This article will describe how to install Beremiz suite on Raspbian (Stretch) Lite, headless, non GUI; allowing to run IDE and service from another host in LAN.
This article is incomplete, see TODO items at the end.
To develop a "SOFTPLC" Modbus RTU master running on a RPi (Zero W or 3 B+) with integrated IDE, allowing remote programming, monitoring, and controlling via webserver and SVGUI; connected to cheap Modbus RTU I/O slaves.
Downloading: Download Raspbian (Stretch) Lite from https://downloads.raspberrypi.org/raspbian_lite_latest in a PC with SD card reader (or having external USB dongle with SD card reader).
Installing: Follow Raspberry Pi documents to install Raspbian Lite on a SD card, see https://www.raspberrypi.org/documentation/installation/installing-images/README.md Note for Linux users: is preferable (and fast) to use dd (as root) instead download Etcher and other stuff, see https://www.raspberrypi.org/documentation/installation/installing-images/linux.md Be carefull on where you are dding the image!!!
Enabling SSH on Raspbian Lite: a. As root, mount SD card /boot directory on a directory in your host machine; b. create an empty file called ssh on it: root@$HOST:/boot # touch ssh && sync This file will be detected on RPi first boot, enabling ssh service and after that, this file will be automatically deleted; c. unmount all SD card mounted directories (/boot and others), and extract SD card from your host machine.
Insert SD card in your RPi, connect it to wired LAN and then connect the power supply. Note: If you have a RPi Zero W (no having LAN connector), see https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md
Accesing RPi over ssh from another host
From another Linux host in your LAN, request the RPi address: a. navigate with your browser to your router's connected devices list; RPi will appear on it as "raspberry", showing its MAC and DHCP assigned address. b. other alternatives: see https://www.raspberrypi.org/documentation/remote-access/ip-address.md
From your host machine terminal, connect to RPi over ssh:
$USER@$HOST:~ ssh pi@host (RPi address)
user password will be required, default is "raspberry"
Very basic preparatory tasks in RPi terminal: a. Change pi user password (pi user has powerful sudo privileges, being a potential danger do not change its default password, see TODO on security). pi@raspberrypi:~ $ passwd b. Expand Filesystems: pi@raspberrypi:~ $ sudo raspi-config > Advanced options > Expand filesystem ; see https://www.raspberrypi.org/documentation/configuration/raspi-config.md
Allow X11 forwarding over ssh
Install xauth: pi@raspberrypi:~ $ sudo apt-get install xauth
Edit shhd (ssh daemon) configuration: pi@raspberrypi:~ $ sudo nano /etc/ssh/sshd_config a. uncomment AllowTcpForwarding yes b. uncomment X11Forwarding yes c. uncomment X11DisplayOffset 10 d. uncomment X11UseLocalhost yes Save and sync.
Installing Beremiz suite
- Install Beremiz suite, following https://beremiz.org/doc Relax!!! Compiling matiec on RPi is not so long as can be expected!
Finally, create a directory on which Beremiz service will run: pi@raspberrypi:~ $ /home/pi/../$workdir
Shutdown your RPi
pi@raspberrypi:~ $ sudo poweroff
Once shutdown is finished, disconnect RPi power supply.
- If RPi will be connected a long time in the same LAN, is preferable to previously assign a fixed address to it in the router, to facilitate ssh accessing and Beremiz PYRO settings.
Connecting to RPi to work in Beremiz suite
- From your host machine terminal, connect again to RPi over ssh:
$USER@$HOST:~ ssh pi@host Note: host = NEW (fixed) RPi address
Create Beremiz aliases to easily launch IDE and service over ssh
- Edit /home/pi/.bashrc
pi@raspberrypi:~ $ nano .bashrc
Add: # alias for Beremiz IDE and Beremiz runtime alias BeremizIDE='python /home/pi/Beremiz/beremiz/Beremiz.py' alias BeremizRUN='python /home/pi/Beremiz/beremiz/Beremiz_service.py -p $port -i $RPi_address -x 0 -a 1 /home/pi/../$workdir &'
NOTE: in Beremiz_service options, $port must be the port assigned to connect from IDE to service, $address the new RPi address on LAN, and $workdir the directory (previously created) on which service will run. This same address and port values must be entered at Beremiz IDE > Project Config tab, in URI_Location field: PYRO://$RPi_address:$port. Useful with RPi's fixed address asignation.
Using Beremiz IDE and service
- Launch Beremiz service from present virtual terminal; it will be backgrounded and virtual terminal on RPi will be free for another command (recommended htop, if you needs to terminate or kill an unresponsive process):
pi@raspberrypi:~ $ BeremizRUN
In your host machine browser, navegate to RPi $address:8009 and you will see a message: PLC IS NOW STARTED
- In your host machine, launch a second virtual terminal and connect it with RPi allowing ssh X11 forwarding:
$USER@$HOST:~ ssh -Y pi@host
Note: the -Y switch allows to forward X11 trusted servers. -X switch is to forward X11 non-trusted servers, so it often permits only a 20 minutes session.
- Once in pi user session, launch Beremiz IDE from this second terminal:
pi@raspberrypi:~ $ BeremizIDE
After a few seconds, Beremiz IDE splash window will appear on your host machine.
Be patient! Some time later, complete Beremiz IDE will be present at your host machine, allowing programming, compiling and transferring the generated virtual PLC to Beremiz service.
Closing Beremiz IDE and/or Beremiz service
Beremiz IDE normally running: simply, menu File > Quit, or Ctrl + C Beremiz IDE hanged or unresponsive: From first terminal running htop: select corresponding process > F9 (Kill) > 15 (SIGTERM); if it is "rebel" F9 (Kill) > 9 (SIGKILL) After that, close ssh forwarded X11 session on second terminal: pi@raspberrypi:~ $ exit
Beremiz service (normal or unresponsive): From first terminal running htop: select corresponding process > F9 (Kill) > 15 (SIGTERM); if it is "rebel" F9 (Kill) > 9 (SIGKILL)
After that, close ssh session on first terminal: pi@raspberrypi:~ $ exit If you want to shutdown RPi instead, do: pi@raspberrypi:~ $ sudo poweroff
Do NOT disconnect RPi from power supply without executing proper poweroff command!
Investigate on how to increase security running a softPLC in RPi
In Raspbian, being default user pi a sudoer without password requirement and no time-out, its extreme allowed privileges pi ALL=(ALL) NOPASSWD: ALL may be risky in a productive environment. I think that potential dangers must be mitigate. i.e.: setting password for root, creating a specific softplc non-privileged account and adding it to necessary groups, deleting pi user and its sudo capabilities, etc.
Forwarding X11 through ssh (for Beremiz IDE) have security implications, too, but I think that implement other solutions (VNC) has a big overhead in RPi (i.e. need a complete DE or WM, RAM usage, etc.).
Investigate on how to launch Beremiz_service.py at startup, creating and enabling a systemd unit for it
This will avoid the need to type Beremiz_service.py command (or its alias stated in softplc user .bashrc) on every boot or reboot process. This will allow to bring an automatized softPLC process at startup in productive environments, too.
Daniel Mirkin danielmirkin at gmail dot com License CC BY - SA 4.0