Daniel Wikar Personal blog about Analytics, Big Data, Microsoft and IT

Flatcar Container Linux - Bare Metal Simple Installation Guide

One of the main reasons I wanted to get netboot.xyz up and running was to simplify installation of various linux machines and more specifically Flatcar Container Linux which have really caught my interest as a minimal, immutable and always up-to-date container host.

Kinvolk, the company behind Flatcar, was also acquired by Microsoft recently which piqued my curiosity even more.

I wrote up this little step-by-step bare metal installation guide and to be able to follow this method you would need to have a spare Linux instance with Docker. I used my OpenWRT router once again but you could also use WSL2 on Windows, a Raspberry Pi with Docker or whatever you prefer.

1. Create password

Using your existing Linux/Docker instance create a password hash to be used in the config.yaml for Flatcar.

docker run --rm --interactive --tty fscm/mkpasswd --method=SHA-512 --rounds=4096 yourpassword

https://www.flatcar.org/docs/latest/provisioning/cl-config/examples/#generating-a-password-hash

2. Create config.yaml (Container Linux Config)

I created a directory /home/daniel/ignition and this minimal config.yaml.

nano config.yaml

In the password_hash section paste the hash from 1. I also added a static IP (additional comment under 6) and made my user a member of the sudo group.

passwd:
  users:
    - name: daniel
      password_hash: "$6$rounds=4096$this_is_where_you_paste_your_really_long_password_hash"
      groups: ["sudo"]
networkd:
  units:
    - name: enp0s25.network
      contents: |
        [Match]
        Name=enp0s25

        [Network]
        DNS=1.1.1.1
        Address=192.168.100.252/24
        Gateway=192.168.100.1

https://www.flatcar.org/docs/latest/provisioning/cl-config/examples/

https://www.flatcar.org/docs/latest/provisioning/config-transpiler/configuration/

3. Transpile config.yaml into ignition.json

cat config.yaml | docker run --rm -i ghcr.io/flatcar-linux/ct:latest > ignition.json

https://flatcar-linux.org/docs/latest/provisioning/config-transpiler/

4. Setup local webserver

Setup a local webserver to host the ignition.json file and serve this during the Flatcar installation. I decided to share the directory /home/daniel/ignition using port 7080 in order to not conflict with an existing webserver.

docker run --name nginx-ignition -v /home/daniel/ignition:/usr/share/nginx/html:ro -p 7080:80 -d nginx

5. Local installation

Everything is now prepared and we’re ready to boot into a live version of Flatcar either via ISO or PXE on the target machine.

Using netboot.xyz you can pass the ignition.json already during first boot but since we’re going to do a local installation we can skip this step.

Once booted you will automatically be logged into a shell on the console without prompting for a password.

Now it’s time to transfer the ignition.json file locally using the webserver from 4.

wget http://192.168.1.1:7080/ignition.json

If you are unsure of your disk setup you can check this with…

lsblk

And you then perform the installation by running…

sudo flatcar-install -d /dev/sda -i ignition.json

6. Network configuration (Optional)

During my first installation I specified the wrong interface name (should have been Name=enp0s25) in the config.yaml and I haven’t figured out how the automatic naming works so on my second try I ran…

netstat -i

To list all active network devices…

Kernel Interface table
Iface             MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0          1500        0      0      0 0             7      0      0      0 BMU
enp0s25          1500    58858      0    420 0         26959      0      0      0 BMRU
lo              65536        0      0      0 0             0      0      0      0 LRU

Then I modified config.yaml with the correct interface and transpiled again through step 3 before installing 5.

Done

Now you should be able to ssh into your freshly installed Flatcar Container Linux instance.

Full documentation is found here.

Good luck!

Comment

OpenWRT + netboot.xyz

There are numerous ways to get netboot.xyz running as a PXE server together with OpenWRT but this is the simplest (and only) way I got it to work 😊

Inspired by this forum post but I couldn’t get it to boot straight from http so instead I did the following.

1. Created a tfpt-directory in the root of OpenWRT

mkdir tftp

2. Downloaded netboot.xyz.kpxe and netboot.xyz.efi locally

cd /tftp
curl http://boot.netboot.xyz/ipxe/netboot.xyz.kpxe -o netboot.xyz.kpxe
curl http://boot.netboot.xyz/ipxe/netboot.xyz.efi -o netboot.xyz.efi

3. Modified /etc/dnsmasq.conf to act as TFTP server

nano /etc/dnsmasq.conf

Add this block to the end of the file.

####################################
# TFTP Server custom configuration #
####################################
enable-tftp
tftp-root=/tftp
dhcp-boot=netboot.xyz.efi
/etc/init.d/dnsmasq restart

(Couldn’t get the BIOS/EFI identification to work so I manually switched between netboot.xyz.kpxe and netboot.xyz.efi)

4. Finally a crucial but hard to find configuration change for OpenWRT

Disable the LAN interface to announce itself as a Local IPv6 DNS server which in turn somehow conflicted with the iPXE DNS lookup (even though booted in IPv4 mode).

Available through the OpenWRT interface. Network -> Interfaces, LAN -> Edit, DHCP Server -> IPv6 Settings. Untick this box if ticked.

local-ipv6-dns-server

Identified through this thread.

Done

Good luck!

Comment

Thinkers vs Repeaters

Creative and critical thinking are key factors in both creating and sustaining success.

During my career I have come across two different groups of people, as always there’s really a spectra between the two but to be able to clearly describe the distinguishable differences I’ll focus on the extremes; Thinkers and Repeaters

So what’s the characteristics of a Thinker? They think for themselves, have a mind of their own and have the ability to create new creative/critical thoughts out of thin air based on their own experience and competence. Nothing is taken for granted and they don’t trust blindly, everything has to be proven and evaluated. They welcome external input for inspiration, challengement or enlightenment - but this is something they consciously evaluate to validate, oppose or reshape their own thoughts.

“Knowledge has to be improved, challenged, and increased constantly, or it vanishes.” - Peter F. Drucker

The Repeaters on the other hand can seem and sound very initiated, they can be charismatic and well-spoken but the actual words coming out of their mouths are based not on thoughts of their own but rather the words of other Thinkers or Repeaters. They depend on other people to do the thinking for them to repeat and present as their own, be it colleagues, subordinates, consultants or other external parties with or without agendas of their own.

Repeaters have a hard time (often unknowingly) separating right from wrong, A from B, facts from opinions, helpful thoughts from hidden agendas, etc.

Repeaters repeating the words of other Repeaters often end up in a ‘whispering game’ where the actual initial thought from a Thinker is lost or messed up along the way.

The lack of true understanding can even make the Repeaters’ claims end up in a complete jumbled mess where the ‘thought’ in one sentence is opposed already in the next (again unknowingly).

Sometimes it’s easy and sometimes it’s really hard to distinguish a Repeater from a Thinker. There are professional and clever Repeaters who have built their whole career in being experts at repeating other’s thoughts as their own and doing it really well.

For some nuance it’s hard to be a Thinker in every single domain but there are clearly severe drawbacks in being a Repeater within your main profession, both for yourself and for the actual Thinkers around you.

So, are you a Thinker or a Repeater? How about your manager? Your colleagues?

Crossposted @ LinkedIn

Comment

Install Data Mining Add-in In Excel

Edit: This has also been confirmed working in Excel 2019 / 2021 / Office 365.

Ever since the release of Excel 2016 a compatible SQL Server Data Mining Add-in has been missing. There has been numerous requests for Microsoft to release an official update but so far this hasn’t happened.

Having Excel 2013 and Excel 2016 installed side-by-side has been used as a workaround to get the Excel 2013 DM Add-In semi-working also for Excel 2016. The following registry hack is allowing the otherwise blocked installation to proceed for Excel 2016 without the need for an actual Excel 2013 installation.

  1. Download Microsoft® SQL Server® 2012 SP4 Data Mining Add-ins for Microsoft® Office® (Latest official version)

  2. Insert the following entry in the Windows registry (.reg file here but use at your own risk) excel2016-hack

  3. Proceed with installation which now shouldn’t complain about missing Excel 2010/2013

Comment

ERP World View

erp-world

During my career I have encountered numerous different ERP systems, vendors, consultants and specialists. Something that has struck me as common for many (but not all) ERP professionals is the lack of understanding for the need of other enterprise applications and/or integration of the same. Many also seem to favor customizations within the ERP rather than making it a part of a service-oriented landscape with other enterprise or business unit specific applications.

“Documentation? Well, we do have some ER diagrams but they’re not complete or up to date.”

“Why would you like to extract data out from the ERP?”

“Services? Interfaces? We’d suggest you to take a look in the database if you really need some of our data.”

“We already have that in our ERP, not as good but it would still be better to use that.”

“Integrate? Wouldn’t it be better to just migrate the data into the ERP?”

Anyone with similar experiences or maybe the opposite?

Comment