zeroing on - configure new station

introduction is a script written by Francis. It installs TONS of useful software on a RPI capture station. Here is how to use it.

However, for a change, I will be quoting mostly my mails to Francis, Mark and Javier this time.

But we will start with a mail from Francis, which I did not read carefully (a mistake -there were consequences)- so excited to get started already

Mark and Jacek,

I issued as root on miocid,

apt-get install wajig


cd /usr/bin ; ln -s wajig just

to create the alias.

To define the locales (and fix the warning "-bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)", issue

just reconfigure locales


[*] en_GB.UTF-8 UTF-8

and add (to keep the environment invariant across RPis),

[*] en_US ISO-8859-1

[*] en_US.ISO-8859-15

[*] es_ES.UTF-8

[*] es_ES@euro ISO-8859-15

We may not need the last, but just in case.

Create /nest as user root and change permissions to csa:csa:

csa@miocid:/ $ sudo su

[sudo] password for csa:

root@miocid:/# mkdir /nest

root@miocid:/# chown csa:csa /nest

copying directories (nest)

So- without really noticing the above I went on. Logged in to csa miocid from my rpi using ssh csa@IPaddress. And these are fragments of my mails (mostly).

Found an empty nest directory at root miocid (thank you, did not have to mkdir it).

Usually we start with mkdir /nest to create a subdirectory (at the root - the highest - level) called nest. But this one was already created by... (guess who)

Francis (God bless him) did this for me: csa@cartago:~$ rsync /home/dola/system/dola/nest/ csa@ -av (not the real IP)

So this is how we can copy directories between RPIs. (if need be do chown -R csa:csa /nest/ as root on the new machine)

I need to look at the script first: /nest/cfg/ There are important things inside:

Exactly - so the format of rsync is to be found below and lots of vital info before I actually run it: (cat /nest/cfg/

# Staging directory


if [ ! -d $DIR ] ; then echo -e "\nPlease copy over the contents of /nest from the master image first:\n\tcd / ; rsync jaipur.local:/nest ./ -avn\n" ; exit ; fi

# Show redhen.config

echo -e "\n\tThis is the current redhen.config file:\n" ; cat $DIR/redhen.config

echo -e "\n\tHave you added all the information available to $DIR/redhen.config?"

read -p "Press y [Enter] to approve or just [Enter] to cancel. " RESPONSE

if [[ "$RESPONSE" != [Yy] ]] ; then echo -e "\n\tPlease edit $DIR/redhen.config before running this script.\n" ; exit ; fi

edit redhen.config

and this file needs editing

csa@miocid:/nest/cfg $ cat redhen.config

# Red Hen configuration file

location=Wroclaw, Poland





-- Probably not important (It is backed up elsewhere) but before I edit I will back up (Francis's Noble Sixfold Path Rule 6). cp redhen.config redhen.config.backupcopy

and here is my dummy way of checking whether I can nano in this directoty or do I have to sudo nano)

nano unimportant (insert anything) ctrl X y

rm unimportant

And yes I can nano and save (it's awkward when after editing one cannot save - but the way out is to save in your home dir)

-- Found two letter country code for Spain here:

(wanted to put sp but it's es)

and Madrid Warsaw are the same time zone but changed it for decorum (or maybe it's important- dunno)

so for now we have :

# Red Hen configuration file

location=Murcia, Spain





But not running the script yet need to figure out some things....

what is this essid and psk and why is it mt (like - you know who..)

Still not sure what it is for BUT if it worked on dola it can work on miocid (this is New York: if you can make it here, you can make it anywhere)...

a hint from Francis:

Excellent! essid and psk are for the wireless -- once everything is done, you might try connecting to Eduroam:

So, almost ready to press the nuclear button...

But not yet, Sir, oh no... keep looking in the script. For example:

Please run as user root!

run as user root

try something innocent first

csa@miocid:/nest/cfg $ sudo ls

[sudo] password for csa:

csa@miocid:/nest/cfg $

hmmm.... how to make myself a sudoer without bothering Francis for password... (probably can't be done)....

wait! how about user pi ? he can do anything....

from rpi documentation (google rpi how to give sudo rights ets,)


The default pi user on Raspbian is a sudoer. This gives the ability to run commands as root when preceded by sudo, and to switch to the root user with sudo su.

To add a new user to sudoers, type sudo visudo (from a sudoer user) and find the line root ALL=(ALL:ALL) ALL, under the commented header # User privilege specification. Copy this line and switch from root to the username. To allow passwordless root access, change to NOPASSWD: ALL. The example below gives the user bob passwordless sudo access:

# User privilege specification root  ALL=(ALL:ALL) ALL bob   ALL = NOPASSWD: ALL

Save and exit to apply the changes. Be careful, as it's possible to remove your own sudo rights by accident.

so I need to login as pi and see if I can and sudo visudo.....Mark was talking about changing pi's password yesterday, hmmm.... processing.

And another divine intervention from F: See csa@miocid:~/Present-for-Jacek -:) thank you dear Franciszek!

I am such a dummy! I knew that pass of course but thought it will be a special one for sudo...



bash: command not found

root@miocid:/nest/cfg# chmod a+x


bash: command not found

the shebang is there:) #!/bin/bash , what's wrong?. processing....DUH solved (add ./ before the script name)

running the script

And so it begins:

root@miocid:/nest/cfg# ./

Configuring the RPi as a recording station in the Red Hen network ...

This is the current redhen.config file:

# Red Hen configuration file

location=Murcia, Spain





Have you added all the information available to /nest/cfg/redhen.config?

someone stop me NOW. I have a script here and I am not afraid to use it! too late, no one stopped me...and the symphony begins - more than 50 pages of output

and it's MAJESTIC. page after page:

Get:22 jessie/main libc-ares2 armhf 1.10.0-2+deb8u1 [66.6 kB]

Get:23 jessie/main vim-tiny armhf 2:7.4.488-7+deb8u1 [357 kB]

Get:24 jessie/main vim-common armhf 2:7.4.488-7+deb8u1 [184 kB]

Get:25 jessie/main bind9-host armhf 1:9.9.5.dfsg-9+deb8u8 [65.4 kB]

Get:26 jessie/main libisc95 armhf 1:9.9.5.dfsg-9+deb8u8 [150 kB]

Get:27 jessie/main libdns100 armhf 1:9.9.5.dfsg-9+deb8u8 [599 kB]

Get:28 jessie/main libisccc90 armhf 1:9.9.5.dfsg-9+deb8u8 [34.1 kB]

Get:29 jessie/main libisccfg90 armhf 1:9.9.5.dfsg-9+deb8u8 [50.1 kB]

Get:30 jessie/main libbind9-90 armhf 1:9.9.5.dfsg-9+deb8u8 [41.1 kB]

Get:31 jessie/main liblwres90 armhf 1:9.9.5.dfsg-9+deb8u8 [47.6 kB]

etc etc etc

just press y from time to time. sometimes there is graphics! (like for adobe flash player)

some files huge - takes long to unpack: Unpacking raspberrypi-kernel (1.20161125-1) over (1.20160921-1), etc.

still... Unpacking raspberrypi-kernel (1.20161125-1) over (1.20160921-1)

I hope it did not hang on me... will have a shower while it works:)

no shower now - it moves on:)

Configuration file '/etc/lightdm/lightdm.conf'

==> Modified (by you or by a script) since installation.

==> Package distributor has shipped an updated version.

What would you like to do about it ? Your options are:

Y or I : install the package maintainer's version

N or O : keep your currently-installed version

D : show the differences between the versions

Z : start a shell to examine the situation

The default action is to keep your current version.

*** lightdm.conf (Y/I/N/O/D/Z) [default=N] ?

Shall I play safe (N)? I think I will - it can be updated later and I don't know the consequences for the working system (Francis's Noble Sixfold Path Rule 3)

An hour twenty - and it keeps going (but showered, yes)


Issue the command as root:

just reconfigure locales

and select

[*] en_US.UTF-8 UTF-8 (the default locale for all Red Hen capture stations and the only essential selection)

[*] en_US.ISO-8859-1 (some utilities want this)

[*] es_ES.UTF-8 (the local language in UTF-8)

[*] es_ES@euro ISO-8859-15 (the local language in ISO)

Press TAB and select "en_US.UTF-8" as the default locale -- this is important to get the right environment.

TAB to OK and Enter to accept. The locales you selected will now be built.

mail configuration

another tough choice. Tempted to choose smarthost but what if questions follow and I don't have answers. Choosing the last option then...

After some consideration - no. Chose smarthost. And of course 10 questions followed- chose default answers. (just perss Enter)


ALERT (From Francis)

For the exim4 mail transport agent, define a fully qualified domain name, e.g.,, in /etc/mailname. Also add this line to /etc/hosts (fully qualified domain name, used by alpine): fenix

The mail configuration is for the exim4 mail transport agent (MTA) -- in the case of miocid, we may well be able to send mail out; we should find out the name of Javier's university's SMTP host. It could be very useful to allow us to generate e-mail notifications. To rerun the MTA definition,

just reconfigure exim4-config

See also the notes on timezone configuration that follows this information in Portugal capture station. The lightdm.conf information may be outdated; please investigate. It may be that jessie now has a different display manager than lightdm -- that is to say, lightdm on fenix is what manages that graphical user interface, x-windows.

These are all classic elements of Linux system administration; it's great you're learning how to handle it.

Best wishes,



And so it is done:) (about 2-2.5 hours). What a great script!!!!

Jacek's thank-you address on completing the install (to be used at the next Oscar gala):

Dear Mark, Francis and Javier,

It is done. and I am so proud, so proud I did it. Thank you to Francis, Mark and Javier, to my beloved wife who prepared breakfast for me while I was working and to my mum and dad and all friends at Red Hen. Thank you all from the bottom of my heart!

And if I were Francis now, I would ask: "will you take it from here?"

And if Francis was me, he would say: "certainly - where?"

Kind regards,


expanding the root file structure (getting more space on microSD)

(from Mark) Jacek, Francis

miocid shows that its root filesystem is only 15G. It should be much closer to 32G:


We use raspi-config to expand the root file structure to take up the entire card.

That is

sudo raspi-config

and then choose to expand the root filesystem

However, that is not working on miocid; don’t know why

From Francis:

he utility raspi-config is a bash script, so you can run it verbosely like this:

bash-xv raspi-config --expand-rootfs

What that shows is some parted (partitioning) commands, including

parted /dev/mmcblk0 -ms unit s p

On miocid, this command produces the following output:

root@miocid:~ # parted /dev/mmcblk0 -ms unit s p


/dev/mmcblk0:31291392s:sd/mmc:512:512:msdos:SD 00000:;



On dola, the same command produces this result -- note the difference in size in bold:

root@dola:~# parted /dev/mmcblk0 -ms unit s p


/dev/mmcblk0:62333952s:sd/mmc:512:512:msdos:SD SL32G:;



The simplest explanation is that the microSD card for miocid is a 16GB card, while the one on dola is 32GB.

We can get more information by issuing (as root):

udevadm info -a -n /dev/mmcblk0

Miocid shows ATTR{size}=="31291392", while both dola and vila show ATTR{size}=="62333952".

saving space on microSD

(from Mark) Jacek,

One more point about the hard disk: the microSD card is, we hear, fragile, and it is best to limit

the amount of writing to the card, as opposed to reading from the card.

Accordingly, not only do we put the entire tv and ts directories on HD1, we also

ask users to work only on HD1, so for each user, we create a directory HD1 in the

user home account and symlink that to the HD1 hard disk, and ask them to work to

the extent possible only on HD1. The message of the day (/etc/motd) for

redalpha, for example, is this:

formatting the HD

formatting usb stick (new, Dec 2017)

(from Francis) Hi Jacek,

Brilliant work. I'm leaving it all to you, but formatting the hard drive. First, find it and unmount it, as root:

root@miocid:~ # df -h

Filesystem Size Used Avail Use% Mounted on

/dev/root 15G 3.0G 11G 22% /

devtmpfs 459M 0 459M 0% /dev

tmpfs 463M 0 463M 0% /dev/shm

tmpfs 463M 6.4M 457M 2% /run

tmpfs 5.0M 4.0K 5.0M 1% /run/lock

tmpfs 463M 0 463M 0% /sys/fs/cgroup

/dev/mmcblk0p1 63M 21M 43M 34% /boot

tmpfs 93M 0 93M 0% /run/user/1000

/dev/sda2 4.6T 251M 4.6T 1% /media/pi/Seagate Expansion Drive

tmpfs 93M 0 93M 0% /run/user/1002

root@miocid:~ # umount /dev/sda2

As you see, it's mounted itself as "/media/pi/Seagate Expansion Drive", which is not the favored vernacular. Unmount it:

# umount /mnt/sda2

If you're curious, query it:

# fdisk -l /dev/sda

Device Start End Sectors Size Type

/dev/sda1 34 262177 262144 128M Microsoft reserved

/dev/sda2 264192 9767540735 9767276544 4.6T Microsoft basic data

Partition 2 does not start on physical sector boundary.

As you can see, it is infected and needs a good shower. We first zap everything (note we operate directly on /dev/sda, not on /dev/sda1 or 2):

root@miocid:~ # gdisk /dev/sda

GPT fdisk (gdisk) version 0.8.10

Partition table scan:

MBR: MBR only

BSD: not present

APM: not present

GPT: not present

Found protective MBR.

Command (? for help): x

Expert command (? for help): z

Blank out MBR? (Y/N): y

Then we create a single new partition of the GPT type:

root@miocid:~ # gdisk /dev/sda

GPT fdisk (gdisk) version 0.8.10

Partition table scan:

MBR: not present

BSD: not present

APM: not present

GPT: not present

Creating new GPT entries.

Command (? for help): n

Partition number (1-128, default 1):

First sector (34-9767541133, default = 2048) or {+-}size{KMGTP}:

Last sector (2048-9767541133, default = 9767541133) or {+-}size{KMGTP}:

Current type is 'Linux filesystem'

Hex code or GUID (L to show codes, Enter = 8300):

Changed type of partition to 'Linux filesystem'

Command (? for help): i

Using 1

Partition GUID code: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 (Linux filesystem)

Partition unique GUID: 5345F871-0A8D-42D2-ABB4-76D1CF1E6704

First sector: 2048 (at 1024.0 KiB)

Last sector: 9767541133 (at 4.5 TiB)

Partition size: 9767539086 sectors (4.5 TiB)

Attribute flags: 0000000000000000

Partition name: 'Linux filesystem'

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING


Do you want to proceed? (Y/N): y

OK; writing new GUID partition table (GPT) to /dev/sda.

The operation has completed successfully.

Next, we add a file system. For large drives that will receive large files, we use xfs:

root@miocid:~ # mkfs.xfs /dev/sda1 (apt-get install xfsprogs if need be, JW)

meta-data=/dev/sda1 isize=256 agcount=5, agsize=268435455 blks

= sectsz=4096 attr=2, projid32bit=1

= crc=0 finobt=0

data = bsize=4096 blocks=1220942385, imaxpct=5

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096 ascii-ci=0 ftype=0

log =internal log bsize=4096 blocks=521728, version=2

= sectsz=4096 sunit=1 blks, lazy-count=1

realtime =none extsz=4096 blocks=0, rtextents=0


root@miocid:~ # fdisk -l /dev/sda

Disk /dev/sda: 4.6 TiB, 5000981077504 bytes, 9767541167 sectors

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 4096 bytes

I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disklabel type: gpt

Disk identifier: C6989A95-4C00-4B27-9BAA-AB24FB0E0C97

Device Start End Sectors Size Type

/dev/sda1 2048 9767541133 9767539086 4.6T Linux filesystem

Add a label -- note we now label the partition, /dev/sda1, NOT the drive, /dev/sda:

root@miocid:~ # xfs_admin -L HD1 /dev/sda1

writing all SBs

new label = "HD1"

Add the drive to the file system table -- nano /etc/fstab:

LABEL=HD1 /mnt/HD1 xfs auto,nofail,rw,user,exec,relatime 0 0

Create the mount point and give it to csa:

root@miocid:~ # md /mnt/HD1

root@miocid:~ # chown -R csa:csa /mnt/HD1

In a different screen window, mount the drive as user csa:

csa@miocid:~ $ mount /mnt/HD1

If you get this error (I did):

mount: unknown filesystem type 'xfs'

It's because refreshed the packages and installed a new kernel, after which a reboot is required. So reboot; the drive will now mount. Give it again to csa (important):

root@miocid:~ # chown -R csa:csa /mnt/HD1

Verify with df. Highly efficient people (tm) enlist the external hard drive prior to running; that way creates the needed directories on the new drive. I've never done this myself but it's clearly a good idea.

Now we do it manually -- complete the symlinks in /home/csa and /nest/tuners:

lrwxrwxrwx 1 15 Dec 3 09:25 mail -> HD1/system/mail

lrwxrwxrwx 1 10 Dec 3 09:25 system -> HD1/system

lrwxrwxrwx 1 15 Dec 3 09:25 todo -> HD1/system/todo

lrwxrwxrwx 1 6 Dec 3 09:25 ts -> HD1/ts

lrwxrwxrwx 1 6 Dec 3 09:25 tv -> HD1/tv

So issue

md -p HD1/system/mail HD1/system/todo HD1/ts HD1/tv /mnt/HD1/system/tuners/logs

Verify with the alias


a wszystkie wasze grzechy będą odpuszczone. (YES!, JW)


Appendix 2017-01-11

To install the Red Hen software from nest, first become root

sudo su

mkdir /nest

chown csa:csa /nest

Then, as user csa:

rsync ca:/home/dola/system/dola/nest/ /nest/ -av

Before running, it's a good idea to set up the hard drive at /mnt/HD1, owned by csa:csa. If you do, will create the needed directories and symlinks.


while true; do ssh -R 8011:$HOSTNAME:22 kraaken@ sleep 60 ; sleep 60 ; done

This continuously creates a tunnel that stays open for 60 seconds.

We can use any duration. The tunneld script uses 900 seconds, but it does sometimes fail, so a short duration is warranted for first contact.

    1. cd /nest/tuners
    3. cp signal current
    4. /tv needs to be a symlink to /mnt/HD1/tv

Go ahead and create /mnt/HD1/spool and then symlink

ln -s /mnt/HD1/spool /mnt/spool

You'll need to be root and then change the permissions to csa:csa.

Procedure if hard drive crashes

    1. dmesg -- look for crash evidence -- in this case the last line:
    2. [142726.108450] scsi host3: usb-storage 1-1.3:1.0
    3. [142727.116303] scsi 3:0:0:0: Direct-Access WD Elements 107C 1065 PQ: 0 ANSI: 6
    4. [142727.124257] sd 3:0:0:0: [sda] Spinning up disk...
    5. [142727.135392] sd 3:0:0:0: Attached scsi generic sg0 type 0
    6. [142728.125046] ...........ready
    7. [142738.410981] sd 3:0:0:0: [sda] 1220934400 4096-byte logical blocks: (5.00 TB/4.55 TiB)
    8. [142738.412043] sd 3:0:0:0: [sda] Write Protect is off
    9. [142738.412083] sd 3:0:0:0: [sda] Mode Sense: 53 00 10 08
    10. [142738.413163] sd 3:0:0:0: [sda] No Caching mode page found
    11. [142738.413200] sd 3:0:0:0: [sda] Assuming drive cache: write through
    12. [142738.545896] sda: sda1
    13. [142738.559827] sd 3:0:0:0: [sda] Attached SCSI disk
    14. [142755.085625] XFS (sdb1): xfs_log_force: error -5 returned.
    15. cd out of all directories on the drive -- all windows in all screens
    16. Look for processes using the drive and kill them
    17. root@elf:/usr/local/bin # lsof | grep HD1
    18. lsof: WARNING: can't stat() xfs file system /mnt/HD1
    19. Output information may be incomplete.
    20. bash 499 csa cwd unknown /mnt/HD1/spool (stat: Input/output error)
    21. root@elf:/usr/local/bin #
    22. Try to unmount:
    23. root@elf:/usr/local/bin # umount /mnt/HD1
    24. root@elf:/usr/local/bin # df -h
    25. Filesystem Size Used Avail Use% Mounted on
    26. /dev/root 30G 2.3G 26G 9% /
    27. devtmpfs 87M 0 87M 0% /dev
    28. tmpfs 91M 0 91M 0% /dev/shm
    29. tmpfs 91M 4.5M 87M 5% /run
    30. tmpfs 5.0M 4.0K 5.0M 1% /run/lock
    31. tmpfs 91M 0 91M 0% /sys/fs/cgroup
    32. /dev/mmcblk0p1 63M 21M 42M 33% /boot
    33. tmpfs 19M 0 19M 0% /run/user/1001
    34. That worked. If it hadn't worked, try lazy umount and reboot when safe:
    35. umount -l /mnt/HD1
    36. Remount as user csa
    37. csa@elf:~ $ mount /mnt/HD1
    38. csa@elf:~ $
    39. Check dmesg again:
    40. [143810.183805] XFS (sda1): Mounting V4 Filesystem
    41. [143811.214935] XFS (sda1): Starting recovery (logdev: internal)
    42. [143811.308341] XFS (sda1): Ending recovery (logdev: internal)
    43. Looks good.
    44. Francis

Getting things from backup on cartago

You can get scripts straight from odin's backup on cartago --

csa@odin:/nest/bin $ scp ca:/home/odin/system/odin/nest/bin/

More simply and elegantly, you can now use /nest/bin/yinfo-backup for this:

./yinfo-backin dola

fail2ban problem

I believe fail2ban will relent after a while; this could be a problem if I'm not available to clear the block. To verify there is a user of the name you're trying to access, say $NEWUSER, you could log in with another user first and check if /home/$NEWUSER exists. For details see Configure fail2ban.

Upgrading Raspbian

Debian released Stretch in the summer of 2017, and Raspbian soon followed. We upgraded from Jessie to Stretch in October 2017.

1. Become root

csa@redhen3rpi ~ $ sudo su

[sudo] password for csa:

root@redhen3rpi /home/csa # cd

2. Update the repositories

root@redhen3rpi ~ # just update

3. Upgrade the packages

root@redhen3rpi ~ # just distupgrade

4. Respond to any questions during the upgrade process.

If there are configuration errors, these commands can be useful:

apt-get install --reinstall <package names>

dpkg --configure -a

apt-get -f install

apt list --upgradable

apt-get upgrade --dry-run

5. Verify

just fix-configure

just fix-install

just autoremove

6. Reboot if you're asked to, or you're installing a new kernel, or if the file system is bad

Normally, you don't need to reboot -- some Red Hen servers haven't been rebooted in more than a year.

Installing the new ffmpeg

The previous ffmpeg stopped working (segfaulted). We needed to explicitly install a series of dependencies to upgrade to ffmpeg 10:3.3.4-dmo1+deb9u1.

First put the version number in a variable:


Second, create a temporary file listing all the dependencies in this order:

nano /tmp/ffm and paste:











Third, run a for loop to explicitly install each of these with the version required:

for F in `cat /tmp/ffm` ; do apt-get -y install $F=$d ; done

Other scripts and packages

I also rebuilt dvb-dvbt-ts from source in the new build environment on stretch, following the instructions under the Portugal capture station.

just install dvb-dvbt-ts_0.08-1_armhf-stretch.deb

fail2ban fails to start, so copy in the new default config file:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local (or fail2ban fails)

I also made some script improvements on dola that need to be propagated -- here's rusalka picking them up:

./yinfo-backin dola

./yinfo-backin dola

./yinfo-backin dola

cd /nest/cfg


rsync ca:/home/$HOST/system/$HOST/nest/cfg/dvb-dvbt-ts_0.08-1_armhf-stretch.deb /nest/cfg/ -av

As user root:

cd /nest/cfg

just install dvb-dvbt-ts_0.08-1_armhf-stretch.deb

cd /nest/bin

cp -p /usr/local/bin

cd /usr/local/bin

ln -sf

ln -sf

ln -sf

Sending the security key after install

After installing, must not forget about this:

name@cartago:~$ ssh-copy-id csa@name

and a useful quote here: "Also copied /etc/ssh/sshd_config from dola (only removed jacek from allowed users) then issued just restart ssh"