Browsed by
Author: Joe

HP iLO Amplifier Pack – Installing VMware Tools

HP iLO Amplifier Pack – Installing VMware Tools

We recently installed the iLO Amplifier Pack at work. HP ships this software as a way to easily manage their servers from a central location. The interface looks nice, however they really lock you out of the virtual machine and limit the command line. This presents a major annoyance because they decided to ship this OVA file without installing VMware tools or open-vm-tools.

I did a little digging around through the Veeam backup and discovered the virtual machine was running Debian 9.5. HP pretty much locks out the Administrator account by not assigning the user a shell and using ForceCommand within the sshd_config configuration.

ForceCommand /opt/wolfram/bin/wcli

I was able to install open-vm-tools by booting into the Debian Live CD and using change root to modify the virtual machine environment. We don’t have DHCP on the server network, so I had to set an IP address and DNS server. Make sure the live environment has access to the network before continuing.

sudo mount /dev/sda1 /mnt
sudo mount --bind /dev /mnt/dev
sudo mount --bind /proc /mnt/proc
sudo mount --bind /sys /mnt/sys
sudo chroot /mnt

nano /etc/apt/source.list
apt update
apt install open-vm-tools

I confirmed VMware tools was running after rebooting the machine.

I also discovered a couple other things that I will write another post about next week…

HP – In the meantime, please consider shipping this OVA file with open-vm-tools. It is pretty rare to run into a situation where it is not included.

Qubes OS 4.0 Release

Qubes OS 4.0 Release

Qubes OS 4.0 was recently released after a fairly lengthy development cycle.

I have been running the new release on my Librem 13 laptop since RC3 and all the changes have been great. I am sure the release notes on their website will do a better job describing all of the changes than me. If you are interested you can find them here:

My favorite noticeable changes were to the user interface. Widgets were added for mounting/unmounting USB devices, interacting with or shutting down running Qubes, and showing system disk space usage. Despite it being a controversial idea, the Qube Manager was slated to removed from this release. In the end the Qube Manager stayed, but with the addition of the new widgets I find myself rarely opening it anyways.

Purism has also released new firmware that supports Intel VT-d which is “required” in version 4.0. The update process was pretty straight forward on my Librem 13. I ran the update from a Debian Stretch installation I had on a 32GB flashdrive.

I previously wrote a short post detailing a business use case for running Qubes OS and would recommend anyone who wants better control of their data and security to give it a try.

Purism Librem 13 v2 Review

Purism Librem 13 v2 Review

At first I thought about writing your typical hardware review, however, it seems like they can become repetitive by following a similar layout to cover similar hardware and software aspects of the machine. Instead, I want to briefly talk about how I justified the cost of and my first impressions of the laptop as an end user.

I wanted to replace my old and cracking Thinkpad x230 running Coreboot, gain NVMe support, and finally get back to a 1080p screen. My main reasons for purchasing this laptop was because Purism supports privacy and ships Coreboot on their machines. As I said in an earlier post, I think it’s important to support companies providing specialty hardware like this so it continues to be available and may prompt others to follow suit. For example, it was great to see Purism start disabling Intel Me, followed by System 76, and even Dell.

Initially, I was supposed to receive my laptop around August… My understanding is there were supply chain issues, Coreboot kinks to work out, and a large effort on the phone (I pre-ordered one of these too) funding campaign which delayed shipments. The laptop finally arrived in December. I tried to be very understanding of this because, in my view, Purism is a smaller company that does not have the resources to have a large amount of stock on hand like other established hardware providers. They do everything in batches. They were also releasing the first i7 version of the Librem 13 v2 with Coreboot support. Sill, it would have been nice to have had better expectations set upfront and to have been better kept in the loop of progress and delays.

After unboxing the laptop I was honestly I little worried it would not meet my expectations. I have been using a Thinkpad of some sort for the last eight years and have grown accustomed to their feel and durability. While the aluminum body looks great, it almost felt fragile, and at first I was worried about damaging it. I also read some reviews about it showing lots of grease from your fingers. However, after using the laptop for the last three weeks it has really grown on me and I am happy with the feel of everything.

The finish does show some spots, but they are not nearly as bad as some other posts made me think. I actually think the trackpad will be more resistant to the typical Thinkpad-trackpad-wear, in which a large greasy/polished/shiny spots shows up where it is used the most. Time will tell.

I killed PureOS in favor of running Qubes OS too quickly to give much of a review, but the setup was quick and easy. If you are new to running Linux I would recommend sticking with PureOS because it is easy to use, a derivative of Debian, and was recently added to the Free Software Foundation‘s list of endorsed distributions. Currently, I am having a major problem with Qubes 3.2 as it will not resume from suspend…

Overall, I am real happy with the final product that was delivered. It will take a little time to get used to a new keyboard layout and I am eagerly awaiting VT-d support to be added so Qubes OS 4.0 will be supported.

I bricked (and recovered) the Meraki Z1

I bricked (and recovered) the Meraki Z1

I purchased a used Meraki Z1 on eBay (~ $70) because it is supported by LEDE and seems to be pretty good hardware. It has 4 GbE LAN ports, 1 WAN port, and dual-concurrent 802.11n radios 2×2 MIMO. The LEDE support is important because I am not paying Cisco a yearly license to put my device in their cloud. Unfortunately, while flashing it the first time around I ended up with a brick.


Bricked after using beta build on Github. Lesson learned – Build from source.

  1. Build from source
  2. Follow directions and flash
  3. Win

Read More Read More

Purism Librem 13 Ordered

Purism Librem 13 Ordered

I have been happy with my Lenovo x230 up until this point, but was really looking for a 1080p screen, NVMe support, and USB-C. Purism recently started supporting Coreboot and added an i7 processor to the 13″ model which helped sway my decision on purchasing a new laptop.

It certainly was not a cheap purchase, nevertheless I am glad that they are supporting Coreboot and working on reverse engineering Intel ME. Hopefully they will continue to contribute to open source and their work on freedom-respecting computers. I believe in voting with your dollars and want to see more current hardware supported by Coreboot in the future.

The i7 models are currently back ordered, but it sounds like my new laptop should ship sometime in August or September. I may decide to write up a simple review or comparison to the x230 once it arrives.

Free the Meraki MR24 w/ LEDE Project

Free the Meraki MR24 w/ LEDE Project

The LEDE Project (“Linux Embedded Development Environment”) is a Linux operating system based on OpenWrt.

I have used OpenWrt in the past and had not heard of the LEDE Project until I was researching the ability to reflash Meraki gear. I picked up a couple Meraki MR24s for cheap on ebay after finding out they were supported. The hardware is a 3×3 MIMO 802.11n access point which supports up to 900 Mbps. If you are not familiar with Meraki, it is cloud based gear that is managed from the cloud and requires users to purchase a yearly license.

A GitHub user named riptidewave93 posted code and a flashing guide to liberate the Meraki and convert it to a standard access point. His work was merged into the LEDE Project, but has not made it into OpenWRT yet.

His flashing process is pretty straight forward, but doesn’t cover the UART pins which can be found here:

To open the case you need a T6 Torx bit and I used a knife to pry the metal case past the plastic.

On the other side I hooked up my USB to Serial adapter and booted into LEDE.

Some of the information was all over the place which is why I consolidated it here. The AP has been working great and it is worth the cost if you are looking for an enterprise level Wireless-N device.

Separating Work/Life Data

Separating Work/Life Data

As a system administrator I deal with a lot of different systems and accounts on a daily basis. Over the last six months I have been struggling with the idea of splitting work from my personal life. I would like to keep them separate, but the thought of carrying two laptops makes me cringe.

Qubes OS aims to solve this problem and many others by splitting these actives into different AppVMs. Qubes OS 3.2 was released recently and I thought now would be a good time to try switching.

After installing Qubes, I had it create the basic AppVMs. These included untrusted, personal, and work. I am a big fan of Debian so I switched all the default VMs to the debain-8 template. The last step was to configure my personal and work AppVMs which included a new LastPass account and adding some applications to the template.

Now I will work on getting used to the new work flow and plan on adding interesting information to the blog as I run across it.


Uninstalling PE from agent nodes

Uninstalling PE from agent nodes

At work we switched from using Puppet Enterprise to Ansible for a variety of reasons. After the switch I disabled the Puppet agents, but never got around to uninstalling all of them.

Recently, I ran into an issue where one server suddenly turned the Puppet agent back on and reverted changes that were made. I decided it was time to clean up the mess, but Puppet requires files from the server in order to uninstall the agent and my server was long gone.

This document covers the agent uninstall process:

I uploaded the necessary files here, in order to prevent myself or other people from installing Puppet Enterprise again to retrieve them:

ansibleThe next step was to create an Ansible job to copy these to the server and run the uninstall script. Easy.


- hosts: puppet
become: true

- name: check for pe-agent
command: rpm -q pe-agent
register: rpm_check
ignore_errors: true

- block:
- name: copy uninstall script
copy: src=files/puppet/puppet-enterprise-uninstaller dest=/tmp/puppet-enterprise-uninstaller mode="u+rwx"

- name: copy utils and answers
copy: src=files/puppet/{{ item }} dest=/tmp/{{ item }}
- utilities
- answers.remove

- name: run uninstall script
command: "/tmp/puppet-enterprise-uninstaller -a /tmp/answers.remove"

- name: cleanup
file: path=/tmp/{{ item }} state=absent
- utilities
- answers.remove
- puppet-enterprise-uninstaller

when: rpm_check.rc ==0

Libreboot version 20160818 released

Libreboot version 20160818 released

The new version of Librebot was just released which brings new hardware compatibility and tons of great improvements. I am excited to update my Lenovo x200s and will make sure to update this post with a quick overview of my experience.

This is one of features that really popped out for me:

256MiB VRAM allocated on GM45 (X200, T400, T500, R400) instead of 32MiB. This is an improvement over both Lenovo BIOS and Libreboot 20150518, allowing video decoding at 1080p to be smoother. (thanks Arthur Heymans) To clarify, GM45 video performance in libreboot 20160818 is better than on the original BIOS and the previous libreboot release.

They also improved battery life across multiple models.

You can read all the changes here and download the software from their website.

Update, 8-22-16

The upgrade was really straight forward and worked great on my x200s. Anyone who has already flashed a laptop will already know everything they need to upgrade.

The guide can be found here. Make sure to merge your MAC address into the rom before upgrading.


Update, 9-15-16

A bugfix version, 20160907, was released on 2016-09-07. It does not contain any board changes, but make sure to use the latest one while upgrading.

FAILED at 0x00000000! Expected=0xff, Found=0x00

FAILED at 0x00000000! Expected=0xff, Found=0x00

I spent the last couple days pulling my hair out trying to figure out why flashrom kept failing to flash my Lenovo x220 with coreboot. I was able to get a successful backup of my firmware after shortening the cables, but for some reason writing and image kept failing. When running the command the chip would randomly not be found or sometimes acted like it disconnected during the operation. At this point my laptop was bricked and I was having trouble finding anyone else on the internet having the same problem.

I am using the BeagleBone Black as a SPI flasher and it has been successful in the past with my Lenovo x200s. The flash chip was powered with 3.3V from a cheap breadboard power supply. The Libreboot project provides a really nice guide and some troubleshooting tips.
Screenshot from 2016-08-15 13-10-26
I was suspicious that the power supply wasn’t supplying a stable 3.3V so I ordered an expensive Sparkfun model and a Teensy 3.2 as a good backup plan.

After receiving my order, the off brand and Sparkfun breadboard power supplies did show any positive improvements to my problem. However, pulling 3.3 voltage from the Teensy did. I was able to flash and boot my laptop. I believe my main issue was the fact that voltage was not stable or high enough to properly flash the chip. The chart below shows the measured voltage outputs using a decent multimeter:

5V – 2A 9V – 650mA 12V – 1A (Linksys) USB
Black 2.835v 3.256v 3.306v
White 3.248v 3.249v 3.250v
Red(Sparkfun) 3.278v 3.277v 3.278v
Teensy 3.289v

This chart makes me think that my original method using the black breadboard power supply and the Linksys wall adapter should have worked. However, I am not sure how to measure voltage under draw and maybe it dropped to low when the write started. I also did not test all of the above options for flashing. It is important to note how much the power supplies are affected by different power adapters.


My theory is that I did not have problems flashing my x200s because the flash chip was older and smaller which required less voltage to write. Reading a chip might also require less voltage which is how I got a good backup and was able to build my coreboot image. I do not pretend to be an expert in electronics so please correct me in the comments if you have a better idea than me. I am just trying to provide my findings to hopefully help another person.

Next time my flash is failing the first thing I will do is pull out a multimeter and double check the voltage.

Edit (8-2-2017): I found out that a 5v adapter and the USB connection on the BeagleBone Black makes the built-in 3.3V pinout work just fine. I saw this in some other documentation recently and I am not sure if it is new or if I overlooked it before.