Uncategorized

BT Internet uses the defunct SMTPS protocol for outgoing SMTP connections from a customer.  To set up Exim4 to be able to send mail via this interface requires a dirty hack.  The main part of the configuration is as described in this Ask Ubuntu article in the accepted answer (based on Tony Scelfo’s article).  However, that does not take account of BT’s peculiar configuration.  An additional step is required:  before running update-exim4.conf, edit /etc/exim4/exim4.conf.template. Find the section starting with

remote_smtp_smarthost:

Insert a new line following the line driver = smtp like this:

  protocol = smtps

Then continue with the steps in the article above. Use mail.btinternet.com::465 for the address of the smarthost when running dpkg-reconfigure.

This is a hack because it subverts the SMTP smarthost function to use SMTPS. However as you can only have one smarthost at a time, that doesn’t matter.

By the way, Raspbian on the Raspberry Pi uses Exim4 and this was how I got email working from it.

The instructions  for installing Emoncms on the Raspberry Pi are at available through the OpenEnergyMonitor site.  However I had to take some additional steps.  This page lists what I did, drawing heavily from those instructions with thanks.

I used a Raspberry Pi 2 model B.  This has Ethernet which I needed to connect to the network, though you could use a Wifi dongle.  Before you can use the Pi, you have to install its operating system on a micro-SD card–I used an 8Gbyte one.  To receive wireless data from emonTx and emonTh modules, you need an expansion card such as the RFM69Pi.

Install Raspbian

Using Windows, fetch the Raspbian installation image.  Extract the zip file to obtain the single image file, in my case called 2015-02-16-raspbian-wheezy.img.  Write this image to the micro-SD card using Win32DiskImager.  Insert the micro-SD card into the Raspberry Pi (it goes in upside down) and power up. Watch in amazement as the boot images whizz by on the HDMI-connected monitor.  The initial screens allow you to set the password for the “pi” user, and if you are not based in the UK, you can change the Internationalisation options.

The EmonCMS installation instructions suggest making an additional data partition on the SD card.  I preferred not to do this for two reasons: the data is precious and the SD card has limited life, even with the write buffering.  Instead, I plan to mount a shared folder from my Synology NAS drive to hold the data.  I cover this in a separate post, as it is tricky.  However, following the instructions caused the root filesystem to overflow during the installation of pre-requisite software, so I recommend expanding the filesystem to the full size of the SD card.  There’s an option to do this in the initial configuration screens.  If you’ve already exited, type “sudo raspi-config” to re-invoke the configuration screeen.

Disable Serial Port login

By default, Raspbian Wheezy is configured to support login on the serial port.  This would conflict with the use of that port for radio communications, so we need to disable logins on the serial port.  Edit the configuration files as follows:

sudo nano /etc/inittab

At the bottom of the file comment out the last line, by adding a ‘# ’ at the beginning:

# T0:23:respawn:/sbin/getty -L ttyAMA0 115200 vt100

[Ctrl+X] then [y] then [Enter] to save and exit.  Next, edit the boot command line:

sudo nano /boot/cmdline.txt

Raspbian has been updated since the Emoncms instructions were written, and the line to change is now a little different.  Remove “console=ttyAMA0,115200” from the line, so that it reads

dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait

Change the filesystem to be mounted read-only

To reduce wear on the SD card, the filesystem can be mounted read-only, except when software updates are necessary.  The data will be stored on an external NAS drive. Before switching to read-only mode, we need to create commands to switch between read-only and read-write modes, and create a mount-point for the data partition. Do this while logged in as “pi”.

mkdir /home/pi/data

Turn on the TMPFS filesystem:

sudo cp /etc/default/tmpfs /etc/default/tmpfs.orig
sudo nano /etc/default/tmpfs

Find the line that says

#RAMTMP=no

Change it by removing the “# ” at the beginning of the line and changing “no” to “yes”:

RAMTMP=yes

Use [Ctrl+X] then [y] then [Enter] to save and exit.

Next, replace the filesystem mount point table:

sudo mv /etc/fstab /etc/fstab.orig
sudo sh -c "echo 'tmpfs           /tmp            tmpfs   nodev,nosuid,size=30M,mode=1777       0    0' >> /etc/fstab"
sudo sh -c "echo 'tmpfs           /var/log        tmpfs   nodev,nosuid,size=30M,mode=1777       0    0' >> /etc/fstab"
sudo sh -c "echo 'proc            /proc           proc    defaults                              0    0' >> /etc/fstab"
sudo sh -c "echo '/dev/mmcblk0p1  /boot           vfat    defaults                              0    2' >> /etc/fstab"
sudo sh -c "echo '/dev/mmcblk0p2  /               ext4    defaults,ro,noatime,errors=remount-ro 0    1' >> /etc/fstab"
sudo sh -c "echo '192.168.10.102:/volume1/emonpi2  /home/pi/data   nfs    user=pi                   0    0' >> /etc/fstab"
sudo sh -c "echo ' ' >> /etc/fstab"
sudo mv /etc/mtab /etc/mtab.orig
sudo ln -s /proc/self/mounts /etc/mtab

Note: The line referring to /home/pi/data will need to be changed to reflect your NAS drive’s IP address (or DNS name) and shared folder path.  See my separate post for instructions on making this work with Synology DiskStation DSM 5.1.

Create the commands to switch between read-only and read-write mode:

sudo nano /usr/bin/rpi-rw

In the empty file which loads, enter the following:

#!/bin/sh
sudo mount -o remount,rw /dev/mmcblk0p2  /
echo "Filesystem is unlocked - Write access enabled"
echo "Type 'rpi-ro' to lock"

[Ctrl+X] then [y] then [Enter] to save and exit, and then type the following to make the command executable:

sudo chmod +x  /usr/bin/rpi-rw

Similarly, create the opposite script:

sudo nano /usr/bin/rpi-ro

In the empty file which loads, enter the following:

#!/bin/sh
sudo mount -o remount,ro /dev/mmcblk0p2  /
echo "Filesystem is locked - Write access disabled"
echo "Type 'rpi-rw' to unlock"

[Ctrl+X] then [y] then [Enter] to save and exit, and then type the following to make the command executable:

sudo chmod +x  /usr/bin/rpi-ro

Reboot to bring the changes into effect:

sudo shutdown -r now

Log in again and change the permissions on the data directories. This may bring up error messages when using the Synology NAS.

sudo chmod -R a+w data
sudo chown -R pi data
sudo chgrp -R pi data

Continue to follow the instructions from “Installing Dependencies” in the instructions in installing Emoncms on the Raspberry Pi.  However, it turns out it is not really feasible to run MySQL with its data directory NFS mounted from Synology DSM.  This is due to a number of factors:

  • NFS mounts are not in place by the time MySQL starts (this could be worked around)
  • Synology NFS exports have weird permissions and ownership issues (see separate post; I have no solution)
  • I seem to recall criticism of the idea anyhow, on the basis that database storage should be local to the server for resiliency reasons.

All is not lost however.  Synology DSM is a flexible beast, and MySQL is available as a downloadable package for it, called MariaDB.

  1. Log into DSM as “admin” at http://diskstation:5000 (for example)
  2. Open “Package Center” and find MariaDB under “Utilities”. Press the “Install” button and wait until the magic is done.
  3. Find and install “phpMyAdmin”, also under “Utilities”.
  4. Open “phpMyAdmin” – this opens a new tab or browser window and presents the phpMyAdmin login screen.
  5. Log in as user “root” with no password.
  6. Under “General Settings”, select “Change password”.  In the pop-up window, enter a new password for the “root” MySQL user, and then press “Go”.
  7. In the ribbon at the top centre of the screen, select “Users”.
  8. Halfway down the screen, there’s a section called “New”.  Click on “Add user”.
  9. Under “Login information” enter the name “emoncms” in the “User name” field.
  10. Leave the “host” field set to the default value, to allow login from any host (or, for additional security, you could select “Use text field” and enter the IP address of the Raspberry Pi which will run the emoncms software).
  11. Enter a password for the “emoncms” user in the two fields provided.
  12. Under “Database for user”, select the checkbox marked “
  13. Click “Go” (which is at the very bottom right of the page).

Continue with the instructions, but disable the MySQL service on the Raspberry Pi, as we’ll use the one on the Diskstation instead:

rpi-rw
sudo update-rc.d mysql disable

In the section of the instructions entitled “Set emoncms database settings,” set the username to “emoncms” and the password to the password you set in step 11 above. Set the hostname to the IP address of the DiskStation.  Set the database name to “emoncms”.  Once these settings have been made, reboot the Raspberry Pi and point your web browser its newly installed EmonCMS installation.  Assuming the Raspberry Pi’s address is 192.168.1.22, this would be http://192.168.1.22/emoncms.  Register a new account on that page.  You should see an account status page.  In the “My Account” column, there is an entry called “Write API key”.  Copy that value (it’s a string of letters and numbers) as you’ll need it in the next step.

Enable writing to the SD card with the “sudo rpi-rw” command.  Edit the emonhub configuration file.  The instructions show how to edit the file, but they don’t explain what to change. Under “Reporters” you’ll see a line like this:

        apikey = xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Change the string of “x”s to the value of the Write API key you copied above.  Save the file and exit the editor. Restart emonhub:

sudo service emonhub restart
rpi-ro

At this point your EmonCMS installation should be working (although a reboot of the Raspberry Pi might be a good idea) and upon logging in to EmonCMS and clicking on “Input”, you might be lucky enough to see any nodes you have already installed listed with their data values.

Here are some pointers, but note that some information is out of date:

The easy-rsa package is now separate from OpenVPN and is installed using “sudo apt-get install easy-rsa”.

Add the following line to the end of the server’s OpenVPN configuration file, which might be called server.conf:

plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn

To install Google Authenticator on the server, the instructions in the above link are outdated.  Get the source from github.com. It’s called “google/google-authenticator”. I used “git clone” to get it:

% git clone https://github.com/google/google-authenticator

On Ubuntu, you’ll have to install the PAM development libraries before building:

% sudo apt-get install libpam-dev

The part you need on the server is in google-authenticator/libpam.  Follow the instructions in the README in that directory to build and install it, ending with “sudo make install”.  It installs the generated library in /usr/local/lib/security.  Next, you need a PAM config file for OpenVPN. Create /etc/pam.d/openvpn with the following content:

@include common-account
auth requisite /usr/local/lib/security/pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass

Then follow the remaining steps in the above article.  One day, I’ll write it up more completely.  Probably too late.