Earth Notes: On Setting Up a Raspberry Pi 3 Off-grid Server

In early April 2019 the router went largely deaf, so that only devices very close to it could talk to the outside world, and started dropping external connectivity at random and for extended periods.

The ISP ignored the problem hard enough to let a couple of weekends slip by, including shipping a "drop-in replacement" router which was essentially unconfigured and not capable of replacing the existing device at all.

Though its MD helpful was as ever, and offered to replace equipment at cost, since I have the RPi3B+, rather than spend over £200 buying a new router and spending time configuring it, I might as well strip down the RPi3B+ and try to configure it to do the job. If that doesn't work, I can splash the cash.

So the RPi3B+ was designated to be diverted to be the router and AP. Moving functionality from the RPi2 can happen by degrees if that all works.

So another apt-get update etc, then turn off any unwanted services for the router. I'm not sure if I should leave an Apache running (supporting something static such as the exnet.com site).

Some steps to get there, including information gathering (not all in right order, and largely following Raspberry Pi 3 as a Simple WiFi Access Point):

1. (Done) apt-get update and apt-get dist-upgrade RPi3B+ for security patches.
2. (Done) Capture current line configuration including username and password.
3. *** Capture current IP use on RPi2, eg for interfaces and Web sites and mail, NTP, etc.
4. (Done) Strip down RPi3B+ to minimum services.
   1. (Done) sudo update-rc.d apache2 disable
   2. (Done) Harden sshd, and reduce CPU impact (etc) of typical attacks.
5. (Done) Load enabling packages:
   1. (Done - backed out 2019-06-24) sudo apt-get install dnsmasq hostapd
   2. (Done) sudo apt-get install iptables-persistent
   3. (Done) sudo apt-get install pppoeconf
6. (Done) Plug in RPi3B+ eth0 port to spare current TG router port.
7. (Done) Set temporary static IP address (in NATted range) for eth0 so that most of config including fowarding and NATting can be completed behind current router.
8. (Done) Check log-in currently possible to RPi3B+ via WiFi and wired connections.
9. (Done - backed out 2019-06-24) Disable DHCP client on RPi3B+: sudo systemctl disable dhcpcd.service.
10. (Done - backed out 2019-06-24) Prevent DHCP client on RPi3B+ from attempting to assign an address to wlan0 by adding denyinterfaces wlan0 in /etc/dhcpcd.conf (above any other interfaces added there).
11. (Done - backed out 2019-07-02) Configure IP forwarding: add net.ipv4.ip_forward=1 to /etc/sysctl.conf.
12. (Done - backed out 2019-06-24) Provide static IP configuration for wlan0 in /etc/network/interfaces.d/wlan0 with temporary range 192.168.220.X, and reload interface with sudo ifdown wlan0; sudo ifup wlan0.
13. (Done) Configure /etc/hostapd/hostapd.conf for wlan0 with temporary SSID and password and update /etc/default/hostapd to use it.
14. Unmask and tentatively bring up the WiFi AP: sudo systemctl unmask hostapd; sudo systemctl enable hostapd; sudo systemctl start hostapd; the AP should be visible to WiFi users but not yet functional.
15. (Done) Drop in IP filter to minimise attack surface and help with NAT/bridge based on WiFi Access Point rule set with some config from current RPi2 folded in.
16. Edit /etc/resolvconf.conf?
17. (Done) Edit /etc/dnsmasq.conf naming local servers and (say) Google, on the lines of:

    interface=wlan0       # Use interface wlan0
    listen-address=192.168.220.1   # Specify the address to listen on
    bind-interfaces      # Bind to the interface
    server=8.8.8.8       # Use Google DNS
    domain-needed        # Don't forward short names
    bogus-priv           # Drop the non-routed address spaces.
    dhcp-range=192.168.220.75,192.168.220.150,12h # IP range and lease time
    

18. (Done) sudo service dnsmasq start.
19. (Done) Reboot - at this point AP is up and running behind existing router.
20. (Done) Plug VTOP USB-to-dual-Ethernet adapter into RPi3B+ ready to accept Loop monitoring device network gateway, and one other as needed: appears as eth1 and eth2.
21. (Done) Widen existing config to extend DHCP to eth1 and eth2:
    1. (Done) In /etc/dhcpcd.conf extend denyinterfaces wlan0 eth1 eth2.
    2. (Done) In /etc/iptables/rules.v4 allow forwarding between eth0 and eth1/eth2 internally (copy wlan0 rules for eth1 and eth2).
    3. (Done) Provide static IP configuration for eth1 and eth2 in /etc/network/interfaces.d/eth12 with range 192.168.221.X and 192.168.222.X, and reload interface with sudo ifdown ethX; sudo ifup ethX.
    4. (Done) In /etc/dnsmasq.conf add extra interface=s, listen-address= and dhcp-range=s for eth1 and eth2
22. (Done) Move Loop device to eth1 and check able to phone home.
23. Prepare set up bridging between eth1 and ppp0 so that eth2 can see the whole public address space and effectively become the DMZ, and the RPi2 can be plugged into it:
    1. (Nominally ppp0 and eth0 should be added to /etc/dhcpcd.conf' denyinterfaces, but keeping the DHCP client off entirely is what is really wanted...)
    2. (Done) Take all mention of eth1 and the 192.168.221.X range out of /etc/dnsmasq.conf.
    3. Replace static config for eth1 in /etc/network/interfaces.d/eth12 to match publich address range with:

       allow-hotplug eth1
       iface eth1 inet static
           address 79.135.97.94
           netmask 255.255.255.224
           network 79.135.97.64
           broadcast 79.135.97.95
       

    4. Modify the rules.v4 to only NAT traffic coming from the wlan0 and eth2 interfaces (192.168.X.X):

       # Allow Access Point NAT only from wlan0 and eth2 (192.168.X.X).
       -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j SNAT --to-source 79.135.97.65
       

24. (Done) Have eth0 marked as 'manual' in interfaces/core.
25. (Done) Change all eth0 in iptables to ppp0.
26. Work out how to route static addresses though to (say) eth2.
27. Configure PPPoE connection.
28. Remove old router.
29. Tackle any remaining points above not done!

So, annoyingly, I got a long way but not far enough.

I can bring up my RPi3B+ behind the existing (fading) Technicolor and the RPi3B+ provides what seems to be a fairly decent WiFi access point and outward connectivity to the Internet. My existing RPi2 server sits in the Technicolor DMZ and presents services on its ~6 static addresses to the outside world.

I can bring up my RPi3B+ directly on the PPPoE connection via the ECI VDSL2 modem you originally supplied with the FTTC service. It can continue to provide WiFi AP. I cannot however get it to route between the ppp0 (on eth0) connection and the eth1 connection that the RPi2 is on, primarily because they both end up with 79.135.97.65 in their range, it seems (and ppp0/eth0 cannot be bridged with eth1):

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492
        inet 79.135.97.65  netmask 255.255.255.255  destination 195.26.38.252
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 42937  bytes 5363610 (5.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 34314  bytes 4267734 (4.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 79.135.97.65  netmask 255.255.255.224  broadcast 79.135.97.95
        inet6 fe80::20f:c9ff:fe10:f6d9  prefixlen 64  scopeid 0x20<link>
        ether 00:0f:c9:10:f6:d9  txqueuelen 1000  (Ethernet)
        RX packets 12377  bytes 1693664 (1.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22276  bytes 2357947 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions

Very frustrating and if I could sort that then I’d have the whole thing done, I think. I’m a bit out of practice on knotty routing issues these days.

There just don’t seem to be any good example of static public IP address blocks being routed to in this way with a recent Linux.

I really don’t need fancy DMZ or NATting, and at a pinch the top half of the static address range may just have enough space for short-lease DHCP for our laptops, phones etc.

Since the Vigor is seemingly doing a good job, and has good WiFi support, I no longer aim to get the RPi3B+ to be a WiFi AP (nor Bluetooth).

I will need to unpick some of the PPPoE and similar features, and plonk the RPi3B+ back with a static address on the public range. I'll have some other updating to do to get back on course to replace the RPi2.

(My alternate off-grid power-supply for the RPi3B+ has not turned up from RS, and turns out still to be on back order, and with no good alternative in sight. Ho hum...)

Reset

The first thing to do is rip out the WiFi, dnsmasq, and PPPoE, and select and set a unique static IP address, while sat in front of the TV while the kids are at school. Then I can plug it into the router (and be mains-powered ... hush) while I tinker. Plenty of spare solar PV on-grid to paper over that sin temporarily.

I've created a DNS entry for it too, which should help.

• (Done) sudo apt-get remove dnsmasq
• (Done) sudo apt-get remove hostapd
• (Done) Simpify networking and set static IP.
• (Done) Re-enable DHCP client on RPi3B+: sudo systemctl enable dhcpcd.service, temporarily.
• (Done) Stop IP forwarding: remove net.ipv4.ip_forward=1 to /etc/sysctl.conf.
• (Done) Trimmed PPP-driven /etc/iprules/rules.v4 to rebuild.
• (Done) Unconfigure IP forwarding: remove net.ipv4.ip_forward=1 from /etc/sysctl.conf.
• (Done) Fix IP filter for RPi3B+ use as leaf (copied config from green).
• Re-enable WiFi as client (with DCHP for it), temporarily.
• Power-down WiFi, at least temporarily.

I managed to bring together the RPi3B+, a wired connecton, and the TV, by virtue of moving everything into the kitchen while the family was out!

Connectivity to the outside world immediately worked, and so an immediate sudo apt-get update && sudo apt-get dist-upgrade was done for security.

(I installed mediainfo and avconv (libavi-tools) as I'll want them soon.)

Upon reboot (to make dbus happy) I saw that networking didn't restart happily, and was told to run systemctl status networking.service for more information. It looks like /sbin/ifup -a --read-environment is unhappy, possibly with my mauling of /etc/network/interfaces. And attempting to ssh in from my Mac is rejected, by sshd.

Commenting out anything to do with wlan0 from /etc/network/interfaces made networking happy on another reboot.

Boot is still showing an error: Failed to start dhcpcd on all interfaces, and I am invited to run systemctl status dhcpcd.service for details. As it happens, the 'details' are not helpful.

After some messing around, and discovering a key file that I had mis-named, I was able to set-up key-only ssh access again. So the kitchen setup can be dismantled, and I can work remotely (until I muck up networking again!).

I have applied a copy of the iptables config used on green, which should make things a little safer to leave connected.

HTTPS Warmup

Ready to support https on Apache with LetsEncrypt, I'm installing certbot starting with sudo apt-get install certbot python-certbot-apache.

I enable and start Apache to get its bland "It works!" page.

Running the suggested sudo certbot --apache mainly seems to generate errors, and does not seem to make meaningful updates to the Apache config files.

(I have had to remember to allow port 443 in the iptables config too!)

The 'manual' method certbot run -a webroot -i apache -w /var/www/html -d example.com seemed however to do the trick, and I have an https server running! It is accessible locally, and remotely to (at least) Google.

In future, to handle multiple sub-domains, the certbot --expand ... and certbot certonly --cert-name example.com ... commands look useful.

Circa 25th May, attempting to reboot the RPi3B+ for a periodic update, it refused to come up (didn't bring the network interface up).

I could attempt to recover the unit, eg by hooking it up to the TV, etc.

But given the mess that I probably made of the OS, it seems likely a better use of time to snap up a RPi4B with 64-bit OS on the horizon, and far more memory if required (4GB looks like the current sweet-spot for me). I'd carry across the current 256GB micro SD card.

(Not that I like generating e-waste...)

And a USB-C power cable/connector seems a big improvement over the micro-USB. I just need to ensure that I have at least a REV1.2 RPi4B to avoid the USB-C power snafu.

And the Anker PowerDrive Speed+ 2 car power adapter experience has been good, with fairly low idle power consumption itself. (There's a newer, cheaper, dual USB-C option too.)

A downside is that even with recent firmware updates, the idle power draw is ~2.3W, more than double the RPi2's. So idle consumption would rise from ~24Wh/d to ~56Wh/d, which may be a tricky issue in the depths of the winter. Still less than the SheevaPlug ~4W, however.

Peak consumption is ~6.4W (1280mA) cf 3B+ at 5.1W (980mA) and 2B at 2.1W (400mA) plus any peripherals plugged in over USB, etc. The offical supply spec is 15.3W (3A). Datasheet suggests 13W capacity minimum: A good quality 2.5A power supply can be used if downstream USB peripherals consume less than 500mA in total. For this use with no significant USB peripherals I expect power draw ≤10W. Whatever supply and cable is used must therefore manage 10W to 15W comfortably.

Shopping List for RPi4B

Possible component selection, ie shopping list as of 2020-06-11 ish... (Budget £150 max, preferably under £100.)

Today I have the RPi3B+ working again. The problem may have been simply a bad network connection.

So first up has been updating the system with apt-get, and bringing the EOU site copy up to date too.

There are weirdnesses such as AMP files simply not being built, that I'm looking at.

I'm also taking a base-line power measurement now, powering the device off-grid via the Anker (car charger w/ 19.5W max on USB 'A'), the Muker 10VA USB meter, and a short new Molex Male USB A to Male Micro USB B USB Cable for which the data sheet implies 1.8A max on power contacts. At least the Muker and the micro-USB lead fall short of the nominal 2.5A max that is recommended.

The RPi3B+ is able to boot properly, and is connected by wire to the router. Once I have logged in and things are idle, and with wlan0 apparently at least half running, the Muker shows 5.25V and 350mA, so 1.8W.

Running sudo rfkill block all seems to make no difference to the stray wlan0 not power consumption. In fact, after a reboot current draw has risen to 380mA apparently! Note that the HDMI is not turned off in this case, which may well account for the extra 30mA.

Getting a chunk of EOU rebuilt in parallel shows 5.26V and maybe 600mA to 900mA, ~4W, but with the red power light going out for significant stretches, implying that there's more CPU demand than power available. The device in its (DesignSpark, clear) case is also getting quite warm.

% make -k -j4 wpages

(When I designed in a Z80A to a toy robot in the early '80s, 1A at 5V bought about a million 8-bit instructions per second. In the RPi3B+ that same 5W likely does over three orders of magnitude more work.

Subsequently, just building the super-compressed copies of the pages, single-threaded, seems to result in a fairly steady 520mA at 5.26V ie 2.7W, without the red power light dropping out.

% make -k Wpages

Thus, I need a better power arrangement to use more than one CPU. Also, my idle consumption is a bit high at 1.8W, though bearable, with various things such as network LEDs and HDMI still to be forced off.

The Expander Pi arrived today. (I wasn't expecting it even to be dispatched until Tuesday. AB's customer service remains very good!)

The new board is definitely not going to fit in the DesignSpark case that I have been using. Not without major surgery, anyhow!

The RPi3B+ can still sit in the lowest-third of the case, keeping it from touching the surface underneath while allowing lots of ventilation. This will do while developing and testing. But something to keep dust and fingers out will be needed for permanent return to the kitchen cupboard.

Before any of that, I have the GPIO 40-way connector and battery holder to solder on.

We suggest soldering the 40 pin GPIO connector first and then the battery connector. Soldering the battery connector first will make it difficult to access some of the pins on the GPIO connector.

I've also fitted one of the spacer pillars that I bought from AB, on the other side from the connector. This already makes the board much more mechanically stable, I could probably fit one or two more without snagging the DesignSpark base. However, this is better than the wobbly stack of three on the current RPi2, so I may well not bother.

In future I will need to very carefully solder connections for ADC and GPIO. Whether I shall leave the board in place or remove it while I do that is a poser for risk-balancing future me!

I am assuming that my 12V to USB converter (eg the Anker) has a through path for -ve/0V, else many things such as the local measurement of voltage may get more complicated. Assuming that that's OK, I may yet connect up a spare ADC input the the input side of the Anker, along with nominal 12V, to allow compensation for some float and ground currents.

Italtronic Modulbox DIN Rail Series For Use With Raspberry Pi B+ has been suggested as an alternative case that could accommodate the Expander Pi. I'm not sure if it will provide enough ventilation, and I'm also not clear if this actually will accommodate the 3B+ given that this says B+ in one place and 3 in another, and I don't know what subtle differences in layout may exist and be important.

I'm trying DesignSpark For Use With Raspberry Pi 3B+, Raspberry Pi and a Pi HAT, Black Raspberry Pi Case (£3.38+VAT), on the basis of its claiming to have space for a HAT expansion board, being partly clear and with light-pipes to make use of whatever LEDs I leave on, and mentioning ventilation!

2020-06-16: I received the case and assembling it turns out to be an IQ test that I nearly failed! The case comes in three parts, and snaps together. It has some hook and clip arrangements to hold the Pi3B+ down and the pieces together. I ended up moving the HAT support pillar to the other hole opposite the connector, since I think in the original position it may have been snagging something in the base. Anyhow, it all now fits together with the Expander Pi on top, neatly! I'll have to see if there is enough cooling. Unlike for the clear case, this base is is not perforated with vent holes, though enough may be drawn in over the microSD card, and around the bottom edge of the clear upper section, for example.

Later I'll have to work out how to tidily let a couple of signal cables in and out... There are knockouts in the clear top piece that would probably do. Or even threading through the vent slots in the top... Also, the black end-place over the Ethernet / USB ports can be unclipped and left off, and any cables threaded through there instead, which still leaves the RPi3B+ fairly well protected. Clever case design, and not an expensive item!

RTC

I already have NTP up and running. I have the Expander Pi board with CR2032 fitted.

Now it's time to try the magic line in /boot/config.txt to enable the RTC driver:

dtoverlay=i2c-rtc,ds1307

After a reboot, these appear in dmesg output:

[    5.287934] rtc-ds1307 1-0068: SET TIME!
[    5.291787] rtc-ds1307 1-0068: registered as rtc0

As with the original Pi and now the RPi2 (though I'm not sure if now necessary)...

To ensure that the NTP-maintained system clock is periodically saved to the hardware RTC to stop it drifting, I have created in /etc/cron.daily a file called hwRTC:

% cat /etc/cron.daily/hwRTC
#!/bin/sh
/sbin/hwclock --systohc -D --noadjfile --utc > /tmp/hwClock.log 2>&1

which should ensure once per day that the RTC time is forced to system time.

Having run the script manually and rebooted dmesg now shows:

[    5.158420] rtc-ds1307 1-0068: registered as rtc0

Bluetooth and WiFi off

Executing this (once):

sudo systemctl disable bluetooth
sudo service bluetooth stop
sudo systemctl disable hciuart
sudo service  hciuart stop

And adding this to /boot/config.txt:

dtoverlay=pi3-disable-wifi,pi3-disable-bt

and rebooting, should save a little power, an attack surface, and boot time. I can at least see that wlan0 has gone away.

I am enjoying the fast reboot (c/o systemd), by the way.

Ether power

Adding this to /boot/config.txt:

# 3B+ only:
dtparam=eth_max_speed=100
dtparam=eth_led0=14
dtparam=eth_led1=14

limits Ethernet speed (to 100Mbps) and turns off port LEDs to save power.

Watchdog

The kernel watchdog maybe helpful to reduce failures that happen when I'm not physically present to power-cycle the system, though network failures are far more common than any other mode.

Although it seems that the watchdog should be on be default since the Pi 3, I added to /boot/config.txt:

dtparam=watchdog=on

And in /etc/systemd/system.conf I set
RuntimeWatchdogSec to 30s.
Nominally I then run sudo systemctl daemon-reload,
but instead I reboot to get the config parameter read.

Probably not great, but now I see:

% sudo wdctl
wdctl: /dev/watchdog: watchdog already in use, terminating.
wdctl: cannot open /dev/watchdog: Device or resource busy

I'll wait and see if anything breaks...

I successfully put together the (simple) 3D jigsaw puzzle that is the new Pi case.

My USB-C to micro-USB cable turned up in the evening, and I intended to try powering the RPi3B+ via it.

Though they had both been working when they arrived, both Anker car chargers failed almost immediately that I plugged them in to 12V to use them. They are rated at 12/24V in, and battery voltages are a little over 13V, so benign compared to an automotive environment with an alternator running, for example. I cannot see what I'm doing wrong here. I am very disappointed.

To try to salvage some progress from this evening, I've plugged the RPi3B+ into its mains supply, and that into my mains power meter, which is showing ~3.4W as I write. I believe that the RPi3B+ itself is probably using ~1.8W, so ~1.6W is apparently being wasted in the mains adapter. That seems a little high.

Doing a rebuild of EOU (make -k -j4 pages) pushes power demand up, fluctuating between about 5W and 6W,

After a few minutes flat out the RPi3B+ feels quite warm on top and underneath, and power demand is ~5.2W +/- 0.1W, so the system may be thermally throttling.

Exposed metal parts, eg the Ethernet and USB connector shells, are feeling hot.

I'm trying standing the case on its long edge (red LED and micro-USB top) to see if that helps, but there is no obvious change in power draw for example. This arrangement is known to help with cooling.

Taking the top case off (leaving the case on its side) seems to allow power demand to peak at 5.9W, mainly hovering at a little below that (~5.8W, with dips to 5.0W).

I'm uncomfortable about keeping either the CR2032 cell or the microSD card hot. In both cases I would expect reliability and lifetime to suffer. Maybe I could turn the thermal throttling threshold temperature down to avoid this potential nasty side effects? (Likely to be temp_limit in /boot/config.txt.)

% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1200000000
temp=73.6'C
throttled=0xa0008

Pausing (with ^Z) and after a few seconds the temperature drops, and the throttled value changes:

% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=600000000
temp=64.5'C
throttled=0xa0000

Resuming (fg) and temperature seems to rise again maybe 1°C/s util getting to a little ober 70°C again.

Running make -k pages, ie nominally on a single CPU, is getting power draw in the range 3.5W to 4.9W, with lower temperature but still some throttling it seems:

% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1200000000
temp=62.8'C
throttled=0xa0008

And when it's all finished and back to idle, consumption is 3.4W, and the temperature is hovering around the low 50°Cs (with the case still on its side and the lid off).

% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=600000000
temp=52.6'C
throttled=0xa0000

Putting the case down flat and the lid back on, and leaving the device idle (room temperature is ~25°C), the CPU temperature wobbles around 51°C.

A large rsync over ssh is pushing the temperature a little above 55°C.

According the RPi folks themselves:

For Raspberry Pi 3 Model B+, the PCB technology has been changed to provide better heat dissipation and increased thermal mass. In addition, a soft temperature limit has been introduced, with the goal of maximising the time for which a device can "sprint" before reaching the hard limit at 85°C. When the soft limit is reached, the clock speed is reduced from 1.4GHz to 1.2GHz, and the operating voltage is reduced slightly. This reduces the rate of temperature increase: we trade a short period at 1.4GHz for a longer period at 1.2GHz. By default, the soft limit is 60°C, and this can be changed via the temp_soft_limit setting in config.txt.

Maybe I could knock temp_soft_limit down to 55°C an even temp_limit down to (say) 60°C to keep the whole system cooler at the expense of sustained performance. I can potentially also have various tasks such as the Gallery and EOU builds sensitive to temperature as well as battery SoC and CPU load. (According to Overclocking options in config.txt for temp_limit Overheat protection. This sets the clocks and voltages to default when the SoC reaches this value in Celsius. Values over 85 are clamped to 85, and for emp_soft_limit 3A+/3B+ only. CPU speed throttle control. This sets the temperature at which the CPU clock speed throttling system activates. At this temperature, the clock speed is reduced from 1400Mhz to 1200Mhz. Defaults to 60, can be raised to a maximum of 70, but this may cause instability.

I am going to try:

temp_soft_limit=58
temp_limit=70

With make -k -j4 pages temperatures seemed to peak at just over 70°C, but more interesting down-clocking is happening, and power consumption is being held at 4.0/4.1W:

% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1040108000
temp=66.6'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=933000000
temp=68.8'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=717000000
temp=69.8'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=610000000
temp=70.4'C
throttled=0x20002
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=610000000
temp=71.4'C
throttled=0x60002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=502000000
temp=70.9'C
throttled=0x60006

Taking the lid off seems to allow more time up at 4.8/4.9W, with brief drops to 4.0W. Removing the GPIO and little circular lid knock-outs and replacing the lid gets about 50% at 4.9W, the rest at 4.0W, so less good. Lid on, case on its long side (blocking the removed GPIO knockout) is between the two, interestingly. That position also avoids the HAT (and CR2032) sitting right above the CPU.

Note that -j3 seems to get about the same power consumption as -j4, but -j2 is noticeably less.

So, given that my RPi2B+ spends much of its time running at 900MHz, and under 50°C and under 1W, and gains no memory space (still at 1GB), and is still 32-bit ARM 7, will the RPi3B+ actually be faster/better?

(The Raspberry Pi 3 Model B+ idles 6.1&C warmer than the Pi Model 2.)

The main motivations would now seem to be ensuring that security is kept up to date, and having a bigger SD card for growth.

Maybe I need to automate the system setup process as far as possible, keyed on target hardware type, and driven by repo-hosted versions of parameterised config for such things as sendmail and Apache and the Gallery, so that I can near-trivially spin up a secondary clone of my current working system, with nominally only a few manual changes and some tidy-up to cut over. At least I coud get all the basics right, such as power-efficient config and all the tools I need, starting from a bare OS image, or updating a partial image.

Maybe Ansible is how I should be doing that? Note that Ansible only needs installing on the device that is doing the controlling, it does not need to be installed on the devices receiving the instructions..

Maybe I should go back to a RPi3B (no plus, £28+VAT at RS) to get idle power back to ~1.4W, lower nominal peak network performance (but that I am having to disable anyway), a little extra CPU oomph (900MHz to 1200MHz) at lower peak power demand (~3.7W)? Most of the work that I've done on the RPi3B+ should carry straight over to the RPi3B, with plus-only features such as temp_soft_limit simply being ignored.

(poweroff brings consumption down to 1.1W at the wall, and unplugging the RPi3B+ supply brings that down to 0.0W.)

Most of the extra 0.5W of idle consumption of the 3B+ over the 3B seems to be powering super-fast Ethernet and USB that I will not use.

Today arrived a plain old RPi3B, not '+', that I ordered from RS.

I commented out some only-3B+ entries in /boot/config.txt, powered down the RPi3B+, moved the SD card to the RPi3B, moved the HAT onto the RPi3B, and moved the RPi3B into the HAT case. I powered up and Hey Presto, it all works! Amazing.

Having rested for a little while after booting, the case still on its side, and with an ambient temperature somewhere around 23°C or above, I see:

sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=600062000
temp=48.3'C
throttled=0x0

Thus, an idling CPU at a little under 50°C, several degrees cooler than the RPi3B+.

I've left in the temp_limit=70, so what happens when I run up a stressy make -k -j4 pages on the RPi3B?

%: sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1200000000
temp=53.2'C
throttled=0x0
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1148000000
temp=65.5'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=1094000000
temp=66.6'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=986000000
temp=66.6'C
throttled=0x20002
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=933000000
temp=68.2'C
throttled=0x20002
...
sencha[dhd]: sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=933000000
temp=68.2'C
throttled=0x20002
sencha[dhd]: sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=825000000
temp=69.3'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=825000000
temp=69.3'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=825000000
temp=68.2'C
throttled=0x20002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=825000000
temp=68.8'C
throttled=0x20002
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=933000000
temp=67.1'C
throttled=0x20002
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=610000000
temp=71.4'C
throttled=0x60002
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=556000000
temp=70.9'C
throttled=0x60006
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=502000000
temp=71.4'C
throttled=0x60006
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=771000000
temp=69.3'C
throttled=0x60002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=825000000
temp=69.3'C
throttled=0x60002
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=771000000
temp=68.8'C
throttled=0x60002
...
... and later after a reboot and a wait ...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=600000000
temp=51.0'C
throttled=0x20000
...
% sudo sh -c "vcgencmd measure_clock arm && vcgencmd measure_temp && vcgencmd get_throttled"
frequency(45)=600000000
temp=50.5'C
throttled=0x60000

(Note that the RPi2B+ sitting on the same shelf is idling at the same 50.5°C as I write. The RPi2B+ reports its CPU speed as 900MHz, so while the RPi3B runs faster than that then it will be ahead on performance.)

Temperature managed to sneak over 70°C, but not by much. I did manage to catch the CPUs fully thottling down to under 600MHz when busy, though that seemed to have taken longer to get to than with the RPi3B+ . And at no point have any of the case or connector shells (etc) felt hot, just warm. So likely this RPi3B will deliver as much throughput as the RPi3B+ when passively cooled and in the current case, and with a saved ~0.5W. Interesting...

Basic plan up until 26th:

• Have all applications installed, if not necessarily running (eg including the mail subsystem).
• Have GPIO, ADC, DACs and ground all tested, and connections running eg via ribbon cable to breakout box:
  • Ground, but probably not 5V or 3V3 power.
  • GPIOs for dump-load control, study-desk light control, at least one spare.
  • ADCs in for B1 and B2 12V local, nominal 0V local (biased to provide differential floating ground reference)?, and maybe a spare.
  • Maybe a DAC output line or two (including room light sensor input to disable mood light when dark?).
• Power from off-grid in parallel with existing Pi2B+.
• Start moving some services across, eg http://www2.exnet.com and https:.

Incrementally move services across, start collecting data on new system, etc, with aim of switching RPi2B+ to become mostly-off staging server with refreshed OS by end July. Actually provide power switch to allow that!

Other thoughts:

• As well as study-desk light, have provision for mood light(s) as large RGB LED (mainly mains powered, maybe also test with OpenTRV radio back-channel) in kitchen, at desk, and on trivial Web page somewhere, updating at appropriate speed, that glows brighter and angrier red as grid imports grow and grid intensity/cost is higher and at peak time. Eg, imports >500W off-peak or >200W peak-time are max red? Run local real-time process to software PWM, but try to let RPi sleep, along with more frequent polling of Enphase to control? Or off-load over WiFi to stand-alone lamp? (See Buildhub thread.)

A little after 10pm today, on a cool day with kitchen temperature ~20°C, recent (fairly idle) CPU temperatures in the RPi2B are:

2020/06/30T19:00Z 46540
2020/06/30T19:15Z 47078
2020/06/30T19:30Z 46540
2020/06/30T19:45Z 46002
2020/06/30T20:00Z 46540
2020/06/30T20:15Z 46540
2020/06/30T20:30Z 46540
2020/06/30T20:45Z 46540
2020/06/30T21:00Z 47615
2020/06/30T21:15Z 48692

and not so much higher (~1--2°C) for the RPi3B:

2020/06/30T19:00Z 49388
2020/06/30T19:15Z 49926
2020/06/30T19:30Z 49388
2020/06/30T19:45Z 49388
2020/06/30T20:00Z 48850
2020/06/30T20:15Z 49388
2020/06/30T20:30Z 49388
2020/06/30T20:45Z 49388
2020/06/30T21:00Z 49388
2020/06/30T21:15Z 49388

I am readying the RPi3B to take over the real battery power management I/O. Tere are some things still to sort out, such as the MODBUS libraries (the Raspian/Debian distribution is too old, for example).

But one aspect that can be set up is the GPIO to control the dump load, and also my off-grid desk-side light.

Both of these should now go via the Expander PI GPIOs if I want to avoid transferring one of my old HAT boards over. (A hybrid appropach remains possible too, even with flying leads.)

As with the current (old) hand-crafted HAT, I have inserted in-line 100Ω resistors to provide a modicum of protection to the GPIO driver outputs, without affecting their ability to operate the target loads.

To try to need as little hand-crafted (C) code as possible, in /boot/config.txt I am going to try dtoverlay=mcp23017,noints to set up the Expander PI MCP23017.

How To Use A MCP23017 I2C Port Expander With The Raspberry Pi – Part 1 suggests that all of port A can be set to outputs with sudo i2cset -y 1 0x20 0x00 0x00, and GPA0 turned on with sudo i2cset -y 1 0x20 0x14 0x01 and off with sudo i2cset -y 1 0x20 0x14 0x00. GPA0 corresponds to '1' on the Expander Pi 20-way connector, next to the '5V' pad.

For the record, in the far end of the ribbon cable that already takes the ADC input sample from the 12V rail, I have soldered for GPIOs:

• "GND": yellow
• "1" (GPA0): green
• "2" (GPA1): blue
• "10" (GPB1): purple: desk light (via 100Ω to red signal wire)

After some faffing (so, by 19:30) I have the desk light GPIO and script set up, using GBP1. The current script crudely sets all of GBP0 to GBP8, but is simple. I have also moved across the relevant cron jobs.

(DONE) The next job is to set up powermng on the RPi3B to to able to drive GPA0 to control the dump load, then move dump wiring across. Given that the current supply monitoring tends to read low, that we be a conservative dump control until the (MODBUS from the solar controller). The code can be based on my existing i2c handlers and/or the AB Electronics demo code.

(DONE) In fairly short order should follow the SunnyBeam logging solar throughput. Preferably done after dusk so as not to loose any generation data points.

Some careful stitching together of log files from old and new will be needed, and there will be gaps.

I'm using the final (grey) free wire on the ribbon for +5V to power the dump load driver and relay.

The full set emerging from the RPi3B on the signal (input) side is:

• "GND": black
• "ADC1" 12V supply sense: white

The output set emerging from the RPi3B is:

• "GND": yellow
• "1" (GPA0): green: dump load control
• "2" (GPA1): blue: currently unused
• "10" (GPB1): purple: desk light (via 100Ω to red signal wire)
• "5V": grey: dump load driver/relay power

Nearly there to move all the remaining powermng functions across to the RPi3...

I talk MODBUS over USB/serial from the RPi2 to my main solar controller. Though there is a libmodbus package available in the distribution I have on the RPi3 (stretch) it's a bit old at 3.0.6. I can compile against it, but at run time I can't create a 'context', possibly because of device filename limits. Possibly, however, it may just be because I don't have the appropriate USB device plugged in!

(Documentation on libmodbus.)

Recalling what I did four years ago, I could build from https://github.com/stephane/libmodbus/.

When I plug the USB connection for the MODBUS connection into the RPi3B then the /dev/serial/ tree appears, including the expected /dev/serial/by-id/usb-FTDI_UT232R_FTXIEVAK-if00-port0. But I cannot create the MODBUS context in mbaccess.cpp.

If I replace the robust long name with the short name of the USB device (where it happens to be shown this time) as below, all works:

//const char *DEFAULT_MODBUS_DEV = "/dev/serial/by-id/usb-FTDI_UT232R_FTXIEVAK-if00-port0";
const char *DEFAULT_MODBUS_DEV = "/dev/ttyUSB0";

So trying for the newer MODBUS code seems like a good idea!

I have downloaded v3.1.6 from github. I am following the build and installation instructions.

Amongst other things, this installs /usr/local/lib/libmodbus.so.5.1.0.

It turns out that the older (Raspbian/Debian) packages need to be removed to allow v3.1.6 to work properly, so they come off the system packages list for now.

It seems that once that was done powermng didn't even need to be rebuilt or reinstalled for everything to "just work". The magic of shared libraries and stable ABIs!

So as of 12:40:06Z, full power management is running on the RPi3B.

2020/08/21T12:40:06Z AL 921 B1 13575 B2 -1 P 7643 BV 13390 ST H D h A1P 12532 B1T 23 UC 100

The SunnyBeam stuff has been moved over after dusk. I have moved the OpenTRV log capture over (with my hand forced by pulling the wrong USB conenction!). I have moved EOU's 'www' pages over to the RPi3B host, and enabled https. I have still to carefully stitch/build/move some log files as appropriate. preferably before midnight.