Administration Tips
D-STAR Web Status
As of v2.1c, the current status is represented in /dstar/tmp/status A very quick'n'dirty way to get this on the web is:
# ln -s /dstar/tmp/status /opt/products/dstar/apache/securesite/dplus-status.txt
then you can point a browser at:
https://your_gateway_ip_address/dplus-status.txt
~Iain K6IAM
Connection Status
If you now use "XXNYYY I" as urcall
(where you substitute your repeater callsign), it will play
/dstar/tmp/id.dvtool if not linked and
if linked it will play /dstar/dv/remotesystemlinked.dvtool.
Added a status file as /dstar/tmp/status that
shows the current status of dplus. The status file shows dplus
version, connected dongle users, and linked modules.
Robin AA4RC
Trust Server Replication Status
http://dsyncg2.dstarusers.org/index.php?gw_status=KJ4BDF
Change User Password
A program that will change a user’s password on your G2 system has been released.
cd /tmp
curl –O opendstar.org/tools/G2/dstarpasswd-install.sh
sh ./dstarpasswd-install.sh
Usage: /dstar/tools/dstarpasswd CALLSIGN password
(e.g. /dstar/tools/dstarpasswd AA4RC IneedApass? )
Robin AA4RC
D-STAR G2 Scripts & Utilities
service dstar_gw stop - Stop the gateway software
service dstar_gw start - Start the gateway software
service dstar_gw restart - Restart the gateway software
service dstar_gw status - Check the status of the gateway software
service dplus stop - Stop the dplus software
service dplus start - Start the dplus software
service dplus restart - Restart the dplus software
service dplus status - Check the status of the dplus software
service dsm stop - Stop the DstarMonitor software
service dsm start - Start the DstarMonitor software
service dsm restart - Restart the DstarMonitor software
service dsm status - Check the status of the DstarMonitor software
cat /var/named/chroot/var/named/dstar.local.db Peek inside the named database of all the current registered calls
http://www.dstar.ca/gateway.html
Linking Script
I have created a simple command line linking bash script to make linking to the reflectors or repeaters a bit earsier. You can modify the script to fit your needs. It is easy to edit and use.
---------------script-start--------------------------
#!/bin/bash
# Link and un-link simple script
# David Griffith - NZ6D
PS3='Choose your favorite reflector and port '
echo
select reflector in "KI6KQUB" "REF001A" "REF002A" "REF003A" "REF004A" "REF005A" "REF006A" "REF001B" "REF002B" "REF003B" "REF004B" "REF005B" "REF006B" "REF001C" "REF002C" "REF003C" "REF004C" "REF005C" "REF006C"
do
echo
echo "LINKING to $reflector."
echo "$reflector"L >/dstar/tmp/link-b
echo
break
done
echo
PS3='UNLINK which Reflector and port '
select reflector in "KI6KQUB" "REF001A" "REF002A" "REF003A" "REF004A" "REF005A" "REF006A" "REF001B" "REF002B" "REF003B" "REF004B" "REF005B" "REF006B" "REF001C" "REF002C" "REF003C" "REF004C" "REF005C" "REF006C"
do
echo
echo "UN-LINKING $reflector."
echo "$reflector"U >/dstar/tmp/link-b
echo
break
done
exit 0
------------script-end-------------------
Dave - NZ6D
Gateway status
Posted by: "Evans F. Mitchell KD4EFM -"
kd4efm@kd4efm.org Wed Mar 26, 2008
log in and type
service dstar_gw status
check the listing it sends back to you.
Also from the web interface, check and see if you see the other G2
gateways just to make sure...Evans
Email notification
Re: G2 Email Notification Function
Posted by: "Matthew J. Grossman"
matthew@grossman.com Tue Apr 8, 2008
Make sure sendmail is properly configured:
chkconfig sendmail on
/etc/init.d/sendmail start
Also check /var/mail/maillog* to see if attempts are being made.
It's also a good idea to alias (/etc/aliases) root to an account
that you check. Sendmail was off on our machine and a bunch of "Log
Watch" reports weren't going anywhere because of it.
(I just discovered the sendmail issue when investigating this same
issue.)
-Matthew AC7IL
DShark
cd /dstar/tools/
curl -0
http://www.opendstar.org/tools/dshark
Then make the download executable:
chmod 755 dshark
Then execute:
./dshark
Re: dshark question(s)
Posted by: "john_ke5c"
ke5c@hot.rr.com Fri Apr 11, 2008
1) If you downloaded to another
directory, for consistency, put dshark in /dstar/tools. You may need
to create both of those directories.
cd /
mkdir dstar
cd dstar
mkdir tools
mv /somedirectory/dshark/dstar/tools/dshark
2) Make dshark executable. When you download it, it is not "executable.
cd /dstar/tools
chmod 755 dshark
3A) To run dshark from /dstar/tools (i.e., you are logged onto this directory) - you must be logged on as root or have su'ed to root privileges:
./dshark
3B) To run dshark from any other directory:
/dstar/tools/ dshark
3) To stop execution, type ctrl-C
73 – John
DShark
I installed "dshark" which is AA4RC's tool to look at gateway
internet traffic. You should see a handshake with packets listed by
dshark beginning "C>G ..." after every packet labelled "G>C ...",
and you only have the gateway sending to the controller. dplus is
running, and you see AA4RC's server pinging your dplus which it does
so it knows your gateway is still there.
Named
Posted by: "AA7OO"
aa7oo@cox.net Tue Mar 25, 2008
WOW !!!!, named was not running !! I never even thought about it and
it was
staring me in the face. Reason is that when doing the named script
install,it was done from root's desktop term window(default is
therefore run level 5) I have the server rebooting to run level 3.
So named was not running after each of the reboots. Thus the reason
for my errors on not binding. Not sure why it only gave that error
once.
I'm now able to register all my modules, even though they are not
connect. My gateway is working but will give empty connections.
Might be a good idea to distribute this little install factoid about
run-levels. When installing from root and doing it from the desktop,
go to services and set named to start at run level 3 and run level
5.
It's not really mentioned anywhere that the install should be done
only from the root command line and there is nothing mentioned about
what run-level the server should boot to. I set my run level because
that was what G1 wanted.
Thanks Tommy !! Norm, aa7oo
Bad owner name
Posted by: "ke5c"
ke5c@hot.rr.com Sat Apr 26, 2008
> Looks like this is in the K5CTX System for N5AWH. Can you please >
remove the entry or have them edit it so that the - goes away.
First, apologies to Gerry and the entire group for not detecting
this ourselves.
Second, if someone does this on your gateway, your gateway DNS will
break. I don't understand exactly why, but it will. I spent eight
hours yesterday trying to figure out why 'dig router.dstar. local'
quit working on K5CTX. The voice part of the gateway continued to
work, but I'm sure the data part would not have. Since we do not do
DD right now, I discovered this totally by accident. I compared
files, even copied working files, from the sister gateway, W5HAT, on
which 'dig router.dstar. local' continued to work, all to no
avail. Immediately after I deleted the 'n5awh-' terminal (DNS) entry
from the database, K5CTX resumed normal behavior. Thus it appears an
illegal DNS name only shoots your own gateway in the foot, not the
entire network - some consolation.
BTW, 'dig pcname.dstar. local', e.g. 'dig ke5c.dstar.local' will
return your gateway assigned 10.x.y.z IP. Just remember, use
your 'pcname' you that entered registering your 'terminal', and this
may be different from your actual callsign, as we just saw...
73 - John
How to see what the Gateway is doing/has done?
Posted by: "Robin Cutshaw Wed Apr 23, 2008
I constantly run "tail -f /var/log/dplus.log" to see what is
happening real-time on my gateways.
Robin AA4RC
Monitor D-STAR Communications
cd /dstar/tools
./dshark
ctrl c to exit.
Local Data Viewer
To see GPS Information - Just telnet in from the gateway computer to localhost:port > (24580, 24581, 24582, or 24583 matching ports 1 through 4) and key up
DPlus command line linking
Added support for linking new multi-gateway reflectors. Fixed some collector logging code for reporting dongle users to dstarusers.org. Added the ability to link and unlink from the Linux command line on gateways. Examples:
echo "REF001CL" >/dstar/tmp/link-b
to link your local module B to reflector module C
echo " U" >/dstar/tmp/link-b
to unlink your local module B from any gateway/reflector Do not link multiple local modules to the same remote module. You can link local modules to separate remote modules on the same or different reflectors/gateways. As with 2.0, you cannot link the same local module to multiple remote gateways/modules. This avoids undetectable linking loops. Use the reflectors for this function.
Best practices - Root Logins
1…by John KE5C
kb2wf questions - I still log in as Root, which does not seem wise.
I want to use SSH or something, considering the PC will be remote.
What do you advise as best practices?
1) Go to System>Administration>Groups and Users and create a few
users. We have ke5c, nu5d and a few others as users.
2) Edit the file /etc/ssh/sshd_config by going down to the line
"#Port 22". Delete the pound sign and change the port to whatever
you want to ssh in on. Port 22 is standard and you don't want to do
that. You can use 2220 etc. Save the file. REMEMBER TO FORWARD PORT
2220 ON YOUR ROUTER AND OPEN PORT 2220 ON YOUR IPTABLES (if you are
running them)!!!
3) Edit the file /etc/sudoers. This is a bit trickier since this
starts as a read only file and needs to end up a read only file. So
do the following:
chmod 640 /etc/sudoers
edit the file /etc/sudoers by adding lines like the following where
I show them. I've shown two existing lines before and after:
## Allow root to run any commands anywhere <= existing
root ALL=(ALL) ALL <= existing
## Beginning of added lines
## Apr 9, 2008 by kb2wf
## Allow w5hdr admins to run all commands
User_Alias W5HDR = kb2wf, k5jtj
W5HDR ALL=(ALL) ALL
## End of added lines
## Allows members of the 'sys' group to run networking, software, <=
Existing
## service management apps and more. <= existing
save the file
chmod 440 /etc/sudoers
4) now you can ssh in on port 2220 as ordinary users, then use the "su
-" command (super-user) to gain root privileges if you need them,
and you do to start and stop the gateway, etc. just remember that
the path you have is still the path of an ordinary user so some
system commands aren't in your path and you have to specify them. an
example is the command "ifconfig". to use that you now have to type
/sbin/ifconfig. If you try a command you think should be available
but it is not, look for the command using find. to find ifconfig,
type "find / -name ifconfig". this won't happen often.
> (I show named as running in level/ edit level 5 ......is this
correct?)
i have named running in all runlevels. go to
System>Administration>Services and click the Edit Runlevel menu.
Select the last option, Runlevel All. Check the box for all run
levels. That way you can boot to just runlevel 3 if you want.
You'll do the same thing with dstar_gw (and dplus once that's
installed and working).
73, John KE5C
su vs. su -
When you use the su command to change to the super user, add the "dash option" - just a dash. 'su' just gives you the identity of root, but you stay in the login 'environment', e.g., PATH, etc. Using the dash option actually is just like logging in as root so you get root's environment, including the sometimes important '/sbin' directory in your PATH.
Root Logins
Posted by: "ve7fet"
ve7fet
Wed Apr 23, 2008
In /etc/ssh/sshd_config you will also want to change:
#PermitRootLogin yes
To
PermitRootLogin no
That disallows root logins in ssh. You need to login as a regular
user and su - to root. Also, if you make any changes to sshd_config,
you either need to kill -HUP the sshd process or (since this is
CentOS) service sshd restart to allow it to re-read the config file.
There is no real reason to run the G2 box in full graphical mode
once you get it all setup. Especially if you will be remote
administrating it via SSH (since everything we're doing requires
terminal access anyways). Save some RAM and horsepower and change
the default runlevel to 3 from 5.
Open /etc/inittab and change:
id:5:initdefault:
to
id:3:initdefault:
and then restart.
You already have a note about checking that named is started in
runlevel 3.
If you do a chkconfig --list it will list all the services and
runlevels and whether those services are on or off in the different
runlevels.
Ensure that what's running in runlevel 5 is the same for runlevel 3.
Note that even with sendmail configured and running, the G2 software
doesn't seem to be sending user registration alerts. Hopefully that
will be resolved at some point.
There are also other services that can usually be turned off (unless
you have a specific need for them). These include things like all
the Bluetooth support processes, nfs, cups, etc. They will save some
RAM too if they're not running.
Cheers! Lee
Simplified access for users
Re: G2 Web Page Access
Posted by: "ve7fet"
yahoogroups@woldanski.com http://profiles.yahoo.com/ve7fet"
Sun Apr 20, 2008 12:18 pm (PDT)
Pulling a thread out of the way back file...Paste the following into
a file called index.html:
Forwarding to login page...please wait.
Save it somewhere on your G2 box that you remember.
Log in as root on your G2 box and copy this file to into
/opt/products/dstar/apache/securesite
Change to that directory
(cd /opt/products/dstar/apache/securesite)
and do the following:
chmod 644 index.html
Now, when you browse to your G2 box in a web browser and forget the
Dstar.do part (but don't forget it
still has to be https), you will
get re-directed to the login page automagically.
Works if you browse to
https://my.external .ip.address, or
https://FQDN. of.G2.box, etc.
Cheers! Lee
Open a terminal screen on your G2 box.
More simplified access:
"Nate Duehr"
nate@natetech.com
wy0x Wed Apr 23, 2008
5:00 pm (PDT)
I had some ideas on how to make VE7FET's "Simplified Access for
Users" in this document better. He adds an "index.html" file to the
"securesite" directory.
Here's some rough notes folks can do if they wish. I'd like
some linux-savvy folks to look this over, obviously -- but I'll
share.
First off, I thought the index.html was a little clunky, so I re-did
it, real fast, using the stylesheet.css from the Dstar.do page, etc.
You can see my version on our gateway:
https://aspen. natetech. com
Our gateway will be shut down for a week or two while we move it, so
if you're reading this in the archives months from now, use:
https://gateway.
coloradodstar. org
Okay... now that you've seen it and want it:
On your gateway...
cd /opt/products/dstar/apache/securesite
curl -O http://www.natetech.com/files/dstar-scripts/dstar-index. html
mv -i dstar-index.html index.html
(It will ask you if the filenames are right -- CHECK THEM, then hit "y".)
chown dstar:dstar index.html
chmod 644 index.html
This is an sample file, you need to edit it to replace the word
CHANGEME with your FQDN or public IP of your Gateway.
Open the index.html file in whatever editor you choose and replace
CHANGEME with the appropriate FQDN or IP of your Gateway that users
access from the Net. (There are three CHANGEME's in the file.)
This gives you a "nicer" page than in VE7FET's e-mail, but it is
still based on his idea.
Next, if you'd like your users to be able to hit the NON-secure port
80 FQDN or IP of your Gateway and get redirected to the Secure page
at 443, over SSL... especially now that you have a web page that
works for https://FQDN/ from the above
change, see below.
First, you have to determine if you can use port 80. Your router
might be using it from the external interface (often not, but check)
or something else in your network might be. (You decide.) Many times
it is not available.
But if it is available and not blocked in your ISPs network:
Port-forward port 80 on your routers external interface to 10.0.0.2.
After that's done, go back to your Gateway and:
cd /opt/products/dstar/apache/conf
First, a warning. This is the master configuration file for your
Gateway's webserver.
BE CAREFUL. And before you mess with it, MAKE A BACKUP COPY of your
httpd.conf file:
cp -ai httpd.conf httpd.conf.backup
If everything goes we’ll, remove it later with:
rm -i /opt/products/dstar/apache/conf/httpd.conf.backup
If things don't go well, there's instructions at the bottom of this
e-mail.
Open the httpd.conf file, and right below these three lines:
Include conf/dstarssl. Conf
Include conf/dstarnonssl. Conf
Save and exit the file.
Now do this:
cd /opt/products/dstar/apache/ conf
curl –O http://www.natetech.com/files/dstar-scripts/dstarnonssl.conf
chown dstar:dstar dstarnonssl.conf
chmod 644 dstarnonssl.conf
Open the file and replace CHANGEME with the correct FQDN or public
IP of your gateway that you want people using.
Finally, restart your Gateway to get Apache to reload the new
information.
/etc/init.d/dstar_gw restart
This is a rough start on an easier way to do this. Since it touches
the httpd.conf file, any reinstall of the Gateway software itself
would wipe out any of this, of course. Make backups of the changed
files for your records after you have it working. I would
like to re-do this with a script download that would prompt the
user for their FQDN or IP and do the "hard" stuff for you, but no
time to mess with that, right now. If someone wants to take it on
as a project, feel free.
Sharing this for those who are COMFORTABLE doing things like this
and are CAREFUL about making backups of things they're changing. I
tried to make this as "fool-proof" as I could, but be aware that
you're changing httpd.conf, the main configuration file for your
webserver and if you botch it, you'll need to roll back your
original:
Rollback:
cd /opt/products/dstar/apache/conf
cp -ai httpd.conf.backup httpd.conf
/etc/init.d/dstar_gw restart
Have fun., Nate WY0X
DStarquery
Posted by: "john_ke5c"
ke5c@hot.rr.com Tue Mar 25, 2008
http://www.opendstar.org/tools/G2/ contains some utilities that
report on the gateway database. They appear to run as is without
arguments. The names are fairly self-explanatory. I put each in a
directory /dstar/tools. You can easily download them with curl while
logged onto that directory, e.g.:
cd /dstar/tools/
curl -0 http://www.opendsta r.org/tools/ G2/dstarquerydb
Then the download executable:
chmod 755 dstarquerydb
Then execute:
./dstarquerydb
Changing repeater information on gateway
Posted by: "Iain (K6IAM)" Jun7 2008
“I just changed frequency from 447.575 to 444.650 How do I make the
changes so that the JFINDU site have the correct frequency of my
repeater.”
That's fed by DStarMonitor. Edit the file:
/opt/dstarmon/Dstarmonitor.properties
then run:
service dsm restart
Scheduled Linking/unlinking
From: John - KE5C
ke5c@hot.rr.com June 7, 2008
K5CTX^^B and W5HAT^^B will be linked to the Texas net each Tuesday
by crond. Sysadmins, you can add lines to your crontab to unlink
your module at 7:58 PM and link it at 7:59 PM.Change link-b to
link-a or link-c if necessary:
# Texas net
58 19 * * Tue echo " U" > /dstar/tmp/link-b
59 19 * * Tue echo "REF001AL" > /dstar/tmp/link-b
To add the entries
crontab -e
This will place you in a VI type editor, so be sure you know how to use it. If you get there by mistake use :q to exit.
Crontab entries removed
If your crontab entries get removed, which can be seen by not having entries in /var/log/dsipsvd.log file every few minutes, the crontab can be rebuilt by the following
cd /opt/products/dstar/dstar_gw/cron
crontab root.cron
To also add the Postgres entries
crontab -u postgres postgres.cron
Play a voice file over the radio
Copy the file to /dstar/tmp/play-b.dvtool or change the play-b for the appropriate module
cp /dstar/dv/alreadylinked.dvtool /dstar/tmp/play-b.dvtool
To record a new voice file
A new voice file can be made with either a radio of the DVDongle. With the DVDongle, set the options to create a .dvtool file and copy the file to the gateway server /dstar/dv and replace the appropriate file or create a new id.dvtool for your repeater's ID.
From a radio, create a voicemail by setting the UR to XXNXXXS0.
To play this file back, set the UR to XXNXXXP0
This will create a voice file /dstar/tmp/vm-0.dvtool. Rename this
file to id.dvtool.
cd /dstar/tmp
mv vm-0.dvtool id.dvtool
To play the ID, use XXNXXX I. This will give the linked status of the repeater or the ID if not linked.
