Raspberry PI Setup

From SdNOG wiki
Jump to navigation Jump to search


Raspberry Pi 2 in case

Introduction

In July 2015, SdNOG was donated two Raspberry Pi units. It is anticipated that these will be used as the "noc" or "services" hosts, during the SdNOG Meetings. Their setup is described below.

Hardware

Each "chassis" is equipped as follows

Each unit has a spare memory card, should the primary operating system disk be corrupted, to allow for easy recovery. These have been also been pre-installed with Raspian, but no additional configuration has been applied. For readability purposes, a complete dmesg has been included at the end of this article.

Software

It was agreed that the standard Raspberry PI, Raspbian operating system, would be most appropriate for use, as this Debian based operating system would make it easier to get post installation support and assistance. Consequently, both were initially installed with the 2015-05-05-raspbian-wheezy.img, to produce:

pi@noc ~ $ uname -a
Linux noc01 3.18.11-v7+ #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015 armv7l GNU/Linux

Since it is expected that these will operate as DNS servers, they have been configured as recursive servers. The following base packages have been installed on each, as part of the default install process:

  • Unbound - as a DNSSEC validating server
  • Ferm - for additional application security
  • SSHguard - to lock down access

Additionally, the following application software has been installed for each unit's specific workload.

  • noc01
    • MRTG
    • nginx web server
    • ISC DHCPd


Configuration

Standard installations of Raspbian have been performed on both units. As these would primarily function headless (ie. without monitors), and definitely without a GUI, GPU memory partitioning has been set to 16MB, to maximise the RAM that is otherwise available to the unit for usage, using the built-in raspi-confg tool.

Default IP settings

The following default IP address information has been configured on the devices. The address range chosen was to match the default IP address configuration that comes factory-shipped from the Ubiquiti factory for the ToughSwitch. Additions that were made to the rPIS are in for the form:

pi@noc02 ~ $ grep -A4 eth0:1 /etc/network/interfaces
auto eth0:1
iface eth0:1 inet static
address 192.168.1.11
netmask 255.255.255.0
unit ip address
noc01 192.168.1.11
noc02 192.168.1.12

Basic security settings

  • Root SSH inbound has been disabled
  • Each unit has also been pre-installed with:
    • ferm
    • sshguard

that's been configured for the packages listed above.



dmesg.boot

pi@noc02 ~ $ dmesg 
[    0.000000] Booting Linux on physical CPU 0xf00
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 3.18.11-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.8.3 20140303 (prerelease) (crosstool-NG linaro-1.13.1+bzr2650 - Linaro GCC 2014.03) ) #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015
[    0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: Raspberry Pi 2 Model B
[    0.000000] cma: Reserved 8 MiB at 0x3d800000
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] On node 0 totalpages: 253952
[    0.000000] free_area_init_node: node 0, pgdat 8080f480, node_mem_map bd033000
[    0.000000]   Normal zone: 1984 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 253952 pages, LIFO batch:31
[    0.000000] [bcm2709_smp_init_cpus] enter (8620->f3003010)
[    0.000000] [bcm2709_smp_init_cpus] ncores=4
[    0.000000] PERCPU: Embedded 10 pages/cpu @bd001000 s11456 r8192 d21312 u40960
[    0.000000] pcpu-alloc: s11456 r8192 d21312 u40960 alloc=10*4096
[    0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 251968
[    0.000000] Kernel command line: dma.dmachans=0x7f35 bcm2708_fb.fbwidth=1920 bcm2708_fb.fbheight=1200 bcm2709.boardrev=0xa01041 bcm2709.serial=0x5e961136 smsc95xx.macaddr=B8:27:EB:96:11:36 bcm2708_fb.fbswap=1 bcm2709.disk_led_gpio=47 bcm2709.disk_led_active_low=0 sdhci-bcm2708.emmc_clock_freq=250000000 vc_mem.mem_base=0x3ea00000 vc_mem.mem_size=0x3f000000  dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
[    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[    0.000000] Memory: 989600K/1015808K available (5722K kernel code, 397K rwdata, 1748K rodata, 384K init, 763K bss, 26208K reserved)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xffe00000   (2048 kB)
[    0.000000]     vmalloc : 0xbe800000 - 0xff000000   (1032 MB)
[    0.000000]     lowmem  : 0x80000000 - 0xbe000000   ( 992 MB)
[    0.000000]     modules : 0x7f000000 - 0x80000000   (  16 MB)
[    0.000000]       .text : 0x80008000 - 0x80753a48   (7471 kB)
[    0.000000]       .init : 0x80754000 - 0x807b4000   ( 384 kB)
[    0.000000]       .data : 0x807b4000 - 0x808174bc   ( 398 kB)
[    0.000000]        .bss : 0x808174bc - 0x808d6254   ( 764 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] Preemptible hierarchical RCU implementation.
[    0.000000] NR_IRQS:608
[    0.000000] Architected cp15 timer(s) running at 19.20MHz (virt).
[    0.000014] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 3579139424256ns
[    0.000038] Switching to timer-based delay loop, resolution 52ns
[    0.000331] Console: colour dummy device 80x30
[    0.001778] console [tty1] enabled
[    0.001828] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[    0.001910] pid_max: default: 32768 minimum: 301
[    0.002314] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.002373] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.003641] Initializing cgroup subsys memory
[    0.003731] Initializing cgroup subsys devices
[    0.003785] Initializing cgroup subsys freezer
[    0.003835] Initializing cgroup subsys net_cls
[    0.003898] Initializing cgroup subsys blkio
[    0.004002] CPU: Testing write buffer coherency: ok
[    0.004113] ftrace: allocating 19614 entries in 58 pages
[    0.052492] CPU0: update cpu_capacity 1024
[    0.052570] CPU0: thread -1, cpu 0, socket 15, mpidr 80000f00
[    0.052611] [bcm2709_smp_prepare_cpus] enter
[    0.052761] Setting up static identity map for 0x528478 - 0x5284ac
[    0.112402] [bcm2709_boot_secondary] cpu:1 started (0) 18
[    0.112711] CPU1: Booted secondary processor
[    0.112719] [bcm2709_secondary_init] enter cpu:1
[    0.112769] CPU1: update cpu_capacity 1024
[    0.112779] CPU1: thread -1, cpu 1, socket 15, mpidr 80000f01
[    0.132381] [bcm2709_boot_secondary] cpu:2 started (0) 18
[    0.132637] CPU2: Booted secondary processor
[    0.132644] [bcm2709_secondary_init] enter cpu:2
[    0.132676] CPU2: update cpu_capacity 1024
[    0.132685] CPU2: thread -1, cpu 2, socket 15, mpidr 80000f02
[    0.152459] [bcm2709_boot_secondary] cpu:3 started (0) 18
[    0.152700] CPU3: Booted secondary processor
[    0.152707] [bcm2709_secondary_init] enter cpu:3
[    0.152736] CPU3: update cpu_capacity 1024
[    0.152744] CPU3: thread -1, cpu 3, socket 15, mpidr 80000f03
[    0.152837] Brought up 4 CPUs
[    0.152959] SMP: Total of 4 processors activated (153.60 BogoMIPS).
[    0.152991] CPU: All CPU(s) started in SVC mode.
[    0.153994] devtmpfs: initialized
[    0.178794] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[    0.180770] pinctrl core: initialized pinctrl subsystem
[    0.183879] NET: Registered protocol family 16
[    0.189507] DMA: preallocated 4096 KiB pool for atomic coherent allocations
[    0.190679] bcm2709.uart_clock = 3000000
[    0.193461] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[    0.193514] hw-breakpoint: maximum watchpoint size is 8 bytes.
[    0.193569] mailbox: Broadcom VideoCore Mailbox driver
[    0.193699] bcm2708_vcio: mailbox at f300b880
[    0.194065] bcm_power: Broadcom power driver
[    0.194103] bcm_power_open() -> 0
[    0.194128] bcm_power_request(0, 8)
[    0.694808] bcm_mailbox_read -> 00000080, 0
[    0.694841] bcm_power_request -> 0
[    0.694985] Serial: AMBA PL011 UART driver
[    0.695133] dev:f1: ttyAMA0 at MMIO 0x3f201000 (irq = 83, base_baud = 0) is a PL011 rev3
[    1.203586] console [ttyAMA0] enabled
[    1.275616] SCSI subsystem initialized
[    1.279630] usbcore: registered new interface driver usbfs
[    1.285299] usbcore: registered new interface driver hub
[    1.290767] usbcore: registered new device driver usb
[    1.297678] Switched to clocksource arch_sys_counter
[    1.333369] FS-Cache: Loaded
[    1.336605] CacheFiles: Loaded
[    1.351172] NET: Registered protocol family 2
[    1.356821] TCP established hash table entries: 8192 (order: 3, 32768 bytes)
[    1.364075] TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
[    1.370798] TCP: Hash tables configured (established 8192 bind 8192)
[    1.377274] TCP: reno registered
[    1.380561] UDP hash table entries: 512 (order: 2, 16384 bytes)
[    1.386547] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[    1.393295] NET: Registered protocol family 1
[    1.398317] RPC: Registered named UNIX socket transport module.
[    1.404261] RPC: Registered udp transport module.
[    1.409008] RPC: Registered tcp transport module.
[    1.413725] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    1.421150] hw perfevents: enabled with armv7_cortex_a7 PMU driver, 5 counters available
[    1.429565] bcm2708_dma: DMA manager at f3007000
[    1.434355] vc-mem: phys_addr:0x00000000 mem_base=0x3ea00000 mem_size:0x3f000000(1008 MiB)
[    1.444163] futex hash table entries: 1024 (order: 4, 65536 bytes)
[    1.450699] audit: initializing netlink subsys (disabled)
[    1.456167] audit: type=2000 audit(1.239:1): initialized
[    1.477824] VFS: Disk quotas dquot_6.5.2
[    1.482130] Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[    1.491689] FS-Cache: Netfs 'nfs' registered for caching
[    1.498136] NFS: Registering the id_resolver key type
[    1.503267] Key type id_resolver registered
[    1.507461] Key type id_legacy registered
[    1.512724] msgmni has been set to 1948
[    1.518436] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[    1.526049] io scheduler noop registered
[    1.530026] io scheduler deadline registered (default)
[    1.535508] io scheduler cfq registered
[    1.541989] BCM2708FB: allocated DMA memory fdc00000
[    1.547021] BCM2708FB: allocated DMA channel 0 @ f3007000
[    1.589854] Console: switching to colour frame buffer device 240x75
[    1.619962] bcm2708-dmaengine bcm2708-dmaengine: Load BCM2835 DMA engine driver
[    1.627784] uart-pl011 dev:f1: no DMA platform data
[    1.633279] vc-cma: Videocore CMA driver
[    1.637284] vc-cma: vc_cma_base      = 0x00000000
[    1.642148] vc-cma: vc_cma_size      = 0x00000000 (0 MiB)
[    1.647649] vc-cma: vc_cma_initial   = 0x00000000 (0 MiB)
[    1.665006] brd: module loaded
[    1.673893] loop: module loaded
[    1.677449] vchiq: vchiq_init_state: slot_zero = 0xbd800000, is_master = 0
[    1.685366] Loading iSCSI transport class v2.0-870.
[    1.691355] usbcore: registered new interface driver smsc95xx
[    1.697282] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[    1.903562] Core Release: 2.80a
[    1.906784] Setting default values for core params
[    1.911738] Finished setting default values for core params
[    2.117846] Using Buffer DMA mode
[    2.121234] Periodic Transfer Interrupt Enhancement - disabled
[    2.127169] Multiprocessor Interrupt Enhancement - disabled
[    2.132864] OTG VER PARAM: 0, OTG VER FLAG: 0
[    2.137307] Dedicated Tx FIFOs mode
[    2.141223] WARN::dwc_otg_hcd_init:1047: FIQ DMA bounce buffers: virt = 0xbdc14000 dma = 0xfdc14000 len=9024
[    2.151281] FIQ FSM acceleration enabled for :
[    2.151281] Non-periodic Split Transactions
[    2.151281] Periodic Split Transactions
[    2.151281] High-Speed Isochronous Endpoints
[    2.168279] dwc_otg: Microframe scheduler enabled
[    2.168345] WARN::hcd_init_fiq:412: FIQ on core 1 at 0x803d98b4
[    2.174382] WARN::hcd_init_fiq:413: FIQ ASM at 0x803d9c10 length 36
[    2.180768] WARN::hcd_init_fiq:438: MPHI regs_base at 0xbe80a000
[    2.186919] dwc_otg bcm2708_usb: DWC OTG Controller
[    2.191950] dwc_otg bcm2708_usb: new USB bus registered, assigned bus number 1
[    2.199363] dwc_otg bcm2708_usb: irq 32, io mem 0x00000000
[    2.204993] Init: Port Power? op_state=1
[    2.209015] Init: Power Port (0)
[    2.212601] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    2.219551] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    2.226905] usb usb1: Product: DWC OTG Controller
[    2.231722] usb usb1: Manufacturer: Linux 3.18.11-v7+ dwc_otg_hcd
[    2.237948] usb usb1: SerialNumber: bcm2708_usb
[    2.243471] hub 1-0:1.0: USB hub found
[    2.247358] hub 1-0:1.0: 1 port detected
[    2.257802] dwc_otg: FIQ enabled
[    2.257818] dwc_otg: NAK holdoff enabled
[    2.257829] dwc_otg: FIQ split-transaction FSM enabled
[    2.257871] Module dwc_common_port init
[    2.258278] usbcore: registered new interface driver usb-storage
[    2.270541] mousedev: PS/2 mouse device common for all mice
[    2.282635] bcm2835-cpufreq: min=600000 max=900000
[    2.293693] sdhci: Secure Digital Host Controller Interface driver
[    2.305790] sdhci: Copyright(c) Pierre Ossman
[    2.316338] DMA channels allocated for the MMC driver
[    2.357773] Load BCM2835 MMC driver
[    2.373437] sdhci-pltfm: SDHCI platform and OF driver helper
[    2.389060] ledtrig-cpu: registered to indicate activity on CPUs
[    2.403390] hidraw: raw HID events driver (C) Jiri Kosina
[    2.415046] usbcore: registered new interface driver usbhid
[    2.427641] usbhid: USB HID core driver
[    2.439765] TCP: cubic registered
[    2.447833] Indeed it is in host mode hprt0 = 00021501
[    2.459866] Initializing XFRM netlink socket
[    2.471134] NET: Registered protocol family 17
[    2.483680] Key type dns_resolver registered
[    2.494227] Registering SWP/SWPB emulation handler
[    2.505807] registered taskstats version 1
[    2.515954] vc-sm: Videocore shared memory driver
[    2.526475] [vc_sm_connected_init]: start
[    2.536733] vc_vchi_sm_init: failed to open VCHI service (-1)
[    2.542561] [vc_sm_connected_init]: failed to initialize shared memory service
[    2.561491] [vc_sm_connected_init]: end - returning -1
[    2.569089] mmc0: host does not support reading read-only switch, assuming write-enable
[    2.572717] mmc0: new high speed SDHC card at address aaaa
[    2.573354] mmcblk0: mmc0:aaaa SL08G 7.40 GiB 
[    2.575175]  mmcblk0: p1 p2
[    2.627857] usb 1-1: new high-speed USB device number 2 using dwc_otg
[    2.640709] Indeed it is in host mode hprt0 = 00001101
[    2.653090] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
[    2.667786] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[    2.681676] devtmpfs: mounted
[    2.691247] Freeing unused kernel memory: 384K (80754000 - 807b4000)
[    2.858163] usb 1-1: New USB device found, idVendor=0424, idProduct=9514
[    2.871186] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    2.885518] hub 1-1:1.0: USB hub found
[    2.895607] hub 1-1:1.0: 5 ports detected
[    3.178011] usb 1-1.1: new high-speed USB device number 3 using dwc_otg
[    3.288217] usb 1-1.1: New USB device found, idVendor=0424, idProduct=ec00
[    3.302923] usb 1-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    3.320308] smsc95xx v1.0.4
[    3.391992] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-bcm2708_usb-1.1, smsc95xx USB 2.0 Ethernet, b8:27:eb:96:11:36
[    3.488012] usb 1-1.4: new low-speed USB device number 4 using dwc_otg
[    3.637433] usb 1-1.4: New USB device found, idVendor=045e, idProduct=078c
[    3.651214] usb 1-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[    3.665062] usb 1-1.4: Product: USB Keyboard
[    3.676296] usb 1-1.4: Manufacturer: LITEON Technology
[    3.721588] input: LITEON Technology USB Keyboard as /devices/platform/bcm2708_usb/usb1/1-1/1-1.4/1-1.4:1.0/0003:045E:078C.0001/input/input0
[    3.741825] hid-generic 0003:045E:078C.0001: input,hidraw0: USB HID v1.10 Keyboard [LITEON Technology USB Keyboard] on usb-bcm2708_usb-1.4/input0
[    3.841086] udevd[173]: starting version 175
[    6.234423] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
[    6.468424] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
[    9.439848] random: nonblocking pool is initialized
[   10.501402] EXT4-fs (mmcblk0p2): resizing filesystem from 784640 to 1925120 blocks
[   10.733060] EXT4-fs (mmcblk0p2): resized filesystem to 1925120
[   13.730998] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
[   15.511993] smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xC1E1
[   17.814526] cfg80211: Calling CRDA to update world regulatory domain
[   18.217525] Adding 102396k swap on /var/swap.  Priority:-1 extents:2 across:2134012k SSFS
[ 1414.757535] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 1414.795825] nf_conntrack version 0.5.0 (15596 buckets, 62384 max)
[ 1439.960056] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 1797.899256] usb 1-1.4: USB disconnect, device number 4