Bellman: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) |
||
(160 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Bellman is a | Bellman is a very small Linux server. Currently its primary job is to run Docker containers. | ||
[[File:bellman.jpg|left]] | [[File:bellman.jpg|left]] | ||
Line 10: | Line 10: | ||
<br clear=all/> | <br clear=all/> | ||
== | == todo == | ||
complete backups (see section below) | |||
8/5/20 There is a partial rsync of Supermicro Bellman on Wenda in ~bwilson/bellman. | |||
== Stupid AppArmor complaint == | |||
I | I finally fixed the error that was being logged once per minute endlessly, | ||
[192526.044351] audit: type=1400 audit(1649031318.465:3607): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/snap/bin/" pid=845699 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 | |||
I put this in /etc/apparmor.d/local/usr.sbin.ntpd | |||
/snap/bin/ r, | |||
then I did this and checked for errors.. I deleted /etc/apparmor.d/disable/usr.sbin.rsyslogd to eliminate a whine | |||
systemctl reload apparmor.service | |||
systemctl status apparmor.service | |||
== Audio notes == | |||
For a few months Bellman lived in my structured media panel. Now he and [[Wenda]] are back in the lab again where they can be on a UPS. | |||
Bellman is powered on all the time so it should look like this, | |||
== | [[Murre]] line out => line in [[Bellman]] line out => Speakers | ||
But there is no line out on Bellman. I have a single headphone jack for an audio connector. So much for that idea. | |||
=== Streaming audio to speakers connected directly. === | |||
# Test bellman audio. | |||
## Output to speakers, set up alsamixer and play a file and see if sound comes out. | |||
* play /usr/share/sounds/sound-icons/violoncello-7.wav | |||
## Input from microphone array | |||
They say there is one? | |||
In the old Supermicro days, it was possible to route the audio through Bellman via this magic command | |||
from https://askubuntu.com/questions/211136/get-the-audio-from-line-in-to-output-to-the-speaker | |||
#manually start the module-loopback | |||
pactl load-module module-loopback | |||
#configure your system to load module-loopback on startup | |||
#this places load-module module-loopback at the end of | |||
#the /etc/pulse/default.pa pulseaudio configuration file. | |||
sudo sh -c ' echo "load-module module-loopback" >> /etc/pulse/default.pa ' | |||
Now sound can pass through. Since Bellman is always running, he gets to be connected directly to the speakers. | |||
This command will not work without a display, | |||
pavucontrol | |||
=== Streaming audio to another sink === | |||
How I can route audio from Docker containers to a speaker somewhere else in the house? | |||
I want the Pi Zero living in the kitchen needs to accept a stream over WiFi. | |||
https://bbs.archlinux.org/viewtopic.php?id=136474 | |||
== Software == | |||
* 2023-11-30 Debian 12 "Bookworm" | |||
* 202? Ubuntu Server 20.04 LTS ("focal"), upgraded to 22.04 LTS ("jammy") | |||
=== apt packages === | |||
This is a list of things added after a basic installation of Ubuntu. | |||
The goal this time out is to put ''every service'' into a Docker container, | |||
so packages added is minimal. | |||
autofs | |||
emacs-nox fail2ban mlocate | |||
net-tools | |||
nfs-common (needed to mount synology volumes locally, notably /green/music) | |||
lm-sensors (use "sensors-detect" to config and "sensors" to read core temperatures) | |||
rsync sudo | |||
Left over from Ubuntu Bellman | |||
pulseaudio pulseaudio-utils avahi-daemon | |||
pavumeter pavucontrol ubuntu-sounds | |||
timeshift | |||
=== additional software === | |||
Not installed from the standard Debian repositories | |||
Conda - Miniconda3 is installed in my home directory. | |||
Docker: https://docs.docker.com/engine/install/debian/ | |||
Remember to add your account to the docker group. | |||
== Firewall == | |||
This is all different under Ubuntu. Hmm. | |||
See https://blog.daknob.net/debian-firewall-docker/ for ideas. | |||
I use my own bash script to load iptables rules. See /usr/local/bin, | |||
/etc/network, and /var/lib/vastra. | |||
== Email == | |||
I gave up on Dockerizing this for now, all I want is a postfix satellite set up to send mail via sendgrid. | |||
Installation of postfix was triggered when I did "apt install mailutils" after tearing out the old exim4 set up. Ubuntu wisely switched from exim4 to postfix at Jammy. | |||
Look at how you have to set up Cloudflare DNS here: https://docs.sendgrid.com/ui/account-and-settings/how-to-set-up-domain-authentication | |||
That lets you confirm with Sendgrid that it's okay for them to send mail with your "From" address. I have Bellman set up to send with "wildsong.biz" right now. | |||
== Printing == | |||
The Brother printer is currently connected to [[Wenda]] not Bellman. | |||
When it ''was'', I found the Linux drivers for my HL-L2320D printer didn't work, | |||
so I set up a raw driver on Bellman and then used the appropriate driver | |||
(manually selected) on client computers. It works fine. | |||
=== Allow remote access === | |||
cupsctl --remote-admin --remote-any --share-printers | |||
I also had to edit and add to /etc/cups/cupsd.conf | |||
HostNameLookups on | |||
and then | |||
systemctl restart cups | |||
== NFS mounts == | |||
The Synology is automounted via the autofs package on /net/wenda/volume1/* | |||
I had to uncomment the /net line in /etc/auto.master to enable this. | |||
== Backups == | |||
Strategy -- back up to one of three USB drives. Keep one offsite, someplace? | |||
=== borgjs setup === | |||
See ~bwilson/Backups/README.md. Output goes to an attached USB drive. | |||
First time out, you must initialize the repository. | |||
fdisk /dev/sdb | |||
mkfs.btrfs /dev/sdb1 | |||
mount /dev/sdb1 /media/Backups | |||
borg init -e none /media/Backups | |||
I opt for no encryption when going to an attached hard drive. | |||
See https://github.com/vesparny/borgjs | |||
My system is not smart enough yet to mount the drives itself, so when I swap them out I have to do a mount operation, (first make sure you have the right device.) | |||
mount /dev/sdb1 /media/Backups | |||
I tried putting it in a Docker and gave up. It's installed on Bellman, directly. The docker seemed to run and never terminate, this is disturbing. How can I check the status? I wrote a script for that, run "./check_status.sh". But the script does not need docker. | |||
=== Recovery === | |||
If I can't recover a file from a backup, I need to find a different strategy. | |||
Today I pretend I want just one file, so I do this: list the backups and pick one, mount it, copy. | |||
sudo borg list /media/Backups | |||
sudo borg mount /media/Backups::20240822-125406 /mnt | |||
Don't forget when you are done to unmount. | |||
sudo umount /mnt | |||
=== Home Assistant backups === | |||
2023-1-1 working | |||
Nightly backup of sqlite3 databases and loose files in config directory, to /net/wenda/volume1/Wildsong/Backups/home-assistant/ | |||
== BBR congestion == | |||
See https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ | See https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ | ||
Line 175: | Line 226: | ||
== Services that run here == | == Services that run here == | ||
* git moved to Synology [[Wenda]] (see [[Running my own git server]]) | |||
* Brother printer moved to [[Wenda]] | |||
* | * [[gpsd]] welll --- not in Astoria, not yet anyway. :-( | ||
* [[ | |||
* [[ | |||
* ssh to allow remote access | * ssh to allow remote access | ||
* fail2ban to cut off break in attempts via ssh | * fail2ban to cut off break in attempts via ssh | ||
=== | === DNS === | ||
I tried to get dnsmasq to happily live in a container and failed (it would not come back up on reboots.) | |||
So dnsmasq runs on the host. | |||
== | === Network syslog === | ||
I | To allow devices such as [[Granstream GXV3240] phones to spit out logging information, I enable rsyslog from remote hosts: In /etc/rsyslog.conf | ||
you must uncomment 2 lines and restart rsyslogd: | |||
# | # provides UDP syslog reception | ||
module(load="imudp") | |||
input(type="imudp" port="514") | |||
=== Services in Docker containers === | |||
/etc/docker/daemon.json looks like this | |||
{ | |||
"data-root": "/var/lib/docker", | |||
"storage-driver": "overlay2", | |||
"dns" : ["127.0.0.11", "1.0.0.1", "1.1.1.1"], | |||
"dns-search":["wildsong.biz"] | |||
} | |||
{| border=1 | |||
|- | |||
| service || containers || notes | |||
|- | |||
| [[Home Assistant]] || home-assistant, node red, mosquitto || Compose | |||
|- | |||
| Proxy || proxy, letsencrypt || Stack | |||
|- | |||
| Squeezebox || squeezebox compose || Squeezebox server [http://bellman.wildsong.biz:9000/ SqueezeBox] See [[Streaming media]] for installation notes. | |||
|- | |||
| Traccar || traccar anyd mysql || Stack | |||
|- | |||
| [[Unifi]] || || Stack | |||
|} | |||
$ docker stack ls | |||
NAME SERVICES ORCHESTRATOR | |||
dnsmasq 1 Swarm | |||
proxy 3 Swarm | |||
traccar 2 Swarm | |||
See also, [[Asterisk in Docker]] | |||
geoserver | |||
Vault | |||
and others... | |||
== History == | |||
2023-11 Replaced NVME with a new one and installed Debian 12 (Bookworm). | |||
2022-03-02 Installed Docker from the Docker repo per https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository so I can use buildx now. | |||
2020-12-03 Installed exim4 and configured to use Sendgrid. | |||
2020-12-01 Moved dnsmasq from Docker container to host, it just was not restarting properly when I rebooted and that would take my entire network offline. | |||
2020-10-18 Moved from garage to structured media panel. | |||
2020-08-05 Intel NUC edition hardware arrived. Installed Ubuntu Server 20.04.1 LTS. | |||
2020-07-29 Bellman, Supermicro edition completely went dark. I set up [[Tern]] as a temporary replacement and ordered an Intel NUC. | |||
I | 2020-01-20 - started generating errors: '''NMI: IOCK error (debug interrupt?) for reason 61 on CPU 0.''' | ||
and | Then it would not restart. I ended up replacing the CR2032 (did not help) and then reseating the connectors. '''Fixed'''. This system is getting long in the tooth. | ||
2019-10-04 - fix for networking, applied on [[Dart]] too. | |||
update-alternatives --set iptables /usr/sbin/iptables-legacy | |||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy | |||
2019-10-03 - Upgraded to Debian Buster (10) and this broke Docker because of the move from iptables to nftables. Must fix ASAP. All Dockers are broken. How dismaying. Repeat after me: "It's only a hobby." | |||
= | 2019-05-09 - Added docker-compose for elasticsearch and per recommendations of ElasticSearch docker docs, changed vm.max_map_count; it was 65530 and I set it: sysctl -w vm.max_map_count=262144 | ||
2019-04-26 - Moving NVMe WDC Black drive from Murre to Bellman. | |||
2018-03-20 - Installed 8TB Archive drive, for TimeMachine and Owncloud storage. Moved from 120GB SSD to 750GB Samsung Evo 840. | |||
Installed clean copy of Stretch on the SSD. | |||
2017-09-06 - Upgrade to 32GB RAM, yay! I need to do something with all that space. I did move /tmp to RAM; see [[SSD optimizations]]. I also removed a lot of dead code including lightdm (how'd that get in there?) | |||
[/cdn-cgi/l/email-protection <nowiki>[email protected]</nowiki>]:~$ free | |||
total used free shared buff/cache available | |||
Mem: 32937080 2287376 '''27811208''' 25700 2838496 30153064 | |||
2017-08-25 - Migrated mariabdb and owncloud to Docker | 2017-08-25 - Migrated mariabdb and owncloud to Docker | ||
Line 480: | Line 536: | ||
== Hardware == | == Hardware == | ||
<pre> | <pre> | ||
bellman:~$ inxi -Fx | |||
System: | |||
Host: bellman Kernel: 6.1.0-21-amd64 arch: x86_64 bits: 64 compiler: gcc v: 12.2.0 | |||
Console: pty pts/0 Distro: Debian GNU/Linux 12 (bookworm) | |||
Machine: | |||
Type: Mini-pc System: Intel Client Systems product: NUC10i5FNH v: K61160-303 | |||
serial: <superuser required> | |||
Mobo: Intel model: NUC10i5FNB v: K61361-303 serial: <superuser required> UEFI: Intel | |||
v: FNCML357.0038.2020.0131.1422 date: 01/31/2020 | |||
CPU: | |||
Info: quad core model: Intel Core i5-10210U bits: 64 type: MT MCP arch: Comet/Whiskey Lake | |||
note: check rev: C cache: L1: 256 KiB L2: 1024 KiB L3: 6 MiB | |||
Speed (MHz): avg: 500 high: 800 min/max: 400/4200 cores: 1: 400 2: 400 3: 800 4: 800 5: 400 | |||
6: 400 7: 400 8: 400 bogomips: 33599 | |||
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx | |||
Graphics: | |||
Device-1: Intel CometLake-U GT2 [UHD Graphics] driver: i915 v: kernel arch: Gen-9.5 | |||
bus-ID: 00:02.0 | |||
Display: server: No display server data found. Headless machine? tty: 112x24 | |||
API: OpenGL Message: GL data unavailable in console. Try -G --display | |||
Audio: | |||
Device-1: Intel Comet Lake PCH-LP cAVS driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 | |||
API: ALSA v: k6.1.0-21-amd64 status: kernel-api | |||
Network: | |||
Device-1: Intel Ethernet I219-V driver: e1000e v: kernel port: N/A bus-ID: 00:1f.6 | |||
IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 1c:69:7a:67:a9:76 | |||
IF-ID-1: br-0deef3cf3b16 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:ea:ed:30:4d | |||
IF-ID-2: br-1abc8acede4e state: down mac: 02:42:28:b1:11:35 | |||
IF-ID-3: br-3596ed8c023f state: up speed: 10000 Mbps duplex: unknown mac: 02:42:ab:f9:d2:52 | |||
IF-ID-4: br-3a14003316ab state: up speed: 10000 Mbps duplex: unknown mac: 02:42:96:9a:03:cb | |||
IF-ID-5: br-53d612b820e4 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:64:bf:2f:5e | |||
IF-ID-6: br-76e52b16b02c state: down mac: 02:42:2d:12:cc:8a | |||
IF-ID-7: br-7f875566c220 state: down mac: 02:42:7e:19:cc:d8 | |||
IF-ID-8: br-a2f5bc89e1f9 state: down mac: 02:42:ad:87:11:41 | |||
IF-ID-9: br-d98f5362c5c1 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:d2:91:ed:18 | |||
IF-ID-10: docker0 state: down mac: 02:42:39:5e:2c:b4 | |||
IF-ID-11: veth1b63b5b state: up speed: 10000 Mbps duplex: full mac: 32:8c:f1:c3:a3:3e | |||
IF-ID-12: veth20059e6 state: up speed: 10000 Mbps duplex: full mac: 96:b2:5e:72:41:4a | |||
IF-ID-13: veth3c22098 state: up speed: 10000 Mbps duplex: full mac: e6:d2:d6:4d:6e:2e | |||
IF-ID-14: veth70f35dd state: up speed: 10000 Mbps duplex: full mac: 8e:5d:2c:2d:dd:41 | |||
IF-ID-15: veth71476e6 state: up speed: 10000 Mbps duplex: full mac: ee:7c:c8:f9:2f:36 | |||
IF-ID-16: veth835c0e3 state: up speed: 10000 Mbps duplex: full mac: 12:aa:36:a2:26:c6 | |||
IF-ID-17: veth838f419 state: up speed: 10000 Mbps duplex: full mac: 4a:7b:ad:1c:58:6a | |||
IF-ID-18: veth9c763bb state: up speed: 10000 Mbps duplex: full mac: 6e:60:7c:0b:ad:4e | |||
IF-ID-19: vethb2eb4bf state: up speed: 10000 Mbps duplex: full mac: 52:dd:e6:0d:e7:41 | |||
IF-ID-20: vethbf1c6b9 state: up speed: 10000 Mbps duplex: full mac: fa:cb:12:b2:17:e8 | |||
IF-ID-21: vethe236ee0 state: up speed: 10000 Mbps duplex: full mac: ea:4e:61:03:02:64 | |||
IF-ID-22: vethe725186 state: up speed: 10000 Mbps duplex: full mac: a2:e3:35:fc:30:cc | |||
IF-ID-23: vethfa384da state: up speed: 10000 Mbps duplex: full mac: 42:48:c3:7f:c4:87 | |||
Bluetooth: | |||
Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 1-10:2 | |||
Report: rfkill ID: hci0 rfk-id: 0 state: down bt-service: not found rfk-block: hardware: no | |||
software: no address: see --recommends | |||
Drives: | |||
Local Storage: total: 2.75 TiB used: 243.34 GiB (8.6%) | |||
ID-1: /dev/nvme0n1 vendor: TeamGroup model: TM8FPD001T size: 953.87 GiB temp: 30.9 C | |||
ID-2: /dev/sda type: USB vendor: Seagate model: ST2000DM 006-2DM164 size: 1.82 TiB | |||
Partition: | |||
ID-1: / size: 952.41 GiB used: 124.27 GiB (13.0%) fs: btrfs dev: /dev/nvme0n1p2 | |||
ID-2: /boot/efi size: 511 MiB used: 5.8 MiB (1.1%) fs: vfat dev: /dev/nvme0n1p1 | |||
Swap: | |||
ID-1: swap-1 type: partition size: 977 MiB used: 332.8 MiB (34.1%) dev: /dev/nvme0n1p3 | |||
Sensors: | |||
System Temperatures: cpu: 46.0 C pch: 42.0 C mobo: N/A | |||
Fan Speeds (RPM): N/A | |||
Info: | |||
Processes: 324 Uptime: 104d 23h 33m Memory: 31.06 GiB used: 2.31 GiB (7.4%) Init: systemd | |||
target: graphical (5) Compilers: gcc: 12.2.0 Packages: 1191 Shell: Bash v: 5.2.15 inxi: 3.3.26 | |||
</pre> | </pre> | ||
=== | === Intel NUC edition, born 8/5/2020 === | ||
* [https://www.intel.com/content/www/us/en/products/sku/189239/intel-nuc-10-performance-kit-nuc10i5fnh/specifications.html Intel NUC10i5FNH] (Newegg 7/29/20) | |||
** 4 core i5 CPU (hyperthreaded, 8 threads) | |||
** WiFi (Intel Wi-Fi 6 AX201) | |||
** Bluetooth 5.2 | |||
** IR sensor | |||
** Thunderbolt 3 (USB-C) | |||
** 7.1 HD Audio | |||
** Digital mic array | |||
* Kingston Technology Corp. HX429S17IBK2/32 '''32GB''' 2933MHZ DDR4 (2 16GB SODIMM) (Newegg 7/29/20) Note, MAX is 64GB | |||
* Team Group MP33 PRO M.2 2280 '''1TB''' S/N TPBF2308210070300362 5 year warranty (Newegg 11/23) | |||
* '''REPLACED 11/23''' - WD Black '''512GB''' Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from Supermicro) | |||
* '''REMOVED --''' Corsair Neutron at /workspace '''240GB''' /dev/sda s/n 124479060000190702E2 | |||
It has GEN3 PCIe which means this WD Black NVME is about as fast as it will ever get. | |||
==== Audio ==== | |||
I note that it says it has a microphone array, and that appears to show up in dmesg so I guess it's true? | |||
This might mean I need to move the computer up someplace where it can listen to me? | |||
It says it has a DSP too. | |||
=== Supermicro version, deceased 7/29/20 === | |||
Local copy of motherboard manual [[File:SuperMicro_SYS5018A.pdf]] | |||
Audio output: NuForce UDAC 2 | |||
Newegg 03/26/2019 2 Noctua 40mm x 20mm system fans <br /> | |||
Newegg 09/03/2017 Inv 153021116 <br /> | |||
Newegg 10/16/2016 Inv 143374043 <br /> | |||
Newegg 11/21/2014 Inv 120335149 <br /> | |||
* [https://www.supermicro.com/products/system/1U/5018/SYS-5018A-FTN4.cfm SUPERMICRO SYS-5018A-FTN4 1U Rackmount Server Barebone FCBGA 1283 DDR3 1600/1333] | |||
* SUPERMICRO MCP-220-00051-0N Single 2.5" Fixed HDD Mounting Bracket | |||
* 4 x Kingston 8GB 204-Pin DDR3 SO-DIMM ECC Unbuffered DDR3 1600 (PC3 12800) Server Memory Model KVR16LSE11 (3 added 2017-09-07) | |||
* sda = Samsung SSD 840 EVO 750GB | |||
* sdb = Seagate Archive 8TB (Installed 3/18/18, purchased 9/03/17) | |||
* WD Black 512GB Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from [[Murre]]) | |||
eth0 00:25:90:F7:37:72 | |||
I | Bellman is configured to bring up a management interface on this ethernet interface too. (Optionally there is a separate management interface. This server has 5 ethernet ports, 4 on the motherboard and 1 on the management card.) Since it's a Supermicro possibly it can be pwned at any time by the Chinese. Since I don't use Bellman to control centrifuges or do weapons research I live with it. | ||
[[Category: Don't Panic!]] | [[Category: Don't Panic!]] | ||
[[Category: System Administration]] | [[Category: System Administration]] | ||
[[Category: Computers]] |
Latest revision as of 18:56, 14 October 2024
Bellman is a very small Linux server. Currently its primary job is to run Docker containers.
"What's the good of Mercator's North Poles and Equators,
Tropics, Zones, and Meridian Lines?"'
So the Bellman would cry: and the crew would reply
"They are merely conventional signs!"
--Lewis Carroll, The Hunting of the Snark
todo
complete backups (see section below)
8/5/20 There is a partial rsync of Supermicro Bellman on Wenda in ~bwilson/bellman.
Stupid AppArmor complaint
I finally fixed the error that was being logged once per minute endlessly,
[192526.044351] audit: type=1400 audit(1649031318.465:3607): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/snap/bin/" pid=845699 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I put this in /etc/apparmor.d/local/usr.sbin.ntpd
/snap/bin/ r,
then I did this and checked for errors.. I deleted /etc/apparmor.d/disable/usr.sbin.rsyslogd to eliminate a whine
systemctl reload apparmor.service systemctl status apparmor.service
Audio notes
For a few months Bellman lived in my structured media panel. Now he and Wenda are back in the lab again where they can be on a UPS.
Bellman is powered on all the time so it should look like this,
Murre line out => line in Bellman line out => Speakers
But there is no line out on Bellman. I have a single headphone jack for an audio connector. So much for that idea.
Streaming audio to speakers connected directly.
- Test bellman audio.
- Output to speakers, set up alsamixer and play a file and see if sound comes out.
- play /usr/share/sounds/sound-icons/violoncello-7.wav
- Input from microphone array
They say there is one?
In the old Supermicro days, it was possible to route the audio through Bellman via this magic command from https://askubuntu.com/questions/211136/get-the-audio-from-line-in-to-output-to-the-speaker
#manually start the module-loopback pactl load-module module-loopback
#configure your system to load module-loopback on startup #this places load-module module-loopback at the end of #the /etc/pulse/default.pa pulseaudio configuration file. sudo sh -c ' echo "load-module module-loopback" >> /etc/pulse/default.pa '
Now sound can pass through. Since Bellman is always running, he gets to be connected directly to the speakers. This command will not work without a display,
pavucontrol
Streaming audio to another sink
How I can route audio from Docker containers to a speaker somewhere else in the house? I want the Pi Zero living in the kitchen needs to accept a stream over WiFi. https://bbs.archlinux.org/viewtopic.php?id=136474
Software
- 2023-11-30 Debian 12 "Bookworm"
- 202? Ubuntu Server 20.04 LTS ("focal"), upgraded to 22.04 LTS ("jammy")
apt packages
This is a list of things added after a basic installation of Ubuntu. The goal this time out is to put every service into a Docker container, so packages added is minimal.
autofs emacs-nox fail2ban mlocate net-tools nfs-common (needed to mount synology volumes locally, notably /green/music) lm-sensors (use "sensors-detect" to config and "sensors" to read core temperatures) rsync sudo
Left over from Ubuntu Bellman
pulseaudio pulseaudio-utils avahi-daemon pavumeter pavucontrol ubuntu-sounds timeshift
additional software
Not installed from the standard Debian repositories
Conda - Miniconda3 is installed in my home directory.
Docker: https://docs.docker.com/engine/install/debian/ Remember to add your account to the docker group.
Firewall
This is all different under Ubuntu. Hmm.
See https://blog.daknob.net/debian-firewall-docker/ for ideas.
I use my own bash script to load iptables rules. See /usr/local/bin, /etc/network, and /var/lib/vastra.
I gave up on Dockerizing this for now, all I want is a postfix satellite set up to send mail via sendgrid.
Installation of postfix was triggered when I did "apt install mailutils" after tearing out the old exim4 set up. Ubuntu wisely switched from exim4 to postfix at Jammy.
Look at how you have to set up Cloudflare DNS here: https://docs.sendgrid.com/ui/account-and-settings/how-to-set-up-domain-authentication
That lets you confirm with Sendgrid that it's okay for them to send mail with your "From" address. I have Bellman set up to send with "wildsong.biz" right now.
Printing
The Brother printer is currently connected to Wenda not Bellman. When it was, I found the Linux drivers for my HL-L2320D printer didn't work, so I set up a raw driver on Bellman and then used the appropriate driver (manually selected) on client computers. It works fine.
Allow remote access
cupsctl --remote-admin --remote-any --share-printers
I also had to edit and add to /etc/cups/cupsd.conf
HostNameLookups on
and then
systemctl restart cups
NFS mounts
The Synology is automounted via the autofs package on /net/wenda/volume1/* I had to uncomment the /net line in /etc/auto.master to enable this.
Backups
Strategy -- back up to one of three USB drives. Keep one offsite, someplace?
borgjs setup
See ~bwilson/Backups/README.md. Output goes to an attached USB drive.
First time out, you must initialize the repository.
fdisk /dev/sdb mkfs.btrfs /dev/sdb1 mount /dev/sdb1 /media/Backups borg init -e none /media/Backups
I opt for no encryption when going to an attached hard drive.
See https://github.com/vesparny/borgjs
My system is not smart enough yet to mount the drives itself, so when I swap them out I have to do a mount operation, (first make sure you have the right device.)
mount /dev/sdb1 /media/Backups
I tried putting it in a Docker and gave up. It's installed on Bellman, directly. The docker seemed to run and never terminate, this is disturbing. How can I check the status? I wrote a script for that, run "./check_status.sh". But the script does not need docker.
Recovery
If I can't recover a file from a backup, I need to find a different strategy.
Today I pretend I want just one file, so I do this: list the backups and pick one, mount it, copy.
sudo borg list /media/Backups sudo borg mount /media/Backups::20240822-125406 /mnt
Don't forget when you are done to unmount.
sudo umount /mnt
Home Assistant backups
2023-1-1 working
Nightly backup of sqlite3 databases and loose files in config directory, to /net/wenda/volume1/Wildsong/Backups/home-assistant/
BBR congestion
See https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ for example.
Is kernel ready?
uname -a Linux bellman 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64 GNU/Linux grep 'CONFIG_TCP_CONG_BBR' /boot/config-$(uname -r) grep 'CONFIG_NET_SCH_FQ' /boot/config-$(uname -r) egrep 'CONFIG_TCP_CONG_BBR|CONFIG_NET_SCH_FQ' /boot/config-$(uname -r) sudo -s cat > /etc/sysctl.d/10-custom-kernel-bbr.conf <<EOF net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr EOF '''sysctl --system''' * Applying /etc/sysctl.d/10-custom-kernel-bbr.conf ... net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr * Applying /etc/sysctl.d/30-postgresql-shm.conf ... * Applying /etc/sysctl.d/99-sysctl.conf ... net.ipv4.ip_forward = 1 * Applying /etc/sysctl.d/asterisk.conf ... kernel.core_uses_pid = 1 kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t fs.suid_dumpable = 2 * Applying /etc/sysctl.conf ... net.ipv4.ip_forward = 1
That's that.
Services that run here
- git moved to Synology Wenda (see Running my own git server)
- Brother printer moved to Wenda
- gpsd welll --- not in Astoria, not yet anyway. :-(
- ssh to allow remote access
- fail2ban to cut off break in attempts via ssh
DNS
I tried to get dnsmasq to happily live in a container and failed (it would not come back up on reboots.) So dnsmasq runs on the host.
Network syslog
To allow devices such as [[Granstream GXV3240] phones to spit out logging information, I enable rsyslog from remote hosts: In /etc/rsyslog.conf you must uncomment 2 lines and restart rsyslogd:
# provides UDP syslog reception module(load="imudp") input(type="imudp" port="514")
Services in Docker containers
/etc/docker/daemon.json looks like this
{ "data-root": "/var/lib/docker", "storage-driver": "overlay2", "dns" : ["127.0.0.11", "1.0.0.1", "1.1.1.1"], "dns-search":["wildsong.biz"] }
service | containers | notes |
Home Assistant | home-assistant, node red, mosquitto | Compose |
Proxy | proxy, letsencrypt | Stack |
Squeezebox | squeezebox compose | Squeezebox server SqueezeBox See Streaming media for installation notes. |
Traccar | traccar anyd mysql | Stack |
Unifi | Stack |
$ docker stack ls NAME SERVICES ORCHESTRATOR dnsmasq 1 Swarm proxy 3 Swarm traccar 2 Swarm
See also, Asterisk in Docker geoserver Vault and others...
History
2023-11 Replaced NVME with a new one and installed Debian 12 (Bookworm).
2022-03-02 Installed Docker from the Docker repo per https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository so I can use buildx now.
2020-12-03 Installed exim4 and configured to use Sendgrid.
2020-12-01 Moved dnsmasq from Docker container to host, it just was not restarting properly when I rebooted and that would take my entire network offline.
2020-10-18 Moved from garage to structured media panel.
2020-08-05 Intel NUC edition hardware arrived. Installed Ubuntu Server 20.04.1 LTS.
2020-07-29 Bellman, Supermicro edition completely went dark. I set up Tern as a temporary replacement and ordered an Intel NUC.
2020-01-20 - started generating errors: NMI: IOCK error (debug interrupt?) for reason 61 on CPU 0. Then it would not restart. I ended up replacing the CR2032 (did not help) and then reseating the connectors. Fixed. This system is getting long in the tooth.
2019-10-04 - fix for networking, applied on Dart too.
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
2019-10-03 - Upgraded to Debian Buster (10) and this broke Docker because of the move from iptables to nftables. Must fix ASAP. All Dockers are broken. How dismaying. Repeat after me: "It's only a hobby."
2019-05-09 - Added docker-compose for elasticsearch and per recommendations of ElasticSearch docker docs, changed vm.max_map_count; it was 65530 and I set it: sysctl -w vm.max_map_count=262144
2019-04-26 - Moving NVMe WDC Black drive from Murre to Bellman.
2018-03-20 - Installed 8TB Archive drive, for TimeMachine and Owncloud storage. Moved from 120GB SSD to 750GB Samsung Evo 840. Installed clean copy of Stretch on the SSD.
2017-09-06 - Upgrade to 32GB RAM, yay! I need to do something with all that space. I did move /tmp to RAM; see SSD optimizations. I also removed a lot of dead code including lightdm (how'd that get in there?)
[/cdn-cgi/l/email-protection [email protected]]:~$ free total used free shared buff/cache available Mem: 32937080 2287376 27811208 25700 2838496 30153064
2017-08-25 - Migrated mariabdb and owncloud to Docker
2017-07-25 - Migrated logitech media server to Docker
2017-07-25 - Upgraded to Debian 9 (Stretch)
2016-10-16 - Seeing disk errors in the WDC. It's 6 years old! REPLACE!!! Installed new Seagate Barracuda ST2000DM006 2TB $70 10-26-16 Added a fan in the hard drive section of the case, too.
2016-01-26 - Installed VirtualBox 5.0.14 and Vagrant 1.8.1 (from DEB files, repos are too old) and started migration of services.
2015-12-?? - Moved to hardware formerly used for Vastra2
2015-07-10 - Added lm-sensors and added temperature tracking to Cacti.
2015-07-01 - Replaced APC UPS with Cyberpower. Installed monitoring software.
2015-06-19 - reconnected the MX330 printer and shared it.
2015-06-18 - upgraded to Debian 8 Jessie
2013-12-29 - returned from X-Mas and discovered Bellman won't boot. Snarks about a degraded RAID. Darn.
2013 Mar - Installed Linux Mint 14 so that I could use Makerware with my new Replicator 2
2013 Jan - Seagate Barracuda 2TB Green drive died. ST2000DL003 S/N 5YD77CTE Replaced with a Barracuda 2TB mirror
2011 Dec - Been doing PostGIS experiments so I upgraded the hardware.
2010 Jan - I just started this section but I have had this machine online for at least a couple years now.
2015-06-19 back up
Note this includes /home but not /green.
cd / tar --one-file-system czvf /mnt/bellman_root.tar.gz .
2013-12-29 Rescue from boot fail
I no longer need a desktop environment on the small server, because I moved my main desktop next to the 3D printer. So I put Debian back on the server again. So I am going to try a Debian rescue image.
Diagnosis
Step 1. Build rescue thumbdrive. Download from http://debian.osuosl.org/ and copy image to thumbdrive
sudo cp debian-live-7.2-amd64-rescue.iso /dev/sdX sudo sync sudo eject /dev/sdX
where X is the appropriate drive letter, do NOT use the wrong letter!
Step 2. Boot Bellman with the thumb drive
Step 3. Look around
Using hdparm -i
- sda Vertex SSD S/N OCZ-9UDI676M56Z4IR8P
- sdb Seagate 2TB ST2000DM001-9YN164 S/N Z240BVP5
- sdc Seagate 2TB ST2000DM001-9YN164 S/N Z240A0H1
- sdd rescue drive
# fdisk -l /dev/sda Disk /dev/sda: 120.0 GB, 120034123776 bytes 255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0009c7c9 Device Boot Start End Blocks Id System /dev/sda1 * 2048 218460159 109229056 83 Linux /dev/sda2 218462206 234440703 7989249 5 Extended /dev/sda5 218462208 234440703 7989248 82 Linux swap / Solaris
sdb and sdc don't have partition tables as they are used in a RAID (see 2013 Jan entry)
See LVM page
cat /proc/mdstat Personalities : [raid1] md126 : active raid1 sda[1] 117218240 blocks [2/1] [_U] md127 : active raid1 sdb[0] sdc[1] 1953514496 blocks [2/2] [UU] unused devices: <none> mdadm --detail /dev/md126 /dev/md126: Version : 0.90 Creation Time : Thu Feb 21 06:23:36 2013 Raid Level : raid1 Array Size : 117218240 (111.79 GiB 120.03 GB) Used Dev Size : 117218240 (111.79 GiB 120.03 GB) Raid Devices : 2 Total Devices : 1 Preferred Minor : 126 Persistence : Superblock is persistent Update Time : Thu Feb 21 06:30:49 2013 State : clean, degraded Active Devices : 1 Working Devices : 1 Failed Devices : 0 Spare Devices : 0 UUID : 9f48e120:81a0f612:edd8d016:611227ea Events : 0.12 Number Major Minor RaidDevice State 0 0 0 0 removed 1 8 0 1 active sync /dev/sda mdadm --detail /dev/md127 /dev/md127: Version : 0.90 Creation Time : Mon Jan 7 04:12:45 2013 Raid Level : raid1 Array Size : 1953514496 (1863.02 GiB 2000.40 GB) Used Dev Size : 1953514496 (1863.02 GiB 2000.40 GB) Raid Devices : 2 Total Devices : 2 Preferred Minor : 127 Persistence : Superblock is persistent Update Time : Mon Dec 30 17:21:21 2013 State : clean Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 UUID : 462f6c0c:68770b3a:b268e686:64f77a36 Events : 0.131 Number Major Minor RaidDevice State 0 8 16 0 active sync /dev/sdb 1 8 32 1 active sync /dev/sdc
Looks like there are 2 RAID's, and md126 is the broken one. It should be the SSD and something else? Time to open the box and see what's in there.
fdisk /dev/md126 Command (m for help): p Disk /dev/md126: 120.0 GB, 120031477760 bytes 255 heads, 63 sectors/track, 14592 cylinders, total 234436480 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0009c7c9 Device Boot Start End Blocks Id System /dev/md126p1 * 2048 218460159 109229056 83 Linux /dev/md126p2 218462206 234440703 7989249 5 Extended /dev/md126p5 218462208 234440703 7989248 82 Linux swap / Solaris Command (m for help):
Conclusion - I was planning on doing RAID mirror and never got the second drive installed. I think I might have used it in Stellar instead. Steller's drive failed and needed immediate replacement. Something failed on the SSD and now it's not booting, but this has nothing to do with the hardware from what I can tell. It complains about the RAID missing a drive but that's not new.
2014 Jan 01 rebuild
Do as in the Linux Mint section below
Also note:
PRESERVE MYSQL!!
/etc/hdparm.conf
2013 Jan data mirror build
apt-get install mdadm lvm2 mdadm --create --metadata=0.90 --level=mirror --raid-devices=2 /dev/md0 /dev/sdb /dev/sdc cat /proc/mdstat pvcreate /dev/md0 vgcreate vg_mirror /dev/md0 lvcreate --verbose --extents 100%FREE -n lv_mirror vg_mirror mkfs.ext4 /dev/vg_mirror/lv_mirror mount /dev/vg_mirror/lv_mirror /green dd if=/dev/zero of=/green/swapfile1 bs=1024 count=1048576
2013 Mar Linux Mint rebuild
Had to install mdadm and lvm2 but then it recognized the LVM drives All I had to do was mount the RAID on /green.
sudo apt-get install synaptic nfs-kernel-server ssh mysql-server phpmyadmin ntp winbind smartmontools postfix
Re-install dropbox
Re-install squeezeboxserver from Logitech. http://bellman:9000/
Set up cups again
Copy over /etc/exports file
Need AFP support for Apple Timemachine. See Netatalk 3 on Debian
December 2011 upgrade
Bellman had an Intel Little Falls Atom 230 mini-itx main board + 2GB RAM until Dec 2011. Bellman used to be an Athlon desktop system, I recycled the name because I like it.
Hardware
bellman:~$ inxi -Fx System: Host: bellman Kernel: 6.1.0-21-amd64 arch: x86_64 bits: 64 compiler: gcc v: 12.2.0 Console: pty pts/0 Distro: Debian GNU/Linux 12 (bookworm) Machine: Type: Mini-pc System: Intel Client Systems product: NUC10i5FNH v: K61160-303 serial: <superuser required> Mobo: Intel model: NUC10i5FNB v: K61361-303 serial: <superuser required> UEFI: Intel v: FNCML357.0038.2020.0131.1422 date: 01/31/2020 CPU: Info: quad core model: Intel Core i5-10210U bits: 64 type: MT MCP arch: Comet/Whiskey Lake note: check rev: C cache: L1: 256 KiB L2: 1024 KiB L3: 6 MiB Speed (MHz): avg: 500 high: 800 min/max: 400/4200 cores: 1: 400 2: 400 3: 800 4: 800 5: 400 6: 400 7: 400 8: 400 bogomips: 33599 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx Graphics: Device-1: Intel CometLake-U GT2 [UHD Graphics] driver: i915 v: kernel arch: Gen-9.5 bus-ID: 00:02.0 Display: server: No display server data found. Headless machine? tty: 112x24 API: OpenGL Message: GL data unavailable in console. Try -G --display Audio: Device-1: Intel Comet Lake PCH-LP cAVS driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 API: ALSA v: k6.1.0-21-amd64 status: kernel-api Network: Device-1: Intel Ethernet I219-V driver: e1000e v: kernel port: N/A bus-ID: 00:1f.6 IF: eno1 state: up speed: 1000 Mbps duplex: full mac: 1c:69:7a:67:a9:76 IF-ID-1: br-0deef3cf3b16 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:ea:ed:30:4d IF-ID-2: br-1abc8acede4e state: down mac: 02:42:28:b1:11:35 IF-ID-3: br-3596ed8c023f state: up speed: 10000 Mbps duplex: unknown mac: 02:42:ab:f9:d2:52 IF-ID-4: br-3a14003316ab state: up speed: 10000 Mbps duplex: unknown mac: 02:42:96:9a:03:cb IF-ID-5: br-53d612b820e4 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:64:bf:2f:5e IF-ID-6: br-76e52b16b02c state: down mac: 02:42:2d:12:cc:8a IF-ID-7: br-7f875566c220 state: down mac: 02:42:7e:19:cc:d8 IF-ID-8: br-a2f5bc89e1f9 state: down mac: 02:42:ad:87:11:41 IF-ID-9: br-d98f5362c5c1 state: up speed: 10000 Mbps duplex: unknown mac: 02:42:d2:91:ed:18 IF-ID-10: docker0 state: down mac: 02:42:39:5e:2c:b4 IF-ID-11: veth1b63b5b state: up speed: 10000 Mbps duplex: full mac: 32:8c:f1:c3:a3:3e IF-ID-12: veth20059e6 state: up speed: 10000 Mbps duplex: full mac: 96:b2:5e:72:41:4a IF-ID-13: veth3c22098 state: up speed: 10000 Mbps duplex: full mac: e6:d2:d6:4d:6e:2e IF-ID-14: veth70f35dd state: up speed: 10000 Mbps duplex: full mac: 8e:5d:2c:2d:dd:41 IF-ID-15: veth71476e6 state: up speed: 10000 Mbps duplex: full mac: ee:7c:c8:f9:2f:36 IF-ID-16: veth835c0e3 state: up speed: 10000 Mbps duplex: full mac: 12:aa:36:a2:26:c6 IF-ID-17: veth838f419 state: up speed: 10000 Mbps duplex: full mac: 4a:7b:ad:1c:58:6a IF-ID-18: veth9c763bb state: up speed: 10000 Mbps duplex: full mac: 6e:60:7c:0b:ad:4e IF-ID-19: vethb2eb4bf state: up speed: 10000 Mbps duplex: full mac: 52:dd:e6:0d:e7:41 IF-ID-20: vethbf1c6b9 state: up speed: 10000 Mbps duplex: full mac: fa:cb:12:b2:17:e8 IF-ID-21: vethe236ee0 state: up speed: 10000 Mbps duplex: full mac: ea:4e:61:03:02:64 IF-ID-22: vethe725186 state: up speed: 10000 Mbps duplex: full mac: a2:e3:35:fc:30:cc IF-ID-23: vethfa384da state: up speed: 10000 Mbps duplex: full mac: 42:48:c3:7f:c4:87 Bluetooth: Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 1-10:2 Report: rfkill ID: hci0 rfk-id: 0 state: down bt-service: not found rfk-block: hardware: no software: no address: see --recommends Drives: Local Storage: total: 2.75 TiB used: 243.34 GiB (8.6%) ID-1: /dev/nvme0n1 vendor: TeamGroup model: TM8FPD001T size: 953.87 GiB temp: 30.9 C ID-2: /dev/sda type: USB vendor: Seagate model: ST2000DM 006-2DM164 size: 1.82 TiB Partition: ID-1: / size: 952.41 GiB used: 124.27 GiB (13.0%) fs: btrfs dev: /dev/nvme0n1p2 ID-2: /boot/efi size: 511 MiB used: 5.8 MiB (1.1%) fs: vfat dev: /dev/nvme0n1p1 Swap: ID-1: swap-1 type: partition size: 977 MiB used: 332.8 MiB (34.1%) dev: /dev/nvme0n1p3 Sensors: System Temperatures: cpu: 46.0 C pch: 42.0 C mobo: N/A Fan Speeds (RPM): N/A Info: Processes: 324 Uptime: 104d 23h 33m Memory: 31.06 GiB used: 2.31 GiB (7.4%) Init: systemd target: graphical (5) Compilers: gcc: 12.2.0 Packages: 1191 Shell: Bash v: 5.2.15 inxi: 3.3.26
Intel NUC edition, born 8/5/2020
- Intel NUC10i5FNH (Newegg 7/29/20)
- 4 core i5 CPU (hyperthreaded, 8 threads)
- WiFi (Intel Wi-Fi 6 AX201)
- Bluetooth 5.2
- IR sensor
- Thunderbolt 3 (USB-C)
- 7.1 HD Audio
- Digital mic array
- Kingston Technology Corp. HX429S17IBK2/32 32GB 2933MHZ DDR4 (2 16GB SODIMM) (Newegg 7/29/20) Note, MAX is 64GB
- Team Group MP33 PRO M.2 2280 1TB S/N TPBF2308210070300362 5 year warranty (Newegg 11/23)
- REPLACED 11/23 - WD Black 512GB Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from Supermicro)
- REMOVED -- Corsair Neutron at /workspace 240GB /dev/sda s/n 124479060000190702E2
It has GEN3 PCIe which means this WD Black NVME is about as fast as it will ever get.
Audio
I note that it says it has a microphone array, and that appears to show up in dmesg so I guess it's true? This might mean I need to move the computer up someplace where it can listen to me?
It says it has a DSP too.
Supermicro version, deceased 7/29/20
Local copy of motherboard manual File:SuperMicro SYS5018A.pdf
Audio output: NuForce UDAC 2
Newegg 03/26/2019 2 Noctua 40mm x 20mm system fans
Newegg 09/03/2017 Inv 153021116
Newegg 10/16/2016 Inv 143374043
Newegg 11/21/2014 Inv 120335149
- SUPERMICRO SYS-5018A-FTN4 1U Rackmount Server Barebone FCBGA 1283 DDR3 1600/1333
- SUPERMICRO MCP-220-00051-0N Single 2.5" Fixed HDD Mounting Bracket
- 4 x Kingston 8GB 204-Pin DDR3 SO-DIMM ECC Unbuffered DDR3 1600 (PC3 12800) Server Memory Model KVR16LSE11 (3 added 2017-09-07)
- sda = Samsung SSD 840 EVO 750GB
- sdb = Seagate Archive 8TB (Installed 3/18/18, purchased 9/03/17)
- WD Black 512GB Performance SSD - M.2 2280 PCIe NVMe Solid State Drive - WDS512G1X0C (moved from Murre)
eth0 00:25:90:F7:37:72
Bellman is configured to bring up a management interface on this ethernet interface too. (Optionally there is a separate management interface. This server has 5 ethernet ports, 4 on the motherboard and 1 on the management card.) Since it's a Supermicro possibly it can be pwned at any time by the Chinese. Since I don't use Bellman to control centrifuges or do weapons research I live with it.