Pi 4, Buster and PiServer

I was very excited with the release of the Raspberry Pi 4, not just because I am a great fan of the Raspberry Pi and wanted to get my hands on the latest and greatest; but also because I have been teaching my Computer Science classes pretty much exclusively using the Raspberry Pi computer for the past few years.

I say “pretty much” because there had always been a few sticking points when we had to leave my RPi CS classroom and up sticks to the Windows PC lab. In the most part it was when we needed to do any graphics editing (in Photoshop) or anything that relied on using Google Drive and Docs heavily.

It was with great excitement that I saw the new Pi 4 with 4 Gb of RAM and full gigabit networking… However as network boot was not available out-of-the-box and the PiServer software was not yet updated to be used with Pi 4s and Raspbian Buster; there was a bit of work to do…

With great thanks to the devs over at the PiServer github page, I now have a working PiServer setup for use with Pi 4 devices! Set up instructions below 😀

Installing PiServer

We begin by installing PiServer from the Raspberry Pi x86 Desktop ISO… I gave our VM 4GB RAM, 2 CPUs, two HDD (50 GB System and 100 GB Home) and connected it to a routed VLAN just for our PiServer and Pis to run in.

Set a static IP address for your server

nano /etc/dhcpcd.conf

Enter the following at the bottom of the file (adjusted for your network of course!)

interface eth0
static ip_address=10.0.2.2/24
static routers=10.0.2.1
static domain_name_servers=10.0.1.5 10.0.1.6
static domain_search=your.domain.local

Now create a static DNS entry for your server on your Windows DNS servers and reboot your PiServer for network changes to take effect.

Install base software and update

sudo apt-get update && sudo apt-get install ssh molly-guard apt-config-auto-update -y && sudo apt-get dist-upgrade -y && sudo reboot now

Update raspi-config

sudo raspi-config
  1. Option 2 – Network Options
    1. N1 Hostname – update as required
  2. Option 5 – SSH – enable
  3. Finish
  4. Reboot

Change the password

passwd
  1. Enter current password (default is raspberry)
  2. Enter new password twice
  3. Check you can login with your new password over an SSH connection

Install XRDP for Remote Access

For ease of access to the server in a Windows environment we are going to install XRDP so that we can connect to the server using Windows RDP.

sudo apt-get install xrdp
sudo systemctl start xrdp
sudo systemctl enable xrdp

Annoyingly XRDP will use a US keyboard locale by default. Edit the /etc/xrdp/xrdp_keyboard.ini file and add the following two lines after [default_rdp_layouts] and [default_layouts_map] respectively. Then restart the xrdp service.

rdp_layout_gb=0x00000809

rdp_layout_gb=gb

Download, compile and install latest PiServer

Now we need to download, compile and install the latest PiServer software from GitHub. There are a couple of minor differences here from the online documentation which are required to get Raspbian Buster added and allow adding Pi 4 devices to your server…

Get dependencies

sudo apt-get install build-essential devscripts debhelper cmake libldap2-dev libgtkmm-3.0-dev libarchive-dev libcurl4-openssl-dev intltool git binfmt-support qemu-user-static pxz

Get updated QEMU versions

wget http://ftp.de.debian.org/debian/pool/main/b/binfmt-support/binfmt-support_2.2.0-2_i386.deb
wget http://ftp.de.debian.org/debian/pool/main/q/qemu/qemu-user-static_3.1+dfsg-8~deb10u1_i386.deb 
sudo dpkg -i binfmt-support_2.2.0-2_i386.deb 
sudo dpkg -i qemu-user-static_3.1+dfsg-8~deb10u1_i386.deb 

Get the source code

git clone --depth 1 https://github.com/raspberrypi/piserver.git

Allow Pi 4 devices to be added

To allow Pi 4 devices to be shown in the “Add Clients” menu of PiServer we need to adjust a header file from the source before we compile it. Comment out the line starting “#define DHCPANALYZER_FILTER_STRING” in the “src/config.h” file by adding two slashes to the front of the line.

nano ~/piserver/src/config.h

//define DHCPANALYZER_FILTER_STRING "PXEClient"

Compile the software

cd piserver
debuild -uc -us

Install the new packages

cd ..
sudo dpkg -i piserver*.deb

Configure the PiServer software

You now need to configure the PiServer software. Connect to your server either physically or from the VMware remote console (RDP does not appear to work for this part!). You will need a Raspberry Pi connected and powered up to get through the first step of the setup process. If you are using a Pi 4 then you will need it to be booted up with a SD Card with Raspbian Buster on it. Your Pi needs to be in the same subnet as the Pi Server too!

As we want to authenticate against Active Directory; at the next screen select “Authenticate users against an existing server“. Leave “Windows Server (Active Directory)” selected. For “Server address:” and “Logon domain:” enter your domain’s FQDN. For “Bind user:” and “Password:” enter the username and password of an account on your domain. This user does not need any elevated credentials but make sure that the password is strong and does not expire! I have then selected “Restrict access to certain groups” as I have a group on my domain which contains the groups I want to be able to logon to my PiServer…

On the “Advanced LDAP settings” screen I have left the “Users must be located under base DN:” as default and then scrolled through to find my AD Group that contains users and groups that I want to be able to access the PiServer.

On the “Add software” screen I have just selected “Raspbian Lite” as it is the smallest. We will install a version of Raspbian Buster once everything is up and running…

After a few minutes you should get a confirmation screen. Go to the Settings screen and change your PiServer to run as a stand-alone DHCP server (only do this if it is the only DHCP server running in the subnet!) and set your DHCP server settings, ensuring that you set the Gateway correctly!

Add Raspbian Buster to the PiServer

We now need to download and import Raspbian Buster onto the PiServer as Pi 4s will only run Buster and above… Perform the following three steps on your PiServer. The final step can take quite some time!

wget https://downloads.raspberrypi.org/raspbian_full/boot.tar.xz
wget https://downloads.raspberrypi.org/raspbian_full/root.tar.xz
sudo /var/lib/piserver/scripts/convert.sh boot.tar.xz root.tar.xz Debian_Buster.tar.xz

As APT needs to access port 80 for HTTP traffic and port 53 for DNS, I made an adjustment to our firewall to let outgoing traffic on both ports for the new server before running the convert.sh command. After much time the converted Buster tar.xz file was ready…

You can then import this into PiServer through the Software screen, choosing the “install operating system from local file (tar.xz)”option. Once the import completes we have a couple more steps to go…

Prepare a /boot SD Card

As network boot is still not available for the Pi 4 we need to copy the contents of our imported OS’s /boot folder onto a SD Card for each Pi 4 we want to boot into the system.

Firstly, format a SD Card as FAT32 and label it as “RECOVERY” – this is to stop Raspbian auto-mounting the SD Card after the Pi 4 boots.

Format your SD Card ready to copy the /boot files to
Format your SD Card ready to copy the /boot files to

We now need to copy the files from “/var/lib/piserver/os/<name-of-os>/boot” to our formatted SD Card. The easiest way to do this if your new PiServer is a VM is to connect via RDP; before you connect, edit the RDP “Local Resources” settings so that your local C Drive is mapped to the remote server.

When you connect to your PiServer now you should get a “thinclient_drives” mounted on the desktop of your PiServer. Make a folder called “boot” on your local PC desktop and then enter the following command into a terminal window to copy the files to your local PC.

cp -Rv /var/lib/piserver/os/<name of os>/boot/ /home/pi/thinclient_drives/C\:/Users/<username>/Desktop/boot/

You can now copy the contents of the folder on your local PC onto your freshly formatted SD Card. Once you have tested that it works, this can be cloned for all of the PI 4 devices you want to boot to your PiServer. I would recommend taking an image of this card too, using Win32 Disk Imager.

Adjust your OS Image

Now that everything is up and running you can open a terminal in a CHROOT of your Buster OS from PiServer and perform any updates / adjustments you need. A list of the main changes I made is below.

  1. Edit “/etc/apt/sources.list” and “/etc/apt/sources.list.d/raspi.list” to go through our APT Cacher NG Server
  2. Update Chromium’s defaults to use our proxy server pac file
  3. Install and configure the Pimoroni Fan Shim software

If you update the OS image on the PiServer it is probably best to grab another copy of the /boot folder and re-write your SD Cards. Any changes to files in /boot when you perform an upgrade will not be reflected in your SD Cards automatically and you may find that devices do not boot correctly.

If you want your Pi 4 devices to boot a different OS then you will need to prepare a different SD Card for them.

Let me know how you get on; I will be testing this with multiple devices over the next week or so, ready for the new term!

Leave a Reply

Your email address will not be published. Required fields are marked *