zeroing on - configure new station

introduction is a script written by Francis. It installs TONS of useful software on a RPI capture station. Here is how to use it.
However, for a change, I will be quoting mostly my mails to Francis, Mark and Javier this time.
But we will start with a mail from Francis, which I did not read carefully (a mistake -there were consequences)- so excited to get started already
Mark and Jacek,
I issued as root on miocid,
apt-get install wajig
cd /usr/bin ; ln -s wajig just
to create the alias. 

To define the locales (and fix the warning "-bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)", issue

    just reconfigure locales


    [*] en_GB.UTF-8 UTF-8

and add (to keep the environment invariant across RPis),
[*] en_US ISO-8859-1
[*] en_US.ISO-8859-15
[*] es_ES.UTF-8
[*] es_ES@euro ISO-8859-15

We may not need the last, but just in case.

Create /nest as user root and change permissions to csa:csa:

    csa@miocid:/ $ sudo su
    [sudo] password for csa:
    root@miocid:/# mkdir /nest
    root@miocid:/# chown csa:csa /nest

copying directories (nest)

So- without really noticing the above I went on. Logged in to csa miocid  from my rpi using ssh csa@IPaddress. And these are fragments of my mails (mostly).
Found an empty nest directory at root miocid (thank you, did not have to mkdir it).
Usually we start with mkdir /nest to create a subdirectory (at the root - the highest - level) called nest. But this one was already created by... (guess who)
Francis (God bless him) did this for me: csa@cartago:~$ rsync /home/dola/system/dola/nest/ csa@ -av   (not the real IP)
So this is how we can copy directories between RPIs. (if need be do 
chown -R csa:csa /nest/ as root on the new machine)
I need to look at the script first: /nest/cfg/  There are important things inside:
Exactly - so the format of rsync is to be found below and lots of vital info before I actually run it: (cat /nest/cfg/
# Staging directory
if [ ! -d $DIR ] ; then echo -e "\nPlease copy over the contents of /nest from the master image first:\n\tcd / ; rsync jaipur.local:/nest ./ -avn\n" ; exit ; fi
# Show redhen.config
echo -e "\n\tThis is the current redhen.config file:\n" ; cat $DIR/redhen.config
echo -e "\n\tHave you added all the information available to $DIR/redhen.config?"
read -p "Press y [Enter] to approve or just [Enter] to cancel. " RESPONSE
if [[ "$RESPONSE" != [Yy] ]] ; then echo -e "\n\tPlease edit $DIR/redhen.config before running this script.\n" ; exit ; fi

edit redhen.config

and this file needs editing
csa@miocid:/nest/cfg $ cat  redhen.config
# Red Hen configuration file
location=Wroclaw, Poland
-- Probably not important (It is backed up elsewhere) but before I edit I will back up (Francis's Noble Sixfold Path Rule 6). cp redhen.config redhen.config.backupcopy
and here is my dummy way of checking whether I can nano in this directoty or do I have to sudo nano)
nano unimportant (insert anything) ctrl X y
rm unimportant
And yes I can nano and save (it's awkward when after editing one cannot save - but the way out is to save in your home dir)
-- Found two letter country code for Spain here:
(wanted to put sp but it's es)
and Madrid Warsaw are the same time zone but changed it for decorum (or maybe it's important- dunno)
so for now we have :
# Red Hen configuration file
location=Murcia, Spain
But not running the script yet need to figure out some things....
what is this essid and psk and why is it mt (like - you know who..)

Still not sure what it is for BUT if it worked on dola it can work on miocid  (this is New York: if you can make it here, you can make it anywhere)... 

a hint from Francis:
So, almost ready to press the nuclear button...
But not yet, Sir, oh no... keep looking in the script. For example:
Please run as user root!

run as user root

try something innocent first
csa@miocid:/nest/cfg $ sudo ls
[sudo] password for csa:
csa@miocid:/nest/cfg $
hmmm.... how to make myself a sudoer without bothering Francis for password... (probably can't be done)....
wait! how about user pi ? he can do anything....
from rpi documentation (google rpi how to give sudo rights ets,)
The default pi user on Raspbian is a sudoer. This gives the ability to run commands as root when preceded by sudo, and to switch to the root user with sudo su.
To add a new user to sudoers, type sudo visudo (from a sudoer user) and find the line root ALL=(ALL:ALL) ALL, under the commented header # User privilege specification. Copy this line and switch from root to the username. To allow passwordless root access, change to NOPASSWD: ALL. The example below gives the user bob passwordless sudo access:
# User privilege specification

Save and exit to apply the changes. Be careful, as it's possible to remove your own sudo rights by accident.

so I need to login as pi and see if I can and sudo visudo.....Mark was talking about changing pi's password yesterday, hmmm.... processing.
And another divine intervention from F: See csa@miocid:~/Present-for-Jacek   -:) thank you dear Franciszek!  
I am such a dummy! I knew that pass of course but thought it will be a special one for sudo...
bash: command not found
root@miocid:/nest/cfg# chmod a+x
bash: command not found
the shebang is there:) #!/bin/bash , what's wrong?. processing....DUH solved (add ./ before the script name)

running the script

And so it begins:
root@miocid:/nest/cfg# ./

        Configuring the RPi as a recording station in the Red Hen network ...

        This is the current redhen.config file:

# Red Hen configuration file
location=Murcia, Spain

        Have you added all the information available to /nest/cfg/redhen.config?

someone stop me NOW. I have a script here and I am not afraid to use it! too late, no one stopped me...and the symphony begins - more than 50 pages of output 
and it's MAJESTIC. page after page:
Get:22 jessie/main libc-ares2 armhf 1.10.0-2+deb8u1 [66.6 kB]
Get:23 jessie/main vim-tiny armhf 2:7.4.488-7+deb8u1 [357 kB]
Get:24 jessie/main vim-common armhf 2:7.4.488-7+deb8u1 [184 kB]
Get:25 jessie/main bind9-host armhf 1:9.9.5.dfsg-9+deb8u8 [65.4 kB]
Get:26 jessie/main libisc95 armhf 1:9.9.5.dfsg-9+deb8u8 [150 kB]
Get:27 jessie/main libdns100 armhf 1:9.9.5.dfsg-9+deb8u8 [599 kB]
Get:28 jessie/main libisccc90 armhf 1:9.9.5.dfsg-9+deb8u8 [34.1 kB]
Get:29 jessie/main libisccfg90 armhf 1:9.9.5.dfsg-9+deb8u8 [50.1 kB]
Get:30 jessie/main libbind9-90 armhf 1:9.9.5.dfsg-9+deb8u8 [41.1 kB]
Get:31 jessie/main liblwres90 armhf 1:9.9.5.dfsg-9+deb8u8 [47.6 kB]
etc etc etc
just press y from time to time. sometimes there is graphics! (like for adobe flash player)
some files huge - takes long to unpack: Unpacking raspberrypi-kernel (1.20161125-1) over (1.20160921-1), etc.
still... Unpacking raspberrypi-kernel (1.20161125-1) over (1.20160921-1)
I hope it did not hang on me... will have a shower while it works:)
no shower now - it moves on:)
Configuration file '/etc/lightdm/lightdm.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** lightdm.conf (Y/I/N/O/D/Z) [default=N] ?
Shall I play safe (N)? I think I will - it can be updated later and I don't know the consequences for the working system (Francis's Noble Sixfold Path Rule 3)
An hour twenty - and it keeps going (but showered, yes)


Issue the command as root:
    just reconfigure locales
and select

    [*] en_US.UTF-8 UTF-8 (the default locale for all Red Hen capture stations and the only essential selection)
    [*] en_US.ISO-8859-1 (some utilities want this)
    [*] es_ES.UTF-8 (the local language in UTF-8)
    [*] es_ES@euro ISO-8859-15 (the local language in ISO)

Press TAB and select "
en_US.UTF-8" as the default locale -- this is important to get the right environment. 
TAB to OK and Enter to accept. The locales you selected will now be built.

mail configuration

another tough choice. Tempted to choose smarthost but what if questions follow and I don't have answers. Choosing the last option then...
After some consideration - no. Chose smarthost. And of course 10 questions followed- chose default answers. (just perss Enter)
ALERT  (From Francis)

For the exim4 mail transport agent, define a fully qualified domain name, e.g.,, in /etc/mailname. Also add this line to /etc/hosts (fully qualified domain name, used by alpine):	fenix
The mail configuration is for the exim4 mail transport agent (MTA) -- in the case of miocid, we may well be able to send mail out; we should find out the name of Javier's university's SMTP host. It could be very useful to allow us to generate e-mail notifications. To rerun the MTA definition, 

     just reconfigure exim4-config

See also the notes on timezone configuration that follows this information in Portugal capture station. The lightdm.conf information may be outdated; please investigate. It may be that jessie now has a different display manager than lightdm -- that is to say, lightdm on fenix is what manages that graphical user interface, x-windows.

These are all classic elements of Linux system administration; it's great you're learning how to handle it.

Best wishes,

And so it is done:) (about 2-2.5 hours). What a great script!!!!

Jacek's thank-you address on completing the install (to be used at the next Oscar gala):
Dear Mark, Francis and Javier,
It is done. and I am so proud, so proud I did it. Thank you to Francis, Mark and Javier, to my beloved wife who prepared breakfast for me while I was working and to my mum and dad and all friends at Red Hen. Thank you all from the bottom of my heart!

And if I were Francis now, I would ask: "will you take it from here?"
And if Francis was me, he would say: "certainly - where?"

Kind regards,

expanding the root file structure (getting more space on microSD) 

(from Mark) Jacek, Francis
miocid shows that its root filesystem is only 15G.  It should be much closer to 32G:
We use raspi-config to expand the root file structure to take up the entire card.
That is
sudo raspi-config
and then choose to expand the root filesystem
However, that is not working on miocid; don’t know why

From Francis:
he utility raspi-config is a bash script, so you can run it verbosely like this:
bash-xv raspi-config --expand-rootfs
What that shows is some parted (partitioning) commands, including
parted /dev/mmcblk0 -ms unit s p
On miocid, this command produces the following output:
root@miocid:~ # parted /dev/mmcblk0 -ms unit s p
/dev/mmcblk0:31291392s:sd/mmc:512:512:msdos:SD 00000:;
On dola, the same command produces this result -- note the difference in size in bold:
root@dola:~# parted /dev/mmcblk0 -ms unit s p
/dev/mmcblk0:62333952s:sd/mmc:512:512:msdos:SD SL32G:;
The simplest explanation is that the microSD card for miocid is a 16GB card, while the one on dola is 32GB.
We can get more information by issuing (as root):
udevadm info -a -n /dev/mmcblk0
Miocid shows ATTR{size}=="31291392", while both dola and vila show ATTR{size}=="62333952".

saving space on microSD

(from Mark) Jacek,
One more point about the hard disk: the microSD card is, we hear, fragile, and it is best to limit
the amount of writing to the card, as opposed to reading from the card.
Accordingly, not only do we put the entire tv and ts directories on HD1, we also 
ask users to work only on HD1, so for each user, we create a directory HD1 in the 
user home account and symlink that to the HD1 hard disk, and ask them to work to
the extent possible only on HD1.  The message of the day (/etc/motd) for 
redalpha, for example, is this:

formatting the HD

formatting usb stick (new, Dec 2017)

(from Francis) Hi Jacek,

Brilliant work. I'm leaving it all to you, but formatting the hard drive. First, find it and unmount it, as root:

root@miocid:~ # df -h

Filesystem      Size  Used Avail Use% Mounted on
/dev/root        15G  3.0G   11G  22% /
devtmpfs        459M     0  459M   0% /dev
tmpfs           463M     0  463M   0% /dev/shm
tmpfs           463M  6.4M  457M   2% /run
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           463M     0  463M   0% /sys/fs/cgroup
/dev/mmcblk0p1   63M   21M   43M  34% /boot
tmpfs            93M     0   93M   0% /run/user/1000
/dev/sda2       4.6T  251M  4.6T   1% /media/pi/Seagate Expansion Drive
tmpfs            93M     0   93M   0% /run/user/1002
root@miocid:~ # umount /dev/sda2

As you see, it's mounted itself as "/media/pi/Seagate Expansion Drive", which is not the favored vernacular. Unmount it:

# umount /mnt/sda2

If you're curious, query it:

# fdisk -l /dev/sda

Device      Start        End    Sectors  Size Type
/dev/sda1      34     262177     262144  128M Microsoft reserved
/dev/sda2  264192 9767540735 9767276544  4.6T Microsoft basic data

Partition 2 does not start on physical sector boundary.

As you can see, it is infected and needs a good shower. We first zap everything (note we operate directly on /dev/sda, not on /dev/sda1 or 2):

root@miocid:~ # gdisk /dev/sda
GPT fdisk (gdisk) version 0.8.10

Partition table scan:
  MBR: MBR only
  BSD: not present
  APM: not present
  GPT: not present

Found protective MBR.

Command (? for help): x

Expert command (? for help): z
Blank out MBR? (Y/N): y

Then we create a single new partition of the GPT type:

root@miocid:~ # gdisk /dev/sda
GPT fdisk (gdisk) version 0.8.10

Partition table scan:
  MBR: not present
  BSD: not present
  APM: not present
  GPT: not present

Creating new GPT entries.

Command (? for help): n
Partition number (1-128, default 1): 
First sector (34-9767541133, default = 2048) or {+-}size{KMGTP}: 
Last sector (2048-9767541133, default = 9767541133) or {+-}size{KMGTP}: 
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): 
Changed type of partition to 'Linux filesystem'

Command (? for help): i
Using 1
Partition GUID code: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 (Linux filesystem)
Partition unique GUID: 5345F871-0A8D-42D2-ABB4-76D1CF1E6704
First sector: 2048 (at 1024.0 KiB)
Last sector: 9767541133 (at 4.5 TiB)
Partition size: 9767539086 sectors (4.5 TiB)
Attribute flags: 0000000000000000
Partition name: 'Linux filesystem'

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING

Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sda.
The operation has completed successfully.

Next, we add a file system. For large drives that will receive large files, we use xfs:

root@miocid:~ # mkfs.xfs /dev/sda1       (apt-get install xfsprogs if need be, JW)

meta-data=/dev/sda1              isize=256    agcount=5, agsize=268435455 blks
         =                       sectsz=4096  attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=1220942385, imaxpct=5
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=521728, version=2
         =                       sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0


root@miocid:~ #  fdisk -l /dev/sda

Disk /dev/sda: 4.6 TiB, 5000981077504 bytes, 9767541167 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: C6989A95-4C00-4B27-9BAA-AB24FB0E0C97

Device     Start        End    Sectors  Size Type
/dev/sda1   2048 9767541133 9767539086  4.6T Linux filesystem

Add a label -- note we now label the partition, /dev/sda1, NOT the drive, /dev/sda:

root@miocid:~ # xfs_admin -L HD1 /dev/sda1
writing all SBs
new label = "HD1"

Add the drive to the file system table -- nano /etc/fstab:

LABEL=HD1  /mnt/HD1  xfs  auto,nofail,rw,user,exec,relatime 0 0

Create the mount point and give it to csa:

root@miocid:~ # md /mnt/HD1
root@miocid:~ # chown -R csa:csa /mnt/HD1

In a different screen window, mount the drive as user csa: 

csa@miocid:~ $ mount /mnt/HD1

If you get this error (I did):

mount: unknown filesystem type 'xfs'

It's because refreshed the packages and installed a new kernel, after which a reboot is required. So reboot; the drive will now mount. Give it again to csa (important):

root@miocid:~ # chown -R csa:csa /mnt/HD1

Verify with df. Highly efficient people (tm) enlist the external hard drive prior to running; that way creates the needed directories on the new drive. I've never done this myself but it's clearly a good idea. 

Now we do it manually -- complete the symlinks in /home/csa and /nest/tuners:

lrwxrwxrwx 1   15 Dec  3 09:25 mail -> HD1/system/mail
lrwxrwxrwx 1   10 Dec  3 09:25 system -> HD1/system
lrwxrwxrwx 1   15 Dec  3 09:25 todo -> HD1/system/todo
lrwxrwxrwx 1    6 Dec  3 09:25 ts -> HD1/ts
lrwxrwxrwx 1    6 Dec  3 09:25 tv -> HD1/tv

So issue
md -p HD1/system/mail HD1/system/todo HD1/ts HD1/tv /mnt/HD1/system/tuners/logs

Verify with the alias


a wszystkie wasze grzechy będą odpuszczone. (YES!, JW)


Appendix 2017-01-11

To install the Red Hen software from nest, first become root
sudo su
mkdir /nest
chown csa:csa /nest
Then, as user csa:
rsync ca:/home/dola/system/dola/nest/ /nest/ -av
Before running, it's a good idea to set up the hard drive at /mnt/HD1, owned by csa:csa. If you do, will create the needed directories and symlinks.


while true; do ssh -R 8011:$HOSTNAME:22 kraaken@ sleep 60 ; sleep 60 ; done
This continuously creates a tunnel that stays open for 60 seconds.
We can use any duration. The tunneld script uses 900 seconds, but it does sometimes fail, so a short duration is warranted for first contact.

  1. cd /nest/tuners
  3. cp signal current
  4. /tv needs to be a symlink to /mnt/HD1/tv
Go ahead and create /mnt/HD1/spool and then symlink
     ln -s /mnt/HD1/spool /mnt/spool
You'll need to be root and then change the permissions to csa:csa.

Procedure if hard drive crashes

  1. dmesg -- look for crash evidence -- in this case the last line:

    [142726.108450] scsi host3: usb-storage 1-1.3:1.0
    [142727.116303] scsi 3:0:0:0: Direct-Access     WD       Elements 107C    1065 PQ: 0 ANSI: 6
    [142727.124257] sd 3:0:0:0: [sda] Spinning up disk...
    [142727.135392] sd 3:0:0:0: Attached scsi generic sg0 type 0
    [142728.125046] ...........ready
    [142738.410981] sd 3:0:0:0: [sda] 1220934400 4096-byte logical blocks: (5.00 TB/4.55 TiB)
    [142738.412043] sd 3:0:0:0: [sda] Write Protect is off
    [142738.412083] sd 3:0:0:0: [sda] Mode Sense: 53 00 10 08
    [142738.413163] sd 3:0:0:0: [sda] No Caching mode page found
    [142738.413200] sd 3:0:0:0: [sda] Assuming drive cache: write through
    [142738.545896]  sda: sda1
    [142738.559827] sd 3:0:0:0: [sda] Attached SCSI disk
    [142755.085625] XFS (sdb1): xfs_log_force: error -5 returned.

  2. cd out of all directories on the drive -- all windows in all screens

  3. Look for processes using the drive and kill them

    root@elf:/usr/local/bin # lsof | grep HD1
    lsof: WARNING: can't stat() xfs file system /mnt/HD1
          Output information may be incomplete.
    bash        499             csa  cwd   unknown                                /mnt/HD1/spool (stat: Input/output error)
    root@elf:/usr/local/bin # 

  4. Try to unmount:

    root@elf:/usr/local/bin # umount /mnt/HD1
    root@elf:/usr/local/bin # df -h
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/root        30G  2.3G   26G   9% /
    devtmpfs         87M     0   87M   0% /dev
    tmpfs            91M     0   91M   0% /dev/shm
    tmpfs            91M  4.5M   87M   5% /run
    tmpfs           5.0M  4.0K  5.0M   1% /run/lock
    tmpfs            91M     0   91M   0% /sys/fs/cgroup
    /dev/mmcblk0p1   63M   21M   42M  33% /boot
    tmpfs            19M     0   19M   0% /run/user/1001

    That worked. If it hadn't worked, try lazy umount and reboot when safe:

    umount -l /mnt/HD1

  5. Remount as user csa

    csa@elf:~ $ mount /mnt/HD1
    csa@elf:~ $ 

  6. Check dmesg again:

    [143810.183805] XFS (sda1): Mounting V4 Filesystem
    [143811.214935] XFS (sda1): Starting recovery (logdev: internal)
    [143811.308341] XFS (sda1): Ending recovery (logdev: internal)

    Looks good.


Getting things from backup on cartago

You can get scripts straight from odin's backup on cartago -- 
csa@odin:/nest/bin $ scp ca:/home/odin/system/odin/nest/bin/

More simply and elegantly, you can now use /nest/bin/yinfo-backup for this:
./yinfo-backin dola

fail2ban problem

I believe fail2ban will relent after a while; this could be a problem if I'm not available to clear the block. To verify there is a user of the name you're trying to access, say $NEWUSER, you could log in with another user first and check if /home/$NEWUSER exists. For details see Configure fail2ban.

Upgrading Raspbian

Debian released Stretch in the summer of 2017, and Raspbian soon followed. We upgraded from Jessie to Stretch in October 2017.

1. Become root
csa@redhen3rpi ~ $ sudo su
[sudo] password for csa:
root@redhen3rpi /home/csa # cd

2. Update the repositories
root@redhen3rpi ~ # just update

3. Upgrade the packages
root@redhen3rpi ~ # just distupgrade

4. Respond to any questions during the upgrade process.

If there are configuration errors, these commands can be useful:
apt-get install --reinstall <package names>
dpkg --configure -a
apt-get -f install
apt list --upgradable
apt-get upgrade --dry-run

5. Verify
just fix-configure
just fix-install
just autoremove

6. Reboot if you're asked to, or you're installing a new kernel, or if the file system is bad
Normally, you don't need to reboot -- some Red Hen servers haven't been rebooted in more than a year.

Installing the new ffmpeg

The previous ffmpeg stopped working (segfaulted). We needed to explicitly install a series of dependencies to upgrade to ffmpeg 10:3.3.4-dmo1+deb9u1.

First put the version number in a variable:

Second, create a temporary file listing all the dependencies in this order:
nano /tmp/ffm and paste:


Third, run a for loop to explicitly install each of these with the version required:
for F in `cat /tmp/ffm` ; do apt-get -y install $F=$d ; done

Other scripts and packages

I also rebuilt dvb-dvbt-ts from source in the new build environment on stretch, following the instructions under the Portugal capture station.
just install dvb-dvbt-ts_0.08-1_armhf-stretch.deb

fail2ban fails to start, so copy in the new default config file:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local (or fail2ban fails)

I also made some script improvements on dola that need to be propagated -- here's rusalka picking them up:
./yinfo-backin dola
./yinfo-backin dola
./yinfo-backin dola
cd /nest/cfg
rsync ca:/home/$HOST/system/$HOST/nest/cfg/dvb-dvbt-ts_0.08-1_armhf-stretch.deb /nest/cfg/ -av

As user root:
cd /nest/cfg
just install dvb-dvbt-ts_0.08-1_armhf-stretch.deb
cd /nest/bin
cp -p /usr/local/bin
cd /usr/local/bin
ln -sf
ln -sf
ln -sf

Sending the security key after install

            After installing, must not forget about this:
            name@cartago:~$ ssh-copy-id csa@name 
            and a useful quote here: "Also copied /etc/ssh/sshd_config from dola (only removed jacek from allowed users) then  issued just restart ssh"