This post is an update to my earlier post “Pi 4, Buster and PiServer” where I talked about the tweaks and adjustments I had to make to get Pi 4s working with the PiServer application. Since that post, the Buster version of the “Raspberry Pi Desktop for PC and Mac” has been released and all of the tweaks I had to make have been added to the standard version of PiServer.
This post is based heavily on our internal documentation for setting up PiServer so some parts may not apply in your setting!
Table of Contents
Prepare the Virtual Server
- Download the latest version of Raspberry Pi Desktop
- Create a new virtual machine with 2 CPUs, 4 Gb RAM, 3 HDD (25 Gb – Root Disk, 30Gb – Pi OS Disk and 100 Gb – Home Disk), Network adapter connected to a separate VLAN just for your Raspberry Pi devices (We will configure PiServer to be the DHCP server for the RPi devices).
- Mount the ISO file Downloaded in step 1 and power on the virtual machine
Install the OS
- When the VM boots from the ISO, select “Graphical install” from the menu
- Configure the keyboard
- On the “Partition disks” screen select “Manual”
- Select the 25Gb disk and click “Continue”
- Create a new partition table on the drive
- Select the new partition and click “Continue”
- Select “Create a new partition” and click “Continue”
- Subtract 2Gb from the maximum size (we will use this 2Gb as swap) and click “Continue”
- Select “Primary” for the partition type
- Select “Beginning” for the partition location
- Check your partition settings match this and click “Done setting up the partition”
- Now select the 2GB free space at the end of your 25Gb disk
- Select “Create a new partition”
- Accept the “2.0 GB” size on the next screen and select “Primary” for the partition type. On the partition settings screen, change the “Use as:” to “swap area” and then select “Done setting up the partition”
- Now double click the 100 Gb drive, create a new empty partition table on the drive. Then select the new partition
- Select “Create a new partition”, leave the size to the default of the maximum space (or type max), set the partition type as “Primary” and on the “Partition settings” screen change the “Reserved blocks” to “0%”, ensuring the mount point is “/home”. Click “Done setting up the partition” when it matches the screenshot below
- Your “Partition overview” should match the screenshot below. Click “Finish partitioning and write changes to disk” when it does
- Select “Yes” to write the changes to disk and click “Continue”
- The system will now be installed…
- When prompted if you should install the GRUB boot loader to MBR, select “Yes”
- Select “/dev/sda” as the disk to install GRUB to
- OS installation is now complete. Select “Continue” to restart the VM
- You now need to complete the Raspberry Pi First Run. Click “Next”
- Set the locale settings and click “Next”
- Skip the password change by clicking “Next” – We will do this later!
- Press “Skip” to continue without checking for updates – We will do this later!
- Click “Done” to complete the “Welcome to Raspberry Pi” set up
Set a Static IP Address
As the VLAN that the server is installed in has no DHCP running (it will be the DHCP server), we need to configure a static IP Address. Open the terminal…
sudo cp /etc/dhcpcd.conf /etc/dhcpcd.conf.orig
sudo nano /etc/dhcpcd.conf
Add this to the end of the file:
interface eth0
static ip_address=<IP Address for your PiServer>
static routers=<Gateway of your VLAN subnet>
static domain_name_servers=<Space separated IP addresses of DNS servers>
static domain_search=<Internal Domain Name>
Save and close the file in Nano.
Flush the old IP settings:
sudo ip addr flush dev eth0
Restart dhcpcd service:
sudo systemctl restart dhcpcd.service
Check you can ping your DNS servers and a named server on the network:
ping -c 3 <IP address of DNS Server>
ping -c 3 <Short domain name of DNS server>
Update APT Sources
We run an Apt Cache server to speed up Apt downloads for our Linux servers. I recommend you do the same! There’s a post here that talks about this…
Open the terminal and edit the Apt sources files replacing “<FQDN of your Apt Cache server>” with the fully qualified domain name of your Apt cache server.
sudo sed -i 's+http://+http://<FQDN of your Apt Cache server>:3142/+g' /etc/apt/sources.list
sudo sed -i 's+http://+http://<FQDN of your Apt Cache server>:3142/+g' /etc/apt/sources.list.d/raspi.list
Update and upgrade through Apt:
sudo apt update && sudo apt dist-upgrade -y
Enable SSH
Still in the terminal, enable SSH:
sudo raspi-config
- Select “3 Interface Options”
- Select “P2 SSH Enable/disable …”
- Select “Yes” to enable SSH
- Select “OK” to exit the SSH configuration
Change the Hostname
- Select “1 System Options”
- Select “S4 Hostname”
- Select “OK” to the message about hostname rules, and enter your hostname and then select “OK”
- Select “<Finish>” to exit raspi-config
- Select “<No>” to reboot later
Install Common packages
Still in the terminal install commonly used packages, and reboot.
sudo apt install molly-guard ntpdate mlocate open-vm-tools -y
sudo apt autoremove -y
sudo reboot now
After the server reboots, click “OK” to the warning about SSH being enabled and default passwords; we are about to fix that!
Change password
Generate and save a new password somewhere safe, then change the password on the server through a SSH session:
passwd
Changing password for pi.
Current password:raspberry
New password:<The new password>
Retype new password:<The new password>
passwd: password updated successfully
Open another SSH session and check you can login with the saved password. Exit out of the first SSH session.
Enable BASH Tab Completion
sudo nano /etc/bash.bashrc
Uncomment the “# enable bash completion in interactive shells” section:
#esac
# enable bash completion in interactive shells
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
# if the command-not-found package is installed, use it
“Ctrl + o” followed by “Enter” to write the file, “Ctrl + x” to exit
Aptitude installs
We run an Apache webserver on our PiServer using the UserDir module to allow students to save HTML files to their home drive on their Pi and have them served by the PiServer. We also have PHP and MariaDB installed for teaching SQL to the students.
If you don’t want / need this then jump straight on to the “Configure PiServer” section.
sudo apt update
sudo apt install apache2 php php-mysql mariadb-server -y
Setup Maria DB Server
First we need to secure the Maria DB server:
sudo mysql_secure_installation
- Generate a password for the root user of MariaDB and save it somewhere safe!
- At the prompt to enter the current root password, just press Enter
- Enter “Y” to set a new root password
- Paste the new password saved in step 1 at the prompt
- And paste the password again
- Enter “Y” to remove anonymous users
- Enter “Y” to disallow root login remotely
- Enter “Y” to remove test database
- Enter “Y” to reload privilege tables
Next we will create an “admin” user with password based access. First create another password and save it somewhere safe!.
sudo mysql
At the MariaDB prompt enter the following:
MariaDB [(none)]> GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY '' WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> exit
Bye
Now check that MariaDB is up and running:
mysqladmin -u admin -p version
You should see something like this after entering the admin password:
Enter password:
mysqladmin Ver 9.1 Distrib 10.3.27-MariaDB, for debian-linux-gnu on i686
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Server version 10.3.27-MariaDB-0+deb10u1
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/run/mysqld/mysqld.sock
Uptime: 18 min 57 sec
Threads: 7 Questions: 479 Slow queries: 0 Opens: 177 Flush tables: 1 Open tables: 31 Queries per second avg: 0.421
Now we need to allow connections to the database server across the network:
sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
Find the “bind-address” line and comment it out:
#skip-external-locking
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
#
# * Fine Tuning
Save and exit Nano and then restart the MariaDB service:
sudo systemctl restart mariadb
You should then be able to create databases and users on MariaDB and users should be able to remotely connect to the server using the command line and PHP.
Apache2 and PHP Config
Enable the Apache UserDir module
sudo a2enmod userdir
sudo nano /etc/apache2/mods-available/userdir.conf
Comment out the “AllowOverride” directive and add a new one below:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
#AllowOverride FileInfo AuthConfig Limit Indexes
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Allow PHP to run from UserDir
sudo nano /etc/apache2/mods-available/php7.X.conf
Comment out the “<IfModule mod_userdir.c>” section:
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
#<IfModule mod_userdir.c>
# <Directory /home/*/public_html>
# php_admin_flag engine Off
# </Directory>
#</IfModule>
Set the global Apache2 ServerName directive
sudo nano /etc/apache2/apache2.conf
Add the ServerName directive just below the “# Global configuration” section:
# Global configuration
#
ServerName <FQDN of your PiServer>
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
Restart Apache
sudo apache2ctl configtest
If this returns “Syntax OK” then restart Apache
sudo systemctl restart apache2
Configure PiServer
We will now run and configure the PiServer software. This needs to be completed from the desktop of the server and you will need to ensure that the server has direct Internet access through the proxy / filter.
- Open PiServer by clicking on the entry under the “Preferences” menu
- The PiServer Introduction screen will show. In short you are going to:
- Add at least one Raspberry Pi to the server (that is set up to network boot already)
- Set up user accounts
- Installing an Operating System
- You will need at least Raspberry Pi 3, 3+ or 4 set to network boot and connected to a network in the same VLAN as the PiServer for these next steps. Click “Next” to begin the PiServer setup
- Switch on your Raspberry Pi and then when you see its MAC address appear, click “Next”
- You now need to set up the “Authentication method”. Select “Authenticate users against an existing server” and enter the details as below. We have a service user created in Active Directory to perform the LDAP bind between PiServer and AD. Click “Next” to select the AD Group that can log into the RPis
- Scroll down the “Users must be member of group:” section until you find the “DL PiServer Users” group and then click “OK”
- For speed of install at this point, just select the “Raspberry Pi OS Lite” and click “Next”
- The PiServer setup will now download and configure all of the relevant software and files
- Click “Close” when the PiServer installation completes.
- The PiServer application will open and should list all of the users that are allowed to log into the RPis.
- Click the “Settings” tab in PiServer and set it to “Act as standalone DHCP server” and set the “DHCP Server settings” as shown below then click “Save”
- Click the “Folders” tab in PiServer and then click “Add” to create a shared folder. I tend to create one folder and then create sub-folders for each year group.
- Open the terminal and create a symlink to the “Shared Folders” directory on the pi user’s Desktop and then create your sub-folders
cd Desktop
ln /var/lib/piserver/os/shared/Shared\ Folders/ "Shared Folders" -s
cd Shared\ Folders
mkdir Year\ 7
mkdir Year\ 8
mkdir Year\ 9
mkdir GCSE
exit
Add OS disk and set up mount point
We are now going to mount the additional hard drive and move the directory for client OSs to it, then set this drive to mount directly in the correct location. This will probably be easiest over SSH!
First check what your disk is called; we want the device that is not listed in the first command but is in the second!
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 1003192 0 1003192 0% /dev
tmpfs 206512 5820 200692 3% /run
/dev/sda1 23705992 6908952 15569776 31% /
tmpfs 1032552 0 1032552 0% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 1032552 0 1032552 0% /sys/fs/cgroup
/dev/sdb1 102685624 145748 102523492 1% /home
tmpfs 206508 8 206500 1% /run/user/1000
$ ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1 /dev/sdc
Create the partition
Now we will create a primary partition in /dev/sdc, for the PiServer client OSs to be stored in.
First create a new partition and mark it as a physical volume.
sudo fdisk /dev/sdc
Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x891ae842.
Command (m for help): g
Created a new GPT disklabel (GUID: AA0D7E01-7D21-3F49-9254-D3CE4DB5B123).
Command (m for help): n
Partition number (1-128, default 1): 1
First sector (2048-209715166, default 2048): 2048
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-62914526, default 62914526): 62914526
Created a new partition 1 of type 'Linux filesystem' and of size 30 GiB.
Command (m for help): p
Disk /dev/sdc: 30 GiB, 32212254720 bytes, 62914560 sectors
Disk model: VBOX HARDDISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: AA0D7E01-7D21-3F49-9254-D3CE4DB5B123
Device Start End Sectors Size Type
/dev/sdc1 2048 62914526 62912479 30G Linux filesystem
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
We can now list our disks again and see the new partition:
ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2 /dev/sda5 /dev/sdb /dev/sdb1 /dev/sdc /dev/sdc1
Now we can format the volume as ext4 with 0% system reserved space:
sudo mkfs.ext4 -m 0 /dev/sdc1 -L "PiServer OS"
Mount the volume and transfer data
First we will create a directory to temporarily mount the new volume to:
sudo mkdir /mnt/temp-os
Now we will mount the new volume to its temporary directory so we can copy the existing data across:
sudo mount /dev/sdc1 /mnt/temp-os
We can now remove the default “lost+found” directory from this drive:
sudo rm -rf /mnt/temp-os/lost+found
Now we will copy all of the data from the existing client OS directory into our temp-os directory:
sudo rsync -aH --info=progress2 /var/lib/piserver/os/ /mnt/temp-os/
When the rsync command completes, check that it has exited with a zero status:
sudo echo $?
0
Now we will move the directory we just copied to a backup directory (in case it all goes wrong!) and then create a new empty directory to mount our disk into:
sudo mv /var/lib/piserver/os /var/lib/piserver/os.orig
sudo mkdir /var/lib/piserver/os
Now we will unmount from our temp directory and remount in the newly made one:
cd /
sudo umount /mnt/temp-os/
sudo mount /dev/sdc1 /var/lib/piserver/os
Now we can check the local volume is mounted to the correct place:
df /dev/sdc1
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sdc1 30831504 1242556 29572564 5% /var/lib/piserver/os
Edit fstab
Now we have copied the files over and mounted them successfully, we can edit fstab so that they mount at reboot.
First backup fstab:
sudo cp /etc/fstab /etc/fstab.orig
Now we can edit the fstab file to mount our two new drives automatically:
sudo nano /etc/fstab
We are going to edit the file to add the new mount point at the end of the file. Use tabs between items:
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=1a041e47-c807-4476-aa30-4d161dff6e82 / ext4 errors=remount-ro 0 1
# /home was on /dev/sdb1 during installation
UUID=d4b6f347-f84f-4b8e-9e49-15a796c45af4 /home ext4 defaults 0 2
# swap was on /dev/sda2 during installation
UUID=acba99b7-d3b8-4f45-9312-877fdc6c537d none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
# Client OS
/dev/sdc1 /var/lib/piserver/os ext4 defaults 0 0
Now we will check fstab works by unmounting the drive and then mounting all drives in fstab:
sudo umount /dev/sdc1
sudo mount -a
Finally we check the disks are mounted as expected:
df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 1003192 0 1003192 0% /dev
tmpfs 206512 8412 198100 5% /run
/dev/sda1 23705992 6909360 15569368 31% /
tmpfs 1032552 0 1032552 0% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 1032552 0 1032552 0% /sys/fs/cgroup
/dev/sdb1 102685624 145748 102523492 1% /home
tmpfs 206508 8 206500 1% /run/user/1000
/dev/sdc1 30831504 1242556 29572564 5% /var/lib/piserver/os
Now reboot:
sudo reboot now
When the server reboots, check that you can login and run PiServer.
Add a new client OS and delete the temporary one
We are now going to download a new client OS and remove the temporary one we copied over to make sure that we are using complete copies of the client OS and we are ready to begin cloning and editing them.
Download a new client OS
In the PiServer application, click on the “Software tab” and then click the “Add” button. Select the “Raspberry Pi OS Full” and click “Next”
Remove the temporary OS
When the download completes click “Close” and then switch to the “Clients” tab and highlight your Raspberry Pi that you added earlier. Click “Edit” and change the “Operating system” drop-down to “Raspberry Pi OS Full” and click “OK”
You can now return to the “Software” tab, highlight the “Raspberry PI OS Lite”, click “Remove” and confirm with “Yes” to delete it from your system.
Check everything works and finish
Now reboot the Raspberry Pi you added to PiServer earlier and check you can login using your Windows network credentials.
You are now ready to customise your Client OS and add more Raspberry Pis to your PiServer install!
1 thought on “Pi 4, Buster and PiServer – Part II”