(resolved) Optimisation/configuration of Diet-Pi

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Locked
Von Cheam

(resolved) Optimisation/configuration of Diet-Pi

Post by Von Cheam »

So, there are plenty of guides out there for people wanting to optimise their Raspbian setup; most of the procedures in such guides (thankfully!) seems to be already taken care of/unnecessary/not-applicable to Diet-Pi. However, there are some optimisations in some guides that seem like they might apply to Diet-Pi too. My questions are as follows:

1) Of the following optimisations, are any of them possible/beneficial in Diet-Pi?
2) If so, are the steps/procedure to accomplish them the same as in Raspbian?

A couple of common guides that seem like they have parts that might apply to Diet-Pi are here:

https://web.archive.org/web/20130625182 ... mory-usage
https://www.raspberrypi.org/forums/view ... ?f=9&t=850

..but for convenience I'll reproduce the procedures I had in mind directly:

1) Format partitions with journalling disabled (before OS installation)
This cannot be done on the system drive, so let's do it while we're booting off another drive, at the same time we're formatting it:

Code: Select all

sudo mkfs.ext4 -O ^has_journal -L PiBoot /dev/sdx1
sudo fsck.ext4 -f /dev/sdx1
2) Remove the extra ttys/gettys
tty2-tty6 will be disabled, keeping tty1 for console

Code: Select all

sed -i '/[2-6]:23:respawn:\/sbin\/getty 38400 tty[2-6]/s%^%#%g' /etc/inittab
Disable getty on the Raspberry Pi serial line

Code: Select all

sed -i '/T0:23:respawn:\/sbin\/getty -L ttyAMA0 115200 vt100/s%^%#%g' /etc/inittab
3) Disable IPv6
Add .conf file to sysctl.d

Code: Select all

echo "net.ipv6.conf.all.disable_ipv6=1" > /etc/sysctl.d/disableipv6.conf
Disable the kernel module

Code: Select all

echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist
Remove IPv6 hosts

Code: Select all

sed  -i '/::/s%^%#%g' /etc/hosts
4) Replace Deadline Scheduler with NOOP Scheduler
NOOP scheduler is best used with solid state devices such as flash memory.

Code: Select all

sed -i 's/deadline/noop/g' /boot/cmdline.txt
5) Disable recording of file and directory access times and set data ordering to writeback
Open the hard drive config file with

Code: Select all

sudo nano /etc/fstab
Add the noatime (no access time), no diratime (same for directories instead of files) and data=writeback options after the defaults parameters for each drive, except swap. Modified line should read something like:

Code: Select all

/dev/sda2 / ext4 defaults,data=writeback,noatime,nodiratime 0 0
Do that for each drive, save, and remount your drives with

Code: Select all

mount -o remount /
If it turns out that some of these optimisations are in fact beneficial in Diet-Pi and/or the steps are different from those in Raspbian, and if there are no real plans to include them in the Diet-Pi installation or in DietPi-config, perhaps we should have a dedicated optimisation guide for Diet-Pi? Just a thought!

(In case the particular optimisations that apply to me are dependent upon what I want from my Pi: I want to run my (B+) Pi as a headless, offline, lightweight audio platform (in fact as the 'brains' of a boom box, ghetto blaster, Frankenstein sorta thing), wherein boot time, codec latency/throughput, etc. are the most important performance factors.)
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Optimisation/configuration of Diet-Pi

Post by Fourdee »

Hi Von,
I want to run my (B+) Pi as a headless, offline, lightweight audio platform (in fact as the 'brains' of a boom box, ghetto blaster, Frankenstein sorta thing), wherein boot time, codec latency/throughput, etc. are the most important performance factors.)
I currently have my RPI B (256mb) running exactly this setup (Hifi / MPD+YMPD). Works like a charm. Simply select "HiFi" from dietpi-software.

In reply to your optimizations:

1) Format partitions with journalling disabled
This is something i've not tried yet. Will take a look when I can.

2) Remove Gettys
Already applied to all DietPi systems.

3) Disable IPv6
Applied with v79 update.

4) Replace Deadline Scheduler with NOOP Scheduler
Applied with v79 update.

5) Disable recording of file and directory access times and set data ordering to writeback
Access stamps are disabled. Writeback is not set (powerloss/crash could cause data loss).
2) If so, are the steps/procedure to accomplish them the same as in Raspbian?
DietPi is based on Raspbian. So yes, the procedure and results are exactly the same.

UPDATE:
Added a few of your optimizations to v79.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Optimisation/configuration of Diet-Pi

Post by Fourdee »

Von Cheam wrote:3) Disable IPv6
Add .conf file to sysctl.d

Code: Select all

echo "net.ipv6.conf.all.disable_ipv6=1" > /etc/sysctl.d/disableipv6.conf
Disable the kernel module

Code: Select all

echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist
Turns out the above does not work on wheezy. Both IPv6 module and sysctl is still enabled.

Here is the tested method to correctly disable ipv6, and, will be applied in v80:

Code: Select all

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
echo 'blacklist ipv6' >> /etc/modprobe.d/ipv6.conf
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
DietPirate

Re: Optimisation/configuration of Diet-Pi

Post by DietPirate »

I fixed the ipv6 bug by renaming /etc/modprobe.d/blacklist -> blacklist.conf

I had also added the stuff to sysctl (but unsure if that's even required when the module is blacklisted).
DietPirate

Re: Optimisation/configuration of Diet-Pi

Post by DietPirate »

@Fourdee

Have you considered adding dropbear ssh host key regeneration to the install script, so that evrone doesn't use the same key?

I'm not sure what's the best command parameters for regenerating keys but this seems to work:

Code: Select all

#Generate a host-key:
rm /etc/dropbear/*key
dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
Related commands, depending on your needs (probably more secure than the one above):

Code: Select all

#Paranoid-sized key below:
dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss -s 2048

#Extract a public key suitable for authorized_keys from private key:
dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys

Also, how can I turn off the automatic update checker? I'd like to have control over any outbound connections, including checking for updates when I choose to.

Are there any additional automatic connections done at any time (besides dietpi-survey) ?

I also want to take the opportunity to thank you for a great job on DietPi. It's a great image and I use it on all my Pis because it's so lightweight and provides a good base to build on.
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Optimisation/configuration of Diet-Pi

Post by Fourdee »

DietPirate wrote:@Fourdee

Have you considered adding dropbear ssh host key regeneration to the install script, so that evrone doesn't use the same key?
Hi,

Didnt occur to me as my SSH client always prompts for an updated key on every fresh DietPi install. I will add your code to the 1st run scripts and during dropbear install just to make sure.
Also, how can I turn off the automatic update checker? I'd like to have control over any outbound connections, including checking for updates when I choose to.
At the moment this isnt possible. I will get this added to v80 which will allow you to disable update checker.

Are there any additional automatic connections done at any time (besides dietpi-survey) ?
- NTPD runs every 24 hours and during boot. Uses -q flag to "quit when done"
- DietPi checks for DietPi updates every 24hours and during boot. The following is downloaded and read.
- apt-get update is ran every 7 days as a background process. The last update timer is checked during every boot and cron.daily. This will only update if past 7+ days.

Cron Jobs used in DietPi:
Cron.Daily
Cron.Hourly
I fixed the ipv6 bug by renaming /etc/modprobe.d/blacklist -> blacklist.conf
I did try this, couldnt get it to blacklist the module. I'll have another look at it. Thanks for the tip.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
DietPirate

Re: Optimisation/configuration of Diet-Pi

Post by DietPirate »

Fourdee wrote: Didnt occur to me as my SSH client always prompts for an updated key on every fresh DietPi install. I will add your code to the 1st run scripts and during dropbear install just to make sure.
I'm not too familiar with Dropbear but in the case of other distros (like Kali) that come with SSH servers pre-installed (usually OpenSSH) it is highly recommended to regenerate the ssh keys immediately upon a new install for security reasons. In worst case I suppose evil-doers could pose as your machine for a man-in-the-middle attack, knowing that many people don't change their default keys.

My reason for suggesting this is that although it's a fairly simple task to do manually upon a new install, DietPi already utilizes a first-run installation script so it's easy to just throw it in there for automation since it's something everyone should be doing anyway.

But please do make sure it's the proper way to regenerate keys for Dropbear as I haven't had time to research it fully myself. My examples are just what I've been using as a quick fix and not sure if it's the best way to do it, in regards to the command line parameters and whatnot.
Fourdee wrote:
I fixed the ipv6 bug by renaming /etc/modprobe.d/blacklist -> blacklist.conf
I did try this, couldnt get it to blacklist the module. I'll have another look at it. Thanks for the tip.
I first tried adding the lines to sysctl.conf but it didn't work, not even after reboot. It seemed to only read those lines after manually running sysctl -p after every boot. However after I also renamed blacklist->blacklist.conf I no longer had an ipv6 address upon reboot.
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: Optimisation/configuration of Diet-Pi

Post by Fourdee »

DietPirate wrote: My reason for suggesting this is that although it's a fairly simple task to do manually upon a new install, DietPi already utilizes a first-run installation script so it's easy to just throw it in there for automation since it's something everyone should be doing anyway.

But please do make sure it's the proper way to regenerate keys for Dropbear as I haven't had time to research it fully myself.
Integration into DietPi's 1st run scripts and patch file is done. I've done a bit of extra research, seems you were spot on.

Generate Private Key:
dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

Generate Public Key from Private Key:
dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys

Using this link as a reference , and, this link. It appears we should only need to create the private key. The end user should be responsible for generating and sharing the public key, as required.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
DietPirate

Re: Optimisation/configuration of Diet-Pi

Post by DietPirate »

Nice job! Thanks again for your work.
Locked