==== TODO ====
* Geht die Inet Verbindung verloren - und wird wiederhergeestellt - so sollen OpenVPN sich wieder verbinden
===== Raspberry Pi =====
Available Infos:
^Info^ URL^
|Wiki|http://wiki.xbmc.org/?title=Raspberry_Pi/FAQ|
|||
==== Logs ====
|OpenVPN|cat /var/log/syslog | grep VPN|
==== Accessing PI ====
The default login / password are allways:
login: **pi** \\
password: **raspberry**
^Method ^ Describtion ^
|FTP| Use a FTP client like Flezilla. Enter the IP of pi and default FTP-Port, password, login.|
|SSH| Use CLient like Putty. Enter the IP of pi and default FTP-Port, password, login.|
==== Shell Commands ====
|sudo -i| starts the raspberry configuration tool, where the hardware can be enabled or disabled|
===== Media Center =====
==== Operating System ====
Available OS, custom made for the raspberry pi. Among
* Raspbmc
* OpenElec
* Xbian
[[Raspbmc| http://www.raspbmc.com/wiki/user/frequently-asked-questions/]] is the OS of choice.
Because it is the oldest one.
Has the most support.
The most advanced level of development
==== UPNP Media Server ====
To stream the movies from the desktop / Server to the raspberry a media server is needed.
The are plently of ways to share the videos with XBMC.
* The content may be just shared "as it is", by using network shares.
* The other possibility is to use media servers. Some servers support on-the-fly transcoding, which is live converting of films in unsuported formats into supported format.
Media Servers
^Mediaserver ^ Result^ Transcoding ^
|[[PlexApp 0.9.5.4| http://www.plexapp.com/]]| Crashes on PC restart. Crashes during video play. | YES |
|Windows Media Player| Constant UPNP Streams. | NO |
Shares
^Distribution ^Mediaserver ^ Result^
|xbian |Samba | NO - Share not available |
|raspbmc |Samba | YES |
||FTP| ? |
|xbian|UPNP Windows Media Server| NO - empty List |
|raspbmc|UPNP| YES |
==== Share Desktop and Sound ====
I would like to have the ability to share the Picture and Audio with the Raspberry Pi, so that I can just play some video on the desktop (from sources unavailable for the Pi) and see teh vido on my TV.
^Option^Describtion ^ Resume ^
|VLC Video Player|
This might be possible via VLC.
By streaming the Desktop Video + Audio by using VLC.
Video might captured by using driver http://sourceforge.net/projects/screencapturer/files/
Audio ?
|
VLC does not work yet. XBMC doe not understand HTTP / RTMP Stream, shared by VLC.
|
|RTMP streaming protocol|
Open Broadcaster Sofware is a client which can stream the Desktop / Audio to a server. \\
This requires a RTMP Server. Red5 is a free server. Th streams from this server are again not recognized by the XBMC.
|
Cound not make the XBMC recognize the stream.
|
|Remote Desktop|
Using remote desktop is not possible, when using RaspBMC OS. Raspbmc OS does nto use X11 server, required to send / receive VNC pics.
It renders it's XBMC stuff itself.
|
Cound not make the XBMC recognize the stream.
|
|Windows Medias Encoder|
By creating a "broadcast live event" it was possible to stream the screen to the XBMC!
Requirenments:
* Video input: [[http://sourceforge.net/projects/screencapturer/files/|on screen capture recorder to video free]] . Here is the list of [[http://betterlogic.com/roger/2010/07/list-of-available-directshow-screen-capture-filters/|available screen capturing devices]].
* Audio input: [[http://sourceforge.net/projects/virtualaudiodev/|virtual audio capture device]] allows capturing the signal, which is translated to the boxes. It is the "what you hear" sound. [[http://betterlogic.com/roger/2010/07/how-to-setup-your-sound-system-to-record-what-you-hear/|List of available audio capturing devices]]
* [[http://www.microsoft.com/en-us/download/details.aspx?id=17792|Windows Media Encoder]] which can create a broadcast stream using the devices above.
* Windows Media Encoder encodes it's video stream using VC-1 codec. Raspberry Pi [[http://www.raspberrypi.com/vc-1-license-key/|needs a license (1,42€)]] to have the ability to play VC1.
|
**WORKS!!!**
|
|[[http://www.microsoft.com/en-us/download/details.aspx?id=27870|Microsoft Expression Encoder 4 with Service Pack 2]]|
By broadcasting the desktop it was possible to stream the screen to the XBMC!
Requirenments:
* Video input: Servce Pack 1 Version of Expression Encoder 4. It provides a video device "screen capture source" to capture the Desktop
* Audio input: [[http://sourceforge.net/projects/virtualaudiodev/|virtual audio capture device]] allows capturing the signal, which is translated to the boxes. It is the "what you hear" sound. [[http://betterlogic.com/roger/2010/07/how-to-setup-your-sound-system-to-record-what-you-hear/|List of available audio capturing devices]]
* [[http://www.microsoft.com/en-us/download/details.aspx?id=27870|Microsoft Expression Encoder 4 with Service Pack 2]] which can create a broadcast stream using the devices above.
* Windows Media Encoder encodes it's video stream using VC-1 codec. Raspberry Pi [[http://www.raspberrypi.com/vc-1-license-key/|needs a license (1,42€)]] to have the ability to play VC1.
|
**WORKS BETTER!!!**
|
===== Codec Licences =====
The licences may be [[http://www.raspberrypi.com/license-keys/|bought here]], for the raspberry to be able to play
* DVDs (mpeg2 licence)
* WMA (VC1 license)
To enter the licences via SSH - connect to the Raspberry via a SSH client, e.g. Putty and do the following:
sudo nano /boot/config.txt
{{http://i.imgur.com/viV4qyB.png}}
==== Remote Controls ====
== Per TV Remote Control==
For that the TV and the HDMI cable - should both support the CEC per HDMI.
CEC should be enabled on TV.
== Per VNC ==
THere is a possibitiy to control the raspberry completely [[remotely per VNC|http://learn.adafruit.com/adafruit-raspberry-pi-lesson-7-remote-control-with-vnc/installing-vnc]], which is like remote desktop on windows.
There are plently of VNC remote control apps to use this on mobile clients.
== Per Android App ==
https://play.google.com/store/apps/details?id=org.leetzone.android.yatsewidgetfree
== Per Browser ==
Just go enter the ip of the pi into the browser.
Previously you should install some addons, like remote control addon, to get the ability to control the pi.
=== Raspberry Pi Apps ===
==== Network speed requirenments ====
=== WLAN when streaming ===
A [[http://www.tp-link.com.de/products/details/?model=TL-WR1043ND#spec|normal router]] can pass up to **300mbps** (37Megabyte ps).
Streaming a video uses **5mbps** (0.625Megabyte ps)
{{http://i.imgur.com/hvVrJDT.png}}
{{http://i.imgur.com/jlIOdHz.png}}
==== Installing DEB ====
Howto install deb packages. As an example: RPi-Monitor
//required libs
sudo apt-get install librrds-perl libhttp-daemon-perl libhttp-daemon-ssl-perl libipc-sharelite-perl libjson-perl
//download deb package with wget
wget --no-check-certificate https://github.com/XavierBerger/RPi-Monitor-deb/raw/master/packages/rpimonitor_2.4-1_all.deb
//install deb
sudo dpkg -i rpimonitor_2.4-1_all.deb
//update the service
sudo apt-get update && sudo service rpimonitor update
//sevice available under http://127.0.0.1:8888
==== Addons ====
The XBMC can be extended with Addons.
The biggest Addons repository is http://superrepo.org/.
The addon is available here. It can be
* downloaded as **zip** (http://superrepo.org/get-started/add-the-super-repo-directory-as-source/)
* uploaded to the raspberry via FTP,
* istalled from zip.
===== Torrent Pi =====
==== Torrent-client====
Install OpenVpn, torrentclient "transmission-daemon" and
pi@torrentpi ~ $ sudo apt-get install resolvconf transmission-daemon
Configure Transmission-daemon to provide a web interface:
#stop the daemon
sudo /etc/init.d/transmission-daemon stop
#edit the settings
sudo nano /etc/transmission-daemon/settings.json
#edit
"rpc-authentication-required": false, #disable password protection for remote (web) interface
"rpc-whitelist": "127.0.0.1, *.*.*.*", # allow access from any address
#start seervice again
pi@torrentpi ~ $ sudo /etc/init.d/transmission-daemon start
The Service should be reachable through the browser, by following address: http://[RASPBERRYIP]:9091
**Change the service startup parameters**:
Open the file ///etc/default/transmission-daemon// and edit the Options line:
# Default options for daemon, see transmission-daemon(1) for more options
OPTIONS="--config-dir $CONFIG_DIR --logfile /home/pi/logs/transmission-daemon.txt -log-error -log-info -log-debug --no-portmap"
|--logfile| specifies the logfile|
|--no-portmap|disables port forwarding|
The rest op the OPTIONS is listed here: [[http://manpages.ubuntu.com/manpages/lucid/man1/transmission-daemon.1.html|http://manpages.ubuntu.com/manpages/lucid/man1/transmission-daemon.1.html]]
** Enabling or disabling transmission-web as a autostart-service **
The tool update-rc.d is used to enable / disable services. It adds/removes scripts to the folders ///etc/init.d/// and ///etc/rcX.d///
The scripts are added on different "runlevels" http://en.wikipedia.org/wiki/Runlevel
To find out on which leveles the script is autostarted do:
pi@raspberrypi /etc/transmission-daemon $ ls -l /etc/rc?.d/*transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc0.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc1.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc2.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc3.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc4.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc5.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc6.d/K02transmission-daemon -> ../init.d/transmission-daemon
// autostarted on levels 0,1,2,3,4,5,6
//disable the script
sudo update-rc.d -f transmission-daemon remove
// reenable the script on default runlevel
sudo update-rc.d transmission-daemon defaults
==== OpenVpn ====
OpenVpn documentation: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html
Install openVpn
pi@torrentpi ~ $ sudo apt-get install openvpn resolvconf transmission-daemon
Now download the config into the folder **/etc/openvpn** \\
**ibVPN-NL-Amsterdam1.ovpn** \\
**ibVPN-NL-Amsterdam1.conf** #copy of ibVPN-NL-Amsterdam1.ovpn
== 1. TestConnect ==
Use THe COnfiguration file to connect the VPN server.
If that works - the openVPN can be started as a service.
sudo openvpn --config /etc/openvpn/ibVPN-NL-Amsterdam1.ovpn
== 2. Connect via openVPN service ==
Tell openvpn service where the configuration is located. Edit the file:
sudo nano /etc/default/openvpn
And add the AUTOSTART to point to the **ibVPN-NL-Amsterdam1.conf** file. This is where the ***.conf** file is needed.
AUTOSTART="ibVPN-NL-Amsterdam1"
Now start the service
Start openvpn and check if service is runnin
sudo /etc/init.d/openvpn start
sudo /etc/init.d/openvpn status
And check the extern IP
curl ifconfig.me
== Logs ==
The logs about VPN connection can be found under
$ cat /var/log/syslog | grep VPN
==== Monit ====
The **openVPN** Service should be monitored! Should the connection be lost at some time - the connection should be restored on it's own!
The [[http://mmonit.com/monit/documentation/|monit]] seems to be a suitable tool for that!
Install monit:
sudo apt-get install monit
Configure monit to look for the openVPN service. The configurations are in file **/etc/monit/monitrc**
sudo nano /etc/monit/monitrc
Uncomment or add the following to allow connection to the monit via http://192.168.191.110:2812/ where 192.168.191.110 is the ip of the server.
set httpd port 2812 and
allow 0.0.0.0/0.0.0.0 # allow connections from any ip
== Define openvpn monitoring job ==
Once the web services are set up, you can begin to input the programs that you want monitored and protected into the **/etc/monit/monitrc** configuration file. To simply ensure that programs stay online, you can use the **/etc/init.d** commands to stop or start a program.
Find the openVpn pid (e.g. openvpn-Amsterdam1.pid) in folder
/var/run
Match the Job by a Regex, here **openvpn.*** and check teh match by doing
monit procmatch "openvpn.*"
Open file **/etc/monit/monitrc** and append a job describing entry:
check process openvpn MATCHING "openvpn.*"
start program = "/etc/init.d/openvpn start" with timeout 60 seconds
stop program = "/etc/init.d/openvpn stop"
Now you can check the syntax of the **/etc/monit/monitrc** file by doing
sudo monit -t
and if there was no output start monit:
sudo /etc/init.d/monit restart
The monit can be checked under http://RASPBERRYIP:2812/
the log is written to
nano /var/log/monit
==== Samba ====
Install stuff samba and samba tools. Open configurations.
$ sudo apt-get install samba
$ sudo apt-get install samba-common-bin
$ nano /etc/samba/smb.conf
I would like to share the folder **/shares**, so I set the rights of this folder to 777, so that everyone can do everything in there!
sudo chmod -R 777 /shares
**-R** sets the rights recursively.
Enter configs to share the folder under /shares/torrents so that everyone can enter it.
[global]
workgroup = WORKGROUP
usershare allow guests = yes
security=share
#security=user
follow symlinks = yes
wide links = no
unix extensions = no
lock directory = /var/cache/samba
[torrents]
browsable = yes
read only = no
guest ok = yes
path = /shares/torrents
force user = pi
test the parameters entered into smb.conf
$ testparm
restart teh samba service
$ sudo /etc/init.d/samba reload
==== Firewall ====
Use **Iptables** as firewall.
Configure it as following:
^Module^ Describtion^
|[[http://ipset.netfilter.org/iptables.man.html#lbAB|iptables]]|Iptables is the default firewall|
|[[https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH|owner]]|The module owner is used to allow traffic by group id |
|[[http://www.cyberciti.biz/tips/linux-iptables-4-block-all-incoming-traffic-but-allow-ssh.html|allow by port]]| Single ports may be opened for access |
|[[https://workaround.org/openvpn-faq|https://workaround.org/openvpn-faq]]| OpenVpn mini config|
== COnfiguration ==
#!/bin/sh
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow ssh on Port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
# Allow transmission-daemon rpc on Port 9091
iptables -A INPUT -p tcp --dport 9091 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9091 -j ACCEPT
# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
## open samba ports
iptables -A INPUT -p udp --dport 137:139 -j ACCEPT
iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
iptables -A OUTPUT -p udp --sport 137:139 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 137:139 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 445 -j ACCEPT
# allow connection via 1194 so that openVpn can use the network adapter
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT
# allow connections via openVPN tun and tap interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT
# make sure nothing else comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
# persist the rules after reboot. Package iptables-persistent must be installed
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'
To see the active iptables rules do sudo iptables -L -v
To remove the rule Nr. 5 in the chain INPUT do iptables -D INPUT 5
To flush all rules do
# first disable torrent client, so that it does not leak through the firewall
/etc/init.d/transmission-daemon stop
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
== Persistence ==
The ipdatbles rules are not persisted on reboot.
Do the following to install iptables restoring package:
sudo apt-get install iptables-persistent
Do the following to persist the current iptables rules:
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'
==== Mount USB ====
Enable NTFS for Raspberry:
apt-get install ntfs-3g
To list all USB devices, or all partitions do:
lsusb
sudo fdisk -l
There is a service named **udev**, which recognizes the devices in linux and maps devices to the files in the **/dev/** folder. \\
The names are typically **sda1, sdb1, sdc1 ... sca1 ...**
The service udev is able to execute rules to do something, when such a device was recognized / removed. \\
This is the point to tell linux to mount the usb device. \\
The udev rules are stored in the folder **/etc/udev/rules.d/** and have teh form ***.rules**
^^^
|Writing udev rules| http://www.reactivated.net/writing_udev_rules.html#syntax|
|Examples of udev rules| https://wiki.archlinux.de/title/Udev |
Here is an example rules file which tells udev to automount usb drives on connect:
**/etc/udev/rules.d/10-my-media-automount.rules**
# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:
#
# /etc/udev/rules.d/10-my-media-automount.rules
# usb devices are called sda1, sdb1 ...
KERNEL!="s[a-z][a-z][0-9]*", GOTO="my_media_automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="my_media_automount_end"
# import some useful filesystem info as variables
IMPORT{program}="/sbin/blkid -o udev -p %N"
# get the label if present, otherwise assign one based on device/partition. Always append the name of the device as unique id
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}-%k"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usb-%k"
# create the dir in /media and symlink it to /mnt
ACTION=="add", RUN+="/bin/mkdir -p '/media/%E{dir_name}'"
# global mount options
ACTION=="add", ENV{mount_options}="relatime"
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
# automount ntfs filesystems using ntfs-3g driver
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
# automount all other filesystems
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
# clean up after device removal
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"
# exit
LABEL="my_media_automount_end"
To reload udev after adding a new rule do
sudo udevadm control --reload-rules
==== Resuming torrents on disk mount ====
When the disk with data is plugged out - will not find the data and stop the torrents with the error
Error: No data found! Ensure your drives are connected or use "Move Data File To...
To resume the download on every USB disk mount use a script, which will be executed by **udev** on every HDD plug.
**Script:**
#!/bin/sh
/usr/bin/transmission-remote -t all --start
Execute script by udev on USB mount:
==== Pro FTP Server ====
sudo apt-get install proftpd
Open iptables ports
# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
Create the user which will be used by FTP server to access data
// create the user and usergroup
sudo useradd -d /media -m ftpuser
sudo groupadd ftpgroup
sudo usermod -a -G ftpgroup ftpuser
// set user rights for the media folder
sudo chgrp -R ftpgroup /media/
sudo chmod -R 777 /media/
append the following to the file **/etc/proftpd/proftpd.conf** for it to be anonymously accessible
User ftpuser
Group ftpgroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftpuser
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
DenyAll
== Debugging ==
At least try out connecting using telnet. Telnet will be able to connect, if
* the firewall opens port
* some application is listening to this port (running)
#telnet 192.168.191.110 to check if its accessible on port 21
telnet 192.168.191.110 21
Access FTP on ftp://192.168.191.110/
==== Backup per SSH ====
As described in https://johnatilano.com/2016/11/25/use-ssh-and-dd-to-remotely-backup-a-raspberry-pi/
ssh pi@192.168.191.24 "sudo dd if=/dev/mmcblk0 bs=1M | gzip -" | dd of=~/pibackup.gz
==== Kubernetes (k8s) on RaspberryPi ====
* Raspberry Pi Version: 3
* OS: Ubuntu Server 22.04.1 **64bit version**
=== Install OS Raspberry ===
https://360techexplorer.com/install-k3s-on-raspberry-pi/
=== Install OS Ubuntu ===
Use Ubuntu Server 22.04.1. The Current LTS version.
You can install it using Raspberry Pi Imager : https://www.raspberrypi.com/software/
In the settings of Imager you can directly define teh SSH key, to connect to the pi
{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/g21bLrn4DT.png}}
**Attention:** pick the 64bit version of Ubuntu Server. Its based on **arm64** architecture. Only for **arm64** there is a leight weighted version of **Kubernetes** available.
https://askubuntu.com/questions/1301295/ubuntu-20-04-on-raspberry-pi-4-cannot-install-microk8s
The 32bit version is based on "armhf" architecture, for which no Kubernetes is available. you will get.
error: snap "microk8s" is not available on stable for this architecture (armhf) but exists on other architectures (amd64, arm64, ppc64el)
=== Install "k3s" Kubernetes ===
http://www.armand.nz/2022/06/01/install-k3s-kubernetes-on-raspberry-pi.html
https://www.puzzle.ch/de/blog/articles/2020/10/13/k3s-on-raspberry-pi
Install k3s.
https://docs.k3s.io/quick-start
==Prerequisites for the installation==
Mount the sd-card, open the file `cmdline.txt` and append.
It enables some backward compatibility raspberry kernel modules.
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
The file `cmdline.txt`
console=serial0,115200 dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 rootwait fixrtc quiet splash
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
== Debug check success ==
Sometimes, if the above command doesn’t respond. There might be something or other wrong. Checking on the kubelet with journalctl is a good place to start looking for info.
Or maybe do a common error check
all errors
journalctl -p err -b
Sep 30 07:01:59 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:27 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:37 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:45 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:03:10 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:04:30 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
An easy enough debugging step is to run a stop and start.
==Install linux-modules-extra-raspi extra package==
Through lots of frustration, I discovered ubuntu installation were missing a kernel module that always resulted in `STATUS: NotReady` when my Kubernetes K3S was instsalled.
Only by installing this kernel module I was able to finally get my ubuntu raspberry pi modules to a `STATUS: Ready state`. Evidently, this only affects the Rasberry Pi install of Ubuntu.
On each Raspberry PI Install the `linux-modules-extra-raspi` extra package, a specific requirement for Ubuntu 21.10+ and k3s on Raspberry Pis
Run the following to install the module.
A reboot is required to take effect
sudo apt install linux-modules-extra-raspi
sudo reboot
==Setup the Master k3s Node==
The Master node’s (k8s0) initial k3s installation will serve as the control plane for our Kubernetes Cluster.
Install K3s with the flags to make sure /etc/rancher/k3s/k3s.yaml is world-readable
as in https://k3s.io/
Start installation
# seem to have been required to set ownership on configs in the past https://0to1.nl/post/k3s-kubectl-permission/
export K3S_KUBECONFIG_MODE="644"
# the command might use prev. environment variable
curl -sfL https://get.k3s.io | sh -
pi@pi2:~$ curl -sfL https://get.k3s.io | sh -
[INFO] Finding release for channel stable
[INFO] Using v1.24.6+k3s1 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.24.6+k3s1/sha256sum-arm64.txt
[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.24.6+k3s1/k3s-arm64
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
Check for Ready node, takes ~30 seconds
sudo systemctl status k3s
pi@pi2:~$ sudo systemctl status k3s
● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: e>
Active: active (running) since Wed 2022-10-05 06:46:54 UTC; 2min 7s ago
Docs: https://k3s.io
Process: 6146 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --qu>
Process: 6148 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status>
Process: 6149 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SU>
Main PID: 6150 (k3s-server)
Tasks: 119
Memory: 558.5M
CPU: 4min 13.990s
CGroup: /system.slice/k3s.service
├─6150 "/usr/local/bin/k3s server"
├─6185 containerd -c /var/lib/rancher/k3s/agent/etc/containerd/con>
├─6879 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
├─6880 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
├─6881 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
├─6882 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
├─7027 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
└─7266 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
Oct 05 06:49:01 pi2 k3s[6150]: I1005 06:49:01.422427 6150 trace.go:205] Trac>
Oct 05 06:49:01 pi2 k3s[6150]: Trace[1718652963]: ---"Object stored in database>
You can check if the master node is working. At this point, there is only one Master node
k3s kubectl get node
pi@pi2:~$ k3s kubectl get node
NAME STATUS ROLES AGE VERSION
pi2 Ready control-plane,master 12m v1.24.6+k3s1
By default, the Kubernetes API server listens on port **6443**.
You can check if the k8s server is listening on the port 6443
sudo ss -tulpn | grep :6443
pi@pi2:~$ sudo ss -tulpn | grep :6443
tcp LISTEN 0 4096 *:6443 *:* users:(("k3s-server",pid=6150,fd=16))
pi@pi2:~$ sudo ps aux | grep 6150
root 6150 53.9 52.2 1250788 484324 ? Ssl 06:46 8:15 /usr/local/bin/k3s server
pi 9717 2.0 0.1 6420 1824 pts/0 S+ 07:01 0:00 grep --color=auto 6150
pi@pi2:~$ ls /usr/local/bin/
crictl ctr k3s k3s-killall.sh k3s-uninstall.sh kubectl
==Attach worker nodes to master==
On k8s server / mater - get teh token
# NODE_TOKEN comes from /var/lib/rancher/k3s/server/node-token on your server
sudo cat /var/lib/rancher/k3s/server/node-token
pi@pi2:~$ sudo cat /var/lib/rancher/k3s/server/node-token
T10eb2811f7856b5895acac5179c6ae29787957f5289bb00737cf144ac58da851c4::server:9acae609ca530528b4bcc3219720705b
Figure out the ip of your server
ip a
The **eth0** adapter is relevant for me.
pi@pi2:~$ ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether b8:27:eb:c8:d0:18 brd ff:ff:ff:ff:ff:ff
inet 192.168.191.32/24 metric 100 brd 192.168.191.255 scope global dynamic eth0
valid_lft 82237sec preferred_lft 82237sec
inet6 fe80::ba27:ebff:fec8:d018/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b8:27:eb:9d:85:4d brd ff:ff:ff:ff:ff:ff
4: flannel.1: mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 3a:27:9b:9b:d2:5f brd ff:ff:ff:ff:ff:ff
inet 10.42.0.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
inet6 fe80::3827:9bff:fe9b:d25f/64 scope link
valid_lft forever preferred_lft forever
5: cni0: mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 2e:80:11:68:72:4e brd ff:ff:ff:ff:ff:ff
inet 10.42.0.1/24 brd 10.42.0.255 scope global cni0
valid_lft forever preferred_lft forever
inet6 fe80::2c80:11ff:fe68:724e/64 scope link
valid_lft forever preferred_lft forever
6: vethf8a47774@if2: mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether 22:9e:ba:f3:6d:7b brd ff:ff:ff:ff:ff:ff link-netns cni-afc93733-4c10-7c13-e702-e2159f2115e0
inet6 fe80::209e:baff:fef3:6d7b/64 scope link
valid_lft forever preferred_lft forever
7: veth4dd4db4c@if2: mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether 92:68:4b:e9:89:af brd ff:ff:ff:ff:ff:ff link-netns cni-520c6f0a-d043-1c4e-10cd-1877f56186fa
inet6 fe80::9068:4bff:fee9:89af/64 scope link
valid_lft forever preferred_lft forever
10: veth82490627@if2: mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether 92:49:38:ab:7a:a6 brd ff:ff:ff:ff:ff:ff link-netns cni-69a4e084-4fd7-25df-0237-d034c7549c13
inet6 fe80::9049:38ff:feab:7aa6/64 scope link
valid_lft forever preferred_lft forever
11: veth99adcc15@if2: mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether f2:a9:ea:60:33:79 brd ff:ff:ff:ff:ff:ff link-netns cni-d01d4a95-b65c-54c4-76c2-0752a4639660
inet6 fe80::50b3:2bff:fe69:7914/64 scope link
valid_lft forever preferred_lft forever
12: veth748d4e42@if2: mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether 32:16:9b:b6:f4:9f brd ff:ff:ff:ff:ff:ff link-netns cni-099b5741-6df4-3801-6694-a6357459a63d
inet6 fe80::3016:9bff:feb6:f49f/64 scope link
valid_lft forever preferred_lft forever
On a different node run the below command.
export K3S_KUBECONFIG_MODE="644"
export K3S_URL="https://192.168.191.32:6443"
export K3S_TOKEN="T10eb2811f7856b5895acac5179c6ae29787957f5289bb00737cf144ac58da851c4::server:9acae609ca530528b4bcc3219720705b"
curl -sfL https://get.k3s.io | sh -
==== Remote install of image per ssh ====
see
https://weberblog.net/reinstall-your-raspberry-over-the-network/
* Login via SSH to the system on which the image is located and read it via dd. The stdout is tunneled through SSH to the local system.
* Using pv you can see how much data is transferred. (You may need to install it with apt-get, but you can also omit this.)
* funzip extracts the first file and sends it to stdout.
* dd writes it to the SD-card.
#This will enable the reset of the Raspberry without regular commands.
echo 1 > /proc/sys/kernel/sysrq
#download image
curl -L http://downloads.raspberrypi.org/raspbian_lite_latest | funzip | dd bs=4M of=/dev/mmcblk0
# restart the pi (Sofortiger Neustart des Systems (ohne Synchronisation der Speichermedien!))
echo b > /proc/sysrq-trigger