Tohuwabohu excorcism

• Geht die Inet Verbindung verloren - und wird wiederhergeestellt - so sollen OpenVPN sich wieder verbinden

Available Infos:

The default login / password are allways:

login: pi
password: raspberry

Available OS, custom made for the raspberry pi. Among

• Raspbmc
• OpenElec
• Xbian

http://www.raspbmc.com/wiki/user/frequently-asked-questions/ is the OS of choice. Because it is the oldest one. Has the most support. The most advanced level of development

To stream the movies from the desktop / Server to the raspberry a media server is needed. The are plently of ways to share the videos with XBMC.

• The content may be just shared “as it is”, by using network shares.
• The other possibility is to use media servers. Some servers support on-the-fly transcoding, which is live converting of films in unsuported formats into supported format.

Media Servers

Shares

I would like to have the ability to share the Picture and Audio with the Raspberry Pi, so that I can just play some video on the desktop (from sources unavailable for the Pi) and see teh vido on my TV.

The licences may be bought here, for the raspberry to be able to play

• DVDs (mpeg2 licence)
• WMA (VC1 license)

To enter the licences via SSH - connect to the Raspberry via a SSH client, e.g. Putty and do the following:

sudo nano /boot/config.txt

For that the TV and the HDMI cable - should both support the CEC per HDMI. CEC should be enabled on TV.

THere is a possibitiy to control the raspberry completely http://learn.adafruit.com/adafruit-raspberry-pi-lesson-7-remote-control-with-vnc/installing-vnc, which is like remote desktop on windows.

There are plently of VNC remote control apps to use this on mobile clients.

https://play.google.com/store/apps/details?id=org.leetzone.android.yatsewidgetfree

Just go enter the ip of the pi into the browser. Previously you should install some addons, like remote control addon, to get the ability to control the pi.

A normal router can pass up to 300mbps (37Megabyte ps). Streaming a video uses 5mbps (0.625Megabyte ps)

Howto install deb packages. As an example: RPi-Monitor

//required libs
sudo apt-get install librrds-perl libhttp-daemon-perl libhttp-daemon-ssl-perl libipc-sharelite-perl libjson-perl

//download deb package with wget
 wget --no-check-certificate https://github.com/XavierBerger/RPi-Monitor-deb/raw/master/packages/rpimonitor_2.4-1_all.deb

//install deb
sudo dpkg -i rpimonitor_2.4-1_all.deb

//update the service
sudo apt-get update && sudo service rpimonitor update 

//sevice available under http://127.0.0.1:8888 

The XBMC can be extended with Addons. The biggest Addons repository is http://superrepo.org/.

The addon is available here. It can be

• downloaded as zip (http://superrepo.org/get-started/add-the-super-repo-directory-as-source/)
• uploaded to the raspberry via FTP,
• istalled from zip.

Install OpenVpn, torrentclient “transmission-daemon” and

pi@torrentpi ~ $ sudo apt-get install resolvconf transmission-daemon

Configure Transmission-daemon to provide a web interface:

#stop the daemon
sudo /etc/init.d/transmission-daemon stop

#edit the settings
sudo nano /etc/transmission-daemon/settings.json

#edit
"rpc-authentication-required": false, #disable password protection for remote (web) interface
"rpc-whitelist": "127.0.0.1, *.*.*.*", # allow access from any address

#start seervice again
pi@torrentpi ~ $ sudo /etc/init.d/transmission-daemon start

The Service should be reachable through the browser, by following address: http://[RASPBERRYIP]:9091

Change the service startup parameters:

Open the file /etc/default/transmission-daemon and edit the Options line:

# Default options for daemon, see transmission-daemon(1) for more options
OPTIONS="--config-dir $CONFIG_DIR --logfile /home/pi/logs/transmission-daemon.txt -log-error -log-info -log-debug --no-portmap"

The rest op the OPTIONS is listed here: http://manpages.ubuntu.com/manpages/lucid/man1/transmission-daemon.1.html

Enabling or disabling transmission-web as a autostart-service

The tool update-rc.d is used to enable / disable services. It adds/removes scripts to the folders /etc/init.d/ and /etc/rcX.d/

The scripts are added on different “runlevels” http://en.wikipedia.org/wiki/Runlevel

To find out on which leveles the script is autostarted do:
pi@raspberrypi /etc/transmission-daemon $ ls -l /etc/rc?.d/*transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc0.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc1.d/K02transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc2.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc3.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc4.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Jan 19 00:07 /etc/rc5.d/S03transmission-daemon -> ../init.d/transmission-daemon
lrwxrwxrwx 1 root root 29 Nov 14 19:00 /etc/rc6.d/K02transmission-daemon -> ../init.d/transmission-daemon

// autostarted on levels 0,1,2,3,4,5,6

//disable the script
 sudo update-rc.d -f transmission-daemon remove

// reenable the script on default runlevel
sudo update-rc.d transmission-daemon defaults

OpenVpn documentation: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

Install openVpn

pi@torrentpi ~ $ sudo apt-get install openvpn resolvconf transmission-daemon

Now download the config into the folder /etc/openvpn
ibVPN-NL-Amsterdam1.ovpn
ibVPN-NL-Amsterdam1.conf #copy of ibVPN-NL-Amsterdam1.ovpn

Use THe COnfiguration file to connect the VPN server. If that works - the openVPN can be started as a service.

sudo openvpn --config /etc/openvpn/ibVPN-NL-Amsterdam1.ovpn

Tell openvpn service where the configuration is located. Edit the file:

sudo nano /etc/default/openvpn

And add the AUTOSTART to point to the ibVPN-NL-Amsterdam1.conf file. This is where the *.conf file is needed.

AUTOSTART="ibVPN-NL-Amsterdam1"

Now start the service Start openvpn and check if service is runnin

sudo /etc/init.d/openvpn start
sudo /etc/init.d/openvpn status

And check the extern IP

curl ifconfig.me

The logs about VPN connection can be found under

$ cat /var/log/syslog | grep VPN

The openVPN Service should be monitored! Should the connection be lost at some time - the connection should be restored on it's own!

The monit seems to be a suitable tool for that!

Install monit:

 sudo apt-get install monit 

Configure monit to look for the openVPN service. The configurations are in file /etc/monit/monitrc

 sudo nano /etc/monit/monitrc 

Uncomment or add the following to allow connection to the monit via http://192.168.191.110:2812/ where 192.168.191.110 is the ip of the server.

 set httpd port 2812 and
    allow 0.0.0.0/0.0.0.0        # allow connections from any ip

Once the web services are set up, you can begin to input the programs that you want monitored and protected into the /etc/monit/monitrc configuration file. To simply ensure that programs stay online, you can use the /etc/init.d commands to stop or start a program.

Find the openVpn pid (e.g. openvpn-Amsterdam1.pid) in folder

/var/run

Match the Job by a Regex, here openvpn.* and check teh match by doing

monit procmatch "openvpn.*"

Open file /etc/monit/monitrc and append a job describing entry:

check process openvpn MATCHING "openvpn.*"
    start program = "/etc/init.d/openvpn start" with timeout 60 seconds
    stop program  = "/etc/init.d/openvpn stop"

Now you can check the syntax of the /etc/monit/monitrc file by doing

sudo monit -t

and if there was no output start monit:

sudo /etc/init.d/monit restart

The monit can be checked under http://RASPBERRYIP:2812/

the log is written to

 nano /var/log/monit

Install stuff samba and samba tools. Open configurations.

$ sudo apt-get install samba
$ sudo apt-get install samba-common-bin
$ nano /etc/samba/smb.conf

I would like to share the folder /shares, so I set the rights of this folder to 777, so that everyone can do everything in there!

sudo chmod -R 777 /shares

-R sets the rights recursively.

Enter configs to share the folder under /shares/torrents so that everyone can enter it.

[global]
    workgroup = WORKGROUP
    usershare allow guests = yes
    security=share
    #security=user
    follow symlinks = yes
    wide links = no
    unix extensions = no
    lock directory = /var/cache/samba
[torrents]
    browsable = yes
    read only = no
    guest ok = yes
    path = /shares/torrents
    force user = pi

test the parameters entered into smb.conf

$ testparm 

restart teh samba service

$ sudo /etc/init.d/samba reload

Use Iptables as firewall. Configure it as following:

#!/bin/sh

# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow ssh on Port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

# Allow transmission-daemon rpc on Port 9091
iptables -A INPUT -p tcp --dport 9091 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9091 -j  ACCEPT



# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT


## open samba ports
iptables -A INPUT -p udp --dport 137:139 -j ACCEPT 
iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT 
iptables -A INPUT -p tcp --dport 445 -j ACCEPT 
iptables -A OUTPUT -p udp --sport 137:139 -j ACCEPT 
iptables -A OUTPUT -p tcp --sport 137:139 -j ACCEPT 
iptables -A OUTPUT -p tcp --sport 445 -j ACCEPT 


# allow connection via 1194 so that openVpn can use the network adapter
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT
# allow connections via openVPN tun and tap interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT


# make sure nothing else comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP


# persist the rules after reboot. Package iptables-persistent must be installed
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'

To see the active iptables rules do

sudo iptables -L -v

To remove the rule Nr. 5 in the chain INPUT do

iptables -D INPUT 5

To flush all rules do

# first disable torrent client, so that it does not leak through the firewall
/etc/init.d/transmission-daemon stop

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

The ipdatbles rules are not persisted on reboot.

Do the following to install iptables restoring package:

sudo apt-get install iptables-persistent

Do the following to persist the current iptables rules:

sudo su -c 'iptables-save > /etc/iptables/rules.v4'
sudo su -c 'ip6tables-save > /etc/iptables/rules.v6'

Enable NTFS for Raspberry:

apt-get install ntfs-3g

To list all USB devices, or all partitions do:

lsusb
sudo fdisk -l

There is a service named udev, which recognizes the devices in linux and maps devices to the files in the /dev/ folder.
The names are typically sda1, sdb1, sdc1 … sca1 …

The service udev is able to execute rules to do something, when such a device was recognized / removed.
This is the point to tell linux to mount the usb device.
The udev rules are stored in the folder /etc/udev/rules.d/ and have teh form *.rules

Here is an example rules file which tells udev to automount usb drives on connect: /etc/udev/rules.d/10-my-media-automount.rules

# vim:enc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=udevrules:
#
# /etc/udev/rules.d/10-my-media-automount.rules

# usb devices are called sda1, sdb1 ...
KERNEL!="s[a-z][a-z][0-9]*", GOTO="my_media_automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="my_media_automount_end"

# import some useful filesystem info as variables
IMPORT{program}="/sbin/blkid -o udev -p %N"

# get the label if present, otherwise assign one based on device/partition. Always append the name of the device as unique id
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}-%k"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usb-%k"

# create the dir in /media and symlink it to /mnt
ACTION=="add", RUN+="/bin/mkdir -p '/media/%E{dir_name}'"

# global mount options
ACTION=="add", ENV{mount_options}="relatime"
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat) 
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"

# automount ntfs filesystems using ntfs-3g driver
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"
# automount all other filesystems
ACTION=="add", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k '/media/%E{dir_name}'"

# clean up after device removal
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"

# exit
LABEL="my_media_automount_end"

To reload udev after adding a new rule do

sudo udevadm control --reload-rules

When the disk with data is plugged out - will not find the data and stop the torrents with the error

Error: No data found! Ensure your drives are connected or use "Move Data File To...

To resume the download on every USB disk mount use a script, which will be executed by udev on every HDD plug.

Script:

#!/bin/sh
/usr/bin/transmission-remote -t all --start

Execute script by udev on USB mount:

sudo apt-get install proftpd

Open iptables ports

# Ports for FTP. 1024 is needed for passive mode
# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:1024 --dport 1024:1024 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

Create the user which will be used by FTP server to access data

// create the user and usergroup
sudo useradd -d /media -m ftpuser
sudo groupadd ftpgroup
sudo usermod -a -G ftpgroup ftpuser


// set user rights for the media folder
sudo chgrp -R ftpgroup /media/
sudo chmod -R 777 /media/

append the following to the file /etc/proftpd/proftpd.conf for it to be anonymously accessible

<Anonymous ~ftpuser>
  User				ftpuser
  Group				ftpgroup

 # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftpuser

 # Limit the maximum number of anonymous logins
 MaxClients			10

 # We want 'welcome.msg' displayed at login, and '.message' displayed
 # in each newly chdired directory.
 DisplayLogin			welcome.msg
 DisplayChdir			.message

 # Limit WRITE everywhere in the anonymous chroot
 <Limit WRITE>
   DenyAll
 </Limit>
</Anonymous>

At least try out connecting using telnet. Telnet will be able to connect, if

• the firewall opens port
• some application is listening to this port (running)

#telnet 192.168.191.110 to check if its accessible on port 21
telnet 192.168.191.110 21

Access FTP on ftp://192.168.191.110/

As described in https://johnatilano.com/2016/11/25/use-ssh-and-dd-to-remotely-backup-a-raspberry-pi/

ssh pi@192.168.191.24 "sudo dd if=/dev/mmcblk0 bs=1M | gzip -" | dd of=~/pibackup.gz

• Raspberry Pi Version: 3
• OS: Ubuntu Server 22.04.1 64bit version

Use Ubuntu Server 22.04.1. The Current LTS version.

You can install it using Raspberry Pi Imager : https://www.raspberrypi.com/software/

In the settings of Imager you can directly define teh SSH key, to connect to the pi

Attention: pick the 64bit version of Ubuntu Server. Its based on arm64 architecture. Only for arm64 there is a version of MicroK8s available in the snap-repository. https://askubuntu.com/questions/1301295/ubuntu-20-04-on-raspberry-pi-4-cannot-install-microk8s

The 32bit version is based on “armhf” architecture, for which no MicroK8s is available. you will get.

error: snap "microk8s" is not available on stable for this architecture (armhf) but exists on other architectures (amd64, arm64, ppc64el)

• Kubernetes: MicroK8s is a low-ops, minimal production Kubernetes, for devs, cloud, clusters, workstations, Edge and IoT. It was only supporting a single node but recently they added clustering.

Attention: didnt work For some reason microk8s was not running after the installation. All the start/stop commands failed. As it was about a fast and easy way to start - moved on to get.k3s.io

As described e.g. in https://discourse.ubuntu.com/t/how-to-build-a-raspberry-pi-kubernetes-cluster-using-microk8s/14792

Install microk8s.

sudo snap install microk8s --classic

pi@ubuntu:~$ sudo snap install microk8s --classic
microk8s (1.25/stable) v1.25.0 from Canonical✓ installed
pi@ubuntu:~$ 

You can also learn about available versions and pick a concrete version

snap info microk8s

Returns

pi@ubuntu:~$ snap info microk8s
name:      microk8s
summary:   Kubernetes for workstations and appliances
publisher: Canonical✓
store-url: https://snapcraft.io/microk8s
contact:   https://github.com/ubuntu/microk8s
license:   unset
description: |
  MicroK8s is a small, fast, secure, single node Kubernetes that installs on
  just about any Linux box. Use it for offline development, prototyping,
  testing, or use it on a VM as a small, cheap, reliable k8s for CI/CD. It's
  also a great k8s for appliances - develop your IoT apps for k8s and deploy
  them to MicroK8s on your boxes.
commands:
  - microk8s.add-node
  - microk8s.addons
  - microk8s.cilium
  - microk8s.config
  - microk8s.ctr
  - microk8s.dashboard-proxy
  - microk8s.dbctl
  - microk8s.disable
  - microk8s.enable
  - microk8s.helm
  - microk8s.helm3
  - microk8s.images
  - microk8s.inspect
  - microk8s.istioctl
  - microk8s.join
  - microk8s.kubectl
  - microk8s.leave
  - microk8s.linkerd
  - microk8s
  - microk8s.refresh-certs
  - microk8s.remove-node
  - microk8s.reset
  - microk8s.start
  - microk8s.status
  - microk8s.stop
  - microk8s.version
services:
  microk8s.daemon-apiserver-kicker: simple, enabled, active
  microk8s.daemon-apiserver-proxy:  simple, enabled, inactive
  microk8s.daemon-cluster-agent:    simple, enabled, active
  microk8s.daemon-containerd:       notify, enabled, active
  microk8s.daemon-etcd:             simple, enabled, inactive
  microk8s.daemon-flanneld:         simple, enabled, inactive
  microk8s.daemon-k8s-dqlite:       simple, enabled, active
  microk8s.daemon-kubelite:         simple, enabled, active
snap-id:      EaXqgt1lyCaxKaQCU349mlodBkDCXRcg
tracking:     1.25/stable
refresh-date: today at 06:48 UTC
channels:
  1.25/stable:           v1.25.0         2022-09-12 (3886) 146MB classic
  1.25/candidate:        v1.25.0         2022-09-09 (3886) 146MB classic
  1.25/beta:             v1.25.0         2022-09-09 (3886) 146MB classic
  1.25/edge:             v1.25.2         2022-09-28 (4042) 146MB classic
  latest/stable:         v1.25.0         2022-09-07 (3843) 146MB classic
  latest/candidate:      v1.25.1         2022-09-15 (3938) 146MB classic
  latest/beta:           v1.25.1         2022-09-15 (3938) 146MB classic
  latest/edge:           v1.25.2         2022-09-28 (4040) 147MB classic
  1.26/stable:           –
  1.26/candidate:        –
  1.26/beta:             –
  1.26/edge:             v1.26.0-alpha.1 2022-09-23 (3983) 146MB classic
  1.25-strict/stable:    v1.25.0         2022-09-12 (3885) 146MB -

And a concrete version can be installed via

sudo snap install microk8s --classic --channel=1.25/stable

On the master node command. It will take some minutes.

sudo microk8s.add-node

Output:

pi@ubuntu:~$ sudo microk8s.add-node
From the node you wish to join to this cluster, run the following:
microk8s join 192.168.191.34:25000/11b28f8dcbd84f96a3e59637d55f94d6/88f6162716de

Use the '--worker' flag to join a node as a worker not running the control plane, eg:
microk8s join 192.168.191.34:25000/11b28f8dcbd84f96a3e59637d55f94d6/88f6162716de --worker

If the node you are adding is not reachable through the default interface you can use one of the following:
microk8s join 192.168.191.34:25000/11b28f8dcbd84f96a3e59637d55f94d6/88f6162716de
pi@ubuntu:~$

On the second pi, in same network

sudo microk8s join 192.168.191.34:25000/11b28f8dcbd84f96a3e59637d55f94d6/88f6162716de

To check the status of cluster do

sudo microk8s.status

Sometimes, if the above command doesn’t respond. There might be something or other wrong. Checking on the kubelet with journalctl is a good place to start looking for info. Or maybe do a common error check

all errors

journalctl -p err -b

Sep 30 07:01:59 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:27 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:37 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:45 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:03:10 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:04:30 ubuntu kernel: hwmon hwmon1: Undervoltage detected!

An easy enough debugging step is to run a stop and start.

sudo microk8s.stop
sudo microk8s.start

Look at the cluster info and make sure it’s up:

$ sudo microk8s.kubectl cluster-info

$ sudo microk8s.kubectl cluster-info
Kubernetes master is running at https://127.0.0.1:16443

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

You can clean-up MicroK8s installation by running the following command:

This command is used to return the MicroK8s node to the default initial state. This process may take some time and will remove any resources, authentication, running services, pods and optionally, storage. All addons will be disabled and the configuration will be reinitialised.

This commands makes it easy to revert your MicroK8s to an ‘install fresh’ state wihout having to reinstall anything.

sudo microk8s.reset

Cleaning resources in namespace default
No resources found
endpoints "kubernetes" deleted
secret "default-token-5lqdh" deleted
serviceaccount "default" deleted
service "kubernetes" deleted

http://www.armand.nz/2022/06/01/install-k3s-kubernetes-on-raspberry-pi.html https://www.puzzle.ch/de/blog/articles/2020/10/13/k3s-on-raspberry-pi

• Kubernetes: MicroK8s is a low-ops, minimal production Kubernetes, for devs, cloud, clusters, workstations, Edge and IoT. It was only supporting a single node but recently they added clustering.

Install k3s. https://docs.k3s.io/quick-start

Mount the sd-card, open the file `cmdline.txt` and append. It enables some backward compatibility raspberry kernel modules.

cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory

The file `cmdline.txt`

console=serial0,115200 dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 rootwait fixrtc quiet splash
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory

Sometimes, if the above command doesn’t respond. There might be something or other wrong. Checking on the kubelet with journalctl is a good place to start looking for info. Or maybe do a common error check

all errors

journalctl -p err -b

Sep 30 07:01:59 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:27 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:37 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:02:45 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:03:10 ubuntu kernel: hwmon hwmon1: Undervoltage detected!
Sep 30 07:04:30 ubuntu kernel: hwmon hwmon1: Undervoltage detected!

journalctl -xeu snap.microk8s.daemon-containerd.service
systemctl status snap.microk8s.daemon-containerd.service

An easy enough debugging step is to run a stop and start.

Through lots of frustration, I discovered ubuntu installation were missing a kernel module that always resulted in `STATUS: NotReady` when my Kubernetes K3S was instsalled.

Only by installing this kernel module I was able to finally get my ubuntu raspberry pi modules to a `STATUS: Ready state`. Evidently, this only affects the Rasberry Pi install of Ubuntu.

On each Raspberry PI Install the `linux-modules-extra-raspi` extra package, a specific requirement for Ubuntu 21.10+ and k3s on Raspberry Pis

Run the following to install the module. A reboot is required to take effect

sudo apt install linux-modules-extra-raspi
sudo reboot

The Master node’s (k8s0) initial k3s installation will serve as the control plane for our Kubernetes Cluster.

Install K3s with the flags to make sure /etc/rancher/k3s/k3s.yaml is world-readable

curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
curl -sfL https://get.k3s.io | sh - 
# Check for Ready node, takes ~30 seconds

# Kubeconfig is written to /etc/rancher/k3s/k3s.yaml
sudo k3s kubectl get node