In general, it’s considered a best practice when running containers to ensure that the images are being rebuilt on a regular basis to pickup security/bug fixes. In a real production environment, it’s common to use something like jenkins, github actions, or some type of automation or CI/CD workflow to keep the images fresh. ….but here at my house, I only have a single server that runs containers and my use case doesn’t really warrant a more serious CI/CD setup. This blog will show you how to setup a simple “perpetual motion” machine to automatically rebuild container images and then auto-update them. It’s also pretty easy to setup and works great too!
This is the “after” ….I always forget to take the before shot!
This is the “after” ….I always forget to take the before shot!
This is the “after” ….I always forget to take the before shot!
I’ve been running a little home server for probably close to twenty years. Originally, it was driven by my desire to learn Linux and run a whole-home MythTV setup. I still think that was an amazing setup for the time, but of course things change and broadcast TV just isn’t what it used to be. About five years ago, I decommissioned my server and moved my media library to a Helios4 by Kobol. My media frontends are now mainly built into our TVs, Fire TVs, or phones/tablets. The NAS was definitely a cool unit and helped my electric bill some, but ultimately the performance left a lot to be desired. ….using it for ostree commits the past few years was painful.
A few days ago an electrical storm took out my trusty APU 1d. At first I thought that it was only the power supply that died, but the WAN NIC is not recognized ~80% of the time. I thought I could simply just use the OPT1 port instead, but no. Randomly the WAN port will reappear and wreak havoc with the system and basically stop all traffic on my network until it would again randomly disappear. It was an amazing piece of equipment, as was my trusty Alix 2d3 before it. ….even though I love these systems, it’s time to move on.
I wanted to try OPNSence instead of pfSense for this install. The only real hiccup I ran into moving over was around DHCP support for HTTP Boot. The pfSense team added a UI option for this not too long ago and it’s been super helpful for some of the Red Hat related provisioning testing I’ve put together. Anyway, my RFE was justifiably declined due to the deprecation of ISC dhcpd. No worries because it was pointed out that it’s super simple to add dhcp configuration drop-ins manually.
Adding dhcpd config outside of the UI
The project documentation does a great job of outlining how to do this. Basically just SSH to the system, create a file under: /usr/local/etc/dhcpd.opnsense.d/ and paste in the following w/ the correct IP & path for your environment:
class "httpclients" {
option vendor-class-identifier "HTTPClient";
match if substring (option vendor-class-identifier, 0, 10) = "HTTPClient";
filename "http://[webserverip]/path-to-efi-nbp";
}
That’s it! Once this file has been written, just reload/restart the DHCP server and the config will take effect. If you’re using a RHEL or Red Hat derived distro you’ll want to load the shim for grub as the NBP (network boot program). This is typically /EFI/BOOT/BOOTX64.EFI on the boot media. If you want to move out of the stone ages w/ PXE/TFTP, HTTP booting straight from the firmware is awesome. Basically, just copy the boot media to a web server, modify the grub menu as needed (you’ll likely need to adjust the kernel & initrd paths to align w/ your web server path), and finally pass the desired NBP. If you’re coming from the PXE world, there’s a good chance you’re using pxelinux.0 or some flavor of ipxe, that will get replaced with grub. Easy peasy!
Raised garden beds are fantastic because they drain well, are relatively easy to build, and are capable of producing an impressive yield of food. Amanda and I have built a couple of these based on the Pioneer Woman’s blog post on this subject. These worked really well for us, but we wanted to step up our garden and needed to solve two problems: 1) more space 2) protect against rabbits and our crazy dog. Other geographies will need different adaptations to protect against different pesky critters, for example burrowing animals. The design shown here should lend itself fairly well to various types of adaptations. If you come up with something neat please share it with us!
About a year ago I started working with HTTP boot. It’s great that we no longer need a TFTP server for network booting, but there are also a few less than ideal challenges with the newer method. The biggest one is lack of documentation and simple configuration with DHCP servers. There are some examples available for the isc-dhcp-server used in many Linux/Unix systems, but if you’re using something like Ubiquiti or pfSense, good luck! It’s been a while since I’ve looked at an enterprise IPAM setup, but I fully expect support to be lacking there as well.
I opened a bug on this issue and was really impressed with how quickly the team jumped on it. Now if you’re running the 2.6.0 release, which is the latest as I write this, it’s pretty simple to get this up and running. Basically they added a field for UEFI HTTPBoot. It sounds simple enough right?
But adding it wasn’t working on either of my systems. I did a little packet sniffing and compared the response I was getting from my pfSense system vs a working dhcpd config in RHEL. In short, pfSense wasn’t sending option vendor-class-identifier “HTTPClient” with the response so my systems weren’t responding to the URL. Luckily it’s super simple to add this in the UI. Basically just add an additional option w/ the number 60, Type Text, and HTTPClient in the Value section. As seen here:
And that’s pretty much it. My network now offers up both PXE and HTTP boot to clients and it works really well. Hopefully this will help someone until this option is provided by default when the “UEFI HTTPBoot URL” is used.
Now all that’s left is to come up with a menu system that’s as powerful as syslinux that works with HTTP Boot. To date, I’ve only used GRUB and ……it really makes me miss the menu system from syslinux. It’s superior in every way IMO.
Recovering your Barwa chair is totally possible and we’ll help you do it!
Barwa chairs are amazing. It’s a mid-century modern chair that features two sitting positions; both are incredibly relaxing and comfortable IMO. The design is incredibly smart yet simple and elegant in the execution. The chair pictured here belonged to my father’s family and is approximately 70 years old. In April of 2021, Amanda and I restored it and documented a fair amount of the work here on youtube. Covers are incredibly difficult to come by, but the good news is you can make your own! Start by watching the videos and I’ll detail as much of the process as possible here. Also, please leave comments with your tips, suggestions, etc. I’ll keep this page updated based on feedback, and hope that it becomes a valuable resource to help others maintain these wonderful chairs.
I’ve been a big proponent of network based provisioning pretty much my entire career. My second job out of college involved imaging ~800 computers multiple times a week. When I was hired, my predecessors used floppy disks to load a small OS, matching NIC driver, and imaging client (remember Ghost?!). The bottom line was it was very time/labor intensive and a horrible process. Imaging a group of systems took about 30-60 min. Long story short we reduced that time to about 5 min after we leveraged a combination of PXE, wake-on-lan, UNDI drivers, vlans, and IGMP snooping. My second iteration of the solution took the total attended time to less than 30 seconds. Anyway, it’s amazing technology for provisioning, and I even got hired at Red Hat by giving a presentation on PXE. Needless to say, I’m a huge fan!
I’ve been really interested in the potential behind the unified cgroup hierarchy, aka cgroup v2, in the kernel for a while now. I even helped out with a talk on this subject earlier this year. It’s worth listening to Tejun’s part of the talk if you’re not familiar with the value behind v2. While a lot of user space, for example systemd, has really solid support for v2, there have been historic gaps around virt and containers. On the virt side, initial v2 support went into libvirt 4.9 or 5.0, and it’s continuing to be improved. For containers, we’re tracking the OCI progress here and here, and Giuseppe Scrivano has done some great v2 enablement with an alternative runtime he wrote called crun. crun is basically runc re-written in C, and while there are pros and cons on the language side, it’s ridiculously fast at instantiating containers compared to runc.
As a RHEL & Fedora user of Atomic Host, I find myself using package layering on a regular basis. I typically only want a limited selection of repos enabled to keep the metadata transfers to a minimum. This is really simple with the default Fedora repos, but can be trickier with RHEL depending on the subscription that’s attached to the system. Subscription-manager can quickly disable everything and then enable the desired repos, but it’s a slower command to execute as it connects to the CDN. Anyway, I found this sed snippet handy for making this easy and quicker: Continue reading “Controlling repos with sed”
I bought my first Amazon Fire TV in the summer of 2014, and 2.5 years later I’m still loving this device. In fact, I liked it so much that I moved my whole house over to Fire TVs: living room, bedroom, and a fire stick in the playroom (all 1st gen). These are primarily used for streaming content, e.g. Netflix, Amazon Prime, etc, mythtv front-end for over-the-air TV via Kodi, and now video games!
Growing up I bought a lot of CDs. Even thought I’ve converted them all to MP3s, I still can’t part with my collection. Storing these in a usable manor has been a challenge over the years though. I’m at the point where I think all CD storage that exists sucks. In fact click here if you don’t believe me. The depressing state of this lead me to use an existing book case I already had a few years back.
…..okay so the tile of this should probably be XBMC/Kodi on the FireTV, but whatever.
I love the small footprint
It’s been over 10 years since I’ve cut the cable with ….cable/satellite, and 7 years since I’ve deployed MythTV and ditched Tivo. Disregarding some negligible hardware costs, I’ve been spending about $20 a year on television. Absolutely awesome! About four years ago I started supplementing local broadcasts with streaming services like Netflix and Amazon. This was great from a content and cost perspective, but proved challenging from a Linux/Flash support perspective. At first the best option was to dual-boot to Windows, but this had extremely low WAF, Wife Acceptance Factor (and even worse OSAF, or open source acceptance factor). About a year ago I picked up some cheap Sony blueray players that supported all the the streaming media capabilities we needed. They’re a great buy and I’d highly recommend these units since they offer a lot for ~$50. The problem this left me with is the fact that I have this old, power hungry, x86 computer next to my televisions, and the percentage has shifted to where we stream 70% of what we watch. I thought about deprecating MythTV, but honestly it’s just too good to ditch. Plus I already have the infrastructure (master backend server and tuners) and we still need something for our movies and broadcast shows. Continue reading “MythTV on the Amazon FireTV”
So RHEL 7 has been out for about a week, not including the beta or RC cycles, and one of the changes is worth documenting. Unless you use a Satellite Server, the concept of registering to RHN is gone. That means no more rhn_reg or rhnreg_ks to get your updates.
GNOME3 doesn’t do the best job of handling monitors of a different size, especially when they’re setup vertically. Having said that, it’s almost a perfect user experience if the larger monitor is setup as the primary. When the smaller one is primary, at least in my case, windows do not maximize properly and resize while dragging between screens. I’m probably the last person on earth to learn about this but the primary display can be selected by dragging the top panel to the other screen under Settings -> Display. I still consider myself a KDE guy, but I’m enjoying GNOME a lot more now that I’ve set the larger screen to primary. I should probably RTFM once in a while.
I got almost ten years out of my 19″ Dell Ultra Sharp monitors, but the 4×3 resolution really started getting to me. I picked up two of the Asus VS247H-P 23.6-Inch LED monitors for $120 each on Amazon. They’re not the best monitors I’ve ever seen, but for the money they’re amazing. My favorite thing about them is they have three inputs: VGA, DVI, & HDMI. For the first time I have all my systems connected and I don’t have to fish for cables. While a KVM switch would be ideal, I don’t switch to the other systems enough to warrant the cost. I leave my primary desktop on the left one and dual screen my work laptop on the right. When I record I extend the desktop screen to the monitor on the right, as that’s the only time I need both on my desktop. Two other inputs go to my Lenovo testing workstations, and I have an extra HDMI port for embedded boards like the raspberry pi. I’ve had the setup now for four months and it’s turned out even better than I expected. With 4K becoming the new “HD” now is a great time to pickup a good 1080p-ish monitor on the cheap.
I decided to get Audrey a PC for her fourth birthday. She’s a little too young for it, but I really want to get both our girls exposed to technology at an early age. Another goal is for them to learn to touch type at an early age. Anyway, I didn’t really want to spend a lot of money on something that’s likely to get broken. I figured a netbook would fit the bill perfectly. Lucky for me my brother-in-law wasn’t using his old Eee PC 900, and gave it to Audrey for her birthday. To make this more fun I went with a Hello Kitty theme on the system. It’s running Fedora 19, XFCE desktop, sugar, KDE Education Project, and a home page of pbs.org.
Hello Kitty wallpaper really helped get her interested. It’s such a cheap trick, but it’s effective.
I was reminded tonight that newer versions of syslinux (one of my favorites) has broken out libraries from the previous stand-alone modules. Traditionally, for setting up PXE environments all that was needed was pxelinux.0, memdisk, menu.c32, vesamenu.c32. The friendly folks on #syslinux directed me to http://www.syslinux.org/wiki/index.php/Library_modules
Basically now you’ll need:
pxelinux.0, memdisk, menu.c32, vesamenu.c32, ldlinux.c32, libutil.c32, libcom32.c32
in the root of your tftp server.
All of these can be found under the bios directory when you download versions 5 or 6 of syslinux.
I’ve been running Fedora for quite some type and it’s hands down my favorite bleeding-edge distro. Since I’ve been at Red Hat though, I’ve been using RHEL on my work laptops, and I’ve really enjoyed the experience and stability. So the past three years it’s been Fedora at home and RHEL at work, and that’s worked out perfectly. …..until now. Continue reading “Fedora 19. Making libvirt and firewalld play nice”
I love mobile devices. You name it, laptops, smart phones, tablets, etc. There’s just something about a small screen that’s portable that draws me in. I still have very fond memories of my first monochrome PDA with 2 MB of storage. I also had a really great Windows mobile device, the HP 1910 made by HTC. Back in the day these things were amazing. …but they’ve started accumulating in my house. I need a better lifecycle for getting rid of old things I no longer use. Continue reading “How much is too much?”
Over the Christmas break I re-wired my “server room” at the house and I accidentally plugged in the wrong power supply to my original HDHR. The unit is supposed to run on 5 volts but I sent 12 through it. The only reason I noticed was this electrical burning smell. After taking apart the case I could tell the inductor behind the AC jack was what was heating up and creating the odor. It turns out this wasn’t the problem but rather the symptom of IC7 being blown. The support I received from Silicon Dust, the manufacturer, was amazing. Not only did they help me troubleshoot a unit who’s warranty expired years ago, but they also told me the make/model of the chip so I could order a new one. My buddy Daryl helped with soldering, as I’ve never done components this small and my soldering iron stinks. A replacement chip was ~$3 from Digikey and the HDHR works perfectly and no longer smells like burning.
