Centralizing Certificate Management of LetsEncrypt with a Raspberry PI

Lets Encrypt is a new Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). At the time of writing it’s currently in Beta and is due to go public in December 2015.

Update: Lets Encrypt went into public -beta on December 3 2015. I have updated this article with the minor change needed to work with the live servers.

Now in the default mode, the standard Lets Encrypt client (it’s not the only one) can manage this automatically – however it’s not ideal if you have more than one server.

What I describe here is how to centralize managing certificate registration (& later renewal) on a central machine. When a certificate is then registered or renewed we can then copy the certs to the remote servers.

Continue reading “Centralizing Certificate Management of LetsEncrypt with a Raspberry PI”

Getting GPS to work on a Raspberry PI

One of the tasks I want to use a Raspberry PI for is to take over the duties of an existing ITX based linux box running my weather station. Now in theory that should be pretty simple as the current setup uses pywws to connect to the station and as that’s written in python it should work.

Now the Raspberry PI has no onboard Real time clock – which means it needs to use an NTP server to get the time when it starts. Usually you would use the default settings and allow the PI to connect to thenet for it’s time. Now this is fine if you have a working net connection but what if you are not connected to the net? You might be in the field running the PI on batteries.

As the other projects I have lined up for it is to connect my Meade LX200GPS telescope to the local network or to work with my (in prototype) radio telescopes so having an accurate clock is going to be required.

Now the obvious solution here is to use GPS as a time source. GPS works by having a constellation of satellites in orbit and each one carries a highly accurate atomic clock & broadcast both their current position and the time. A GPS receiver then receives these signals and, as long as it has enough satellites and workout where you are by comparing the times from those clocks.

So this article shows how to use A GPS receiver with the Rasperry PI – although these instructions are not specific to the PI.

The hardware

For this experiment I’m using a USB GPS receiver from Maplin – product code A73KF. I bought this several months ago when they had it on special offer for £19.99 – it usually retails for £29.99.

Raspberry PI with the A73KF GPS receiver plugged in

Now it comes with a CD for Windows machines but we don’t need it – as the majority of GPS receivers I know of use serial & this is no exception. When plugged in it appears as a serial port.

Plug it in and run lsusb

pi@raspberrypi:~$ sudo lsusb
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 004: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port
Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

There the Prolific Technology entry is the GPS appearing as a serial port. If you look in /var/log/syslog you will also notice it will have created the port as /dev/ttyUSB0 as it’s the first serial port.

Using the PI as a GPS Receiver

Now the next step is to get the pi receiving data from the satellites. Now there is a suite of tools available for Linux called gpsd which we’ll install:

pi@raspberrypi:~$ sudo apt-get install gpsd gpsd-clients python-gps

Next we need to start the daemon:

pi@raspberrypi:~$ sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock

Ignore any messages from the console or in the log files, you may see it complaining about IPv6 but you can ignore that.

Viewing whats in the sky & your location

Now GPS doesn’t work indoors – as it needs a clear view of the sky so for this I’ve placed the PI on the window sill. Next I ssh into the pi and run cgps.

pi@raspberrypi:~$ cgps -s

The -s flag is there to tell the command not to write raw data to the screen as well as the processed data.

You should then get the following output:

┌───────────────────────────────────────────┐┌─────────────────────────────────┐
│    Time:       2012-06-18T15:05:10.0Z     ││PRN:   Elev:  Azim:  SNR:  Used: │
│    Latitude:    51.231848 N               ││  14    43    249    40      Y   │
│    Longitude:    0.514014 E               ││  25    75    283    37      Y   │
│    Altitude:   132.3 m                    ││   2    26    085    31      Y   │
│    Speed:      0.0 kph                    ││  12    56    070    18      Y   │
│    Heading:    0.0 deg (true)             ││   9    19    133    22      Y   │
│    Climb:      0.0 m/min                  ││  27    09    133    17      Y   │
│    Status:     3D FIX (1 secs)            ││   4    17    045    31      Y   │
│    GPS Type:                              ││  32    05    321    20      Y   │
│    Longitude Err:   +/- 8 m               ││  29    41    192    18      Y   │
│    Latitude Err:    +/- 9 m               ││  31    28    304    42      Y   │
│    Altitude Err:    +/- 27 m              ││                                 │
│    Course Err:      n/a                   ││                                 │
│    Speed Err:       +/- 68 kph            ││                                 │
│                                           ││                                 │
│                                           ││                                 │
│                                           ││                                 │
│                                           ││                                 │
│                                           ││                                 │
└───────────────────────────────────────────┘└─────────────────────────────────┘

Here you can see it’s receiving from 10 satellites and it has the time and your location. The 3D FIX section tells you it has enough data for a 3D fix on your location (i.e. altitude). The Err lines tell you the error in your position. If you leave it running you should see the Err values change every second or so.

Viewing GPS under X-Windows

Now above I showed how the GPS looks from an SSH connection but you can get a graphical display as well using the xgps client thats also been installed. Now if you have a monitor connected to the pi simply open a terminal and run xgps. However as I’ve not got a monitor against the window I’ve used ssh to connect to it from another machine. To get this to work you need to add -Y to the ssh command.

peter@somehost:~ $ ssh -Y pi@raspberrypi
pi@raspberrypi:~$ xgps

You should now get a window like the following open on your local machine – don’t worry if it takes a little while, it might take a second or two:

xgps running on a PI but being displayed on Mac OS-X

Setting the computer time using GPS

Now we have a working GPS we can now get the PI to use it for setting the time. To do this we need to configure ntp to use the GPS satellites as a time source. Now you should already have ntp installed but if not then you need to install it:

pi@raspberrypi:~$ sudo apt-get install ntp

Next you need to edit the file: /etc/ntp.conf and add a few lines to it defining the GPS. This can be either before or after the existing lines beginning with server:

# gps ntp
server 127.127.28.0 minpoll 4
fudge  127.127.28.0 time1 0.183 refid NMEA
server 127.127.28.1 minpoll 4 prefer
fudge  127.127.28.1 refid PPS

Now restart ntp:

pi@raspberrypi:~$ sudo service ntp restart

Now if you query the server you should after a while see it synchronize:

pi@raspberrypi:~$ ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ns1.luns.net.uk 33.117.170.50    2 u   54   64    7   65.454    2.666   5.800
+resntp-b-vip.lo 127.151.91.34    3 u   45   64   17   55.704   -5.169   8.482
+bart.nexellent. 194.242.34.149   2 u   17   64   17   76.585   -4.271  57.595
+v01.s01.be.it2g 193.190.230.65   2 u   20   64   37   86.464   -2.374 228.460
xSHM(0)          .NMEA.           0 l   11   16  377    0.000  144.714   3.026
SHM(1)          .PPS.            0 l    -   16    0    0.000    0.000   0.000

A couple of notes:

You might find that ntp doesn’t connect to the gps at first. It appears that it starts gpsd up without the link to the serial port. What I find I have to do is:

pi@raspberrypi:~$ sudo killall gpsd
pi@raspberrypi:~$ sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
pi@raspberrypi:~$ sudo service ntp restart

Once I’ve done this then after it gets a fix then it starts working. Sometimes running cgps and waiting for it to get a fix also fixes this.

I don’t know why this happens but it’s an issue I’ve yet to solve.

The Grand Unboxing of the Raspberry PI

Finally after waiting for months my Raspberry PI finally arrived:

The unopened box containing the Raspberry PI.

When you open the box & get it out you then realize how tiny the thing is:

The PI out of its box & sitting on the trackpad of my MacBook Pro as a guide on how small the device is

Now when I ordered this I also ordered a PSU (normal micro-USB) and a 4Gb SD card. The other required items like HDMI & USB keyboard/mouse I already had, so the next thing was to download Debian & install it on the sd card.

I followed the instructions on elinux.org as I couldn’t get RasPiWrite to run but then it was a simple task. It will take a while to copy to the card.

Once done plug everything in and start it up. At first you’ll see it boot & it’s pretty quick. Once you get the login prompt login and type startx. You’ll then get the desktop.

The initial desktop

There’s a simple browser provided which works to a point – some things don’t work but it’s early days.

3 browser windows open on the PI

There’s only one thing that’s not right is that the screen doesn’t fit the monitor – but then I blame the monitor than the PI – it’s a cheap TV/DVD from Asda which I know has an odd resolution (1400×900) & the PI is detecting it with a higher resolution, but other than that, initial use shows it’s working pretty well.

Installing latest mercurial when Ubuntu or Linux Mint repos don’t have it

Ah I just hit an interesting problem with Mercurial. I had a repository which had been created with a recent version however I had to restore it from a backup onto another machine however I couldn’t commit to it as it’s format wasn’t supported:

$ hg st
abort: requirement ‘dotencode’ not supported!

The reason is that the dotencode format was only introduced into mercurial in version 1.7 so if you’re running an earlier version then you’ll get this error. Ok so upgrade – problem is that according to apt I had the latest version – 1.6.3 – erm nope thats not the latest.

Thankfully the fix is simple, all you need is to ass the correct repository first before installing the latest version

sudo add-apt-repository ppa:mercurial-ppa/releases
sudo apt-get update
sudo apt-get install mercurial

Once you’ve done that then you’ll find mercurial will work again as expected.

Performing remote Maven 3 builds with NetBeans 7.0

This article covers how to get NetBeans to use a Maven installation on a remote server. This has been tested with Maven 3.0.2 but should work on any other version. It may also work for other IDE’s like Eclipse if you can get them to use an alternate maven installation other than the internal one.

Sometimes you may want to run maven on a remote machine from inside the NetBeans IDE. For me this is down to available memory on the local machine is limited enough on large projects that both NetBeans and Maven compete slowing the local machine down as it swaps the IDE in and out of main memory.

Another instance may be to perform builds on a standard OS (Linux in this case) rather than the OS running the IDE (OSX here).

Now this is pretty easy to implement. Here I have the IDE running on OSX and the builds on Linux (Ubuntu 10.10) but if you can get the prerequisites running in theory any OS should work.

Prerequisites

  • ssh access to both machines with public key authentication working
  • sshfs configured for mounting drives (you can use nfs or smb if you wish)
  • maven 3.0.2 installed on both machines – both machines need the same version

Setting up the environment

In this example:

  • sabrina – The local machine running NetBeans. It’s running OS X
  • kira – The remote machine which will run the builds. It’s running Ubuntu 10.10

Shared filesystems

The remote needs to have access to the local project directories for maven to work. As I have all development under a dev directory under home, on the remote machine I simply create a dev directory and then mount the local host from it using sshfs

<br />
peter@kira:~$ mkdir dev<br />
peter@kira:~$ sshfs peter@sabrina:dev dev<br />

If you have a custom settings.xml file, make sure it’s also present on the remote’s .m2 directory, i.e.

<br />
sabrina:~ peter$ scp .m2/settings.xml peter@kira:.m2<br />

Finally NetBeans needs access to the built artifacts, so to do this we mount the remotes .m2/repository locally. I use .m2/remoterepo for this

<br />
sabrina:~ peter$ mkdir .m2/remoterepo<br />
sabrina:~ peter$ sshfs peter@kira:.m2/repository .m2/remoterepo<br />

Maven

Next install your maven installation on both machines. I keep mine in the same place, but thats optional. For the purposes of this article I’m going to use /usr/local/apache/apache-maven-3.0.2

Next on the machine running NetBeans you need to create a duplicate installation /usr/local/apache/apache-maven-3.0.2-remote We need to have a copy for NetBeans to recognise it as a valid environment later on.

Now in this new installation we need to replace the /usr/local/apache/apache-maven-3.0.2-remote/bin/mvn script with the following:

<br />
#!/bin/bash<br />
#<br />
# Enable NetBeans 7.0 beta to run maven on a remote host</p>
<p># Pass the maven args as is<br />
MVN_ARGS=&quot;$@&quot;</p>
<p># The current directory, NetBeans does a cd so this will be the project<br />
# directory.<br />
#<br />
# If you need to translate the path between local and remote machines then<br />
# pass the output of pwd through sed first<br />
REMOTE_PROJECT_DIR=$(pwd)</p>
<p># Execute maven on remote host<br />
REMOTE_USER=peter<br />
REMOTE_HOST=kira</p>
<p># Location of remote maven installation<br />
REMOTE_MAVEN_HOME=/usr/local/apache/apache-maven-3.0.2</p>
<p># JAVA_HOME on remote machine<br />
REMOTE_JAVA_HOME=/usr/lib/jvm/java-6-openjdk/</p>
<p># ======================================<br />
# DO NOT EDIT ANYTHING BEYOND THIS POINT<br />
# ======================================</p>
<p># Remote mvn command<br />
REMOTE_MVN=$REMOTE_MAVEN_HOME/bin/mvn</p>
<p># Build the commands to run remotely<br />
CMD=&quot;cd ${REMOTE_PROJECT_DIR};&quot;<br />
CMD=&quot;${CMD}export JAVA_HOME=${REMOTE_JAVA_HOME};&quot;<br />
CMD=&quot;${CMD}$REMOTE_MVN ${MVN_ARGS}&quot;</p>
<p># Now run the remote build<br />
echo<br />
echo ------------------------------------------------------------------------<br />
echo Executing remote build on $REMOTE_HOST as $REMOTE_USER<br />
echo Remote command: $CMD<br />
echo ------------------------------------------------------------------------<br />
echo<br />
exec ssh ${REMOTE_USER}@${REMOTE_HOST} &quot;${CMD}&quot;<br />

In this script you need to ensure that the settings are correct:

  • REMOTE_USER and REMOTE_HOST point to your remote host,
  • REMOTE_MAVEN_HOME is the location of where maven is installed on the remote host,
  • REMOTE_JAVA_HOME is the location of the JDK on the remote host.

Now you may need to alter the line defining REMOTE_PROJECT_DIR. Shown above it gets set to the directory containing the maven project on the local host. If this differs on the remote then you need to either change to translate this to the location on the remote.

For example I have my NetBeans projects under a directory called dev in my home directory. As this is OS X that becomes /Users/peter/dev however on Linux the path is /home/peter/dev

I get around this by on the remote simply creating a symlink for /Users pointing to /home but you could modify the script to do that for you.

Configuring NetBeans

The last step is getting NetBeans to use the new remote.

Start NetBeans and enter preferences Then the Miscellaneous tab and finally Maven:

  • Under Maven Home select Browse and select the dummy remote installation, in my case /usr/local/apache/apache-maven-3.0.2-remote
  • Under Local Repository select Browse and point it at .m2/remoterepo
  • Select OK

Now if you try to run any build you’ll now see it run on the remote machine and as far as NetBeans is concerned it’s running locally. For example in the NetBeans output window you should see something like the following:

<br />
cd /Users/peter/dev/misc/example; JAVA_HOME=/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home /usr/local/apache/apache-maven-3.0.2-remote/bin/mvn --batch-mode --lax-checksums --fail-fast --no-plugin-updates --batch-mode clean</p>
<p>------------------------------------------------------------------------<br />
Executing remote build on 192.168.30.108 as peter<br />
Remote command: cd /Users/peter/dev/misc/example;export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/;/usr/local/apache/apache-maven-3.0.2/bin/mvn --batch-mode --lax-checksums --fail-fast --no-plugin-updates --batch-mode clean<br />
------------------------------------------------------------------------</p>
<p>Command line option -npu is deprecated and will be removed in future Maven versions.<br />
Scanning for projects...<br />
------------------------------------------------------------------------<br />
Reactor Build Order:<br />

Future invocations

Once setup, whenever you restart either machines you simply need to mount each others drives before starting NetBeans as all the rest should then be setup.

<br />
sabrina:~ peter$ sshfs peter@kira:.m2/repository .m2/remoterepo<br />
peter@kira:~$ sshfs peter@sabrina:dev dev<br />