Xiaomi 13 Air

 

 

Distributions tested:

Debian 8 – KO

Debian 9 – OK

Ubuntu 16.10 – OK

Did not dig too much but the issue looks related to the grub version. Debain 9 and Ubuntu 16.10 installed fine once disabled UEFI in the BIOS.

Currently installed, Debian 9.

Installed Slack, Skype, Spotify and no issues. Microphone, speakers and cam working.

Wifi. Had to

blacklist acer-wmi

And install

/lib/firmware/iwlwifi-8000C-18.ucode

This last step for Debian only. Ubuntu works once blacklisted acer-wmi.

A usb to ethernet during the installation is a good idea.

Nvidia not available at the moment but this proprietary driver seems to support it under Gnu/Linux:

http://www.nvidia.com/download/driverResults.aspx/97473/en-us

glxgears
Running synchronized to the vertical refresh. The framerate should be
approximately the same as the monitor refresh rate.
315 frames in 5.0 seconds = 62.956 FPS
300 frames in 5.0 seconds = 59.934 FPS
300 frames in 5.0 seconds = 59.933 FPS
300 frames in 5.0 seconds = 59.935 FPS
300 frames in 5.0 seconds = 59.933 FPS

 

lshw:

description: Notebook
product: TM1613 (Sku Number)
vendor: Timi
version: A05
serial: xxxxxxxxxxxxxxx
width: 64 bits
capabilities: smbios-2.8 dmi-2.8 smp vsyscall32
configuration: chassis=notebook family=Timibook sku=Sku Number uuid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
*-core
description: Motherboard
product: TM1613
vendor: Timi
physical id: 0
version: A05
serial: xxxxxxxxxxxxxxxxxxxxxxxxx
slot: Type2 – Board Chassis Location
*-firmware
description: BIOS
vendor: Insyde Corp.
physical id: 0
version: A05
date: 08/11/2016
size: 128KiB
capacity: 8128KiB
capabilities: pci upgrade shadowing cdboot bootselect edd int9keyboard int10video acpi usb biosbootspecification uefi
*-cpu
description: CPU
product: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
vendor: Intel Corp.
physical id: 4
bus info: cpu@0
version: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
serial: To Be Filled By O.E.M.
slot: U3E1
size: 2700MHz
capacity: 4005MHz
width: 64 bits
clock: 100MHz
capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp cpufreq
configuration: cores=2 enabledcores=2 threads=4
*-cache:0
description: L1 cache
physical id: 6
slot: L1 Cache
size: 64KiB
capacity: 64KiB
capabilities: synchronous internal write-back instruction
configuration: level=1
*-cache:1
description: L2 cache
physical id: 7
slot: L2 Cache
size: 512KiB
capacity: 512KiB
capabilities: synchronous internal write-back unified
configuration: level=2
*-cache:2
description: L3 cache
physical id: 8
slot: L3 Cache
size: 3MiB
capacity: 3MiB
capabilities: synchronous internal write-back unified
configuration: level=3
*-cache
description: L1 cache
physical id: 5
slot: L1 Cache
size: 64KiB
capacity: 64KiB
capabilities: synchronous internal write-back data
configuration: level=1
*-memory
description: System Memory
physical id: f
slot: System board or motherboard
size: 8GiB
*-bank:0
description: SODIMM DDR4 Synchronous 2133 MHz (0.5 ns)
product: M471A1K43BB0-CPB
vendor: Samsung
physical id: 0
serial: 00000000
slot: ChannelA-DIMM0
size: 8GiB
width: 64 bits
clock: 2133MHz (0.5ns)
*-bank:1
description: [empty]
physical id: 1
slot: ChannelA-DIMM1
*-bank:2
description: [empty]
physical id: 2
slot: ChannelB-DIMM0
*-bank:3
description: [empty]
physical id: 3
slot: ChannelB-DIMM1
*-pci
description: Host bridge
product: Skylake Host Bridge/DRAM Registers
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 08
width: 32 bits
clock: 33MHz
*-display
description: VGA compatible controller
product: HD Graphics 520
vendor: Intel Corporation
physical id: 2
bus info: pci@0000:00:02.0
version: 07
width: 64 bits
clock: 33MHz
capabilities: pciexpress msi pm vga_controller bus_master cap_list rom
configuration: driver=i915 latency=0
resources: irq:281 memory:a2000000-a2ffffff memory:b0000000-bfffffff ioport:5000(size=64) memory:c0000-dffff
*-usb
description: USB controller
product: Sunrise Point-LP USB 3.0 xHCI Controller
vendor: Intel Corporation
physical id: 14
bus info: pci@0000:00:14.0
version: 21
width: 64 bits
clock: 33MHz
capabilities: pm msi xhci bus_master cap_list
configuration: driver=xhci_hcd latency=0
resources: irq:275 memory:a4200000-a420ffff
*-usbhost:0
product: xHCI Host Controller
vendor: Linux 4.8.0-2-amd64 xhci-hcd
physical id: 0
bus info: usb@1
logical name: usb1
version: 4.08
capabilities: usb-2.00
configuration: driver=hub slots=12 speed=480Mbit/s
*-usb:0
description: Mouse
product: USB Receiver
vendor: Logitech
physical id: 1
bus info: usb@1:1
version: 30.00
capabilities: usb-2.00
configuration: driver=usbhid maxpower=98mA speed=12Mbit/s
*-usb:1
description: Keyboard
product: USB NetVista Full Width Keyboard.
vendor: LITE-ON Technology
physical id: 4
bus info: usb@1:4
version: 1.09
capabilities: usb-1.10
configuration: driver=usbhid maxpower=70mA speed=2Mbit/s
*-usb:2
description: Video
product: XiaoMi USB 2.0 Webcam
vendor: SunplusIT Inc
physical id: 5
bus info: usb@1:5
version: 1.03
capabilities: usb-2.00
configuration: driver=uvcvideo maxpower=500mA speed=480Mbit/s
*-usb:3
description: Bluetooth wireless interface
vendor: Intel Corp.
physical id: 7
bus info: usb@1:7
version: 0.01
capabilities: bluetooth usb-2.00
configuration: driver=btusb maxpower=100mA speed=12Mbit/s
*-usbhost:1
product: xHCI Host Controller
vendor: Linux 4.8.0-2-amd64 xhci-hcd
physical id: 1
bus info: usb@2
logical name: usb2
version: 4.08
capabilities: usb-3.00
configuration: driver=hub slots=6 speed=5000Mbit/s
*-communication
description: Communication controller
product: Sunrise Point-LP CSME HECI #1
vendor: Intel Corporation
physical id: 16
bus info: pci@0000:00:16.0
version: 21
width: 64 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list
configuration: driver=mei_me latency=0
resources: irq:280 memory:a422a000-a422afff
*-storage
description: SATA controller
product: Sunrise Point-LP SATA Controller [AHCI mode]
vendor: Intel Corporation
physical id: 17
bus info: pci@0000:00:17.0
version: 21
width: 32 bits
clock: 66MHz
capabilities: storage msi pm ahci_1.0 bus_master cap_list
configuration: driver=ahci latency=0
resources: irq:276 memory:a4228000-a4229fff memory:a422d000-a422d0ff ioport:5080(size=8) ioport:5088(size=4) ioport:5060(size=32) memory:a422b000-a422b7ff
*-pci:0
description: PCI bridge
product: Intel Corporation
vendor: Intel Corporation
physical id: 1c
bus info: pci@0000:00:1c.0
version: f1
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:16 ioport:4000(size=4096) memory:a3000000-a3ffffff ioport:90000000(size=301989888)
*-display
description: 3D controller
product: NVIDIA Corporation
vendor: NVIDIA Corporation
physical id: 0
bus info: pci@0000:01:00.0
version: a2
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list
configuration: driver=nouveau latency=0
resources: irq:283 memory:a3000000-a3ffffff memory:90000000-9fffffff memory:a0000000-a1ffffff ioport:4000(size=128)
*-pci:1
description: PCI bridge
product: Sunrise Point-LP PCI Express Root Port #5
vendor: Intel Corporation
physical id: 1c.4
bus info: pci@0000:00:1c.4
version: f1
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:16 memory:a4100000-a41fffff
*-network
description: Wireless interface
product: Wireless 8260
vendor: Intel Corporation
physical id: 0
bus info: pci@0000:02:00.0
logical name: wlp2s0
version: 3a
serial: a0:c5:89:18:f8:ad
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless
configuration: broadcast=yes driver=iwlwifi driverversion=4.8.0-2-amd64 firmware=18.266249.0 ip=192.168.35.219 latency=0 link=yes multicast=yes wireless=IEEE 802.11
resources: irq:282 memory:a4100000-a4101fff
*-pci:2
description: PCI bridge
product: Sunrise Point-LP PCI Express Root Port #9
vendor: Intel Corporation
physical id: 1d
bus info: pci@0000:00:1d.0
version: f1
width: 32 bits
clock: 33MHz
capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
configuration: driver=pcieport
resources: irq:16 ioport:3000(size=4096) memory:a4000000-a40fffff
*-storage
description: Non-Volatile memory controller
product: NVMe SSD Controller
vendor: Samsung Electronics Co Ltd
physical id: 0
bus info: pci@0000:03:00.0
version: 01
width: 64 bits
clock: 33MHz
capabilities: storage pm msi pciexpress msix nvm_express bus_master cap_list
configuration: driver=nvme latency=0
resources: irq:16 memory:a4000000-a4003fff ioport:3000(size=256)
*-isa
description: ISA bridge
product: Sunrise Point-LP LPC Controller
vendor: Intel Corporation
physical id: 1f
bus info: pci@0000:00:1f.0
version: 21
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-memory UNCLAIMED
description: Memory controller
product: Sunrise Point-LP PMC
vendor: Intel Corporation
physical id: 1f.2
bus info: pci@0000:00:1f.2
version: 21
width: 32 bits
clock: 33MHz (30.3ns)
capabilities: bus_master
configuration: latency=0
resources: memory:a4224000-a4227fff
*-multimedia
description: Audio device
product: Sunrise Point-LP HD Audio
vendor: Intel Corporation
physical id: 1f.3
bus info: pci@0000:00:1f.3
version: 21
width: 64 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list
configuration: driver=snd_hda_intel latency=32
resources: irq:284 memory:a4220000-a4223fff memory:a4210000-a421ffff
*-serial
description: SMBus
product: Sunrise Point-LP SMBus
vendor: Intel Corporation
physical id: 1f.4
bus info: pci@0000:00:1f.4
version: 21
width: 64 bits
clock: 33MHz
configuration: driver=i801_smbus latency=0
resources: irq:16 memory:a422c000-a422c0ff ioport:5040(size=32)

Faz e Belfast

Storia di un pessimo servizio, storia di un ottimo servizio.

Quattro giorni dopo essere arrivato a Belfast, sia il portatile che il tablet smettono di ricaricarsi, a quattro ore di distanza l’uno dall’altro, di Sabato.

Corro verso il centro, chiedendo a Massimo Manganaro di cercare su Google un riparatore. Ne trova uno a 100 metri da dove sono io, in pieno centro, Pottinger Entry. Entro, lascio il portatile e corro a cercare un telefono (il tablet faceva da telefono).

Troppo tardi, alle 17:30 qui inizia a desertificarsi. Con la poca batteria che rimane avviso chi di dovere, ciao mamma eh, che per quella sera non sarò raggiungibile.

La Domenica, rigorosamente di pomeriggio che qui la mattina non si muove una foglia, vado da Argos e prendo un Moto G seconda generazione. Torno a casa, configuro tutto e torno online.

Nelle 2 settimane seguenti passo ogni tanto dal negozio per sapere che ne è del portatile.

“Lo apro domani”.
“Ho ordinato il pezzo”
“Non arriva il pezzo”
“Tiro via il pezzo da un altro computer, passa domani”

Fino ad arrivare a oggi, 16 giorni dopo, con:

“Non ho il pezzo, nemmeno quelli dei vecchi Vaio che ho qui vanno bene, non riesco ad aggiustarlo”.

Esco e vado veloce verso Templemoore, dove tempo prima avevo visto un riparatore.

Entro, trovo un ragazzo indiano che guarda prova con un tester l’alimentatore poi guarda l’attacco al Vaio e sentenzia:

“L’attacco non è ben fermo. Apro il pc, lo fermo e dovrebbe essere tutto a posto”.

“Ok, quando me lo dai”, dico io.

“Fra un’oretta”, dice lui.

Seeeeeeeeeeeeeeeeeeeeeeee.

“Allora vado a fare la spesa, sto cercando una pentola per il sugo”.

“Ah, se al semaforo giri a destra, poi al prossimo a sinistra e vai sempre dritto, dopo un kilometro trovi un grosso tesco e lì hanno tutto. Per quando torni dovrebbe essere pronto, lasciamo il numero di cellulare che quando è pronto ti mando un sms”.

Vado, il Tesco è lì dove mi aveva detto, ci trovo una pentola, un po’ piccolina ma meglio che niente, e pasta italiana, pure il pesto.

Finisco la spesa, mi avvio al ritorno pensando di passare per il negozio e dire che si, ma anche domani va bene.

Ding! Il telefono riceve un sms: “Gentile cliente, bla, bla, passi dentro che è pronto”.

Urka!

Passo dentro. Faz, il proprietario è lì che riconsegna un cellulare a un suo cliente con il quale è in confidenza.

“Era solo il connettore allentato, non ho cambiato nessun pezzo, facciamo 20 sterline e va bene”.

Iniziamo a parlare, tutti e tre, il cliente, nord irlandese mi spiega un po’ di idiosincrasie dell’accento di Belfast, si parla dell’Italia, della Francia, di macchine.

Nel frattempo Faz va nel retro e ci chiede se vogliamo del caffé o del té. Vada per quest’ultimo.

Doveva chiudere alle 19 perché, dice lui, apre la mattina verso le 10:30 tanto sono tutti al lavoro e chi ci va da lui a farsi riparare computer, telefoni e tv. E’ la sera, dopo il lavoro che vengono e, mi pare, non abbia tutti i torti, visto che io sono andato lì e a quell’ora molti dei suoi concorrenti sono chiusi da un pezzo.

Si chiacchera fino alle otto meno un quarto. Ops, si è fatto tardi, mannaggia, ho il mocio, la scopa, un secchio e una borsata di roba.

“Non ti preoccupare, ti porto io a casa, tanto ho la macchina”.

Eh?????

“Ma si, io senza macchina non potrei vivere, ma ti pare che debba mettermi ad aspettare l’autobus? Io a casa guidavo da quando avevo 12 anni!”.

Salutiamo il suo amico, mi carica in macchina insieme alle mie cose e mi lascia vicino casa salutandomi calorosamente e dicendo che si, si era goduto la chiacchierata e l’energia positiva che ne era scaturita.

Domani sono di nuovo da lui a portare il tablet, mentre ora sto scrivendo dal mio vecchio portatile, finalmente di nuovo fra le mie mani.

Non per fare pubblicità, ma se vi trovate a Belfast, passate da idevice ad Albertsbridge Road e fatevi offrire un té!

Nagios: Sending SMS notifications through gsmsmsd

Critical, that’s a point you would not ever want to reach. Monitoring is all, or quite all, on recovering a situation before it becomes a problem.

When it becomes a problem, you must move quickly and solve the issue.

So,  when you have a problem, we do not need a genius, we need flat, plain procedures which help you to undestand that

  1. There’s a problem
  2. How fast you need to move
  3. How to solve it

To help you to understand the severity of a problem, there’s a common practice: what is really critical to you business must be notified with a less used, probably more expensive channel. So, using sms adresses these needs. Reading and dealing with a SMS text message is far more unconfortable than working with emails, but reaches you in a more pervasive way than other channes. Sending emails is virtually free of costs, SMS costs. So, you use sms just to read important messages, your daddy who want’s to know where you are, the one you love who reminds  you about buyng milk coming back home, your dear Nagios alerting you on a CRITICAL, really critical problem on you IT infrastructure.

On the SMS server side

So, let’s start with the sms server part. On the server you must be sure that gsmsend is always on, watching the right directory and with its hands (doh, does gsmsend has hands?) on the terminal connected to the sms modem (I used a Fastrack Supreme 10, serial, for this post).

If you issue a command like

ps ax | grep gsmsmsd

you should see something like:

/usr/bin/gsmsmsd -d /dev/ttyS0 -s /var/spool/sms/

How to reach this goal? Simple, let’s have a look to the root user crontab:

crontab -l root

And here’s what we can see:

* * * * * /usr/local/sbin/check_gsmsmsd

Using the following chart, it’s easy to undestand what we found in the crontab.

 # * * * * *  command to execute
 # │ │ │ │ │
 # │ │ │ │ │
 # │ │ │ │ └───── day of week (0 - 6) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0)
 # │ │ │ └────────── month (1 - 12)
 # │ │ └─────────────── day of month (1 - 31)
 # │ └──────────────────── hour (0 - 23)
 # └───────────────────────── min (0 - 59)

“Execute /usr/local/sbin/check_ gsmsmsd every minute”.

As you can undestand from its name, it is in charge of check if gsmsmsd is running and relaunch it if necessary.

cat /usr/local/sbin/check_gsmsmsd

And here’s its content:

#!/bin/sh
if pidof gsmsmsd > /dev/null
then
    logger gsmsmsd is running
    exit 0
else 
    logger gsmsmsd is not running, restart forced
    rm -fr /var/spool/sms/* 
    /usr/bin/sudo -u gsmsend /usr/bin/gsmsmsd -d /dev/ttyS0 -s /var/spool/sms/  &
fi

Nothing special: the script checks wether the pid of gsmsmsd proces exists or not. If it exists, exit nicely logging that the daemon is running, else it logs that the daemon is not working, remove any contents from the sms spool directory and launches gsmsmsd as user gsmsend with the device on ttyS0 and the sms spool directory in /var/sms.  Not the “&”, the process is being detached from the terminal.

Do we have the sms spool directory? Bet not, in this case, let’s create it:

mkdir -p /var/spool/sms/

Now, let’s be sure that the user the gmssend daemon belongs to is able to read and write on that directory:

chown gsmsend. /var/spool/sms/

We have no more to do on the sms server side. Time to go on Nagios server.

On the Nagios server side

Here is the actual Nagios notification plugin. Use it as the notification plugin for you sms host and service contact.

Let’s give a look at the plugin:

#!/bin/bash

# Few lines coded by Giorgio Zarrelli zarrelli@linux.it- 
# 2014.
# This nagios plugin is free software, and comes with  
# ABSOLUTELY NO WARRANTY. It may be used, redistributed   
# and/or modified under the terms of the GNU General 
# Public Licence (see 
# http://www.fsf.org/licensing/licenses/gpl.txt).

CAT=$(which cat)
TR=$(which tr) 
FOLD=$(which fold)
HEAD=$(which head)

The first lines,  start with the shabang and few command substitutions that will auto configure the script finding the right paths to the system utilities we are going to use.
The following line will create a (pseudo) random string. On the sms server we will have to create a file containing the actual sms message and number, and each file must have a unique file name to avoid “collisions”.

RANDOM_STRING=$($CAT /dev/urandom | $TR -dc 'a-zA-Z0-9' | $FOLD -w 32 | $HEAD -n 1)

/dev/urandom is character special device which gives access to the random numer generator of the kernel. With the string we wrote, we have a command substitution a bit more complex than usual:

  1. We extract some random byte from urandom with cat  /dev/urandom;
  2. Pass the result (|) to tr wich will  delete from the random string everything but letters and numbers, so we won’t have any strange chars. To be true, tr translates all the chars from /dev/urandom to the chars defined in the charset we provide after “-dc”;
  3. On the third step we pass the output of the previouse operation (|) to the fold utility which formats everything in a 32 chars width column;
  4. Finally we take only the first line of the column an this is our random string.
Passwordless ssh connection

Well, what the plugin does is to put a file on the sms server. Easy, that’s it, but we want to do it in a secure way and here is where ssh becomes handy: you will setup everything we need to let our plugin connect to the sms-server using ssh and without any user/password prompt.

How do you reach this goal?

First, keep in mind wich user will execute this script: it’s “nagios” user.

So you have to setup a way to let nagios user to connect to the sms-server as users gmssend, so it will be able to write in the spool.

To do the magic you must create an rsa private key and it’s  public counterpart and the transfer the public key on the sms server. Then you reference the public key in the

~/.ssh/authorized_keys

of the gsmsend user and so, when you will connect the server will encrypt all the trafic with you public key of user nagios on the Nagios server and only this user will be able to decrypt it with the matching private key.

Now it’s time to create a new pair of keys for the user nagios, so let’s “su” to this user:

su - nagios

As user nagios, you can finally issue the keygen command:

ssh-keygen -t rsa -b 4096 -f key.to.connect.to.sms.server
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in key.to.connect.to.sms.server.
Your public key has been saved in key.to.connect.to.sms.server.pub.
The key fingerprint is:
7f:d7:6a:e2:bf:a0:38:11:7c:3f:46:38:c8:1b:4d:3a nagios@nagios-server
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|          .      |
|       o = .     |
|        E = .    |
|        S* +     |
|        o.  +  . |
|         ...o.. .|
|        .. o.o.. |
|        .....++. |
+-----------------+

Time to create a safe directory to store the keys in:

mkdir ~/.ssh
chmod 700 ~/.ssh

And now let’s move the keys in:

mv key.to.connect.to.sms.server* .ssh/

Let’s restrict the permissions on the key files:

chmod 600 .ssh/key.to.connect.to.sms.server*

Let’s check the permissions on files and directories:

ls -lah .ssh/
totale 8,0K
drwx------ 2 nagios nagios   80 apr 17 21:49 .
drwxr-xr-x 3 nagios nagios   85 apr 17 21:39 ..
-rw------- 1 nagios nagios 3,2K apr 17 21:34 key.to.connect.to.sms.server
-rw------- 1 nagios nagios  741 apr 17 21:34 key.to.connect.to.sms.server.pub

Once you have the pair of key you can upload the public one to the sms-server using the ssh-copy-id utility with the following syntax:

ssh-copy-id -i public.key <username>@<host>

The username is the name of the user you will connect as to the sms-server, for this example is the gsmsend, since we want to write in its sms spool. The host is the sms-server and so:

ssh-copy-id -i .ssh/key.to.connect.to.sms.server.pub gsmsend@sms-server
The authenticity of host 'sms-server (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is d3:57:2c:e0:96:91:2e:7e:c2:ce:31:a0:ff:bf:06:79.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
gsmsend@sms-server's password: 

Number of key(s) added: 1

Now , try loggin onto the remote host using:

ssh gsmsend@sms-server

and check that only the key(s) you wanted were added.

Time to see if you can login without being prompted for a password:

ssh -i key.to.connect.to.sms.server gsmsend@sms-server
The authenticity of host 'sms-server (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is d3:57:2c:e0:96:91:2e:7e:c2:ce:31:a0:ff:bf:06:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sms-server' (ECDSA) to the list of known hosts.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Apr 17 22:11:29 2015 from nagios-server

Well, WOW, you are in and no password prompt seen in the meanwhile!

We can make things easier writing down some lines of configuration so that the ssh connection to the sms-server will act as we will.

Configure a ssh connection to a host for a user is a straightforward task: go to the user’s home directory, and check for the presence of a

.ssh

directory, with the proper access rights: we already created it, so you should have it and with the proper access rights. If you don’t see it, look back in this post and you’ll find how to create.

Move inside the .ssh directory:

cd .ssh

There you’ll find the private and public keys we already created. Ignore them, now it’s time to edit a new file:

vi .config

Here you are going to write the following lines:

"Host sms-server"
"AddressFamily inet"
"ConnectionAttempts 10"
"ForwardAgent no"
"ForwardX11 no"
"ForwardX11Trusted no"
"GatewayPorts yes"
"HostBasedAuthentication no"
"HostKeyAlias sms-server"
"HostName sms-server"
"IdentityFile ~/.ssh/key.to.connect.to.sms.server"
"PasswordAuthentication no"
"Port 22"
"Protocol 2"
"ServerAliveCountMax 3"
"ServerAliveInterval 15"
"TCPKeepAlive no"
"User gsmsend"

Let’s see what do they mean, line by line:

"Host sms-server"

As said in the manual

man ssh_config

The keyword host limits the scope of the following declarations. Take the word following Host as a label for a bunch of instructions and give it a proper name.

"AddressFamily inet"

That is for the “kind” of address we use to connect to the remote host.  Any, inet to use ipv4 only or inet6 for ipv6.

"ConnectionAttempts 10"

Let’s say that after 10 tries we give up. One try per second. The default is 1.

"ForwardAgent no"

Do you want to forward to the remote host the connection to the autentication agent ? No, trust me, you do not want.

"ForwardX11 no"

We do not need, we do not use, better to switch it off. We do not want to have the X11 connections  automatically redirected over the secure channel and DISPLAY set.

"ForwardX11Trusted no"

We do not want remote X11 clients to fiddle with data owned by trusted X11 clients.

"GatewayPorts yes"

We allow remote hosts to connect to local forwarded ports. Can be useful.

"HostBasedAuthentication no"

We do not need to try rhosts based authentication with public key authentication.

"HostKeyAlias sms-server"

Is just an alias to be used instead of the real host name when looking up or saving the host key in the host key database files. Useful when you have multiple servers running on the same host.

"HostName sms-server"

It should specify the real host name we want to log into. Well we use it to specify an alias for the host we want to connect to.  Write what makes it easy for you to remember the host you want to connect to.

"IdentityFile ~/.ssh/key.to.connect.to.sms.server"

Easy to guess, here we point to the file containing the identity we will use to autenticate to the remote host.

"PasswordAuthentication no"

We are using an identity file to authenticate so let’s make sure we do not fiddle with passwords.

"Port 22"

Here we define wich remote port to connect to. The port 22 is the standard for the ssh service but if you want to make more difficult a brute force attack from automated penetration tools, change the port on the remote host and write here the new value.

"Protocol 2"

Really? You would use the old protocol version 1? Not at all!

"ServerAliveCountMax 3"

It sets the number of max retry sending server alive messages and not receiving an answer from the remote host. Let’s take it as a timeout counter. If the host doesn’t answer to the server alive messages for 3 times, the ssh session will be disconnected.

"ServerAliveInterval 15"

This keyword sets the interval in seconds after wich if no data is received from the remote server ssh will send a server alive message through the ssh encrypted channel.

"TCPKeepAlive no"

TCP keepalive are not sent through a secure channel and so they are spoofable. Better not to use it.

"User gsmsend"

This is the user on the remote host we are logging as.

The dirty thingy string
$SSH SMS_SERVER "echo -e "$MOBILE_NUMBER\"\\n\"$NOTIFICATION_TEXT" > $SMS_SPOOL_DIR/$RANDOM_STRING"

At the end of the script you’ll find the string that actual do the dirty job.

  1. First it connects to the remote hosts;
  2. Then, on the remote host, it echoes the mobile number;
  3. A new line char follows;
  4. And on the second line there will be the notification text;
  5. Finally, the standard output to  a file in the spool directory, using as a file name  a random string calculated at the beginning of the script .

That’s it. We won’t look at the rest of the code, it’s quite simple and should give us no problems.

Just have a look to a handy variable definition:

SMS_SERVER=${SMS_SERVER:="change.me"}

When the variable is defined with a

${SOMETHING:="SOMEVALUE"}

means that if you do not pass any value, the variable defaults to

SOMEVALUE

call it a fallback value.

Here you find the actual script:

#!/bin/bash

# Few lines coded by Giorgio Zarrelli zarrelli@linux.it- 
# 2014.
# This nagios plugin is free software, and comes with  
# ABSOLUTELY NO WARRANTY. It may be used, redistributed   
# and/or modified under the terms of the GNU General 
# Public Licence (see 
# http://www.fsf.org/licensing/licenses/gpl.txt).

CAT=$(which cat)
TR=$(which tr)
FOLD=$(which fold)
HEAD=$(which head)
RANDOM_STRING=$($CAT /dev/urandom | $TR -dc 'a-zA-Z0-9' | $FOLD -w 32 | $HEAD -n 1)
SMS_SPOOL_DIR="/var/spool/sms"
ECHO=$(which echo)
SSH=$(which ssh)
SMS_SERVER=${SMS_SERVER:="change.me"}
MOBILE_NUMBER=${MOBILE_NUMBER:="+1234567890"}
NOTIFICATION_TEXT=${NOTIFICATION_TEXT:="CHANGE ME"}


print_license() {

$ECHO ""
$ECHO "This nagios plugin is free software, and comes with ABSOLUTELY" 
$ECHO "NO WARRANTY. It may be used, redistributed and/or modified under" 
$ECHO "the terms of the GNU General Public Licence (see" 
$ECHO "http://www.fsf.org/licensing/licenses/gpl.txt)."
$ECHO ""
exit 0


}

print_help() {

$ECHO ""
$ECHO "This plugins allows you to send sms notifications using a remote gsmsend server."
$ECHO ""
$ECHO "It requires three parameters:"
$ECHO -e "\n"
$ECHO " -s name of the sms server it must be the same name you wrote in config file in .ssh dir of the nagios user"
$ECHO -e "\n"
$ECHO " -n +xxxxxxx is the mobile number of the of the contact receiving the notification"
$ECHO -e "\n"
$ECHO " -t 'Message' is the message to send."
$ECHO ""
$ECHO ""
$ECHO "Other parameters:"
$ECHO -e "\n"
$ECHO "-l Prints the license of this program"
$ECHO -e "\n"
$ECHO "-c Prints a .ssh/config example"
$ECHO ""
exit 0
}


print_ssh_config() {

$ECHO ""
$ECHO "Host sms-server"
$ECHO "AddressFamily inet"
$ECHO "ConnectionAttempts 10"
$ECHO "ForwardAgent no"
$ECHO "ForwardX11 no"
$ECHO "ForwardX11Trusted no"
$ECHO "GatewayPorts yes"
$ECHO "HostBasedAuthentication no"
$ECHO "HostKeyAlias sms-server"
$ECHO "HostName xxx.xxx.xxx.xxx"
$ECHO "IdentityFile ~/.ssh/my.private.key.to.gsmsend.server.key"
$ECHO "PasswordAuthentication no"
$ECHO "Port 22"
$ECHO "Protocol 2"
$ECHO "ServerAliveCountMax 3"
$ECHO "ServerAliveInterval 15"
$ECHO "TCPKeepAlive no"
$ECHO "User gsmsend"
$ECHO ""


}


# Check wheter the script has at least one argument.

if [ $# -lt 1 ]

then
print_help
exit $STATE_UNKNOWN
fi


case "$1" in
-h | --help)
print_help
exit $STATE_OK
;;
-l | --license)
print_license
exit $STATE_UNKNOWN
;;
-c | --config)
print_ssh_config;
exit $STATE_UNKNOWN
;; 
-n | --number)
shift
MOBILE_NUMBER=$1
;;
-t | --text)
shift
NOTIFICATION_TEXT=$1
;;
-s | --server)
shift
SMS_SERVER=$1
;;
*) $ECHO "Unknown argument: $1"
print_help
exit $STATE_UNKNOWN
;;
esac
shift
done

$SSH SMS_SERVER "echo -e "$MOBILE_NUMBER\"\\n\"$NOTIFICATION_TEXT" > $SMS_SPOOL_DIR/$RANDOM_STRING"
Setting up Nagios to send SMS

Now we have all the bits we require to send some notifications using SMS, what we need now is to glue all together in Nagios.

We need to:

  1. Copy the code above and save on a file;
  2. Upload the file on the Nagios plugin directory on the Nagios server;
  3. Make the file executable by the nagios user;
  4. Create a Nagios command to call the script from within Nagios;
  5. Create a contact which will use this command as a notification command;
  6. Assign the command.

Let’s say we call the new script

send_sms.sh

Copy it on the Nagios plugin directory server, make nagios user its owner

chown nagios. send_sms.sh

and make it executable by Nagios, restricting a bit the rights on it:

chmod 550 send_sms.sh

Now we create two different notify command, one for hosts notifications and another for services notifications:

define command {
command_name notify-host-by-sms
command_line $USER1$/send_sms.sh -n '$CONTACTPAGER$' -t "'$HOSTNAME$' '$HOSTSTATE$' '$DATE$' '$TIME$'"
register 1
}

define command {
command_name notify-service-by-sms
command_line $USER1$/send_sms.sh -n '$CONTACTPAGER$' -t "'$HOSTNAME$' '$SERVICEDESC$' '$SERVICESTATE$' '$SERVICEOUTPUT$' '$DATE$' '$TIME$'"
register 1
}

Notice that

$USER1$

points to the Nagios plugins directory and is defined in the file

resource.cfg

All the other variables are passed to the script by Nagios. If you want more informations on Nagios macros, follow this link

http://nagios.sourceforge.net/docs/3_0/macros.html

Now it’s time to create a contact which will use the new command

define contact {
contact_name oncall-sms
alias SMS notifications to on call mobile
host_notifications_enabled 1
service_notifications_enabled 1
host_notification_period 24x7
service_notification_period 24x7
host_notification_options d,u,r,f,s
service_notification_options w,u,c,r,f,s
host_notification_commands notify-host-by-sms
service_notification_commands notify-service-by-sms
can_submit_commands 1
retain_status_information 0
retain_nonstatus_information 1
pager +XXXXXXXXXXXX
register 1
}

Just put after

pager

the mobile number to send SMS notifications to.

Let’s attach the SMS notification to a service

define service {
service_description On call service
host_name my_host
check_command my_command
is_volatile 0
max_check_attempts 3
check_interval 5
retry_interval 1
active_checks_enabled 1
passive_checks_enabled 1
check_period 24x7
parallelize_check 1
obsess_over_service 1
check_freshness 0
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
notification_interval 1440
notification_period 24x7
notification_options w,u,c,r
notifications_enabled 1
contacts oncall-sms
failure_prediction_enabled 1
register 1
}

Now, let’s do the same for the host:

define host {
host_my_host
check_command check-host-alive
max_check_attempts 4
check_interval 5
retry_interval 1
passive_checks_enabled 1
check_period 24x7
check_freshness 1
freshness_threshold 0
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
contacts oncall-sms
notification_interval 1440
notification_period 24x7
notification_options d,u,r,f,s
notifications_enabled 1
failure_prediction_enabled 1
register 1
}

Keep in mind that these are just examples: modify your Nagios objects accordingly.

Final step, check that the modified configuration is not broken

nagios -v /path/to/nagios/main/config/file/nagios.cfg

If it’s all ok, reload Nagios and try to get a CRITICAL notification on a fake service or host witch uses oncall-sms as contact. Don’t you have it? Create a fake just for testing and if you do not see any errors and everything is working fine, attach the new contact to your most valuable host and services.