Documentation

Kernel Modules missing on Rasberry Pi

This, almost certainly, was a mess of my own making, but as I didn't find any answers with web searches I thought it was worth documenting for anyone else who sets a similar time bomb for themselves.

I've got some Raspberry Pi's which use NFS for their root partition. They used to be PXE booted, but at some point starting failing to boot so some time back I put a SD card back in for the /boot partition.

This, I suspect, was probably my undoing.

The Pi's have been working fine since, but I wanted to install Docker onto one of them. Although it installed, Docker failed to start, logging the following

Oct 09 22:45:43 redim-4-search-pi dockerd[3534]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to
Oct 09 22:45:43 redim-4-search-pi dockerd[3534]: modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.19.75-v8+
Oct 09 22:45:43 redim-4-search-pi dockerd[3534]: iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Oct 09 22:45:43 redim-4-search-pi dockerd[3534]: Perhaps iptables or your kernel needs to be upgraded.
Oct 09 22:45:43 redim-4-search-pi dockerd[3534]:  (exit status 3)
Oct 09 22:45:43 redim-4-search-pi systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE

On examination, there is no modules directory for the kernel version I'm currently running

root@redim-4-search-pi:~# uname -r
4.19.75-v8+
root@redim-4-search-pi:~# ls /lib/modules/
4.19.66+  4.19.66-v7+

This post details the steps I took to resolve this issue

Read more ...

OpenWRT opens multiple OpenVPN client connections

This is a slightly obscure one, but when I was initially hit by it, didn't find much searching on the net.

After setting up a new OpenVPN client config (i.e. the OpenWRT box is VPN'ing into somewhere, rather than acting as a VPN server itself) on an OpenWRT box, you might find that OpenWRT eventually crashes.

This documentation details the cause, at least in so far as it affected me

Read more ...

Saab 9-3 Front Wheel Bearing Replacement

Wheel bearings don't last forever, and inevitably need replacing.

Saab 93's have a combined bearing and hub assembly, so replacement is - in principle - fairly straight forward, no bearing press required. The ABS sensor is also built into the assembly, so the procedure described here can also be used for replacing ABS sensors.

Although the procedure is quite straight-forward, if you're unlucky it can also be a bit of a pig. Although a hub puller shouldn't be required, it's advisable to have on one hand - unfortunately the driveshaft splines have a habit of rusting into the bearing, making it extremely difficult to remove the axle when required.

This documentation details signs of a failing front wheel bearing, as well as the process for replacing it on a >2003 Saab 93.

Read more ...

Vauxhall Corsa D balljoint and Lower Control Arm Replacement

Lower suspension ball-joints periodically reach the end of their useful life and need replacing.

They're rarely fun to do, but are (normally) quite simple. On the Corsa, replacing the Lower Control Arm as well is usually just two additional bolts, and may or may not be necessary (depending on your car)

This documentation details theĀ  process of removing and replacing your lower control arm and balljoint on a Vauxhall Corsa D

Read more ...

CentOS 8: Requiring a Yubikey OTP Press for SSH logins

Some 7 years back, I wrote a guide to requiring a Yubikey OTP for SSH logins on CentOS. In the time that's passed, the process has changed (a little), so this documentation provides an updated reference.

Although this is written (and tested) for CentOS 8, it should work equally well on CentOS 7 (and presumably also Rocky Linux) too.

The (increased compared to my previous post) flexibility of Yubikeys, along with their relative ubiquity makes them a fantastic candidate for two-factor authentication tokens. Modern Yubikeys can do U2F as well as using their proprietary mechanism, allowing them to be used with a wide range of software.

By the end of this documentation, we'll have configured a CentOS 8 server to require that a user provides a Yubikey press along with

  • Username AND
  • Account password, OR
  • Authorised SSH key

For brevities sake, the majority of this documentation assumes you want root to manage user's yubikeys - something Yubico call Administrative level managment - switching between the two is relatively straight forward, so details on how to switch "User Level" will be given at the end of the document.

Read more ...