Category: Technology

Frigate on ROCm in LXC container

I thought that the best option to run Frigate is to run bare metal and skip virtualization and system containers. However now situation changed a little bit as I was able to fire up Frigate on LXC container on Proxmox with little help of AMD ROCm hardware assisted video decryption.

And yes, detection crashes on ONNX and need to run on CPU instead… but video decryption works well. And even more, detection on 16 x AMD Ryzen 7 255 w/ Radeon 780M Graphics (1 Socket) works very well for almost 20 video streams (mixed H264 and H265). You can switch to Google Coral as USB device passed to the LXC container, but what for?

LXC container

You need to have the following settings:

/dev/dri/renderD128
fuse
mknod
nesting
privileged

ROCm installation

https://rocm.docs.amd.com/projects/install-on-linux/en/latest/install/quick-start.html
wget https://repo.radeon.com/amdgpu-install/7.1.1/ubuntu/noble/amdgpu-install_7.1.1.70101-1_all.deb
sudo apt install ./amdgpu-install_7.1.1.70101-1_all.deb
sudo apt update
sudo apt install python3-setuptools python3-wheel
sudo usermod -a -G render,video $LOGNAME # Add the current user to the render and video groups
sudo apt install rocm

Docker CE

# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Frigate container setup

docker run --name=frigate --privileged --volume /frigate-config:/config --volume /frigate-media:/media/frigate --expose=5000 -p 8554:8554 -p 8555:8555 -p 8555:8555/udp -p 8971:8971 --restart=unless-stopped --device /dev/dri/renderD128:/dev/dri/renderD128 --detach=true --mount type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000 --shm-size=2000m ghcr.io/blakeblackshear/frigate:stable-rocm

Frigate configuration

environment_vars:
  LIBVA_DRIVER_NAME: radeonsi
  HSA_OVERRIDE_GFX_VERSION: 10.3.0

ffmpeg:
  hwaccel_args: preset-vaapi

Further reading

https://forum.proxmox.com/threads/tutorial-run-llms-using-amd-gpu-and-rocm-in-unprivileged-lxc-container.157920/
https://github.com/blakeblackshear/frigate/discussions/5773
https://community.home-assistant.io/t/frigate-coral-usb-proxmox/752563
https://github.com/blakeblackshear/frigate/discussions/18732

PV production metering using Huawei API integrated with Fibaro HC3 as QuickApp

We are using Huawei PV installation on top of our house roof. It has web panel and application available to preview every detail about its settings and working conditions. However I would like to integrate PV power production into my Fibaro HC3. So:

First things first: create Northbound API user in web panel. Select all privileges for data acquisition.

Then grab auth token:

curl -X POST "https://eu5.fusionsolar.huawei.com/thirdData/login" \
-H "Content-Type: application/json" \
-d '{
"userName": "USERNAME",
"systemCode": "PASSWORD"
}' -v

In response you will get xsfr-token in headers data. Now using this auth token you need to get installations list (stations):

url -X POST "https://eu5.fusionsolar.huawei.com/thirdData/getStationList" \
  -H "Content-Type: application/json" \
  -H "xsrf-token: TOKEN" \
  -d '{}' -v

Now using your station ID get list of your devices:

curl -X POST "https://eu5.fusionsolar.huawei.com/thirdData/getDevList" \
-H "Content-Type: application/json" \
  -H "xsrf-token: TOKEN" \
  -d '{
"stationCodes": "NE=123456789"
}' -v

To retrieve sort of real time data you need to know your device ID from previous request:

curl -X POST "https://eu5.fusionsolar.huawei.com/thirdData/getDevRealKpi" \
-H "Content-Type: application/json" \
  -H "xsrf-token: TOKEN" \
  -d '{
"devIds": "112233445566778899",
"devTypeId":"1"
}' -v

Now you should be looking for active_power field which is your PV production power (in Watts).

Now lets say you want it in Fibaro. I went with QuickApp (Lua) as follows:

function QuickApp:onInit()
    self:debug("onInit Huawei Falownik")
    self:loop()
end

function QuickApp:loop()
    fibaro.setTimeout(1000*60*5, function() 
        self:debug("Huawei Falownik")
        self:debug("Huawei Falownik: login")
        local token   = ''
        local url     = "https://eu5.fusionsolar.huawei.com/thirdData/login"
        local payload = json.encode({userName="USERNAME",systemCode="PASSWORD"})
        net.HTTPClient():request(url, {
            options={
            data    = payload,
            method  = 'POST',
            headers = {
                ["Content-Type"] = "application/json"
            },
            timeout = tcpTimeout,
            },
            success = function(response) 
                token = response.headers['xsrf-token']
                self:debug("Huawei Falownik: getDevRealKpi")
                local url2 = "https://eu5.fusionsolar.huawei.com/thirdData/getDevRealKpi"
                local payload2 = json.encode({devIds="112233445566778899",devTypeId="1"})
                net.HTTPClient():request(url2, {
                    options={
                    data    = payload2,
                    method  = 'POST',
                    headers = {
                        ["Content-Type"] = "application/json",      
                        ["xsrf-token"]= token
                    },
                    timeout = tcpTimeout,
                    },
                    success = function(response) 
                        print(response.status) 
                        print(response.data) 
                        activepower=json.decode(response.data)['data'][1]['dataItemMap']['active_power']
                        self:updateProperty("value", activepower*1000)
                        self:debug(activepower)
                    end,
                    error = function(message)
                        print("error:", message) 
                    end 
                })
            end,
            error = function(message)
                print("error:", message)
            end 
        })
        self:loop(text)
    end)
end

Finally you can setup production meter using this QuickApp. Last thing to remember is traffic limiting on Huawei side sa request data lets say once per 5 minutes or so, otherwise you will get error message instead.

PBS: decryption failed or bad record mac

During sync between two Proxmox Backup Server instances I got “decryption failed or bad record mac” error message. So I decided to go for upgrading source PBS to match its version with target PBS.

PBS upgrade

To upgrade PBS:

apt update
apt dist-upgrade
tar czf "pbs3-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"
pbs3to4
proxmox-backup-manager versions
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list
cat > /etc/apt/sources.list.d/proxmox.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/pbs
Suites: trixie
Components: pbs-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

Get rid of bookworm sources. And then:

apt update
apt dist-upgrade
systemctl reboot

However it did not help.

Further debugging

3 things involved in this investigation.

This one:

ethtool -K eth0 tso off gro off gso off ufo off

Next disabling Suricata IDS/ISP. Did not help.

Finally I changed pfSense settings for System – Advanced – Firewall & NAT from Aggressive to Conservative:

It worked.

interface name exceeds max length of 15

networking[11980]: error: netlink: enp193s0f0np0.4001: cannot create vlan enp193s0f0np0.4001 4001: interface name exceeds max length of 15

Add “alias” to /etc/network/interfaces:

auto enp193s0f0.4001
iface enp193s0f0.4001 inet manual
vlan-raw-device enp193s0f0np0

And restart network interfaces.

Resize TrueNAS drives

Imaging you are running TrueNAS virtualized and would like to resize drive increasing its capacity.

parted /dev/sdX
resizepart 1 100%
quit

Then reboot and new size should be visible in ZFS pool. It has ability to auto expand by default.

GitLab service desk with iRedMail: details

In addition to my previous article about GitLab service desk feature with iRedMail I would like to enhance it a little bit my fixing some missing parts. Starting with connecting to PostgreSQL vmail database:

sudo -u postgres -i
\c vmail

Verifying mail server connectivity and TLS issues.

/opt/gitlab/embedded/bin/openssl s_client -connect mail.domain.com:993

GitLab (and iRedMail also) does not allow expired certificates. So be sure to have both root CA present and your certificate valid.

wget https://letsencrypt.org/certs/2024/r11.pem
cp r11.crt /usr/local/share/ca-certificates/
update-ca-certificates

And finally restarting services. Interesting part is that only Nginx do not allow placing R11 root CA before actual certificate. But placing R11 after actual certificate does the job.

service postfix restart
service dovecot restart
service nginx restart

Proxmox 7 pmxcfs failed: recovery without reboot

Failing Proxmox node and unable to access /etc/pve means that you have broken pmxcf.

killall -9 pmxcf
systemctl restart pve-cluster

Analyse which services are stuck:

ps -eo pid,stat,comm,wchan:32 | grep ' D '

Restart services:

systemctl restart pvedaemon pveproxy pvescheduler

And in case it was stuck at updating certs (on which it got stuck in my case):

pvecm updatecerts --force

In case UI is still unavailable:

systemctl restart pvedaemon pveproxy pvescheduler
systemctl restart corosync

In my case, at this point it was fine.

pfSense 2.7.2 with Realtek 2.5GbE ethernet driver

I got 2.5GbE PCI-e card, but no drivers present in pfSense installation. To list devices:

pciconf -lv

There is this Realtek network card:

re0@pci0:4:0:0:	class=0x020000 rev=0x05 hdr=0x00 vendor=0x10ec device=0x8125 subvendor=0x10ec subdevice=0x0123
    vendor     = 'Realtek Semiconductor Co., Ltd.'
    device     = 'RTL8125 2.5GbE Controller'
    class      = network
    subclass   = ethernet

But there is no driver enabled:

pkg info | grep driver
kldstat

I installed realtek-re-kmod-198.00_3 package. It was few months ago, but I am pretty sure that is was from pkg and not by downloading it from some repository manually. Finally add to /boot/loader.conf:

if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"

So you can either download from FreeBSD repository or:

pkg search realtek

Install Proxmox on Scaleway using Dell’s iDRAC

Last time (somewhere around 2023) there was an option on Scaleway to install Proxmox 7 directly from appliance. There was also possiblity to use Debian 11 and install Proxmox atop of it. This time (2024/Nov) there is no direct install and installing on Debian gives me some unexpected errors which I do not want to overcome as it should work just like that.

But there is option to use Dell’s iDRAC interface for remote access.