Ω Omega, mon odroid-xu4

Site personel auto-hébergé sur une carte odroid Xu4

Document modifié le : jeudi 27 juin 2019 - 18:40.

Image Ubuntu 16.04.2 image avec le kernel 4.9.x LTS

Fin février 2017, est sortie une version d'essai d'Ubuntu 16.04.2 avec kernel 4.9. J'ai une micro-SD de libre pour tester. Aprés téléchargement sur le site d'odroid puis la décompression de l'archives, je transfert l'image sur la carte SD. (Informations)

bruno@luke:~$ sudo dd if=ubuntu-16.04.2-mate-odroid-xu4-20170222.img of=/dev/sdc bs=1M conv=fsync 4704+0 enregistrements lus 4704+0 enregistrements écrits 4932501504 bytes (4,9 GB, 4,6 GiB) copied, 243,681 s, 20,2 MB/s bruno@luke:~$ sudo sync bruno@luke:~$

Attention

L'image, au démarrage, le system vérifie la présence d'un fichier "aafirstboot" à la racine du système. S'il existe, un script va (en autre) essayer d'étendre automatiquement la partition "/dev/mmcblk0p2" avant de redémarrer. Si la nouvelle installation se fait sur une carte SD

Démarrage de l'XU4 et essai de connection en SSH (Dhcp statique de la box = même ipv4). Le script aafirstboot régénère des clefs pour SSH, suivre les indications :

bruno@luke:~$ ssh odroid@omega.ducouet.fr @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:z7c/SjQYjg3pULBJXXCeZKJppFsrK1TlH0ZXCD+Q8eA. Please contact your system administrator. Add correct host key in /home/bruno/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/bruno/.ssh/known_hosts:4 remove with: ssh-keygen -f "/home/bruno/.ssh/known_hosts" -R omega.ducouet.fr ECDSA host key for omega.ducouet.fr has changed and you have requested strict checking. Host key verification failed. bruno@luke:~$ ssh-keygen -f "/home/bruno/.ssh/known_hosts" -R omega.ducouet.fr # Host omega.ducouet.fr found: line 4 /home/bruno/.ssh/known_hosts updated. Original contents retained as /home/bruno/.ssh/known_hosts.old bruno@luke:~$ ssh odroid@omega.ducouet.fr The authenticity of host 'omega.ducouet.fr (88.161.216.35)' can't be established. ECDSA key fingerprint is SHA256:z7c/SjQYjg3pULBJXXCeZKJppFsrK1TlH0ZXCD+Q8eA. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'omega.ducouet.fr' (ECDSA) to the list of known hosts. Warning: the ECDSA host key for 'omega.ducouet.fr' differs from the key for the IP address 'xx.xxx.xxx.35' Offending key for IP in /home/bruno/.ssh/known_hosts:1 Are you sure you want to continue connecting (yes/no)? yes odroid@omega.ducouet.fr's password: Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.9.11-8 armv7l) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details.

Mise à jour classique

odroid@odroid:~$ sudo apt update && sudo apt dist-upgrade [sudo] password for odroid: Hit:1 http://ppa.launchpad.net/saiarcot895/myppa/ubuntu xenial InRelease Hit:2 http://ports.ubuntu.com/ubuntu-ports xenial InRelease Hit:3 http://ports.ubuntu.com/ubuntu-ports xenial-updates InRelease Hit:4 http://ports.ubuntu.com/ubuntu-ports xenial-backports InRelease Hit:5 http://ports.ubuntu.com/ubuntu-ports xenial-security InRelease Hit:6 http://deb.odroid.in/5422-s xenial InRelease Reading package lists... Done Building dependency tree Reading state information... Done 79 packages can be upgraded. Run 'apt list --upgradable' to see them. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libcec-platform1v5 libcec3 libfstrcmp0 libpango1.0-0 libpangox-1.0-0 libv4l-0 libv4lconvert0 linux-image-3.10.103-124 linux-image-4.9.13-16 ubuntu-core-launcher Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: linux-image-4.9.13-16 The following packages have been kept back: linux-image-xu3 The following packages will be upgraded: chromium-browser chromium-browser-l10n chromium-chromedriver chromium-codecs-ffmpeg-extra desktop-file-utils firefox fonts-opensymbol gir1.2-appindicator3-0.1 gir1.2-gtk-3.0 imagemagick imagemagick-6.q16 imagemagick-common init init-system-helpers libappindicator1 libappindicator3-1 libarchive13 libevent-2.0-5 libexiv2-14 libgail-3-0 libgd3 libgtk-3-0 libgtk-3-bin libgtk-3-common libicu55 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickwand-6.q16-2 libnm-glib-vpn1 libnm-glib4 libnm-gtk-common libnm-gtk0 libnm-util2 libnm0 libnma-common libnma0 libreoffice-avmedia-backend-gstreamer libreoffice-base-core libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk libreoffice-impress libreoffice-math libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-elementary libreoffice-style-galaxy libreoffice-style-human libreoffice-writer libtiff5 libvlc5 libvlccore8 linux-libc-dev linux-tools-common mali-x11 nano network-manager network-manager-gnome python-imaging python-pil python3-pil python3-uno resolvconf snap-confine snapd ubuntu-core-launcher uno-libs3 ure vlc vlc-data vlc-nox vlc-plugin-notify vlc-plugin-samba xserver-xorg-video-amdgpu xserver-xorg-video-armsoc-exynos 78 upgraded, 1 newly installed, 0 to remove and 1 not upgraded. Need to get 221 MB of archives. After this operation, 47.1 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf init-system-helpers all 1.29ubuntu4 [32.3 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf init armhf 1.29ubuntu4 [4,612 B] [...] Get:78 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf python3-pil armhf 3.1.2-0ubuntu1.1 [290 kB] Get:79 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf xserver-xorg-video-amdgpu armhf 1.1.2-0ubuntu0.16.04.1 [44.5 kB] Fetched 221 MB in 2min 2s (1,808 kB/s) Extracting templates from packages: 100% Preconfiguring packages ... (Reading database ... 200308 files and directories currently installed.) Preparing to unpack .../init-system-helpers_1.29ubuntu4_all.deb ... Unpacking init-system-helpers (1.29ubuntu4) over (1.29ubuntu3) ... Processing triggers for man-db (2.7.5-1) ... Setting up init-system-helpers (1.29ubuntu4) ... (Reading database ... 200308 files and directories currently installed.) Preparing to unpack .../init_1.29ubuntu4_armhf.deb ... Unpacking init (1.29ubuntu4) over (1.29ubuntu3) ... Setting up init (1.29ubuntu4) ... (Reading database ... 200308 files and directories currently installed.) Preparing to unpack .../chromium-browser-l10n_56.0.2924.76-0ubuntu0.16.04.1268_all.deb ... Unpacking chromium-browser-l10n (56.0.2924.76-0ubuntu0.16.04.1268) over (55.0.2883.87-0ubuntu0.16.04.1263) ... [...] Setting up vlc-plugin-notify (2.2.2-5ubuntu0.16.04.1) ... Setting up libvlc5 (2.2.2-5ubuntu0.16.04.1) ... Setting up linux-image-4.9.13-16 (20170306) ... Hmm. There is a symbolic link /lib/modules/4.9.13-16/build However, I can not read it: No such file or directory Therefore, I am deleting /lib/modules/4.9.13-16/build Hmm. The package shipped with a symbolic link /lib/modules/4.9.13-16/source However, I can not read the target: No such file or directory Therefore, I am deleting /lib/modules/4.9.13-16/source Running depmod. Examining /etc/kernel/postinst.d. run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/copy_dtb 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/copy_dtb2 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.9.13-16 /boot/vmlinuz-4.9.13-16 update-initramfs: Generating /boot/initrd.img-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/pm-utils 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/uInitrd 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/update-notifier 4.9.13-16 /boot/vmlinuz-4.9.13-16 run-parts: executing /etc/kernel/postinst.d/zImage 4.9.13-16 /boot/vmlinuz-4.9.13-16 Setting up snap-confine (2.22.6) ... [...] Setting up python3-pil:armhf (3.1.2-0ubuntu1.1) ... Setting up xserver-xorg-video-amdgpu (1.1.2-0ubuntu0.16.04.1) ... Setting up xserver-xorg-video-armsoc-exynos (1.4.1-0ubuntu1) ... Setting up mali-x11 (20170224-r14p0-61e43cd-14) ... ln: failed to create symbolic link '/usr/lib/arm-linux-gnueabihf/libGLESv2.so': File exists ln: failed to create symbolic link '/usr/lib/arm-linux-gnueabihf/libGLESv1_CM.so': File exists ln: failed to create symbolic link '/usr/lib/arm-linux-gnueabihf/libOpenCL.so': File exists Setting up libreoffice-style-elementary (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-style-human (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-common (1:5.1.6~rc2-0ubuntu1~xenial1) ... Installing new version of config file /etc/bash_completion.d/libreoffice.sh ... Setting up libreoffice-style-galaxy (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-core (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-base-core (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-calc (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-gtk (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-gnome (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-writer (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-draw (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-impress (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-ogltrans (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-pdfimport (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up python3-uno (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-math (1:5.1.6~rc2-0ubuntu1~xenial1) ... Setting up libreoffice-avmedia-backend-gstreamer (1:5.1.6~rc2-0ubuntu1~xenial1) ... Processing triggers for gnome-icon-theme (3.12.0-1ubuntu3) ... Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160824-0ubuntu1) ... Rebuilding /usr/share/applications/bamf-2.index... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for vlc-nox (2.2.2-5ubuntu0.16.04.1) ... Processing triggers for resolvconf (1.78ubuntu4) ... Processing triggers for menu (2.1.47ubuntu1) ...

Refroidissement et ventilation

Nouveau kernel oblige, une nouvelle méthode de gestion du ventilateur.

odroid@omega:~$ sudo -s [sudo] Mot de passe de odroid : root@omega:~# echo "38 150 195 245" > /sys/devices/platform/pwm-fan:/hwmon/hwmon0/fan_speed root@omega:~# cat /sys/devices/platform/pwm-fan:/hwmon/hwmon0/fan_speed 38 150 195 245 root@omega:~#
Ce qui donne une température de CPU au repos, dans un boitier avec une température de la piéce de 22°C.

Il est recommandé d'ajouter ces commandes dans le fichier /etc/rc.local

#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. # manage the fan if [ -f /sys/devices/virtual/thermal/thermal_zone0/trip_point_0_temp ]; then echo '60000' > /sys/devices/virtual/thermal/thermal_zone0/trip_point_0_temp echo '70000' > /sys/devices/virtual/thermal/thermal_zone0/trip_point_1_temp echo '80000' > /sys/devices/virtual/thermal/thermal_zone0/trip_point_2_temp fi if [ -f '/sys/devices/platform/pwm-fan:/hwmon/hwmon0/fan_speed' ]; then #set fan speed echo "38 77 150 245" > /sys/devices/platform/pwm-fan:/hwmon/hwmon0/fan_speed fi exit 0

Sécuriser SSH

On envoie notre clef sur le Xu4, on essai de s'y connecter pour s'assurer que l'on ne nous demande plus de mot de passe, puis on modifie le fichier /etc/ssh/sshd_config pour interdir les connections par mots de passe.

bruno@luke:~$ ssh-copy-id -i ./.ssh/id_rsa.pub odroid@omega.ducouet.fr /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "./.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys odroid@omega.ducouet.fr's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'odroid@omega.ducouet.fr'" and check to make sure that only the key(s) you wanted were added. bruno@luke:~$ ssh odroid@omega.ducouet.fr Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.9.13-16 armv7l) odroid@odroid:~$ sudo nano /etc/ssh/sshd_config

Sudo & mise à jour

On peut se connecter en SSH sans mot de passe, comment mettre à jour sans mot de passe ? Il suffit de créer le fichier /etc/sudoers.d/10-apt pour autoriser un utilisateur à utiliser sudo apt.

odroid@omega:~$ sudo cat /etc/sudoers.d/10-apt [sudo] Mot de passe de odroid : odroid ALL = NOPASSWD: /usr/bin/apt
Même pas besoin de redémarrer quoi que ce soit !

Pour installer Nextcloud ...

root@odroid:~# apt install apache2 mariadb-server libapache2-mod-php php-mysql root@odroid:~# apt install php7.0-curl php7.0-gd php7.0-mysql php7.0-xml php7.0-zip php7.0-mbstring php-apcu root@odroid:~# service apache2 restart odroid@odroid:~$ echo "deb [arch=amd64] https://repo.morph027.de/nextcloud jessie main" | sudo tee -a /etc/apt/sources.list.d/morph027-nextcloud.list [sudo] password for odroid: deb [arch=amd64] https://repo.morph027.de/nextcloud jessie main odroid@odroid:~$ wget -q -O - https://repo.morph027.de/gpg.key | sudo apt-key add - OK odroid@odroid:~$ sudo apt install apt-transport-https root@odroid:~# apt install nextcloud-files
odroid@odroid:~$ sudo halt Connection to omega.ducouet.fr closed by remote host. Connection to omega.ducouet.fr closed. bruno@luke:~$

Messages d'erreurs

root@omega:/etc/rsyslog.d# cat /var/log/syslog | grep rsyslog Feb 11 17:28:06 odroid rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ] Feb 11 17:28:06 odroid rsyslogd-2007: action 'action 10' suspended, next retry is Thu Feb 11 17:28:36 2016 [v8.16.0 try http://www.rsyslog.com/e/2007 ]

Les messages odroid rsyslogd-2007: action 'action 10' suspended, next retry is Tue Apr 11 11:42:31 2017 [v8.16.0 try http://www.rsyslog.com/e/2007 ] viennent du premier message rsyslogd-2039 qui peut être supprimé en commentant la fin du fichier /etc/rsyslog.d/50-default.conf puis en redémarrant le service rsyslog.

root@omega:/etc/rsyslog.d# nano 50-default.conf # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # #daemon.*;mail.*;\ # news.err;\ # *.=debug;*.=info;\ # *.=notice;*.=warn |/dev/xconsole root@omega:/etc/rsyslog.d# service rsyslog restart root@omega:/etc/rsyslog.d#

Apr 11 12:02:36 odroid rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ] /etc/rsyslog.conf

################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception #module(load="imudp") #input(type="imudp" port="514") # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514") # Enable non-kernel facility klog messages # $KLogPermitNonKernelFacility on