Tech Intersection

A New Raspberry Pi 2 Running Ubuntu 14.04 LTS

Written by Bruce R. Copeland on May 04, 2015

Tags: automation, backup, firewall, headless, information, internet of things, linux, raspberry pi, security, technology, ubuntu, update, usb, wireless

A few weeks ago I received a new Raspberry Pi 2, complete with case, 32 GB (class 10) SDHC card, 5V/2A power supply, and Edimax EW-7811UN USB wireless dongle. The Pi 2 is an ARMv7 quad processor system with 1 GB of RAM. This is comparable to most better smartphones and tablets, but about 20-fold slower than the 8GB Intel i7 system I routinely use for high-end software development.

A Raspberry Pi 2 The XUbuntu 14.04 Desktop on a Raspberry Pi

Most Raspberry Pi users find it easiest to begin with the basic Raspbian linux distributions available from the Raspberry Pi Federation. However I have been using diverse unix/linux systems heavily for more than 16 years. Currently all the computers in my company run either Ubuntu 12.04 LTS or Ubuntu 14.04 LTS. It is significantly easier to administer systems that mostly utilize the same packages and tools. Also the Ubuntu long term support (LTS) feature has been invaluable on several past occasions when we were involved in complex projects and would not have had time to upgrade other shorter-lived distributions nearing their end of life for security support. Ryan Finnie has recently provided a nice build of Ubuntu 14.04 LTS for Rasberry Pi. So it made sense to start with Ubuntu 14.04 LTS on my new Raspberry Pi.

Setting up the Initial Ubuntu 14.04 LTS System

To initially set up the SDHC card, I used one of our existing Ubuntu linux systems that has an SD card reader. First I ran

$ sudo fdisk -l

without and with the SD card to correctly identify the device on the system (you could use df -h instead of fdisk -l). This is an important step because you do not want to use an incorrect device name and inadvertently format or alter the partitions on the established system you are using. The output from the command with the SD card present included an extra pair of lines:

   Device Boot       Start          End       Blocks   Id   System
   /dev/sdb1             8192     62333951     31162880    c   W95 FAT32 (LBA)

which indicates that /dev/sdb is the device for the SD card on this system. SD cards usually come formatted with additional files and hidden partitiions that can interfere with loading a bootable image. It is best to remove these by reformatting the SD card as w95 vfat. First unmount the SD card using either the GUI file manager or

$ umount /dev/sdb1

from the command line. Next remove existing partitions and create a new partition of the appropriate type:

$ sudo fdisk /dev/sdb

Command (m for help): d  
Selected partition 1

Command (m for help): n  
Partition type: p primary (0 primary, 0 extended, 4 free)  
e extended Select (default p):  
Using default response p  
Partition number (1-4, default 1):  
Using default value 1  
First sector (2048-62333951, default 2048):  
Using default value 2048  
Last sector, +sectors or +size{K,M,G} (2048-62333951, default 62333951):  
Using default value 62333951

Command (m for help): t  
Selected partition 1  
Hex code (type L to list codes): b  
Changed system type of partition 1 to b (W95 FAT32)

Command (m for help): w  
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: If you have created or modified any DOS 6.x  
partitions, please see the fdisk manual page for additional  
Syncing disks.

Finally format the new partition on the SD card:$ sudo mkfs.vfat /dev/sdb1 mkfs.fat 3.0.26 (2014-03-07) (Unmount the card again after this last step because many systems automount the card after formatting.) Download Ryan Finnie’s Ubuntu 14.04 image to some appropriate location on your existing system, unzip it, and cd to that new location in the bash shell. We are ready to transfer the image to the SD card. You can use the

$ dd if=2015-04-06-ubuntu-trusty.img of=/dev/sdb bs=4M

command to do this, but Ryan Finnie provides additional bmap info about his image that makes it possible to use the (much) faster bmaptool image transfer mechanism:

$ sudo bmaptool copy --bmap 2015-04-06-ubuntu-trusty.bmap 2015-04-06-ubuntu-
trusty.img /dev/sdb
bmaptool: info: block map format version 1.3
bmaptool: info: 458752 blocks of size 4096 (1.8 GiB), mapped 121181 blocks
(473.4 MiB or 26.4%)
bmaptool: info: copying image '2015-04-06-ubuntu-trusty.img' to block device
'/dev/sdb' using bmap file '2015-04-06-ubuntu-trusty.bmap'
bmaptool: info: 100% copied
bmaptool: info: synchronizing '/dev/sdb'
bmaptool: info: copying time: 34.5s, copying speed 13.7 MiB/sec

Either way, it is now time to transfer the SD card to the slot at the back bottom of the Pi board. Before booting Pi the first time, you want to attach an HDMI display, USB keyboard and mouse, and an etherlink cable that connects to the internet. (It is unlikely that the bootable image has the necessary driver for a USB wireless dongle.) Power up the Pi. It will boot into a command line because we have not yet installed any Ubuntu GUI components. Log in with the default user (ubuntu/ubuntu). Ryan Finnie’s Ubuntu image has two partitions. The second of these will be our Ubuntu linux / filesystem. Before we can install everything else, we need to resize the second partition to use the remainder of the SD card:

$ sudo fdisk /dev/mmcblk0

Command (m for help): d  
Partition number (1-4, default 2): 2  
Selected partition 2

Command (m for help): n Partition type:  
   p primary (0 primary, 0 extended, 4 free)  
   e extended Select (default p):  
Partition number (1-4, default 2): 2

(accept defaults for first and last sectors)

Command (m for help): w

Because we are making the partition change on a mounted device, it is necessary to reboot before the linux kernel will corrrectly recognize the new partion table:

$ sudo shutdown -h now

Power Pi up again. Then resize the second partition using:

$ sudo resize2fs /dev/mmcblk0p2`

Also Add a swap file:

$ sudo apt-get install dphys-swapfile

Now it is time to install the remaining desired components of Ubuntu. I often run my linux systems headless (no display, keyboard, or mouse) and manage them via SSH from another linux system on the network. Even so, it is usually helpful to have a GUI running on the headless system. For this I prefer XUbuntu instead of all the Gnome/Unity overhead found on the full Ubuntu desktop:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install linux-firmware
$ sudo apt-get install xubuntu-desktop
$ sudo apt-get install openssh-server

The installation of xubuntu-desktop takes a while. When all this is completed, finally sudo shutdown -h now, and power Pi on again. This time Pi boots into the XUbuntu GUI (visible on the HDMI display).

At this point I found everything to be working, but the performance of the USB wireless dongle was quite unsatisfactory (40% packet loss and some very long transit times). Playing a bit with the distance and position of Pi relative to my wireless router convinced me that most of the problem is a relatvely weak radio in the wireless dongle. There are instructions on the internet for building very effective wireless antennas, but that may not be necessary. In my case a 6 foot USB extension cable was sufficient to fix the problem. Starting about 2 inches from the female end of the extension, I folded 2.5 inch lengths of the cable back and forth, leaving about one foot of unfolded length at the male end. I used a twist tie to hold the parallel lengths of cable in place together. I then attached the wireless dongle to the female end of the cable and the male end of the extension to a USB port on the Pi. This arrangement gave me dramatically improved reception (72 Mbps throughput and less than 1% packet loss). The one foot of unfolded cable moves the dongle far enough away from the Pi to reduce interference, and the parallel folded strands of cable form a crude parallel dipole antenna.

Linux/Unix Best Practices

Whether you are using your Raspberry Pi for play or for real work, it is a good idea to learn and follow some linux/unix best practices. Here are some things to do:

1. Set up appropriate security

I spend a good deal of my work life making certain that servers and their web apps are properly secure. Much has been written recently about the vast insecurity of IoT (see e.g. The internet of things is wildly insecure…, Report: internet of things is your next nightmare, and Welcome to the internet of things: Please check your privacy at the door). The Raspberry Pi is no exception. Because of the manner in which Pi boots, nearly all operating system distributions for Raspberry Pi are provided as bootable images with a default user/password (pi/pi, ubuntu/ubuntu, etc) which is used to initially access the new system. This combined with the relative insecurity of home wireless networks means there is a pretty high likelihood someone could hack into your Pi. You may not care about security on your own Pi, but you do not want someone using your Pi to attack the rest of your network or using it as part of a botnet, etc. to attack someone/something else on the internet (and some botnets are used to fund terrorist activity).

As soon as you have Pi set up to your satisfaction, you should add a new admin user with a different name and a reasonably secure password (8+ characters including numerals, upper and lower case, and at least one special character—or better yet use a 25+ character passphrase).

$ sudo adduser gooseberry
$ sudo usermod -g sudo gooseberry

(You will be prompted for full name, location, password, etc.)

Log out and log back in as your new user. Verify that your new user has full sudo admin privileges by deleting the original default user:

$ sudo deluser --remove-home ubuntu

Set up a good firewall for your Pi. There is a nice package called fwbuilder that you can install (sudo apt-get install fwbuilder) and use to build an iptables firewall for your Pi (or any other linux system). I am not going to give out details about my own Pi firewall in a public blog (but I will provide more detail to anyone who contacts me in private). Once you get your firewall running, use the iptables-persistent package to back up the ruleset:

$ sudo apt-get install iptables-persistent

(accept the prompts at installation).

Install the fail2ban package:

$ sudo apt-get install fail2ban
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

so that someone cannot make more than a handful of attempts to guess your username/password before they get locked out of the system. If you want, you can use vim, nano, mousepad, or some other editor to adjust the default settings for fail2ban:

$ sudo nano /etc/fail2ban/jail.local

Security on any operating system is only as good as the system software itself. All operating systems provide updates with security fixes. If your Raspberry Pi is going to be running full-time unattended, it is a good idea to set it up to automatically download and install security fixes. The unattended-upgrades package should already be on your system. Use a text editor (e.g. sudo nano) to open the /etc/apt/apt.conf.d/10periodic file, and add/modify the lines

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

This will only perform automatic security updates; you will still want to do ordinary package updates at your own convenience.

2. Protect your SD card

You hear about a lot of Pi users who encounter fragmentation issues with their SD cards. This is usually caused by failure to properly unmount the card before powering down Pi. Always shut down your linux system properly. This will occur automatically if you select shutdown from a linux GUI. However if you are using the command line, you need to

$ sudo shutdown -h now

then wait 10 seconds before turning off the power to your Pi. If your Pi is running headless, you need to use SSH to connect to your Pi and then give the sudo shutdown -h now command before powering down your Pi. (Your SSH session will stop on its own).

Even when you shutdown properly, sooner or later power outages etc are going to cause your Pi to power down without properly unmounting. A handful of such occurrences will not ruin your SD card, but you do not want damage to accumulate. A standard approach on linux/unix systems (IDE/SATA hard disk or USB or SD media) is to periodically check your disk partitions at boot. You can set this up using a program called tune2fs. I typically leave my systems up for a long time, so I like to configure the disk to be checked after every 30 starts or every 2 months, whichever comes sooner:

$ sudo tune2fs -c 30 /dev/mmcblk0p2
$ sudo tune2fs -i 2m /dev/mmcblk0p2

You can verify your new settings by running

$ sudo dumpe2fs -h /dev/mmcblk0p2

3. Backup your data

There is probably no need to backup your entire linux system because it is easy to rebuild it starting from the original boot image. However if you have important data stored in your home user directory (or in some place like /opt for multi-user systems), you should back that data up periodically. It is easy to copy your data to either a USB hard drive or a USB thumb drive. In fact, another alternative is to always store your data on a USB thumb drive attached to the Pi (however, you still need a backup). You could also use scp or sftp to copy your data to another system accessible by SSH.

Actually Using Raspberry Pi

So where next for Raspberry Pi? This particular Pi is already being used for some automation research based on my company’s artificial intelligence libraries. In addition I am impressed enough with the Raspberry Pi capabilities that I have already ordered a second Pi to be used as a network print server. For a good many years, we have been using an old server box as a print server. The current Pi 2 has performance comparable to that old server, and I estimate we will save about $15/month off our power bills by switching to the Pi (the server uses a 200 W power supply compared to the 10 W supply for the Pi).