Ever since the launch of the Raspberry Pi I’ve been a fan. I’ve bought and been gifted many of them over time. It reminds me a little of the NSLU2 (slug), but builds on the amazing hardware advancements driven by smartphones.
I recently bought my first RPi4 – the base model 2Gb version. BuyAPi.ca is local, but I had it shipped. Great prices, and my order was prepped and shipped within 3hrs of submitting it. Even via regular mail, it showed up quickly (days).
What I bought:
- Raspberry Pi 4 Model B/2GB
- USB-C Power Supply, 5.1V 3.0A, Black, UL Listed
- Aluminum Heatsink for Raspberry Pi 4B (3-Pack)
- Brass Standoffs, M2.5 x 15mm, Package of 4
I have plenty of micro-sd cards around so there was no need to get another.
The Pi ships in a very cute little box.
The first thing I did was to install the heatsinks. I had to visit the web page to figure out where to put them on the board. Peeling the plastic off the adhesive tape was a little tricky, but a sharp knife blade helped me get under the edge.
There are several choices for the OS to run, and for many of my previous projects I’ve stuck with Raspbian (now known as the Raspberry Pi OS). Since my intended use for this Pi is to run it as a server hosting Pi-hole, I opted to go with Ubuntu server.
Downloading and flashing the image file to the sd-card was straight forward. I connected the Rpi4 to wired ethernet and power, and booted right after the card was flashed. By visiting my main router I could see the DHCP address that the Pi had been given.
By default – the device shows up as hostname ‘ubuntu’ and the default user is ‘ubuntu’. You can ssh directly to the machine, and on first login you are forced to change the password. The password policy requires non-trivial passwords, so it’s not a bad solution to getting going.
At this point I no longer need to access the device physically (or at least very often). I drilled some holes in a bit of wood to accept the brass stand-offs, then mounted the Pi to the stand offs. This let me mount the whole thing to the wall along side my other infrastructure bits (router, modem, voip box, switch).
Based on my server configuration post – I want the new Rpi4 server to be similarly set up.
Stuff I want to do:
- Change the username
- Change the hostname
- Configure automatic updates
- Forward email
- Fix timezone
- Redirect logs
- Install Prometheus monitoring
The rest of this post is the details on those steps.
1. Changing the user name
While we could go hacking the files to change the username, it is safer and more correct to use the usermod
command. Of course, you can’t perform modifications to the user while you’re logged in as the user, and we don’t want to enable root logins so I’ll create a new user that has sudo permission and then use that user to modify the original. While I could just create the new user – I want to use the UID/GUID combination 1000.1000 which is assigned to the default ‘ubuntu’ user.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# add a new user sudo adduser foobar # grant that user sudo rights sudo usermod -aG sudo foobar # Log out and then log in again as the new user (foobar) # As the new user (foobar) we can modify the default user sudo usermod -l newUser ubuntu # Then change the home directory sudo usermod -d /home/newHomeDir -m newUser # We will also fix the group name sudo groupmod --new-name newGroup ubuntu # Now we can logout as user foobar, and reconnect as newUser # Clean up and delete the foobar user sudo deluser foobar sudo rm -r /home/foobar |
2. Change the hostname
Now, I use the DCHP capabilities of my openwrt router to assign a static IP and name to this device based on the MAC address of the hardware. Changing the hostname on the OS will make things consistent.
While I’d typically go hack the /etc/hostname file
– it seems there is a command hostnamectl
that will both show this information, and let us change it
1 2 |
# Set the hostname sudo hostnamectl set-hostname newHostName |
3. Configure automatic updates
While the Pi image for Ubuntu has automatic updates configured, it only pulls down security patches. I want all updates to happen automatically. To do this we need to edit /etc/apt/apt.conf.d/50unattended-upgrades
1 2 3 4 5 6 7 8 9 10 11 12 |
# Remove comments to enable updates "${distro_id}:${distro_codename}-updates"; # Setup email for any failures Unattended-Upgrade::Mail "root"; Unattended-Upgrade::MailReport "only-on-error"; # A few more settings Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "03:00"; |
This should keep things current automatically.
4. Forward email
This is very simple, just install nullmailer and configure it to hit our email server. There are even ways to configure nullmailer to send to a gmail account if you are not self hosting email.
1 2 3 4 5 |
# nullmailer is a forwarder sudo apt install nullmailer # we will also install the mail utilities for testing sudo apt install mailutils |
You can test that it is setup correctly using the following
1 |
echo "error" | NULLMAILER_NAME="Testsystem check" mail -s "This is just a test with nullmailer" "root@mailhost.lan" |
[Update: yeah, just like last time I forgot to modify /etc/mailname
to avoid “Relay access denied” errors from my mail server. Change the mailname to be the same as your mail host and it’ll be fine]
5. Change timezone
By default the timezone is set to UTC. IT is easy to change using the timedatectl
command.
1 2 3 4 5 6 7 8 |
# Show current timezone timedatectl # List timezones timedatectl list-timezones # Set timezone sudo timedatectl set-timezone America/Toronto |
[update: you will want to reboot after changing the timezone, my logs were still coming out in UTC and this was fixed after a reboot]
6. Redirect logs
Two reasons to redirect the logs from the Pi.
- I have a centralized log server
- The Pi is using an sd-card for the filesystem
Neither are good enough reasons to compel you to do the same, but for me it makes sense. While reducing writes to the sd-card is a good idea for stability, since the ultimate goal is to host the pi-hole software on this hardware there will be plenty of disk activity anyways.
[Update: it turns out configuring rsyslog to send remote does not prevent the local copies, thus I have on the Pi a full set of logs and on the remote host I have a complete copy of them. This is fine, but many reduce log traffic with Log2RAM]
The Ubuntu Pi image comes with rsyslog installed and running by default.
1 2 |
# Check the status of the rsyslog service sudo systemctl status rsyslog |
We should see output that indicates the service is alive and well. To enable remote logging, we just need to add some configuration. We can put this in a unique file in the /etc/rsyslog.d/
directory. As long as the file ends with .conf
it will get included in the configuration.
1 2 3 |
$ cat remote.conf # Forward logs to logServer with UDP *.* @logServer.lan:514 |
Using a single @
indicates UDP, using @@
would indicate TCP as a protocol.
If my brief instructions aren’t complete enough, check out this article.
7. Install Prometheus monitoring
I’ve adopted Prometheus as a monitoring story, so my machines get the ‘node exporter’ installed. This is one benefit to selecting Ubuntu as the package is already available.
1 |
sudo apt install prometheus-node-exporter |
Once installed, your pi will offer up prometheus style metrics at “http://:9100/metrics” which you can configure Prometheus to pull data from.
[Edit: please check out additional details in my take 2 post]