Welcome to Cameron's Adams State web page.
Recently aquired an ONIE switch from
Penguin Computing to investigate it's capabilities.
The switch is an Arctica model 4804i with 2GB RAM,
dual PowerPC e500v2 processors, and runs
Cumulus Linux. The environment proved fairly easy
to configure with some knowledge of Debian networking.
In our case a baseline configuration was established via puppet with little effort beyond installing the puppet client. It's pretty sweet to see 48 1Gb and 4 10Gb network interfaces list out:
ip addr sh ... 4: swp2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 6c:64:1a:00:9d:d0 brd ff:ff:ff:ff:ff:ff 5: swp3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 6c:64:1a:00:9d:d1 brd ff:ff:ff:ff:ff:ff 6: swp4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 6c:64:1a:00:9d:d2 brd ff:ff:ff:ff:ff:ff 7: swp5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 6c:64:1a:00:9d:d3 brd ff:ff:ff:ff:ff:ff ... 54: swp52: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 6c:64:1a:00:9e:02 brd ff:ff:ff:ff:ff:ff
Openvpn is not in the Cumulus Linux repository, so the following Debian Wheezy deb files were downloaded and installed:
wget http://ftp.debian.org/debian/pool/main/o/openvpn/openvpn_2.3.2-7~bpo70+2_powerpc.deb wget http://http.us.debian.org/debian/pool/main/p/pkcs11-helper/libpkcs11-helper1_1.09-1_powerpc.deb wget http://ftp.debian.org/debian/pool/main/e/easy-rsa/easy-rsa_2.2.2-1~bpo70+1_all.deb dpkg -i openvpn_2.3.2-7~bpo70+2_powerpc.deb dpkg -i libpkcs11-helper1_1.09-1_powerpc.deb dpkg -i easy-rsa_2.2.2-1~bpo70+1_all.deb
A 4096 bit dh parameter file was was created on a local PC, and 4096 bit RSA key pairs don't take long on the switch itself.
openssl dhparam -out dh4096.pem 4096
The use case needed the VPN to listen on an interface in a DMZ and exit on an interface in a management network.
cloud --> DMZ --> VPN --> management
Clients manage devices in the DMZ from the management network. To avoid traffic short circuit to the DMZ interface from VPN clients a source or policy route was set up (use your own gateway for xxx)
echo 200 custom >> /etc/iproute2/rt_tables ip rule add from 10.8.0.0/24 lookup custom ip route add default via xxx.xxx.xxx.xxx dev swp12 table custom
A running openvpn daemon appears to use around 3 MB RAM. At first glance a dirt cheap vpn concentrator could be easily created.
In playing around with a new ASUS Chromebox, tried out the set_gbb_flags.sh utility with flags 0x489 to skip past the verification screen straight into dev mode using the legacy seabios. Worked great, except the shipped legacy bios does not recognize the USB keyboard and so grub can't see the ESC keypress and tries to boot ChromeOS from local SSD which fails. A newer bios fixes this problem.
Here is what worked to restore the box. Used a linux desktop, USB stick, SDD to SATA adapter, and SATA to USB adapter.
Download a Chromium OS build from Arnold the Bat.
Pull the SSD card from the chromebox and use the SSD to SATA adapter, plugged into the SATA to USB to write the Chromium OS on the drive:
# dd if=Camd64OS-20140810010101.img of=/dev/(your block device here) bs=4M
Put the SSD back into the chromebox and boot it up. The Grub configuration on Chromium OS is set to try and boot from USB first and does recognize the USB controller. So now prepare the USB stick with Chromium OS (same dd command as above), plug it into the chrome box and reboot. Chromium OS should come up.
That's great but Chromium OS does not appear to ship with the set_gbb_flags.sh script or the utilities it wants to call, common_minimal.sh, gbb_utility, and flashrom.
Get the Chrome OS recovery image for the ASUS Chromebox.
It will be downloade as a zip file something like:
On the linux desktop unzip it and mount up partition 3 of the file
# unzip chromeos_5712.88.0_panther_recovery_stable-channel_mp.bin.zip # kpartx chromeos_5712.88.0_panther_recovery_stable-channel_mp.bin # mkdir /tmp/cros3 # mount -o ro /dev/mapper/loop0p3 /tmp/cros3
The necessary files (set_gbb_flags.sh, common_minimal.sh, gbb_utility, flashrom) are in /tmp/cros3/usr/bin/old_bins/
Copy them to your running Chromium OS via SSH and reset the bios boot with
sudo set_gbb_flags.sh 0x0
Now get completly get back to square one via the normal Chrome OS recovery procedure using the recovery image already downloaded.
Powered by ikiwiki.