Centralizing Certificate Management of LetsEncrypt with a Raspberry PI

Lets Encrypt is a new Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). At the time of writing it’s currently in Beta and is due to go public in December 2015.

Update: Lets Encrypt went into public -beta on December 3 2015. I have updated this article with the minor change needed to work with the live servers.

Now in the default mode, the standard Lets Encrypt client (it’s not the only one) can manage this automatically – however it’s not ideal if you have more than one server.

What I describe here is how to centralize managing certificate registration (& later renewal) on a central machine. When a certificate is then registered or renewed we can then copy the certs to the remote servers.

Continue reading “Centralizing Certificate Management of LetsEncrypt with a Raspberry PI”

Installing Java 7 on Debian Squeeze

For all of my servers I use Debian, however that distribution has a few problems, mainly the packages can be a bit behind the cutting edge.

Now this is usually a good thing if you are looking for stability – cutting edge software can have issues, especially from new features etc, so for a live environment you want something thats stable.

However, there does come a time when this can bite back. You either need a feature thats not in the standard repositories or in this case the version is now unsupported.

In Debian Squeeze it has Java 6 – but that was EOL’d a couple of months ago so is no longer supported by Oracle. The current version is Java 7 update 17.

So how do we get Java 7 installed?

Well it’s pretty easy to do, we just need to add another repository into apt and install it.

First the repository:

sudo su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
apt-get update
exit

What that does is to install the ubuntu ppa repository into apt, setup the public keys and then load the package lists.

Next we need to install it:

sudo apt-get install oracle-java7-installer

This will now download Oracle Java 7 and present you with a couple of screens about licensing. Just ok and accept it and it will now install.

That’s it. You now have Java 7 installed – but it’s not the default JDK (if you already had Java 6 installed). If you want it to be the default then there’s just one more thing to do:

sudo apt-get install oracle-java7-set-default

That’s a dummy package but it will make Java 7 the default on that machine. If you want to check then you can check:

peter@titan ~ $ java -version
java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)

Setting up a Weather WebCam on Linux

Weather webcams are always popular and it is easy and free to set one up yourself.  This article will show how to setup a simple USB webcam to produce still images and serve them on a local apache webserver.

Continue reading “Setting up a Weather WebCam on Linux”

Formatting xml in emacs

I had this problem of debugging some xml but when reading the output of some log4j it was almost impossible to read so I needed some way of prettifying the xml quickly.

For this example I have the following xml:

<?xml version="1.0"?><xml><iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get"><query xmlns="some:namespace"/></iq></xml>

So how do we pretify this in emacs?

Well the first thing to do is to write an extension function & place it into your ~/.emacs file. Placing it here means that when you open emacs the extension is available:

(defun xml-format ()
  (interactive)
  (save-excursion
    (shell-command-on-region (mark) (point) "xmllint --format -" (buffer-name) t)
  )
)

Now this works by passing the buffer to the xmllint utility and replaces it with the output – in this case nicely formatted xml.

Now we need to install xmllint:

pi@lindesfarne: ~$ sudo apt-get install libxml2-utils

Ok so now open emacs and open the xml. To format first select the xml you want to format then Press Escape then x followed by xml-format & press return. You should then get the xml nicely formatted:

<?xml version="1.0"?>
<xml>
  <iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get">
    <query xmlns="some:namespace"/>
  </iq>
</xml>

Compiling a Kernel on the Raspberry PI

The reason I had to do this was because I needed video4linux to get a webcam working for a forcoming series of posts connecting a telescope to the pi. Although the connection to the telescope wasn’t a problem, the customized webcam I have needed it.

Here I compile the kernel on a more powerful linux box to save time then transfer the kernel over to the PI.

Also this article is mainly my personal notes on compiling a new kernel rather than a tutorial on how to do it. Writing it here makes sense to keep things together & maybe it’s useful for anyone else.

These instructions are based on the RPI Kernel Compilation available at elinux.org.
Continue reading “Compiling a Kernel on the Raspberry PI”

Using NFS to provide extra disk to a Raspberry PI

As the Raspberry PI uses an SD Card for it’s boot device there are times when you need either more space than is available on that device or a device that’s faster – writing to flash is slow and flash cards do have a limited number of writes that can be made to them.

Now there’s several ways to accomplish this:

  • Use an external USB drive (the common route)
  • Use a network shared drive

Using a USB drive is simple and is the faster option but it means it’s dedicated to the PI whilst it’s in use, hence this article on using a network drive – in this instance a directory on another Linux box in the network.

Also having it shared on the network means that multiple machines could use it at the same time. Imagine if you are a teacher with a collection of PI’s being used by your students. You could setup a central read-only directory with your class work which they can all access as if it’s installed locally.
Continue reading “Using NFS to provide extra disk to a Raspberry PI”

Using the full space on your SD card in the Raspberry PI

If you got your Raspberry PI from RS like I did I also ordered both a power supply & an SD card. Now you’ll probably find that you got a 4GB card. The problem is that the Debian image that you can download for the pi only uses 2GB of it, so you will find that you’ll run out of space pretty quickly. This article shows how you can allocate the remainder of the card so it’s available for use.

You do this at your own risk. Make sure you have backed up everything you need before doing this.

Now there is a good video tutorial on YouTube by RaspberryPiTutorials which shows one method of resizing the image. Now this is fine although it does go through hoops using a VM etc but what about from the pi itself?

Well here I’m not going to resize the root partition. What I’m going to do is to create a new partition using up the remainder of the space and move /home to that new partition.

The benefit of this is that you are freeing up the root partition for just the OS and the remainder of the card for user files.

Finally sorry for the lack of images here, I ran though this prior to writing it & forgot to capture them as I went 😦

Creating the new partition

First log into the pi:

peter@somehost:~$ ssh -Y pi@raspberrypi

Remember from a previous article, the -Y allows the pi to use your local X11 display.

Next we need to run gparted:

pi@raspberrypi:~$ gksudo gparted

You should now see a display with the partitions displayed and a large unallocated section to the right in grey. Select that unallocated space right click and select new.

In that dialog you’ll see aot of boxes. The main two you want are the first one (top left) which says space before the partition, it will show 0 but you need to change it to 1. This follows the layout of the other partitions which have a 1Mb buffer between each partition.

The other one is the file system dropdown. I chose ext4 as thats the same as the root.

Apply these and you should then see the partition is now marked as allocated.

Click on apply. This now applies your changes.

Next right click the new partition, select format to and choose ext4.

Now make a cup of coffee – as it will run for a few minutes as it formats the new drive.

Once it’s done you can close gparted.

Moving home to the new partition

Now at the command line you need to mount the new partition so you can copy your home directories.

pi@raspberrypi:~$ sudo vi /etc/fstab

And add the following to the end of the file:

/dev/mmcblk0p4  /mnt  ext4  defaults  0 0

Save that and exit vi then mount the drive. You should then see the new drive present.

pi@raspberrypi:~$ sudo mount -a
pi@raspberrypi:~$ df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
tmpfs                    95416         0     95416   0% /lib/init/rw
udev                     10240       148     10092   2% /dev
tmpfs                    95416         0     95416   0% /dev/shm
rootfs                 1602528   1311868    209252  87% /
/dev/mmcblk0p1           76186     28549     47637  38% /boot
/dev/mmcblk0p4         1994640     35744   1857572   2% /mnt

Now we need to copy the home directories across:

pi@raspberrypi:~$ sudo su -
X11 connection rejected because of wrong authentication.
root@raspberrypi:~# mv /home/pi /mnt
root@raspberrypi:~# ls -l /mnt
total 4
drwxr-xr-x 12 pi pi 4096 Jun 19 11:57 pi

Next whilst we are still in the root shell we’ll unmount /mnt and move it back to /home:

root@raspberrypi:~# umount /mnt
root@raspberrypi:~# vi /etc/fstab

Now change the entry for /mnt to /home and save it. Next we’ll mount it again this time as /home

root@raspberrypi:~# mount -a
root@raspberrypi:~# df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
tmpfs                    95416         0     95416   0% /lib/init/rw
udev                     10240       148     10092   2% /dev
tmpfs                    95416         0     95416   0% /dev/shm
rootfs                 1602528   1305236    215884  86% /
/dev/mmcblk0p1           76186     28549     47637  38% /boot
/dev/mmcblk0p4         1994640     42380   1850936   3% /home

There it’s done, now /home is a 1.8Gb partition whilst root holds the base OS.

Now reboot the pi & log in again. You should now see all your files present but it’s now in the new larger partition.