Home Automation Part 2 – Setting up the Raspberry Pi

1. Introduction of the Home Automation project
2. Part 2: Setting up the Raspberry Pi
3. Part 3: Building the control box
4. Part 4: Securing the software
5. Part 5: Public access to the service
6. Part 6: Setting up the app

This is part 2 of the Home Automation project. Feel free to check out the project description here, if you have not already. The first steps of creating your own Remote-Control-Box is to set up the Raspberry Pi with the needed software, which will be described in this post.

Installing Raspbian OS

Let’s get right into it. There are multiple supported operating systems for the Raspberry Pi, but in this project the official Raspbian Stretch OS will be used, as there is no need for a desktop version. Just follow the official installation guide to install the OS on your micro SD card.

Setting up remote access

In the next step we will make the Raspberry Pi accessable within your local network. To accomplish this an wireless connection (optional) and ssh must be configured. The standard user on the Raspbian image is ‘pi’ with the password ‘raspberry’. These credentials will be changed in Part 4: Securing the software. Before starting, it might be useful to change the keyboard layout by changing the XKBLAYOUT:

sudo nano /etc/default/keyboard
sudo reboot

The configuration of wireless networks on debian-based systems like the Raspbian OS is pretty simple. Just replace the placeholders with your actual network credentials or use the raspi-config command.

sudo sh -c '{ echo ""; echo network={; echo ssid=\"name_of_the_network\"; echo psk=\"password\"; echo priority=100; echo }; } >> /etc/wpa_supplicant/wpa_supplicant.conf'

It is also advisable to set a static ip address for the Raspberry Pi to be able to connect to it with SSH and later on from the HomeAutomation-App. The following command achieves this (the ip addresses must probably be changed).

sudo sh -c '{ echo ""; echo "interface wlan0"; echo "static ip_address=192.168.0.200/24"; echo "static routers=192.168.0.1"; echo "static domain_name_servers=8.8.8.8"; } >> /etc/dhcpcd.conf'

After changing the network configuration another reboot is required.

sudo reboot

Before continuing upgrade all packages of the newly installed OS.

sudo apt update && sudo apt upgrade -y

Now enable SSH by using the raspi-config command or the following commands:

sudo systemctl enable ssh
sudo systemctl start ssh

A much more comfortable way of using SSH is with Public-Key-Authentication. First of all a public-key-pair must be generated. In this tuturial I will describe the process using PuTTYgen and PuTTY as the Host OS is Windows. Please follow this guide if you are on Linux.

Generating a key with PuTTYgen is easy; First of all select the SSH-2 RSA key-option under the key tab. After that click on the Generate button. When the process is finished save both, the public and private key. Next we go to the Raspberry Pi and copy only the Public key in one line to ~/.ssh/authorized_keys as follows and type ssh-rsa before it:

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown $USER:$USER ~/.ssh -R
nano ~/.ssh/authorized_keys

Be careful to really copy the Public key without any linebreaks in it, otherwise the key does not work! It should look like this (no linebreaks):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhJFEVj33ZDgD84koj7T1E+yGbWTUpUIiRo0n2ZJ2VA1TnnyHgwuTkQDZTIi6uquOUytobKjp9Gfsh9PdxJfSp93KF2Y9NVMBH10Loiw/zRZmcPlhSaXAl/cl64vMHjMlscZAU0autgr6FTaGsgYRAOE+hITvhwggjn8eZ5Ig0Eic1/FR2bIL29iujXomquKrytLBBlC5NIDBVAoATRS24S6B5wjcUXp/ISjmzqflcoBQQxQ1XSEhnaEEz+ST9IIuFz/lVh+cL2q8M9X1mh0E1vIvBFvxL5ukk/2zh7F4b0DP8OrW7IZ2qcwlcEQUCiz4vjD4mrmOfIgyY2O6z2hkQw==

To enable Public key authentication and disable password authentication change the following parameters in ssh-daemon’s configuration at /etc/ssh/sshd_config:

PubkeyAuthentication yes
PasswordAuthentication no
X11Forwarding no

Restart the SSH service to apply the changes.

sudo service ssh restart

The application also needs the keys in PKCS8 format to encrypt and decrypt the username and password, which are sent by the HomeAutomation-App. The private key must first be exported into the OpenSSH format with the PuTTYgen tool and then copied with WinSCP to the /tmp directory of the Raspberry Pi.

mv /tmp/openssh.priv ~/.ssh/openssh.priv
cd ~/.ssh
chmod 0600 openssh.priv
openssl pkcs8 -in openssh.priv -topk8 -out private-pkcs8.pem -nocrypt
ssh-keygen -e -f openssh.priv -m PKCS8 > pub.pkcs8
rm openssh.priv
sudo chown tomcat:tomcat pub.pkcs8

Note: The file names of the keys must not be changed as they are hardcoded in the HomeAutomationBackend.

Installing required packages

There are some packages required to run the project as described in the Introduction of the Home Automation project.

sudo apt-get install openjdk-8-jre apache2 mariadb-server phpmyadmin git-core wiringpi python-pip
sudo pip install Adafruit_DHT

Choose Apache2 at the installation prompt of PhpMyAdmin and configure it with dbconfig-common.
Set the default JRE with update-alternatives and set the JAVA_HOME path

sudo update-alternatives --config java
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-armhf/

When all of these steps are finished, check if Apache2 (http://192.168.0.200) and PhpMyAdmin (http://192.168.0.200/phpmyadmin) work by opening these links in the Browser (with your own selected ip address).

Tomcat 9

Before the installation of Tomcat 9 can begin the newest version must be found here. At the moment of creation Tomcat 9.0.24 is the most recent version.

sudo useradd tomcat
sudo su -l root
echo "/usr/sbin/nologin" >> /etc/shells
cat /etc/shells
exit
sudo usermod -s /usr/sbin/nologin tomcat
groups pi
sudo usermod -a -G i2c tomcat
sudo usermod -a -G gpio tomcat
sudo deluser tomcat sudo

wget http://mirror.klaus-uwe.me/apache/tomcat/tomcat-9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz -P /tmp
sudo mkdir /opt/tomcat
sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
sudo ln -s /opt/tomcat/apache-tomcat-9.0.* /opt/tomcat/latest
sudo chown -RH tomcat: /opt/tomcat/latest
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Now let’s create a tomcat service and enable it at startup. To accomplish this it is necessary to copy the following content to /etc/systemd/system/tomcat.service.

sudo nano /etc/systemd/system/tomcat.service

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/java-8-openjdk-armhf/"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headl$"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/catalina.sh start
ExecStop=/opt/tomcat/latest/bin/catalina.sh stop

[Install]
WantedBy=multi-user.target

Enable and start the new tomcat service:

sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl status tomcat
sudo systemctl enable tomcat

Pi4j

curl -sSL https://pi4j.com/install | sudo bash

Download the HomeAutomationBackend

Download the HomeAutomationBackend from Git and change the code if needed. For example there could be added more sensors or plug sockets, if desired.

Open the persistence.xml in HomeAutomationBackend/src/META-INF/persistence.xml and change the password in the value of the javax.persistence.jdbc.password to the password of your database.

Then open the project with eclipse and export it as WAR file by right clicking the project -> Export -> WAR file

Copy the WAR file with for example WinSCP to the /tmp folder.

sudo mv /tmp/HomeAutomationBackend.war /opt/tomcat/latest/webapps/
sudo -u tomcat /opt/tomcat/latest/bin/shutdown.sh
sudo -u tomcat /opt/tomcat/latest/bin/catalina.sh run

When Tomcat started successfully try to access your public key in the browser by using this URL (modified to your own IP address): http://192.168.0.200:8080/HomeAutomationBackend/rest/information/PublicKey

Congratulations if you see your public key. You have finished Part 2 successfully and can now start building the Remote-Control-Box as described in Part 3: Building the control box

Links and Sources

• https://linuxize.com/post/how-to-install-tomcat-9-on-ubuntu-18-04/#step-3-install-tomcat