{"id":1809,"date":"2021-06-30T21:10:18","date_gmt":"2021-07-01T01:10:18","guid":{"rendered":"https:\/\/lowtek.ca\/roo\/?p=1809"},"modified":"2021-07-22T13:00:15","modified_gmt":"2021-07-22T17:00:15","slug":"raspberry-pi-ubuntu-server","status":"publish","type":"post","link":"https:\/\/lowtek.ca\/roo\/2021\/raspberry-pi-ubuntu-server\/","title":{"rendered":"Raspberry Pi Ubuntu Server"},"content":{"rendered":"<p>Ever since the launch of the <a href=\"https:\/\/www.raspberrypi.org\/\">Raspberry Pi<\/a> I&#8217;ve been a fan. I&#8217;ve bought and been gifted many of them over time. It reminds me a little of the <a href=\"https:\/\/lowtek.ca\/roo\/2008\/turbo-slug\/\">NSLU2<\/a> (slug), but builds on the amazing hardware advancements driven by smartphones.<\/p>\n<p>I recently bought my first RPi4 &#8211; the base model 2Gb version. <a href=\"https:\/\/www.buyapi.ca\/\">BuyAPi.ca<\/a> is local, but I had it shipped. Great prices, and my order was prepped and shipped within 3hrs of submitting it. Even via regular mail, it showed up quickly (days).<\/p>\n<p>What I bought:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.buyapi.ca\/product\/raspberry-pi-4-model-b-2gb\/\">Raspberry Pi 4 Model B\/2GB<\/a><\/li>\n<li><a href=\"https:\/\/www.buyapi.ca\/product\/usb-c-power-supply-5-1v-3-0a-black-ul-listed\/\">USB-C Power Supply, 5.1V 3.0A, Black, UL Listed<\/a><\/li>\n<li><a href=\"https:\/\/www.buyapi.ca\/product\/aluminum-heatsink-for-raspberry-pi-4b-3-pack\/\">Aluminum Heatsink for Raspberry Pi 4B (3-Pack)<\/a><\/li>\n<li><a href=\"https:\/\/www.buyapi.ca\/product\/brass-standoffs-m2-5-x-15mm-package-of-8\/\">Brass Standoffs, M2.5 x 15mm, Package of 4<\/a><\/li>\n<\/ul>\n<p>I have plenty of micro-sd cards around so there was no need to get another.<\/p>\n<p>The Pi ships in a very cute little box.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1819\" src=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/cute-rpi4.png\" alt=\"\" width=\"1200\" height=\"781\" srcset=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/cute-rpi4.png 1200w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/cute-rpi4-500x325.png 500w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/cute-rpi4-1024x666.png 1024w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/cute-rpi4-768x500.png 768w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/p>\n<p>The first thing I did was to install the heatsinks. I had to visit the web page to figure out where to put them on the board. Peeling the plastic off the adhesive tape was a little tricky, but a sharp knife blade helped me get under the edge.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1820\" src=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink.png\" alt=\"\" width=\"1280\" height=\"1000\" srcset=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink.png 1280w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink-500x391.png 500w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink-1024x800.png 1024w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink-768x600.png 768w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/rpi-heat-sink-1200x938.png 1200w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/p>\n<p>There are several choices for the OS to run, and for many of my previous projects I&#8217;ve stuck with <a href=\"https:\/\/www.raspbian.org\/\">Raspbian<\/a> (now known as the <a href=\"https:\/\/www.raspberrypi.org\/software\/\">Raspberry Pi OS<\/a>). Since my intended use for this Pi is to run it as a server hosting Pi-hole, I opted to go with <a href=\"https:\/\/ubuntu.com\/download\/raspberry-pi\">Ubuntu server<\/a>.<\/p>\n<p>Downloading and flashing the image file to the sd-card was straight forward. I connected the Rpi4 to wired ethernet and power, and booted right after the card was flashed. By visiting my main router I could see the DHCP address that the Pi had been given.<\/p>\n<p>By default &#8211; the device shows up as hostname &#8216;ubuntu&#8217; and the default user is &#8216;ubuntu&#8217;. You can ssh directly to the machine, and on first login you are forced to change the password. The password policy requires non-trivial passwords, so it&#8217;s not a bad solution to getting going.<\/p>\n<p>At this point I no longer need to access the device physically (or at least very often). I drilled some holes in a bit of wood to accept the brass stand-offs, then mounted the Pi to the stand offs. This let me mount the whole thing to the wall along side my other infrastructure bits (router, modem, voip box, switch).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1821\" src=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/wall-mount-rpi4.jpg\" alt=\"\" width=\"1200\" height=\"868\" srcset=\"https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/wall-mount-rpi4.jpg 1200w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/wall-mount-rpi4-500x362.jpg 500w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/wall-mount-rpi4-1024x741.jpg 1024w, https:\/\/lowtek.ca\/roo\/wp-content\/uploads\/2021\/06\/wall-mount-rpi4-768x556.jpg 768w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/p>\n<p>Based on my <a href=\"https:\/\/lowtek.ca\/roo\/2019\/ubuntu-16-04-to-18-04-rebuild-with-new-ssd\/\">server configuration post<\/a> &#8211; I want the new Rpi4 server to be similarly set up.<\/p>\n<p>Stuff I want to do:<\/p>\n<ol>\n<li>Change the username<\/li>\n<li>Change the hostname<\/li>\n<li>Configure automatic updates<\/li>\n<li>Forward email<\/li>\n<li>Fix timezone<\/li>\n<li>Redirect logs<\/li>\n<li>Install Prometheus monitoring<\/li>\n<\/ol>\n<p>The rest of this post is the details on those steps.<\/p>\n<p><!--more--><\/p>\n<p><strong>1. Changing the user name<\/strong><\/p>\n<p>While we could go hacking the files to change the username, it is safer and more correct to use the <code>usermod<\/code> command. Of course, you can&#8217;t perform modifications to the user while you&#8217;re logged in as the user, and we don&#8217;t want to enable root logins so I&#8217;ll create a new user that has sudo permission and then use that user to modify the original. While I could just create the new user &#8211; I want to use the UID\/GUID combination 1000.1000 which is assigned to the default &#8216;ubuntu&#8217; user.<\/p>\n<pre class=\"lang:default decode:true \"># add a new user\r\nsudo adduser foobar\r\n\r\n# grant that user sudo rights\r\nsudo usermod -aG sudo foobar\r\n\r\n# Log out and then log in again as the new user (foobar)\r\n\r\n# As the new user (foobar) we can modify the default user\r\nsudo usermod -l newUser ubuntu\r\n\r\n# Then change the home directory\r\nsudo usermod -d \/home\/newHomeDir -m newUser\r\n\r\n# We will also fix the group name\r\nsudo groupmod --new-name newGroup ubuntu\r\n\r\n# Now we can logout as user foobar, and reconnect as newUser\r\n\r\n# Clean up and delete the foobar user\r\nsudo deluser foobar\r\nsudo rm -r \/home\/foobar<\/pre>\n<p>&nbsp;<\/p>\n<p><strong>2. Change the hostname<\/strong><\/p>\n<p>Now, I use the DCHP capabilities of my <a href=\"https:\/\/openwrt.org\/\">openwrt<\/a> router to assign a static IP and name to this device based on the MAC address of the hardware. Changing the hostname on the OS will make things consistent.<\/p>\n<p>While I&#8217;d typically go hack the <code>\/etc\/hostname file<\/code> &#8211; it seems there is a command <code>hostnamectl<\/code> that will both show this information, and let us change it<\/p>\n<pre class=\"lang:default decode:true \"># Set the hostname\r\nsudo hostnamectl set-hostname newHostName<\/pre>\n<p>&nbsp;<\/p>\n<p><strong>3. Configure automatic updates<\/strong><\/p>\n<p>While the Pi image for Ubuntu has automatic updates configured, it only pulls down security patches. I want all updates to happen automatically. To do this we need to edit <code>\/etc\/apt\/apt.conf.d\/50unattended-upgrades<\/code><\/p>\n<pre class=\"lang:default decode:true \"># Remove comments to enable updates\r\n        \"${distro_id}:${distro_codename}-updates\";\r\n\r\n# Setup email for any failures\r\nUnattended-Upgrade::Mail \"root\";\r\nUnattended-Upgrade::MailReport \"only-on-error\";\r\n \r\n# A few more settings\r\nUnattended-Upgrade::Remove-Unused-Kernel-Packages \"true\";\r\nUnattended-Upgrade::Remove-Unused-Dependencies \"true\";\r\nUnattended-Upgrade::Automatic-Reboot \"true\";\r\nUnattended-Upgrade::Automatic-Reboot-Time \"03:00\";<\/pre>\n<p>This should keep things current automatically.<\/p>\n<p><strong>4. Forward email<\/strong><\/p>\n<p>This is very simple, just install nullmailer and configure it to hit our email server. There are even ways to configure nullmailer to send to a gmail account if you are not self hosting email.<\/p>\n<pre class=\"lang:default decode:true \"># nullmailer is a forwarder\r\nsudo apt install nullmailer\r\n\r\n# we will also install the mail utilities for testing\r\nsudo apt install mailutils<\/pre>\n<p>You can test that it is setup correctly using the following<\/p>\n<pre class=\"lang:default decode:true \">echo \"error\" | NULLMAILER_NAME=\"Testsystem check\" mail -s \"This is just a test with nullmailer\" \"root@mailhost.lan\"\r\n<\/pre>\n<p>[Update: yeah, just like <a href=\"https:\/\/lowtek.ca\/roo\/2019\/ubuntu-16-04-to-18-04-rebuild-with-new-ssd\/#comment-421267\">last time<\/a> I forgot to modify <code>\/etc\/mailname<\/code> to avoid &#8220;<span class=\"s1\">Relay access denied&#8221; errors from my mail server. Change the mailname to be the same as your mail host and it&#8217;ll be fine]<\/span><\/p>\n<p><strong>5. Change timezone<\/strong><\/p>\n<p>By default the timezone is set to UTC. IT is easy to change using the <code>timedatectl<\/code> command.<\/p>\n<pre class=\"lang:default decode:true \"># Show current timezone\r\ntimedatectl\r\n\r\n# List timezones\r\ntimedatectl list-timezones\r\n\r\n# Set timezone\r\nsudo timedatectl set-timezone America\/Toronto<\/pre>\n<p>[update: you will want to reboot after changing the timezone, my logs were still coming out in UTC and this was fixed after a reboot]<\/p>\n<p><strong>6. Redirect logs<\/strong><\/p>\n<p>Two reasons to redirect the logs from the Pi.<\/p>\n<ul>\n<li>I have a centralized log server<\/li>\n<li>The Pi is using an sd-card for the filesystem<\/li>\n<\/ul>\n<p>Neither are good enough reasons to compel you to do the same, but for me it makes sense. While reducing writes to the sd-card is a good idea for stability, since the ultimate goal is to host the pi-hole software on this hardware there will be plenty of disk activity anyways.<\/p>\n<p>[Update: it turns out configuring rsyslog to send remote does not prevent the local copies, thus I have on the Pi a full set of logs and on the remote host I have a complete copy of them. This is fine, but many reduce log traffic with <a href=\"https:\/\/pimylifeup.com\/raspberry-pi-log2ram\/\">Log2RAM<\/a>]<\/p>\n<p>The Ubuntu Pi image comes with rsyslog installed and running by default.<\/p>\n<pre class=\"lang:default decode:true \"># Check the status of the rsyslog service\r\nsudo systemctl status rsyslog<\/pre>\n<p>We should see output that indicates the service is alive and well. To enable remote logging, we just need to add some configuration. We can put this in a unique file in the <code>\/etc\/rsyslog.d\/<\/code> directory. As long as the file ends with <code>.conf<\/code> it will get included in the configuration.<\/p>\n<pre class=\"lang:default decode:true \">$ cat remote.conf \r\n# Forward logs to logServer with UDP\r\n*.* @logServer.lan:514\r\n<\/pre>\n<p>Using a single <code>@<\/code> indicates UDP, using <code>@@<\/code> would indicate TCP as a protocol.<\/p>\n<p>If my brief instructions aren&#8217;t complete enough, check out <a href=\"https:\/\/rubysash.com\/operating-system\/linux\/setup-rsyslog-client-forwarder-on-raspberry-pi\/\">this article<\/a>.<\/p>\n<p><strong>7. Install Prometheus monitoring<\/strong><\/p>\n<p>I&#8217;ve adopted <a href=\"https:\/\/prometheus.io\">Prometheus<\/a> as a monitoring story, so my machines get the &#8216;node exporter&#8217; installed. This is one benefit to selecting Ubuntu as the package is already available.<\/p>\n<pre class=\"lang:default decode:true \">sudo apt install prometheus-node-exporter<\/pre>\n<p>Once installed, your pi will offer up prometheus style metrics at &#8220;http:\/\/:9100\/metrics&#8221; which you can configure Prometheus to pull data from.<\/p>\n<p>[Edit: please check out <a href=\"https:\/\/lowtek.ca\/roo\/2021\/pi-hole-ubuntu-server-take-2\/\">additional details in my take 2 post<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ever since the launch of the Raspberry Pi I&#8217;ve been a fan. I&#8217;ve bought and been gifted many of them over time. It reminds me a little of the NSLU2 (slug), but builds on the amazing hardware advancements driven by smartphones. I recently bought my first RPi4 &#8211; the base model 2Gb version. BuyAPi.ca is &hellip; <a href=\"https:\/\/lowtek.ca\/roo\/2021\/raspberry-pi-ubuntu-server\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Raspberry Pi Ubuntu Server&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,12,20],"tags":[],"class_list":["post-1809","post","type-post","status-publish","format-standard","hentry","category-computing","category-how-to","category-pi-hole"],"_links":{"self":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/comments?post=1809"}],"version-history":[{"count":16,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1809\/revisions"}],"predecessor-version":[{"id":1872,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1809\/revisions\/1872"}],"wp:attachment":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/media?parent=1809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/categories?post=1809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/tags?post=1809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}