Installing the OS
The Natrix Gateway
From a Hardware perspective, the Natrix Gateway is running on a Raspberry PI 4. Although there are no obvious reasons why it shouldn’t also run on a Raspberry PI 3, it has never been tested.
The following chapter describes how to install and configure the OS and all the applications which we are using the gateway. Not all applications on the gateway are needed for any of the specific projects, but we install all of them and manage their activity via the auto-service start. Let’s start with the operating system and the initial settings we need to do.
Preparations
We recommend using the Raspberry PI imager for installing the OS onto our gateway. (Raspberry Pi Foundation(1), 2021)
Download the software on you PC/Mac and follow the instructions after starting the imager tool.
First you must select which image you want to put onto your gateway. There are several options available, and we go with the standard Raspberry PI OS. The current Raspberry PI OS is based on Debian Stretch.
Afterwards, you select your SD Card (drive).
Before you start writing the OS onto your device, adapt some important settings of the image beforehand. You can do this with [CTRL][SHIFT][X], and you see the following screen:
Here you can set the hostname of the gateway, and you can set the ssh daemon to auto-start. Furthermore, you can provide a password for your standard user ‘pi’.
When the image has been successfully written to your SD-card, and the downstream verification process succeeded as well, you can put the SD card out of your PC and put it into the SD card slot of your gateway.
Some additional configurations after boot-up
Once you Raspberry PI booted up, you should perform some additional configuration settings.
Setting the root password
pi@PulseSensor:~ $ sudo su
root@PulseSensor:/home/pi# passwd
New password:
Retype new password:
passwd: password updated successfully
root@PulseSensor:/home/pi#
ssh root permission
To enable ssh root permissions (only recommended if you operate your Natrix Gateway in non-production environments), you need to edit the ssh daemon config file.
nano etc/ssh/sshd_config
File /etc/sshd_config
~~~
PermitRootLogin yes
~~~
Changing hostname when booting the first time
When we produce an image, the image always boots up with the same hostname. So, if you have multiple Raspberry PIs running in your network, all powering up with the same image, you can’t differentiate them based on their hostname.
Hence we created a script change_host.sh which is loaded after each reboot. This script reads the current hostname. Then it composes a new hostname which is a String concatenation of the fixed string “NC-“ and the eth0 Mac address of the respective raspberry PI (with eliminated ‘:’ between the numbers/chars as this doesn’t comply with the hostname specification).
#!/bin/bash
### BEGIN INIT INFO
# Description: Changing hostname to "NC-" + MAC-address
# Version 1.0
# Date September 20th 2021
# Author: Natrix-Project
### END INIT INFO
IFACE=eth0
read MAC </sys/class/net/$IFACE/address
standard="NG-"
MAC_changed="$(echo $MAC | sed -e 's/://g')"
old=$(cat /etc/hostname)
echo "Original hostname is " $old
new=$standard$MAC_changed
echo "New hostname is " $new
if [ "$old" != "$new" ];
then
sed -i "s/$old/$new/g" /etc/hosts
sed -i "s/$old/$new/g" /etc/hostname
hostname $new
else
echo "No change to hostname needed!"
fi
systemctl restart avahi-daemon
exit 0
If you run it the first time…
/opt/Natrix/scripts/change_host.sh
Original hostname is Test1234
New hostname is NC-dca63298e6a5
…and all other reboots afterwards:
/opt/Natrix/scripts/change_host.sh
Original hostname is NC-dca63298e6a5
New hostname is NC-dca63298e6a5
No change to hostname needed!
The script is located in /opt/Natrix/scripts and is named change_host.sh, and all the scripts located there must be executable.
chmod a+x -R /opt/Natrix/scripts
Furthermore, we are using crontab to add this script to be started after every reboot:
crontab -e
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
@reboot /opt/Natrix/scripts/change_host.sh
Setting locale to English (UK)
We want our Natrix gateway to communicate in English only, so let us assure that the correct language is set on the system. We are doing this by uncommenting the en_US.UTF8-8 UTF-8 character set.
nano /etc/locale.gen
# This file lists locales that you wish to have built. You can find a list
# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
# this file, you need to rerun locale-gen.
#
.
.
# en_GB.ISO-8859-15 ISO-8859-15
en_US.UTF-8 UTF-8
# en_HK ISO-8859-1
Reload locale afterwards:
locale-genWe also must adjust the file /etc/default/locale
nano /etc/default/locale
File generated by update-locale
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
LANGUAGE=en_US.UTF-8
Network configuration
The network configuration of the Natrix gateway foresees that we have both interfaces enabled (eth0 and wlan0), both are configured to receive an IPV4 and IPV6 address via DHCP from an external router/gateway.
Furthermore, we maintain a firewall where allow outgoing traffic but do open only a few ports to the outside world.
Enabling IPV6
To enable IPV6, we need to add an entry into the /etc/modules file:
nano /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
i2c-dev
ipv6
We also check the sysctl settings:
grep "disable_ipv6" /etc/sysctl.conf /etc/sysctl.d/*.confIf the output includes lines like this, then IPv6 has been disabled through sysctl settings:
net.ipv6.conf.<something>.disable_ipv6 = 1Here, <something> might be the word all or default, or a name of a specific network interface. To re-enable, comment out the disable_ipv6 lines and run sysctl -p as root, then reboot (or just reconfigure your network interfaces).
Configuring network interfaces
We want to enable both interfaces eth0 and wlan0, and both shall have an IPV4 and IPV6 address. What we need here is a network gateway (router) which supports DHCP for both protocols. The routers from the AVM Fritz family usually support this.
The network interfaces such as eth0, wlan0 or even lo(loopback) are configured in the file /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
#source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 auto
auto wlan0
iface wlan0 inet dhcp
iface wlan0 inet6 auto
wpa-ssid "devolo-029"
It could happen that ‘wlan’ interface is “soft blocked” by default and needs to be enabled. To see if it is blocked run:
rfkill listand unblock it with:
rfkill unblock wlanOnce you rebooted the Raspberry PI, or just the networking service…
service networking restart…you will see that both eth0 and wlan0 have been successfully started. Both eth0 and wlan0 received an IPV4 and IPV6 address by your DHCP server.
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.188.50 netmask 255.255.255.0 broadcast 192.168.188.255
inet6 fe80::dea6:32ff:feb6:165e prefixlen 64 scopeid 0x20<link>
inet6 2a02:908:2520:d8bc:dea6:32ff:feb6:165e prefixlen 64 scopeid 0x0<global>
ether dc:a6:32:b6:16:5e txqueuelen 1000 (Ethernet)
RX packets 3112 bytes 331101 (323.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1529 bytes 209041 (204.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Lokale Schleife)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.188.53 netmask 255.255.255.0 broadcast 192.168.188.255
inet6 fe80::dea6:32ff:feb6:165f prefixlen 64 scopeid 0x20<link>
inet6 2a02:908:2520:d8bc:dea6:32ff:feb6:165f prefixlen 64 scopeid 0x0<global>
ether dc:a6:32:b6:16:5f txqueuelen 1000 (Ethernet)
RX packets 1060 bytes 92467 (90.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9412 (9.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Configuring Bluetooth
Enabling Bluetooth
To enable Bluetooth on our Gateway, we need to add an entry into the /etc/modules file:
nano /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
i2c-dev
ipv6
btusb
There might be issues with SAP when starting the Bluetooth service. The SIM Access Profile (SAP) is a Bluetooth data transfer protocol that is mainly used in cell phones. SAP stands for SIM Access Profile, so we have to disable it on our Gateway by adding the parameter –noplugin=sap to the ExecStart=/usr/lib/bluetooth/bluetoothd command:
nano /etc/systemd/system/bluetooth.target.wants/bluetooth.service
[Unit]
Description=Bluetooth service
Documentation=man:bluetoothd(8)
ConditionPathIsDirectory=/sys/class/bluetooth
[Service]
Type=dbus
BusName=org.bluez
ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap
NotifyAccess=main
#WatchdogSec=10
#Restart=on-failure
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
LimitNPROC=1
ProtectHome=true
ProtectSystem=full
[Install]
WantedBy=bluetooth.target
Alias=dbus-org.bluez.service
Restart the daemon and Bluetooth service, and observe the successful loading of the Bluetooth service:
systemctl daemon-reload
service bluetooth restart
service bluetooth status
● bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-09-21 19:41:37 CEST; 8min ago
Docs: man:bluetoothd(8)
Main PID: 913 (bluetoothd)
Status: "Running"
Tasks: 1 (limit: 4915)
CGroup: /system.slice/bluetooth.service
└─913 /usr/lib/bluetooth/bluetoothd --noplugin=sap
Sep 21 19:41:37 NG-dca632b6165e systemd[1]: Starting Bluetooth service...
Sep 21 19:41:37 NG-dca632b6165e bluetoothd[913]: Bluetooth daemon 5.50
Sep 21 19:41:37 NG-dca632b6165e systemd[1]: Started Bluetooth service.
Sep 21 19:41:37 NG-dca632b6165e bluetoothd[913]: Starting SDP server
Sep 21 19:41:37 NG-dca632b6165e bluetoothd[913]: Excluding (cli) sap
Sep 21 19:41:37 NG-dca632b6165e bluetoothd[913]: Bluetooth management interface 1.18 initialized
Mounting an external USB drive
We want to mount an external USB stick and create two partitions on it. A larger one, and a smaller one. Insert the flash drive to one of the open USB ports of the Raspberry PI.
With lbslk you can list all information about selected or all block devices in a system.
lsblk -fpNAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
/dev/sda vfat 0AE1-5B54
/dev/mmcblk0
├─/dev/mmcblk0p1 vfat boot 6284-658D 198,7M 21% /boot
└─/dev/mmcblk0p2 ext4 rootfs 3a324232-335f-4617-84c3-d4889840dc93 5,5G 57% /
/dev/zram0 [SWAP]
/dev/zram1 257M 38% /opt/zram/zram1
/dev/zram2
Our USB drive is listed as a block device /dev/sda.
Now we are using fdsik to delete all existing partitions on the disk
fdisk /dev/sda*You get into the fdisk menu. With ‘m’ you can list all available options. With ‘n’ you delete all existing partitions, so do so.
Command (m for help): m
Help:
DOS (MBR)
a toggle a bootable flag
b edit nested BSD disklabel
c toggle the dos compatibility flag
Generic
d delete a partition
F list free unpartitioned space
l list known partition types
n add a new partition
p print the partition table
t change a partition type
v verify the partition table
i print information about a partition
Misc
m print this menu
u change display/entry units
x extra functionality (experts only)
Script
I load disk layout from sfdisk script file
O dump disk layout to sfdisk script file
Save & Exit
w write table to disk and exit
q quit without saving changes
Create a new label
g create a new empty GPT partition table
G create a new empty SGI (IRIX) partition table
o create a new empty DOS partition table
s create a new empty Sun partition table
After you deleted all partitions, with ‘F’ you can see the unformatted, unpartitioned USB stick:
fdisk /dev/sda*
Command (m for help): F
Unpartitioned space /dev/sda: 3,8 GiB, 4025483264 bytes, 7862272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
Start End Sectors Size
2048 7864319 7862272 3,8G
Let’s create an extended partition on the stick by using the ‘n’ option.
Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): F
Unpartitioned space /dev/sdb: 0 B, 0 bytes, 0 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
Command (m for help): n
All space for primary partitions is in use.
Command (m for help): d
Selected partition 1
Partition 1 has been deleted.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-8015871, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-8015871, default 8015871):
Created a new partition 1 of type 'Linux' and of size 3,8 GiB.
With ‘w’ we write the data to the disk and exit the fdisk menu:
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Now we need to format the extended partition which we just created on the USB stick.
mkfs -t ext4 /dev/sda1
mke2fs 1.44.5 (15-Dec-2018)
/dev/sda1 contains a vfat file system labelled 'LUIS W'
Proceed anyway? (y,N) y
Creating filesystem with 978684 4k blocks and 244800 inodes
Filesystem UUID: 2e1629ae-13bc-4bd3-bd63-58146886ab7a
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
Finally, we create a subdirectory named ‘natrixdrive’ con our Natrix Controller and mount it to the new formatted USB stick:
mkdir /natrixdrivesudo mount /dev/sda1 /natrixdriveNow we have some additional storing capacity available on the Natrix Controller!
Some additional installations
Java Runtime Environment
A mandatory element of the Natrix gateway is the Java Runtime Environment (JRE). The JRE will be provided a JDK (Java development Kit). The JDK contains the Java runtime environment, the Java compiler and the Java APIs. There are two very prominent JDKs available, which we will install both on our Natrix Gateway: OpenJDK and the Oracle JDK. Installing both JDKs does make us flexible in terms of giving Java applications – such as e.g. our different OSGI frameworks for Eclipse Kura and openHAB – to respectively operate with the JDK of their preference. This can be achieved by defining the JVM as a parameter when the respective JAR of the framework/Java application is starting.
openJDK
openJDK is the open source implementation of Java. Start installing the current openJDK the following way:
sudo apt update
sudo apt install default-jdk
After the installation, you can prove if it was successful:
java -version
openjdk version "11.0.12" 2021-07-20
OpenJDK Runtime Environment (build 11.0.12+7-post-Raspbian-2deb10u1)
OpenJDK Server VM (build 11.0.12+7-post-Raspbian-2deb10u1, mixed mode)
Oracle JDK
For the Oracle JDK (Oracle actually owns Java), there is no package available to install any longer. Reason for that is that Oracle changed its terms and conditions where you require e.g. an account for downloading software (although Java is still free of charge as it concerns for the way we are using it).
Download the JDK directly from Oracle’s website. Since Raspberry Pi is powered by an ARM processor and Raspberry PI OS is a 32-bit OS, choose the Linux ARM 32 Hard Float ABI version.
When you have downloaded the right package (in our case jdk1.8.0_241) , unpack it into /usr/java directory:
mkdir /usr/java/jdk1.8.0_241
cd /usr/java/jdk1.8.0_241
We can now create symbolic links in /usr/bin folder (so you’ll be able to use java command anywhere) by adding the following alternatives. Before doing this, the update-alternatives –config java command has the following result:
--config update-alternatives java
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-11-openjdk-armhf/bin/java
Nothing to configure.
--config update-alternatives java
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-11-openjdk-armhf/bin/java
Nothing to configure.
update-alternatives --install /usr/bin/java java /usr/java/jdk1.8.0_241/bin/java 1000
update-alternatives --install /usr/bin/javac javac /usr/java/jdk1.8.0_241/bin/javac 1000
For this new symbolic link we need to grant read/write access rights:
chmod 777 -R /usr/bin/javaAnother update-alternatives –config java command has now the following output:
update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/lib/jvm/java-11-openjdk-armhf/bin/java 1111 auto mode
1 /usr/java/jdk1.8.0_241/bin/java 1000 manual mode
2 /usr/lib/jvm/java-11-openjdk-armhf/bin/java 1111 manual mode
Press <enter> to keep the current choice[*], or type selection number:
If you now switch the default JVM to option [1], you get for the next java -version command the following result:
java -version
java version "1.8.0_241"
Java(TM) SE Runtime Environment (build 1.8.0_241-b07)
Java HotSpot(TM) Server VM (build 25.241-b07, mixed mode)
XRDP-Remote Desktop
In order to manage the Raspberry Pi over the network, in addition to SSH and VNC, there is also the option of accessing it remotely using Remote Desktop. The Remote Desktop Protocol (RDP) from Microsoft enables the transmission and control of screen content over the network. This is particularly useful for Windows users, as Windows already has the appropriate client (Microsoft Terminal Services Client).
However, please be aware of that with RDP you must live with the following restrictions:
- The development of open source software lags behind the RDP protocol development. That means, you don’t get all the performance features and also not the flexibility of VNC solutions.
- RDP is a security problem across insecure networks because all data is transmitted in clear text. So also entered usernames and passwords.
- XRDP (the Linux RDP) connects to its own screen for each session. So you can neither return to the current screen nor to an existing one.
If you now switch the default JVM to option [1], you get for the next java -version command the following result:
apt-get update
apt-get install xrdp
The basic installation is already done. In the future, the XRDP server will be started automatically in the background when the system is started. If necessary, the XRDP settings in the files /etc/xrdp/xrdp.ini and /etc/xrdp/sesman.ini can still be adjusted. However, this is not absolutely necessary and should only be required in special applications.
You can check whether the Remote Desktop Service has been successfully installed and is running as follows:
systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-09-20 12:52:37 BST; 37min ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Process: 486 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/SUCCESS)
Process: 495 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 497 (xrdp)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/xrdp.service
└─497 /usr/sbin/xrdp
Sep 20 12:52:36 PulseSensor systemd[1]: Starting xrdp daemon...
Sep 20 12:52:36 PulseSensor xrdp[495]: (495)(-1225557984)[DEBUG] Testing if xrdp can listen on 0.0.0.0 port 3389.
Sep 20 12:52:36 PulseSensor xrdp[495]: (495)(-1225557984)[DEBUG] Closed socket 7 (AF_INET6 :: port 3389)
Sep 20 12:52:36 PulseSensor systemd[1]: xrdp.service: Can't open PID file /run/xrdp/xrdp.pid (yet?) after start: No such file or directory
Sep 20 12:52:37 PulseSensor systemd[1]: Started xrdp daemon.
Sep 20 12:52:38 PulseSensor xrdp[497]: (497)(-1225557984)[INFO ] starting xrdp with pid 497
Sep 20 12:52:38 PulseSensor xrdp[497]: (497)(-1225557984)[INFO ] listening to port 3389 on 0.0.0.0
Vim – the editor
vim is a highly configurable text editor built to make creating and changing any kind of text very efficient. (vim- the editor(1), 2021)
apt-get update
apt-get install vim
We require vim primarily to edit the iptables file which is very sensitive for spaces within the file (and spaces are not been made visible in many other editors).
RxTx Library
RXTX is a complete implementation of Sun’s Java CommAPI. It contains native libraries that provide serial and parallel communication for the Java Development Toolkit. We do require this library for specific Maker projects such as the PulseSensor project which uses the rxtx-2.1.7.jar .
apt-get install librxtxapt-get updateAll libraries are installed in /usr/lib/jni. This is the path we need to add as an argument Djava.library.path=/usr/lib/jni \ to the Eclipse Kura™ starting command so that the JRE can find the required libs.