iiab-footprint [iiab-diagnostics to speed up remote support of networks especially?]

[georgejhunt]

Responds to #1575
Creates a more automated means of gathering together network settings, and communicating them back to developers.

[holta]

@mikkokotila & @jvonau can you review this PR from @georgejhunt? Towards implementing:

#1575 More automated reporting of networking/similar issues

[holta]

@georgejhunt email sent to xsce-devel@googlegroups.com (Google Groups) seems to disappear rather than notifying any of us (even mailing list administrators!) regarding these emails from non-subscribers :-(

Possibly Groups.io is far better (this is basically a clone of Group Groups mailing lists, with better community functionality...and a business model that's just as unclear?)

Conclusion: recommending folks send email to bugs (AT) iiab.io would seem to be far better for now — these emails are received and triaged by @floydianslips & I for now.

[holta]

Should we recommend apt install pastebinit and then something like pastebinit /etc/iiab/footprint/footprint.tgz to greatly streamline this for many people?

[georgejhunt]

When I tried pastebinit, I got an error message indicating something about utf8, and I concluded that the end points only wanted to deal with ascii. Targz format is really binary.

…

On Mon, Apr 15, 2019 at 11:22 AM A Holt ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In scripts/footprint_features.md <#1596 (comment)>: > +7. netstat -rn (routing table) +8. netstat -natp (which services have which ports) +9. iiab-install.log +10. iiab-debug.log +11. iiab-network.log +12. all ansible variables + +contents of following directories: + +1. /etc/network/interfaces.d (and interfaces) +2. /etc/sysconfig/network-scripts/if-cfg* +3. /etc/NetworkManager/system-connections +4. /etc/systemd/network/ + +#### Suggested Usage #### +1. Use a FAT formatted USB stick (FAT format is recognized by both Windows and Mac) to move /etc/iiab/footprint/<footprint.tgz> to a machine that has internet access and a browser. Should we recommend apt install pastebinit and then something like pastebinit /etc/iiab/footprint/footprint.tgz to greatly streamline this for many people? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1596 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB04HEhJdBvEnILvY8_rkef-AisvmsVlks5vhMNjgaJpZM4cwh0w> .

[georgejhunt]

Reading more on pastebinit, there is a set of helpers, pbput, and pbget, which encodes, and compresses. I think that might be sufficient.

…

On Mon, Apr 15, 2019 at 11:25 AM George Hunt ***@***.***> wrote: When I tried pastebinit, I got an error message indicating something about utf8, and I concluded that the end points only wanted to deal with ascii. Targz format is really binary. On Mon, Apr 15, 2019 at 11:22 AM A Holt ***@***.***> wrote: > ***@***.**** commented on this pull request. > ------------------------------ > > In scripts/footprint_features.md > <#1596 (comment)>: > > > +7. netstat -rn (routing table) > +8. netstat -natp (which services have which ports) > +9. iiab-install.log > +10. iiab-debug.log > +11. iiab-network.log > +12. all ansible variables > + > +contents of following directories: > + > +1. /etc/network/interfaces.d (and interfaces) > +2. /etc/sysconfig/network-scripts/if-cfg* > +3. /etc/NetworkManager/system-connections > +4. /etc/systemd/network/ > + > +#### Suggested Usage #### > +1. Use a FAT formatted USB stick (FAT format is recognized by both Windows and Mac) to move /etc/iiab/footprint/<footprint.tgz> to a machine that has internet access and a browser. > > Should we recommend apt install pastebinit and then something like pastebinit > /etc/iiab/footprint/footprint.tgz to greatly streamline this for many > people? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#1596 (review)>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/AB04HEhJdBvEnILvY8_rkef-AisvmsVlks5vhMNjgaJpZM4cwh0w> > . >

[georgejhunt]

Yes pastebinit, with the two helpers, works fine! I added the contents of /etc/rpi-issue, which gives the date of the image, and whether lite or desktop to http://paste.ubuntu.com/p/xjNBbrKBFx/. The used pbget with that url. It put the unencoded file into /tmp/etc/iiab/footprint/ which seemed fine.

…

On Mon, Apr 15, 2019 at 11:33 AM George Hunt ***@***.***> wrote: Reading more on pastebinit, there is a set of helpers, pbput, and pbget, which encodes, and compresses. I think that might be sufficient. On Mon, Apr 15, 2019 at 11:25 AM George Hunt ***@***.***> wrote: > When I tried pastebinit, I got an error message indicating something > about utf8, and I concluded that the end points only wanted to deal with > ascii. Targz format is really binary. > > On Mon, Apr 15, 2019 at 11:22 AM A Holt ***@***.***> wrote: > >> ***@***.**** commented on this pull request. >> ------------------------------ >> >> In scripts/footprint_features.md >> <#1596 (comment)>: >> >> > +7. netstat -rn (routing table) >> +8. netstat -natp (which services have which ports) >> +9. iiab-install.log >> +10. iiab-debug.log >> +11. iiab-network.log >> +12. all ansible variables >> + >> +contents of following directories: >> + >> +1. /etc/network/interfaces.d (and interfaces) >> +2. /etc/sysconfig/network-scripts/if-cfg* >> +3. /etc/NetworkManager/system-connections >> +4. /etc/systemd/network/ >> + >> +#### Suggested Usage #### >> +1. Use a FAT formatted USB stick (FAT format is recognized by both Windows and Mac) to move /etc/iiab/footprint/<footprint.tgz> to a machine that has internet access and a browser. >> >> Should we recommend apt install pastebinit and then something like pastebinit >> /etc/iiab/footprint/footprint.tgz to greatly streamline this for many >> people? >> >> — >> You are receiving this because you were mentioned. >> Reply to this email directly, view it on GitHub >> <#1596 (review)>, >> or mute the thread >> <https://github.com/notifications/unsubscribe-auth/AB04HEhJdBvEnILvY8_rkef-AisvmsVlks5vhMNjgaJpZM4cwh0w> >> . >> >

[holta]

Earlier this week @tim-moody wrote that something like iiab-diagnostics would be a more meaningful name. I tend to agree.

[holta]

It seems likely we should merge this during Thursday's 10AM EDT community call (http://minutes.iiab.io).

We call always revise it later, as nec!

[holta]

@georgejhunt I may have overlooked something, but can you make sure these 2 critical files are both included?

• /etc/iiab/local_vars.yml
• /etc/iiab/openvpn_handle

CLARIF: the 2 files above often get out of sync, so it's critical that both be recorded!

[holta]

Suggested change

	echo "stage 2 = lite; stage 3 = desktop"
	echo "stage2 = lite; stage5 = desktop; SEE github.com/RPi-Distro/pi-gen#stage-anatomy"

[holta]

Suggested change

	echo "cat iiab_ini_file "
	echo "/etc/iiab/iiab.ini"

[holta]

@georgejhunt the output of these 2 commands is also necessary:

• systemctl status dnsmasq
• journalctl -u dnsnasq

REASON: different kinds of dnsmasq failures occur constantly on new installations, for a myriad different reasons of varying hardware, varying distros, varying network topologies, varying upstream/downstream patches — the list goes on.

Solving these existential quagmires 10X more efficiently (with more data, during that very first call/contact) is frankly THE only way forward for us — to establish progressively more trusted+understandable baseline infrastructure — stepping it up for implementers in all countries, one month at a time.

QUESTION: how can we make each of these reports viewable on a smartphone (not just .tgz) for strong support volunteers like Jerry, who are unable to use a full computer, while at work and on the road?

[georgejhunt]

https://apkpure.com/androzip%E2%84%A2-free-file-manager/com.agilesoftresource

…

On Thu, May 9, 2019 at 12:46 AM A Holt ***@***.***> wrote: @georgejhunt <https://github.com/georgejhunt> the output of these 2 commands is also necessary: - systemctl status dnsmasq - journalctl -u dnsnasq REASON: different kinds of dnsmasq failures occur constantly on new installations, for a myriad different reasons of varying hardware, varying distros, varying network topologies, varying upstream/downstream patches — the list goes on. Solving these existential quagmires 10X more efficiently *(with more data, during that very first call/contact)* is frankly THE only way realistic for us to establish trusted+understandable baseline infrastructure. QUESTION: how can we make each of these reports viewable on a smartphone (not just .tgz) for strong support volunteers like Jerry, who are unable to use a full computer, while at work and on the road? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1596 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAOTQHA5BYJBZHFYIA2VA2DPUPJF7ANCNFSM4HGCDUYA> .

[holta]

https://apkpure.com/androzip%E2%84%A2-free-file-manager/com.agilesoftresource

That's one option. But I remain quite concerned this will structurally lower Internet-in-a-Box's global volunteerism rate, unintentionally preventing informal civic communications, in a world that's no longer centered around vi as in times past.

WHAT WE NEED: short URL's that can be passed around on universally global platforms like Facebook, WhatsApp & Skype, so bug reports are not accidentally silo'd and bureaucratized.

An organic and potentially exponentially increasing community interest in solving the bugs that are most centrally affecting hundreds/thousands around the planet is a target we should not shy away from~

[holta]

FYI collecting the [bug] reporter's email address might need to be done thru a separate channel.

For both legal reasons (we don't want IIAB to be illegal in Europe under GDPR).

And also to make an organic IIAB Global Community of grassroots field reports broadly possible — in a truly participatory way — rather than accidentally walling ourselves off from globally popular / contemporary platforms.

[holta]

cat /.iiab-image command will fail when /.iiab-image does not exist, as is often the case.

Wrap it in a bash if statement presumably?

[georgejhunt]

a lot of other cat'd files do not exist. The set -e is not active

…

On Thu, May 9, 2019 at 10:07 AM A Holt ***@***.***> wrote: @holta commented on this pull request. ________________________________ In scripts/iiab-diagnostics: > @@ -98,6 +98,18 @@ echo "/usr/bin/iiab-gen-iptable" cat /usr/bin/iiab-gen-iptables echo echo "==========================================================" +echo "/.iiab-image" +cat /.iiab-image cat /.iiab-image command will fail when /.iiab-image does not exist, as is often the case. Wrap it in a bash if statement presumably? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[holta]

#1744 with #1702 have illustrated a few problems we still need to resolve:

• the emerging iiab-diagnostics command definitely also needs to include /etc/iiab/config_vars.yml which shows Admin Console settings / configs

• the pastebinit command tragically fails on illegal characters as shown in IIAB-CMDSRV failed to initialize #1741 and nameserver setting [with static IP address] #1744.

  • Background: vi-readable output is fine for a some hackers but human-readable output within pastebin URL's is needed as that is rapidly actionable by all (e.g. phone users in the developing-developer-world etc, assorted folks who assist in troubleshooting/debugging). So possibly we will need to refine (or modify) our use of the pastebinit command, so that it stops choking so often, when it inevitably encounters odd characters...

[holta]

So many issues like #1744 are a great reminder that the iiab-diagnostics command should work even (especially!) at times when DNS is not working on the IIAB in question.

Specifically: whatever commands (similar to pastebinit) that we use in the end, should be tested to be resilient and work as well as possible even when DNS is not working.

As even in 2019, DNS inevitably keeps failing for countless different reasons, in the low-budget / low-bandwidth situations where we work especially... !

Related: #1687 #1747 #1749 (etc)

[holta]

@georgejhunt as discussed during the call today (http://minutes.iiab.io) you might consider something like more /etc/iiab/iiab.env /etc/iiab/iiab.ini /etc/iiab/local_vars.yml | pastebinit to place a reasonably complete header above each file, as follows?

::::::::::::::
/etc/iiab/iiab.env
::::::::::::::
bla
bla
::::::::::::::
/etc/iiab/iiab.ini
::::::::::::::
bla
bla
bla
::::::::::::::
/etc/iiab/local_vars.yml
::::::::::::::
bla
bla
bla
bla

i.e. the more command is one decent way to put a complete path+filename above each file, without having to program that up yourself.

[georgejhunt]

That's pretty slick. I had always used less. But more is more.

…

On Thu, Jun 20, 2019 at 1:30 PM A Holt ***@***.***> wrote: @georgejhunt <https://github.com/georgejhunt> as discussed during the call today, you might consider something like more /etc/iiab/iiab.env /etc/iiab/iiab.ini /etc/iiab/local_vars.yml | pastebinit to place a reasonably complete header above each file, as follows? :::::::::::::: /etc/iiab/iiab.env :::::::::::::: bla bla :::::::::::::: /etc/iiab/iiab.ini :::::::::::::: bla bla bla :::::::::::::: /etc/iiab/local_vars.yml :::::::::::::: bla bla bla bla i.e. the more command is one decent way to put a complete path+filename above each file, without having to program that up yourself. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1596?email_source=notifications&email_token=AAOTQHBPC6SLW6GL62JHEFDP3PSH3A5CNFSM4HGCDUYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYGQZ3I#issuecomment-504171757>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAOTQHGILRDGJAFWKQDCCW3P3PSH3ANCNFSM4HGCDUYA> .

[holta]

@georgejhunt if pastebinit proves too brittle (i.e. if it keeps choking on certain 'illegal' characters, and I've seen other errors issued by pastebinit too) are there other pastebin tools like https://gist.github.com that (might!) be more resilient?

FWIW gist.github.com supports anonymous and intentionally-privacy-conscious snippet posting (apparently) better than most advertising-driven pastebin sites.

But I'm not familiar enough with it to know for sure:

https://www.labnol.org/internet/github-gist-tutorial/28499/
https://stackoverflow.com/questions/6767518/what-is-the-difference-between-github-and-gist

Or, if in the end the pastebinit command is unavoidable, e.g. if it's well-supported across many Linux distros, perhaps we just need to run a sed/awk filter to clean out the illegal characters, before piping to whatever-pastebin-tool appears most future-proof ?

(Such sed/awk scripts must be very standard if nec!)

[georgejhunt]

Please examine this paste for what is wanted:
http://paste.ubuntu.com/p/n6HRBb8vMP/

[holta]

Please examine this paste for what is wanted:
http://paste.ubuntu.com/p/n6HRBb8vMP/

Consider these 7 ideas/recommendations to evolve on that?

1. Please include strong-visual-line-breaks before and after each header, perhaps something like:

=IIAB=====================================================
/etc/iiab/iiab.env
-IIAB-----------------------------------------------------
bla
bla
=IIAB=====================================================
/opt/iiab/iiab/iiab-network.log -- last 50 lines
-IIAB-----------------------------------------------------
bla
bla
=IIAB=====================================================
/sbin/ip a
-IIAB-----------------------------------------------------
bla
bla
=IIAB=====================================================
/bin/netstat -rn    # routing table
-IIAB-----------------------------------------------------
bla
bla
=IIAB=====================================================
/etc/network/interfaces -- directory contents follow...
-IIAB-----------------------------------------------------
bla
bla

2. As above, please do include the full path to all files & commands run if possible? So we make the diagnostic process inclusive and crystal clear to the OP (original poster) and to community support volunteers learning the ropes.

   So we too stay on top of ever-changing OS quirks during the ever-exhausting-for-everyone-involved debugging/troubleshooting process. Clean tools take the edge off, and accelerate this painful but necessary work.

   Posting paths that contain 'bin' or 'sbin' or '/usr/bin/iiab-*' is also a great way to succinctly make obvious that what follows is that command's output — rather than a file's contents.

   Education is an incredibly messy business: but the more we support community support volunteers of every kind, the more IIAB will scale, as they begin to support others using vivid troubleshooting tools like this one.

3. The output should clearly differentiate between an empty file and a non-existent file. In plain English if possible ("FILE DOES NOT EXIST" or some such, to avoid all ambiguity?)

4. Some might argue that we should include 100 (not 50) last lines of log files, in general in 2019? I don't know. 50 lines might well be enough for now. We can easily change this later as pragmatic use/usability patterns become clear.

   And/or soup things up by posting (a) the number of lines contained in each file, or (b) posting the line numbers on the left of file contents — if the chosen pastebin site could be made to cooperate, etc — as such, those more advanced things can wait.

5. https://github.com/georgejhunt/iiab/blob/netdiag/scripts/iiab-diagnostics#L72 incorrectly shows "stage 3". It should say:

echo "stage2 = lite; stage5 = desktop SEE github.com/RPi-Distro/pi-gen#stage-anatomy"

6. This one's harder but just as real. Pushing for email addresses and publishing them (without a take-down procedure, etc) can be a serious violation of EU law. IIAB would be wise not to make itself illegal across most all of Europe. EU law (and other laws) give people the fundamental right to demand take-down of any PII (personal identifiable information) about them.

   IIAB's community itself expects/deserves privacy to be handled more methodically than this in my opinion, regardless of the law. Quite aside from the law, it's considered extremely disrespectful to web-publish someone's email address in 2019, no matter whether you live in the EU or not.

   Related: Even publishing a person's public IP address (which their IIAB could very easily do!) starts to become increasingly more and more dangerous. In 2019, we can no longer ignore core/humanitarian principles of (a) data minimization and (b) personal info being de-identified (or stored in a very different place, e.g. a proper CRM for community relationship mgmt) for ethical, legal, and security reasons. In short if IIAB develops a reputation for hurting peoples' privacy — even accidentally — that will tarnish everything we've done, and permanently.

   Instead: IIAB should take a leadership position in handling privacy in more innovative/subtle/thoughtful ways, in 2019 especially — whether our community product is used in refugee camps, dictatorial regimes — or wherever!

7. There are typos like https://github.com/georgejhunt/iiab/blob/netdiag/scripts/iiab-diagnostics#L93 but these visual cleanups will become obvious as this incredibly valuable tool converges & takes root, responsive to IIAB communities' diverse & growing need for understandable & empowering troubleshooting paths...

[holta]

@georgejhunt should this PR be closed in favor of PR #1757 ?

[georgejhunt]

yes

…

On Fri, Jun 21, 2019 at 8:53 AM A Holt ***@***.***> wrote: @georgejhunt <https://github.com/georgejhunt> should this PR be closed in favor of PR #1757 <#1757> ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1596?email_source=notifications&email_token=AAOTQHE4CMYOPVNCQMSTVM3P3T2Q7A5CNFSM4HGCDUYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYI3G2Q#issuecomment-504476522>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAOTQHABYZB6OZPESZO4VMTP3T2Q7ANCNFSM4HGCDUYA> .