[KITS] Rancher and FreeNas NFS HowTo

Keeping It Totally Simple: Deploy Heimdall 

Summary: Deploy a kubernetes cluster using docker as the container engine and FreeNas for the persistent storage service. Deploy heimdall workload and keep all your important links in one place. Enjoy!

  1. Deploy Ubuntu Server as Host
  2. Deploy FreeNas Server ( skip if you don't want to use NFS)
  3. Install Rancher on Ubuntu
  4. Enable ZFS Pool and create a Generic dataset
  5. Set the user and group as the same user on the Ubuntu server
  6. Create Rancher cluster and deploy nodes for etcd, controlplane, and worker
  7. Setup Persistent Storage to NFSv4 share
  8. Deploy heimdall and bind persistent storage to use as a volume
  9. Verify http/https ports are open and PUID and PGUID are set to 1000
  10. Enjoy!

To understand the permissions with FreeNas more watch this video.
Watch this video understand how to setup Rancher.


Part 2: Ubuntu 20.04 LTS on Lenovo IdeaPad Flex 5 14" 81x20005us

Lenovo IdeaPad Flex 5 14" 81x20005us 


In the first part of my review I went over the good and bad I found using Ubuntu 20.04 on the Lenovo IdeaPad Flex 5 14" laptop. This laptop a a definite buy and all features of the laptop can be used with Ubuntu 20.04 (and probably any other distro).

I'll provide a quick update on the Good and the Bad list that I want to highlight. Then I'll add some of the steps needed to get the laptop fully working on Ubuntu 20.04.

Follow up

  • Battery life is well over 4 hours with heavy use. 
  • Fan blows out to the rear and under load it isn't noticeable
  • Brightness control works but requires Linux Kernel 5.7*
  • Brightness control keys are probably in need of some tuning but totally functional
  • 16GB RAM (Not Upgradeable)
  • NVME SSD 256GB (Single Slot Upgradeable)
  • WiFi Module/Card (Looks like a mini pcie slot and is Upgradeable)
  • Web Camera (works with boltgolt/howdy facial unlock tool but need a well lit area, no IR)
  • Stylus registers as a Wacom HID 5217 device 
  • HDMI port works with External Display (Registered as Device: AMD RENOIR)*
  • Fan can be noisy if you have the laptop in stand mode and under heavy load
  • Sleep is working now with the new Kernel*
  • More photos below of the Hardware
  • See Instructions for updating the Kernel


Installing 5.7 Kernel

Use the mainline tool to update the kernel. Originally described here
  1. sudo apt-add-repository -y ppa:cappelikan/ppa
  2. sudo apt update
  3. sudo apt install mainline
  4. Open up the application mainline and select the 5.7 kernel

In order to boot into this kernel, you will need to set the Laptop to boot "Legacy Mode" because this kernel is not signed yet. 

Installing missing firmware, follow the instructions in this post.
You should be able to use all the features tagged with '*' from the follow up list.


RAM, NVME Slot, WiFi PCIe Slot

Hardware View

Top and Bottom Inside Shot

Separate Bottom Cover Carefully

Bios Version


Ubuntu 20.04 LTS on Lenovo IdeaPad Flex 5 14" 81x20005us

Lenovo IdeaPad Flex 5 14" 81x20005us 


I'll keep this short, this laptop is a buy.
At the time of this post, it goes for $599 on Amazon

Out of the box almost everything works. After installing Ubuntu 20.04 LTS, everything works except for the HDMI port. I think this has to do with the AMD AGPU and a driver is probably needed. I'll follow up with the fix once I have one if this is a software issue. 

Other than that, this laptop is a buy. I didn't bother booting up into windows. I booted Ubuntu from a USB stick and installed it with secure boot and updated the MOK without issues.


  • USB-C Charging 65W adapter included
  • 2 in 1 
  • Backlit Lenovo Keyboard
  • AMD Ryzen 4500U 6 Core CPU
  • 16GB RAM (Not Upgradeable)
  • NVME SSD 256GB (Upgradeable)
  • TouchScreen works out of the box in Ubuntu 20.04
  • Web Camera (works with boltgolt/howdy facial unlock tool, I don't think it's IR)
  • 2 X USB A 3.0 Ports
  • SD card slot
  • Glossy screen and bright enough for me
  • Comes with Stylus
  • Speakers are loud, good for YouTube Watching
  • Good amount of screen real estate
  • Fans quiet, near silent with Chrome open and playing YouTube in the backgroun
  • Plastic material has a rough feel and grips well to my wrist
  • Bezel around the screen is thin and not noticeable at all
  • Performance is great and 6 cores and 16GB of ram is plenty
  • 2 in 1 functionality works well
  • In Tablet Mode, keyboard and mouse automatically disable


  • USB C port does not support Video output must use HDMI)
  • SD Card slot is half (maybe 1/4) depth so you need an adapter if you want full time slotted SD card
  • .2lbs Heavier than a surface pro 4 with Keyboard, case, pen
  • Ubuntu Screen brightness not working, screen only turns on or off using brightness control
  • Stylus uses funky usb slot holder, just put the stylus in your bag.
  • Sound doesn't have enough bass
  • The keyboard is a good size but I noticed I my right index reaches a little more than usual for the 'Y' key, this could be due to using a Surface Pro 4 and Macbook 13" (or it's just in my head).
  • Trackpad feels cheap, it's large but the clicking is loud and has a cheap click feel to it
  • Fingerprint reader is a nice touch but it should just be on the power button or someplace above the function keys
  • CPU SMT would have been nice, getting this to 12 threads would make it the ultimate buy
  • Keyboard and trackpad do not disable when in tent or movie stand mode, this is probably an Ubuntu/Linux limitation. 
  • Screen won't rotate when in Tent mode, again probably an Ubuntu/Linux limitation. 
  • Screen does not rotate to portrait mode when converting to tablet mode, again probably an Ubuntu/Linux limitation. 
  • Webcam face detection using Howdy only works in well lit rooms.



Arista DCS-7050S-52-R Modding

Arista DCS-7050S-52-R Modding


I've recently purchased two Arista switches a 7124S and 7050s. Best piece of advice, stay away from the 7100 gen1 and gen 2 switches. These are too old and don't support enough modding features. The other issue, especiially with the Gen 1 7100, the DIMM is a special DDR2 format called Mini DIMM. Finding the right DIMM is very difficult and I have spent too much money on DIMMs going that route.

Modding Solutions

The 7050s is by far the cheapest and most mod friendly platform. I was able to upgrade it to 16GB of RAM, 4GB DOM SSD, and I've thrown several different optics towards the SFP+ ports. The swich supports EOS 4.18 and below. If you want support for 4.21 or 4.22 EOS, then you should fork the money over for a 7050QX. The issue with that platform, 40G interfaces. I don't have a need for 40G and I save approximately $400 in my hobby expenses.


By not sounding too crazy, this is my hobby. I wanted to have 10G interfaces for my VMWare Lab servers and other switches. Having OpenFlow and potentially docker available on the switch, allows me to expand my dabbling in Network Automation.

Upgrades, Configs, and Mods

Fans and Noise

  • environment fan-speed override 30

Allow SCP copy to the device

  • aaa authorization exec default local


  • Innodisk USB 4GB SSD Hard Drive NAND FLASH MEMORY DOM USB Header


  • Upgraded from 4GB of ECC RAM to 16GB of ECC RAM
    • TriCor TRF7256U64F9333G7-HYBP
  • New RAM
    • 2x8GB PC3-12800R DDR3-1600MHz 1Rx4 Reg ECC Samsung M393B1G70BH0-CK0

Compatible 3rd Party Optics

  • To support 3rd party optics and DACs, create an empty file "enable3px" in /mnt/flash/
    • CISCO-TYCO       1-2053783-2
    • CISCO-TYCO       1-2053783-2
    • US Critical             GLC-T-US
    • Methode Elec.        SP7041-M1-JN1-01
    • OEM OPTIC          E10GSFPLR-OO
    • Intel Corp               FTLX1471D3BCV-I3



  • There is a SATA connector that appears to allow for a SATA SSD drive to be plugged into it.
  • This would require an right angle connector and some way to secure the SSD drive.
  • Ideas
    • Use a right angle SATA adapter.
    • Use an M2 SATA drive.
    • Secure to the middle frame using some sort of ribbon cable.

ext4 boot

  • I would like to boot using an ext4 formatted partition.
  • Today it appears to only allow vfat with a 2GB partition size limit.
  • Aboot does a dosfscheck at boot everytime.


  • Upgrade Aboot and coreboot to allow for more flexibility and maybe features.
  • Need to learn how Aboot is flashed and how to recover from a "mistake."


Update 2:Pixelbook and Everyday Use

Pixelbook and the Home Admin Network

Today I have marked the 10th day with my new Pixelbook. I am already feeling some of the limitations when it comes to my home network and when it involves Network Attached Storage systems (NAS). Below is breakdown of some basic Home Admin Network tasks and what I do to complete these on a Pixelbook.

Drobo 5N

The summary here is to not bother with purchasing a Drobo if you are going to be a full time Pixelbook user. Don't bother considering any of the Drobo direct attach solutions. You need the Drobo application to start configuring it and to create shares for your network. That application is supported only on Windows or Mac OS. There isn't a Linux application and there isn't a Web interface for it. So do yourself the favor and don't bother with a Drobo.
I can still work with a Drobo since I have other computers I can use to manage it but what's the point? There are better solutions out there for the same price but probably don't look as good. Drobo's are designed well and do not take up a whole lot of desktop space. These devices are quiet, reliable, and easy to use. The only downside is the lack of admin controls apart from the Windows and Mac only applications. Sorry Drobo but it's been years now, you should have a solution for users who don't have a Windows or Mac systems.

Synology DS916+

This is going to sound like a sales pitch, because this is hands down the best solution for any Pixelbook power user. With this one NAS you can reach the following from the Pixelbook running ChromeOS:
  1. Everything running on DiskStation Manager Desktop (DSM).
This means you can run docker containers, VM clients, VPN clients, Administer the Volumes, Administer the entire system. Having the DSM run as of a web application and allowing for the entire system to be accessed from there is a great tool for any Pixelbook user.

Troubleshooting Home Networks

I chose my words carefully for this subheading, because there is a huge difference between enterprise networks and home networks. Sometimes the difference is just hardware and other times it is the way the hardware must be accessed in order to configure it. Home Network devices such as routers, switches, firewalls, and wireless access points mostly all have a web interface to access and configure these devices. So using a Pixelbook is not a problem. 
Even troubleshooting at the console level is possible. The Pixelbook recognizes USB to Serial adapters and you can use the Chrome Extensions Serial Term in order to establish a serial console connection to a device. Even Ubiquiti has an extension to reach devices on the network. There android apps for pings, few options for port scanning, and Proxy extensions can really help identify Firewall issues. Overall, it isn't at all impossible to troubleshoot home networks.


To put it in simple words, the Pixelbook in terms of external drive encryption lacks all the ability to try and protect oneself from a lost drive. Totally disappointing and they shouldn't allow for this go on further. Encrypting one's storage is about personal privacy beyond the device. 


A Synology NAS and some Chrome extensions later, we can have a working environment in minutes. The NAS would allow us to focus on the most important work we have and feel confident that the Pixelbook will have access to data stored in a reliable solution. 


Update 1:Pixelbook and Everyday Use

Hands On With the Pixelbook

I've recently purchased a Pixelbook and I would like to share my experiences in the decision making process for many of the experiences I've went through this week. The one major topic I won't cover will be enabling Developer mode. This is because of work requirements and I am not interested in going into Developer mode on this device. Below is a breakdown of my experience using it after a week and also a list of items I use alongside my Pixelbook.


Below is a list of accessories I purchased or already own to use the Pixelbook as an everyday device. I don't use a desktop at work or at home so laptop mobility and docking is important.


The Pixelbook has 2 x USB C ports but is not clear if they support USB 3.1 but this blog says it does. I went ahead and started my search with the requirements below.
  • Allow for USB C PD charging
  • Small footprint to allow for later mounting on the back of the display
  • SD Card support, to import images from my Sony A6500
  • Ethernet Port that doesn't create an uneven surface on the dongle
  • At least 2 USB 3.0 ports 
  • 6"-8" Cable in order to allow for mounting on the back of the display


The Pixelbook has the ability to convert to a tablet and supports a wide range of motion. There are very few cases out there for the Pixelbook and even fewer that support the full range of motion. Here are the things I was looking for in a case.
  • Support Laptop mode and Tablet mode in any angle
  • Cover keyboard when in tablet mode
  • Protect base and back of screen
  • Edge Protection and easy access to ports
  • Optional: Allow for stylus to be slotted but stay out of the way without it 
  • Fold over like a folio style case
  • Not too bulky or add too much weight for traveling


The pixelbook has a built in U2F Token. It doesn't completely replace a Yubikey but this is good enough. If something more is needed there are Yubikey USB C devices available.

Solution: Built In U2F Token via Power Button

USB Accessories

Below is a list of accessories I already had and use to dock the Pixelbook at home and work at my desk. 
In order for me to reduce the cable clutter on my desk and not have to spend too much money, I use the Elano USB C hub to charge the Pixelbook and I have the Plugable Dock using one of the USB 3.0 ports on the Elano hub. This allows me to unplug the power and Plugable when I head off to work and keep the Elano hub plugged in to the Pixelbook. 
Later on I plan to attach the Elano hub to the back of the display using 3M velcro strips. This would allow me to have the hub easily available while at work and at home. I could remove it quickly when I want to convert to tablet mode and it won't cause any damage to the device.
I can dock the Pixelbook and use it at home or at work without any issues.

Customizing Chrome OS

ChromeOS on the Pixelbook is a powerful system out of the box but there are several ways to increase it's usefulness to one's everyday needs. Below is a breakdown of what I've done to customize ChromeOS so that I can use it as much as possible and adopt it to a variety of workflows/tasks.

Android Apps

This one is a no brainer, enable the play store and simply install the Android Apps you know and love. 
  • OpenVPN
  • PingTools (Paid Version)
  • Adobe Photoshop Express
  • Adobe Photoshop Lightroom CC
  • Google Calendar
  • Trello
  • Audible
  • Google Podcasts

Chrome Extensions

There are several chrome extensions out there and many sources that review which are the best to install. There are only a few that I recommend.
By default settings import from your other Chrome Browser setups. For ChromeOS I like to configure the below settings.
  • Smart Lock, allows for unlocking from your phone via BLE and Fingerprint reader on the phone.
  • Font Size and Page Zoom setup for what's comfortable to me.
  • Setup a CUPS printer for a network printer, not cloud print direct IP printing
  • Change Download location to Google Drive folder called pixelbook-download, helps keep files off the actual device.


These are the flags that I've enabled and enjoying.
  • Native Smb Client
  • Parallel downloading
  • Enable Picture-in-Picture
  • Print Pdf as Image
  • Enable ARC USB host integration
  • Enable ARC VPN integration
  • Enable Night Light
  • Enable keyboard shortcut viewer
  • Experimental Crostini
  • Enable new Print Preview UI


I'm enjoying the Pixelbook and I have a few things I've experienced that really pushed the boundaries(limitations) of the device. 
  1. USB Formatting and create a bootable USB device
    1. There are times when a USB device with multiple partitions needs to be formatted or partitions deleted. 
    2. Creating a bootable USB device comes in handy sometimes.
  2. Local Linux Shell Environment
    1. Ctrl + Alt + t will open a crosh shell
      1. Very barebones and not very useful for CLI power users.
      2. By having something like the Linux subsystem for Windows on ChromeOS, this device would be a killer laptop for power users.
        1. You could even run powershell inside a Linux CLI now, think of the possibilities.
  3. Encrypted external HDDs
    1. There is no support for encrypting external HDDs.
      1. I have an external drive I use to backup my photos but it would be nice to sync my Google Drive to it and encrypt the drive.
  4. Android Apps that don't support Ethernet Connections
    1. Adobe Android Apps apparently do not support a network connection over ethernet only wifi.
      1. So when I'm docked I can't upload/download any photos.
  5. Android Apps and Access to USB Storage
    1. It would be nice to work off of files directly from USB storage .
  6. A little more flexibility with the shelf
    1. It would be nice to show the date on the shelf.




  • Establish TCP connection to a server in a different subnet and interface using a PFSense Firewall.
  • Allow for SSH, HTTP and HTTPS connections from a LAN client  to a FreeNAS box.
  • Keep mind intact and don't lose any sleep.


  • If you are experiencing slow connections that never seem to complete the TCP handshake, make sure your firewall and the rules/chains are correctly configured for the type of connection you are attempting.
  • After a couple of hours (to be honest more like 4 hours or troubleshooting 1 hour of blogging), I couldn't figure out why I kept receiving TCP TIME_WAIT and CLOSE_WAIT for a simple HTTP/HTTPS connection to my FreeNAS box.
    • Simple topology
      • 2 interfaces and 2 networks.
      • Create a rule to allow for network A (LAN) to talk to network B (FreeNAS).
      • TCP connections from a LAN client to FreeNAS box.
    • Complicated results
      • Created a simple rule for LAN to FreeNAS with Any Protocol, Any Source, Any Destination, and Any Port.
      • Unable to connect to FreeNAS via HTTP/HTTPS
      • Successfully able to connect via SSH.
      • Successfully able to ping between LAN client and FreeNAS box.
      • Unable to connect to FreeNAS HTTP/HTTPs port over netcat:
        • netcat <FreeNAS IP> 443 
      • OK check the logs, seeing a lot log entries for ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, and TIME_WAIT from LAN client to FreeNAS box.
      • Check chrome and inspect the traffic, same info as the logs. Good.
    • Identified the issue, but don't understand it enough
      • At this point I can see that there is a TCP connection issue, the connection goes as far as ESTABLISHED but there is an issue once the LAN client goes into the FIN_WAIT_1 state.
      • Now the problems start, no ACK from FreeNAS box and LAN client goes into FIN_WAIT_2, again no ACK from FreeNAS box  now the LAN client goes into TIME_WAIT.
      • At this point while client is in TIME_WAIT, any other attempts to connect to the FreeNAS box are going to be blocked because now the wait time needs to expire.
        • The wait time is calculated as 2 times the Maximum Segment Lifetime
        • MSL on PFSense 30 seconds so that means 2*30 = 60 seconds
          • Use the following command to determine MSL on PFSense
            • # sysctl net.inet.tcp.msl
            • output > net.inet.tcp.msl: 30000
      • After TIME_WAIT expires, the connection goes into CLOSE_WAIT and browser reports ERR_CONNECTION_TIMED_OUT
    • Solution
      • I didn't have one at first and could not determine how to solve this problem.
      • Early in the day I recalled an Advanced Feature inside the PFSense Rules from  PFSense documentation about Asymmetric Routing and Firewall Rules.
      • There is an option to select the handling of State Type to be used for the firewall rule.
        • State types - the pfSense software offers multiple options for state handling.
          • Keep state - Works with all protocols. Default for all rules.
          • Sloppy state - Works with all protocols. Less strict state tracking, useful in cases of asymmetric routing.
          • Synproxy state - Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.
          • None - Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.
        • The Keep state is the default set to the rule used in this project, but as far as documentation and what this state does, I found nothing useful. 
        • Fortunately Sloppy and Synproxy states are documented extensively and I was able to determine a solution now.
        • The Synproxy state handling is the solution used to sucessufully establish HTTP/HTTPS connections to the FreeNAS box from the LAN client!
          • Here is quick summary of what Synproxy does:
            • The LAN Client connects to the Synproxy server (PFSense box).
            • The Synproxy server estbalishes the TCP connection to the FreeNAS box on behalf of the LAN client via spoofing LAN client's SYN responses.
            • Synproxy server and FreeNAS server continue the handshake and once a connection is opened to the FreeNAS box, the Synproxy server hands it off to the LAN client to communicate with the FreeNAS box.
          • The downside
            • The PFSense box becomes a proxy for these TCP connections and this could have potential performance impact in much larger environments.
      • Overall, a terrific learning experience and really good knowledge for me to share to all of you. Thanks.

    Really Really Good References