Month: February 2023

Posted on

My Podman Containers Boot With Systemd

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am reasonably sure my Podman containers won’t be randomly going down anymore. Let’s get started!

I enjoy using Podman as a stand-in for Docker, but its rootless approach to running containers inherently challenges sysadmins facing Docker’s help and tutorial legacy. The most problematic difference I’ve experienced has been keeping containers running long-term. Months ago, I learned how to enable account lingering. This allows Podman containers without something remaining logged in as their respective users. I’ve been living with manually restarting containers as needed. Well, since I decided to enable automatic security updates, starting containers automatically would be prudent before expecting other family members to rely on them.

Against all odds, my initial search this past Wednesday yielded a blog article from Red Hat about integrating Podman containers into Systemd [1] to start them at boot. It was posted the day before.

Podman and Systemd

I trust Red Hat to not post malicious commands, but it’s still a good idea to learn about strange commands before running them. Red Hat’s tutorial starts with making a new user, enabling linger, and running a containerized web server. The first important command I ran was

$ podman stop httpd && podman rm -a && podman volume prune

This command appears to thoroughly clean out Podman. I’ve mounted volumes from the host before to persist data, but there’s a more flexible volume structure I only learned about just now when researching for another section I had to spin off into a near-future post. I haven’t used them yet, but I’m sure they’ll be useful once I learn how to use them.

$ podman generate systemd --new --files --name httpd

This command makes a new systemd file. The –new option recreates the container fresh each time it’s brought online. –files sends the configuration to a file instead of the terminal. –name must be the name of a running container or pod.

$ cp -Z container-httpd.service ~/.config/systemd/user/

The file generated previously goes in a directory where systemd will find it when used with the –user flag. The -Z flag matches permissions with the destination directory. The tutorial finishes with a daemon-reload followed by starting and enabling the user’s service.

Takeaway

This is a resource for my bookmarks. That is all.

Final Question

I took the opportunity during this project to put a Minetest server on ButtonMash, but I’m having difficulty obtaining permissions. I can see its logs in Cockpit-Podman, but I don’t have access to the server command line. How am I supposed to get started with adminning Minetest?

I look forward hearing your answers in the comments below or on my Socials.

Work Cited

[1] A. Oliveira, “Configure a container to start automatically as a systemd service,”redhat.com,Feb. 21, 2023. [Online]. Available: https://www.redhat.com/sysadmin/container-systemd-persist-reboot [Accessed Feb. 27, 2023].

Posted on

I Made a Single-Task Computer

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

A situation at my church’s elementary school has recently come to my attention: the library lacks a computer, the conference is pushing online timesheets, and the librarian doesn’t use a smartphone. I know a little about get-me-online machines, so when I felt a little prompt from On High, I got to work.

My first thought was to shift directions on the old church office computer from my recent work with Puppy Linux, but it lacks a monitor, mouse, or keyboard. Then my sister’s netbook surfaced (Toshiba NB505). As spiritual predecessor to Chromebooks, netbooks are perfectly sized for toddlers. The original power brick had a frayed cord, but I found a spare. It booted to Windows 7 Starter Edition (32 bit). It reportedly slowed way down at some point. Even Puppy Linux (running 64-bits) felt sluggish running Firefox. Nevertheless, I accessed the timesheet website.

I soon learned about Firefox’s –kiosk mode; it got me thinking about launching it as part of boot directly to the needed webpage. Instead, I sought out a specialized kiosk distro and downloaded myself Porteus Kiosk. I substituted my Ventoy USB for whatever the oddly worded instructions aimed at store managers would have me do. The install media (“first boot”) walks the user through connecting to the Internet, downloading Firefox or Chrome, creating or loading a config file, and flashing (“burning”) a customized image to a hard drive.

The system took a night’s work to install a few times and harden. I password protected the BIOS and disabled booting the Windows drive because I’m more worried about the SD card surviving an accidental removal and landing last in the boot order than someone using a strange, bootable USB. I tediously refined my installation procedure until I was consistent. Its slow boot wasn’t fun.

I had 15 minutes the next day with the school Wi-Fi. Much of that was tracking down the password. Once online with browser obtained, I loaded my config file from the previous night, flashed the SD card, and rebooted, ticking away what time we had scheduled and more – only for a failure to reach the Internet. Discouraged, I packed up left – my only consolation a surplus Valentine’s Day goodie bag.

We figured it was probably some network whitelist until the kiosk worked properly back at home. Had the it failed? I didn’t catch the success/failure message flashing by earlier, so maybe? Another day’s attempt at the school involved accessing site with a laptop from a different school-owned network. I paid close attention to the allegedly successful output, but it again found my Wi-Fi and not the school’s.

Just as I was about to start report a failure for now, I noticed my home Wi-Fi name and password hidden in the config file I was loading each time after the first. I slapped the school’s credentials and left it for my mother to deploy, though not without a Puppy Linux USB as a backup plan. I wrote detailed instructions on getting online and saving the first day’s session. Thankfully, they were unneeded.

Takeaway

Production. I’ve never done a project intended to operate outside my supervision before. I’m proud of this project, and I’m glad it will be of service while until a more permanent solution.

Final Question

I noticed this week how much I seem to be using my Ventoy multi-boot USB. What is your most valuable tool?

Let me know in either the comments below or on my Socials.

Posted on

It’s Time I Install EndeavourOS

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project for the week. Let’s get started!

OS installation side project. We’ll see how this goes.

Manjaro has a hate club, and I sympathize with it. It’s stable most of the time, but gives me a large bombshell or two per year. I’ve been meaning to try out EndeavourOS, another user-friendly take on Arch, and my hard drive filling up is as good an excuse as any.

One small task before starting: my file system hangs whenever I try to access a down or inaccessible NFS share on GoldenOakLibry, and it won’t unfreeze until making contact again or forced closed. LibreOffice Writer is a notable offender as it can lock up attempting to autosave. A deeper look into this issue and it works as intended. For what it’s worth, GoldenOak’s HDD’s spin up in loosly 45-50 seconds, so allowing for a rounded minute in the automount file seems reasonable (TimeoutIdleSec).

NFS:
Network File System

HDD:
Hard Disk Drive – specifically the kind with spinning platters

EndeavourOS Installation

I updated the EndeavourOS installer on my Ventoy USB drive and verified it with sha256sum. When I booted to it though, I found it in legacy BIOS mode, and I’m after UEFI experience. I tried my PopOS image from working with UEFI on my sister’s computer, and it too ended up in legacy BIOS. I even booted my old copy of Windows 10 – legacy BIOS. Does my hardware support UEFI or not?!

In short: yes. I dug up a setting in my motherboard firmware to allow UEFI and Legacy, disable Legacy, or disable UEFI. Curious, I disabled Legacy to force UEFI boot. Windows disapeared, EndeavourOS hung, and Manjaro surprisingly loaded just fine, though it sat so long on a black screen I thought was hanging the first time. Sure enough, it had an efi directory, confirming a UEFI boot:

$ ls /sys/firmware/
acpi dmi efi memmap

Ventoy’s Grub2 option got me into UEFI/EndeavourOS for installation. It was otherwise an unremarkable experience compared to other “easy” installers I’ve used. I researched each unfamiliar option and chose systemd-boot as my boot loader even though it only works for UEFI installations.

Moving In (Pacman)

Moving in was dead simple and super clean. Mind blown. In order of installation, my top priorities (after a lefty mouse and stylized pointer) were Firefox, LibreOffice, and NFS – the minimum needed to continue drafting this post. EndeavourOS lacks a visual package manager, so I formally introduced myself to Pacman.

Firefox came preinstalled. I mounted my Manjaro drive and copied ~/.mozila over. Boom! All my tabs, windows, extensions, bookmarks, and everything else was present and accounted for. Maybe a font was different, but I’ll research it later if I’m not adjusted by then (editing note: I’m adjusted now).

LibreOffice was a pain, if you could call it that. I needed to research the “fresh” and “still” branches (testing and stable, respectively), and opted to see what I had on Manjaro. I pulled a massive shortcut and used chroot to approximate a Manjaro shell instead of rebooting back and forth a bunch. Power rush! After a break to mentally process the power grab, I installed the “still” version and later followed it up with hunspell-en_us so spell check had a dictionary.

chroot:
CHange ROOT – starts a shell with a root directory deeper within the file system.

NFS was the last and most routine piece to access GoldenOakLibry: create mountpoints, copy and enable .mount/.automount files. Ray Lyson’s NFS/Samba guide is easily a favorite bookmark [1].

I began listing other things to bring over: ~/.ssh, Discord, FreeTube, AngryIP, Balena Etcher, and Steam are all things I use with varying frequencies. SSH and Discord involved packages from Pacman and copying my old data, like I did with Firefox. Steam offered me my first non-elective challenge when I had to research the correct Vulkan libraries (graphics drivers) to use.

Moving in (Arch User Repository)

My other listed programs will be built with the Arch User Repository, a listing of user-submitted scripts called PKGBUILD files. It is strongly recommended you inspect AUR scripts before running them, and to avoid using automated tools like yay until you’ve manually built and installed a few packages. Hold bad files accountable by flagging them, and vote for ones that build packages properly. Reputable AUR packages may be adopted by a “Trusted User” and relocated to the main repositories.

FreeTube has five different AUR listings. Git (potentially unstable), Wayland (outdated), and appimage (few votes) are all unsuitable – leaving freetube-bin and freetube for serious consideration. Freetube-bin has almost 3x more votes and 22x the popularity (how recently/widely used a package is) as well as having a longer maintenance history. On closer inspection, freetube builds from source, while freetube-bin converts a .deb package. For the purposes of learning AUR from 0, I’ll be using freetube-bin.

Freetube-bin’s AUR page has a Git clone link. Its PKGBUILD file looked simple enough. Makepkg finished, leaving me with the original .deb it downloaded and a .pkg.tar.zst file I eventually found and installed with Pacman. I copied over ~/.config/FreeTube, only to find it was from a broken install I had replaced inelegantly.

AngryIP scanner has only one version: ipscan, but it requires Java. I went through the process of installing GraalVM for Java19/aarch64, replicating a set of symbolic links pointing to Java.

$ java -version

Wrong architecture. I replaced my install with the amd64 version, and that worked. I made a note there in /usr/lib/jvm to use amd64 next time and deleted my raw downloads.

AngryIP/ipscan’s PKGBUILD file builds it from source, and as such looks more involved. The most suspect thing was a for loop I didn’t understand right away. I went to build the package and mere Java doesn’t count as java-runtime. It wants one of 124 Java packages to satisfy its one dependency. I found a version of jre-OpenJDK. Pacman wasn’t amused with my GraalVM shortcuts though, so I disabled them. Both jre-openjdk was installed shortly and ipscan compiled afterwords. Over the weekend between download and installation, AngryIP had gotten a minor revision. I’ll pass for now.

Oh, Balena Etcher. WOW! Three popular candidates showed up – two were a version out of date, and the other a very new appimage with zero maintenance history. I downloaded the the Appimage PKGBUILD anyway and instected it. It looked enough like the others I decided to go with it. Building and installation went smoothly.

Takeaway

It speaks volumes to my personal progress that I thought this might be “side project.” I was wrong, but I must remember that similar projects used to take at least one week for the base OS install and another for each major program I wanted. My impression is that EndeavourOS is for people who are/ want to be fluent in the command line, but don’t want to deal with straight Arch.

EndeavourOS is taking my skill to the next level. I’ve learned by both blitzing the boring tasks and slamming into using the AUR without cheating packages in with pamac. KDE is all purple, but I’m game for the change from the traditional blue.

GRUMBLE! EndeavourOS had a core package update as I was finishing my editing, and now it hangs while booting. I’m back on Manjaro, and updates were waiting. I moved some stuff over so my 1.8gb download could fit. I also linked ~/.mozilla to my EndeavourOS copy.

This computer is messed up right now.

Final Question

I’ve had a busy week with material going on for three potential projects. How was yours?

I look forward hearing your answers on in the comments below or on my Socials.

Work Cited

[1] R. Lyon, “On-Demand NFS and Samba Connections in Linux with Systemd Automount,” Ray Against the Machine, Oct. 7, 2020. (Edited Aug. 26, 2021). [Online]. Available: https://rayagainstthemachine.net/linux%20administration/systemd-automount/. [Accessed Feb. 13, 2023].

Posted on

Call the Electrician

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

My house has been having intermittent electrical issues for a while, but they flared up enough to diagnose a couple weeks ago. It affected our computer room and the downstairs/backyard lights. Kitchen appliances and most other outlets were on other breaker circuits, thankfully.

It was Monday afternoon. Last week’s post was up, and I was tentatively researching February’s big project. My sister, Taz, asked for help moving her workstation to another room and off the faulty circuit. She warned me about her outlet sparking, so I equipped some leather gloves before I began jiggling out her UPS.

UPS:
Uninterruptible Power Supply.

The outlet crackled as blue arcs flashed within the empty, upper socket and along the blades of the UPS plug as I wrestled with it. The room lights flickered off a few times, adding to the gut feeling I was aboard a starship, working over a console ready to explode in my face.

I put an amount of effort befitting a temporary relocation while arranging Taz’s computer. The challenge was her Internet connection. With OpenWRT fresh in my mind, the hardest part was deciding on a previous project SD card to overwrite.

Each card’s identity was easily confirmed by mounting it and checking <disk>/etc/label. One Raspberry OS install stuck out as redundant now that I use BalenaEtcher for disk imaging.

We quickly ran into an important gap in my networking knowledge: DNS. I shelved PiHole last week in part because I couldn’t get OpenWRT’s DHCP server to properly advertise it as the DNS server. Manjaro/KDE was mostly in last week’s attempts – even allowing for a DHCP IP with a manual DNS, but Windows’ “manual” IP configuration got wiped each time I tested “automatic (DHCP)”. This led to confusion and frustration when Taz saw our hosted Minecraft server online, but not the authentication servers for lack of DNS.

DNS:
Domain Name Service – translates URL’s into IP addresses, a “phone book” for computers

DHCP:
Dynamic Host Configuration Protocol – Automatic IP address configuration, a matradee for networks.

The electrician gave our sparking outlet a checkup. He said that as first goodie on the breaker circuit, everything else is wired in series. When it shorts, everything else is affected before breaker pop. Our outlet has buckled under a heavy load over years’ time; we’ll minimize its usage until repairs happen this coming week. Fun fact: lights and sockets sharing a breaker is a code violation, but it could have been fine when the house was built.

In the meantime, I idled a day or two while trying/failing to fix my DHCP configuration for lack of search terms. OpenWRT’s Lu-Ci web interface strikes a good balance: it’s user-friendly without being baby or admin-proofed. Nevertheless, I took my issue to r/techsupport’s Discord, where I learned about DHCP-options. So far as I can tell, DHCP-options is just a lookup table. Option 6 specifies a list of IPv4 addresses as DNS servers:

6,192.168.0.2,192.168.0.20

Takeaway

Messing with a sparking outlet the way I did was stupid. A few days’ retrospect told me I should have had a fire extinguisher ready. Editing this the night before posting, it dawns on me that de-energizing the whole breaker circuit would have been better still. I’m thankful nothing happened and that the situation is stable enough to wait for a repair.

I’m also glad to have learned about DHCP options. Of note, I picked up this week that Raspberry Pi Wi-Fi radios were never going to win any performance prizes. My Internet slowdowns are not just me.

Final Question

I’m trying something new by isolating glossary terms in a column. They were a pain to figure out, but I think I can control them now. What do you think?

Let me know in either the comments below or on my Socials.

Privacy Policy