23f3c15f7fb'
Notice: /Stage[main]/Ufw/Service[ufw]: Triggered 'refresh' from 2 events
Notice: Finished catalog run in 1.14 seconds
kubuntu@kubuntu:~/puppet-practices$ sudo ufw status
Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

The module is now fully functional. Time elapsed: 1 hour and 5 minutes

Sources:
http://terokarvinen.com/2017/aikataulu-%e2%80%93-palvelinten-hallinta-ict4tn022-2-%e2%80%93-5-op-uusi-ops-loppukevat-2017-p2
https://jorilaine.wordpress.com/2016/11/13/h6/

Playing with Puppet part 1

The relevant files can be found here: https://github.com/Spodah/puppet-practices
I began the exercise at 2017-4-3 22:45 local time. The exercise was done HP pavillion p6-2020sc using Kubuntu 16.04.2 from live-USB

First, installing Puppet: sudo apt-get update, sudo apt-get install puppet

Then, checking that the environment is sane and the installation works: kubuntu@kubuntu:~$ sudo puppet apply -e ‘file { “/tmp/hellopuppet”: content => “Hello World\n” }’
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.16 seconds
Notice: /Stage[main]/Main/File[/tmp/hellopuppet]/ensure: defined content as ‘{md5}e59ff97941044f85df5297e1c302d260’
Notice: Finished catalog run in 0.02 seconds
Testing that puppet did what it said it did:
kubuntu@kubuntu:~$ cat /tmp/hellopuppet
Hello World

The environment appears to be working as it should be. By now it was 22:57. In the next part, I attempted to create a puppet module that creates a text file and installs the latest version of IPython 3.
kubuntu@kubuntu:~$ cd /etc/puppet/
kubuntu@kubuntu:/etc/puppet$ ls
etckeeper-commit-post etckeeper-commit-pre manifests modules puppet.conf
kubuntu@kubuntu:/etc/puppet$ cd modules
kubuntu@kubuntu:/etc/puppet/modules$ ls
kubuntu@kubuntu:/etc/puppet/modules$ mkdir ipython
mkdir: cannot create directory ‘ipython’: Permission denied
kubuntu@kubuntu:/etc/puppet/modules$ sudo mkdir ipython
kubuntu@kubuntu:/etc/puppet/modules$ cd ipython
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo mkdir modules
kubuntu@kubuntu:/etc/puppet/modules/ipython$ cd modules
After this, I created file init.pp. The initial version only creates a file in /tmp/(see github) and adds text to it, just like the hello world script above.
Next, testing the file:
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ sudo puppet ipython
Error: Unknown Puppet subcommand ‘ipython’
See ‘puppet help’ for help on available puppet subcommands
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ sudo puppet -e ipython
Error: Could not parse application options: invalid option: -e
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ sudo puppet apply -e ipython
Error: Could not parse for environment production: Syntax error at end of file at line 1 on node kubuntu.elisa
Error: Could not parse for environment production: Syntax error at end of file at line 1 on node kubuntu.elisa
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ sudo nano init.pp
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ sudo puppet apply -e ‘class{“ipython”:}’
Error: Puppet::Parser::AST::Resource failed with error ArgumentError: Could not find declared class ipython at line 1 on node kubuntu.elisa
Error: Puppet::Parser::AST::Resource failed with error ArgumentError: Could not find declared class ipython at line 1 on node kubuntu.elisa
kubuntu@kubuntu:/etc/puppet/modules/ipython/modules$ cd ..
kubuntu@kubuntu:/etc/puppet/modules/ipython$ ls
modules
kubuntu@kubuntu:/etc/puppet/modules/ipython$ cd ..
kubuntu@kubuntu:/etc/puppet/modules$ ls
ipython
kubuntu@kubuntu:/etc/puppet/modules$ cd ipython
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo mkdir manifests
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo mv ./modules/init.pp ./manifests/init.pp
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo del modules
sudo: del: command not found
kubuntu@kubuntu:/etc/puppet/modules/ipython$ cat manifests/init.pp
class ipython {
file { ‘/tmp/ipython’:
content => “Playing with puppets\n”
}
}
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo rmdir modules
kubuntu@kubuntu:/etc/puppet/modules/ipython$ sudo puppet apply -e ‘class{“ipython”:}’
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.16 seconds
Notice: /Stage[main]/Ipython/File[/tmp/ipython]/ensure: defined content as ‘{md5}38028b51833135efa362820b0daa7f8e’
Notice: Finished catalog run in 0.03 seconds
kubuntu@kubuntu:/etc/puppet/modules/ipython$ cat /tmp/ipython
Playing with puppets

After a few mistakes, the module was finally working. Next, making it install ipython3 as well. Again, the modified files are in github.
kubuntu@kubuntu:/etc/puppet/modules/ipython/manifests$ sudo puppet apply -e ‘class{“ipython”:}’
Notice: Compiled catalog for kubuntu.elisa in environment production in 0.67 seconds
Notice: /Stage[main]/Ipython/Package[ipython3]/ensure: ensure changed ‘purged’ to ‘latest’
Notice: Finished catalog run in 5.89 seconds
kubuntu@kubuntu:/etc/puppet/modules/ipython/manifests$ ipython3
Python 3.5.2 (default, Nov 17 2016, 17:05:23)
Type “copyright”, “credits” or “license” for more information.

IPython 2.4.1 — An enhanced Interactive Python.
? -> Introduction and overview of IPython’s features.
%quickref -> Quick reference.
help -> Python’s own help system.
object? -> Details about ‘object’, use ‘object??’ for extra details.

In [1]:
Here we can see that IPython3 was working as well. Now the time was 23:46.

Sources: http://terokarvinen.com/2017/aikataulu-%e2%80%93-palvelinten-hallinta-ict4tn022-2-%e2%80%93-5-op-uusi-ops-loppukevat-2017-p2
http://terokarvinen.com/2013/hello-puppet-revisited-%E2%80%93-on-ubuntu-12-04-lts
https://docs.puppet.com/puppet/latest/types/package.html

IT-pro messut: Tietoturva demo

Torstaina messuilla seurasin esitystä Kyberturvallisuuden tekninen demo, jonka piti Anssi Porttikivi. Demo ja sitä seurannut keskustelu keskittyivät ransomware-tyyppisiin haittaohjelmiin(eli ohjelmiin, jotka päästyään koneelle kryptaavat koneen kiintolevyn, sekä mahdollisuuksien mukaan verkkokiintolevyt, varokopiot, ja kaiken muun johon vain saavat kirjoitusoikeudet), mutta demossa itsessään käytetyt tekniikat pätevät muihinkin haittaohjelmiin ja mahdollisiin tietomurtoihin.

Demossa kävi suurin piirtein näin: Käyttäjälle tuli kiireellinen sähköposti, jonka sisältämä Excel-taulukko piti nopeasti avata ja lähettää eteenpäin. Vaikka tietoturva-asiat oli periaattessa otettu huomioon (virustorjunta ohjelma oli käytössä, Excelin makrot oli poistettu käytöstä, demosta ei selvinnyt olivatko kaikki käytetyt ohjelmat päivitetty viimeisimpiin versioihin – huomattava on kuitenkin, että Windowsia ilmeisesti käytettiin admin oikeuksilla, mitä ei tietenkään pitäisi tehdä, mutta suuri osa ihmisistä kuitenkin tekee), haittaohjelma pystyttiin silti lataamaan koneelle ja käynnistämään Excelin avulla, virustorjunnasta huolimatta. Itse kryptausta tai lunnasvaatimusta ei simuloitu.

Demonstraatio oli(hienoisista teknisistä vaikeuksista huolimatta – Porttikivi ei ilmeisesti saanut lupaa käyttää omaa tietokonettaan demoon, mikä tietenkin vaikeutti asioita) hyvin tehty ja suunniteltu. Itse tilanne vaikutti hyvinkin realistiselta. Ransomware on yleinen ongelma(yleisöstä noin joka kymmenes oli – tai heidän edustamansa yritys oli – joutunut sen uhriksi nopean kyselyn perusteella) ja siinä liikkuu kasvavia rahasummia, joten esitys oli myös ajankohtainen. Oli mielenkiintoista nähdä, kuinka vaikka kyseistä taulukkolaskenta ohjelmaan käytettiin periaattessa “turvallisesti”,  sen avulla pystyi silti murtautumaan käyttäjän koneeseen. Tässä kuitenkin vaadittiin käyttäjän omia toimia(tarkoitukseen valmistellun tiedoston avaamista Excelillä – olisikohan se toiminut jos tiedosto olisi avattu muulla taulukkolaskenta ohjelmalla?), joten kyseessä ei ole satavarma murtautuminen. Joitakin asioita jätettiin myös mainitsematta – esimerkiksi se, mitä virustorjunta ohjelmaa käytettiin ja olivatko käytetyt ohjelmat ajantasalla, vai olisiko päivitetty järjestelmä torjunut hyökkäyksen. Vaikka ihan kaikkea ei esityksestä selvinnytkään, oli se mielenkiintoisin niistä esityksistä joita iltapäivän mittaan seurasin.

Internet of Things työpaja osa 2

WP_20170321_15_20_38_Pro
Arduino uno ja DHT11 sensori

DHT11 ilmankosteuden mittari aiheutti meille eniten ongelmia. Keskiviikkona DHT11 lakkasi toimimasta ja piti vaihtaa uuteen, mutta sen jälkeenkin se temppuili

WP_20170322_15_14_56_Pro
Vasemmalla ylhäällä Funduino sensori

Fundoino oli helpompi saada toimimaan. Pääasiallisena ongelmana siinä on, ettei se ilmeisesti tuota tuloksia missään konkreettisessa yksikössä, eikä sen dokumentaatiosta ollut myöskään apua.

WP_20170323_15_13_24_Pro

Tämän jälkeen lisäsimme valovastuksen, jolla mittaamme valoisuutta. Se ei myöskään tuo ulos tarkkaa dataa, mutta tässä tapauksessa sen pääasiallinen tehtävä on vain varmistaa, että valot ovat päällä ja toimivat, joten tarkkuudella ei ole väliä.

WP_20170323_15_13_31_Pro

WP_20170324_09_16_24_Pro
Prototyyppi esittely valmiina!

Projektin lähdekoodit löytyvät täältä: https://github.com/Spodah/Tomaattivahti

Lähteet: http://terokarvinen.com/2016/internet-of-things-tyopaja-ict8tn017-1-intensiiviviikon-w12
http://iot.botbook.com/
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4235429/
http://playground.arduino.cc//Main/DHTLib

Internet of Things työpaja osa 1

Tekijät: Juuso Puroila, Leo Koskiluoma – Leon blogi projektista täällä: https://koskiluoma.wordpress.com/2017/03/23/iot-projekti-tomaattivahti-wip/

Työpajassa teemme kasvihuonetta tai muuta kasvatusympäristöä valvovaa sensoria, joka ilmankosteuden, lämpötilan tai mullan kosteuden raja-arvojen ylittyessä lähettää sähköpostin haluttuihin osoitteisiin. Lisäksi se tarkistaa, että valot toimivat

Tarvikkeet: Arduino Uno: https://www.arduino.cc/en/Main/ArduinoBoardUno

DHT11 -ilmankosteuden mittari: http://www.micropik.com/PDF/dht11.pdf

Funduino – maankosteuden mittari: http://www.fecegypt.com/uploads/dataSheet/1480854383_water%20and%20soil.pdf

Arduino KY-018 Photo resistor module – valon kirkkaus mittari: https://tkkrlab.nl/wiki/Arduino_KY-018_Photo_resistor_module

Tarkoitus oli valvoa myös ilman hiilidioksidipitoisuutta, mutta valitettavasti emme saaneet sopivaa sensoria käsiimme.

Tomaateille sopivat raja-arvot ovat: Suhteellinen ilmankosteus 30%-90% Lämpötila 10C-35C. Mullan kosteudesta ei vastaavia raja-arvoja ole helposti määritettävissä, mutta sensorin dokumentaatio käyttää esimerkkinä sopivasta välistä 300-700. Valosensorille määritimme yläarvoksi testaukseen 500(arvo siis on sitä matalampi, mitä kirkkaampaa valo on). Käytännössä valon tulisi varmaankin olla kirkkaampi vastatakseen auringonvaloa, sillä epäsuorassa, ikkunan läpi tulevassa valossa sen arvoksi tuli noin 240. Tästä päätellen sopivampi arvo voisi olla noin 250-300.

Lähteet: http://terokarvinen.com/2016/internet-of-things-tyopaja-ict8tn017-1-intensiiviviikon-w12
http://iot.botbook.com/
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4235429/
http://playground.arduino.cc//Main/DHTLib

VPS + domain nimi

Aloitin tehtävänteon 17:27 sunnuntaina navigoimalla Digital Oceanin sivulle ja luomalla dropletin(Ubuntu 16.04>$5/month>Frankfurt1). Kun VPS oli luotu, avasin terminaalin.

ssh root@46.101.120.73
useradd juuso -p
cat /etc/group
root@spodah:~# usermod juuso -Ga adm,sudo,admin
usermod: group ‘a’ does not exist
root@spodah:~# man usermod
man: can’t set the locale; make sure $LC_* and $LANG are correct
root@spodah:~# usermod juuso -aG adm, sudo, admin
usermod: group ” does not exist
root@spodah:~# usermod juuso -aG adm,sudo,admin
passwd juuso

Tämän jälkeen testasin että käyttäjänimi toimii ja sudo toimii(sudo apt-get update). Sen jälkeen lukitsin root-tunnuksen komennolla sudo passwd -l root

Sitten palomuuri:$ sudo ufw allow 22/tcp
Rules updated
Rules updated (v6)
$ sudo ufw allow 80/tcp
Rules updated
Rules updated (v6)
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Tässä vaiheessa kello oli jo 18:13 ja huomasin että tab-täydennys ei toimi. Ilmeisesti syynä oli se, että muut kuin root käyttävät oletuksena Dashia eivätkä bashia.

chsh -s /bin/bash juuso

Tämä korjasi asian. Sitten apache:
juuso@spodah:~$ sudo apt-get install apache2

Tämän jälkeen toteutin https://juusopuroila.wordpress.com/2017/02/07/apache2/ kuvatut askeleet.Lopputuloksena 403 virheilmoitus. Tässä vaiheessa kello oli 18:47 ja minulla oli muuta tehtävää, joten loput on tehty tiistai aamuna.

Seuraamalla http://stackoverflow.com/questions/5891802/how-do-i-change-the-root-directory-of-an-apache-server ohjeita muokkasin /etc/apache2/apache2.conf tiedostoa ja vaihdoin

<Directory /var/www/>
<Directory /home/juuso/>

Lopputulos: Screenshot from 2017-03-07 10-49-42

Sitten nimipalvelin. .me nimi oli ilmainen namecheap.com:in kautta.

Screenshot from 2017-03-07 11-18-14

Nimipalvelin toimii:

Screenshot from 2017-03-07 11-26-22.png

LAMP

Aloitin tehtävän teon 20:37 maanantai iltana. Ensimmäiseksi asensin Apachen uudelleen:

sudo apt-get install apache2

Tämän jälkeen testasin sen toimivuuden:Screenshot from 2017-02-13 20-39-18.png

Apache toimii, seuraavaksi php:

sudo apt-get install libapache2-mod-php php7.0

sudo a2enmod userdir

cd /etc/apache2

ls

cd mods-available/

sudoedit php7.0.conf //tämä siis, jotta php toimii kotikansiossa

service apache2 restart

Kello oli tässä vaiheessa 20:51

Sen testaaminen:

cd; mkdir public_html

cd public_html

juuso@juuso-p6-2020sc:~/public_html$ curl localhost/~juuso/; echo
4

PHP toimii, tässä vaiheessa 21:05

Seuraavaksi MySQL

sudo apt-get install php-mysql mysql-server mysql-client

Tässä vaiheessa luodaan myös turvallinen salasana MySQL:lle. Sitten testataan:

juuso@juuso-p6-2020sc:~/public_html$ mysql
ERROR 1045 (28000): Access denied for user ‘juuso’@’localhost’ (using password: NO)
juuso@juuso-p6-2020sc:~/public_html$ mysql -up
ERROR 1045 (28000): Access denied for user ‘p’@’localhost’ (using password: NO)
juuso@juuso-p6-2020sc:~/public_html$ mysql -uroot –password

mysql> CREATE DATABASE arachnids CHARACTER SET utf8;
Query OK, 1 row affected (0,00 sec)

mysql> SHOW DATABASES;
+——————–+
| Database |
+——————–+
| information_schema |
| arachnids |
| mysql |
| performance_schema |
| sys |
+——————–+
5 rows in set (0,01 sec)

mysql> GRANT ALL ON arachnids.* TO arachnids@localhost IDENTIFIED BY ‘adfs93245ng’;
Query OK, 0 rows affected, 1 warning (0,00 sec)

mysql> exit

juuso@juuso-p6-2020sc:~$ mysql -uarachnids -p

mysql> CREATE DATABASE test;
ERROR 1044 (42000): Access denied for user ‘arachnids’@’localhost’ to database ‘test’
mysql> USE student;
ERROR 1044 (42000): Access denied for user ‘arachnids’@’localhost’ to database ‘student’
mysql> USE arachnids;
Database changed
mysql> CREATE TABLE arachnids (id INT AUTO_INCREMENT PRIMARY KEY, name varchar(1024));
Query OK, 0 rows affected (0,19 sec)

mysql> DESCRIBE arachnids;
+——-+—————+——+—–+———+—————-+
| Field | Type | Null | Key | Default | Extra |
+——-+—————+——+—–+———+—————-+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | varchar(1024) | YES | | NULL | |
+——-+—————+——+—–+———+—————-+
2 rows in set (0,01 sec)

mysql> INSERT INTO arachnids(name) VALUES (“hämähäkki”);
Query OK, 1 row affected (0,02 sec)

mysql> SHOW DATABASES;
+——————–+
| Database |
+——————–+
| information_schema |
| arachnids |
+——————–+
2 rows in set (0,00 sec)

mysql> SELECT * FROM arachnids;
+—-+————–+
| id | name |
+—-+————–+
| 1 | hämähäkki |
+—-+————–+
1 row in set (0,00 sec)

mysql> UPDATE arachnids SET name=”spider” WHERE name=”hämähäkki”;
Query OK, 1 row affected (0,02 sec)
Rows matched: 1 Changed: 1 Warnings: 0

mysql> SELECT * FROM arachnids;
+—-+——–+
| id | name |
+—-+——–+
| 1 | spider |
+—-+——–+
1 row in set (0,01 sec)

mysql> DELETE FROM arachnids WHERE name=”spider”;
Query OK, 1 row affected (0,03 sec)

mysql> SELECT * FROM arachnids;
Empty set (0,00 sec)

mysql>

Täten voitiin todeta, että myös MySQL toimii, ja kaikki LAMPin komponentit on kasassa. Tässä vaiheessa kello oli 21:30.

Ja tässä log.txt: http://pastebin.com/BtdjuV19

Apache2

Aloitin tehtävän tekemisen noin 21:12 tehtävässä 1 mainitulla koneella käytössäni olevalla Lubuntu 16.10.

sudo apt-get update ; sudo apt-get install apache2 ; man apache2.

Terminaaliloki:

juuso@juuso-p6-2020sc:~$ apache2ctl
Usage: /usr/sbin/apache2ctl start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus|help
/usr/sbin/apache2ctl
/usr/sbin/apache2ctl -h            (for help on )
juuso@juuso-p6-2020sc:~$ apache2ctl configtest
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK
juuso@juuso-p6-2020sc:~$ apache2ctl start
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Action ‘start’ failed.
The Apache error log may have more information.
juuso@juuso-p6-2020sc:~$ sudo apache2ctl start
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
httpd (pid 3730) already running
juuso@juuso-p6-2020sc:~$ apache2 stop
Usage: apache2 [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
-D name            : define a name for use in directives
-d directory       : specify an alternate initial ServerRoot
-f file            : specify an alternate ServerConfigFile
-C “directive”     : process directive before reading config files
-c “directive”     : process directive after reading config files
-e level           : show startup errors of level (see LogLevel)
-E file            : log startup errors to file
-v                 : show version number
-V                 : show compile settings
-h                 : list available command line options (this page)
-l                 : list compiled in modules
-L                 : list available configuration directives
-t -D DUMP_VHOSTS  : show parsed vhost settings
-t -D DUMP_RUN_CFG : show parsed run settings
-S                 : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
-t -D DUMP_MODULES : show all loaded modules
-M                 : a synonym for -t -D DUMP_MODULES
-t                 : run syntax check for config files
-T                 : start without DocumentRoot(s) check
-X                 : debug mode (only one worker, do not detach)
juuso@juuso-p6-2020sc:~$ apache2ctl stop
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
httpd (pid 3730?) not running

screenshot-from-2017-02-07-21-29-05

 

Loki: 127.0.0.1 – – [07/Feb/2017:21:27:12 +0200] “GET / HTTP/1.1” 200 3525 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.9) Gecko/20100101 Goanna/3.0 Firefox/45.9 PaleMoon/27.0.3”