Note: There is an updated version of this post here: https://www.jonwitts.co.uk/archives/1422
I was very excited with the release of the Raspberry Pi 4, not just because I am a great fan of the Raspberry Pi and wanted to get my hands on the latest and greatest; but also because I have been teaching my Computer Science classes pretty much exclusively using the Raspberry Pi computer for the past few years.
I say “pretty much” because there had always been a few sticking points when we had to leave my RPi CS classroom and up sticks to the Windows PC lab. In the most part it was when we needed to do any graphics editing (in Photoshop) or anything that relied on using Google Drive and Docs heavily.
It was with great excitement that I saw the new Pi 4 with 4 Gb of RAM and full gigabit networking… However as network boot was not available out-of-the-box and the PiServer software was not yet updated to be used with Pi 4s and Raspbian Buster; there was a bit of work to do…
With great thanks to the devs over at the PiServer github page, I now have a working PiServer setup for use with Pi 4 devices! Set up instructions below 😀
Table of Contents
We begin by installing PiServer from the Raspberry Pi x86 Desktop ISO… I gave our VM 4GB RAM, 2 CPUs, two HDD (50 GB System and 100 GB Home) and connected it to a routed VLAN just for our PiServer and Pis to run in.
Set a static IP address for your server
Enter the following at the bottom of the file (adjusted for your network of course!)
static domain_name_servers=10.0.1.5 10.0.1.6
Now create a static DNS entry for your server on your Windows DNS servers and reboot your PiServer for network changes to take effect.
Install base software and update
sudo apt-get update && sudo apt-get install ssh molly-guard apt-config-auto-update -y && sudo apt-get dist-upgrade -y && sudo reboot now
- Option 2 – Network Options
- N1 Hostname – update as required
- Option 5 – SSH – enable
Change the password
- Enter current password (default is raspberry)
- Enter new password twice
- Check you can login with your new password over an SSH connection
Install XRDP for Remote Access
For ease of access to the server in a Windows environment we are going to install XRDP so that we can connect to the server using Windows RDP.
sudo apt-get install xrdp sudo systemctl start xrdp sudo systemctl enable xrdp
Annoyingly XRDP will use a US keyboard locale by default. Edit the /etc/xrdp/xrdp_keyboard.ini file and add the following two lines after [default_rdp_layouts] and [default_layouts_map] respectively. Then restart the xrdp service.
Download, compile and install latest PiServer
Now we need to download, compile and install the latest PiServer software from GitHub. There are a couple of minor differences here from the online documentation which are required to get Raspbian Buster added and allow adding Pi 4 devices to your server…
sudo apt-get install build-essential devscripts debhelper cmake libldap2-dev libgtkmm-3.0-dev libarchive-dev libcurl4-openssl-dev intltool git binfmt-support qemu-user-static pxz
Get updated QEMU versions
wget http://ftp.de.debian.org/debian/pool/main/b/binfmt-support/binfmt-support_2.2.0-2_i386.deb wget http://ftp.de.debian.org/debian/pool/main/q/qemu/qemu-user-static_3.1+dfsg-8~deb10u1_i386.deb sudo dpkg -i binfmt-support_2.2.0-2_i386.deb sudo dpkg -i qemu-user-static_3.1+dfsg-8~deb10u1_i386.deb
Get the source code
git clone --depth 1 https://github.com/raspberrypi/piserver.git
Allow Pi 4 devices to be added
To allow Pi 4 devices to be shown in the “Add Clients” menu of PiServer we need to adjust a header file from the source before we compile it. Comment out the line starting “#define DHCPANALYZER_FILTER_STRING” in the “src/config.h” file by adding two slashes to the front of the line.
nano ~/piserver/src/config.h //define DHCPANALYZER_FILTER_STRING "PXEClient"
Compile the software
cd piserver debuild -uc -us
Install the new packages
cd .. sudo dpkg -i piserver*.deb
Configure the PiServer software
You now need to configure the PiServer software. Connect to your server either physically or from the VMware remote console (RDP does not appear to work for this part!). You will need a Raspberry Pi connected and powered up to get through the first step of the setup process. If you are using a Pi 4 then you will need it to be booted up with a SD Card with Raspbian Buster on it. Your Pi needs to be in the same subnet as the Pi Server too!
As we want to authenticate against Active Directory; at the next screen select “Authenticate users against an existing server“. Leave “Windows Server (Active Directory)” selected. For “Server address:” and “Logon domain:” enter your domain’s FQDN. For “Bind user:” and “Password:” enter the username and password of an account on your domain. This user does not need any elevated credentials but make sure that the password is strong and does not expire! I have then selected “Restrict access to certain groups” as I have a group on my domain which contains the groups I want to be able to logon to my PiServer…
On the “Advanced LDAP settings” screen I have left the “Users must be located under base DN:” as default and then scrolled through to find my AD Group that contains users and groups that I want to be able to access the PiServer.
On the “Add software” screen I have just selected “Raspbian Lite” as it is the smallest. We will install a version of Raspbian Buster once everything is up and running…
After a few minutes you should get a confirmation screen. Go to the Settings screen and change your PiServer to run as a stand-alone DHCP server (only do this if it is the only DHCP server running in the subnet!) and set your DHCP server settings, ensuring that you set the Gateway correctly!
Add Raspbian Buster to the PiServer
We now need to download and import Raspbian Buster onto the PiServer as Pi 4s will only run Buster and above… Perform the following three steps on your PiServer. The final step can take quite some time!
wget https://downloads.raspberrypi.org/raspbian_full/boot.tar.xz wget https://downloads.raspberrypi.org/raspbian_full/root.tar.xz sudo /var/lib/piserver/scripts/convert.sh boot.tar.xz root.tar.xz Debian_Buster.tar.xz
As APT needs to access port 80 for HTTP traffic and port 53 for DNS, I made an adjustment to our firewall to let outgoing traffic on both ports for the new server before running the convert.sh command. After much time the converted Buster tar.xz file was ready…
You can then import this into PiServer through the Software screen, choosing the “install operating system from local file (tar.xz)”option. Once the import completes we have a couple more steps to go…
Prepare a /boot SD Card
As network boot is still not available for the Pi 4 we need to copy the contents of our imported OS’s /boot folder onto a SD Card for each Pi 4 we want to boot into the system.
Firstly, format a SD Card as FAT32 and label it as “RECOVERY” – this is to stop Raspbian auto-mounting the SD Card after the Pi 4 boots.
We now need to copy the files from “/var/lib/piserver/os/<name-of-os>/boot” to our formatted SD Card. The easiest way to do this if your new PiServer is a VM is to connect via RDP; before you connect, edit the RDP “Local Resources” settings so that your local C Drive is mapped to the remote server.
When you connect to your PiServer now you should get a “thinclient_drives” mounted on the desktop of your PiServer. Make a folder called “boot” on your local PC desktop and then enter the following command into a terminal window to copy the files to your local PC.
cp -Rv /var/lib/piserver/os/<name of os>/boot/ /home/pi/thinclient_drives/C\:/Users/<username>/Desktop/boot/
You can now copy the contents of the folder on your local PC onto your freshly formatted SD Card. Once you have tested that it works, this can be cloned for all of the PI 4 devices you want to boot to your PiServer. I would recommend taking an image of this card too, using Win32 Disk Imager.
Adjust your OS Image
Now that everything is up and running you can open a terminal in a CHROOT of your Buster OS from PiServer and perform any updates / adjustments you need. A list of the main changes I made is below.
- Edit “/etc/apt/sources.list” and “/etc/apt/sources.list.d/raspi.list” to go through our APT Cacher NG Server
- Update Chromium’s defaults to use our proxy server pac file
- Install and configure the Pimoroni Fan Shim software
If you update the OS image on the PiServer it is probably best to grab another copy of the /boot folder and re-write your SD Cards. Any changes to files in /boot when you perform an upgrade will not be reflected in your SD Cards automatically and you may find that devices do not boot correctly.
If you want your Pi 4 devices to boot a different OS then you will need to prepare a different SD Card for them.
Let me know how you get on; I will be testing this with multiple devices over the next week or so, ready for the new term!