This project is based on Raspbian Lite (Jessie). Software-related setup is covered on this page.
Strictly speaking, you could accomplish the following using other Linux distributions and/or using other hardware.
Setting up Raspbian from scratch. Experienced users may prefer to skip this section.
- Login using default credentials (pi / raspberry)
- Modify system settings (
sudo raspi-config)- Change your password
- Update your locale/keyboard map/timezone/etc
- Enable the SSH server (not on by default)
- Update your hostname (to, say,
ebam-plus?)
Though not required, our SOP is to create a new user other than pi for
administration (ref: https://www.raspberrypi.org/documentation/linux/usage/users.md)
Assuming this user is named sally:
- Login as admin user (by default,
pi) - Create new user (
sudo adduser sally)- Prompt info (name, office, ph#) is optional
- Give strong password
- Grant new user admin rights (
sudo visudo)- Duplicate this line:
root ALL=(ALL:ALL) ALL - Update copied line to:
sally ALL=NOPASSWD: ALL
- Duplicate this line:
- Grant new user serial port access (
sudo usermod -a -G dialout sally) - Log out; log in as the new user
- Delete old user (
sudo userdel -r pi)
First, do a complete system update: sudo apt-get update && sudo apt-get dist-upgrade -y
Next, install necessary packages and useful utilities (sudo apt-get install ...)
gittmuxminicom
Then do a little bit of config to make serial port usage easier (sudo minicom -s):
- Serial port setup
- Serial Device:
/dev/ttyUSB0 - Hardware flow control: No
- Serial Device:
- Save setup as dfl
Add some public SSH keys to your new administrative user account and disable password login.
Since this device will be left running unattended, install packages to support automatic updates.
$ sudo apt-get update
$ sudo apt-get install unattended-upgrades -y
Enable automatic rebooting if the hardware hangs somehow. First enable hardware support:
sudo nano /boot/config.txt
...
+##watchdog
+dtparam=watchdog=onsudo reboot
Install the watchdog package:
In latest releases, it is no longer necessary to fix the systemd service file (Jun 2019). 👍
sudo apt install watchdog -y
Update the configuration file:
sudo nano /etc/watchdog.conf
```diff
...
-#max-load-1 = 24
+max-load-1 = 24
...
-#watchdog-device = /dev/watchdog
+watchdog-device = /dev/watchdog
+
+watchdog-timeout = 10
Finally enable the service:
sudo systemctl enable watchdog
sudo systemctl start watchdog
And optionally test with null pointer dereference:
echo c > /proc/sysrq-trigger
Although of limited use inside the enclosure, a physical button is installed to safely turn the Pi off.
To monitor overall computer performance, install RPi-Monitor.
Follow these instructions.
Update packages and enable update hook:
sudo /etc/init.d/rpimonitor update
sudo /etc/init.d/rpimonitor install_auto_package_status_update
Fix up network config (no longer active by default since introduction of predictable network names:
sudo nano /etc/rpimonitor/template/network.conf- Uncomment first two config blocks (optionally updating
eth0if you have enabled predictable names) - Uncomment final config block for statistics
- Comment out existing status-content-line entries in third config block and uncomment the "Ethernet sent..." line
Set to listen on localhost only:
sudo nano /etc/rpimonitor/daemon.conf
-#daemon.addr=0.0.0.0
+daemon.addr=127.0.0.1sudo systemctl restart rpimonitor
In preparation for next section, manually download third-party files into resources folder (skipping if present & not updated):
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/05/E-BAM-PLUS-9800-Manual-Rev-C.pdf
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/05/597A-9800-Manual-Rev-A.pdf
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/04/BX-302-9800-Rev-F.pdf
#wget -N -P src/var/www/html/resources ...BX-305 Inlet adapter manual, not available
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/04/BX-344-9800-Rev-C.pdf
#wget -N -P src/var/www/html/resources ...BX-802 PM10 Inlet manual, not available
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/05/BX-808-9800-Rev-C.pdf
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/04/met_one_beta_source_data_sheet.pdf
wget -N -P src/var/www/html/resources https://metone.com/wp-content/uploads/2019/04/Service-E-BAM-Plus.pdf
Then copy all resource files to a place users can download from:
sudo mkdir -p /var/www/html/resources
sudo cp src/var/www/html/resources/* /var/www/html/resources
Install an FTP server for universal copy-paste access (default configuration works okay):
sudo apt install vsftpd -y
Create new user ebam for FTP login (only, no shell access):
sudo adduser -s /bin/false ebam
sudo nano /etc/shells
...
+/bin/falseCreate new directory to hold shared folders (& reset ownership):
sudo mkdir /home/ebam/data
sudo chown -R ebam:ebam /home/ebam/data
Retrict ftp login to ebam by blacklisting other users (ex: pi):
sudo nano /etc/ftpusers
...
+piNotes on vsftpd
- trying to setup anon browse access
- throws writeable root chroot errors
- anon cannot follow symlinks
- seting up user based access
- chrome does not permit login FTP browse
- chroot'ed users cannot follow symlinks
- chroot'ed users must have read-only home dir
- non-chroot users can browse/get lost in file system
- using bind vs symlinks
- nobody can see into nested
mount --bindfolders- the
mount --bindcommand isn't persistant anyway- windows explorer FTP cannot symlink or bind (sometimes?)
- https://serverfault.com/questions/972337/vsftp-accessing-nested-mounted-folders
Symlink the runtime folder with latest values into the EBAM log directory, then symlink the EBAM log directory into the FTP homedir:
sudo ln -s /run/ebam /var/log/ebam/latest
sudo ln -s /var/log/ebam /home/ebam/data
This folder (/home/ebam/data) will be the base directory (/)
for HTTP/S browsing (/data/) and the SAMBA share ("Data") (see below).
Since the FTP user is not chroot'ed, make another symlink to provide
the same short path structure (i.e. ftp://<hostname>/data/ebam/...):
sudo ln -s /home/ebam/data /data
Install the samba package so Windows clients recognize the hostname and browse the computer anonymously from the local network.
sudo apt install samba -y
Then copy the provided configuration, which will create a public, read-only
share named "data" which maps to /home/ebam/data:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
sudo cp src/etc/samba/smb.conf /etc/samba/
sudo systemctl restart smbd
This web server will allow users to reach RPi-Monitor, a data website, and basic log file browsing via the same website.
*Note we are not using secure HTTP because this device does not have a DNS entry and self-signed certificates offer no real advantage (i.e. our server is read-only).
Refer to the Usages > Authentication and secure access section of the documentation (https://xavierberger.github.io/RPi-Monitor-docs/34_autentication.html) for examples.
Install nginx, disable the default site and create a new one:
sudo apt install nginx -y
sudo rm /etc/nginx/sites-enable/default
sudo nano /etc/nginx/sites-available/ebam
Copy provided configuration file, which publishes:
- web root (
/var/www/html) as/ - RPi-Monitor (localhost:8888) as
/status - data folder (
/home/ebam/data) as/data - eventually: AQI plot (bokeh server) as
/instead
sudo cp src/etc/nginx/sites-available/ebam /etc/nginx/sites-available/ebam
Enable the new site and restart nginx:
sudo ln -s /etc/nginx/sites-available/ebam /etc/nginx/sites-enabled/ebam
sudo systemctl restart nginx
- Install the python package manager (
sudo apt-get install python-pip -y) - Then re-install using itself for possible updates (
sudo pip install pip) - Finally, install required packages:
sudo pip install python-dev pyserial pandas
Packages must be installed system-wide or the service executable will not be able to load them - therefore, do not omit
sudowhen callingpip.
Finally, copy the source files to corresponding system directories:
git clone https://github.com/patricktokeeffe/rpi-ebam-plus
...
cd rpi-ebam-plus
sudo cp src/ /
Because a cron.d/ service file is included, copying the source files is
sufficient to initiate automatic data acquisition from the E-BAM PLUS.