#StackBounty: #debian #wifi #networkmanager #cinnamon #gui WiFi Settings Missing in Network Manager

Bounty: 50

I’m running Debian 10 Cinnamon, and recently I’ve noticed that the WiFi settings within Network Manager(nm-applet) are completely missing. Previously, I could click the network icon in the bottom right of the page, click Network Settings, and I would be brought to a menu which listed the different interfaces, in this case wired and wireless. Now, there is only “Wired” and “Network Proxy” shown. All previously saved WiFi settings are still working, but I cannot modify settings as I was previously able to. The nm-connection-editor works fine. The saved Wireless connection can auto connect and works fine in the background, but I have no way to add a new network or easily control the wireless settings for a network via nm-applet anymore.

Why is this menu vanishing? What can I do to fix it? Heres an image of the missing menu. enter image description here
Note, where it says “Wired” on the left side column, there should be another option for “WiFi”, as was there when Debian was initially installed.

I have found that running sudo rfkill unblock all; sudo pgrep NetworkManager | xargs sudo kill -9; fixes the issue, but what could be the root cause? This was not happening on a fresh install.


Get this bounty!!!

#StackBounty: #debian #x11 #cinnamon Cannot Set Higher Screen Resolution on Debian 10 w/ ThinkPad T420 and Samsung UE850 Monitor

Bounty: 50

I am trying to set a higher resolution on my Debian 10.3 system. I am using Cinnamon as my desktop environment. My machine is a Lenovo ThinkPad T420 type 4236 and I have an external Samsung UE850 monitor.

I used the following commands to try and set a higher resolution:
1. cvt 2560 1440 #gives me the modeline
2. xrandr –newmode “2560x1440_60.00” 312.25 2560 2752 3024 3488 1440 1443 1448 1493 -hsync +vsync
3. xrandr –addmode HDMI-2 “2560x1440_60.00”

I can then go to settings->display and see the new mode I added. When I select it and select “Apply” I get the following error:

“Could not set the configuration for CRTC 63”

What am I doing wrong?


Get this bounty!!!

#StackBounty: #apt #package-management #dpkg #debian dpkg: error processing package linux-firmware (–configure)

Bounty: 50

I get the following error, when i install/uninstall a package on my Ubuntu 16.04 machine. Please help.

sudo apt-get install slack
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  amd64-microcode intel-microcode iucode-tool libstd-rust-1.36 linux-headers-4.15.0-76 linux-headers-4.15.0-76-generic linux-headers-generic-hwe-16.04
  linux-modules-4.15.0-76-generic thermald
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  slack
0 upgraded, 1 newly installed, 0 to remove and 255 not upgraded.
3 not fully installed or removed.
Need to get 1,550 B of archives.
After this operation, 25.6 kB of additional disk space will be used.
Get:1 https://packagecloud.io/slacktechnologies/slack/debian jessie/main amd64 slack all 1.2.1 [1,550 B]
Fetched 1,550 B in 4s (361 B/s)   
Selecting previously unselected package slack.
(Reading database ... 438564 files and directories currently installed.)
Preparing to unpack .../archives/slack_1.2.1_all.deb ...
Unpacking slack (1.2.1) ...
Setting up initramfs-tools (0.122ubuntu8.14) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-firmware (1.157.22) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-58-generic
cp: cannot create regular file '/var/tmp/mkinitramfs_LmQYTP/init': No such file or directory
/usr/sbin/mkinitramfs:276: no such file or directory: /var/tmp/mkinitramfs_LmQYTP/conf/arch.conf
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_LmQYTP//conf’: File exists
cp: failed to access '/var/tmp/mkinitramfs_LmQYTP//conf/conf.d': Not a directory
touch: cannot touch '/var/tmp/mkinitramfs_LmQYTP/etc/fstab': No such file or directory
ln: failed to create symbolic link '/var/tmp/mkinitramfs_LmQYTP/etc/mtab': No such file or directory
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_LmQYTP/sbin’: File exists
E: /usr/share/initramfs-tools/hooks/brltty failed with return 1.
update-initramfs: failed for /boot/initrd.img-4.15.0-58-generic with 1.
dpkg: error processing package linux-firmware (--configure):
 subprocess installed post-installation script returned error exit status 1
Setting up linux-image-4.15.0-72-generic (4.15.0-72.81~16.04.1) ...
Setting up slack (1.2.1) ...
Processing triggers for initramfs-tools (0.122ubuntu8.14) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-58-generic
cp: cannot create regular file '/var/tmp/mkinitramfs_OIbFBx//lib/modules/4.15.0-58-generic/kernel/drivers/phy/samsung/phy-exynos-usb2.ko': No such file or directory
cp: cannot create regular file '/var/tmp/mkinitramfs_OIbFBx//lib/modules/4.15.0-58-generic/kernel/drivers/usb/phy/phy-generic.ko': No such file or directory
rm: cannot remove '/var/tmp/mkinitramfs_OIbFBx/lib/modules/4.15.0-58-generic/kernel/drivers': Directory not empty
cp: cannot create regular file '/var/tmp/mkinitramfs_OIbFBx/init': No such file or directory
/usr/sbin/mkinitramfs:276: no such file or directory: /var/tmp/mkinitramfs_OIbFBx/conf/arch.conf
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_OIbFBx//conf’: File exists
cp: failed to access '/var/tmp/mkinitramfs_OIbFBx//conf/conf.d': Not a directory
touch: cannot touch '/var/tmp/mkinitramfs_OIbFBx/etc/fstab': No such file or directory
ln: failed to create symbolic link '/var/tmp/mkinitramfs_OIbFBx/etc/mtab': No such file or directory
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_OIbFBx/sbin’: File exists
E: /usr/share/initramfs-tools/hooks/brltty failed with return 1.
update-initramfs: failed for /boot/initrd.img-4.15.0-58-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for linux-image-4.15.0-72-generic (4.15.0-72.81~16.04.1) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.15.0-72-generic
cp: cannot create regular file '/var/tmp/mkinitramfs_c2rv1o//lib/modules/4.15.0-72-generic/kernel/drivers/usb/phy/phy-generic.ko': No such file or directory
rm: cannot remove '/var/tmp/mkinitramfs_c2rv1o/lib/modules/4.15.0-72-generic/kernel/drivers': Directory not empty
cp: cannot create regular file '/var/tmp/mkinitramfs_c2rv1o/init': No such file or directory
/usr/sbin/mkinitramfs:276: no such file or directory: /var/tmp/mkinitramfs_c2rv1o/conf/arch.conf
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_c2rv1o//conf’: File exists
cp: failed to access '/var/tmp/mkinitramfs_c2rv1o//conf/conf.d': Not a directory
touch: cannot touch '/var/tmp/mkinitramfs_c2rv1o/etc/fstab': No such file or directory
ln: failed to create symbolic link '/var/tmp/mkinitramfs_c2rv1o/etc/mtab': No such file or directory
mkdir: cannot create directory ‘/var/tmp/mkinitramfs_c2rv1o/sbin’: File exists
E: /usr/share/initramfs-tools/hooks/brltty failed with return 1.
update-initramfs: failed for /boot/initrd.img-4.15.0-72-generic with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-4.15.0-72-generic (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 linux-firmware
 initramfs-tools
 linux-image-4.15.0-72-generic
E: Sub-process /usr/bin/dpkg returned an error code (1)


Get this bounty!!!

#StackBounty: #debian #upgrade #headless Was on Debian stable – How did I end up on Bullseye?

Bounty: 50

May be a silly question, but a remote server was down for an extended period today – when it came back up I realized the downtime was apparently due to a system upgrade, from Debian Buster (stable) to Bullseye (testing).

I’m a bit confused because I am the only superuser on this server, and I have not scheduled any kind of update in some time. I don’t run production machines on testing, and I didn’t intentionally set the system up to automatically upgrade operating system versions. I do periodically use apt to update and upgrade individual packages, but I certainly did not call for a full release upgrade.

Any obvious configuration settings I might have made to trigger this – for example, changing my apt sources unintentionally or etc.? I don’t want any more unexpected updates. (It’s a headless Minecraft server, for what it’s worth, and downtime is bad when people want to play.)


Get this bounty!!!

#StackBounty: #debian #iptables #vpn #openvpn Double hop VPN – Can only see LAN traffic, no internet

Bounty: 50

TLDR: Double-hop VPN on raspberry pi. Can ssh to and see samba shares of local devices over VPN. Can’t get internet traffic over VPN. Not sure how to proceed.

My setup is a single Raspberry pi running openvpn and pi-hole. I have two instances of openvpn:

  • server.conf – VPN host over tun-incoming. This is working, I’m able to see VPN DNS requests on pi-hole.
  • outgoing.conf – connecting to a VPN vendor over tun-outgoing. Working locally. I’m able to see a new IP.

I’m mainly following this guide: https://www.comparitech.com/blog/vpn-privacy/raspberry-pi-vpn/ The idea is I should be able to (1) ssh, see shared files, etc. on all my devices at 192.168.. on my local network and (2) have internet tunneled through the VPN vendor. The first use-case is working fine.

I have tried this per the guide:

ip rule add from 192.168.1.166 lookup 101
ip route add default via 192.168.1.1 table 101

After, I lost ability to connect SSH over ipv4.

Below are some relevant outputs:

ip route list

pi@raspberrypi2:~ $ ip route list
0.0.0.0/1 via 10.1.11.5 dev tun-outgoing
default via 192.168.1.1 dev eth0 src 192.168.1.166 metric 202
10.1.11.1 via 10.1.11.5 dev tun-outgoing
10.1.11.5 dev tun-outgoing proto kernel scope link src 10.1.11.6
10.8.0.0/24 dev tun-incoming proto kernel scope link src 10.8.0.1
128.0.0.0/1 via 10.1.11.5 dev tun-outgoing
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.166 metric 202
199.229.249.184 via 192.168.1.1 dev eth0

ip rule list

pi@raspberrypi2:~ $ ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

iptables -t nat -S

pi@raspberrypi2:~ $ sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -m comment --comment openvpn-nat-rule -j MASQUERADE

ifconfig

pi@raspberrypi2:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.166  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2604:2000:6aa0:c0d0::307  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::7a09:12ee:27ff:f6fc  prefixlen 64  scopeid 0x20<link>
        inet6 fd38:2d6b:a55b::111  prefixlen 128  scopeid 0x0<global>
        inet6 fd38:2d6b:a55b::307  prefixlen 128  scopeid 0x0<global>
        inet6 fd38:2d6b:a55b:0:3ed3:ce3b:88db:5070  prefixlen 64  scopeid 0x0<global>
        inet6 2604:2000:6aa0:c0d0:70cf:5710:52e:373e  prefixlen 64  scopeid 0x0<global>
        ether dc:a6:32:65:73:5d  txqueuelen 1000  (Ethernet)
        RX packets 48570  bytes 8636380 (8.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 55906  bytes 34181320 (32.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 331  bytes 27074 (26.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 331  bytes 27074 (26.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun-incoming: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::a8c2:d1fa:b798:f945  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 432 (432.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun-outgoing: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.1.11.6  netmask 255.255.255.255  destination 10.1.11.5
        inet6 fe80::9fe5:8e1:b1c0:86c5  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 24200  bytes 3403386 (3.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30214  bytes 29464427 (28.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether dc:a6:32:65:73:5e  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Get this bounty!!!

#StackBounty: #nginx #debian #iptables #asp.net #docker-swarm Docker Swarm and Netfilter

Bounty: 50

I have deployed a Docker Swarm server on my VPS, to handle an Asp.Net Core application. I want to serve this app through a Nginx web server.

Let’s suppose my web app is a vanilla app I created through .Net Core CLI command:

dotnet new webapp mywebapp

Dockerfile (simplified):

FROM mcr.microsoft.com/dotnet/core/sdk:3.0-alpine as builder
WORKDIR /app
COPY . .
RUN dotnet publish -c Release -o publish
WORKDIR /app/publish
ENTRYPOINT ["dotnet", "MyWebApp.dll"]

My docker-compose.yml looks like this (simplified):

version: '3'

services:
  app:
    image: edouard/mywebapp:latest
    ports:
      - 9000:80

My nginx config looks like this:

server {
    listen 443 ssl;
    server_name myservername.com;

    ssl_certificate     /path/to/ssl_certificate;
    ssl_certificate_key /path/to/ssl_certificate_key;

   location / {
        proxy_pass         http://localhost:9000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    } 

}
server {
    listen 80;
    server_name myservername.com;
    return 301 https://$host$request_uri;
}

As you can see, I use Nginx as reverse proxy server, redirecting all HTTP/HTTPS traffic from 80 and 443 ports to the local 9000 port, which Docker Swarm is mapping to the 80 port inside the container, on which a Kestrel server is running.

On https://myservername.com, everything is running fine. But here is the thing: people can also access to my web app on http://myservername.com:9000! This is something I don’t want.

I guess I have to configure the firewall so that I only allow traffic to the 80 and 443 port (taking care of letting the 22 port for SSH, etc.). I have read some tutorials to know how to do this, however, Docker Swarm is also handling the firewall!

When I launch sudo iptables -L -v:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3417  873K DOCKER-USER  all  --  any    any     anywhere             anywhere            
 3417  873K DOCKER-INGRESS  all  --  any    any     anywhere             anywhere            
   31  9043 DOCKER-ISOLATION-STAGE-1  all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     all  --  any    docker0  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  any    docker0  anywhere             anywhere            
    0     0 ACCEPT     all  --  docker0 !docker0  anywhere             anywhere            
    0     0 ACCEPT     all  --  docker0 docker0  anywhere             anywhere            
   18  7620 ACCEPT     all  --  any    docker_gwbridge  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  any    docker_gwbridge  anywhere             anywhere            
   13  1423 ACCEPT     all  --  docker_gwbridge !docker_gwbridge  anywhere             anywhere            
    0     0 DROP       all  --  docker_gwbridge docker_gwbridge  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  anywhere             anywhere            
   13  1423 DOCKER-ISOLATION-STAGE-2  all  --  docker_gwbridge !docker_gwbridge  anywhere             anywhere            
   31  9043 RETURN     all  --  any    any     anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    docker0  anywhere             anywhere            
    0     0 DROP       all  --  any    docker_gwbridge  anywhere             anywhere            
   13  1423 RETURN     all  --  any    any     anywhere             anywhere            

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 3417  873K RETURN     all  --  any    any     anywhere             anywhere            

Chain DOCKER-INGRESS (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1567  101K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:9000
 1270  698K ACCEPT     tcp  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:9000
   31  9043 RETURN     all  --  any    any     anywhere             anywhere            

How am I suppose to configure the firewall so that it doesn’t interact with Docker Swarm?
I have found some parts of answers:

However, I find it pretty complicated, and I am astonished that there is no official answer to this issue on Docker’s blogs.

Versions:

  • VPS: Debian 10.2
  • Docker Engine: 19.03.5
  • Nginx: 1.16.1
  • Iptables: 1.8.2

Thanks for your help.


Get this bounty!!!

#StackBounty: #debian #pam Why does this PAM code prevent all logins to a Debian system?

Bounty: 50

Why does adding this line to /etc/pam.d/common-auth:

auth        required      pam_tally2.so deny=4 unlock_time=1200 even_deny_root

and adding this line to /etc/pam.d/common-account:

account     required      pam_tally2.so

prevent all logins to my Debian 10 system? All of my other pam configuration files (login, common-session, and common-password are unchanged from the defaults, but I can post those too if necessary).

I’ve seen a couple of other questions that discuss pam_tally, e.g. this one, this one, and this one, but they either don’t have answers specific to pam_tally or don’t have any answers at all.

(For background, I’m trying to adapt this updated guide for Debian systems)

EDIT: The libpam-modules package is installed.


Get this bounty!!!

#StackBounty: #linux #debian #xorg How do I get out of a login loop?

Bounty: 100

I recently upgraded from Debian Jessie to Stretch and had a hard time getting X to start due to graphics conflicts. I sorted those out through a series of purge and reinstall commands and was excited to see the familiar login screen. Unfortunately for me, after I enter my password, the screen briefly blinks and I’m still at the login screen.

I can get into the system without problem on one of the other TTY but I can’t seem to get the desktop to come up.

Other things of note:

  • I have checked the .Xauthority permissions/ownership and they are fine (as are the rest of the files in my home.)
  • It doesn’t seem to matter which desktop I choose (I have Fluxbox, Gnome, and X11 options) it always comes right back.
  • The logs seem pretty clear, nothing stands out as suspect to me

Edit:
The Xorg.0.log has the following EE lines:

(EE) open /dev/dri/card0: No such file or directory
(EE) Screen 0 deleted because of no matching config section
(EE) AIGLX: reverting to software rendering

Edit2:
Home has 100G of free space, root has 2.4G

.xsession-errors is empty

Adding a new user also loops. Trying to delete that user after looping the login says the user is in use by /lib/systemd/systemd --user


Get this bounty!!!

#StackBounty: #linux #debian #udp #multicast Debian ignores second multicast packet

Bounty: 50

I have a home local network with several devices. One of devices sending multicast packets with information about some events (smart home). It works well – I’ve try to launch Multicast Tester app on my Android phone and I see all of packets which was sent by smart home device.

Also I have a server with Linux. It based on old Samsung NC10. And here is a little problem with multicast: when smart home device send two multicast packets one by one quickly, Linux server receives only the first packet and ignores the second. To check it I am using tcpdump dst port 9898 -X and I see two packets on Android and only first on Linux.

I also check the router but there is no specific settings for this server or multicasts. It looks the problem in Linux settings.

I also try to check it with watch -d "cat /proc/net/snmp | grep -w Udp":

# watch -d "cat /proc/net/snmp | grep -w Udp"

Every 2,0s: cat /proc/net/snmp | grep -w Udp                                                                                                                                                                                         BArtWell-Server: Tue Jan  7 15:36:38 2020

Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti
Udp: 252376 567 385 163222 0 0 385 9288

I am confused with IgnoredMulti number, it looks great.

How to fix this problem? How to force Linux do not ignore the second multicast packet when it was sent quickly?


Get this bounty!!!

#StackBounty: #debian #watchdog watchdog daemon unable to reset hardware watchdog timer on Supermicro X9DR3-F motherboard

Bounty: 400

I have a Supermicro X9DR3-F motherboard where JWD jumper pins 1 and 2 are shorted and watchdog functionality in UEFI is enabled:
Supermicro UEFI

This means that the system is reset after around 5 minutes if nothing resets the hardware watchdog timer. I installed the watchdog daemon and configured it to use iTCO_wdt driver:

$ cat /etc/default/watchdog 
# Start watchdog at boot time? 0 or 1
run_watchdog=1
# Start wd_keepalive after stopping watchdog? 0 or 1
run_wd_keepalive=1
# Load module before starting watchdog
watchdog_module="iTCO_wdt"
# Specify additional watchdog options here (see manpage).
$ 

When the watchdog daemon is started, then the driver is loaded without issues:

$ sudo dmesg | grep iTCO_wdt
[   17.435620] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[   17.435667] iTCO_wdt: Found a Patsburg TCO device (Version=2, TCOBASE=0x0460)
[   17.435761] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
$ 

Also, the /dev/watchdog file is present:

$ ls -l /dev/watchdog
crw------- 1 root root 10, 130 Dec  8 22:36 /dev/watchdog
$ 

watchdog-device option in watchdog daemon configuration points to this file:

$ grep -v ^# /etc/watchdog.conf 



watchdog-device    = /dev/watchdog
watchdog-timeout   = 60


interval           = 5
log-dir            = /var/log/watchdog
verbose            = yes
realtime           = yes
priority           = 1

heartbeat-file     = /var/log/watchdog/heartbeat
heartbeat-stamps   = 1000
$ 

In order to debug the writes to the watchdog device I have enabled heartbeat-file option and looks that the keepalive messages to /dev/watchdog are sent:

$ tail /var/log/watchdog/heartbeat
 1575830728
 1575830728
 1575830728
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
$ 

However, despite this the server resets itself with roughly five minute intervals.

My next thought was that maybe the iTCO_wdt driver controls the watchdog in C606 chipset and the watchdog resetting the server is instead part of IPMI. So I made sure that the iTCO_wdt driver is not loaded during the boot and rebooted the server. Fair enough, the /dev/watchdog was no longer present. Now I loaded the ipmi_watchdog module:

$ ls -l /dev/watchdog
ls: cannot access '/dev/watchdog': No such file or directory
$ sudo modprobe ipmi_watchdog
$ sudo dmesg -T | tail -1
[Tue Dec 10 21:12:48 2019] IPMI Watchdog: driver initialized
$ ls -l /dev/watchdog
crw------- 1 root root 10, 130 Dec 10 21:12 /dev/watchdog
$ 

.. and finally started the watchdog daemon which based on the /var/log/watchdog/heartbeat file is writing to /dev/watchdog with 5s interval. However, the server still reboots with roughly 300s intervals.

Why isn’t the watchdog daemon able to reset the hardware watchdog timer on Supermicro X9DR3-F motherboard?


Get this bounty!!!