Thought for the day

Posted on February 16, 2002 by Dave

I notice that when our 20 month old son Russell plays with the little toy oven, he likes to take the animals from the Noah’s Arc toy and throw them in, like a good little omnivore. It makes my heart swell with pride to know that my son appreciates a good cut of meat cooked to perfection. Well, while I was cleaning out the toy oven today, I noticed that he tossed in Noah and his wife as well. Should I be worried?

Posted in Social | 1 Comment

Kubernetes Essentials for Fedora

Posted on May 17, 2025 by Dave

After decades of running Linux applications as native packaged installations ( first on bare metal and then in virtual machines ) I’ve taken on the task of migrating the majority of my networked application deployments to containers running in a kubernetes cluster of VMs host on my Fedora Linux workstation.

Why the change ? Frankly, this is a bit overdue. But here are the benefits I hope to realize:

  • Simpler re-deployment process across a cluster of devices
  • Improved / consolidated monitoring
  • Dynamic automated recovery of failed services
  • Expanded device management options

While podman, rancher, containerd and docker would have simplified setup on a single workstation significantly, my ultimate goal is to have any compute device in the house seamlessly transition to hosting services without my intervention. Settling on a Fedora CoreOS base node VM under Kubernetes with the CRI-O container runtime seemed appropriate given the broad usage and routine updates supporting the OS and the K8s platform.

Given the kubernetes nodes were initially planned to run on a single high capacity server, I implemented a PXE netboot configuration on a virtual bridge through libvirtd to create a kubernetes control plane and worker node among other targets based on the MAC address pattern binding the ignition configuration through PXE.

This is a learning experience – so I limited the installation to getting a Kubernetes environment running and ready for application installations. The Fedora Project did not quite support seamless installation on CoreOS of Kubernetes. There were a couple issues related to the read only nature of some runtime directories referenced by the kubernetes applications that required finesse to address.

Here are a few tips that might be of assistance:

  • This effort is a project – the scripts and butane configurations are maintained as a company ‘admtools’ project in our internal git repository.
    • YAML configurations are maintained under a ‘deployment’ folder
  • Achieve repeatability –
    • Created an environment install bash script invoking virt-install to create and add the nodes to the cluster
    • Leverage butane configurations to take advantage of Ignition support in Fedora CoreOS installations.
  • The cluster can be initialized running kubeadm init through Ignition startup
    • Package installations in Fedora CoreOS are OS extensions installed through rpm-ostree to create an overlay for the read only directories.
    • The command line options for kubeadm init are insufficient to address the read only directory issues – a kubeadm configuration file must be used to address altering references to those directories.
  • I opted to use Calico as the CNI for performance and security flexibility.
    • A simple configuration takes three commands to complete after the control plane is running.
  • A bare kubernetes installation can be managed and monitored easily by a knowledgeable admin – I need a few tools:
    • Install Dashboard for a web interface presenting cluster status
    • Install Prometheus to collect and present performance metrics
    • Install helm to support deployment processes with a single YAML config for each application.
  • Install nginx to provide reverse proxy support for web applications and keep the pod network isolated.
Posted in Uncategorized | Leave a comment

Simplify VMs with netboot

Posted on May 17, 2025 by Dave

In order to minimize overhead on enabling R&D while maintaining control of company IP, I wanted to ensure any team member would be able to spin up a R&D environment with zero or marginal delay. We could just spend the money on AWS instances, however I wanted the benefits of maintaining a small on premise cluster of servers to host those environments, such as:

  • Lower long term costs with sufficient utilization – start with one server and scale up if necessary
  • Low cost archive / restore of past projects
  • No-cost access to on-premise servers / services for integration

We wanted to balance cost with simplicity and mostly adhere to common practices for portability. As such, we focused on creating a simple netboot configuration on our internal dhcp server to support network installation on a bare-metal VM referencing a minimal Ubuntu ISO with a cloud-config ISO volume attached to trigger custom VM setup.

Initial Configuration

Some articles discuss classifying network devices and implementing more advanced differentiating configurations on the corporate network dhcp and tftp servers. These features sound great, but we wanted the initial rollout to mostly enable scenarios with zero-configuration effort.

We went opted to start very simply and – given the internal support for dhcp and tftp on network configurations in libvirt – implemented netboot on the libvirt R&D network configuration. We made a minimal edit adding the following two XML config nodes:

  • child node under the ip node: <tftp root=’/var/lib/tftp’ />
  • child node under the dhcp definition: <bootp file=’pxelinux.0‘ />

To complete configuration – we need to create the tftp root directory, download pxelinux.0 there, and follow the guide provided by Ubuntu to extract the necessary files from the ubuntu live ISO to the tftp directory. The Ubuntu guide is derivative of the pxelinux documentation and can be adjusted with some knowledge of pselinux.Note: Fedora Core provides a convenient package, syslinux-tftpboot, that installs the necessary files in a tftpboot directory on the root filesystem that I found to be a bit more convenient for accessing those files.

We chose to maintain boot configurations for Ubuntu, Fedora, and Fedora CoreOS. We achieved this by maintaining a configuration for each OS in the /var/lib/tftp/pxelinux.cfg directory and linking the configuration to a MAC pattern per the pxelinux documentation. Each configuration passes a cloud-init or ignition configuration to provision admin account access and any other universally available features.

We maintain all referenced images locally on the libvirt host to enable offline support and enhance install performance.

First Boot Experience

The experience on first boot is highly dependent on the new VM configuration, which we have settled on as follows:

  • Pass the R&D network as a network (isolated to the VM host)
  • (optional) Pass a bridged network as an additional network ( we prefer an externally defined VLAN enabled bridge limited to R&D usage )

This configuration allows immediate access to the VM on our pre-configured R&D network and optional isolated access by VLAN.

Posted in Uncategorized | Leave a comment

Android’s Achilles Heel

Posted on May 14, 2015 by Dave

I’ve been a big fan of open source and the Linux platform since 1992 and was thrilled when Android initially launched leveraging the legacy of this platform. My family has Android phones and I acquired several Android tablets over the past few years, along with 3 iterations of the iPhone.

While we can get all our apps on both iOS and Android, I’m now convinced that my next tablet purchase should be an iPad. Initially, the variety of devices supporting Android was a huge plus for selection of an Android tablet. Now, however, this only serves to fragment the platform and highlight the contention between driving device sales and supporting end users for those vendors shipping Android tablets.

Because of the customizations against Android required to support customized hardware changes for each cellular provider – cell enabled products have a useful life of perhaps 18 months before the carriers stop issuing updates to focus on new products. This is the nature of the Android ecosystem where the carriers are responsible for software updates across a wide selection of hardware with varying design specifications. As a consequence, I have a Samsung Galaxy Tab 2 that is now stuck at Android 4.1 absent updates from T-Mobile which would likely have included performance and security fixes in later Android versions that would extend the useful life of the device by a year or two.

In contrast, Apple has pretty much nailed it. They do not allow the carriers to update iOS. This guarantees that Apple’s mobile platform will remain fresh, up-to-date, and secure as patches to the operating system and version updates are available and supported on older devices. The device support is much simpler and more reliable without involving the carriers. I have not had issues with updates on any of my iPhones having used an iPhone 4 for several years before rolling into an iPhone 5s and then upgrading to 6 just to get the NFC hardware support.

Considering the vastly improved design and hardware in tablets today, the expected lifetime for these devices should really be several years. It appears to me that Apple is the only real choice for enterprises providing tablets to their employees if the expected device lifespan is more than 2 years in light of the history around Android updates and the absence of any driving changes in the ecosystem around the Android OS updates with the cellular carriers.

Posted in Mobile Technology | Leave a comment

Doubling DVR Media Storage Efficiency

Posted on January 24, 2015 by Dave

I’ve been wanting to kill our cable contract with Verizon for a while – now we’re getting a step closer.

I record TV shows from HD broadcast onto my computer so we can stream them out to apple and android devices as well as the TV in the living room via the attached media center. Our 3 terabyte disk is almost full – I don’t want to spend $200 to get another 2 3-TB disks (need to double up for RAID / backup) or reconfigure the media drives for more volume.

The DVR cards record in MPEG 2 video format with MP2 audio producing some pretty large files. I’ve cobbled together a little utility on Linux using ffmpeg to re-encode to h264 with aac audio – more compatible with apple devices and also 40-60% smaller files by using some logic I cooked in to figure the right bit rate based on the frame size and original quality level. It also removes the letterbox from the DVR produced files, further reducing the file sizes.

It’s going to take 3-4 days to go through the low resolution half of our 600 recordings, but after that, those files will play nicely on Chris’ iPad, my iPhone, and the other devices in the house. Of course, I don’t have to run each file – the utility finds all the video and re-encodes it without any help from me

Posted in AV Media Management | 1 Comment

Should I Upgrade an iPhone 5s to an iPhone 6?

Posted on September 12, 2014 by Dave

iPhone5sSo the iPhone 6 is in pre-order now and it’s got some pretty compelling new features – but is it worth upgrading my iPhone 5s? What do I get with an upgrade and does it matter that I’m on T-Mobile ?

iPhone6The big changes are the introduction of NFC to support Apple Pay, handling of more LTE frequencies, an improved CPU to bump up general processing speed and give a bigger lift to graphics processing, better photo capture, claims of marginally better battery life, and a larger screen. It seems like there is enough there to justify the upgrade – especially if T-Mobile is going to give me a $350 credit towards the iPhone 6 for trading in the 5s.

One factor causing some hesitation is the additional LTE bands supported by Apple primarily focus on bandwidth acquired by Sprint and do not address new bandwidth being allocated to T-Mobile that provide better service inside buildings or other structures that interfere with higher frequency signals. This also means that as T-Mobile grows, I’ll not be able to move to lesser used low frequency LTE bands with the new iPhone and will need to pick up the following generation when it becomes available if they add support for the new bands supported by T-Mobile.

Considering the higher probability that support should be forthcoming in the next generation iPhone, I am almost certain to want the upgrade when it becomes available. I can live without the lower frequency LTE support for now as T-Mobile also routes calls over the internet when I can connect my phone to a wireless network in my offices. This mitigates some of the challenges associated with the higher bandwidth frequencies losing strength going through walls in some buildings.

I’ve thought about adding an Apple Watch to add the NFC capability to support Apple Pay through the iPhone 5s by pairing the device – the thought has some appeal. I also get the added capability of tracking health related information and getting status at a glance absent having the iPhone immediately on hand. But there is an undefined timeline on availability on this which will be sometime early in 2015 according to Apple and the cost for the Apple Watch starts at $349 plus any additional for extras. If I was forced to choose between either an upgrade or a watch, I might consider waiting to make the choice until after the release and availability of the watch for hands on evaluation.

The cost to an iPhone 6 is $750 if I keep the 64GB limit of storage – or $400 considering a $350 trade-in on the iPhone 5s. This translates to an incremental $16.67 on my T-Mobile bill if I finance the $400 over 24 months at 0% interest through T-Mobile financing. I usually max out the phone features to make the phone last longer, but in this case 64GB has been more than enough with 20GB still available and I’m likely to trade the phone in again when new LTE frequencies are supported. I’m guessing it only needs to last me a year and maintain some trade-in value for the next upgrade – and if not I can likely stretch 64GB of storage to last me two years if I keep the bigger files on a cloud service.

With the OS being a non-factor (iOS 8 will be available for download to the iPhone 5s shortly) – are the new iPhone features compelling enough to upgrade the 5s ? With my only hesitation being the lack of frequency support in the lower bands used by T-Mobile, it appears as though an upgrade is likely worthwhile as there is no guaranty that frequency support is forth-coming in the next year. By limiting the storage at 64GB, I allow myself to bump up the storage later and will not be setting myself up for more hesitation if frequency support is in the next iPhone.

Posted in Mobile Technology | Tagged , | Leave a comment