Virgin Media FTTP Install – Fibre to the Home

Project Lightning is Virgin Media’s latest expansion of their network, potentially passing 4 million extra premises, a large portion of it will break away from the traditional hybrid fibre-coaxial network and change to radio frequency over glass and FTTP.

The installation took about 2 hours and was similar to an ordinary coaxial install, the CPE are the same as legacy installs but there’s now a larger “omnibox” that houses the incoming fibre and powered RFoG node.

Laying the microduct
Laying the microduct

The microduct contains the blown fibre, but it is only installed “spade depth” in the ground which could cause problems in the future if you were to change the surface.

Internal Wall Box - The cable on the right connects to a small power adapter which feeds power out to the RFoG node in the external wall box.
Internal Wall Box – The cable on the right connects to a small power adapter which feeds power out to the RFoG node in the external wall box.
External Wall Box
External Wall Box

The external wall box is bigger than before, it houses the fibre which is pre terminated at one end with an SP/APC connector and blown to the local distribution cabinet where it is then spliced into the rest of the fibre network.

Inside the External Wall Box - FTTP RFoG Node
Inside the External Wall Box – FTTP RFoG Node

The RFoG node is a Vector BOOSTRAL 610 (superseded by the Vector BOOSTRAL 711) Which is IP42 rated for external use, the wall box cover doesn’t have a rubber seal and slides over the wall mounted piece, time will tell if it can stand the elements!

Vector BOOSTRAL 610 Data Sheet

If you’re interested, the Virgin Media Project Lightning Developers Guide shows a lot of the technical detail that makes up the local side of the new RFoG network.

VIVID 200 Speed Test
VIVID 200 Speed Test

I went for VIVID 200, a nice upgrade over the previous FTTC which topped out at about 30Mbps, we’ll have to see how things go as more and more customers are added to the network.

If you’ve got any questions about the install, head to the comments section below.

Plesk root password recovery

I was doing a password rotation on a server the other day and for some reason it failed whilst I was updating root. Maybe the password was too long, maybe Virtuozzo doesn’t do proper validity checking but either way I lost access to root.

Luckily if you’ve still got access to a Plesk admin user you can use this to your advantage and get root access back.

First of all you need a user with SSH access, in the Plesk admin panel make sure the account is set up with ‘/bin/bash’ as the root directory and not ‘/bin/bash (chrooted)’.

SSH into the server with that users’ credentials and create two scripts, the first one:

#!/bin/bash
cp /etc/shadow /tmp/shadow.tmp;
chmod 777 /tmp/shadow.tmp;
exit;

The second:

#!/bin/bash
cp /tmp/shadow.tmp /etc/shadow;
chmod 640 /etc/shadow;
exit;

Place them in /tmp or wherever you want to run them from and name them what you like, I’ll refer to them as 1.sh and 2.sh from here on.

Give the scripts execute permissions:

chmod +x /tmp/1.sh /tmp/2.sh

Now go back to your Plesk admin panel and go to Server > Tools & Resources > Scheduled Tasks.

Search for or select the user ‘root’ and add a new task.

Enter */1 in the Minute field and * in the rest of them, in the Command field enter the path to your first script, most probably /tmp/1.sh.

Hit the OK button.

This cron job will run the first script once a minute, on the minute so wait a minute and it will have made a copy of the /etc/shadow file called /tmp/shadow.tmp, check your /tmp folder for this.

Once the file has appeared, remove the task in the Plesk admin panel so it stops copying the file every minute.

In your SSH session open /tmp/shadow.tmp in your favourite editor.

Copy the whole line for a user that you know the password of, you might want to choose the line that matches the SSH user you’re currently using as you definitely know that password.

Replace the line (most probably at the top of the file) for the root user with the one you’ve just copied and then change the username at the beginning of the line from whatever user it is to ‘root’, save your file making sure it’s still called ‘shadow.tmp’.

Now go back to the Plesk admin panel and make a new scheduled task, exactly the same configuration as before but set the command to be ‘/tmp/2.sh’.

Hit the OK button on the task and wait 1 minute for the task to run, after a minute remove the task so it doesn’t carry on running the script. If you’ve done everything right you’ll have replaced the password hash for the root user with a known password and you’ll be able to log in as root using this known password.

Once you’ve logged back in change the root password and clear up the files in your /tmp folder.

Let me know how you get on, I know the scripts could be cleaned up and consolidated but I didn’t want to use a delay so that I wasn’t rushed in making sure I’d edited the files in time, it was easier just to run two cron jobs.

Speeding up RAID migration on a Synology DS414 NAS

I’ve had a Synology DS414 NAS for a few weeks now, this post is about how to change the default settings of mdadm, the tool used to manage software RAID, to speed up the process of migrating between RAID levels.

I started out with 2 x 4Tb WD Red drives, they were configured to be a Synology Hybrid RAID (SHR) volume which dynamically changes the RAID level depending on the number of drives you assign to it.

With 2 disks it’ll run in RAID 1, mirroring the data held on the drives, add another disk and it’ll convert the volume to RAID 5, striping the data across the drives for more available space whilst adding parity information to cope with the failure of any 1 of the drives.

Adding the 3rd disk was quick and easy, the DS414 supports hot plugging devices so I just went ahead and put the new drive in, added the drive to the volume and it went ahead and expanded it.

The next part is a bit of a waiting game and depending on the size of the volume it can take a while. Because the DS414 uses software RAID, where there’s no dedicated RAID hardware, it uses the CPU of the device which isn’t the fastest.

I left it overnight and late the next day it had only done about 30%, whilst expanding volumes data is essentially at risk as the array is not redundant. The longer the process takes the longer you’re not protected against disk failure.

There are a few things you can do to speed up the process, SSH to your NAS as admin and enter the following commands (change md3 to your device):

# echo 100000 > /proc/sys/dev/raid/speed_limit_min
# echo 32768 > /sys/block/md3/md/stripe_cache_size

The first command increases the minimum “goal” rebuild speeds for when there’s non-rebuild activity. On my DS414 I never saw this go above 90000KiB.

The second command increases the stripe cache size which increases sync performance by allowing a larger cache to synchronise the read and write operations on the array.  This is only available for RAID 5 volumes and it does decrease the amount of available system RAM but I never saw 100% utilisation on the DS414.

You can monitor the process with the following command:

# cat /proc/mdstat

Once I’d changed these settings the expand operation only took another 12 hours, a total of about 35. It should also work for speeding up volume consistency checks as they both read the same config. Remember the commands above will only set those options until the NAS is rebooted.

Getting ‘eContent’ onto supervised iPads

Managing a large number of iPads can be frustrating, getting content onto them even more so. If you want to manage the applications available on the iPads, Apple Configurator is your man, if you want to manage the content on them you need to find another way to do it.

I was asked to load a self created iBook onto a number of iPads, helpfully the iBooks application doesn’t support iTunes File Sharing, a system that lets you copy files between your computer and apps on iOS devices. Other Apple apps do support it, Pages, Keynote, but not iBooks.

So I thought another way to do it would be to put the iBooks file in Dropbox, download it from Dropbox on iPad 1, open it in iBooks, backup iPad 1 (that now has the iBook installed on it) and restore it to the other iPads that need the iBook on them.

Unfortunately, for reasons not know to me this doesn’t work. The iBook appears in the iBooks application, but without the iBooks’ cover art. Tapping on the icon starts something, but after a second the icon disappears and the bookshelf goes back to being empty.

I could have gone to each iPad and logged into Dropbox to get the file on each of them, but I was trying to keep the workflow short. The method I finally came up with, still involves some manual interaction, but cuts it down.

First of all I uploaded the .ibooks file to a public facing web server, when you link to files on Dropbox it doesn’t just serve up the file immediately, you need to click on a download link first. Hosting the file on a normal web server gets rid of this step.

In Apple Configurator I created a new profile, in the profile I configured a new Web Clip, a Web Clip is just a link to a specific site or web page that creates an icon on the home screen.

Apple Configurator - Web Clip
Apple Configurator – Web Clip

The title can be anything, the URL is the link to the file you uploaded earlier. I left all the other settings, hit Save and applied the profile to all the devices that needed the iBook.

On each device all I had to do was tap the new icon on the home screen, it opens Safari and navigates to my .ibooks file on the webserver, it gives the option of opening the file in the iBooks application and that’s it, the iBook is saved to the application.

Once the iBook is on the device you’ll want to remove the profile from the devices to remove the icon from the home screen.

Whilst it’s more difficult to get iBooks content onto devices via Apple Configurator, Adobe Acrobat Reader does support iTunes File Sharing so you could drop PDF files onto the devices fairly easily but we specifically needed iBooks support.

Apple Configurator 1.4, iOS 7 and Eduroam

Today I sat down to configure a set of Apple iPads to connect to our institutional Wi-Fi network, we use eduroam based around a WPA2 setup.

For anyone who has already used Apple Configurator you’ll know it’s pretty straight forward. Enter a few network details, give it a certificate if needed, save and refresh your devices.

It didn’t go as easy as that. I’d previously setup an Apple TV to connect to the network so I knew I could use Apple Configurator to do what I needed, I went about entering the network details, SSID, Security Type, Protocols and Trusts etc. But whenever I pushed the profiles to the devices they wouldn’t connect to the wireless network.

Apple Configurator
Apple Configurator – Getting the right settings for Eduroam

It all came down to the Security Type setting, although we use WPA2 Enterprise it didn’t seem to like that option and only when (3 hours later) I tried Any (Enterprise) did it actually work.