Tohuwabohu excorcism

• Geht die Inet Verbindung verloren - und wird wiederhergeestellt - so sollen OpenVPN sich wieder verbinden

Available Infos:

The default login / password are allways:

login: pi
password: raspberry

Available OS, custom made for the raspberry pi. Among

• Raspbmc
• OpenElec
• Xbian

http://www.raspbmc.com/wiki/user/frequently-asked-questions/ is the OS of choice. Because it is the oldest one. Has the most support. The most advanced level of development

To stream the movies from the desktop / Server to the raspberry a media server is needed. The are plently of ways to share the videos with XBMC.

• The content may be just shared “as it is”, by using network shares.
• The other possibility is to use media servers. Some servers support on-the-fly transcoding, which is live converting of films in unsuported formats into supported format.

Media Servers

Shares

I would like to have the ability to share the Picture and Audio with the Raspberry Pi, so that I can just play some video on the desktop (from sources unavailable for the Pi) and see teh vido on my TV.

The licences may be bought here, for the raspberry to be able to play

• DVDs (mpeg2 licence)
• WMA (VC1 license)

To enter the licences via SSH - connect to the Raspberry via a SSH client, e.g. Putty and do the following:

sudo nano /boot/config.txt

For that the TV and the HDMI cable - should both support the CEC per HDMI. CEC should be enabled on TV.

THere is a possibitiy to control the raspberry completely http://learn.adafruit.com/adafruit-raspberry-pi-lesson-7-remote-control-with-vnc/installing-vnc, which is like remote desktop on windows.

There are plently of VNC remote control apps to use this on mobile clients.

https://play.google.com/store/apps/details?id=org.leetzone.android.yatsewidgetfree

Just go enter the ip of the pi into the browser. Previously you should install some addons, like remote control addon, to get the ability to control the pi.

A normal router can pass up to 300mbps (37Megabyte ps). Streaming a video uses 5mbps (0.625Megabyte ps)

Howto install deb packages. As an example: RPi-Monitor

//required libs
sudo apt-get install librrds-perl libhttp-daemon-perl libhttp-daemon-ssl-perl libipc-sharelite-perl libjson-perl

//download deb package with wget
 wget --no-check-certificate https://github.com/XavierBerger/RPi-Monitor-deb/raw/master/packages/rpimonitor_2.4-1_all.deb

//install deb
sudo dpkg -i rpimonitor_2.4-1_all.deb

//update the service
sudo apt-get update && sudo service rpimonitor update 

//sevice available under http://127.0.0.1:8888 

The XBMC can be extended with Addons. The biggest Addons repository is http://superrepo.org/.

The addon is available here. It can be

• downloaded as zip (http://superrepo.org/get-started/add-the-super-repo-directory-as-source/)
• uploaded to the raspberry via FTP,
• istalled from zip.

Install OpenVpn, torrentclient “transmission-daemon” and

pi@torrentpi ~ $ sudo apt-get install resolvconf transmission-daemon

Configure Transmission-daemon to provide a web interface:

#stop the daemon
sudo /etc/init.d/transmission-daemon stop

#edit the settings
sudo nano /etc/transmission-daemon/settings.json

#edit
"rpc-authentication-required": false, #disable password protection for remote (web) interface
"rpc-whitelist": "127.0.0.1, *.*.*.*", # allow access from any address

#start seervice again
pi@torrentpi ~ $ sudo /etc/init.d/transmission-daemon start

The Service should be reachable through the browser, by following address: http://[RASPBERRYIP]:9091

Change the service startup parameters:

Open the file /etc/default/transmission-daemon and edit the Options line:

# Default options for daemon, see transmission-daemon(1) for more options
OPTIONS="--config-dir $CONFIG_DIR --logfile /home/pi/logs/transmission-daemon.txt -log-error -log-info -log-debug --no-portmap"

The rest op the OPTIONS is listed here: http://manpages.ubuntu.com/manpages/lucid/man1/transmission-daemon.1.html

Enabling or disabling transmission-web as a autostart-service

The tool update-rc.d is used to enable / disable services. It adds/removes scripts to the folders /etc/init.d/ and /etc/rcX.d/

The scripts are added on different “runlevels” http://en.wikipedia.org/wiki/Runlevel

To find out on which leveles the script is autostarted do:
pi@raspberrypi /etc/transmission-daemon $ ls -l /etc/rc?.d/*transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc0.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc1.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc2.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc3.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc4.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc5.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc6.d/K02transmission-daemon -> ../init.d/transmission-daemon

// autostarted on levels 0,1,2,3,4,5,6

//disable the script
 sudo update-rc.d -f transmission-daemon remove

// reenable the script on default runlevel
sudo update-rc.d transmission-daemon defaults

OpenVpn documentation: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

Install openVpn

pi@torrentpi ~ $ sudo apt-get install openvpn resolvconf transmission-daemon

Now download the config into the folder /etc/openvpn
ibVPN-NL-Amsterdam1.ovpn
ibVPN-NL-Amsterdam1.conf #copy of ibVPN-NL-Amsterdam1.ovpn

Use THe COnfiguration file to connect the VPN server. If that works - the openVPN can be started as a service.

sudo openvpn --config /etc/openvpn/ibVPN-NL-Amsterdam1.ovpn

Tell openvpn service where the configuration is located. Edit the file:

sudo nano /etc/default/openvpn

And add the AUTOSTART to point to the ibVPN-NL-Amsterdam1.conf file. This is where the *.conf file is needed.

AUTOSTART="ibVPN-NL-Amsterdam1"

Now start the service Start openvpn and check if service is runnin

sudo /etc/init.d/openvpn start
sudo /etc/init.d/openvpn status

And check the extern IP

curl ifconfig.me

The logs about VPN connection can be found under

$ cat /var/log/syslog | grep VPN

The openVPN Service should be monitored! Should the connection be lost at some time - the connection should be restored on it's own!

The monit seems to be a suitable tool for that!

Install monit:

 sudo apt-get install monit 

Configure monit to look for the openVPN service. The configurations are in file /etc/monit/monitrc

 sudo nano /etc/monit/monitrc 

Uncomment or add the following to allow connection to the monit via http://192.168.191.110:2812/ where 192.168.191.110 is the ip of the server.

 set httpd port 2812 and
    allow 0.0.0.0/0.0.0.0        # allow connections from any ip

Once the web services are set up, you can begin to input the programs that you want monitored and protected into the /etc/monit/monitrc configuration file. To simply ensure that programs stay online, you can use the /etc/init.d commands to stop or start a program.

Find the openVpn pid (e.g. openvpn-Amsterdam1.pid) in folder

/var/run

Match the Job by a Regex, here openvpn.* and check teh match by doing

monit procmatch "openvpn.*"

Open file /etc/monit/monitrc and append a job describing entry:

check process openvpn MATCHING "openvpn.*"
    start program = "/etc/init.d/openvpn start" with timeout 60 seconds
    stop program  = "/etc/init.d/openvpn stop"

Now you can check the syntax of the /etc/monit/monitrc file by doing

sudo monit -t

and if there was no output start monit:

sudo /etc/init.d/monit restart

The monit can be checked under http://RASPBERRYIP:2812/

the log is written to

 nano /var/log/monit

Install stuff samba and samba tools. Open configurations.

$ sudo apt-get install samba
$ sudo apt-get install samba-common-bin
$ nano /etc/samba/smb.conf

I would like to share the folder /shares, so I set the rights of this folder to 777, so that everyone can do everything in there!

sudo chmod -R 777 /shares

-R sets the rights recursively.

Enter configs to share the folder under /shares/torrents so that everyone can enter it.

[global]
    workgroup = WORKGROUP
    usershare allow guests = yes
    security=share
    #security=user
    follow symlinks = yes
    wide links = no
    unix extensions = no
    lock directory = /var/cache/samba
[torrents]
    browsable = yes
    read only = no
    guest ok = yes
    path = /shares/torrents
    force user = pi

test the parameters entered into smb.conf

$ testparm 

restart teh samba service

$ sudo /etc/init.d/samba reload

Use Iptables as firewall. Configure it as following:

#!/bin/sh

# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow ssh on Port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

# Allow transmission-daemon rpc on Port 9091
iptables -A INPUT -p tcp --dport 9091 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9091 -j  ACCEPT



# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT


## open samba ports
iptables -A INPUT -p udp --dport 137:139 -j ACCEPT 
iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT 
iptables -A INPUT -p tcp --dport 445 -j ACCEPT 
iptables -A OUTPUT -p udp --sport 137:139 -j ACCEPT 
iptables -A OUTPUT -p tcp --sport 137:139 -j ACCEPT 
iptables -A OUTPUT -p tcp --sport 445 -j ACCEPT 


# allow connection via 1194 so that openVpn can use the network adapter
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT
# allow connections via openVPN tun and tap interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT


# make sure nothing else comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP


# persist the rules after reboot. Package iptables-persistent must be installed
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'

To see the active iptables rules do

sudo iptables -L -v

To remove the rule Nr. 5 in the chain INPUT do

iptables -D INPUT 5

To flush all rules do

# first disable torrent client, so that it does not leak through the firewall
/etc/init.d/transmission-daemon stop

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

The ipdatbles rules are not persisted on reboot.

Do the following to install iptables restoring package:

sudo apt-get install iptables-persistent

Do the following to persist the current iptables rules:

sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'

Enable NTFS for Raspberry:

apt-get install ntfs-3g

To list all USB devices, or all partitions do:

lsusb
sudo fdisk -l

There is a service named udev, which recognizes the devices in linux and maps devices to the files in the /dev/ folder.
The names are typically sda1, sdb1, sdc1 … sca1 …

The service udev is able to execute rules to do something, when such a device was recognized / removed.
This is the point to tell linux to mount the usb device.
The udev rules are stored in the folder /etc/udev/rules.d/ and have teh form *.rules

Here is an example rules file which tells udev to automount usb drives on connect: /etc/udev/rules.d/10-my-media-automount.rules

# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:
#
# /etc/udev/rules.d/10-my-media-automount.rules

# usb devices are called sda1, sdb1 ...
KERNEL!="s[a-z][a-z][0-9]*", GOTO="my_media_automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="my_media_automount_end"

# import some useful filesystem info as variables
IMPORT{program}="/sbin/blkid -o udev -p %N"

# get the label if present, otherwise assign one based on device/partition. Always append the name of the device as unique id
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}-%k"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usb-%k"

# create the dir in /media and symlink it to /mnt
ACTION=="add", RUN+="/bin/mkdir -p '/media/%E{dir_name}'"

# global mount options
ACTION=="add", ENV{mount_options}="relatime"
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat) 
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"

# automount ntfs filesystems using ntfs-3g driver
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
# automount all other filesystems
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"

# clean up after device removal
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"

# exit
LABEL="my_media_automount_end"

To reload udev after adding a new rule do

sudo udevadm control --reload-rules

When the disk with data is plugged out - will not find the data and stop the torrents with the error

Error: No data found! Ensure your drives are connected or use "Move Data File To...

To resume the download on every USB disk mount use a script, which will be executed by udev on every HDD plug.

Script:

#!/bin/sh
/usr/bin/transmission-remote -t all --start

Execute script by udev on USB mount:

sudo apt-get install proftpd

Open iptables ports

# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

Create the user which will be used by FTP server to access data

// create the user and usergroup
sudo useradd -d /media -m ftpuser
sudo groupadd ftpgroup
sudo usermod -a -G ftpgroup ftpuser


// set user rights for the media folder
sudo chgrp -R ftpgroup /media/
sudo chmod -R 777 /media/

append the following to the file /etc/proftpd/proftpd.conf for it to be anonymously accessible

<Anonymous ~ftpuser>
  User				ftpuser
  Group				ftpgroup

 # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftpuser

 # Limit the maximum number of anonymous logins
 MaxClients			10

 # We want 'welcome.msg' displayed at login, and '.message' displayed
 # in each newly chdired directory.
 DisplayLogin			welcome.msg
 DisplayChdir			.message

 # Limit WRITE everywhere in the anonymous chroot
 <Limit WRITE>
   DenyAll
 </Limit>
</Anonymous>

At least try out connecting using telnet. Telnet will be able to connect, if

• the firewall opens port
• some application is listening to this port (running)

#telnet 192.168.191.110 to check if its accessible on port 21
telnet 192.168.191.110 21

Access FTP on ftp://192.168.191.110/

As described in https://johnatilano.com/2016/11/25/use-ssh-and-dd-to-remotely-backup-a-raspberry-pi/

ssh pi@192.168.191.24 "sudo dd if=/dev/mmcblk0 bs=1M | gzip -" | dd of=~/pibackup.gz

• Raspberry Pi Version: 3
• OS: Ubuntu Server 22.04.1 64bit version

https://360techexplorer.com/install-k3s-on-raspberry-pi/

Use Ubuntu Server 22.04.1. The Current LTS version.

You can install it using Raspberry Pi Imager : https://www.raspberrypi.com/software/

In the settings of Imager you can directly define teh SSH key, to connect to the pi

Attention: pick the 64bit version of Ubuntu Server. Its based on arm64 architecture. Only for arm64 there is a leight weighted version of Kubernetes available. https://askubuntu.com/questions/1301295/ubuntu-20-04-on-raspberry-pi-4-cannot-install-microk8s

The 32bit version is based on “armhf” architecture, for which no Kubernetes is available. you will get.

error: snap "microk8s" is not available on stable for this architecture (armhf) but exists on other architectures (amd64, arm64, ppc64el)

http://www.armand.nz/2022/06/01/install-k3s-kubernetes-on-raspberry-pi.html https://www.puzzle.ch/de/blog/articles/2020/10/13/k3s-on-raspberry-pi

Install k3s. https://docs.k3s.io/quick-start

Mount the sd-card, open the file `cmdline.txt` and append. It enables some backward compatibility raspberry kernel modules.

cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory

The file `cmdline.txt`

console=serial0,115200 dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 rootwait fixrtc quiet splash
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory

Sometimes, if the above command doesn’t respond. There might be something or other wrong. Checking on the kubelet with journalctl is a good place to start looking for info. Or maybe do a common error check

all errors

journalctl -p err -b

Sep 30 07:01:59 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:27 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:37 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:45 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:03:10 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:04:30 ubuntu kernel: hwmon hwmon1: Undervoltage detected!

An easy enough debugging step is to run a stop and start.

Through lots of frustration, I discovered ubuntu installation were missing a kernel module that always resulted in `STATUS: NotReady` when my Kubernetes K3S was instsalled.

Only by installing this kernel module I was able to finally get my ubuntu raspberry pi modules to a `STATUS: Ready state`. Evidently, this only affects the Rasberry Pi install of Ubuntu.

On each Raspberry PI Install the `linux-modules-extra-raspi` extra package, a specific requirement for Ubuntu 21.10+ and k3s on Raspberry Pis

Run the following to install the module. A reboot is required to take effect

sudo apt install linux-modules-extra-raspi
sudo reboot

The Master node’s (k8s0) initial k3s installation will serve as the control plane for our Kubernetes Cluster.

Install K3s with the flags to make sure /etc/rancher/k3s/k3s.yaml is world-readable

as in https://k3s.io/

Start installation

# seem to have been required to set ownership on configs in the past https://0to1.nl/post/k3s-kubectl-permission/
export K3S_KUBECONFIG_MODE="644"

# the command might use prev. environment variable
curl -sfL https://get.k3s.io | sh -

pi@pi2:~$ curl -sfL https://get.k3s.io | sh -
[INFO]  Finding release for channel stable
[INFO]  Using v1.24.6+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.24.6+k3s1/sha256sum-arm64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.24.6+k3s1/k3s-arm64
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Skipping installation of SELinux RPM
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s

Check for Ready node, takes ~30 seconds

sudo systemctl status k3s

pi@pi2:~$ sudo systemctl status k3s
● k3s.service - Lightweight Kubernetes
     Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: e>
     Active: active (running) since Wed 2022-10-05 06:46:54 UTC; 2min 7s ago
       Docs: https://k3s.io
    Process: 6146 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --qu>
    Process: 6148 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status>
    Process: 6149 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SU>
   Main PID: 6150 (k3s-server)
      Tasks: 119
     Memory: 558.5M
        CPU: 4min 13.990s
     CGroup: /system.slice/k3s.service
             ├─6150 "/usr/local/bin/k3s server"
             ├─6185 containerd -c /var/lib/rancher/k3s/agent/etc/containerd/con>
             ├─6879 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
             ├─6880 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
             ├─6881 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
             ├─6882 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
             ├─7027 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>
             └─7266 /var/lib/rancher/k3s/data/e7bc2e5951d7fc2b8da4bc5419f9c3241>

Oct 05 06:49:01 pi2 k3s[6150]: I1005 06:49:01.422427    6150 trace.go:205] Trac>
Oct 05 06:49:01 pi2 k3s[6150]: Trace[1718652963]: ---"Object stored in database>

You can check if the master node is working. At this point, there is only one Master node

k3s kubectl get node

pi@pi2:~$ k3s kubectl get node
NAME   STATUS   ROLES                  AGE   VERSION
pi2    Ready    control-plane,master   12m   v1.24.6+k3s1

By default, the Kubernetes API server listens on port 6443. You can check if the k8s server is listening on the port 6443

sudo ss -tulpn | grep :6443

pi@pi2:~$ sudo ss -tulpn | grep :6443
tcp   LISTEN 0      4096                     *:6443             *:*    users:(("k3s-server",pid=6150,fd=16))

pi@pi2:~$ sudo ps aux | grep 6150
root        6150 53.9 52.2 1250788 484324 ?      Ssl  06:46   8:15 /usr/local/bin/k3s server
pi          9717  2.0  0.1   6420  1824 pts/0    S+   07:01   0:00 grep --color=auto 6150

pi@pi2:~$ ls /usr/local/bin/
crictl  ctr  k3s  k3s-killall.sh  k3s-uninstall.sh  kubectl

On k8s server / mater - get teh token

# NODE_TOKEN comes from /var/lib/rancher/k3s/server/node-token on your server
sudo cat /var/lib/rancher/k3s/server/node-token

pi@pi2:~$ sudo cat /var/lib/rancher/k3s/server/node-token
T10eb2811f7856b5895acac5179c6ae29787957f5289bb00737cf144ac58da851c4::server:9acae609ca530528b4bcc3219720705b

Figure out the ip of your server

ip a

The eth0 adapter is relevant for me.

pi@pi2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether b8:27:eb:c8:d0:18 brd ff:ff:ff:ff:ff:ff
    inet 192.168.191.32/24 metric 100 brd 192.168.191.255 scope global dynamic eth0
       valid_lft 82237sec preferred_lft 82237sec
    inet6 fe80::ba27:ebff:fec8:d018/64 scope link
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether b8:27:eb:9d:85:4d brd ff:ff:ff:ff:ff:ff
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
    link/ether 3a:27:9b:9b:d2:5f brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::3827:9bff:fe9b:d25f/64 scope link
       valid_lft forever preferred_lft forever
5: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 2e:80:11:68:72:4e brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.1/24 brd 10.42.0.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::2c80:11ff:fe68:724e/64 scope link
       valid_lft forever preferred_lft forever
6: vethf8a47774@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether 22:9e:ba:f3:6d:7b brd ff:ff:ff:ff:ff:ff link-netns cni-afc93733-4c10-7c13-e702-e2159f2115e0
    inet6 fe80::209e:baff:fef3:6d7b/64 scope link
       valid_lft forever preferred_lft forever
7: veth4dd4db4c@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether 92:68:4b:e9:89:af brd ff:ff:ff:ff:ff:ff link-netns cni-520c6f0a-d043-1c4e-10cd-1877f56186fa
    inet6 fe80::9068:4bff:fee9:89af/64 scope link
       valid_lft forever preferred_lft forever
10: veth82490627@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether 92:49:38:ab:7a:a6 brd ff:ff:ff:ff:ff:ff link-netns cni-69a4e084-4fd7-25df-0237-d034c7549c13
    inet6 fe80::9049:38ff:feab:7aa6/64 scope link
       valid_lft forever preferred_lft forever
11: veth99adcc15@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether f2:a9:ea:60:33:79 brd ff:ff:ff:ff:ff:ff link-netns cni-d01d4a95-b65c-54c4-76c2-0752a4639660
    inet6 fe80::50b3:2bff:fe69:7914/64 scope link
       valid_lft forever preferred_lft forever
12: veth748d4e42@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether 32:16:9b:b6:f4:9f brd ff:ff:ff:ff:ff:ff link-netns cni-099b5741-6df4-3801-6694-a6357459a63d
    inet6 fe80::3016:9bff:feb6:f49f/64 scope link
       valid_lft forever preferred_lft forever

On a different node run the below command.

export K3S_KUBECONFIG_MODE="644"
export K3S_URL="https://192.168.191.32:6443"
export K3S_TOKEN="T10eb2811f7856b5895acac5179c6ae29787957f5289bb00737cf144ac58da851c4::server:9acae609ca530528b4bcc3219720705b"

curl -sfL https://get.k3s.io | sh -

see https://weberblog.net/reinstall-your-raspberry-over-the-network/

• Login via SSH to the system on which the image is located and read it via dd. The stdout is tunneled through SSH to the local system.
• Using pv you can see how much data is transferred. (You may need to install it with apt-get, but you can also omit this.)
• funzip extracts the first file and sends it to stdout.
• dd writes it to the SD-card.

#This will enable the reset of the Raspberry without regular commands.
echo 1 > /proc/sys/kernel/sysrq

#download image
curl -L http://downloads.raspberrypi.org/raspbian_lite_latest | funzip | dd bs=4M of=/dev/mmcblk0

# restart the pi (Sofortiger Neustart des Systems (ohne Synchronisation der Speichermedien!))
echo b > /proc/sysrq-trigger