tag:blogger.com,1999:blog-73354387383042841492024-02-18T23:55:59.435-08:00Inventor's ParadoxThe solution to a general problem is simpler than a solution to a specific problem, the solution of many problem is simpler than the solution to one problem.yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.comBlogger163125tag:blogger.com,1999:blog-7335438738304284149.post-36521660610628016832023-06-08T17:47:00.001-07:002023-06-08T17:47:28.261-07:00Rants On NFS Lack of File Handle Visibility To Sysadm<p> NFS is a not-so-recent solution to share filesystem across linux nodes. It have some capability that are currently indispensable for Linux Clusters : to lock files across nodes and allow either exclusive or non-exclusive access to the same file.</p><h3 style="text-align: left;">Fault Tolerance / Recovery</h3><p>I have read some papers on NFS, it should be able to recover a restarting host / server. Unfortunately in several occassion we found this to be not quite true, after a host serving NFS being restarted, we have stale handle errors in the client. The workaround is to restart NFS client, and if that still doesn't fix the situation, restart NFS server. In our cases sometimes we need to restart twice across the cluster (because the client hangs running a program over NFS). Some might said program shouldn't be run over NFS (and only data files should) but we have deployed a SAP documented cluster architecture that requires such use of NFS.</p><h3 style="text-align: left;">Locks</h3><p>When a file were locked in the NFS, a lock is being created in the host and the second one is also being created in the client. The problem occured when the lock is exclusive and we don't know which container in which nodes are locking the file. So in that case we have a specific file and we are wondering which process having the file lock. In our openshift cluster, we have 9 worker nodes each with capacity of 160 containers, and each and every container have a possibility to hold such locks. On the other scenario we want to find which files are being locked on the server hosting the NFS share. Why can't there is a kernel API to show the path of NFS locks on ZFS filesystem.. lslocks can't tell us anything about the file path, presumably caused by combination of the filesystem (ZFS) and the lock process is actually in remote host. In previous post I showed zdb -dddd to check file path, but alas in the 7.5.x ZFS this doesn't show any path.</p><h3 style="text-align: left;">Handles</h3><div>Sometimes we need to identify which app or process is having a high NFS traffic. This might be a symptom of a runaway process writing endlessly to your shared storage, which need to be identified (so the process could be stopped and avoided disk full incident, or we could decide to move the storage to a faster one for such process/ shared directory) But currently there is no such luck identifying which process or app. If only there is an utility to do that.. When dumping NFS traffic, only file handle are shown, and file contents were sent across the network, but we are unable to get the file name/path (and thus no clue to detect which app are writing the file).</div><div><br /></div><h3 style="text-align: left;">Disclaimer</h3><div>If any of this is not true, and there is a solution for the problems above, please contact the author for clarification.</div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-69932782280734681322023-06-04T00:31:00.001-07:002023-06-04T00:31:51.408-07:00Decision Making Puzzle 1<p>Lets say that currently you are managing a big multi-year project that have significant impact in your enterprise application landscape. Suddenly there is another significant business initiative that also requires a thoughtful, distinct change in the core applications to support it, and have somewhat shorter timeline. Do you : </p><p>a) request help from one of your system implementation vendor in the first project, knowing that some parts require some expertise that this vendor's team has, and knowing it would delay your first project because the whole team moves on from working on the first project to the second one,</p><p>b) finding another team to support the change, knowing there is some effort that will need to be put in preparing budget, preparing procurement process to for the new team, so your involvement in first project will be reduced also,</p><p>or</p><p>c) manage the changes between yourself and some peers, knowing that the only person to understand the needed change in the core applications is you and your peers, and also knowing the second initiative is higher priority than the first project, thus allowing you to have minimum involvement in the first project for the time being.</p>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-38035870776297651132023-06-03T21:33:00.002-07:002023-06-03T21:33:53.950-07:00Copying Big Oracle tables Using Apache Spark<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Background</h2>
<div>
Sometimes we need to copy table data from one database to another. Logically the best way to do this is to do database specific export (expdp in oracle lingo) and import in the destination database (impdp in oracle). But sometimes there are deficiencies in this method such as unable to do parallel process for single table, and requirements of DBA access in the database. This post shows how to do table copy using Apache Spark and Apache Zeppelin.</div>
<h2 style="text-align: left;">
Preparations</h2>
<div>
In order to allow Apache Spark access to oracle jdbc connections, we need to add dependency to ojdbc6.jar. To do this, write this paragraph in Zeppelin :</div>
<div>
<br /></div>
<div>
<div>
%dep</div>
<div>
z.reset()</div>
<div>
z.load("/path/to/ojdbc6.jar")</div>
</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Basic Approach</h2>
<div>
The most basic approach to copy table data is to retrieve data in one query and save the resulting records in the target database.</div>
<div>
<br /></div>
<div>
<div>
val tableNameSrc = "TABLENAME"</div>
<div>
val tableNameTrg = "TABLENAME"</div>
</div>
<div>
<div>
import java.util.Properties</div>
<div>
Class.forName("oracle.jdbc.driver.OracleDriver").newInstance(); </div>
<div>
val connectionProperties = new Properties()</div>
<div>
connectionProperties.put("user", "reader")</div>
<div>
connectionProperties.put("password", "reader_password")</div>
<div>
connectionProperties.put("driver", "oracle.jdbc.driver.OracleDriver") </div>
<div>
val jdbc_url = s"jdbc:oracle:thin:@//sourceIP:1521/sourceSID"</div>
<div>
val targetUrl = s"jdbc:oracle:thin:@//targetIP:1521/targetSID"</div>
<div>
val dataTable = spark.read.jdbc(jdbc_url, tableNameSrc, connectionProperties)</div>
<div>
val props = Map( "user" -> "writer",</div>
<div>
"password" -> "writer_password",</div>
<div>
"batchsize" -> "5000",</div>
<div>
"driver" -> "oracle.jdbc.driver.OracleDriver")</div>
<div>
val propsP = new java.util.Properties()</div>
<div>
props foreach { case (key,value) => propsP.put(key, value)}</div>
<div>
dataTable.write.mode(org.apache.spark.sql.SaveMode.Append).jdbc(targetUrl,tableNameTrg,propsP)</div>
</div>
<div>
<br /></div>
<div>
This method queries the entire table data in one go. This would work well if the JVM's memory limit is larger than required memory to load the entire table data. And of course there is some overhead required by Spark itself. If the data is quite large, we will find JVM hangs trying to garbage collect memory or JVM crashed with OutOfMemoryException.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Partitioning By Primary Key Range</h3>
<div>
Another approach is making use of the fact that access to table row using primary key is quite fast, and Spark is able to partition the query data using given clauses. However there is a caveat : the primary key (or any indexed column) should be numeric and we have upper bound and lower bound for the column. This normally would apply if we are using mysql tables using distinct singular primary key. But in the author's case we are not allowed to add arbitrary column to an already large table in oracle that have no numeric indexed field, so we cannot use this approach.</div><div><br /></div><h3 style="text-align: left;">Partitioning By ROWID</h3><div>In Oracle database, ROWID is a pseudo-column that describes a row's location in the physical datafile. </div><div>Excerpt from <a href="https://www.orafaq.com/wiki/ROWID">https://www.orafaq.com/wiki/ROWID</a> :</div><div><p style="background-color: white; font-family: sans-serif; font-size: 12.7px; margin: 0.4em 0px 0.5em;">The <a href="https://www.orafaq.com/wiki/Oracle_8" style="background: none; color: #002bb8; text-decoration-line: none;" title="Oracle 8">Oracle 8</a> format is on 10 bytes:</p><ul style="background-color: white; font-family: sans-serif; font-size: 12.7px; list-style-image: url("data:image/gif;base64,R0lGODlhBQANAIAAAGOMnP///yH5BAEAAAEALAAAAAAFAA0AAAIJjI+pu+APo4SpADs="); list-style-type: square; margin: 0.3em 0px 0px 1.6em; padding: 0px;"><li style="margin-bottom: 0.1em;">bits 1 to 32 (bytes 1 to 4): data object id (0-4294967295)</li><li style="margin-bottom: 0.1em;">bits 33 to 44 (byte 5 and half byte 6): file number inside the tablespace (0-4095)</li><li style="margin-bottom: 0.1em;">bits 45 to 64 (half byte 6 and bytes 7 and 8): block number inside the file (0-1048575)</li><li style="margin-bottom: 0.1em;">bits 65 to 80 (bytes 9 and 10): row number inside the block (0-65535)</li></ul></div><div>The key take is that querying a table using ROWID is the same as querying the table using primary key, regardless the fact that the table doesn't have any primary key (you would be surprised) or the table having a composite primary key. Experiment using explain plan to check the validity of this conjecture :).</div><div>In this approach, table are first be queried in entirely to get rows block numbers :</div><div>(note that the base64 format of ROWID is <span style="background-color: white; font-family: sans-serif; font-size: 12.7px;">OOOOOOFFFBBBBBBRRR</span>)</div><div><div>%spark</div><div>val tableName="owner.tablename"</div><div>val theTable = spark.read.jdbc(url, "( select /*+ PARALLEL(8) */ SUBSTR(ROWID,1,15) PREFIX,SUBSTR(MIN(ROWID),1,64) MINR,SUBSTR(MAX(ROWID),1,64) MAXR from "+tableName+" GROUP BY SUBSTR(ROWID,1,15)) ",props)</div><div>var rekap1 = theTable.rdd.collect()</div><div>rekap1.length</div></div><div>Or, we may want to group neighboring blocks together, because we don't want too much of block overhead from spark processing : </div><div><div><div>%spark</div><div>val tableName="owner.tablename"</div><div>val theTable = spark.read.jdbc(url, "( select /*+ PARALLEL(8) */ SUBSTR(ROWID,1,13) PREFIX,SUBSTR(MIN(ROWID),1,64) MINR,SUBSTR(MAX(ROWID),1,64) MAXR from "+tableName+" GROUP BY SUBSTR(ROWID,1,13)) ",props)</div><div>var rekap1 = theTable.rdd.collect()</div><div>rekap1.length</div></div></div><div><br /></div><div><br /></div><div>The length field shows how many partitions the entire table will be split. It is better to keep this number under 1000 by changing the digits we take from ROWID.</div><div><br /></div><div>Afterwards, define which columns we want to copy (just use tablename.* instead of COL1 COL2 etc if we want all columns) :</div><div><br /></div><div><div>%spark</div><div>rekap1.length</div><div>var clauses10 = rekap1.map( x => "ROWID BETWEEN '" + x(1) + "' AND '" + x(2) +"' ").take(2)</div><div>val tableNameXt = "( SELECT COL1, COL2,COL3, ROWID ROWID1 FROM owner.tablename) T"</div><div>val dataTable = spark.read.jdbc(url, tableNameXt, clauses10 , props).drop("ROWID1").show</div></div><div><br /></div><div>After ensuring we got all the columns queried using the above paragraph, proceed with the whole copying :</div><div><div>%spark</div><div>var clauses= rekap1.map( x => "ROWID BETWEEN '" + x(1) + "' AND '" + x(2) +"' ")</div><div>val wData = spark.read.jdbc(url, tableNameXt, clauses , props).drop("ROWID1").write.mode(org.apache.spark.sql.SaveMode.Append).jdbc(url, tableNameTrg,props)</div></div>
<div>
<br /></div><div><br /></div><div>The last paragraph could be altered using Spark Warehouse table as a destination : </div><div><br /></div>
<div>
<div>%spark</div><div>var clauses= rekap1.map( x => "ROWID BETWEEN '" + x(1) + "' AND '" + x(2) +"' ")</div><div>val wData = spark.read.jdbc(url, tableNameXt, clauses , props).drop("ROWID1").write.saveAsTable("LOCALTABLENAME")</div></div><div><br /></div><div>So the approach can be used both for copying a table from one oracle database to another and also to extract some Oracle table to Spark's internal warehouse.</div>
</div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-30304673000812667492023-06-03T20:02:00.007-07:002023-06-03T20:29:07.874-07:00Automating tasks using Python for sending files through SFTP<div style="text-align: left;">Scheduled background tasks are a staple of IT world. For example, some things (programs) should be done in a certain time in each day, or some procedure should be run a few times in an hour. In this we will discuss how to send a file to another server using SFTP.</div><h3 style="text-align: left;">Crontab</h3><div>Most of the time, background tasks are triggered using UNIX-like crontab, there are some alternatives as well but lets say it is out of current post's scope. The crontab entry usually calls a shell script that in its own triggers other program, such calling a web site using wget or curl, or invoking application command (php yiic commandname). </div><div>The existing crontab entry for sending the file to another server uses a shell script to prepare the files, create control files, and sending them across the network using sshpass with input redirection.</div><div><br /></div><h3 style="text-align: left;">The Challenge</h3><div>The problem we're facing is that sometimes the remote server doesn't respond normally. The cause is still unknown, and after getting incomplete files in the remote end usually we ends up resending them (which means there is some business consequences of late processing). There is a probability that network issue is the culprit. In the application side in other hand, the shell script doesn't do retry until about 2 hours later.</div><h3 style="text-align: left;">Transforming to Python</h3><div>The idea is that the retry should be done as soon after error message is being detected. Because the author has limited capability in enhancing shell script logic, the author choose to create a python script to do exception handling and retry.</div><div>Before coding the solution in python, a due diligence is in order to find out which python library could be used to do the task at hand (i.e. sending a file using SFTP protocol). At first the author tried to use SCPClient in scp package (<a href="https://github.com/jbardin/scp.py">https://github.com/jbardin/scp.py</a> / <a href="https://pypi.org/project/scp/">https://pypi.org/project/scp/</a>), but finds out that the remote server blocks SCP functionality and there are no function are provided to check existence a file in the remote or gather remote file size. Then finally the author check the Paramiko sFTP capability ( <a href="https://docs.paramiko.org/en/stable/api/sftp.html">https://docs.paramiko.org/en/stable/api/sftp.html</a> ) and decided to use it. To install the paramiko sftp use this command : </div><div><iframe src="https://pastebin.com/embed_iframe/tS8JzzWD" style="border: none; width: 100%;"></iframe></div><div><br /></div><h3 style="text-align: left;">The new automated task using Python</h3><div>The new python code does the equivalent process of sending the file using SFTP, and do it 5 times in a loop, with the code detecting if the file already exists in the remote server with the equivalent size, and breaking the loop if that is the case. Exception handling wrapped the process, ensuring any error will result the python code still in command (and not exiting the python script). Please refer to this Gist URL : <a href="https://gist.github.com/yudhiwidyatama/f6cf9a00b6d2edd4a040ecc95098991a">https://gist.github.com/yudhiwidyatama/f6cf9a00b6d2edd4a040ecc95098991a</a></div><div><br /></div><h3 style="text-align: left;">Aftermath</h3><div>The resulting information log lines from the python script shows that sometimes the remote server not responding, and after about 3x tries it would reconnect and proceed the process. The 5x retry somehow still suffice, and more thorough investigation will be needed because the failure rate is quite high.</div><div><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-63479035615551802102023-02-11T17:10:00.011-08:002023-02-12T18:57:24.158-08:00Tips using HMC for VMWare Users<p> Creating a Virtual Machine is a necessary step of most of software development process. The reason is that we want to optimalise our hardware use, to isolate one application instance from another application instance running in the same hardware. For that purpose I recently tried to create a VM instance in an IBM machine, a PowerVM. Creating such VM is quite different than creating such VM in VMWare, and this post will show some tips when facing challenges creating a PowerVM.</p><h3 style="text-align: left;">HMC Console</h3><div>First, we need to access HMC (Hardware Management Console), which is the interface from where we configure our hardware and logical partitions. One HMC could manage more than one system (which stands for a single box of server hardware). Choose Resource >> All Systems to get an overview of which systems are available to manage.</div><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7aD253PuIj3wzQ5ODXt2Jb4wGl6Q44BuaBLyusKwUy8iCxBY5XFN4n5xox2kp5jAGHz1RdnW-pBoQfysSRCCrnQSGYsslcQASUKwOxaUmy8M4p94hWviFsZ5ECFeldT-zBpX1lsLvA6yW1b8ups77UuUnhImVeJOxYBmy7XVPv6enKpXewVPQ4zhM5Q/s702/Image%202023-02-12%2007-33-51.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="660" data-original-width="702" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7aD253PuIj3wzQ5ODXt2Jb4wGl6Q44BuaBLyusKwUy8iCxBY5XFN4n5xox2kp5jAGHz1RdnW-pBoQfysSRCCrnQSGYsslcQASUKwOxaUmy8M4p94hWviFsZ5ECFeldT-zBpX1lsLvA6yW1b8ups77UuUnhImVeJOxYBmy7XVPv6enKpXewVPQ4zhM5Q/s320/Image%202023-02-12%2007-33-51.png" width="320" /></a></div><br /><div><br /></div><div><br /></div><div>From the HMC we could create a new Logical Partition.</div><div>The menu path is : Resource >> All Systems >> [ choose system ], then by clicking on Create Partition we could provide the amount of CPU core and memory to be allocated for the new Logical Partition.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi-6FRO1mMIAPXQacjhBfKzJoWlTHD6u1NqkdCUXCp7Yj7quM7z-w4kzwY4ivZLtQYKwquuIn0udRKR-PvDUT3cNYffcClzJWVYJyQjPJHM5zAHggCXwf8bAKMjI8DdtT8rNRlE05cml5U-0BtnoXacwCd08fGQQKfL60cIEh60VfqZGfVDGqIhn9gLg/s1918/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-14-29.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1136" data-original-width="1918" height="381" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi-6FRO1mMIAPXQacjhBfKzJoWlTHD6u1NqkdCUXCp7Yj7quM7z-w4kzwY4ivZLtQYKwquuIn0udRKR-PvDUT3cNYffcClzJWVYJyQjPJHM5zAHggCXwf8bAKMjI8DdtT8rNRlE05cml5U-0BtnoXacwCd08fGQQKfL60cIEh60VfqZGfVDGqIhn9gLg/w640-h381/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-14-29.png" width="640" /></a></div><br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAcFJV08c-a6V_O38Zmnes2hqDopZ-qv37VoFVYTlcHUL7P1suxL9jymeoRRMIPjtioy-uKqXCiIHyL6MY-pJ2hnzrUk50ztFnMm4taDz2RBsezCVNYUsFtxwZDcCaAeigms3SBS_AFZtmmerqvRyUvVBkoAfU6iJc0rvnjIUoKOwg0K0Z7RmLqds_nw/s1406/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-19-48.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1146" data-original-width="1406" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAcFJV08c-a6V_O38Zmnes2hqDopZ-qv37VoFVYTlcHUL7P1suxL9jymeoRRMIPjtioy-uKqXCiIHyL6MY-pJ2hnzrUk50ztFnMm4taDz2RBsezCVNYUsFtxwZDcCaAeigms3SBS_AFZtmmerqvRyUvVBkoAfU6iJc0rvnjIUoKOwg0K0Z7RmLqds_nw/s320/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-19-48.png" width="320" /></a></div><div><br /></div><br /><div><br /></div><h3 style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Fo_w_E-Yjhngb_-V9wR4qHUlcpbiTt6lnmGIc413Svz6eRgHAv0fA3JfoNGrzpnU0x-xG1zhbVfpXeqkxKN_tz8AuZlQX8K2YfzolqksBo159wrn-9I9yDaBbVQShwfxEeoyyR6mFgLzutnIpvBNpPG-1aF40D1DwT8GV5m-VhnVTZL8C70KoUSQ_A/s1408/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-21-23.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1122" data-original-width="1408" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Fo_w_E-Yjhngb_-V9wR4qHUlcpbiTt6lnmGIc413Svz6eRgHAv0fA3JfoNGrzpnU0x-xG1zhbVfpXeqkxKN_tz8AuZlQX8K2YfzolqksBo159wrn-9I9yDaBbVQShwfxEeoyyR6mFgLzutnIpvBNpPG-1aF40D1DwT8GV5m-VhnVTZL8C70KoUSQ_A/s320/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-21-23.png" width="320" /></a></div><div style="text-align: left;"><span style="font-weight: normal;">The resource that could be allocated are limited by resources that are not yet allocated to other partition in the system. Setting minimum and maximum to the same value will disable dynamic resource reallocation, it is better to set two different number here to allow reallocation.</span></div><div style="text-align: left;"><br /></div>(Almost) Everything is thru VIO</h3><div>HMC doesn't stand alone, there is a quite separation between HMC console and VIO console, which we would not find when using VMWare. Most access from outside world to the VM or Logical Partition is thru the VIO. Disk access are provided through VIO, and Network access are also going thru VIO. When attaching a disk, we need to have a client-server pair of virtual scsi adapter, the first is server virtual scsi adapter in VIOS, and the second is the client virtual scsi adapter in the client partition. The creation of such pair is normally automatic and became part of operations in the HMC such as optical drive creation or attaching new disk, be aware that mismatch between the pair resulted in strange bugs. For example, when creation of server part of the pair success but the creation of client part failed because the client scsi slot numbers were exhausted.</div><div><br /></div><h3 style="text-align: left;">Configuring Disks</h3><div>When the disk are already configured and available for use (which requires access to storage controller and managing the disks there), we could add the storage from the Virtual Storage view inside the Partition view. The menu path is : Resource >> All Partitions >> [ choose partition ] >> Virtual Storage.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbtrNX6Y15beV8CYCT7KDbNJWKszAmYYb4zS0MvE8w2-wIfPu1mMCUnmrQHL_szwIO2idiKt_6v9ctA85wBXTrt3mta8ywoYR_3gth_VrHK1h7BACE4FScs5Ukf2Q9j3ThaKbMUund2Y_Vpbji6MG2y1vJ4p3qfZxe_Vpl0jd0Mav6Yj2YL9FEU2gwnw/s2346/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-27-39.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1274" data-original-width="2346" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbtrNX6Y15beV8CYCT7KDbNJWKszAmYYb4zS0MvE8w2-wIfPu1mMCUnmrQHL_szwIO2idiKt_6v9ctA85wBXTrt3mta8ywoYR_3gth_VrHK1h7BACE4FScs5Ukf2Q9j3ThaKbMUund2Y_Vpbji6MG2y1vJ4p3qfZxe_Vpl0jd0Mav6Yj2YL9FEU2gwnw/w640-h347/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-27-39.png" width="640" /></a></div><br /><div><br /></div><div>Tips : be sure to click the Edit connection and choose the existing adapter, otherwise each operation will add a new virtual Scsi adapter and the slots for the adapters will be full in no time. The first time we add storage or optical drive, a new adapter should be created by not configuring the connection, but for other times we should configure the connection to minimize adapter creation. </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkI-DogVsBZ0BufK91tVyLvF0-8I2OvoEUrPDuYlrbZfMI4JBi2jpovL4qk3o9dHUQR-dQ5o_wrhar_0xdGNWEvvDXobTifEaOemT46RmTBNj-1LoE-KHU7FvzHw_Tlv6lAGedu7US0fKR42mIqQwn0DYkV2Nnfr66rIcmVQ9emnq-bAYjXsqOzExpJw/s1791/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-32-13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="868" data-original-width="1791" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkI-DogVsBZ0BufK91tVyLvF0-8I2OvoEUrPDuYlrbZfMI4JBi2jpovL4qk3o9dHUQR-dQ5o_wrhar_0xdGNWEvvDXobTifEaOemT46RmTBNj-1LoE-KHU7FvzHw_Tlv6lAGedu7US0fKR42mIqQwn0DYkV2Nnfr66rIcmVQ9emnq-bAYjXsqOzExpJw/w640-h310/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-32-13.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWq-TV-DHiLtP3p8RTmeq2HvAms8iRdQI0K6ci4PKH3S9ptj_cvgckp_tj3cDEwAHsP4sH_RuI4ihZE-4z8_dE9VF48yUTs_Pl0SZqj22la0GzyIbxkQznYcqnKSfq9MTsZWpcRFUsyDFDVXxDb75eIsEPhQeQ7-1LfdfHG83SKaKvAcLErAgEJBrMiQ/s1290/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-35-41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="988" data-original-width="1290" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWq-TV-DHiLtP3p8RTmeq2HvAms8iRdQI0K6ci4PKH3S9ptj_cvgckp_tj3cDEwAHsP4sH_RuI4ihZE-4z8_dE9VF48yUTs_Pl0SZqj22la0GzyIbxkQznYcqnKSfq9MTsZWpcRFUsyDFDVXxDb75eIsEPhQeQ7-1LfdfHG83SKaKvAcLErAgEJBrMiQ/s320/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-35-41.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div><br /></div><div><br />I should warn that while I were using HMC, errors when creating adapter result in mismatch between HMC's adapters and VIO's adapter connection, which in my case I could only resolve by going into command-line-interface level.</div><div><br /></div><h3 style="text-align: left;">Creating Virtual Optical Device</h3><div>From the tab 'Virtual Optical Device', we could create a new one (virtually). Choose Add Virtual Optical Device button.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif5vDIW6OK1mA6n14IGyE538yso2Tjn-DT_E7r99cKWzPV7_nHT-dNpABNMVu-E1JJHwm78dwUg-cWituoIgCpsEQr5uBxJCbjCki1-6SSec8Qrm3Qvt0CkI5z-krHXYTiq1_r26mCDlUIwNrl2WxrLv2RPwZ1GFwOlONrxcs_8BWKNEdNi87G4IjbkQ/s1006/localhost%20%7C%20Hardware%20Management%20Console%202023-02-12%2000-27-31.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="626" data-original-width="1006" height="199" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif5vDIW6OK1mA6n14IGyE538yso2Tjn-DT_E7r99cKWzPV7_nHT-dNpABNMVu-E1JJHwm78dwUg-cWituoIgCpsEQr5uBxJCbjCki1-6SSec8Qrm3Qvt0CkI5z-krHXYTiq1_r26mCDlUIwNrl2WxrLv2RPwZ1GFwOlONrxcs_8BWKNEdNi87G4IjbkQ/s320/localhost%20%7C%20Hardware%20Management%20Console%202023-02-12%2000-27-31.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYWSZy1iKiOVJhIDmaFBTBXnx9Zh7V3V5XDKg5f1N6LKAI3Wla7SxvspxGiDW5pwhLUzB4UlfCjLSMJ_bDuwl8xtZ4i4uIhy6geuQUw05hZx_Z02CdvOp116svrI3NJasoKO1lg-3vCMld5RuQ6J7DU8UfqQXQJTXpM7BeQPGAIu9XZKEZhdW-lytsmQ/s1304/localhost%20%7C%20Hardware%20Management%20Console%202023-02-12%2000-28-19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="874" data-original-width="1304" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYWSZy1iKiOVJhIDmaFBTBXnx9Zh7V3V5XDKg5f1N6LKAI3Wla7SxvspxGiDW5pwhLUzB4UlfCjLSMJ_bDuwl8xtZ4i4uIhy6geuQUw05hZx_Z02CdvOp116svrI3NJasoKO1lg-3vCMld5RuQ6J7DU8UfqQXQJTXpM7BeQPGAIu9XZKEZhdW-lytsmQ/s320/localhost%20%7C%20Hardware%20Management%20Console%202023-02-12%2000-28-19.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>Please ensure the checkbox 'Use existing adapters' is being checked, and choose the server adapter IP in the left of such textbox.<br /><div><br /></div><h3 style="text-align: left;">Accessing the VIO from the HMC</h3><div>From the HMC, some settings (the ISO to virtual optical device mapping) could be found only when we access virtual storage from the System view, not the Logical Partition view. This could be a bug in our system tough. The menu path is : Resources >> All Systems >> [ choose system ] >> Virtual Storage. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBQPgAh8AFvWJKn5eG1lgOEPCWERU8A_ZZRD78UeQw-eX1E_UnC14HFfZqP5y5JkIa1xs2ZSj3HAOUtS3ijNLD7vUFwXRJQ-Ea0xxlmZkjTj_yZbUjAaisiNMtCDnZ2IL5bIRTomN99G_bmvEkRx0xnPOoL5paQCLcPIdrzLDNq6zXa2X-SXN4pOOuw/s1738/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-40-41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1152" data-original-width="1738" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHBQPgAh8AFvWJKn5eG1lgOEPCWERU8A_ZZRD78UeQw-eX1E_UnC14HFfZqP5y5JkIa1xs2ZSj3HAOUtS3ijNLD7vUFwXRJQ-Ea0xxlmZkjTj_yZbUjAaisiNMtCDnZ2IL5bIRTomN99G_bmvEkRx0xnPOoL5paQCLcPIdrzLDNq6zXa2X-SXN4pOOuw/w400-h265/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-40-41.png" width="400" /></a></div><br /><div><br /></div><div>From there, choose the VIO server radio button, click on the Action button, and then click on the Manage Virtual Storage menu.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp6bGTEpZzCxOCLzYd0F1P3sFE9xirxW-WDZxjXAJBYNcwu9p4HJJkCbZl_9xofsRYK97rLiFly4fG-1IFc5CHNjFXGwPR_ho5mXVE4fBW9rglCv9HuWJfR-x95PaV7qhAb5CHO9l3C2dYe0KRJNkvyy9D-IStgEThBEuoX_ZUuOa6m_rW1LUDJ_S-UQ/s1586/localhost:%20Virtual%20Storage%20Management%202023-02-11%2023-43-41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1384" data-original-width="1586" height="349" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp6bGTEpZzCxOCLzYd0F1P3sFE9xirxW-WDZxjXAJBYNcwu9p4HJJkCbZl_9xofsRYK97rLiFly4fG-1IFc5CHNjFXGwPR_ho5mXVE4fBW9rglCv9HuWJfR-x95PaV7qhAb5CHO9l3C2dYe0KRJNkvyy9D-IStgEThBEuoX_ZUuOa6m_rW1LUDJ_S-UQ/w400-h349/localhost:%20Virtual%20Storage%20Management%202023-02-11%2023-43-41.png" width="400" /></a></div><div>This place is where for assigning the ISO to virtual optical devices in each partition.</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz5X_x8Z4vMhS1lHsn2csyFfhRCJAloSZoByt2YpFT1D-xJKe0yb_Pu4SbPZV_GZRU-dv3hKqvAk3BYJuzyYENOaLosaen9dWDzLXjAkSSA5LdjgHVAlLfTb2mNnUYtSmCcx3rUYkx-PWesboxaJnez6hk7kDg9b4WOmSKAV7BCuMT0tLt8DdnB352IA/s648/Screen%20Shot%202023-02-11%20at%2011.45.14%20PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="526" data-original-width="648" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz5X_x8Z4vMhS1lHsn2csyFfhRCJAloSZoByt2YpFT1D-xJKe0yb_Pu4SbPZV_GZRU-dv3hKqvAk3BYJuzyYENOaLosaen9dWDzLXjAkSSA5LdjgHVAlLfTb2mNnUYtSmCcx3rUYkx-PWesboxaJnez6hk7kDg9b4WOmSKAV7BCuMT0tLt8DdnB352IA/s320/Screen%20Shot%202023-02-11%20at%2011.45.14%20PM.png" width="320" /></a></div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div style="text-align: left;">Put a check box to mount the ISO image into a specific virtual optical device inside a logical partition. Be aware that checking along the lines of 'New Virtual Optical Device' will create a new Virtual Optical Device attached to the LPAR's existing virtual SCSI adapter.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigAG81iV33mv04jFhuSaltPQpNbetRIkDMuvKUirB35P6eE-DQ_Sj4WhZQ7ukoiNv4654UA5eki3cU8xclIkX3B9LVDvAQdPIZndKPZn8ihHflVqyxum_xgBT6GCvp_UXWa3uhJ3m41RoXB7Gg1e9FV6DUquF5aqr78TP0Z0fagJkhjhirrsQfIuj7Ag/s1614/localhost:%20Virtual%20Storage%20Management%202023-02-11%2023-51-37.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="574" data-original-width="1614" height="229" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigAG81iV33mv04jFhuSaltPQpNbetRIkDMuvKUirB35P6eE-DQ_Sj4WhZQ7ukoiNv4654UA5eki3cU8xclIkX3B9LVDvAQdPIZndKPZn8ihHflVqyxum_xgBT6GCvp_UXWa3uhJ3m41RoXB7Gg1e9FV6DUquF5aqr78TP0Z0fagJkhjhirrsQfIuj7Ag/w640-h229/localhost:%20Virtual%20Storage%20Management%202023-02-11%2023-51-37.png" width="640" /></a></div><br /><div style="text-align: left;"><br /></div><h3 style="text-align: left;">The Profile</h3><p>The UI for the Logical Partition's Profile is also quite hidden, and it is frankly very important. In the profile is the only place I was able to configure the virtual ethernet adapter being deployed in the VM. The IBM documentation for configuring virtual ethernet adapter seems to require the dynamic partition capability to be active, which it were not in my system. So in my case what I do is :</p><p></p><ol style="text-align: left;"><li>Save current configuration into a new profile</li><li>Add the virtual ethernet adapter from the profile's edit menu</li><li>Activate the new profile</li></ol><div>The menu path is : Resources >> All Partitions >> [ choose partition ] >> Partition Actions >> Profiles.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivJ_t1M8gy3DKScLFTOF4fyjUlFfg-wbCkGisAJGvqydBKie_FtlG2xJzZrSkEXZLnCEmzi1IxTaGifoqjPeO3KfBDngH28-fns6J__dYy-11rI5kZ-n0B4lAW-oQ-U3KnRNscRdyGDvJaUZ8IYmbtnkFE4ccOpkOsGl_Bgd_nGKRT9JDdzIqIlHCWiA/s1768/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-59-59.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1280" data-original-width="1768" height="464" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivJ_t1M8gy3DKScLFTOF4fyjUlFfg-wbCkGisAJGvqydBKie_FtlG2xJzZrSkEXZLnCEmzi1IxTaGifoqjPeO3KfBDngH28-fns6J__dYy-11rI5kZ-n0B4lAW-oQ-U3KnRNscRdyGDvJaUZ8IYmbtnkFE4ccOpkOsGl_Bgd_nGKRT9JDdzIqIlHCWiA/w640-h464/localhost%20%7C%20Hardware%20Management%20Console%202023-02-11%2023-59-59.png" width="640" /></a></div><br /><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhamnMkaykgDyzOGhuRR2HXgHgqO2V50mj8rpZaTMJALrq0sIR6r9kMi9Jl-uNo6xDVVlGxB9R_PkjueYonfGjC5Opj-rNImF3ApmwYuC5A3q5TgyFOqlAF_EnX_EARrgn1AcSun5eT5dq7L2xQE6mu_2sTKZ1-ea-0SrPBPHXkHfxC0yXkAVMbTRJHBg/s1078/localhost:%20Manage%20Profiles%202023-02-12%2000-04-13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="608" data-original-width="1078" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhamnMkaykgDyzOGhuRR2HXgHgqO2V50mj8rpZaTMJALrq0sIR6r9kMi9Jl-uNo6xDVVlGxB9R_PkjueYonfGjC5Opj-rNImF3ApmwYuC5A3q5TgyFOqlAF_EnX_EARrgn1AcSun5eT5dq7L2xQE6mu_2sTKZ1-ea-0SrPBPHXkHfxC0yXkAVMbTRJHBg/s320/localhost:%20Manage%20Profiles%202023-02-12%2000-04-13.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;">Choose the profile to be edited ( the profile should be different with the one currently active).</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHBOABJdn4hzTQY-KGEhpI_BXBdU8Fetv5UqSycRgmOYEbY3MdpGx-Q9TR14jFR-JCXY4QgpPqrHLKtL0mGPBHpu31XPwCs9QONQMJCCOVH_g8FhG_S3pryhNIkxYAnvJVngx2hxhrGcBgJNfJXCe8rVoVbNHrmxPQw9EOCTEm1JbdTxyHcWacpT7Zkg/s1386/localhost:%20Manage%20Profiles%202023-02-12%2000-06-50.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="972" data-original-width="1386" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHBOABJdn4hzTQY-KGEhpI_BXBdU8Fetv5UqSycRgmOYEbY3MdpGx-Q9TR14jFR-JCXY4QgpPqrHLKtL0mGPBHpu31XPwCs9QONQMJCCOVH_g8FhG_S3pryhNIkxYAnvJVngx2hxhrGcBgJNfJXCe8rVoVbNHrmxPQw9EOCTEm1JbdTxyHcWacpT7Zkg/s320/localhost:%20Manage%20Profiles%202023-02-12%2000-06-50.png" width="320" /></a></div>Afterwards use the Actions menu for further configuration..<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJ3q9XXX9MZZmqpTrO7JMQg2A-P48WNtvFxEBBvFM_whlUO7Yr_UJAfCag6pCqbkzjMiaK25RSCEc0QmPs74dZ21kc0-az3ynJ0aSheJEekkpFPgbdLdIbfYhnSjjSejGW0u1aiPbAeyzB0Yna-MguTe2cvKHKaRxxFIYnFhl2JqLDkdhQOXM7IgfudA/s1284/Screen%20Shot%202023-02-12%20at%2012.07.36%20AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="964" data-original-width="1284" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJ3q9XXX9MZZmqpTrO7JMQg2A-P48WNtvFxEBBvFM_whlUO7Yr_UJAfCag6pCqbkzjMiaK25RSCEc0QmPs74dZ21kc0-az3ynJ0aSheJEekkpFPgbdLdIbfYhnSjjSejGW0u1aiPbAeyzB0Yna-MguTe2cvKHKaRxxFIYnFhl2JqLDkdhQOXM7IgfudA/s320/Screen%20Shot%202023-02-12%20at%2012.07.36%20AM.png" width="320" /></a></div><br /><p>Then we could create new ethernet adapters. The profile stores all adapters that will exist when the partition is running. Be mindful that the VLAN id is configured here.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEIOsjfrvVvmqidZi_qokeo_Ko6gH2Akr41OC0Yt6ZHoPsuAv2tQBpgI2YPKES8r4v4uoFtmuYu59lXKCUr9z9ei647A-DcnSfGvyZGNVwHw7y0DaRXcuafmmw2aplIfUJdXgfT1kLHiYkhskyNA15H0pfwf1vUoHgSwl22rZvJJMjyDlzjGwiTfwiIQ/s1076/localhost:%20Manage%20Profiles%202023-02-12%2000-20-24.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="740" data-original-width="1076" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEIOsjfrvVvmqidZi_qokeo_Ko6gH2Akr41OC0Yt6ZHoPsuAv2tQBpgI2YPKES8r4v4uoFtmuYu59lXKCUr9z9ei647A-DcnSfGvyZGNVwHw7y0DaRXcuafmmw2aplIfUJdXgfT1kLHiYkhskyNA15H0pfwf1vUoHgSwl22rZvJJMjyDlzjGwiTfwiIQ/s320/localhost:%20Manage%20Profiles%202023-02-12%2000-20-24.png" width="320" /></a></div><br /><p><br /></p><div class="separator" style="clear: both; text-align: left;">To activate the new profile, the partition needs to be shutdown first.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><h3 style="text-align: left;">Accessing the Partition's Console</h3><div>A newly created partition, usually are not yet accessible from the network. First we need to install the OS and configure IP address for the partition. To do this, access to the console's screen (monitor) is required. In VMWare, we configure VGA adapter for the VMs, and the virtualized adapter display is accessible from the VMWare console / vSphere. For HMC, the similar thing exists, but instead of virtualized display we get a virtualized terminal. Accessing the terminal sooner is better, because text that were printed before we connect were lost and would not be visible.</div><div><br /></div><h3 style="text-align: left;">Method 1 - Access from vtmenu</h3><div><ol style="text-align: left;"><li>Connect HMC using ssh Terminal. The ssh password should be the same as HMC Web Console password.</li><li>In the ssh prompt, type <br />vtmenu</li><li>From vtmenu, we could choose which partition to connect the virtual terminal to.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxz4ITxVRooI-hCLNj1RYj4Dmmg4il5x1YTbbGkud1WySu4ONEbJtzbdVDb1dtk7GF6QRDyXowcevjOJ89I3TGM2rAvfgHa954M2oDaLlFUC33iP_AP73ke1mes37BvVj0iyLqRrsx6qUcOgX64g_xvdRlsMysur9_CLLvPelBuRRyFTK_C-ESnejs_A/s898/vtmenu.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="708" data-original-width="898" height="315" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxz4ITxVRooI-hCLNj1RYj4Dmmg4il5x1YTbbGkud1WySu4ONEbJtzbdVDb1dtk7GF6QRDyXowcevjOJ89I3TGM2rAvfgHa954M2oDaLlFUC33iP_AP73ke1mes37BvVj0iyLqRrsx6qUcOgX64g_xvdRlsMysur9_CLLvPelBuRRyFTK_C-ESnejs_A/w400-h315/vtmenu.png" width="400" /></a></div><br /></li><li>To exit the connection, type ~~. (tilde-tilde-dot).</li></ol></div><h3 style="text-align: left;">Method 2 - Access from JNLP Java App Launched from HMC Console</h3><div>This method requires installation of Java JDK 8 on local system. If you are using Windows, just install Oracle JDK 8 from <a href="https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html.">https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html.</a> In my case, I was using a MacBook, with Open JDK 8 Temurin (<a href="https://adoptium.net/temurin/releases/?version=8">https://adoptium.net/temurin/releases/?version=8</a>), which doesn't have JNLP capabilities. The reason is that Oracle changed the license for Oracle JDK to be non-free, so it is better to use Temurin. In order to run JNLP, I downloaded IcedTea Portable zip from <a href="https://adoptopenjdk.net/icedtea-web.html">https://adoptopenjdk.net/icedtea-web.html</a> , move it to a path that not contain any spaces, then extracted the zip. </div><div><br /></div><div>From the HMC Console, access the partition console menu using Resources >> All partitions >> [choose partition] >> Partition Actions >> Console .</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSTnC4_lbNc83_gPxToJjQOcWCenm1EYhoFdFe85LgwtTTqFffJpcEyDSV67eocJXRNQ5H2GYOrxTurBjaOLefZ0i0IzPVm1xaHYA6Slp08AozA9c8O091dKKIGOBClqM3fm20BSAeT3UYqgGhpm6Kr-h3zhPWtECjHa42oS1QELmUzSI7hxuOgft-QA/s832/Image%202023-02-12%2007-33-26.png" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="710" data-original-width="832" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSTnC4_lbNc83_gPxToJjQOcWCenm1EYhoFdFe85LgwtTTqFffJpcEyDSV67eocJXRNQ5H2GYOrxTurBjaOLefZ0i0IzPVm1xaHYA6Slp08AozA9c8O091dKKIGOBClqM3fm20BSAeT3UYqgGhpm6Kr-h3zhPWtECjHa42oS1QELmUzSI7hxuOgft-QA/s320/Image%202023-02-12%2007-33-26.png" width="320" /></a></div><div></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg47yIYmLQBXl1qWjOS4FZX_O9zS6aocsYuhFxwOQd4HCkcx2CDOIKn-s2mHjds8wrXswZIQcSxPBfrhHs6NjDXI9mmVqCZgxAJAFu-XC4_lyZCc3l42kfDjnYrLVVDNVeIifuDRt7CfzoVhIRz3WTrp1ZV04fpU2rHh_A8yWlRQ3WeQy6nKBzzxbgIcA/s968/Image%202023-02-12%2007-37-48.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="968" data-original-width="858" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg47yIYmLQBXl1qWjOS4FZX_O9zS6aocsYuhFxwOQd4HCkcx2CDOIKn-s2mHjds8wrXswZIQcSxPBfrhHs6NjDXI9mmVqCZgxAJAFu-XC4_lyZCc3l42kfDjnYrLVVDNVeIifuDRt7CfzoVhIRz3WTrp1ZV04fpU2rHh_A8yWlRQ3WeQy6nKBzzxbgIcA/w355-h400/Image%202023-02-12%2007-37-48.png" width="355" /></a></div>By Clicking Open Terminal Window, we launch the JNLP App to Connect the virtual console. In my system, clicking this will result a jnlp file being downloaded (not run). So open up mac's Terminal, note the location of Temurin's java Home and set it in the environment variable (please check your local system's Java PATH, and change accordingly) :<div><span style="font-size: small;"><br /></span></div><div><blockquote><span style="font-size: x-small;">export JAVA_HOME=</span><span style="font-family: Menlo; font-size: small; font-variant-ligatures: no-common-ligatures;">/Library/Java/JavaVirtualMachines/temurin-8.jdk/Contents/Home/</span></blockquote><blockquote><p><span style="font-size: x-small;"><span style="font-family: Menlo; font-variant-ligatures: no-common-ligatures;">cd (location of IcedTea extract)/icedtea-web-image/bin</span></span></p><p><span style="font-size: x-small;"><span style="font-family: Menlo; font-variant-ligatures: no-common-ligatures;">./javaws.sh ~/Downloads/vterm_application_tmp\(4\).jnlp</span> </span></p><p> Note: replace jnlp file name, location of icedtea extract, and temurin home path according to the condition in your system.</p></blockquote><p></p><blockquote> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirxw_FgA4CcQacf10zUCqC2A63RrS1SSvZ-5hzURY4Uyuxd9XTh_L3i7lLzkUEiJFn8Tle96nKbCBErboTjrF_TTIYcPSZYMbRqxT91nHRrBWc6CCznmGrBimCaY9w4bG33rhYKIu5kzNzWA46RnOUszNtHaMMM_7QSjYTRG4jIdXhFwE1Ft1C4bQLEQ/s1206/JNLP%20console.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="808" data-original-width="1206" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirxw_FgA4CcQacf10zUCqC2A63RrS1SSvZ-5hzURY4Uyuxd9XTh_L3i7lLzkUEiJFn8Tle96nKbCBErboTjrF_TTIYcPSZYMbRqxT91nHRrBWc6CCznmGrBimCaY9w4bG33rhYKIu5kzNzWA46RnOUszNtHaMMM_7QSjYTRG4jIdXhFwE1Ft1C4bQLEQ/s320/JNLP%20console.png" width="320" /></a></div></blockquote><h3 style="text-align: left;">Closing Remarks and Rants</h3><div style="text-align: left;">Using the HMC, the capabilities is adequate but far from user-friendly. The separation of HMC and VIO is somewhat unnatural when comparing HMC with VMWare, but it was an unavoidable design consequence. I had spent some time in pitfalls such as when not choosing existing adapter during storage attach process, and in the result got error when the adapter slot were full, resulting somewhat corrupted partition that I try to resolve first by going command-line (and having quite adventure not captured by this post). But even by going to command-line the partition still have some quirks that I don't understand, and finally get resolved by recreating another partition from scratch. The console is quite difficult to access from a MacBook, and thats before I found out the vtmenu method. But the GRUB boot menu got corrupted in vtmenu, so I wasn't be able to choose the 'Install' menu in GRUB before switching back to JNLP-connected console. Another pitfall is I got stuck in Virtual Network section to add virtual ethernet adapter, whereas the correct location to add the adapter is in the partition profile.</div><div style="text-align: left;"><br /></div><h3 style="text-align: left;">Command line notes</h3><div><ol style="text-align: left;"><li>List system in hmc<br />lssyscfg -r sys</li><li>List lpar in hmc<br />lssyscfg -r lpar -m [system-name]</li><li>List virtual scsi adapter and connections<br />lshwres -m [system-name] -r virtualio --rsubtype scsi</li><li>Remove virtual scsi adapter <br />chhwres -m [system-name] -r virtualio -o r -p [partition-name] --rsubtype scsi -s [slot-num]</li><li>To access VIOS CLI from HMC cli<br />vtmenu<br />choose VIOS partition<br />login as VIOS prime administrator user (padmin) & password</li><li>List virtual devices in VIOS cli<br />lsdev -virtual<br /></li><li>List adapter in VIOS cli<br />lsdev -type adapter</li><li>List virtual adapter and connected virtual device mapping<br />lsmap -all</li><li>Detach virtual disk (required as prerequisite to be able to remove the virtual scsi adapter)<br />rmvdev -vdev (disk-name)</li><li>Attach virtual disk<br />mkvdev -vdev (disk-name) -vadapter (server-virtual-scsi-adapter-name)</li></ol><h3 style="text-align: left;">References</h3></div><div><ol style="text-align: left;"><li>Partitioning for Linux with an HMC <a href="https://www.ibm.com/docs/en/POWER5/iphbi_p5/iphbibook.pdf">https://www.ibm.com/docs/en/POWER5/iphbi_p5/iphbibook.pdf</a></li><li>
<!--StartFragment-->
<p lang="x-none">Virtualizing an infrastructure with System p and Linux <a href="https://www.redbooks.ibm.com/redbooks/pdfs/sg247499.pdf">https://www.redbooks.ibm.com/redbooks/pdfs/sg247499.pdf</a></p>
<!--EndFragment--></li><li><a href="https://www.ibm.com/docs/en/power9?topic=commands-chhwres">https://www.ibm.com/docs/en/power9?topic=commands-chhwres</a></li><li><a href="https://www.ibm.com/docs/en/power5?topic=POWER5/iphcx_p5/lshwres.html">https://www.ibm.com/docs/en/power5?topic=POWER5/iphcx_p5/lshwres.html</a></li><li><a href="https://www.ibm.com/docs/en/power7/9109-RMD?topic=commands-lsdev-command">https://www.ibm.com/docs/en/power7/9109-RMD?topic=commands-lsdev-command</a></li><li><a href="https://www.ibm.com/docs/en/power8/8335-GTA?topic=HW4M4/p8hat/p8hat_changeprofilep6.html">https://www.ibm.com/docs/en/power8/8335-GTA?topic=HW4M4/p8hat/p8hat_changeprofilep6.html</a></li><li><a href="https://www.ibm.com/docs/en/power9/9080-M9S?topic=networks-managing-virtual-network-connections-in-adapter-view">https://www.ibm.com/docs/en/power9/9080-M9S?topic=networks-managing-virtual-network-connections-in-adapter-view</a> </li><li><a href="https://www.ibm.com/docs/en/power8/9080-MME?topic=libraries-adding-removing-media-files-from-media-library">https://www.ibm.com/docs/en/power8/9080-MME?topic=libraries-adding-removing-media-files-from-media-library</a></li><li><a href="https://www.ibm.com/support/pages/creating-virtual-optical-drive-hmc-managed-vios-partition">https://www.ibm.com/support/pages/creating-virtual-optical-drive-hmc-managed-vios-partition</a></li><li><a href="https://www.ibm.com/support/pages/how-assign-vios-hosted-virtual-optical-device-using-new-hmc-v8-gui">https://www.ibm.com/support/pages/how-assign-vios-hosted-virtual-optical-device-using-new-hmc-v8-gui</a></li><li><a href="https://apple.stackexchange.com/questions/342943/in-macos-how-to-run-a-jnlp-file-with-openjdk-8">https://apple.stackexchange.com/questions/342943/in-macos-how-to-run-a-jnlp-file-with-openjdk-8</a></li></ol></div><div><br /></div> <p></p><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-59738755953643082872023-02-11T03:53:00.007-08:002023-02-11T03:58:25.888-08:00Displaying running PHP 7.4 stack trace on Red Hat UBI Container<p> When running a PHP application in container, sometimes we need to find out what bottleneck is impacting the app's response time. This post documents the approach to do so, but still requiring access to root user in the container. The platform where I was running the PHP app is Red Hat Openshift Community (OKD) version 3.6, which is still using docker to run containers instead of Red Hat's podman.</p><h3 style="text-align: left;">Preparation - Locating the pod and the worker node</h3><div><ol style="text-align: left;"><li>Open openshift's console home</li><li>Select your Project (namespace) containing the pod</li><li>Select Application => Pods<br /><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh07ae96TXBEHLNMCzLPe2JD20QSxkK_cyoS6ODP-jG_PADTan6tfKCj2c8B65_pGsSzJalp4d0yjRRatJIZjSG5Elrb7cGhBV2GVdOOM0f-oCmhfodt2RUD0NxjcM3v32yx7lnXmssOur6gr-jja1ohkhtGZP5XHLqJYRjujgwXiah0_6JvCbBr4S-ug/s1448/OpenShift%20Web%20Console%202023-02-11%2014-50-22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="980" data-original-width="1448" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh07ae96TXBEHLNMCzLPe2JD20QSxkK_cyoS6ODP-jG_PADTan6tfKCj2c8B65_pGsSzJalp4d0yjRRatJIZjSG5Elrb7cGhBV2GVdOOM0f-oCmhfodt2RUD0NxjcM3v32yx7lnXmssOur6gr-jja1ohkhtGZP5XHLqJYRjujgwXiah0_6JvCbBr4S-ug/w400-h271/OpenShift%20Web%20Console%202023-02-11%2014-50-22.png" width="400" /></a></div><br /></li><li>Choose your pod from the list.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDOau47uYHgn1GTzvHSF8lz-zOaKx0fiWA5SZ2GizNbu3tHh4bsA0u4rorKeZ7e_d6z1fkbFEjXkiD9BTambt4yA6KBBaQOq4NnsjCBJXXAx51ezhuKQGUaNg7i269bJlJf5sCyRiuwNlVX997HnWcXjWfpciGkeB4dFCQypKfcZE5zQ0iDvYwuvf0Ug/s1392/OpenShift%20Web%20Console%202023-02-11%2014-51-31.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1392" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDOau47uYHgn1GTzvHSF8lz-zOaKx0fiWA5SZ2GizNbu3tHh4bsA0u4rorKeZ7e_d6z1fkbFEjXkiD9BTambt4yA6KBBaQOq4NnsjCBJXXAx51ezhuKQGUaNg7i269bJlJf5sCyRiuwNlVX997HnWcXjWfpciGkeB4dFCQypKfcZE5zQ0iDvYwuvf0Ug/s320/OpenShift%20Web%20Console%202023-02-11%2014-51-31.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div></li><li>Note the worker node hosting the pod.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw27TZ0-2h0vsjHFQ8eO07XZpudOh4dS2l8N9ZUm0IPHbDjoEmKpdA_vtxfa1pjkMzlPzz4lMXxdrX0YOzWBbTxP3C3ULgPFvnk1ljVYyB4-3ptqvyPVNTROY9AHlPnGoMdWPOUqmPL7CyPfKTktW1i8_tF0EzylKcgXgRRrNx5VQsUZvKFljqKZFvUw/s1554/OpenShift%20Web%20Console%202023-02-11%2014-54-13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1330" data-original-width="1554" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw27TZ0-2h0vsjHFQ8eO07XZpudOh4dS2l8N9ZUm0IPHbDjoEmKpdA_vtxfa1pjkMzlPzz4lMXxdrX0YOzWBbTxP3C3ULgPFvnk1ljVYyB4-3ptqvyPVNTROY9AHlPnGoMdWPOUqmPL7CyPfKTktW1i8_tF0EzylKcgXgRRrNx5VQsUZvKFljqKZFvUw/s320/OpenShift%20Web%20Console%202023-02-11%2014-54-13.png" width="320" /></a></div><br /></li></ol></div><div class="separator" style="clear: both; text-align: center;"><h3 style="text-align: left;">Install php debug-info</h3><div><div style="text-align: left;">Normally, the openshift platform doesn't allow containers running as root. So are in this case, the container will be running as normal random-uid-user. But we need to install php debuginfo packages, thus we need to run as root. The trick is to access the node running the application's pods, so we need admin access on the worker node to do so. I am assuming you already have root access on the worker node.</div></div></div><ol style="text-align: left;"><li>Access the worker node, locate the pod's container.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_UN-dd4wFTV6wQ88oKvB-UsHo5pkWv-r1CE2DWCPMzGYi0VabaFQ6BN_sdalE98Bic9K0Yis6PYgx8jlC6vMPYi5yXRgk7_6ATs5zD7rITbyfo84obtGQ8NNcjus9p0YEY6kyXWf3-W2RMtYJW2mapjHF0iqAm9xwD5z1eLWJa_AkKbAQ-JFAKCuz_w/s2527/Image%202023-02-11%2018-22-31.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="266" data-original-width="2527" height="68" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_UN-dd4wFTV6wQ88oKvB-UsHo5pkWv-r1CE2DWCPMzGYi0VabaFQ6BN_sdalE98Bic9K0Yis6PYgx8jlC6vMPYi5yXRgk7_6ATs5zD7rITbyfo84obtGQ8NNcjus9p0YEY6kyXWf3-W2RMtYJW2mapjHF0iqAm9xwD5z1eLWJa_AkKbAQ-JFAKCuz_w/w640-h68/Image%202023-02-11%2018-22-31.png" width="640" /></a></div><br /></li><li>Run bash shell inside the container as root user<br />docker exec -it -u root <containerid> bash</li><li>Install debuginfo for php<br />dnf debuginfo-install php</li><li>Exit the bash shell.</li></ol><h3 style="text-align: left;">Install php gdbinit</h3><div>Next, we need to use gdbinit from php sources.</div><div><ol style="text-align: left;"><li>Open this url in your web browser. Replace PHP version with the one matching the one being used. Url : https://github.com/php/php-src/blob/PHP-7.4.30/.gdbinit</li><li>Click on the 'Raw' button. The resulting url is like : https://raw.githubusercontent.com/php/php-src/PHP-7.4.30/.gdbinit</li><li>Open pod's terminal from openshift console (or use oc rsh)</li><li>Get the file using wget :<br />wget https://raw.githubusercontent.com/php/php-src/PHP-7.4.30/.gdbinit</li></ol><h3 style="text-align: left;">Displaying stack trace</h3><ol style="text-align: left;"><li>Check pid of running apache process<br />ps afxw</li><li>Restart apache2 process <br />apachectl -k graceful<br /></li><li>Check current pid of running apache processes<br />ps afxw</li><li>Now, check the pid list from step 1 and 3. The common number between these two list means these pids were not being restarted (still running some process), so debug them (debug only the child, not the parent)<br />gdb -p pid</li><li>Inside the gdb shell, dump stack trace<br />dump_bt executor_globals.current_execute_data</li><li>Quit the gdb (otherwise the php script would not continue)<br />quit <br />y</li></ol><h3 style="text-align: left;">Closing remarks</h3></div><div>This procedure is more generic than the previous tricks I have shared in this blog. This might not work on podman-based containers. Outside openshift ecosystem, php-fpm already has built in capability to dump stack trace for running scripts longer than some time treshold.</div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-33211453157724745202022-06-25T06:29:00.005-07:002022-06-25T21:32:47.951-07:00How to Diagnose A Slow or Freezing Web Application<h4 style="text-align: left;">The freezing app problem</h4><div>When dealing with a freezing application, most management (or even management with IT background) will say it is related to capacity problem. Usually the capacity are correlated to how many processor core, how many gigabytes memory available to the system, and how much bandwidth are available. The reality is not that simple. </div><div>When an application freeze or slows down, it is to the best interest of the application team, whether operational, development, devops team, or service team (as it is said in the ITIL), to find out how to make it accessible again, and in management terms, increase the system's capacity.</div><div>The first step to do that, is to actually determine the bottleneck, which traditionally is done by checking memory usage, CPU usage, and network link usage. But I am not thinking to make this a traditional post, so in this post I will try to describe other stuffs that could cause slowdown or freezing app problem.</div><div><br /></div><h4 style="text-align: left;">The APM way of things</h4><div>Today we have APM (Application Performance Management) tools, which should be able to pinpoint most of cases causing application slowdown, which is :</div><div>1) database slowdown caused by certain non-optimal queries</div><div>2) external service timeout or slowdown</div><div>3) inefficient loops in the application flow</div><div><br /></div><div>So, in order to be able to diagnose these 3 kind of causes quickly, install your trusted commercial APM agent. Or not, because sometimes budget must be preserved at the expense of man hours & customer experience :D</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj_KkcrQNu1_76asBGiPCAxTl7gmihVAv8uIefVOD8pLfzdf7e8Kirk5vlqxfg-7dkYWUFkuK2eheQZkvAE51Hj9JBN9Rg72PujUwzaZXg8CXm6ZHrgv3MQl8jKZ2PpmuLKp5Fri1A6VeBncCSsTYGZFQd3o6_2zzSXE2vuutIxfWIm0_AuBvqa-0eU7Q" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="850" data-original-width="1100" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEj_KkcrQNu1_76asBGiPCAxTl7gmihVAv8uIefVOD8pLfzdf7e8Kirk5vlqxfg-7dkYWUFkuK2eheQZkvAE51Hj9JBN9Rg72PujUwzaZXg8CXm6ZHrgv3MQl8jKZ2PpmuLKp5Fri1A6VeBncCSsTYGZFQd3o6_2zzSXE2vuutIxfWIm0_AuBvqa-0eU7Q" width="311" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhxJLnjOZo_rZSO78xS7OyfWtofVqO1c6_LdJ6r03Ya6ptHDvt2YtK8OXpWy_STaL3vDT6gZKKKFE-Q4-8pTI_5FT0j-eeTOwQjqmRikhhGR3To99FTakj7VQA598RFVQK7Kv3hGYQHBu72nbCJ2RnffBmnwG515iTEGT8Agd21dClFicryqW67YlKxog" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="820" data-original-width="2298" height="114" src="https://blogger.googleusercontent.com/img/a/AVvXsEhxJLnjOZo_rZSO78xS7OyfWtofVqO1c6_LdJ6r03Ya6ptHDvt2YtK8OXpWy_STaL3vDT6gZKKKFE-Q4-8pTI_5FT0j-eeTOwQjqmRikhhGR3To99FTakj7VQA598RFVQK7Kv3hGYQHBu72nbCJ2RnffBmnwG515iTEGT8Agd21dClFicryqW67YlKxog" width="320" /></a></div><br /><div><br /></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg4KXCKMuRGY-DOB1lSI7SL56x89qaDLCRP4zIU_pfCbPiWANZBhRmOAVqtgbelfz91m3C0FVrSpZu2MXhECGohw9f3aLZnJr1aSGBR5booODYDImRrQWt_8A1tKpxBVyUYiuT4YxPTUikWSDHEI2KJjmPdus7jPLC-0LcMKz_zzxcw2vY9U_TsejaS4g" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1172" data-original-width="1450" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEg4KXCKMuRGY-DOB1lSI7SL56x89qaDLCRP4zIU_pfCbPiWANZBhRmOAVqtgbelfz91m3C0FVrSpZu2MXhECGohw9f3aLZnJr1aSGBR5booODYDImRrQWt_8A1tKpxBVyUYiuT4YxPTUikWSDHEI2KJjmPdus7jPLC-0LcMKz_zzxcw2vY9U_TsejaS4g" width="297" /></a></div></div><div><br /></div><div>Another alternative would be to use open source APM (such as elastic APM), but it will take a week or two to install in contrast to one day for commercial APM. Or, if you use something like PHP FPM, there is a slow log than can be configured to dump stack trace every 10 seconds or so.</div><div>In this post I would like to focus on some common things that could be causing freeze or slowdown, which might be undetectable by APMs (or.. otherwise..)</div><h4>Cause No 1 : Missing indexes or Freezing database<br /><span style="font-weight: normal;">To diagnose this, usually I would connect to the database (and if unable to, we found out the first cause), then check running SQL sessions for inefficient queries. A simple show processlist in mysql should be adequate for lightly loaded apps. In oracle I would query V$SESSION or GV$SESSION. </span></h4><div><span style="font-weight: normal;"><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgkAaWdF0Z4t8QFi9tmF2faQMcUpKVt8HHI_WJ2kPjo1RNRPmo7Ua0JGmOljEP9rXYqeyoBDV3gzTdGYJrQVcMKtFQF7AKCYw1t3Wu3DFY26PbCyfSJmUodlwljCpzhTuO7QhyYcuBVy_cNb3RFa1vLCoAwyKLTpwt6w6rr3cTz-ecKQv5WfKZnjslqwg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="634" data-original-width="2118" height="120" src="https://blogger.googleusercontent.com/img/a/AVvXsEgkAaWdF0Z4t8QFi9tmF2faQMcUpKVt8HHI_WJ2kPjo1RNRPmo7Ua0JGmOljEP9rXYqeyoBDV3gzTdGYJrQVcMKtFQF7AKCYw1t3Wu3DFY26PbCyfSJmUodlwljCpzhTuO7QhyYcuBVy_cNb3RFa1vLCoAwyKLTpwt6w6rr3cTz-ecKQv5WfKZnjslqwg=w400-h120" width="400" /></a></div><br /><br /></div><br />Problem sessions are sessions in Query state with large (running) time value. For such problem session, get the full-SQL using SHOW FULL PROCESSLIST, and do a EXPLAIN for the query.</span></div><div><span style="font-weight: normal;"><br /></span></div><h4><div><b>Cause No 2 : External Service Availability problem</b></div><div><span style="font-weight: normal;">I previously wrote this as cause no 3, sometimes your application need to call external API service, and DNS resolution works but the API service is not accepting connections (or the network path to the service is too congested, or something else). How to detect this ? Simply run netstat -an | grep SYN and for open ports that still in SYN state between 3-4 second periods is the culprit. Sometimes a quick-and-dirty remedy is to disable the code calling some external services when the load is too high. If it is unacceptable, then the external service must be somehow be returned to available.</span></div></h4><h4 style="text-align: left;">Cause no 4. Parallel process limits too small<br /><span style="font-weight: normal;">When using PHP-FastCGI or PHP module, there are limits being configured in certain configuration files. Such as, process.max in /etc/php/7.4/fpm/pool.d/www.conf or /etc/php-</span><span style="font-weight: 400;">fpm.d/www.conf. And MaxClients, ThreadsPerChild (see </span><span style="font-weight: 400;"><a href="https://serverfault.com/questions/775855/how-to-configure-apache-workers-for-maximum-concurrency">https://serverfault.com/questions/775855/how-to-configure-apache-workers-for-maximum-concurrency</a>) How to diagnose ? Enable server-status for apache (see <a href="https://mediatemple.net/community/products/dv/204404734/how-do-i-enable-the-server-status-page-on-my-server">https://mediatemple.net/community/products/dv/204404734/how-do-i-enable-the-server-status-page-on-my-server</a>)</span><span style="font-weight: normal;"> and php fpm status (see </span><span style="font-weight: 400;"><a href="https://www.tecmint.com/enable-monitor-php-fpm-status-in-nginx/">https://www.tecmint.com/enable-monitor-php-fpm-status-in-nginx/</a>), then view the url for apache status and php fpm status periodically. In container-based environment, the quick-and-dirty diagnosis is by increasing your pods, you will get more concurrent users. Especially in openshift environment, you could increase each pods capacity by adding more RAM for the pods.</span></h4><div><span style="font-weight: 400;">But be aware, that increasing this limits will increase memory burden for the application VM, and there is some other limit for apache that somehow limits <1000 connections per apache instance no matter what you set. This limit can be increased by using a nginx or haproxy in front of the apache server, or some people said using events MPM would help (I haven't tried it yet)</span></div><h4 style="text-align: left;">Cause no 5. Intermittent packet loss between application (VM or host) and other critical services (especially database).</h4><h4 style="text-align: left;"><span style="font-weight: normal;">This is some of the virtualization pitfalls, and still became a mystery why does migrating a VM to another host (and back) could sometime resolve such problem. How to detect this ? Look for :</span></h4><h4 style="text-align: left;"><span style="font-weight: normal;">a) connections visible in one sending host but not in the receiving host. Due to how TCP/IP works, even though the application is freezing then a connection from IP A to B should be visible in netstat on VM A and also on VM B. So if this symptom shows up, the problem must be either in network or virtualization tech (because VMs using virtual routers)</span></h4><div>b) ping from IP A to B in the same network results in packet loss > 1 %. Well, it should be < 0,1% in my opinion. This shows network problem happening (or network virtualization problem).</div><div><br /></div><div>Remediation options : VMotion (or migrate) the VM to other host, checking the warnings (in VMWare console, for example) regarding to NIC card in the host that might need replacement. Soft problems occurs more often than hard problem (meaning hardware replacement is rare).</div><div><br /></div><div><b>Cause no 6. Out of sockets in the Web/Load balancer </b></div><div>When multiple application server is being hit by many many users, sometimes the connection capacity becames a problem. To diagnose this : </div><div>netstat -an | grep WAIT | wc -l</div><div>netstat -an | grep ESTA | wc -l</div><div>Results in the order of >10 thousand is sometimes a problem because a spike in the incoming connection requests could have some request unserviceable. Another symptom is that requests take a long time to complete, with no CPU or database activity visible.</div><div>The normal setting for linux ephemeral port range is <span color="var(--black-800)" face="var(--ff-mono)" style="font-size: var(--fs-body1); font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit; white-space: inherit;">32768-61000 resulting in about 30 thousand maximum connections. The remedy is to tune for high-performance connections : </span></div><div><span style="background-color: #f9f9f9; color: #707070; font-family: "Roboto Mono", monospace; font-size: 13px; font-weight: 700; white-space: pre;">net.ipv4.ip_local_port_range="1024 65535"
net.ipv4.tcp_tw_reuse=1</span></div><div>And while you were at it, also tune for these parameters :</div><div><div>net.netfilter.nf_conntrack_max=1048576</div><div>net.ipv4.conf.all.arp_announce=2</div><div>net.ipv4.neigh.default.gc_thresh1=8192</div><div>net.ipv4.neigh.default.gc_thresh2=32768</div><div>net.ipv4.neigh.default.gc_thresh3=65536</div><div>net.ipv6.neigh.default.gc_thresh1=8192</div><div>net.ipv6.neigh.default.gc_thresh2=32768</div><div>net.ipv6.neigh.default.gc_thresh3=65536</div><div>vm.max_map_count=262144</div></div><div>This is especially important for the load balancer host / VM. </div><div><br /></div><div><b>Cause no 7. DNS Resolution problem</b></div><div><br /></div><div>This problem have better chance to manifests itself when the operating system is configured to use some unusual DNS service (because if the primary DNS is down, normally the network team will detect it fairly quickly). How to detect this? I sometimes do a strace on php-cgi process or apache process, and alternatively we could run tcpdump on port 53 and seeing DNS requests that are not being replied to. An option for remedy is to reroute DNS request to servers capable handling them (such as, google's DNS..)</div><h4 style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhDyuFTucIhbXN9aZfB5gkva-0iIPzNG-i-_rWaNqPMUwoq1sZHzqjPWu1bhB8INbhWiKMnncmXb4tF3l1xMw3T9k1gsxkrKR-tHgGBtwUPQYRWnNCBXRWt3wmWsLwKMgnTF1FNTdPujyso0rJoHEGPci_axDHzALHLDwRTOCHdbh8bnEQp9dz6GJ1G_w" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="296" data-original-width="1556" height="61" src="https://blogger.googleusercontent.com/img/a/AVvXsEhDyuFTucIhbXN9aZfB5gkva-0iIPzNG-i-_rWaNqPMUwoq1sZHzqjPWu1bhB8INbhWiKMnncmXb4tF3l1xMw3T9k1gsxkrKR-tHgGBtwUPQYRWnNCBXRWt3wmWsLwKMgnTF1FNTdPujyso0rJoHEGPci_axDHzALHLDwRTOCHdbh8bnEQp9dz6GJ1G_w" width="320" /></a></div><br /><br /></h4><h4 style="text-align: left;">Cause no 8. Too much session data</h4><div>This problem occurs when too much data being stored in session storage, which is stored external to the app server (memcached or redis or even in the db). The symptom is heavy network traffic to the session storage server even when the concurrent user is under 100. To detect this run iftop or something similar in the session storage server, and run tcpdump to find out what data being stored in the session (assuming, the connection is not encrypted). The remedy is to keep minimal amount of session data and put cache and session data in different places ( or at least, use different keys and only retrieve the cache data you will need)</div><h4 style="text-align: left;">Cause no 9. Other process are loading the application host</h4><div>This might occurs when another app or another website is running on the application host. To diagnose this just run top in the application host and see if there something strange hogging the CPU or RAM. Sometimes, disk IO became a problem, you could check using iostat, but to pinpoint which process is responsible for the IO requires special tools such iotop. Oh, please remember that disk capacity is a different beast than disk IO capacity.. The latter only causes error or standstill when the a disk partition is 100% full.</div><h4 style="text-align: left;">Conclusion</h4><div>The cause for a slow or freezing web application, more often than not, is unrelated to the CPU core count, memory capacity, and storage capacity of the infrastructure is running on. Only in some occassions, we could fix slowdown problem by increasing CPU / memory capacity, on other events we need to identify which case are actually causing the slowdown/freeze.</div><div><br /></div><div>References</div><div><ul style="text-align: left;"><li>Openshift Origin 3.6 tuning profile at https://github.com/openshift/origin/blob/v3.6.1/contrib/tuned/origin-node-guest/tuned.conf</li><li>Openshift Origin 4.x Tuning Operator Profile at https://github.com/openshift/cluster-node-tuning-operator/blob/e67bc9dc5e691c6991787470f73835bca15cf9b3/assets/tuned/daemon/profiles/openshift/tuned.conf </li><li>EXPLAIN tutorial at https://www.sitepoint.com/using-explain-to-write-better-mysql-queries/ </li><li>New Relic APM installation for PHP at https://docs.newrelic.com/docs/apm/agents/php-agent/installation/php-agent-installation-overview/</li><li>Elastic APM installation for PHP at https://www.elastic.co/guide/en/apm/agent/php/current/setup.html</li><li>PHP FPM Slow log tutorial at https://easyengine.io/tutorials/php/fpm-slow-log/</li></ul></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-43131500282426055872022-05-20T20:33:00.003-07:002022-05-20T20:33:56.887-07:00Mounting Single File From Configuration Map In Kubernetes/Openshift Pod<h3 style="text-align: left;"> Background</h3><div>Sometimes, we need to override a single file in a pod without having to build a new image.</div><div>There is a technique to do this, so this blog would serve to remind me of the steps involved doing just that.</div><h3 style="text-align: left;">1. Create A Configuration Map</h3><div>First we need to copy the original file to the notepad. The steps are :</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yudhi@Yudhis-MacBook-Pro ~ % oc project apifinance</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Now using project "apifinance" on server "https://lb.osh.telkom.co.id:8443".</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yudhi@Yudhis-MacBook-Pro ~ % oc get po</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">NAME<span class="Apple-converted-space"> </span>READY <span class="Apple-converted-space"> </span>STATUS<span class="Apple-converted-space"> </span>RESTARTS <span class="Apple-converted-space"> </span>AGE</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">finance-2-chm5g <span class="Apple-converted-space"> </span>1/1 <span class="Apple-converted-space"> </span>Running <span class="Apple-converted-space"> </span>0<span class="Apple-converted-space"> </span>211d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">finance-3-build <span class="Apple-converted-space"> </span>0/1 <span class="Apple-converted-space"> </span>Completed <span class="Apple-converted-space"> </span>0<span class="Apple-converted-space"> </span>248d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">financeapi-46-8wmfh <span class="Apple-converted-space"> </span>1/1 <span class="Apple-converted-space"> </span>Running <span class="Apple-converted-space"> </span>0<span class="Apple-converted-space"> </span>30d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">proxy-finest-10-1btmq <span class="Apple-converted-space"> </span>1/1 <span class="Apple-converted-space"> </span>Running <span class="Apple-converted-space"> </span>0<span class="Apple-converted-space"> </span>58d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yudhi@Yudhis-MacBook-Pro ~ % oc rsh proxy-finest-10-1btmq</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;">sh-4.4$ cd /etc/httpd</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">sh-4.4$ ls</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">conf<span class="Apple-converted-space"> </span>conf.d<span class="Apple-converted-space"> </span>conf.modules.d<span class="Apple-converted-space"> </span>logs<span class="Apple-converted-space"> </span>modules<span class="Apple-converted-space"> </span>run<span class="Apple-converted-space"> </span>state</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">sh-4.4$ cd conf.d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">sh-4.4$ ls</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">README<span class="Apple-tab-span" style="white-space: pre;"> </span>autoindex.conf<span class="Apple-tab-span" style="white-space: pre;"> </span>php.conf<span class="Apple-converted-space"> </span>ssl.conf<span class="Apple-converted-space"> </span>userdir.conf<span class="Apple-converted-space"> </span>welcome.conf</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">sh-4.4$ cat ssl.conf</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># When we also provide SSL we have to listen to the<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># standard HTTPS port in addition.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Listen 0.0.0.0:8443 https</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">##</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">##<span class="Apple-converted-space"> </span>SSL Global Context</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">##</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">##<span class="Apple-converted-space"> </span>All SSL configuration in this context applies both to</span></p></div><div><br /></div><div>Copy the ssl.conf file into the clipboard.</div><div><br /></div><div>Next we need to create a configuration map. Enter the file name we need to override as the config map's key. And paste the clipboard content into the Value text box.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjD2F-ENBgs9BfjIGXdVEChp2XAr225zqjcgOjrgJqN94thyPQ9jbRqkeIvJMnvaTJmWXlTU2ebQ5f9-6FPSaf2rKUUVfnt68I5iO-qRQBBXLXzOz7B3vsLwQ-vF0yuVrAVcneATDpRoLsbkBzz82O4UwbIPunaoMSWc8tqZR_77CwBP5WpwTgjlmcGgQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1208" data-original-width="2046" height="189" src="https://blogger.googleusercontent.com/img/a/AVvXsEjD2F-ENBgs9BfjIGXdVEChp2XAr225zqjcgOjrgJqN94thyPQ9jbRqkeIvJMnvaTJmWXlTU2ebQ5f9-6FPSaf2rKUUVfnt68I5iO-qRQBBXLXzOz7B3vsLwQ-vF0yuVrAVcneATDpRoLsbkBzz82O4UwbIPunaoMSWc8tqZR_77CwBP5WpwTgjlmcGgQ" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><h3 style="clear: both; text-align: left;">2. Mount the file from the configuration map into the original path.</h3><div class="separator" style="clear: both; text-align: left;">Click on the link "Add Config Files"</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiRpDZ9D89myfAp1MczeaxtdgeWxmmks6OeKxQw0tG3oXlMUX9tYgfWxWKovHA0be15WvLioSoG__rUkXReu9b6I0fKjSHs_elg4BNLAlBSUGWn7q4bbKVbWQ7ihcCxIH81oAPNA1GR_AwVoNuShk4IEfVzQuKLJkN-qP7v7qDX6BK0UiTcNNeCbjJ_8g" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="618" data-original-width="2008" height="98" src="https://blogger.googleusercontent.com/img/a/AVvXsEiRpDZ9D89myfAp1MczeaxtdgeWxmmks6OeKxQw0tG3oXlMUX9tYgfWxWKovHA0be15WvLioSoG__rUkXReu9b6I0fKjSHs_elg4BNLAlBSUGWn7q4bbKVbWQ7ihcCxIH81oAPNA1GR_AwVoNuShk4IEfVzQuKLJkN-qP7v7qDX6BK0UiTcNNeCbjJ_8g" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>Type the path of the file we want to override.<br /><br /></div><br /><h3 style="text-align: left;">3. Edit the deployment yaml to add subpath</h3></div><div><br /></div><div>Edit the deployment yaml, and find this section :</div><div><div></div><blockquote><div> <span style="font-family: courier;">volumeMounts:</span></div><div><span style="font-family: courier;"> - mountPath: /etc/httpd/conf.d/ssl.conf</span></div><div><span style="font-family: courier;"> name: volume-38kso</span></div></blockquote><div></div><div>And turn it into :</div></div><div><div></div><blockquote><div><span style="font-family: courier;"> volumeMounts:</span></div><div><span style="font-family: courier;"> - mountPath: /etc/httpd/conf.d/ssl.conf</span></div><div><span style="font-family: courier;"> name: volume-38kso</span></div><div><span style="font-family: courier;"> subPath: ssl.conf</span></div></blockquote><p><br /></p><p>Thus these are the steps needed to mount a single file into an existing file in an existing directory in the pods. </p><div></div></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-72430752411936672042022-02-27T19:23:00.007-08:002022-02-27T20:48:26.841-08:00Using Visual Studio Code to Edit Files in Openshift Pods<div style="text-align: left;">Tracing PHP applications are typically done by putting echo statements in code path in a debug session. When PHP applications are deployed into openshift environment, the developer could edit the source code in development app (not production) to add echo statements. Typically this is done using the terminal. However the development experience is not very good.</div><h3 style="text-align: left;">Background</h3><div>When debugging or tracing, we developers sometimes need to check multiple files at once, and sometimes need to do a project-wide search to find the source file containing one class or method. Most developers find this is not easy to do in the terminal interface. They normally use editors such as Visual Studio Code to be able to search quickly and jump between source code files, and using vi in the terminal is somewhat off-putting. A better solution is to run Visual Studio Code remotely in the pod's container.</div><h3 style="text-align: left;">How to Launch Visual Studio Code in Pods</h3><div>There are a few prerequisite needed to be able to launch visual studio code in Openshift Container :</div><div>Step 1. Install oc client</div><div>Check your openshift version and you could find oc client downloads from two major repository in github: the <a href="https://github.com/openshift/origin/releases">origin repository</a> and the <a href="https://github.com/openshift/okd/releases">okd repository</a>. The origin is used for 3.x versions, and 4.x later versions are stored in the okd repository. Check the releases page for either repository, and find your version tag there.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEimQPfU0wplCq1wkvYFHHeugis-rWE-YQGg3DpZFs9gs_s8XD9PfiqJ_PDW7IJcDYE-E9VcLjsQosu2A7ukpchXFi7est2jNlAqGmnR54sglpwRoFUCQ-OVfSMG_TiFBi_yPkL-xDiAhxUzWqNu4WzDegVgQywAmJJhRkQZRHn4fD1uP35anO60U8-cvQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1506" data-original-width="1958" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEimQPfU0wplCq1wkvYFHHeugis-rWE-YQGg3DpZFs9gs_s8XD9PfiqJ_PDW7IJcDYE-E9VcLjsQosu2A7ukpchXFi7est2jNlAqGmnR54sglpwRoFUCQ-OVfSMG_TiFBi_yPkL-xDiAhxUzWqNu4WzDegVgQywAmJJhRkQZRHn4fD1uP35anO60U8-cvQ" width="312" /></a></div><br />Find oc client link matching with your operating system :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjgP8HEjbU5FSBBSVPUJu8TRnqUquo7YjBico4QVoMJMj_MmL89vWMTPtXW5EHaIu85FWk5aiJ74Hv2GE6gxnIbuDotJfU0oeO3RoajhUIOYWTs0iT78LLY7L2yHu91xqCSAkUenQsWgP2rsv99zjZKJ3jNxU4rxeSikHpWwbsRftBH0AfQja67YqE-JQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1276" data-original-width="1830" height="223" src="https://blogger.googleusercontent.com/img/a/AVvXsEjgP8HEjbU5FSBBSVPUJu8TRnqUquo7YjBico4QVoMJMj_MmL89vWMTPtXW5EHaIu85FWk5aiJ74Hv2GE6gxnIbuDotJfU0oeO3RoajhUIOYWTs0iT78LLY7L2yHu91xqCSAkUenQsWgP2rsv99zjZKJ3jNxU4rxeSikHpWwbsRftBH0AfQja67YqE-JQ" width="320" /></a></div>If you are unfortunate enough to use Mac OS 12 Monterey but still need to connect to 3.x openshift, then you should check out this link in order to custom-build your oc client : <a href="https://inventorsparadox.blogspot.com/2022/01/rebuilding-openshift-oc-client-for-mac.html">https://inventorsparadox.blogspot.com/2022/01/rebuilding-openshift-oc-client-for-mac.html</a></div><div><br /></div><div>Having downloaded the oc client, extract it, and copy the oc binary (executable) to your system path. You need Administrator permission to do that in most cases. In windows, in the Explorer, copy the oc.exe file, and then open C:\Windows\System32 and paste oc.exe there. In Mac OS, do this : <span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">cp oc usr/local/bin/oc</span> </div><div>If you are using linux, you should be able to find out on your own how to do that :D</div><div>Check the installed oc from command line, and make sure the OS could find your oc binary :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh5wdKs_fR3cb1O0SeGdu6EpOUYpJxFRrA3PLNUFFE6Ok7Ec933BZ3LWca2GTLPs4CDKLvnGvjnwypYzpwCE7eUrp0_ejDq_y8NTHULqh7rJCScxjge69RUW6uQVj7HJlXAuJrCscfbz-78zBdderjoybc2Gh9CCVMmFXI3JkwKj_7W5scwOykl-YhvXw" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="652" data-original-width="1516" height="138" src="https://blogger.googleusercontent.com/img/a/AVvXsEh5wdKs_fR3cb1O0SeGdu6EpOUYpJxFRrA3PLNUFFE6Ok7Ec933BZ3LWca2GTLPs4CDKLvnGvjnwypYzpwCE7eUrp0_ejDq_y8NTHULqh7rJCScxjge69RUW6uQVj7HJlXAuJrCscfbz-78zBdderjoybc2Gh9CCVMmFXI3JkwKj_7W5scwOykl-YhvXw" width="320" /></a></div><br /><br /></div><div>Then, create symbolic link to the oc with the name kubectl : </div><div>ln -s /usr/local/bin/oc /usr/local/bin/kubectl</div><div>In windows you might just duplicate the oc.exe and copy it into kubectl.exe.</div><div><br /></div><div>Step 2. Install Visual Studio Code Extensions for Kubernetes or Openshift</div><div>We have two options, that is to use the Kubernetes extension or the Openshift extension. In the old 3.x openshift release only the Kubernetes Extension could be used. First you need to open Extensions, click on the Code menu, then Preferences -> Extensions :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjiNCzCCzvH1b-h9jB6gAdZ22bkFk3Om0oO_CScIbHyJQyXKNw-LkH1sO8ArfFVbIk2UGJUrv9miTGckCLFVSNFXJuUkaimenuFApaEqMtMIXLngNYsNhaoeLCw8rZ1vD1eH1QXQwo4a84qweaX9zCHq59djGxVbeRd48R-1SrybIfDqdJgE5LsfvBOyg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="744" data-original-width="1280" height="186" src="https://blogger.googleusercontent.com/img/a/AVvXsEjiNCzCCzvH1b-h9jB6gAdZ22bkFk3Om0oO_CScIbHyJQyXKNw-LkH1sO8ArfFVbIk2UGJUrv9miTGckCLFVSNFXJuUkaimenuFApaEqMtMIXLngNYsNhaoeLCw8rZ1vD1eH1QXQwo4a84qweaX9zCHq59djGxVbeRd48R-1SrybIfDqdJgE5LsfvBOyg" width="320" /></a></div><br />Install the Kubernetes extension :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjYIQ_D7z05_ouMo5YGMW54t1VoLNeZ-nfek2Dnik733SwtO6ykgbYSyG9tYEQ5F2IeMz3LkPKY4yBLPbahLJNBVMFd4X_Vd3ByffhkSEBEMZv9i0DNfW3yBll9OVoLyYNxgCe7E473LRXrm25qLt2pnpEsJHqgcT6sKA9Vq-IG6f8AhbH-ChuZLL28FA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="966" data-original-width="1922" height="161" src="https://blogger.googleusercontent.com/img/a/AVvXsEjYIQ_D7z05_ouMo5YGMW54t1VoLNeZ-nfek2Dnik733SwtO6ykgbYSyG9tYEQ5F2IeMz3LkPKY4yBLPbahLJNBVMFd4X_Vd3ByffhkSEBEMZv9i0DNfW3yBll9OVoLyYNxgCe7E473LRXrm25qLt2pnpEsJHqgcT6sKA9Vq-IG6f8AhbH-ChuZLL28FA" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>And, Openshift extension if you have newer Openshift cluster (4.x ) :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj8OIw7hVadsjQbNoFyCmA-noI43S9bzFMiFMw3OcbpWCGVokpZxUeDyuOWocSru3SmeNPTTToe3IuBrdwlOIj4RsLjA1dDmk-iV86DjkLfZOtSV5q88H746DlECbuTpaI-BJci_16BK6Nzq4RdpMaSQGY5JuhzRSj1GuvRcOJv7fWw7i3XGP5ALbFDAw" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1036" data-original-width="2478" height="134" src="https://blogger.googleusercontent.com/img/a/AVvXsEj8OIw7hVadsjQbNoFyCmA-noI43S9bzFMiFMw3OcbpWCGVokpZxUeDyuOWocSru3SmeNPTTToe3IuBrdwlOIj4RsLjA1dDmk-iV86DjkLfZOtSV5q88H746DlECbuTpaI-BJci_16BK6Nzq4RdpMaSQGY5JuhzRSj1GuvRcOJv7fWw7i3XGP5ALbFDAw" width="320" /></a></div><br />3. Login to your openshift cluster</div><div>Using openshift 3.x, open up terminal and just :</div><div>oc login https://<your cluster API url>:8443</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjwtaojS0wmsHOOmZg9ePDoHi2yxTQEEJWwIQ-_BujBjmtjwlVgvZt6G1dbQHGm_zZ8SwtIGPl2_yGgAMe4OQoUgk5deY9taalJju9wVKjuPIKq1gQQicdY3u_192husz3-haqpQbZvmfT1BRIG5n0ZHddm0coKhNzACZ2ydzLjGODFUsOXTGhSnlzxMg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="678" data-original-width="1546" height="140" src="https://blogger.googleusercontent.com/img/a/AVvXsEjwtaojS0wmsHOOmZg9ePDoHi2yxTQEEJWwIQ-_BujBjmtjwlVgvZt6G1dbQHGm_zZ8SwtIGPl2_yGgAMe4OQoUgk5deY9taalJju9wVKjuPIKq1gQQicdY3u_192husz3-haqpQbZvmfT1BRIG5n0ZHddm0coKhNzACZ2ydzLjGODFUsOXTGhSnlzxMg" width="320" /></a></div><br /></div><div>then type in your username and password. </div><div>If using openshift 4.x, you need to log on the web console first, then click on the 'Copy login command'.</div><div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjvEMXPQujAPC-5bHfJwYCOAzZH8WjEnld1tp6Tc-Lr0xk3IRigur9vSlpVasFFoLBjz0_GZV_nmIE_jCips3rVrrn8yfwyVLgV9rjxVFC61Gv2cJOyOs_C_II529yztBfi6UD1B3Xbb5figWfeTE22AXd6jQ76buSzauHNOrVuIuAr8rUGu_f48-Twbg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="668" data-original-width="2426" height="88" src="https://blogger.googleusercontent.com/img/a/AVvXsEjvEMXPQujAPC-5bHfJwYCOAzZH8WjEnld1tp6Tc-Lr0xk3IRigur9vSlpVasFFoLBjz0_GZV_nmIE_jCips3rVrrn8yfwyVLgV9rjxVFC61Gv2cJOyOs_C_II529yztBfi6UD1B3Xbb5figWfeTE22AXd6jQ76buSzauHNOrVuIuAr8rUGu_f48-Twbg" width="320" /></a></div><br /><br /></div><div>After re-login, we will be shown to a Display Token link, which upon clicked will get us this :</div><div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhU3CFL7pLRTL6b4Fsxcp6DgLwiMnXlo4PerVRZ_ZRt9qHHl4jtHzaFo07_p4lD6Dqg_pQBLT-32y6R5UTiRfsljIoa8vYGRuoujeyQwOR5FQxQwRZvzHwDqI8zRkRkSiij4d-lWh16PtzMU3FRYIhHcKMlxaBJM4vrHzuasaBcG90OPi7wk_1vNCgm8A" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="986" data-original-width="2360" height="134" src="https://blogger.googleusercontent.com/img/a/AVvXsEhU3CFL7pLRTL6b4Fsxcp6DgLwiMnXlo4PerVRZ_ZRt9qHHl4jtHzaFo07_p4lD6Dqg_pQBLT-32y6R5UTiRfsljIoa8vYGRuoujeyQwOR5FQxQwRZvzHwDqI8zRkRkSiij4d-lWh16PtzMU3FRYIhHcKMlxaBJM4vrHzuasaBcG90OPi7wk_1vNCgm8A" width="320" /></a></div>Copy and paste the oc login command, and execute it in the terminal/command prompt.</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiGBCx2klbDACJQJqG2lfNoL5-NNn72ydLfI8LBHnwVkzRdPa1tgWxy9CoK-5Bn12yIiqoygy-UrYrVNt5xhgttKono2dnNtDVgF_2ebzgBB3v3MBNd0UhRFwpN5fIMKZq5cfK74pcVWP3XVg4eVODAXPi56kt7BdEVgAt0UdYlC-Ovag1771MH2EeNhA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="316" data-original-width="1886" height="54" src="https://blogger.googleusercontent.com/img/a/AVvXsEiGBCx2klbDACJQJqG2lfNoL5-NNn72ydLfI8LBHnwVkzRdPa1tgWxy9CoK-5Bn12yIiqoygy-UrYrVNt5xhgttKono2dnNtDVgF_2ebzgBB3v3MBNd0UhRFwpN5fIMKZq5cfK74pcVWP3XVg4eVODAXPi56kt7BdEVgAt0UdYlC-Ovag1771MH2EeNhA" width="320" /></a></div><br /><br /></div><div>4. Run Visual Studio Code, open up the Kubernetes menu, and make sure you scroll to the part where there is a caret clickable to the left of Openshift Icon :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi3GC9mD-7scloGVZUk_oroXFM4px8WSy58T7hrK6uJOxzRUoaUex9isI7ppYgclVcuBoTqLhgJRE3hJXiPst_vGAjfBLNnjY8KdaB_bgp-y3L4zw_hdZbfv_s4ekxCET5IvHCxmufEeLwZ61_EBzrbW7Aw1lLvslfagQv1EN_J33K-AKn6cS3z1PBCjg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1800" data-original-width="2880" height="200" src="https://blogger.googleusercontent.com/img/a/AVvXsEi3GC9mD-7scloGVZUk_oroXFM4px8WSy58T7hrK6uJOxzRUoaUex9isI7ppYgclVcuBoTqLhgJRE3hJXiPst_vGAjfBLNnjY8KdaB_bgp-y3L4zw_hdZbfv_s4ekxCET5IvHCxmufEeLwZ61_EBzrbW7Aw1lLvslfagQv1EN_J33K-AKn6cS3z1PBCjg" width="320" /></a></div><br /><br /></div><div>5. Left Click on the Workloads -> Pods -> Right Click on the Pod you want to run the Visual Studio Code editor :</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjnP81JOtGcAWrJxKzsj2St0AfRXatbr_BJNHenDiDQKweO92dN_c0P_LzpR3nau92q4fzJqCinFNBS1g_GV2iaN2rR76EhXTffcTlHJHQHaCV4nRYVKWwG8dr4R34JQ4mFWp8d1vRTTRQ3rVr6a3Pco3BdhRGRVMBUbtwZmfaTyx4-J6e6BMQM9Ad-4g" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1238" data-original-width="850" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEjnP81JOtGcAWrJxKzsj2St0AfRXatbr_BJNHenDiDQKweO92dN_c0P_LzpR3nau92q4fzJqCinFNBS1g_GV2iaN2rR76EhXTffcTlHJHQHaCV4nRYVKWwG8dr4R34JQ4mFWp8d1vRTTRQ3rVr6a3Pco3BdhRGRVMBUbtwZmfaTyx4-J6e6BMQM9Ad-4g" width="165" /></a></div><br /><br />6. Then, Visual Studio Code will launch a new window, and it will install Visual Studio Code in the pod. Wait until the Visual Studio download completes.</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhYrhsyJ131-NmqQJjYFPdeV-sxXDrz-sSUQ2gLI-FQMyaIdLhZV5KB9O9Yfzbz4Kb2hkF9YQHjHHqVVwuPMuUuaE26vj3W_q9TzCEj6s3A564YKbV3rxrcU721p9LfmyjeZGMpAcSQxYmnjMfwoaIhrQ6IgROsZ88efCymO2hhT_PO6OD3V9pE0ZM3gg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1542" data-original-width="1273" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEhYrhsyJ131-NmqQJjYFPdeV-sxXDrz-sSUQ2gLI-FQMyaIdLhZV5KB9O9Yfzbz4Kb2hkF9YQHjHHqVVwuPMuUuaE26vj3W_q9TzCEj6s3A564YKbV3rxrcU721p9LfmyjeZGMpAcSQxYmnjMfwoaIhrQ6IgROsZ88efCymO2hhT_PO6OD3V9pE0ZM3gg" width="198" /></a></div><br />7. Next, click Explorer icon and Open Folder button. Click ok (or, change the folder path if you want)</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg6mNpe2jaISmpkO08l_xxa6wK4KasjJfbwd9dkXUB1GQKmPnvpWHA9O4NO6cvesXvnqVUFra7GsKSAPfq6IwoMFfCNeQWAF9y-Qv60-6CVJYWNwOasGMssYdQ14frDJFbwReGadaBsil24X5YkwJ_hjIidr5wcqIveyfSQoR3nt9nMtmd8NasM4ncMqg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="734" data-original-width="1442" height="163" src="https://blogger.googleusercontent.com/img/a/AVvXsEg6mNpe2jaISmpkO08l_xxa6wK4KasjJfbwd9dkXUB1GQKmPnvpWHA9O4NO6cvesXvnqVUFra7GsKSAPfq6IwoMFfCNeQWAF9y-Qv60-6CVJYWNwOasGMssYdQ14frDJFbwReGadaBsil24X5YkwJ_hjIidr5wcqIveyfSQoR3nt9nMtmd8NasM4ncMqg" width="320" /></a></div>8. Now, you could leisurely edit the pod's content using Visual Studio Code editor ! But, still, your mileage may vary, VPN latency will reduce the experience a lot. In my experience, connecting to the openshift cluster in datacenter using our office wi-fi is a whole lot better than connecting using VPN connection from internet tethering.</div><div><br /></div><h4 style="text-align: left;">Conclusion</h4><div>By combining the oc client, Visual Studio Code Kubernetes and Openshift Extension, we could remotely edit code in the pod using Visual Studio Code GUI.</div><div><br /><br /><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-83750837074008880892022-01-21T20:08:00.004-08:002022-01-22T12:23:26.769-08:00Debugging Openshift Docker Registry using Visual Studio Code<h3 style="text-align: left;">Overview</h3><div style="text-align: left;">Red Hat has augmented docker's registry with some enhancement before deploying it in Openshift cluster. In some cases we might want to debug it, to find out reasons why some stuff doesn't work or for educational purposes.</div><div style="text-align: left;">In this post we will describe steps required to do debugging for the docker registry (a.k.a docker distribution) from Visual Studio Code. We are going to run the openshift docker registry in a separate deployment config.</div><div style="text-align: left;"><br /></div><h3 style="text-align: left;">Repository identification</h3><div>First, docker registry is created using Go Language; and in this case, the source code for the enhanced docker registry lives in github repository <a href="https://github.com/openshift/origin">https://github.com/openshift/origin</a> for some versions and in <a href="https://github.com/openshift/docker-distribution">https://github.com/openshift/docker-distribution</a> for later versions. In this post I will use the version in openshift 3.6 ( <a href="https://github.com/openshift/origin/tree/v3.6.1">https://github.com/openshift/origin/tree/v3.6.1</a> ) because <strike>of selfish reasons</strike> our sandbox/development openshift cluster uses this version.</div><div>The main source code file lives in cmd/dockerregistry path (<a href="https://github.com/openshift/origin/tree/v3.6.1/cmd/dockerregistry">https://github.com/openshift/origin/tree/v3.6.1/cmd/dockerregistry</a>) which we need to build using go debug-specific options.</div><div><br /></div><h3 style="text-align: left;">S2I Base image</h3><div>To be able to build the docker registry, we need a base image; for this purpose I build from the go 1.15 version in <a href="https://github.com/sclorg/golang-container">https://github.com/sclorg/golang-container</a>. The steps for building this image is as follows :</div><div><br /></div><div>git clone <a href="https://github.com/sclorg/golang-container">https://github.com/sclorg/golang-container</a></div><div>cd 1.15</div><div>docker build -t golang:scl-1.15 -f Dockerfile.fedora .</div><div><br /></div><div>To push this to internal registry use :</div><div><br /></div><div>oc login [openshift-cluster-context-url]</div><div>[ enter username and password here ]</div><div><br /></div><div>docker tag golang:scl-1.15 [internal-repo-url]/openshift/golang:scl-1.15</div><div>docker login -u [username] -p `oc whoami -t` [internal-repo-url]</div><div>docker push [internal-repo-url]/openshift/golang:scl-1.15</div><h4 style="text-align: left;">Building the dockerregistry binary</h4><div>First, clone the <a href="https://github.com/openshift/origin/tree/v3.6.1">https://github.com/openshift/origin/tree/v3.6.1</a> repository branch because we need to create .s2i/bin/assemble file get debugging.</div><div>If your openshift environment allows accessing github, add this file (we use delve v1.7.3 because that is the latest version supporting golang 1.15) :</div><div><br /></div><div><div>mkdir -p .s2i/bin</div><div>cd .s2i/bin</div><div>cat > assemble</div></div><div>#!/bin/bash</div><div>go get github.com/go-delve/delve/cmd/dlv@1.7.3</div><div>mkdir -p /opt/app-root/src/bin</div><div>cp $HOME/go/bin/dlv /opt/app-root/src/bin/dlv</div><div>/usr/libexec/s2i/assemble</div><div><ctrl-D></div><div><br /></div><div>chmod u+x assemble</div><div>git add assemble</div><div>git commit -m "add assemble file"</div><div><br /></div><div>And then you could skip the next chapter.</div><div>If not, we need to extract the dlv file first.</div><h4 style="text-align: left;">dlv v1.7.3 binary file extraction </h4><div>docker run -it golang:scl-1.15 bash</div><div>go get github.com/go-delve/delve/cmd/dlv@1.7.3</div><div><ctrl-P ctrl-Q>. -- detach from the container</div><div>docker ps </div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">CONTAINER ID <span class="Apple-converted-space"> </span>IMAGE <span class="Apple-converted-space"> </span>COMMAND<span class="Apple-converted-space"> </span>CREATED <span class="Apple-converted-space"> </span>STATUS <span class="Apple-converted-space"> </span>PORTS <span class="Apple-converted-space"> </span>NAMES</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">d260382ee77d <span class="Apple-converted-space"> </span>golang-container:1.15 <span class="Apple-converted-space"> </span>"container-entrypoin…" <span class="Apple-converted-space"> </span>6 minutes ago <span class="Apple-converted-space"> </span>Up 6 minutes <span class="Apple-converted-space"> </span>modest_tharp</span></p></div><div>(take note of the running container id)</div><div>mkdir bin</div><div><span style="font-family: inherit;">docker cp [container-id]:<span style="font-variant-ligatures: no-common-ligatures;">/opt/app-root/src/go/bin/dlv</span><span class="Apple-converted-space" style="font-variant-ligatures: no-common-ligatures;"> bin/dlv</span></span></div><div>docker attach [container-id]</div><div>exit</div><div><br /></div><div>git add bin/dlv</div><div><br /></div><div>create the .s2i/bin/assemble file :</div><div><br /></div><div>mkdir -p .s2i/bin</div><div>cd .s2i/bin</div><div>cat > assemble</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#!/bin/bash</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">mkdir -p /opt/app-root/src/bin</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">cp /tmp/src/bin/dlv /opt/app-root/src/bin/dlv</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/usr/libexec/s2i/assemble</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><ctrl-D></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p></div><div><div>chmod u+x assemble</div></div><div>git add assemble</div><div>cd ../..</div><div>git commit -m "add assemble and dlv executable"</div><div><br /></div><div>now we could push it to our (personal) repo.</div><div><br /></div><h4 style="text-align: left;">Building the dockerregistry binary part 2</h4><div>Next, create a golang build configuration, in our system the golang template not installed, so we just create php application and replace the builder image with openshift/golang:scl-1.15 tag.</div><div>Add these two environment variables :</div><div><div> env:</div><div> - name: INSTALL_URL</div><div> value: github.com/openshift/origin/cmd/dockerregistry</div><div> - name: IMPORT_URL</div><div> value: github.com/openshift/origin</div></div><div><br /></div><div>After add these two environment variable, run the build and hopes that the build runs sucessfully. Actually this build doesn't run the debugger yet.</div><div><br /></div><h4 style="text-align: left;">Activating debug build</h4><div>To run app using debug build, the syntax is like this :</div><div>dlv debug github.com/openshift/origin/cmd/dockerregistry --check-go-version=false --output /tmp/dockerregistry -l 0.0.0.0:2345 --headless=true --log=true --api-version=2</div><div><br /></div><div>Now, how to we make the openshift deployment run this ? In our case, we add this run file :</div><div><br /></div><div>cd .s2i/bin</div><div>cat > run</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#!/bin/bash</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">if [ "$DEPLOYENTRYPOINT" == "" ]<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">then</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">if [ "$INSTALL_URL"=="github.com/openshift/origin/cmd/dockerregistry" ]</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">then</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>exec /opt/app-root/gobinary $REGISTRY_CONFIGURATION_PATH</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">else</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>echo "Not supported yet"</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">fi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">else</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>exec $DEPLOYENTRYPOINT</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">fi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;"><ctrl-D></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;">chmod u+x run</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;">git add run</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><div>And then we add DEPLOYENTRYPOINT in the Deployment Environment variables, with this content : </div><div>dlv debug github.com/openshift/origin/cmd/dockerregistry --check-go-version=false --output /tmp/dockerregistry -l 0.0.0.0:2345 --headless=true --log=true --api-version=2</div><div><br /></div><h4 style="text-align: left;">Actually debugging (yes!)</h4><div>After the deployment runs, we need to do port-forwarding to be able to debug from our laptop/desktop.</div><div>oc get pods </div><div>oc port-forward [podname] 2345:2345</div><div><br /></div><div>Then fire up Visual Studio Code opening the source code folder, and create .vscode/launch.json file :</div><div><div style="background-color: #1e1e1e; color: #d4d4d4; font-family: Menlo, Monaco, "Courier New", monospace; font-size: 12px; line-height: 18px; white-space: pre;"><div>{</div><div> <span style="color: #6a9955;">// Use IntelliSense to learn about possible attributes.</span></div><div> <span style="color: #6a9955;">// Hover to view descriptions of existing attributes.</span></div><div> <span style="color: #6a9955;">// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387</span></div><div> <span style="color: #9cdcfe;">"version"</span>: <span style="color: #ce9178;">"0.2.0"</span>,</div><div> <span style="color: #9cdcfe;">"configurations"</span>: [</div><div> {</div><div> <span style="color: #9cdcfe;">"name"</span>: <span style="color: #ce9178;">"Connect to server"</span>,</div><div> <span style="color: #9cdcfe;">"type"</span>: <span style="color: #ce9178;">"go"</span>,</div><div> <span style="color: #9cdcfe;">"request"</span>: <span style="color: #ce9178;">"attach"</span>,</div><div> <span style="color: #9cdcfe;">"mode"</span>: <span style="color: #ce9178;">"remote"</span>,</div><div> <span style="color: #9cdcfe;">"remotePath"</span>: <span style="color: #ce9178;">"/opt/app-root/src/go/src/github.com/openshift/origin"</span>,</div><div> <span style="color: #9cdcfe;">"port"</span>: <span style="color: #b5cea8;">2345</span>,</div><div> <span style="color: #9cdcfe;">"host"</span>: <span style="color: #ce9178;">"127.0.0.1"</span>,</div><div> <span style="color: #9cdcfe;">"useApiV1"</span>: <span style="color: #569cd6;">false</span>,</div><div> <span style="color: #9cdcfe;">"dlvLoadConfig"</span>: {</div><div> <span style="color: #9cdcfe;">"followPointers"</span>: <span style="color: #569cd6;">true</span>,</div><div> <span style="color: #9cdcfe;">"maxVariableRecurse"</span>: <span style="color: #b5cea8;">1</span>,</div><div> <span style="color: #9cdcfe;">"maxStringLen"</span>: <span style="color: #b5cea8;">300</span>,</div><div> <span style="color: #9cdcfe;">"maxArrayValues"</span>: <span style="color: #b5cea8;">64</span>,</div><div> <span style="color: #9cdcfe;">"maxStructFields"</span>: <span style="color: #b5cea8;">-1</span></div><div> }</div><div> }</div><div> ]</div><div>}</div></div></div><div><br /></div></div><div>Choose menu Run & debug in the left side of Visual Studio Code, and click Connect to server..</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxclsUgCm_jxjOTRFEpimt__yS_W7dQIDBD28IIYmDtKyb7JRp_MYTrBosZ_cUHpz2tSrsThQzUoNGb23vYmwaUSVnCMxArRWHZahOBAbr9NxxNx0HkMgGX3f9tpadd8g4UyIxn6O2OczZ/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="404" data-original-width="780" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxclsUgCm_jxjOTRFEpimt__yS_W7dQIDBD28IIYmDtKyb7JRp_MYTrBosZ_cUHpz2tSrsThQzUoNGb23vYmwaUSVnCMxArRWHZahOBAbr9NxxNx0HkMgGX3f9tpadd8g4UyIxn6O2OczZ/" width="320" /></a></div><br /><br /></div><div>Put some breakpoints, and voila .. we now be able to debug remotely !</div><div><br /></div><h3 style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_cU4YCfthIky5M6qWXFwAQVqdeHUfOPXhGZQE8k9MVXA3QReevg3F553PZkXDAhZNMtE_ap4PkgRNqtulI7zOTX8Rb0gYVJz4permqH6L080QUzTI9Mf16OtDRrOaNHuEsx4nRjf8R1VF/" style="margin-left: 1em; margin-right: 1em;"><img alt="debug session" data-original-height="1528" data-original-width="1928" height="507" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_cU4YCfthIky5M6qWXFwAQVqdeHUfOPXhGZQE8k9MVXA3QReevg3F553PZkXDAhZNMtE_ap4PkgRNqtulI7zOTX8Rb0gYVJz4permqH6L080QUzTI9Mf16OtDRrOaNHuEsx4nRjf8R1VF/w640-h507/image.png" title="debug session" width="640" /></a></div><br /><br /></h3>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-82629105056009616732022-01-18T12:42:00.000-08:002022-01-21T20:10:00.873-08:00Rebuilding Openshift OC Client for Mac OS 12 Monterey<h2 style="text-align: left;"> Introduction</h2><p>I need to upgrade the installed OS in my Macbook Pro into Mac OS 12 Monterey, and after doing that, I just found out that the OC (oc) client no longer works. OC Client is Red Hat's replacement for kubectl, which should be used to connect to Openshift Kubernetes Clusters. The oc's versions should match the installed OKD (community) / OCP (enterprise) version, unless you want some strange errors showing. We could say than openshift is an improved kubernetes, and oc is an 'improved' kubectl. </p><h4 style="text-align: left;">The error</h4><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yudhi@Yudhis-MacBook-Pro Downloads % oc</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">fatal error: runtime: bsdthread_register error</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">runtime stack:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">runtime.throw(0x3a97cf6, 0x21)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span>/usr/local/go/src/runtime/panic.go:566 +0x95 fp=0x7ff7bfeff9d0 sp=0x7ff7bfeff9b0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">runtime.goenvs()</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span>/usr/local/go/src/runtime/os_darwin.go:88 +0xa0 fp=0x7ff7bfeffa00 sp=0x7ff7bfeff9d0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">runtime.schedinit()</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span>/usr/local/go/src/runtime/proc.go:450 +0x9c fp=0x7ff7bfeffa40 sp=0x7ff7bfeffa00</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">runtime.rt0_go(0x7ff7bfeffa70, 0x1, 0x7ff7bfeffa70, 0x1000, 0x1, 0x7ff7bfeffba8, 0x0, 0x7ff7bfeffbab, 0x7ff7bfeffbc7, 0x7ff7bfeffbd6, ...)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span>/usr/local/go/src/runtime/asm_amd64.s:145 +0x14f fp=0x7ff7bfeffa48 sp=0x7ff7bfeffa40</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">From the error above, it seems that there is an error in OS-specific go file (shown os_darwin.go). Further googling take us to </span></span>https://github.com/golang/go/issues/49425<span style="font-family: Times; font-size: medium;"> : </span>runtime: bsdthread_register error on macOS 12 #49425. It seems that the binary file is compiled using an old, unsupported version of go (ok, I must admit we still running archaic version of OKD). The only cure is to recompile the oc binary.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">This a bit of far, but somehow I don't see any alternative (A colleague asked me to try 3.11 oc version, which I haven't tried yet, and if my memory serves correctly the latest version have problems connecting to old OKD cluster)</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h4 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Downloading Openshift source (!)</h4><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">The Openshift source code can be found in the public Github repository <a href="https://github.com/openshift/origin">https://github.com/openshift/origin</a>. I choose the version (in the tags area) and tries to make sense of the downloaded directories. Go language evolves a bit quick, where the openshift at that point in time didn't have go.mod file. </p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h4 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Building the oc client</h4><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Try to locate some build script, the Makefile shows that a shell script <span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">hack/build-go.sh </span>is being used to build cmd/oc. But examining the build-go.sh shows that this file is only being used for Linux platform, no luck for Mac OS Darwin platform. So, based on the observation that go.mod file doesn't exist in any directory, the build command should disable go modules functionality, and try to build cmd/oc utility :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">GO111MODULE=off go </span><span class="s2" style="font-variant-ligatures: no-common-ligatures; text-decoration-line: underline;">build</span><span class="s1" style="font-variant-ligatures: no-common-ligatures;"> cmd/oc <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">However this step of course failed when we just run it without understanding how does the go build system works.</p><h4 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;"><br /></h4><h4 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Laying out the build</h4><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">In the openshift repo, we got these directories containing go files : pkg, cmd, and vendor. It seems that the cmd directory is for building command-line utilities, the pkg directory consists of directories of go files, each creating an importable package, and the vendor directory also containes directories of go files, but each supposedly under its own repository path.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">This is the strategy I used :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">declare -x GOPATH={repo root}</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">mkdir src</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">mkdir -p src/github.com/openshift/origin</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">mv cmd src/</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">cp -rp pkg src/github.com/openshift/origin/</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">mv vendor/* src/</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">However on second thought, this could work equally well :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">declare -x GOPATH=~/go</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">mkdir -p $GOPATH/src/github.com/openshift/origin</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">cp -rp cmd pkg $GOPATH/src/github.com/openshift/origin</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">cd vendor</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">cp -rp * $GOPATH/src/</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">And just build it using <span class="s1" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">GO111MODULE=off go </span><span class="s2" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures; text-decoration-line: underline;">build</span><span class="s1" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"> </span><span style="font-family: Menlo;"><span style="font-size: 11px; font-variant-ligatures: no-common-ligatures;">github.com/openshift/origin/cmd/oc </span></span><span class="Apple-converted-space" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"> </span></p><h4 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">One error</h4></div><div>However, this error stopping the build process :</div><div>cannot use nil as type _Ctype_CFDataRef in assignment</div><div>This error is the same as from https://github.com/google/certificate-transparency-go/issues/131, which resulted from Go changes that are specific to Apple Darwin platform related to CF*Ref types from the CoreFoundation library in the go version 1.10. For the record my Macbook uses Go 1.17.2.</div><div>The solution I took is to edit the offending file and change from nil to 0.</div><div>Another option is to use go fix tool : <span style="background-color: rgba(46, 160, 67, 0.15); color: var(--color-prettylights-syntax-comment); font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, "Liberation Mono", monospace; font-size: 12px; white-space: pre;">go tool fix -r cftype <package name></span></div><h2 style="text-align: left;">Installing the result</h2><div>Should the go build succeeded, it will create an executable named oc in current directory. Just copy it to /usr/local/bin/oc :</div><div>cp oc /usr/local/bin/oc</div><h2 style="text-align: left;">Conclusion</h2><div>By rebuilding the oc client from source code, we now will regain the functionality of the oc command in Mac OS Monterey.</div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-47730200040477557402021-05-28T21:07:00.005-07:002021-05-28T21:22:50.398-07:00Reverse Engineering Reptile Kernel module to Extract Authentication code<p> This time I will show how to (partially) reverse engineer a linux kernel module. The linux kernel module is larger than usual kernel module because it is actually a Reptile-based rootkit dropped by some hacker. </p><h2 style="text-align: left;">Part 1. Get basic module information</h2><p>First we gather basic module info by using modinfo :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modinfo falc0n</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">filename: <span class="Apple-converted-space"> </span>/lib/modules/3.10.0-1127.10.1.el7.x86_64/kernel/sdc/falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">intree: <span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">license:<span class="Apple-converted-space"> </span>GPL</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">retpoline:<span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">rhelversion:<span class="Apple-converted-space"> </span>7.8</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">srcversion: <span class="Apple-converted-space"> </span>81F508029A53F7490CCDB44</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">depends: <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">vermagic: <span class="Apple-converted-space"> </span>3.10.0-1127.10.1.el7.x86_64 SMP mod_unload modversions<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: Times; font-size: medium;">We could also refer to the kernel module file not yet installed in the OS :</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# file falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">falc0n.ko: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), BuildID[sha1]=1bde6abf4732eb620983032a47fbcf07689ece11, not stripped</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modinfo falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">filename: <span class="Apple-converted-space"> </span>/root/lkrg-0.9.1/falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">intree: <span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">license:<span class="Apple-converted-space"> </span>GPL</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">retpoline:<span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">rhelversion:<span class="Apple-converted-space"> </span>7.8</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">srcversion: <span class="Apple-converted-space"> </span>81F508029A53F7490CCDB44</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">depends: <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">vermagic: <span class="Apple-converted-space"> </span>3.10.0-1127.10.1.el7.x86_64 SMP mod_unload modversions<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]#</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# stat falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>File: 'falc0n.ko'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>Size: 801936<span class="Apple-converted-space"> <span class="Apple-tab-span" style="white-space: pre;"> </span></span>Blocks: 1568 <span class="Apple-converted-space"> </span>IO Block: 4096 <span class="Apple-converted-space"> </span>regular file</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Device: fd00h/64768d<span class="Apple-tab-span" style="white-space: pre;"> </span>Inode: 318269<span class="Apple-converted-space"> </span>Links: 1</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Access: (0755/-rwxr-xr-x)<span class="Apple-converted-space"> </span>Uid: (<span class="Apple-converted-space"> </span>0/<span class="Apple-converted-space"> </span>root) <span class="Apple-converted-space"> </span>Gid: (<span class="Apple-converted-space"> </span>0/<span class="Apple-converted-space"> </span>root)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Context: unconfined_u:object_r:admin_home_t:s0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Access: 2021-05-29 09:22:04.773399890 +0700</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Modify: 2021-05-26 11:14:33.154362601 +0700</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Change: 2021-05-26 11:14:33.154362601 +0700</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>Birth: -</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: Times; font-size: medium;"><br /></span></p><h2 style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;"><span style="font-family: Times; font-size: medium;">Part 2. List symbols inside the module</span></h2><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: Times; font-size: medium;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Then we examine the symbols inside the kernel module (be mindful that the kernel module is an ELF file). </p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: Times; font-size: medium;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gdb falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Copyright (C) 2013 Free Software Foundation, Inc.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This is free software: you are free to change and redistribute it.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">There is NO WARRANTY, to the extent permitted by law.<span class="Apple-converted-space"> </span>Type "show copying"</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">and "show warranty" for details.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This GDB was configured as "x86_64-redhat-linux-gnu".</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">For bug reporting instructions, please see:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><http://www.gnu.org/software/gdb/bugs/>...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Reading symbols from /root/lkrg-0.9.1/falc0n.ko...done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) info variables</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">All defined variables:</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_intree28[9];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_license27[12];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="background-color: red; font-variant-ligatures: no-common-ligatures;"><span style="color: white;">static char parasite_blob[631368];</span></span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File ./arch/x86/include/asm/vvar.h:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const volatile unsigned long * const vvaraddr_jiffies;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const int * const vvaraddr_vgetcpu_mode;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct vsyscall_gtod_data * const vvaraddr_vsyscall_gtod_data;</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/p_load.mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">struct module __this_module;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_retpoline11[12];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_rhelversion10[16];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_srcversion9[35];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_vermagic8[65];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct modversion_info ____versions[4];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __module_depends[9];</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File ./arch/x86/include/asm/vvar.h:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const volatile unsigned long * const vvaraddr_jiffies;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const int * const vvaraddr_vgetcpu_mode;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct vsyscall_gtod_data * const vvaraddr_vsyscall_gtod_data;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) info functions</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">All defined functions:</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int init_module(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static int ksym_lookup_cb(unsigned long *, const char *, void *, unsigned long);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) quit</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-family: Times; font-size: medium;">dd</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">For a large kernel module, the symbols are quite sparse. A lot of space are being used for the parasite_blob (631368 bytes, that is a bit more than 78% of the size of the kernel module file). </p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">The name of the file (kmatryoshka.c) refers to Matryoshka doll, a russian doll, that contains another doll inside. This is the picture of matryoshka taken from wikipedia <a href="https://en.wikipedia.org/wiki/Matryoshka_doll">https://en.wikipedia.org/wiki/Matryoshka_doll</a> :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmU-Me9jzd1RVOCZI6MxhicQXhcoEPAAQYBjpw_HfFz_ChryiTBsedyqnORf-OqBlJQXvvxURKsN5tS7wkV2EK3lz6tJ8CkF_O5xDhyLGBK7q0_6a8eOt104o4aTsTppYKEfHXkxdrvONh/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="330" data-original-width="440" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmU-Me9jzd1RVOCZI6MxhicQXhcoEPAAQYBjpw_HfFz_ChryiTBsedyqnORf-OqBlJQXvvxURKsN5tS7wkV2EK3lz6tJ8CkF_O5xDhyLGBK7q0_6a8eOt104o4aTsTppYKEfHXkxdrvONh/" width="320" /></a></div><br />Well, in order to examine the doll inside we need to take it out first. Reading the matryoshka.c in the Reptile github (https://github.com/f0rb1dd3n/Reptile/blob/master/kernel/kmatryoshka/kmatryoshka.c) we could skip some part of reverse engineering; the init_module function decrypts the parasite_blob using some key. We want to have the decrypted binary, so we somehow need to run the init_module.<p></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) p init_module()</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">You can't do that without a process to debug.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) run</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Starting program: /root/lkrg-0.9.1/falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/bin/bash: /root/lkrg-0.9.1/falc0n.ko: cannot execute binary file</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/bin/bash: /root/lkrg-0.9.1/falc0n.ko: Success</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">During startup program exited with code 126.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) break init_module</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Breakpoint 1 at 0x52: file /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c, line 57.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) run</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Starting program: /root/lkrg-0.9.1/falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/bin/bash: /root/lkrg-0.9.1/falc0n.ko: cannot execute binary file</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/bin/bash: /root/lkrg-0.9.1/falc0n.ko: Success</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">During startup program exited with code 126.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">So far, we are unable to run the init_module function directly. Do we need to do some kernel debugging and single-step into kernel module loading process? No, I found a simpler way: we just need to get the init_module function to execute in gdb.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h2 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Part 3. Creating Hello World Program to Run init_module</h2><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#include <stdio.h></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">extern void init_module();</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int main()</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">{</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>printf("Hello world!\n");</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>init_module();</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>return 0;</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">}</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">This is a basic hello world program written in c, that somehow runs init_module. Even we don't have any source code from original rootkit this compiles just fine :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# cc -c my.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# ls -l my.*</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-r--r--. 1 root root<span class="Apple-converted-space"> </span>122 May 29 10:17 my.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-r--r--. 1 root root 1568 May 29 10:18 my.o</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Now lets try to link both my.o and falc0n.ko :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gcc -o debug_doll my.o falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">falc0n.ko: In function `ksym_lookup_name':</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:52: undefined reference to `kallsyms_on_each_symbol'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:52: undefined reference to `kallsyms_on_each_symbol'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">falc0n.ko: In function `current_thread_info':</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/usr/src/kernels/3.10.0-1127.10.1.el7.x86_64/./arch/x86/include/asm/thread_info.h:218: undefined reference to `kernel_stack'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/usr/src/kernels/3.10.0-1127.10.1.el7.x86_64/./arch/x86/include/asm/thread_info.h:218: undefined reference to `kernel_stack'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">falc0n.ko: In function `init_module':</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:76: undefined reference to `__x86_indirect_thunk_rax'</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">collect2: error: ld returned 1 exit status</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Some errors occured because I am being too bold :D. The error cames out during link process. Well, just google around to disable the error, because we don't really care whether the init_module completes, we just want to run the decryption part :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gcc -Wl,--unresolved-symbols=ignore-all -o debug_doll my.o falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# ls -l debug_doll<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rwxr-xr-x. 1 root root 721608 May 29 10:22 </span><span class="s2" style="color: #2fbd1d; font-variant-ligatures: no-common-ligatures;">debug_doll</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Voila, we got an executable!</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h2 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Part 4. Running the Hello World</h2><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Lets debug it :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gdb ./debug_doll</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Copyright (C) 2013 Free Software Foundation, Inc.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This is free software: you are free to change and redistribute it.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">There is NO WARRANTY, to the extent permitted by law.<span class="Apple-converted-space"> </span>Type "show copying"</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">and "show warranty" for details.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This GDB was configured as "x86_64-redhat-linux-gnu".</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">For bug reporting instructions, please see:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><http://www.gnu.org/software/gdb/bugs/>...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Reading symbols from /root/lkrg-0.9.1/debug_doll...done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) info functions</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">All defined functions:</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int init_module(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static int ksym_lookup_cb(unsigned long *, const char *, void *, unsigned long);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Non-debugging symbols:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400438<span class="Apple-converted-space"> </span>_init</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400470<span class="Apple-converted-space"> </span>puts@plt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400480<span class="Apple-converted-space"> </span>__libc_start_main@plt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400490<span class="Apple-converted-space"> </span>__gmon_start__@plt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004004a0<span class="Apple-converted-space"> </span>_start</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004004d0<span class="Apple-converted-space"> </span>deregister_tm_clones</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400500<span class="Apple-converted-space"> </span>register_tm_clones</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400540<span class="Apple-converted-space"> </span>__do_global_dtors_aux</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400560<span class="Apple-converted-space"> </span>frame_dummy</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000040058d<span class="Apple-converted-space"> </span>main</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400740<span class="Apple-converted-space"> </span>__libc_csu_init</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004007b0<span class="Apple-converted-space"> </span>__libc_csu_fini</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004007b4<span class="Apple-converted-space"> </span>_fini</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) info variables</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">All defined variables:</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/p_load.mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">struct module __this_module;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_retpoline11[12];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_rhelversion10[16];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_srcversion9[35];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_vermagic8[65];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct modversion_info ____versions[4];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __module_depends[9];</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File ./arch/x86/include/asm/vvar.h:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const volatile unsigned long * const vvaraddr_jiffies;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const int * const vvaraddr_vgetcpu_mode;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct vsyscall_gtod_data * const vvaraddr_vsyscall_gtod_data;</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_intree28[9];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const char __UNIQUE_ID_license27[12];</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static char parasite_blob[631368];</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File ./arch/x86/include/asm/vvar.h:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const volatile unsigned long * const vvaraddr_jiffies;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const int * const vvaraddr_vgetcpu_mode;</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static const struct vsyscall_gtod_data * const vvaraddr_vsyscall_gtod_data;</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Non-debugging symbols:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004007c0<span class="Apple-converted-space"> </span>_IO_stdin_used</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004007c8<span class="Apple-converted-space"> </span>__dso_handle</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000400ab8<span class="Apple-converted-space"> </span>__FRAME_END__</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e10<span class="Apple-converted-space"> </span>__frame_dummy_init_array_entry</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e10<span class="Apple-converted-space"> </span>__init_array_start</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e18<span class="Apple-converted-space"> </span>__do_global_dtors_aux_fini_array_entry</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e18<span class="Apple-converted-space"> </span>__init_array_end</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e20<span class="Apple-converted-space"> </span>__JCR_END__</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e20<span class="Apple-converted-space"> </span>__JCR_LIST__</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000600e28<span class="Apple-converted-space"> </span>_DYNAMIC</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000601000<span class="Apple-converted-space"> </span>_GLOBAL_OFFSET_TABLE_</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000601030<span class="Apple-converted-space"> </span>__data_start</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x0000000000601030<span class="Apple-converted-space"> </span>data_start</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000069b288<span class="Apple-converted-space"> </span>__TMC_END__</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000069b4c8<span class="Apple-converted-space"> </span>__bss_start</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000069b4c8<span class="Apple-converted-space"> </span>_edata</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000069b4c8<span class="Apple-converted-space"> </span>completed.6355</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x000000000069b4d0<span class="Apple-converted-space"> </span>_end</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">The resulting monster is a combination of our hello world code and the kernel module :D</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) break init_module</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Breakpoint 1 at 0x4005da: file /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c, line 57.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) run</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Starting program: /root/lkrg-0.9.1/./debug_doll<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Hello world!</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Breakpoint 1, init_module () at /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:57</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">57<span class="Apple-tab-span" style="white-space: pre;"> </span>/tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c: No such file or directory.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Missing separate debuginfos, use: debuginfo-install glibc-2.17-324.el7_9.x86_64</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) bt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#0<span class="Apple-converted-space"> </span>init_module () at /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:57</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">#1<span class="Apple-converted-space"> </span>0x00000000004005a5 in main ()</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Wonderful, we could single step happily inside here :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) nexti</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004005dc<span class="Apple-tab-span" style="white-space: pre;"> </span>57<span class="Apple-tab-span" style="white-space: pre;"> </span>in /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) nexti</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">do_encode (ptr=0x601040 <parasite_blob>, len=631368, key=3368175696) at /tmp/.ICE-unix/rc1/parasite_loader/encrypt/encrypt.h:15</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">15<span class="Apple-tab-span" style="white-space: pre;"> </span>/tmp/.ICE-unix/rc1/parasite_loader/encrypt/encrypt.h: No such file or directory.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) nexti</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x00000000004005e8<span class="Apple-tab-span" style="white-space: pre;"> </span>15<span class="Apple-tab-span" style="white-space: pre;"> </span>in /tmp/.ICE-unix/rc1/parasite_loader/encrypt/encrypt.h</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) nexti</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">15<span class="Apple-tab-span" style="white-space: pre;"> </span>in /tmp/.ICE-unix/rc1/parasite_loader/encrypt/encrypt.h</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) disas</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Dump of assembler code for function init_module:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005da <+0>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%esi,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005dc <+2>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0x9a248,%r9d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005e2 <+8>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0xd,%r8d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005e8 <+14>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%r9d,%eax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">=> 0x00000000004005eb <+17>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%edx,%edx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005ed <+19>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sub<span class="Apple-converted-space"> </span>%esi,%eax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005ef <+21>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%eax,%edi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005f1 <+23>:<span class="Apple-tab-span" style="white-space: pre;"> </span>div<span class="Apple-converted-space"> </span>%r8d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005f4 <+26>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>$0xc8c24850,%edi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005fa <+32>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%dl,%cl</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005fc <+34>:<span class="Apple-tab-span" style="white-space: pre;"> </span>rol<span class="Apple-converted-space"> </span>%cl,%edi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000004005fe <+36>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%edi,0x601040(%rsi)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400604 <+42>:<span class="Apple-tab-span" style="white-space: pre;"> </span>add<span class="Apple-converted-space"> </span>$0x4,%rsi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400608 <+46>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>$0x9a244,%rsi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040060f <+53>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x4005e8 <init_module+14></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400611 <+55>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%rbp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400612 <+56>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0x4005ac,%rdi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400619 <+63>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%rsp,%rbp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040061c <+66>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040061e <+68>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lea<span class="Apple-converted-space"> </span>-0x20(%rbp),%rsi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400622 <+72>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%rbx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400623 <+73>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sub<span class="Apple-converted-space"> </span>$0x10,%rsp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400627 <+77>:<span class="Apple-tab-span" style="white-space: pre;"> </span>movq <span class="Apple-converted-space"> </span>$0x0,-0x18(%rbp)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040062f <+85>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sub<span class="Apple-converted-space"> </span>$0x20,%rsp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400633 <+89>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lea<span class="Apple-converted-space"> </span>0xf(%rsp),%rax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000400638 <+94>:<span class="Apple-tab-span" style="white-space: pre;"> </span>and<span class="Apple-converted-space"> </span>$0xfffffffffffffff0,%rax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040063c <+98>:<span class="Apple-tab-span" style="white-space: pre;"> </span>movl <span class="Apple-converted-space"> </span>$0x5f737973,(%rax)</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Actually, reading this code I found this a bit different from the loop in the Reptile source code, the comparison-and-loop code is a bit different :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"> 0x0000000000400608 <+46>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>$0x9a244,%rsi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000040060f <+53>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x4005e8 <init_module+14></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">This compares a value (9a244h, which is 631364 in decimal) with rsi (source index register), and loop backs if its not equal; and the source code is :</p><pre style="overflow-wrap: break-word; white-space: pre-wrap;"> while (len > sizeof(key)) {
*(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13));
len -= sizeof(key), ptr += sizeof(key);
}</pre><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">This might mean the compiler optimization is too powerful for me to understand or the source code being used is different. Never mind that, just run it until the XOR (decryption) parts are complete :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) break *0x0000000000400611</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Breakpoint 2 at 0x400611: file /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c, line 57.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) continue</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Continuing.</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Breakpoint 2, init_module () at /tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c:57</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">57<span class="Apple-tab-span" style="white-space: pre;"> </span>/tmp/.ICE-unix/rc1/parasite_loader/kmatryoshka.c: No such file or directory.</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">If you are not familiar with gdb, you might just want to continue without creating breakpoint and wait for the program to crash :D.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Now to write the decrypted parasite_blob into a file, first we need to determine the starting memory address and also the ending memory address:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) x parasite_blob</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x601040 <parasite_blob>:<span class="Apple-tab-span" style="white-space: pre;"> </span>0x464c457f</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) x parasite_blob+631368</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">0x69b288:<span class="Apple-tab-span" style="white-space: pre;"> </span>0x00000000</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">To dump just use the dump memory command:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) dump binary memory parasite0.bin parasite_blob parasite_blob+631368</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) quit</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">A debugging session is active.</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Inferior 1 [process 7238] will be killed.</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Quit anyway? (y or n) y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# ls -l parasite0.bin</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-r--r--. 1 root root 631368 May 29 10:36 parasite0.bin</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Lets see inside it:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gdb parasite0.bin</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Copyright (C) 2013 Free Software Foundation, Inc.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This is free software: you are free to change and redistribute it.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">There is NO WARRANTY, to the extent permitted by law.<span class="Apple-converted-space"> </span>Type "show copying"</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">and "show warranty" for details.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This GDB was configured as "x86_64-redhat-linux-gnu".</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">For bug reporting instructions, please see:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><http://www.gnu.org/software/gdb/bugs/>...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Reading symbols from /root/lkrg-0.9.1/parasite0.bin...done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) info functions</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">All defined functions:</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//rep_mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void _add(char *, int, int);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void _sub(char *, int, int);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void _xor(char *, int, int);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int exec(char **);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int f_check(void *, ssize_t);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">struct task_struct *find_task(pid_t);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int flag_tasks(pid_t, int);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void hide(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void hide(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int hide_content(void *, ssize_t);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int is_invisible(pid_t);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//khook/engine.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void khook_cleanup(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int khook_init(void);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//rep_mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">unsigned int magic_packet_hook(const struct nf_hook_ops *, struct sk_buff *, const struct net_device *, const struct net_device *,<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>int (*)(struct sk_buff *));</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">char **parse(char *);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">int shell_exec_queue(char *, char *, char *, char *);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void shell_execer(struct work_struct *);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">void show(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook___d_lookup(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_audit_alloc(void);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//khook/engine.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static int __khook_cleanup_hooks(void *);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//rep_mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_compat_filldir(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_compat_filldir64(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_compat_fillonedir(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_copy_creds(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_exit_creds(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_filldir(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_filldir64(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_fillonedir(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_find_task_by_vpid(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_inet_ioctl(void);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//khook/engine.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_init(khook_t *);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static int __khook_init_hooks(void *);</span></p><p class="p2" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; min-height: 13px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">File /tmp/.ICE-unix/rc1//rep_mod.c:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_load_elf_binary(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_next_tgid(void);</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">static void __khook_tcp4_seq_show(void);</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">We just extracted the actual kernel module !</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h2 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Part 5. Finding the AUTH key</h2><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">In the reptile rootkit, there is a 64-bit key that must be used when sending commands to the kernel module. In this post I will just focus on the khook_inet_ioctl function to dissasemble, which looks like this :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLS0teyTcMpccqS1jahWR2yvNO9i7hKG_j6aSuy_r4Y0wga0F0-28NjW0o82spVgu40D8zBJMF3SfKGEDqDVTRlf039hXX2DgYh5_hPSWc0vxWFUpkNps6gI3LO1gJYW1HZSYg33ImPgyX/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="742" data-original-width="1234" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLS0teyTcMpccqS1jahWR2yvNO9i7hKG_j6aSuy_r4Y0wga0F0-28NjW0o82spVgu40D8zBJMF3SfKGEDqDVTRlf039hXX2DgYh5_hPSWc0vxWFUpkNps6gI3LO1gJYW1HZSYg33ImPgyX/" width="320" /></a></div><br /><br /><p></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Lets check the disassembled binary :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# gdb parasite0.bin</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Copyright (C) 2013 Free Software Foundation, Inc.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This is free software: you are free to change and redistribute it.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">There is NO WARRANTY, to the extent permitted by law.<span class="Apple-converted-space"> </span>Type "show copying"</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">and "show warranty" for details.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">This GDB was configured as "x86_64-redhat-linux-gnu".</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">For bug reporting instructions, please see:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><http://www.gnu.org/software/gdb/bugs/>...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Reading symbols from /root/lkrg-0.9.1/parasite0.bin...done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">(gdb) disas khook_inet_ioctl</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Dump of assembler code for function khook_inet_ioctl:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001210 <+0>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%rbp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001211 <+1>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%rsp,%rbp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001214 <+4>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%r13</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001216 <+6>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%rdi,%r13</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001219 <+9>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000121b <+11>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%rdx,%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000121e <+14>:<span class="Apple-tab-span" style="white-space: pre;"> </span>push <span class="Apple-converted-space"> </span>%rbx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000121f <+15>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%esi,%ebx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001221 <+17>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sub<span class="Apple-converted-space"> </span>$0x28,%rsp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001225 <+21>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lock incl 0x0(%rip)<span class="Apple-converted-space"> </span># 0x122c <khook_inet_ioctl+28></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000122c <+28>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>$0xe892ec29,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001232 <+34>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sete <span class="Apple-converted-space"> </span>%al</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001235 <+37>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x1260 <khook_inet_ioctl+80></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001237 <+39>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0xfd651acb,%edx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000123c <+44>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>%rdx,%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000123f <+47>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x1260 <khook_inet_ioctl+80></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001241 <+49>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>0x0(%rip),%esi<span class="Apple-converted-space"> </span># 0x1247 <khook_inet_ioctl+55></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001247 <+55>:<span class="Apple-tab-span" style="white-space: pre;"> </span>test <span class="Apple-converted-space"> </span>%esi,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001249 <+57>:<span class="Apple-tab-span" style="white-space: pre;"> </span>je <span class="Apple-converted-space"> </span>0x1298 <khook_inet_ioctl+136></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000124b <+59>:<span class="Apple-tab-span" style="white-space: pre;"> </span>movl <span class="Apple-converted-space"> </span>$0x0,0x0(%rip)<span class="Apple-converted-space"> </span># 0x1255 <khook_inet_ioctl+69></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001255 <+69>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%eax,%eax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001257 <+71>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jmp<span class="Apple-converted-space"> </span>0x1282 <khook_inet_ioctl+114></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001259 <+73>:<span class="Apple-tab-span" style="white-space: pre;"> </span>nopl <span class="Apple-converted-space"> </span>0x0(%rax)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001260 <+80>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>0x0(%rip),%ecx<span class="Apple-converted-space"> </span># 0x1266 <khook_inet_ioctl+86></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001266 <+86>:<span class="Apple-tab-span" style="white-space: pre;"> </span>test <span class="Apple-converted-space"> </span>%ecx,%ecx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001268 <+88>:<span class="Apple-tab-span" style="white-space: pre;"> </span>je <span class="Apple-converted-space"> </span>0x126e <khook_inet_ioctl+94></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000126a <+90>:<span class="Apple-tab-span" style="white-space: pre;"> </span>test <span class="Apple-converted-space"> </span>%al,%al</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000126c <+92>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x12b0 <khook_inet_ioctl+160></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000126e <+94>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%r12,%rdx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001271 <+97>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%ebx,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001273 <+99>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%r13,%rdi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001276 <+102>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>0x0(%rip),%rax<span class="Apple-converted-space"> </span># 0x127d <khook_inet_ioctl+109></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000127d <+109>:<span class="Apple-tab-span" style="white-space: pre;"> </span>callq<span class="Apple-converted-space"> </span>0x1282 <khook_inet_ioctl+114></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001282 <+114>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lock decl 0x0(%rip)<span class="Apple-converted-space"> </span># 0x1289 <khook_inet_ioctl+121></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001289 <+121>:<span class="Apple-tab-span" style="white-space: pre;"> </span>add<span class="Apple-converted-space"> </span>$0x28,%rsp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000128d <+125>:<span class="Apple-tab-span" style="white-space: pre;"> </span>pop<span class="Apple-converted-space"> </span>%rbx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000128e <+126>:<span class="Apple-tab-span" style="white-space: pre;"> </span>pop<span class="Apple-converted-space"> </span>%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001290 <+128>:<span class="Apple-tab-span" style="white-space: pre;"> </span>pop<span class="Apple-converted-space"> </span>%r13</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001292 <+130>:<span class="Apple-tab-span" style="white-space: pre;"> </span>pop<span class="Apple-converted-space"> </span>%rbp</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001293 <+131>:<span class="Apple-tab-span" style="white-space: pre;"> </span>retq<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001294 <+132>:<span class="Apple-tab-span" style="white-space: pre;"> </span>nopl <span class="Apple-converted-space"> </span>0x0(%rax)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001298 <+136>:<span class="Apple-tab-span" style="white-space: pre;"> </span>movl <span class="Apple-converted-space"> </span>$0x1,0x0(%rip)<span class="Apple-converted-space"> </span># 0x12a2 <khook_inet_ioctl+146></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012a2 <+146>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%eax,%eax</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012a4 <+148>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jmp<span class="Apple-converted-space"> </span>0x1282 <khook_inet_ioctl+114></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012a6 <+150>:<span class="Apple-tab-span" style="white-space: pre;"> </span>nopw <span class="Apple-converted-space"> </span>%cs:0x0(%rax,%rax,1)</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012b0 <+160>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lea<span class="Apple-converted-space"> </span>0x8(%rsp),%rdi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012b5 <+165>:<span class="Apple-tab-span" style="white-space: pre;"> </span>xor<span class="Apple-converted-space"> </span>%edx,%edx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012b7 <+167>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0x10,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012bc <+172>:<span class="Apple-tab-span" style="white-space: pre;"> </span>callq<span class="Apple-converted-space"> </span>0x12c1 <khook_inet_ioctl+177></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012c1 <+177>:<span class="Apple-tab-span" style="white-space: pre;"> </span>lea<span class="Apple-converted-space"> </span>0x8(%rsp),%rdi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x00000000000012c6 <+182>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0x10,%edx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">---Type <return> to continue, or q <return> to quit---</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">If we read the source code, AUTH is being compared to cmd, and HTUA is being compared to args. I am not quite familiar with the 64-bit world (I learned assembly from 16-bit DOS world :D ) so I need to read about the x86_64 calling convention before proceeding further. By some googling we find this pdf (<a href="https://aaronbloomfield.github.io/pdr/book/x86-64bit-ccc-chapter.pdf">https://aaronbloomfield.github.io/pdr/book/x86-64bit-ccc-chapter.pdf</a>) which has this important paragraph:</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><blockquote>To pass parameters to the subroutine, we put up to six of them into registers (in order: rdi, rsi,
rdx, rcx, r8, r9). If there are more than six parameters to the subroutine, then push the rest onto
the stack in reverse order (i.e. last parameter first) – since the stack grows down, the first of the
extra parameters (really the seventh parameter) parameter will be stored at the lowest address (this
inversion of parameters was historically used to allow functions to be passed a variable number of
parameters).</blockquote><p></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">So, rdi => first parameter (sock in the source code), rsi => second parameter (cmd), rdx => third parameter (arg). For 32-bit registers, we have edi which is the 32-bit lower half of rdi, esi which is 32-bit lower half of rsi, and edx which is 32-bit lower half of rdx :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwCSGkH-TrrtXfhIi3tLmPojAoG8ZgoHt2fIvi_oLBhPhh37qd7HLCZ1hnpteJ-6EFi_ZcAHBsJGBu7Xt5jYEJZBQjdo0wxi60qpPrdwsLlR6IZ-0V4zHXLm2DFeYCVJdmLG0xXwyWvbsE/" style="margin-left: auto; margin-right: auto;"><img alt="Taken from https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture" data-original-height="1320" data-original-width="1460" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwCSGkH-TrrtXfhIi3tLmPojAoG8ZgoHt2fIvi_oLBhPhh37qd7HLCZ1hnpteJ-6EFi_ZcAHBsJGBu7Xt5jYEJZBQjdo0wxi60qpPrdwsLlR6IZ-0V4zHXLm2DFeYCVJdmLG0xXwyWvbsE/" title="Taken from https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture" width="265" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Taken from https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x64-architecture</td></tr></tbody></table><br /><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Comparing back to the khook_inet_ioctl which has this code :</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><pre style="overflow-wrap: break-word; white-space: pre-wrap;">static int khook_inet_ioctl(struct socket *sock, unsigned int cmd,
unsigned long arg)
{
int ret = 0;
unsigned int pid;
struct control args;
struct sockaddr_in addr;
if (cmd == AUTH && arg == HTUA) {</pre><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">We could also say: the second parameter (cmd) is also stored in esi, and the third parameter (arg) is also stored in edx. </p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Based on the analysis above then we concluded that this code :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"> 0x000000000000122c <+28>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>$0xe892ec29,%esi</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001232 <+34>:<span class="Apple-tab-span" style="white-space: pre;"> </span>sete <span class="Apple-converted-space"> </span>%al</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001235 <+37>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x1260 <khook_inet_ioctl+80></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">means comparison of cmd to AUTH, and this code :</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><span class="Apple-converted-space"> </span>0x000000000000121b <+11>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>%rdx,%r12</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space">...</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x0000000000001237 <+39>:<span class="Apple-tab-span" style="white-space: pre;"> </span>mov<span class="Apple-converted-space"> </span>$0xfd651acb,%edx</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000123c <+44>:<span class="Apple-tab-span" style="white-space: pre;"> </span>cmp<span class="Apple-converted-space"> </span>%rdx,%r12</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>0x000000000000123f <+47>:<span class="Apple-tab-span" style="white-space: pre;"> </span>jne<span class="Apple-converted-space"> </span>0x1260 <khook_inet_ioctl+80></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">means comparison of arg to HTUA.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">And... we just extracted the AUTH and HTUA code ! AUTH is <span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">0xe892ec29</span> and HTUA is<span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"> 0xfd651acb</span>.</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h2 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Part 6. Using the AUTH key</h2><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">The AUTH key is being used in the reptile cmd utility. So I just cloned the userland directory from Reptile github (https://github.com/f0rb1dd3n/Reptile/tree/1e17bc82ea8e4f9b4eaf15619ed6bcd283ad0e17/userland)</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNYkpCshydIaHm5WqhOelR2EZSa6_fIzDNRh-5a0JJaJ6KUcJSw0eM-nPXpxO-fD_Wh2yNFJ4POqQ35CcTgypOep3kRwDVGt9LnwCOpaUuzgesedieLvkKVOBdc3ycxToxCUDzFf-C7pW0/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="856" data-original-width="1404" height="195" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNYkpCshydIaHm5WqhOelR2EZSa6_fIzDNRh-5a0JJaJ6KUcJSw0eM-nPXpxO-fD_Wh2yNFJ4POqQ35CcTgypOep3kRwDVGt9LnwCOpaUuzgesedieLvkKVOBdc3ycxToxCUDzFf-C7pW0/" width="320" /></a></div><br />Then build cmd using the AUTH and HTUA code :<p></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# cc -o my_cmd -DAUTH=0xe892ec29 -DHTUA=0xfd651acb cmd.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# ls -l my_cmd</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rwxr-xr-x. 1 root root 13184 May 29 11:03 </span><span class="s2" style="color: #2fbd1d; font-variant-ligatures: no-common-ligatures;">my_cmd</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Try it for a test drive:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# ./my_cmd show</span></p><p class="p2" style="color: #2fb41d; font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><b>Success!</b></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# touch falc0n.txt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# ls -l</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">total 16</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root 1416 Jun 27<span class="Apple-converted-space"> </span>2020 Makefile</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root <span class="Apple-converted-space"> </span>56 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">client</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root 3624 Jun 27<span class="Apple-converted-space"> </span>2020 cmd.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root <span class="Apple-converted-space"> </span>33 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">crypto</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root <span class="Apple-converted-space"> </span>98 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">include</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root 8129 Jun 27<span class="Apple-converted-space"> </span>2020 shell.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root <span class="Apple-converted-space"> </span>19 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">transport</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# ./my_cmd hide</span></p><p class="p2" style="color: #2fb41d; font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><b>Success!</b></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb userland]# ls -l</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">total 48</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root<span class="Apple-converted-space"> </span>1416 Jun 27<span class="Apple-converted-space"> </span>2020 Makefile</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root<span class="Apple-converted-space"> </span>56 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">client</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rwxr-xr-x. 1 root root 13184 May 26 19:34 </span><span class="s3" style="color: #2fbd1d; font-variant-ligatures: no-common-ligatures;">cmd</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root<span class="Apple-converted-space"> </span>3624 Jun 27<span class="Apple-converted-space"> </span>2020 cmd.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root<span class="Apple-converted-space"> </span>33 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">crypto</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-r--r--. 1 root root <span class="Apple-converted-space"> </span>0 May 29 11:03 falc0n.txt</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root<span class="Apple-converted-space"> </span>98 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">include</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rwxr-xr-x. 1 root root 13184 May 29 11:03 </span><span class="s3" style="color: #2fbd1d; font-variant-ligatures: no-common-ligatures;">my_cmd</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxr-xr-x. 2 root root <span class="Apple-converted-space"> </span>6 May 26 19:33 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">output</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-rw-r--. 1 root root<span class="Apple-converted-space"> </span>8129 Jun 27<span class="Apple-converted-space"> </span>2020 shell.c</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">drwxrwxr-x. 2 root root<span class="Apple-converted-space"> </span>19 Jun 27<span class="Apple-converted-space"> </span>2020 </span><span class="s2" style="color: #3c5fff; font-variant-ligatures: no-common-ligatures;">transport</span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">It works!</p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p><h2 style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; text-align: left;">Conclusion</h2><div><br /></div><div>This post shows how could we decrypt and reverse engineer reptile authentication key using standard linux tools such as gdb and gcc. </div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com1tag:blogger.com,1999:blog-7335438738304284149.post-33055353016301281592021-05-27T18:14:00.002-07:002021-05-27T18:15:23.264-07:00Detecting rootkit using Linux Kernel Runtime Guard<p> You want to determine whether there is an anomaly in your system, that might be caused by some rootkit installed by some hacker. These steps are tested on a Centos 7.9 VM.</p><h1 style="text-align: left;">Installation steps</h1><p>First you need to install kernel-headers, kernel-tools, kernel-devel and gcc (gnu c compiler). Remove enablerepo stuffs if you are using latest kernel version in your distribution.</p><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yum install --enablerepo=C7.8.2003-base --enablerepo=C7.8.2003-updates kernel-headers-3.10.0-1127.10.1.el7.x86_64 kernel-tools-3.10.0-1127.10.1.el7.x86_64 kernel-devel-3.10.0-1127.10.1.el7.x86_64 gcc</span></p></div><div><br /></div><div>Alternative for using latest kernel version :</div><div><br /></div><div><span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">yum install kernel-headers kernel-tools kernel-devel gcc</span></div><div><br /></div><div>Download lkrg from the main website : https://www.openwall.com/lkrg/</div><div><br /></div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># wget https://www.openwall.com/</span><span class="s2" style="color: #b42419; font-variant-ligatures: no-common-ligatures;"><b>lkrg</b></span><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/</span><span class="s2" style="color: #b42419; font-variant-ligatures: no-common-ligatures;"><b>lkrg</b></span><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-0.9.1.tar.gz</span></p></div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># ls -l lkrg-0.9.1.tar.gz<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-rw-r--r--. 1 root root 121565 Apr 28 02:43 </span><span class="s2" style="color: #fc2118; font-variant-ligatures: no-common-ligatures;">lkrg-0.9.1.tar.gz</span></p></div><p>Extract and compile the stuffs.</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># tar -xvzf </span><span class="s2" style="color: #b42419; font-variant-ligatures: no-common-ligatures;"><b>lkrg</b></span><span class="s1" style="font-variant-ligatures: no-common-ligatures;">-0.9.1.tar.gz<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"># make</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"># make install</span></span></p><p>Additional Configuration (important)</p><p>Additional configuration steps are neccessary to prevent LKRG killing sshd in my system after being invaded by falc0n (Reptile-based rootkit). This is the configuration needed:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# cat > /etc/modprobe.d/lkrg.conf<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">options p_lkrg pcfi_enforce=0<br /><ctrl-D></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><h2 style="text-align: left;">Activation and Test</h2><p>Test LKRG by using </p><p>systemctl start lkrg</p><p>Then check your dmesg:</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail -100</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154746.019372] Freezing user space processes ... (elapsed 0.001 seconds) done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154746.722341] Restarting tasks ... done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154746.722616] [p_lkrg] LKRG unloaded!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.277176] [p_lkrg] Loading LKRG...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.277718] [p_lkrg] System does NOT support SMEP. LKRG can't enforce SMEP validation :(</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.278232] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.282842] Freezing user space processes ... (elapsed 0.001 seconds) done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.442162] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-2]</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.442630] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.576751] [p_lkrg] LKRG initialized successfully!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[154750.577213] Restarting tasks ... done.</span></p><p>Messages written by p_lkrg is shown in dmesg and also written in /var/log/messages.</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# cat /var/log/messages | tail<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:13 lb kernel: [p_lkrg] Loading LKRG...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:13 lb kernel: [p_lkrg] System does NOT support SMEP. LKRG can't enforce SMEP validation :(</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:13 lb kernel: [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb kernel: Freezing user space processes ... (elapsed 0.001 seconds) done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb kernel: [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-2]</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb kernel: [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb kernel: [p_lkrg] LKRG initialized successfully!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb kernel: Restarting tasks ... done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb modprobe: insmod /lib/modules/3.10.0-1127.10.1.el7.x86_64/extra/p_lkrg.ko pcfi_enforce=0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">May 28 07:50:14 lb systemd: Started Linux Kernel Runtime Guard.</span></p><p>Install the falc0n rootkit (this also can be done the other way around, rootkit first and lkrg last)</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modinfo falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">filename: <span class="Apple-converted-space"> </span>/root/lkrg-0.9.1/falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">intree: <span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">license:<span class="Apple-converted-space"> </span>GPL</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">retpoline:<span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">rhelversion:<span class="Apple-converted-space"> </span>7.8</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">srcversion: <span class="Apple-converted-space"> </span>81F508029A53F7490CCDB44</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">depends: <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">vermagic: <span class="Apple-converted-space"> </span>3.10.0-1127.10.1.el7.x86_64 SMP mod_unload modversion</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# mkdir -p /lib/modules/3.10.0-1127.10.1.el7.x86_64/kernel/sdc/falc0n</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# cp falc0n.ko /lib/modules/3.10.0-1127.10.1.el7.x86_64/kernel/sdc/</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# depmod</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p>Depmod is neccessary to update kernel modules dependency so the falc0n could be loaded by the kernel.</p><p>Running the rootkit : (DISCLAIMER: be prepared to restart your machine / VM if something goes wrong, for example if you are unable to remove the kernel module you might want to restart the VM)</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modprobe falc0n</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">modprobe: ERROR: could not insert 'falc0n': No locks available</span></p><div><br /></div><div>Checking the dmesg :</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826824]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826825]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826827]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826828]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826831]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826833]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.826835] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.827260] [p_lkrg] Process[tail | 8748] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.827684] [p_lkrg] <Exploit Detection> Path's inode[705103] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155297.828701] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 8748] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail -100</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.604811] [p_lkrg] <Exploit Detection> Path's inode[706399] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.605259] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 8753] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.606152] [p_lkrg] <Exploit Detection> Frame[5] nr_entries[8]: [0xffffffffc07a5b4d]. Full Stack below:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607046] --- . ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607485]<span class="Apple-converted-space"> </span>[<ffffffff85a7e411>] __mark_inode_dirty+0x1/0x270</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607488]<span class="Apple-converted-space"> </span>[<ffffffff85a6b35a>] touch_atime+0x10a/0x220</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607490]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607492]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607493]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607495]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607498]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607499]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607502] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.607926] [p_lkrg] Process[tail | 8753] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.608350] [p_lkrg] <Exploit Detection> Path's inode[706399] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.608800] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 8753] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.609670] [p_lkrg] <Exploit Detection> Frame[5] nr_entries[8]: [0xffffffffc07a5b4d]. Full Stack below:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.610564] --- . ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611003]<span class="Apple-converted-space"> </span>[<ffffffff85a7e411>] __mark_inode_dirty+0x1/0x270</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611006]<span class="Apple-converted-space"> </span>[<ffffffff85a6b35a>] touch_atime+0x10a/0x220</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611008]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611009]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611011]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611013]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611015]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611017]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155302.611019] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p></div><div>Even though the name of the offending module not found, LKRG detected pCFI violation and exploit execuition. So now we are able to detect this stuff. And my VM no longer crashed :)</div><div><br /></div><h2 style="text-align: left;">Detection by running LKRG after rootkit</h2><div><br /></div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# systemctl stop lkrg</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modprobe falc0n</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">modprobe: ERROR: could not insert 'falc0n': No locks available</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.340591]<span class="Apple-converted-space"> </span>[<ffffffff85a56109>] SyS_execve+0x29/0x30</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.340592]<span class="Apple-converted-space"> </span>[<ffffffff85f93478>] stub_execve+0x48/0x80</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.340595] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.341062] [p_lkrg] Process[cmd | 9330] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.341530] [p_lkrg] <Exploit Detection> Stack pointer corruption (ROP?) - pCFI violation: process[cmd | 9330] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155849.342451] [p_lkrg] Process[cmd | 9330] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155945.170322] [p_lkrg] Unloading LKRG...</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155945.198759] Freezing user space processes ... (elapsed 0.001 seconds) done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155945.903737] Restarting tasks ... done.</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155945.904090] [p_lkrg] LKRG unloaded!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# systemctl start lkrg</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail -100</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.311412] [p_lkrg] <Exploit Detection> Path's inode[710191] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.311862] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 9553] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.312733] [p_lkrg] <Exploit Detection> Frame[5] nr_entries[8]: [0xffffffffc07a5b4d]. Full Stack below:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.313626] --- . ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314065]<span class="Apple-converted-space"> </span>[<ffffffff85a7e411>] __mark_inode_dirty+0x1/0x270</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314068]<span class="Apple-converted-space"> </span>[<ffffffff85a6b35a>] touch_atime+0x10a/0x220</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314070]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314071]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314073]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314075]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314078]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314079]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314082] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314507] [p_lkrg] Process[tail | 9553] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.314935] [p_lkrg] <Exploit Detection> Path's inode[710191] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.315384] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 9553] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.316273] [p_lkrg] <Exploit Detection> Frame[5] nr_entries[8]: [0xffffffffc07a5b4d]. Full Stack below:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317166] --- . ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317604]<span class="Apple-converted-space"> </span>[<ffffffff85a7e411>] __mark_inode_dirty+0x1/0x270</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317607]<span class="Apple-converted-space"> </span>[<ffffffff85a6b35a>] touch_atime+0x10a/0x220</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317609]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317611]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317612]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317614]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317617]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317618]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.317621] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.318045] [p_lkrg] Process[tail | 9553] pCFI verification failed!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.318469] [p_lkrg] <Exploit Detection> Path's inode[710191] mode[0100000] will be isolated!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.318920] [p_lkrg] <Exploit Detection> Not valid call - pCFI violation: process[tail | 9553] !!!</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.319791] [p_lkrg] <Exploit Detection> Frame[5] nr_entries[8]: [0xffffffffc07a5b4d]. Full Stack below:</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.320684] --- . ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321122]<span class="Apple-converted-space"> </span>[<ffffffff85a7e411>] __mark_inode_dirty+0x1/0x270</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321125]<span class="Apple-converted-space"> </span>[<ffffffff85a6b35a>] touch_atime+0x10a/0x220</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321127]<span class="Apple-converted-space"> </span>[<ffffffff85a57065>] pipe_read+0x2e5/0x400</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321129]<span class="Apple-converted-space"> </span>[<ffffffff85a4c5e3>] do_sync_read+0x93/0xe0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321130]<span class="Apple-converted-space"> </span>[<ffffffff85a4d01f>] vfs_read+0x9f/0x170</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321132]<span class="Apple-converted-space"> </span>[<ffffffffc07a5b4d>] 0xffffffffc07a5b4d</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321135]<span class="Apple-converted-space"> </span>[<ffffffff85a4de8f>] SyS_read+0x7f/0xf0</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321136]<span class="Apple-converted-space"> </span>[<ffffffff85f92ed2>] system_call_fastpath+0x25/0x2a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[155992.321139] --- END ---</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><h1>Conclusion</h1></div><div>LKRG can be used to detect some exploits executed by falc0n/reptile-based rootkit. But don't expect it to show the location of the rootkit or the name of the rootkit. And also don't forget to set some configuration to prevent LKRG killing your sshd server..</div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-453600131265590182021-05-25T21:21:00.004-07:002021-05-27T17:58:42.191-07:00How To Install Old CentOS Kernel or Packages (and Few Reasons Why You Want It)When we update packages in Linux OS such as CentOS and RHEL, normally the update process will pull latest packages from the repository. But sometimes the latest is not what we want, for example there is a support page in Citrix website - https://support.citrix.com/article/CTX200094 that describes that sometimes when updating we get version/release that not supported by the vendor (in this case, Citrix XenServer). In my case I am trying to check whether LKRG (the Linux Kernel Runtime Guard) could detect one of my servers that got hacked by some rootkit, but as I will show I got baffled by missing kernel rpm packages.<div><br /></div><h2 style="text-align: left;">Background (Why do you want old Kernel Devel package?)</h2><div>Some hacker installed rootkit in my server, and I want to do some analysis on it. I want to use a server that is more idle than the hacked server, but the kernel version differs and seems that linux kernel module is specific to the kernel version. So I need to install the specific version that is equal to the hacked server.</div><div><br /></div><div>Just running yum install will not do :</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# yum install kernel-devel-3.10.0-1127.10.1.el7.x86_64</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Failed to set locale, defaulting to C</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Loaded plugins: fastestmirror</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Loading mirror speeds from cached hostfile</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>* base: mirror.idroot.cloud</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>* extras: mirror.papua.go.id</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>* updates: mirror.hostnic.id</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">No package <b>kernel-devel-3.10.0-1127.10.1.el7.x86_64</b> available.</span></p></div><div><br /></div><div>Another reason is, there might be a need in an IT Support organization to support older releases because of operational issues that crop up when the kernel got upgraded to newer level. I assume the reason we (I am a part of such IT organization) unable to support newer kernel is that some part/of components are not quite covered by the current contract so no one be able to solve the operational issues.</div><h2 style="text-align: left;">Where to get one?</h2><div>So we need to search around in the internet. </div><div>1. We could get kernel-devel rpm packages from Linux cern : (https://linuxsoft.cern.ch/cern/centos/7/updates/x86_64/repoview/kernel-devel.html), but I somehow worry about downloading from unofficial site and want to avoid installing rpms individually. </div><div>2. We could also download from CentOS vault directly : </div><div>(https://vault.centos.org/7.8.2003/updates/x86_64/Packages/). Still I want more automated solution.</div><div><br /></div><h2 style="text-align: left;">Ultimate solution : enable CentOS vault repo 7.8</h2><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3sW1LbSAqp1Dc9mvXVCyTr2Rmvi5Phq40H_mjoepEdc4fCyb0PVsZlSVMvr0ah6bd479zajwADdXgq4wtaMld9SqHqDQ2laEHnH1itcQnq-evA_7HjA9lqDOuPBz8SqA7I71F-kt1Coyh/s2694/Image+2021-05-26+10-51-18.png" style="margin-left: 1em; margin-right: 1em;"><img alt="yum repolist all" border="0" data-original-height="1167" data-original-width="2694" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3sW1LbSAqp1Dc9mvXVCyTr2Rmvi5Phq40H_mjoepEdc4fCyb0PVsZlSVMvr0ah6bd479zajwADdXgq4wtaMld9SqHqDQ2laEHnH1itcQnq-evA_7HjA9lqDOuPBz8SqA7I71F-kt1Coyh/w498-h216/Image+2021-05-26+10-51-18.png" title="yum repolist all" width="498" /></a></div><br /><div><br /></div><div><br /></div><div>After some digging around with 'yum repolist all', it seems that the already installed file <span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">/etc/yum.repos.d/CentOS-Vault.repo </span>contains references to the CentOS vault Repo, but by default they are not enabled and they also only have references until Centos 7.3. The reason is :</div><div><span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"><br /></span></div><div><span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">rpm -qf /etc/yum.repos.d/CentOS-Vault.repo</span><span class="Apple-converted-space" style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;"> </span></div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">centos-release-7-4.1708.el7.centos.x86_64</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p></div><div>So the reason is I have centos release 7.4 installed, and the kernel I want to install is in centos 7.8. So what I need to do is to update to centos 7.9; giving us centos 7.8 entries in CentOS-vault.repo.</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yum update centos-release</span></p></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaCiP1FALzZAR5bMBFVK2bKxmlLxaPEFtaLc0LN_eucukPLMWcXQajNe9W1yWyo77fTeTPzk5REapiN3de9rXK68hZ7Mp6v-Oiw3p9nf-PWJ2A5b7FSg09Ru0xnjbHCD3QzltLm9QSofWU/s2668/Image+2021-05-26+10-54-59.png" style="margin-left: 1em; margin-right: 1em;"><img alt="yum update centos-release" border="0" data-original-height="1179" data-original-width="2668" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaCiP1FALzZAR5bMBFVK2bKxmlLxaPEFtaLc0LN_eucukPLMWcXQajNe9W1yWyo77fTeTPzk5REapiN3de9rXK68hZ7Mp6v-Oiw3p9nf-PWJ2A5b7FSg09Ru0xnjbHCD3QzltLm9QSofWU/w525-h231/Image+2021-05-26+10-54-59.png" title="yum update centos-release" width="525" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">After that lets check yum repolist all:</div><div class="separator" style="clear: both; text-align: left;"><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yum repolist all</span></p></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaACtWb5knoP1_thTTp0-wlf73OdKsqoPmkl96Y-Ahs38cLSzZ6WcTktRlu46eEJLLdGYAR6rjz4e2vv2McG96R8wp4rtT27Gm-m5r6Nq6imenfCaUE24ZjADK03usCt_EACUq_x4eYLV6/s1745/Image+2021-05-26+10-57-21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1500" data-original-width="1745" height="394" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaACtWb5knoP1_thTTp0-wlf73OdKsqoPmkl96Y-Ahs38cLSzZ6WcTktRlu46eEJLLdGYAR6rjz4e2vv2McG96R8wp4rtT27Gm-m5r6Nq6imenfCaUE24ZjADK03usCt_EACUq_x4eYLV6/w458-h394/Image+2021-05-26+10-57-21.png" width="458" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><h2 style="clear: both; text-align: left;">Using the disabled repo</h2><div class="separator" style="clear: both; text-align: left;">Then we need to specify which repo we need to temporarily enable when installing the package :</div><div><br /></div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yum install --enablerepo=C7.8.2003-base --enablerepo=C7.8.2003-updates kernel-3.10.0-1127.10.1.el7.x86_64</span></p><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfyjLcuhod_BxPEvpto3fJvY3Cau4VLxUiw_2qxQ8Efl197Cv9zJCGFMxGfMABirhmKYcP56M2L7kC6mIbo7PlcBBX_Q9tWtI68fP194RtJjNfMmv0TvEIoULZs17Z9hPF0jZ_p31G2ggg/s1762/Image+2021-05-26+11-00-22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1486" data-original-width="1762" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfyjLcuhod_BxPEvpto3fJvY3Cau4VLxUiw_2qxQ8Efl197Cv9zJCGFMxGfMABirhmKYcP56M2L7kC6mIbo7PlcBBX_Q9tWtI68fP194RtJjNfMmv0TvEIoULZs17Z9hPF0jZ_p31G2ggg/w348-h294/Image+2021-05-26+11-00-22.png" width="348" /></a></div><br /><div><br /></div><div>Thats all folks!</div><div><br /></div><div>..not quite</div><div><br /></div><h2 style="text-align: left;">LKRG and Stuffs</h2><div>Lets continue to install some stuffs:</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">yum install --enablerepo=C7.8.2003-base --enablerepo=C7.8.2003-updates kernel-headers-3.10.0-1127.10.1.el7.x86_64 kernel-tools-3.10.0-1127.10.1.el7.x86_64 kernel-devel-3.10.0-1127.10.1.el7.x86_64 gcc</span></p></div><div><br /></div><div>then extract the LKRG</div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# tar -xvzf lkrg-0.9.1.tar.gz<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;"><br /></span></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Kernel version is still the old one, so I need to restart</span></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# uname -a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Linux xxxxx.redacted.com 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux</span></p></div><div><br /></div><div><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# shutdown -rf now</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Check kernel version after boot</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# uname -a</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Linux lb.paas.telkom.co.id 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;">Make and Install lkrg</p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb ~]# cd lkrg-0.9.1</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# make</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">..</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# make install</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# systemctl start lkrg</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# dmesg | tail</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVwvU12QQRE5UZNtM4gqTmzcxyCPg2XBa7xG6HDTBoPaYSV6p8vksw0AaghDkdbfLyXQmO5BlxinTSroJqYiobykSoGCrjlADmeZE8-21gu76_sIu29gDalh4_zlcrSimvvr8uKDb3cNTN/s1624/make_install_lkrg.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1496" data-original-width="1624" height="490" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVwvU12QQRE5UZNtM4gqTmzcxyCPg2XBa7xG6HDTBoPaYSV6p8vksw0AaghDkdbfLyXQmO5BlxinTSroJqYiobykSoGCrjlADmeZE8-21gu76_sIu29gDalh4_zlcrSimvvr8uKDb3cNTN/w532-h490/make_install_lkrg.png" width="532" /></a></div><br /><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span><p></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Copying the rootkit file</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# scp node6:/usr/falc0n/falc0n.ko .</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">falc0n.ko<span class="Apple-converted-space"> </span>100%<span class="Apple-converted-space"> </span>783KB<span class="Apple-converted-space"> </span>36.5MB/s <span class="Apple-converted-space"> </span>00:00 <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# modinfo falc0n.ko<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">filename: <span class="Apple-converted-space"> </span>/root/lkrg-0.9.1/falc0n.ko</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">intree: <span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">license:<span class="Apple-converted-space"> </span>GPL</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">retpoline:<span class="Apple-converted-space"> </span>Y</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">rhelversion:<span class="Apple-converted-space"> </span>7.8</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">srcversion: <span class="Apple-converted-space"> </span>81F508029A53F7490CCDB44</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">depends: <span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">vermagic: <span class="Apple-converted-space"> </span>3.10.0-1127.10.1.el7.x86_64 SMP mod_unload modversion</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# mkdir -p /lib/modules/3.10.0-1127.10.1.el7.x86_64/kernel/sdc/falc0n</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# cp falc0n.ko /lib/modules/3.10.0-1127.10.1.el7.x86_64/kernel/sdc/</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">[root@lb lkrg-0.9.1]# depmod</span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Copying the rootkit file, and try to enable it</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_YdlEAX4gE4G8sfoePhWXrfT0fa_oyDUrmwPnNhmjID2KBCmNJDnXBNtET8G6EMQ7LKV5GAjvVJUmh5LQqafcYWpFIqIgxBWiP-EM00LWNXhqMQt-E10LclGOpPNeTyfs6QQBT6l8HKo4/s1714/Image+2021-05-26+11-20-39.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1208" data-original-width="1714" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_YdlEAX4gE4G8sfoePhWXrfT0fa_oyDUrmwPnNhmjID2KBCmNJDnXBNtET8G6EMQ7LKV5GAjvVJUmh5LQqafcYWpFIqIgxBWiP-EM00LWNXhqMQt-E10LclGOpPNeTyfs6QQBT6l8HKo4/s320/Image+2021-05-26+11-20-39.png" width="320" /></a></div><br /><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;"><br /></span><p></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Seems that my VM crashed :D </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Thats all for now.. </span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Times; font-size: medium; font-variant-ligatures: normal;">Update : it seems that not the VM crashed, but the sshd daemon got killed. To workaround that, see the next post..</span></span></p><p class="p1" style="font-family: Menlo; font-size: 11px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px;"><br /></p></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-1548523489606608972020-08-23T07:55:00.000-07:002020-08-23T07:55:14.566-07:00Connect XBox 360 Wireless Controller to your Nintendo Switch<div dir="ltr" style="text-align: left;" trbidi="on">
Nintendo Switch's default controller is good enough for gaming, but unfortunately after a while the joycons would drift easily. As an alternative, this article will show how to use XBox 360 wireless controller (or any controller that are detectable by Linux OS) to control a Nintentdo Switch Console<br />
<br /><h3 style="text-align: left;">
Hardware Needed</h3>
A.<br />
<a href="https://www.ebay.com/b/xbox-360-controller-pc-adapter/bn_7024868184">https://www.ebay.com/b/xbox-360-controller-pc-adapter/bn_7024868184</a><br />
First you need a Xbox 360 to PC adapter.<br />
B. <a href="https://www.ebay.com/itm/Raspberry-Pi-3-Model-B-Plus-1-4GHz-Quad-Core-64Bit-1GB-RAM-2018-Model-/261698200759">https://www.ebay.com/itm/Raspberry-Pi-3-Model-B-Plus-1-4GHz-Quad-Core-64Bit-1GB-RAM-2018-Model-/261698200759</a><br />
And a raspberry PI model 3B+. With a SD card containing Raspbian OS.<br />
C. <a href="https://www.ebay.com/itm/xbox-360-controller-wireless-new/153989068162?hash=item23da76b582:g:bVQAAOSwsJFe-zPz">https://www.ebay.com/itm/xbox-360-controller-wireless-new/153989068162?hash=item23da76b582:g:bVQAAOSwsJFe-zPz</a><br />
A Xbox 360 wireless controller.<br />
D. And of course we also need a Nintendo Switch Console.<br />
<br />
Fortunately I have all these items in my home. If you don't have A and B, you might better off just buy Mayflash Magic NS adapter (<a href="https://www.amazon.com/Mayflash-Magic-NS-Wireless-Controller-Nintendo/dp/B079B5KHWQ">https://www.amazon.com/Mayflash-Magic-NS-Wireless-Controller-Nintendo/dp/B079B5KHWQ</a>). I was going to buy Magic NS but order and delivery takes at least two days.. so I opt for the software solution using existing hardware.<br />
<br /><h3 style="text-align: left;">
Software Required</h3>
Install a Raspbian OS based on Debian 10 (buster) in the Raspberry Pi SD Card. As an alternative I were using docker on Raspbian 9, and installed debian:10 image.</div><div><br /></div><div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">[ when using docker ]</div><div dir="ltr" style="text-align: left;" trbidi="on">docker run --net=host --privileged -v /var/run/dbus:/var/run/dbus -v /home/pi/joycontrol:/joycontrol -v /sys/class/bluetooth:/sys/class/bluetooth -v /dev/input:/dev/input -it debian:10 bash<br />
The command above not needed if you already installed Raspbian 10.</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><h3 style="text-align: left;">Cloning the repo</h3><div dir="ltr" style="text-align: left;" trbidi="on">Clone the git repository containing Pro Controller emulation code from <a href="https://github.com/yudhiwidyatama/joycontrol">https://github.com/yudhiwidyatama/joycontrol</a>. This repo is forked from <a href="https://github.com/mart1nro/joycontrol">https://github.com/mart1nro/joycontrol</a> with additional evdev-based emulation.<div><br /></div><div>git clone https://github.com/yudhiwidyatama/joycontrol</div><div><br /></div></div><h3 style="text-align: left;">Installing libraries</h3><div dir="ltr" style="text-align: left;" trbidi="on">Please make use these commands are run as root.</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">apt install python3-dbus libhidapi-hidraw0</div><div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" trbidi="on">cd joycontrol</div><div dir="ltr" trbidi="on">pip3 install .</div></div><div dir="ltr" style="text-align: left;" trbidi="on">pip3 install evdev</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">These two command installs required libraries for running the software. </div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><h3 style="text-align: left;">Running the software</h3><div dir="ltr" style="text-align: left;" trbidi="on">Connect the XBox 360 to PC adapter to one of USB port. </div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">python3 run_controller_cli.py PRO_CONTROLLER</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">If the bluetooth pairing between the Nintendo Switch and the Pi is already done, in the next run we could skip the pairing/handshaking by using this syntax:</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">python3 run_controller_cli.py -r 60:6B:FF:37:02:30 PRO_CONTROLLER</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><h2 style="text-align: left;">Adjustments</h2><div>The XBox controller's devices might be detected other than /dev/input/event2. Please check this directory for alternatives devices :</div><div><div>root@retropie:/# cd /dev/input/</div><div>root@retropie:/dev/input# ls -l</div><div>total 0</div><div>drwxr-xr-x 2 root root 160 Aug 16 14:02 by-id</div><div>drwxr-xr-x 2 root root 180 Aug 16 14:02 by-path</div><div>crw-rw---- 1 root messagebus 13, 64 Aug 16 14:02 event0</div><div>crw-rw---- 1 root messagebus 13, 65 Aug 16 14:02 event1</div><div>crw-rw---- 1 root messagebus 13, 66 Aug 16 14:02 event2</div><div>crw-rw---- 1 root messagebus 13, 67 Aug 16 14:02 event3</div><div>crw-rw---- 1 root messagebus 13, 68 Aug 16 14:02 event4</div><div>crw-rw---- 1 root messagebus 13, 69 Aug 16 14:02 event5</div><div>crw-rw---- 1 root messagebus 13, 63 Aug 16 14:02 mice</div><div>crw-rw---- 1 root messagebus 13, 32 Aug 16 14:02 mouse0</div><div>crw-rw---- 1 root messagebus 13, 33 Aug 16 14:02 mouse1</div></div><div><br /></div><div>Change line 288 of run_controller_cli.py if neccessary :</div><div><br /></div><div> device = evdev.InputDevice("/dev/input/event2")</div><div><br /></div><h3 style="text-align: left;">Result</h3><div dir="ltr" style="text-align: left;" trbidi="on">Using a Raspberry Pi 3B+, running Raspbian 9 with Debian 10 under docker, we were able to obtain throughput of 250 to 500+ events per second. This quite nice considering native Xbox 360 polling rate of 8ms.</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6gtS4XKL-rTYDvNOPkRwhRNgJjymuEr4OAqNbHgjafpn3Ekdw1sdaKSyRVChVjlwFL4vE2Y1d8pBV2c01NuwaIzvGwXp-71KMMO40DiafwH4vzZSQGntj2GOjJOvgmE2C0StFcKu2DJqB/s1794/pi_controller_emu_rate.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1352" data-original-width="1794" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6gtS4XKL-rTYDvNOPkRwhRNgJjymuEr4OAqNbHgjafpn3Ekdw1sdaKSyRVChVjlwFL4vE2Y1d8pBV2c01NuwaIzvGwXp-71KMMO40DiafwH4vzZSQGntj2GOjJOvgmE2C0StFcKu2DJqB/s640/pi_controller_emu_rate.png" width="640" /></a></div><div dir="ltr" style="text-align: left;" trbidi="on"><br /></div><div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br /></div>
</div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com5tag:blogger.com,1999:blog-7335438738304284149.post-21354420051600754132020-08-19T21:52:00.003-07:002020-08-20T01:16:26.371-07:00Demistifying Certificate Generation using Ansible in Openshift<h2 style="text-align: left;">Background</h2><div>Ansible is the only available tools to manage deployment Openshift Origin Clusters, now known OKD. Some pitfalls were identified when the author tried to redeploy certificate in an Origin 3.6 cluster.</div><h2 style="text-align: left;">Logging Issues</h2><div>We were trying to do some troubleshooting using the kibana-ops logging console, and were surprised to find it not working. Quick check on the logging project shows that many of the pods have warning status.</div><div><br /></div><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQZ776lQsJdERDQnJSGoGUq8RrdGpyeGp5LIpCVJwmyduxSSroFu5SxfJPk8R_MiQKmhTm3S8u0oNTYAtMPrnDWDXb8q2nwzPqqGG7ciL9j73kI9iW4oeeFAR6kGPfAfAYA9TdkLfo6fjd/s1174/logging_cluster_issue.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="649" data-original-width="1174" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQZ776lQsJdERDQnJSGoGUq8RrdGpyeGp5LIpCVJwmyduxSSroFu5SxfJPk8R_MiQKmhTm3S8u0oNTYAtMPrnDWDXb8q2nwzPqqGG7ciL9j73kI9iW4oeeFAR6kGPfAfAYA9TdkLfo6fjd/w400-h221/logging_cluster_issue.jpg" title="Logging cluster issue" width="400" /></a></div><div><br /></div><div><br /></div><div>Checking these pods (mostly elasticsearch instances) we found that the the health check script results in 'Elasticsearch node is not ready to accept HTTP requests yet' with http response code 000. The pods were at 90% storage, which I think caused by the curator unable to connect to the elastic instances (The curator is supposed to clean old index data files so the disk won't fill up). </div><div>Further investigation results the curl command (adapted from <a href="https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html#aggregate-logging-performing-elasticsearch-maintenance-operations">this syntax</a> from the chapter Aggregating Container Logs - Performing Administrative Elasticsearch Operations ) results in expired peer certificate error :</div><div><pre class="nowrap" id="clipboard-53" style="-webkit-font-smoothing: antialiased; background-color: #e7e7e7; border-radius: 0px; border: 0px; box-sizing: border-box; color: #404040; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 1.5em 2.5em; text-rendering: optimizelegibility; word-break: break-all;"><span style="font-family: courier; font-size: x-small;"><br class="Apple-interchange-newline" />oc project logging</span></pre><pre class="nowrap" id="clipboard-53" style="-webkit-font-smoothing: antialiased; background-color: #e7e7e7; border-radius: 0px; border: 0px; box-sizing: border-box; color: #404040; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 1.5em 2.5em; text-rendering: optimizelegibility; word-break: break-all;"><span style="font-family: courier; font-size: x-small;">oc rsh logging-es-data-master-9oin****-10-c3*** </span></pre><pre class="nowrap" id="clipboard-53" style="-webkit-font-smoothing: antialiased; background-color: #e7e7e7; border-radius: 0px; border: 0px; box-sizing: border-box; color: #404040; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 1.5em 2.5em; text-rendering: optimizelegibility; word-break: break-all;"><span style="font-family: courier; font-size: x-small;">curl --key /etc/elasticsearch/secret/admin-key \
--cert /etc/elasticsearch/secret/admin-cert \
--cacert /etc/elasticsearch/secret/admin-ca -XGET "https://localhost:9200"</span></pre></div><div>Further checks (using <a href="https://www.sslshopper.com/ssl-checker.html">ssl shopper checker</a> :) ) on the /etc/elasticsearch/secret/admin-cert shows the certificate were expired as well.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif271fFWrE4SHGJdRYt9nLOY8T7CUtaZpplmjV4Mn8tpAQuSPTZlJKf-6qY23EbVSCbhvmhF_1SSQfEebuS8s0YhFq6j7RZo4DD1Uq2el3FZOgSu1AE5Z3W7h6dorFwelooEasmZTJzOPF/s540/certificate_check.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="540" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif271fFWrE4SHGJdRYt9nLOY8T7CUtaZpplmjV4Mn8tpAQuSPTZlJKf-6qY23EbVSCbhvmhF_1SSQfEebuS8s0YhFq6j7RZo4DD1Uq2el3FZOgSu1AE5Z3W7h6dorFwelooEasmZTJzOPF/w320-h237/certificate_check.jpg" title="ssl check result" width="320" /></a></div><h3 style="clear: both; text-align: left;">Solution Seeking</h3><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">In order to renew the certificates, we searched the internet, and found that there is a support article on this exact problem : <a href="https://access.redhat.com/solutions/4233251">https://access.redhat.com/solutions/4233251</a> and this links to a <a href="https://docs.openshift.com/container-platform/3.11/install_config/aggregate_logging.html#fluentd-redeploy-certs">ansible redeploy playbook</a>.</div><div>Well, this post is a bit more than just executing that certain playbook :)</div><div>In short, the command to be executed is "<span face="" style="background-color: #e7e7e7; color: #404040; font-family: "roboto mono", monospace; font-size: 13px;">ansible-playbook playbooks/openshift-logging/redeploy-certificates.yml</span>", and we are unable to run it because the playbook file doesn't exist in our openshift version playbooks. Of course there is several options :</div><div>-> upgrade to the newer openshift version, which I not quite ready because of the risks involved with live applications running in the cluster. Well if this is to be done then we need to do some simulations first with a dummy cluster ..</div><div>-> copy the playbook from newer version, which also have its own risks, such as having incompatibility issues and missing variables</div><div>-> try to trick the existing 'logging installation' playbook to renew the certificates. This is the follow up I chose.</div><div>For other certificates (other than the logging) there is another redeploy certificates playbook than can be run but reading the bug reports (<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1772543">https://bugzilla.redhat.com/show_bug.cgi?id=1772543</a>) we concluded that it just won't do the job. For your reference this is the bug report description (which have markings of openshift version 3.11, the last stable version):</div><blockquote>Running /usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml does not redeploy logging certificates although it is expected it redeploys all the certificates (not CAs) of OpenShift components (as it already does with console, catalog, monitoring...). Users must be aware and run /usr/share/ansible/openshift-ansible/playbooks/openshift-logging/redeploy-certificates.yml separately.</blockquote><h3 style="text-align: left;">Running the Logging Installation playbook</h3><div>Here is the ansible command I run (we need to do it from the bootstrap node) :</div><div>ansible-playbook -i /root/OSV3_ansible_inventory.20200731 playbooks/byo/openshift-cluster/openshift-logging.yml</div><div>The inventory file were specific to our deployment so you might want to change it before running in your cluster; the playbook were taken from subheading '<a href="https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html#deploying-the-efk-stack">Deploying the EFK Stack</a>' in chapter 'Aggregating Container Logs'.</div><div><br /></div><div>The first pitfall is a strange error message about deployment config. It seems that the ansible playbook generated somewhat incorrect deployment config. However the culprit is wrong units being used in the memory limit (4GB instead of 4G). Red hat bugzilla have <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1391661">description</a> on this problem ("Better error message for templates missing memory specification"). The strange error message is : " DeploymentConfig in version "v1" cannot be handled as a DeploymentConfig: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$'", which we resolve by changing memory limit into 4G in the inventory file.</div><div><br /></div><div>The second pitfall is the certificate not being renewed at all. So I figure I need to delete the existing certificates to get them rebuild them. For more info I need to enable verbose logging on the ansible playbook execution:</div><div><br /></div><div><div>ansible-playbook --verbose -i /root/OSV3_ansible_inventory.20200731 playbooks/byo/openshift-cluster/openshift-logging.yml</div><div><br /></div></div><div>The interesting fragments were something like these :</div><div><div><span style="font-family: courier; font-size: x-small;">TASK [openshift_logging : Checking for system.admin.crt] ***************************************************************************************************************</span></div><div><span style="font-family: courier; font-size: x-small;">ok: [master1.paas.telkom.co.id] => {</span></div><div><span style="font-family: courier; font-size: x-small;"> "changed": false,</span></div><div><span style="font-family: courier; font-size: x-small;"> "failed": false,</span></div><div><span style="font-family: courier; font-size: x-small;"> "stat": {</span></div><div><span style="font-family: courier; font-size: x-small;"> "atime": 1597830303.7311661,</span></div><div><span style="font-family: courier; font-size: x-small;"> "attr_flags": "",</span></div><div><span style="font-family: courier; font-size: x-small;"> "attributes": [],</span></div><div><span style="font-family: courier; font-size: x-small;"> "block_size": 4096,</span></div><div><span style="font-family: courier; font-size: x-small;"> "blocks": 8,</span></div><div><span style="font-family: courier; font-size: x-small;"> "charset": "us-ascii",</span></div><div><span style="font-family: courier; font-size: x-small;"> "checksum": "0d0987b2615864f95fe914aa29a27c3831e8c93e",</span></div><div><span style="font-family: courier; font-size: x-small;"> "ctime": 1597830292.9452658,</span></div><div><span style="font-family: courier; font-size: x-small;"> "dev": 64768,</span></div><div><span style="font-family: courier; font-size: x-small;"> "device_type": 0,</span></div><div><span style="font-family: courier; font-size: x-small;"> "executable": false,</span></div><div><span style="font-family: courier; font-size: x-small;"> "exists": true,</span></div><div><span style="font-family: courier; font-size: x-small;"> "gid": 0,</span></div><div><span style="font-family: courier; font-size: x-small;"> "gr_name": "root",</span></div><div><span style="font-family: courier; font-size: x-small;"> "inode": 51974025,</span></div><div><span style="font-family: courier; font-size: x-small;"> "isblk": false,</span></div></div><div><br /></div><div>At first I don't know where the file is located. Which ansible script responsible for that ?</div><div>Need to dig deeper. Lets see : the byo/openshift-cluster/openshift-logging.yml contains this :</div><div>include: ../../common/openshift-cluster/openshift_logging.yml</div><div>This direct us to another playbook in the common directory, which contains:</div><div><div><span style="font-family: courier; font-size: x-small;">- name: OpenShift Aggregated Logging</span></div><div><span style="font-family: courier; font-size: x-small;"> hosts: oo_first_master</span></div><div><span style="font-family: courier; font-size: x-small;"> roles:</span></div><div><span style="font-family: courier; font-size: x-small;"> - openshift_logging</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Update Master configs</span></div><div><span style="font-family: courier; font-size: x-small;"> hosts: oo_masters:!oo_first_master</span></div><div><span style="font-family: courier; font-size: x-small;"> tasks:</span></div><div><span style="font-family: courier; font-size: x-small;"> - block:</span></div><div><span style="font-family: courier; font-size: x-small;"> - include_role:</span></div><div><span style="font-family: courier; font-size: x-small;"> name: openshift_logging</span></div><div><span style="font-family: courier; font-size: x-small;"> tasks_from: update_master_config</span></div><div><span style="font-family: courier; font-size: x-small;"> when: openshift_logging_install_logging | default(false) | bool</span></div></div><div><br /></div><div>Being just a beginner in ansible stuffs, so at first this doesn't make any sense. What I make out of this is that the first master is something special, and other master being updated after configuration in the first master is done. Well the next file to be checked is openshift_logging role :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ls -l roles/openshift_logging</span></div><div><span style="font-family: courier; font-size: x-small;">total 24</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 22 Dec 6 2017 defaults</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 52 Dec 6 2017 files</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 75 Dec 6 2017 filter_plugins</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 22 Dec 6 2017 handlers</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 40 Dec 6 2017 library</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 23 Dec 6 2017 meta</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 18785 Dec 6 2017 README.md</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 4096 Aug 19 19:45 tasks</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 47 Dec 6 2017 templates</span></div><div><span style="font-family: courier; font-size: x-small;">drwxrwxr-x. 2 lbuser lbuser 81 Dec 6 2017 vars</span></div></div><div><br /></div><div>Quite a lot of directories to be examined. Lets just examine the tasks directory.</div><div><br /></div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ls -l roles/openshift_logging/tasks</span></div><div><span style="font-family: courier; font-size: x-small;">total 60</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 484 Dec 6 2017 annotate_ops_projects.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 2260 Dec 6 2017 delete_logging.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 4371 Dec 6 2017 generate_certs.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 3401 Dec 6 2017 generate_jks.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 1442 Dec 6 2017 generate_pems.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 16425 Dec 6 2017 install_logging.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 1478 Dec 6 2017 main.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 2824 Aug 19 18:54 procure_server_certs.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 1267 Dec 6 2017 procure_shared_key.yaml</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-rw-r--. 1 lbuser lbuser 377 Dec 6 2017 update_master_config.yaml</span></div><div><br /></div><div>Well it seems we found some treasure.</div><div>Lets find out which has the string 'system.admin' :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# grep system.admin roles/openshift_logging/tasks/*</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_certs.yaml: - system.admin</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml:- name: Checking for system.admin.jks</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: stat: path="{{generated_certs_dir}}/system.admin.jks"</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: register: system_admin_jks</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: when: system_admin_jks.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: src: "{{local_tmp.stdout}}/system.admin.jks"</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: dest: "{{generated_certs_dir}}/system.admin.jks"</span></div><div><span style="font-family: courier; font-size: x-small;">roles/openshift_logging/tasks/generate_jks.yaml: when: not system_admin_jks.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]#</span></div></div><div><br /></div><div>In the generate_certs.yml file we find that :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">- name: Generate PEM certs</span></div><div><span style="font-family: courier; font-size: x-small;"> include: generate_pems.yaml component={{node_name}}</span></div><div><span style="font-family: courier; font-size: x-small;"> with_items:</span></div><div><span style="font-family: courier; font-size: x-small;"> - system.logging.fluentd</span></div><div><span style="font-family: courier; font-size: x-small;"> - system.logging.kibana</span></div><div><span style="font-family: courier; font-size: x-small;"> - system.logging.curator</span></div><div><span style="font-family: courier; font-size: x-small;"> - system.admin</span></div><div><span style="font-family: courier; font-size: x-small;"> loop_control:</span></div><div><span style="font-family: courier; font-size: x-small;"> loop_var: node_name</span></div></div><div><br /></div><div>This kind of calling another yaml (generate_pems.yaml) :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">---</span></div><div><span style="font-family: courier; font-size: x-small;">- name: Checking for {{component}}.key</span></div><div><span style="font-family: courier; font-size: x-small;"> stat: path="{{generated_certs_dir}}/{{component}}.key"</span></div><div><span style="font-family: courier; font-size: x-small;"> register: key_file</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Checking for {{component}}.crt</span></div><div><span style="font-family: courier; font-size: x-small;"> stat: path="{{generated_certs_dir}}/{{component}}.crt"</span></div><div><span style="font-family: courier; font-size: x-small;"> register: cert_file</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Creating cert req for {{component}}</span></div><div><span style="font-family: courier; font-size: x-small;"> command: ></span></div><div><span style="font-family: courier; font-size: x-small;"> openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key</span></div><div><span style="font-family: courier; font-size: x-small;"> -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><span style="font-family: courier; font-size: x-small;"> - not key_file.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_ext is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_ext.stdout is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Creating cert req for {{component}}</span></div><div><span style="font-family: courier; font-size: x-small;"> command: ></span></div><div><span style="font-family: courier; font-size: x-small;"> openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key</span></div><div><span style="font-family: courier; font-size: x-small;"> -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><span style="font-family: courier; font-size: x-small;"> - not key_file.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Sign cert request with CA for {{component}}</span></div><div><span style="font-family: courier; font-size: x-small;"> command: ></span></div><div><span style="font-family: courier; font-size: x-small;"> openssl ca -in {{generated_certs_dir}}/{{component}}.csr -notext -out {{generated_certs_dir}}/{{component}}.crt</span></div><div><span style="font-family: courier; font-size: x-small;"> -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><span style="font-family: courier; font-size: x-small;"> - not cert_file.stat.exists</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div></div><div><br /></div><div>Seeing this I can reuse the certificate key and csr, and just do the last part (signing) with the cert_file missing. So I need to delete the certificate file, which is at "{{generated_certs_dir}}/{{component}}.crt", for example the system.admin as one of the component becames "{{generated_certs_dir}}/system.admin.crt". But I still don't know where are the generated_certs_dir is..</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# grep generated_certs -R * | head</span></div><div><span style="font-family: courier; font-size: x-small;">docs/proposals/role_decomposition.md: generated_certs_dir: "{{openshift.common.config_base}}/logging"</span></div><div><span style="font-family: courier; font-size: x-small;">docs/proposals/role_decomposition.md: generated_certs_dir: "{{openshift.common.config_base}}/logging"</span></div><div><span style="font-family: courier; font-size: x-small;">docs/proposals/role_decomposition.md: generated_certs_dir: "{{openshift.common.config_base}}/logging"</span></div><div><span style="font-family: courier; font-size: x-small;">docs/proposals/role_decomposition.md: generated_certs_dir: "{{openshift.common.config_base}}/logging"</span></div></div><div><br /></div><div>Ok it is under config_base,</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# grep config_base -R * | head</span></div><div><span style="font-family: courier; font-size: x-small;">DEPLOYMENT_TYPES.md:| **openshift.common.config_base** | /etc/origin | /etc/origin |</span></div><div><span style="font-family: courier; font-size: x-small;">docs/proposals/role_decomposition.md: path: "{{ openshift.common.config_base }}/logging"</span></div></div><div><br /></div><div>To my luck the first result yields the correct location for config_base (/etc/origin). Thus the certificate directory is /etc/origin/logging. But it is not in the bootstrap server :</div><div><br /></div><div><div>[root@lb openshift-ansible-release-3.6]# ls -l /etc/origin/logging</div><div>ls: cannot access /etc/origin/logging: No such file or directory</div></div><div><br /></div><div>To my surprise it is in the first master only :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ls -l /etc/origin/logging</span></div><div><span style="font-family: courier; font-size: x-small;">ls: cannot access /etc/origin/logging: No such file or directory</span></div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ssh master1 ls -l /etc/origin/logging</span></div><div><span style="font-family: courier; font-size: x-small;">total 156</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 18 2018 02.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 18 2018 03.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 18 2018 04.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1184 Aug 18 2018 05.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 19 16:44 06.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 19 16:44 07.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1196 Aug 19 16:44 08.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1184 Aug 19 16:44 09.pem</span></div><div><span style="font-family: courier; font-size: x-small;">-rw-r--r--. 1 root root 1050 Aug 18 2018 ca.crt</span></div><div><span style="font-family: courier; font-size: x-small;">...</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ssh master2 ls -l /etc/origin/logging</span></div><div><span style="font-family: courier; font-size: x-small;">ls: cannot access /etc/origin/logging: No such file or directory</span></div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# ssh master3 ls -l /etc/origin/logging</span></div><div><span style="font-family: courier; font-size: x-small;">ls: cannot access /etc/origin/logging: No such file or directory</span></div></div><div><br /></div><div>The key take :</div><div>- certificate files were generated in the /etc/origin/logging directory in the first master server</div><div>- we can remove expired certificates in order to force certificate renewal</div><div><br /></div><div>Next we tried to do just that :</div><div><div><span style="font-family: courier; font-size: x-small;">[root@master1 ~]# cd /etc/origin/logging</span></div><div><span style="font-family: courier; font-size: x-small;">[root@master1 logging]# mkdir /tmp/expiredcerts</span></div><div><span style="font-family: courier; font-size: x-small;">[root@master1 logging]# mv kibana-internal.crt system.admin.crt system.logging.curator.crt system.logging.fluentd.crt system.logging.kibana.crt /tmp/expiredcerts/</span></div></div><div><br /></div><div>Then reperform the playbook again :</div><div><br /></div><div><span style="font-family: courier; font-size: x-small;">ansible-playbook -i /root/OSV3_ansible_inventory.20200731 playbooks/byo/openshift-cluster/openshift-logging.yml</span></div><div><br /></div><div>Which results in another error referring kibana-internal.crt being missing. Why it is not being regenerated ? Lets ask our friend grep:</div><div><div><div><span style="font-family: courier; font-size: x-small;">[root@lb openshift-ansible-release-3.6]# grep kibana-internal -R playbooks/byo | head</span></div><div><span style="font-family: courier; font-size: x-small;">grep: warning: playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_certificate_expiry/examples/playbooks: recursive directory loop</span></div><div><span style="font-family: courier; font-size: x-small;">grep: warning: playbooks/byo/openshift-checks/roles/openshift_certificate_expiry/examples/playbooks/roles: recursive directory loop</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_logging/tasks/generate_certs.yaml: - procure_component: kibana-internal</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_logging_kibana/tasks/main.yaml: - { name: "kibana_internal_key", file: "kibana-internal.key"}</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_logging_kibana/tasks/main.yaml: - { name: "kibana_internal_cert", file: "kibana-internal.crt"}</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_logging_kibana/tasks/main.yaml: # path: "{{ generated_certs_dir }}/kibana-internal.key"</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/certificate_expiry/roles/openshift_logging_kibana/tasks/main.yaml: # path: "{{ generated_certs_dir }}/kibana-internal.crt"</span></div><div><span style="font-family: courier; font-size: x-small;">grep: warning: playbooks/byo/openshift-cluster/roles/openshift_certificate_expiry/examples/playbooks/roles: recursive directory loop</span></div><div><span style="font-family: courier; font-size: x-small;">playbooks/byo/openshift-checks/roles/openshift_logging/tasks/generate_certs.yaml: - procure_component: kibana-internal</span></div></div></div><div><br /></div><div>The kibana-internal were in generate_certs.yml task (well, what do you know, we have certificate_expiry stuffs for the kibana-internal in the playbooks? Will need to check it later). Lets review that part in generate_certs.yaml :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">- include: procure_server_certs.yaml</span></div><div><span style="font-family: courier; font-size: x-small;"> loop_control:</span></div><div><span style="font-family: courier; font-size: x-small;"> loop_var: cert_info</span></div><div><span style="font-family: courier; font-size: x-small;"> with_items:</span></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> - procure_component: kibana</b></span></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> - procure_component: kibana-ops</b></span></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> - procure_component: kibana-internal</b></span></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}"</b></span></div></div><div><br /></div><div>Which refers to procure_server_certs.yaml :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">---</span></div><div><span style="font-family: courier; font-size: x-small;">- name: Procure info</span></div><div><span style="font-family: courier; font-size: x-small;"> debug:</span></div><div><span style="font-family: courier; font-size: x-small;"> var: cert_info</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Checking for {{ cert_info.procure_component }}.crt</span></div><div><span style="font-family: courier; font-size: x-small;"> stat: path="{{generated_certs_dir}}/{{ cert_info.procure_component }}.crt"</span></div><div><span style="font-family: courier; font-size: x-small;"> register: component_cert_file</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Checking for {{ cert_info.procure_component }}.key</span></div><div><span style="font-family: courier; font-size: x-small;"> stat: path="{{generated_certs_dir}}/{{ cert_info.procure_component }}.key"</span></div><div><span style="font-family: courier; font-size: x-small;"> register: component_key_file</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Trying to discover server cert variable name for {{ cert_info.procure_component }}</span></div><div><span style="font-family: courier; font-size: x-small;"> set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }}</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info.hostnames is undefined</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info[ cert_info.procure_component + '_crt' ] is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info[ cert_info.procure_component + '_key' ] is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Trying to discover the server key variable name for {{ cert_info.procure_component }}</span></div><div><span style="font-family: courier; font-size: x-small;"> set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }}</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info.hostnames is undefined</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info[ cert_info.procure_component + '_crt' ] is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> - cert_info[ cert_info.procure_component + '_key' ] is defined</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Creating signed server cert and key for {{ cert_info.procure_component }}</span></div><div><span style="font-family: courier; font-size: x-small;"> command: ></span></div><div><span style="font-family: courier; font-size: x-small;"> {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert</span></div><div><span style="font-family: courier; font-size: x-small;"> --key={{generated_certs_dir}}/{{cert_info.procure_component}}.key --cert={{generated_certs_dir}}/{{cert_info.procure_component}}.crt</span></div><div><span style="font-family: courier; font-size: x-small;"> --hostnames={{cert_info.hostnames|quote}} --signer-cert={{generated_certs_dir}}/ca.crt --signer-key={{generated_certs_dir}}/ca.key</span></div><div><span style="font-family: courier; font-size: x-small;"> --signer-serial={{generated_certs_dir}}/ca.serial.txt</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div><span style="font-family: courier; font-size: x-small;"> when:</span></div><div><b><span style="font-family: courier; font-size: x-small;"> <span style="color: red;">- cert_info.hostnames is defined</span></span></b></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> - not component_key_file.stat.exists</b></span></div><div><span style="color: red; font-family: courier; font-size: x-small;"><b> - not component_cert_file.stat.exists</b></span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">- name: Copying server key for {{ cert_info.procure_component }} to generated certs directory</span></div><div><span style="font-family: courier; font-size: x-small;"> copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key</span></div><div><span style="font-family: courier; font-size: x-small;"> check_mode: no</span></div><div>... </div></div><div><br /></div><div>It seems that the signing process for this part requires both the key file and cert file to be non-existent. Only missing cert file will not get it regenerated. So the solution is to remove kibana-internal.key so it would regenerate both key and crt file.</div><div>The strange thing is the playbook refers to kibana and kibana-ops, which should result in kibana.key, kibana-ops.key, kibana.crt, kibana-ops.key being installed. But seems that the missing hostname clause caused them not to be executed. Is it a typo ? But without the kibana.* and kibana-ops.* files all seem well so I will just ignore it.</div><div>After removal of kibana-internal.key, the playbook works like a charm, but the running pods is still using the old certificate. The solution is either to kill the pods or to scale down deployment to 0, wait for it to destroy the pods, and scale back up to the original value (might be 1 or 2 depending the replication factor in the inventory file).</div><div><br /></div><h2 style="text-align: left;">Conclusion and Postscript</h2><div>We conclude that the certificate generation process take place only in the first master, with the directory /etc/origin/logging used for the logging certificates. In order to regenerate the certificates we need to remove the expired crt file and also kibana-internal.key file, and execute the playbooks/byo/openshift-cluster/openshift-logging.yml ansible playbook. Redeploying pods will be necessary in order to use the newer certificates.</div><div>After going through the quite adventure, I just found out that there are a similar passage involving removal of /etc/origin/logging files in '<a href="https://docs.openshift.com/container-platform/3.9/install_config/aggregate_logging.html#fluentd-redeploy-certs">Redeploying EFK Certificates</a>' section in chapter 'Aggregating Container Logs' for Openshift 3.9.. Just be wary that location of ansible scripts changed quite a bit between Openshift Origin (OKD) updates.</div><div><br /><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-67567803929947811872020-08-01T23:52:00.002-07:002020-08-22T19:30:42.080-07:00Tips on Recovering from Out of Disk Space (Linux Server)<h4 style="text-align: left;">Background</h4><div>When multiple VM is being used for application infrastructure, sooner or later a system administrator will face out of disk space condition. This post will show a few selected approach to resolve such condition.</div><h4 style="text-align: left;">First Step : Identify The Disk Configuration</h4><div>Some commands to determine disk mounting configuration :</div><div><br /></div><div>determine disk usage and mount points : df -h</div><div>detailed mount point and options : mount | column -t</div><div>physical volumes for LVM : pvs</div><div>logical volumes for LVM : lvs</div><div>volume group for LVM : vgs</div><div>block devices list : lsblk</div><div><br /></div><div>Some VM might use ZFS on Linux, to examine pool configurations use :</div><div>zfs list</div><div>zpool list</div><div>zfs list -t snapshot</div><div><br /></div><h4 style="text-align: left;">Second step : Determine which directory are using most space</h4><div>From the df -h command, we found out which partition or mount point is at out of disk space condition or nearing it. Better way to determine which directory are the largest is using ncdu tool, but if you didn't have it installed you could always use du -hs /<path>/*.</div><div><br /></div><div>For example : df -h results in :</div><div><div>[root@pv1 ~]# df -h</div><div>Filesystem Size Used Avail Use% Mounted on</div><div>/dev/mapper/cl-root 23G 4.8G 19G 21% /</div><div>devtmpfs 16G 0 16G 0% /dev</div><div>tmpfs 16G 0 16G 0% /dev/shm</div><div>tmpfs 16G 1.6G 15G 11% /run</div><div>tmpfs 16G 0 16G 0% /sys/fs/cgroup</div><div>/dev/sda1 1014M 144M 871M 15% /boot</div><div>/dev/mapper/cl-var 10G 580M 9.5G 6% /var</div><div>pool1/data1 813G 735G 79G 91% /data</div><div>pool1 79G 0 79G 0% /pool1</div><div>tmpfs 3.2G 0 3.2G 0% /run/user/0</div></div><div>Then we checking out /data :</div><div><div>[root@pv1 exports]# ls -l /data/</div><div>total 5</div><div>drwxrwxrwx+ 113 nfsnobody nfsnobody 113 May 27 19:57 exports</div></div><div><br /></div><div>only one directory in /data,</div><div>So lets descend one level :</div><div><div>[root@pv1 exports]# ls -l /data/exports</div><div>total 365</div><div>drwxrwxrwx+ 4 nfsnobody nfsnobody 6 May 21 2018 clustermetrics</div><div>drwxr-xr-x+ 2 nfsnobody nfsnobody 2 Jun 16 2017 mysql-nolsatu</div><div>drwxrwxr-x+ 6 nfsnobody nfsnobody 22 Apr 1 22:40 pv0000001</div><div>drwxrwxr-x+ 6 nfsnobody nfsnobody 24 Jun 29 12:32 pv0000002</div><div>drwxrwxr-x+ 6 nfsnobody nfsnobody 24 Jan 29 2020 pv0000003</div><div>drwxrwxr-x+ 6 nfsnobody nfsnobody 22 Apr 1 22:42 pv0000004</div><div>drwxrwxr-x+ 6 nfsnobody nfsnobody 22 Jun 29 12:35 pv0000005</div><div>drwxrwxr-x+ 5 nfsnobody nfsnobody 5 Nov 6 2019 pv0000006</div><div>drwxrwxr-x+ 9 nfsnobody nfsnobody 25 Apr 5 13:03 pv0000007</div></div><div>...<redacted>..</div><div><br /></div><div>Then we check usage summary at this level :</div><div><div>[root@pv1 exports]# du -hs /data/exports/*</div><div>21G<span style="white-space: pre;"> </span>/data/exports/clustermetrics</div><div>1.5K<span style="white-space: pre;"> </span>/data/exports/mysql-nolsatu</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000001</div><div>652M<span style="white-space: pre;"> </span>/data/exports/pv0000002</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000003</div><div>408M<span style="white-space: pre;"> </span>/data/exports/pv0000004</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000005</div><div>6.0K<span style="white-space: pre;"> </span>/data/exports/pv0000006</div><div>415M<span style="white-space: pre;"> </span>/data/exports/pv0000007</div><div>264M<span style="white-space: pre;"> </span>/data/exports/pv0000008</div><div>263M<span style="white-space: pre;"> </span>/data/exports/pv0000009</div><div>29M<span style="white-space: pre;"> </span>/data/exports/pv0000010</div><div>332M<span style="white-space: pre;"> </span>/data/exports/pv0000011</div><div>178M<span style="white-space: pre;"> </span>/data/exports/pv0000012</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000013</div><div>1.5K<span style="white-space: pre;"> </span>/data/exports/pv0000014</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000015</div><div>47M<span style="white-space: pre;"> </span>/data/exports/pv0000016</div><div>340M<span style="white-space: pre;"> </span>/data/exports/pv0000017</div><div>332M<span style="white-space: pre;"> </span>/data/exports/pv0000018</div><div>2.8M<span style="white-space: pre;"> </span>/data/exports/pv0000019</div><div>55M<span style="white-space: pre;"> </span>/data/exports/pv0000020</div><div>190M<span style="white-space: pre;"> </span>/data/exports/pv0000021</div></div><div><br /></div><div>It might take a long time, you might want to do it in vnc session or screen.</div><div><br /></div><h4 style="text-align: left;">Deleting ZFS Snapshot (if there any)</h4><div>First trick, when we are using ZFS snapshots, we could delete old snapshots to reclaim space.</div><div>Check the snapshots using : zfs list -t snapshot</div><div><br /></div><div><div>[root@pv1 exports]# zfs list -t snapshot</div><div>NAME USED AVAIL REFER MOUNTPOINT</div><div>pool1/data1@zfs-auto-snap_weekly-2020-07-05-1659 24.1G - 728G -</div><div>pool1/data1@zfs-auto-snap_weekly-2020-07-12-1659 12.2G - 729G -</div><div>pool1/data1@zfs-auto-snap_weekly-2020-07-19-1659 0 - 728G -</div><div>pool1/data1@zfs-auto-snap_daily-2020-07-19-1659 0 - 728G -</div><div>..< redactd > ..</div></div><div><br />Then we could delete old snapshots by :</div><div>zfs destroy pool1/data1@zfs-auto-snap_weekly-2020-07-05-1659</div><div>zfs destroy pool1/data1@zfs-auto-snap_weekly-2020-07-12-1659</div><div><br /></div><div>I sometimes use this shortcut (zfsdestlast) :</div><div><div>alias zfsdestlast='zfs destroy `zfs list -t snapshot | head -n 2 | tail -n 1 | cut -d " " -f 1`'</div></div><div><br /></div><div>Be aware that we will be unable to recover data to that point in time after deleting the snapshots.</div><div><br /></div><div><h4 style="text-align: left;">Deleting not needed files</h4><div>This step only possible if we are certain that some large file is not needed at all. Just remove the offending file and make use that other people in your team (and also the team using the VM) is being confirmed before doing any action.</div><div>If the directory nearing full is being used as openshift container registry, you might want to run openshift prune (<span style="background-color: #e7e7e7; color: #404040; font-family: "Roboto Mono", monospace; font-size: 13px;">oadm prune images</span>) from master. Running it from outside the cluster (such as your laptop) in my case will fail. </div></div><div>If the directory (or logical volume) nearing full is being used as docker storage, you might want to run docker image cleanup ( docker rmi $(docker images --filter "dangling=true" -q --no-trunc) ), refer to this stackoverflow <a href="http://stackoverflow.com/questions/32723111/how-to-remove-old-and-unused-docker-images">question</a>. Newer versions of docker have 'docker image prune' command. Make sure you know the implication of running each pruning commands (container, volume, and image) without or with the -a option before doing any action.</div><h4 style="text-align: left;">Extending LVM Partition</h4><div>If there is some significant free space in the pvs command output, meaning not the entire physical LVM disk is being used, we could easily extend logical LVM partition.</div><div><br /></div><div>Commands: </div><div>pvs</div><div>lvs</div><div>lvextend -L +10G /dev/mapper/vgname-lvname</div><div>(replace vgname and lvname with the names showing in lvs and also df -h)</div><div>resize2fs /dev/mapper/vgname-lvname </div><div><br /></div><div>Another possibility is to add additional storage in VMWare (if the linux server is virtual), create a partition in the new storage, and add it into the volume group so we have free space to extend to.</div><h4 style="text-align: left;">Borrowing Space from Another Partition</h4><div>If one partition is low in space (for example, 99%) and Another partition is quite free ( lets say, have 50GB free), we might want to exchange disk space in one partition with another. One approach is by shrinking LVM partition with some shortcomings, for example that if the partition isn't using LVM then this approach could not be used. And there is another difficulty of shrinking the partition size when it is still being used by a running process and you want to minimize server downtime. So I would propose a different approach.</div><div>Step A. Find a mount point that have the largest free storage (for example: /var has 50 GB free); then find a directory in the low-space partition that uses significant amount of storage and under 50 GB. For example I found /es1/ops directory which used 14 GB of storage, and /es1 space usage is at 99%.</div><div>Step B. Make sure server software that using the directory is stopped. </div><div>Step C. Create sparse file in the donor partition (for this example, /var) : truncate -s 20G /var/storage/es-ops-1</div><div>Step D. Create temporary mount point : mkdir /mnt/es-ops-1</div><div>Step E. Create filesystem in the sparse file : mkfs.xfs /var/storage/es-ops-1 </div><div>Step F. Mount the filesystem in temporary mount : mount -o loop /var/storage/es-ops-1 /mnt/es-ops-1/</div><div>Step G. Move the directory content from step A to mount point in step F : </div><div>cd /es1/ops </div><div>mv * /mnt/es-ops-1/ </div><div>Step H. Remount the sparse file in the original directory :</div><div>umount /mnt/es-ops-1</div><div>mount /var/storage/es-ops-1 /es1/ops</div><div><br /></div><div><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com3tag:blogger.com,1999:blog-7335438738304284149.post-85191083251500575642020-07-31T18:41:00.002-07:002020-07-31T18:41:12.540-07:00Notes on Learning Open VSwitch in Openshift OKD<h4 style="text-align: left;">Background</h4><div>Open VSwitch or ovs is the software that openshift used to ensure pods in the openshift cluster could talk to each other using cluster-internal IP addresses. In default settings, hosts outside the cluster are not be able to connect directly to pods; and haproxy (running in 'openshift router' pods) sofware listening on host port is doing the work of distributing http request into each and every application's pods. </div><div>In order to follow this blog post you will need root-level OS access on the hosts / openshift nodes, so it is geared towards system administrator of the openshift platform, not the casual application developer.</div><div><br /></div><h4 style="text-align: left;">Examining OVS bridge</h4><div><div>[root@node3 ~]# ovs-vsctl list-br</div><div>br0</div></div><div><br /></div><div>So we know the OVS bridge is named br0.</div><div><br /></div><div><font face="courier" size="2">[root@node1 ~]# ovs-ofctl -O OpenFlow13 dump-ports-desc br0</font></div><div><div><font face="courier" size="2">OFPST_PORT_DESC reply (OF1.3) (xid=0x2):</font></div><div><font face="courier" size="2"> 1(vxlan0): addr:62:b2:af:23:90:ea</font></div><div><font face="courier" size="2"> config: 0</font></div><div><font face="courier" size="2"> state: 0</font></div><div><font face="courier" size="2"> speed: 0 Mbps now, 0 Mbps max</font></div><div><font face="courier" size="2"> 2(tun0): addr:b2:23:c3:0f:e4:56</font></div><div><font face="courier" size="2"> config: 0</font></div><div><font face="courier" size="2"> state: 0</font></div><div><font face="courier" size="2"> speed: 0 Mbps now, 0 Mbps max</font></div><div><font face="courier" size="2"> 4(vetheffe37e7): addr:ae:2d:49:6f:63:e5</font></div><div><font face="courier" size="2"> config: 0</font></div><div><font face="courier" size="2"> state: 0</font></div><div><font face="courier" size="2"> current: 10GB-FD COPPER</font></div><div><font face="courier" size="2"> speed: 10000 Mbps now, 0 Mbps max</font></div><div><font face="courier" size="2"> 5(vethf5f23dab): addr:1e:50:3b:2b:c2:66</font></div><div><font face="courier" size="2"> config: 0</font></div><div><font face="courier" size="2"> state: 0</font></div><div><font face="courier" size="2"> current: 10GB-FD COPPER</font></div><div><font face="courier" size="2"> speed: 10000 Mbps now, 0 Mbps max</font></div></div><div><font face="courier" size="2">...<redacted>..</font></div><div><br /></div><div><br /></div><div>This command describes multiple ports connected to br0.</div><div><br /></div><div><div><font face="courier" size="2">[root@node1 ~]# ovs-vsctl list Interface </font></div><div><font face="courier" size="2">_uuid : 6a087201-8904-42b1-98e3-25b0cc705be3</font></div><div><font face="courier" size="2">admin_state : up</font></div><div><font face="courier" size="2">bfd : {}</font></div><div><font face="courier" size="2">bfd_status : {}</font></div><div><font face="courier" size="2">cfm_fault : []</font></div><div><font face="courier" size="2">cfm_fault_status : []</font></div><div><font face="courier" size="2">cfm_flap_count : []</font></div><div><font face="courier" size="2">cfm_health : []</font></div><div><font face="courier" size="2">cfm_mpid : []</font></div><div><font face="courier" size="2">cfm_remote_mpids : []</font></div><div><font face="courier" size="2">cfm_remote_opstate : []</font></div><div><font face="courier" size="2">duplex : full</font></div><div><font face="courier" size="2">error : []</font></div><div><font face="courier" size="2">external_ids : {}</font></div><div><font face="courier" size="2">ifindex : 40019</font></div><div><font face="courier" size="2">ingress_policing_burst: 0</font></div><div><font face="courier" size="2">ingress_policing_rate: 0</font></div><div><font face="courier" size="2">lacp_current : []</font></div><div><font face="courier" size="2">link_resets : 0</font></div><div><font face="courier" size="2">link_speed : 10000000000</font></div><div><font face="courier" size="2">link_state : up</font></div><div><font face="courier" size="2">lldp : {}</font></div><div><font face="courier" size="2">mac : []</font></div><div><font face="courier" size="2">mac_in_use : "a6:2a:94:13:6e:2c"</font></div><div><font face="courier" size="2">mtu : 1450</font></div><div><font face="courier" size="2">mtu_request : []</font></div><div><font face="courier" size="2">name : "vethc20c6e49"</font></div><div><font face="courier" size="2">ofport : 5747</font></div><div><font face="courier" size="2">ofport_request : []</font></div><div><font face="courier" size="2">options : {}</font></div><div><font face="courier" size="2">other_config : {}</font></div><div><font face="courier" size="2">statistics : {collisions=0, rx_bytes=113334297, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=1286765, tx_bytes=134317929, tx_dropped=0, tx_errors=0, tx_packets=1963619}</font></div><div><font face="courier" size="2">status : {driver_name=veth, driver_version="1.0", firmware_version=""}</font></div><div><font face="courier" size="2">type : ""</font></div></div><div><font face="courier" size="2">...<redacted>..</font></div><div><br /></div><div>This command also shows more detail for all interfaces registered in the system.</div><div><br /></div><h4 style="text-align: left;">Determining pod IP address</h4><div>oc get pods dev4-prod-120-58wwz -o yaml</div><div>...<redacted></div><div><div> phase: Running</div><div> podIP: 10.130.0.226</div><div> startTime: 2020-07-31T15:40:42Z</div></div><div><br /></div><div>This command, usually run in client, shows the pod information available in openshift, including podIP.</div><div>We could also use jsonpath formatting to extract the podIP.</div><div><br /></div><div>oc get pods dev4-prod-120-58wwz -o jsonpath={.status.podIP}</div><div>10.130.0.226</div><h4 style="text-align: left;">Tracing OVS Flow </h4><div><div><font face="courier" size="2">[root@node1 ~]# ovs-ofctl -O OpenFlow13 dump-flows br0 | grep 10.130.0.226</font></div><div><font face="courier" size="2"> cookie=0x0, duration=35168.268s, table=20, n_packets=5811, n_bytes=244062, priority=100,arp,in_port=7854,arp_spa=10.130.0.226,arp_sha=ba:f5:f5:e6:e5:39 actions=load:0->NXM_NX_REG0[],goto_table:21</font></div><div><font face="courier" size="2"> cookie=0x0, duration=35168.265s, table=20, n_packets=98642, n_bytes=18472691, priority=100,ip,in_port=7854,nw_src=10.130.0.226 actions=load:0->NXM_NX_REG0[],goto_table:21</font></div><div><font face="courier" size="2"> cookie=0x0, duration=35168.262s, table=40, n_packets=5823, n_bytes=244566, priority=100,arp,arp_tpa=10.130.0.226 actions=output:7854</font></div><div><font face="courier" size="2"> cookie=0x0, duration=35168.262s, table=70, n_packets=119641, n_bytes=225619754, priority=100,ip,nw_<font color="#ff0000">dst</font>=10.130.0.226 actions=load:0->NXM_NX_REG1[],load:<font color="#ff0000">0x1eae</font>->NXM_NX_REG2[],goto_table:80</font></div></div><div><br /></div><div>Dump-flows shows flow rules installed (by openshift). By using 'grep' we filter rules that related to one IP address. In the resulting flow we see that with destination 10.130.0.22 will be processed first by loading <span style="color: red; font-family: courier; font-size: small;">0x1eae</span> (= 7854 in decimal) value first, and the logic jumps to table 80.</div><div><br /></div><div><div><font face="courier" size="2">[root@node1 ~]# ovs-ofctl -O OpenFlow13 dump-flows br0 | grep "table=80"</font></div><div><font face="courier" size="2"> cookie=0x0, duration=16006044.135s, table=80, n_packets=388568503, n_bytes=32628601914, priority=300,ip,nw_src=10.130.0.1 actions=output:NXM_NX_REG2[]</font></div><div><font face="courier" size="2"> cookie=0x0, duration=16006044.132s, table=80, n_packets=0, n_bytes=0, priority=0 actions=drop</font></div><div><font face="courier" size="2"> cookie=0x0, duration=7894349.775s, table=80, n_packets=3837887096, n_bytes=2263560750277, priority=200 actions=output:NXM_NX_REG2[]</font></div></div><div><br /></div><div>Next we grep using table condition shown before (table=80). We find that the action is to set the output port according the previously stored REG2 (which is 7854).</div><div><br /></div><div><div><font face="courier" size="2">[root@node1 ~]# ovs-vsctl list Interface | grep -C 1 7854</font></div><div><font face="courier" size="2">name : "veth819d4ff6"</font></div><div><font face="courier" size="2">ofport : 7854</font></div><div><font face="courier" size="2">ofport_request : []</font></div></div><div><br /></div><div><br /></div><div>By searching for keyword '7854' in the interface list, we found that virtual ethernet interface veth819d4ff6</div><div> is related to previous pod IP address. Armed with this information we could do tcpdump on the interface to troubleshoot application issues.</div><div><br /></div><div>Note the role mismatch, using this method we need system-administrator access to troubleshoot application issues. Other methods to do tcpdump might be more appropriate (such as the approach using sidecars in <a href="https://developers.redhat.com/blog/2019/02/27/sidecars-analyze-debug-network-traffic-kubernetes-pod/">https://developers.redhat.com/blog/2019/02/27/sidecars-analyze-debug-network-traffic-kubernetes-pod/</a> ).</div><div><br /></div><div><br /></div><div><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-13599402880063020782020-07-30T20:21:00.001-07:002020-07-30T20:40:44.468-07:00How to show clusterwide utilization in Openshift/Kubernetes<h4 style="text-align: left;">Background</h4><div>When deploying openshift/kubernetes cluster in production, usually we used more than 3 machine/hosts, and in my company's deployment we used more than 10 VMs. Monitoring resource usage in multiple VM is nothing new but using kubernetes we have an option to use kubectl / oc adm top nodes to do this. Using kubectl/ oc adm top nodes will show overall CPU and memory usage for each node</div><h4 style="text-align: left;">The old ways (pre-kubernetes)</h4><div>Before using kubernetes/openshift, we used RHEL/CentOS VMs and to get resource usage we use the sar utility. Of course we need to install sar first (sudo <span style="background-color: #eeeeee; color: #111111; font-family: Consolas, Monaco, Menlo, Courier, Verdana, sans-serif; font-size: 13px;">yum install sysstat)</span>, and then sar is quite unique that it store historical data based on the date of the month. </div><div>To get cpu usage for current date :</div><div>sar</div><div>To get memory usage for current date :</div><div>sar -r</div><div>To get memory usage for the date 30 :</div><div>sar -r -f /var/log/sa/sa30</div><div><div>To get cpu usage for the date 30 :</div></div><div>sar -f /var/log/sa/sa30</div><div><br /></div><div>There are other interesting resource usage such as per core cpu usage (sar -P ALL), block device statistics (sar -b and sar -d) and network (sar -n DEV); refer to this link <a href="https://www.thegeekstuff.com/2011/03/sar-examples/">https://www.thegeekstuff.com/2011/03/sar-examples/</a></div><div><br /></div><h4 style="text-align: left;">Kubernetes (and openshift way)</h4><div>The command to show clusterwide utilization is : </div><div><span style="font-family: courier;">kubectl adm top nodes</span></div><div>or</div><div><span style="font-family: courier;">oc adm top nodes</span></div><div><br /></div><div>However, in some case the command won't work and will return error message.</div><h4 style="text-align: left;">1. Cannot find resource</h4><div><span style="font-family: courier; font-size: small;">Error from server (NotFound): the server could not find the requested resource (get services http:heapster:)</span></div><div><br /></div><div>The solution for this is to add namespace information where the heapster service is running :</div><div>oc adm top nodes --heapster-namespace='openshift-infra'</div><div><br /></div><h4 style="text-align: left;">2. Malformed HTTP response</h4><div><br /></div><div><span style="font-size: small;">Error from server (InternalError): an error on the server ("Error: 'malformed HTTP response \"\\x15\\x03\\x01\\x00\\x02\\x02\"'\nTrying to reach: 'http://10.198.14.128:8082/apis/metrics/v1alpha1/nodes?labelSelector='") has prevented the request from succeeding (get services http:heapster:)</span></div><div><br /></div><div>For this, the solution is to change from http to https scheme.</div><div><span style="font-family: courier; font-size: small;">oc adm top nodes --heapster-namespace='openshift-infra' --heapster-scheme=https</span></div><div><div><span style="font-family: courier; font-size: small;">NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% </span></div><div><span style="font-family: courier; font-size: small;">infra3.paas.telkom.co.id 616m 3% 6776Mi 42% </span></div><div><span style="font-family: courier; font-size: small;">node3.paas.telkom.co.id 2205m 14% 64724Mi 50% </span></div><div><span style="font-family: courier; font-size: small;">node1.paas.telkom.co.id 1625m 10% 64409Mi 50% </span></div><div><span style="font-family: courier; font-size: small;">node7.paas.telkom.co.id 2915m 18% 33371Mi 25% </span></div><div><span style="font-family: courier; font-size: small;">logging1.paas.telkom.co.id 191m 4% 10529Mi 66% </span></div><div><span style="font-family: courier; font-size: small;">master3.paas.telkom.co.id 138m 3% 8769Mi 55% </span></div><div><span style="font-family: courier; font-size: small;">node5.paas.telkom.co.id 3026m 19% 62947Mi 49% </span></div><div><span style="font-family: courier; font-size: small;">infra2.paas.telkom.co.id 1486m 9% 5485Mi 34% </span></div><div><span style="font-family: courier; font-size: small;">infra1.paas.telkom.co.id 376m 2% 4378Mi 27% </span></div><div><span style="font-family: courier; font-size: small;">node4.paas.telkom.co.id 699m 4% 60793Mi 47% </span></div><div><span style="font-family: courier; font-size: small;">node6.paas.telkom.co.id 980m 6% 53378Mi 41% </span></div><div><span style="font-family: courier; font-size: small;">node9.paas.telkom.co.id 1150m 7% 48668Mi 37% </span></div><div><span style="font-family: courier; font-size: small;">master2.paas.telkom.co.id 162m 4% 8998Mi 57% </span></div><div><span style="font-family: courier; font-size: small;">logging2.paas.telkom.co.id 379m 9% 9764Mi 61% </span></div><div><span style="font-family: courier; font-size: small;">node2.paas.telkom.co.id 2796m 17% 68857Mi 53% </span></div><div><span style="font-family: courier; font-size: small;">node8.paas.telkom.co.id 797m 4% 52673Mi 40% </span></div><div><span style="font-family: courier; font-size: small;">logging3.paas.telkom.co.id 60m 1% 1307Mi 8% </span></div><div><span style="font-family: courier; font-size: small;">master1.paas.telkom.co.id 138m 3% 7183Mi 45% </span></div></div><div><br /></div><div>Using cron job to record utilization</div><div><br /></div><div>The previous method will allow us to get current resource utilization, but how about utilization in the previous day or a few hours back? This cron job will execute the oc adm command and record the output into a certain directory. But you must first create service account to be used when running the oc adm command, refer to openshift documentation : <a href="https://docs.openshift.com/container-platform/3.6/dev_guide/service_accounts.html">https://docs.openshift.com/container-platform/3.6/dev_guide/service_accounts.html</a></div><div><br /></div><div><div><span style="font-family: courier;">#!/bin/bash</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">TOKEN1=<put service account token here></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">LOG1=/root/logtop/</span></div><div><span style="font-family: courier;">TGL1=$(date +%Y%m%d-%H%M%S)</span></div><div><span style="font-family: courier;">oc adm top node --token=$TOKEN1 --heapster-namespace=openshift-infra --heapster-scheme=https >> $LOG1/d-$TGL1</span></div></div><div><br /></div><div>The resulting files could be grep to show utilization for single vm / node :</div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">[root@master1 ~]# grep infra3 /root/logtop/d-2020072*</span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-000001:infra3.paas.telkom.co.id 415m 2% 7024Mi 44% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-001001:infra3.paas.telkom.co.id 456m 2% 6967Mi 44% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-002001:infra3.paas.telkom.co.id 601m 3% 7215Mi 45% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-003001:infra3.paas.telkom.co.id 525m 3% 6955Mi 44% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-004001:infra3.paas.telkom.co.id 485m 3% 6897Mi 43% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-005001:infra3.paas.telkom.co.id 417m 2% 6743Mi 42% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-010001:infra3.paas.telkom.co.id 519m 3% 6741Mi 42% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-011001:infra3.paas.telkom.co.id 479m 2% 6742Mi 42% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-012001:infra3.paas.telkom.co.id 413m 2% 6485Mi 41% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-013002:infra3.paas.telkom.co.id 386m 2% 6101Mi 38% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-014001:infra3.paas.telkom.co.id 726m 4% 6192Mi 39% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-015001:infra3.paas.telkom.co.id 464m 2% 5870Mi 37% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-020001:infra3.paas.telkom.co.id 438m 2% 5771Mi 36% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-021001:infra3.paas.telkom.co.id 494m 3% 5706Mi 36% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-022001:infra3.paas.telkom.co.id 395m 2% 5598Mi 35% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-023001:infra3.paas.telkom.co.id 356m 2% 5760Mi 36% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-024001:infra3.paas.telkom.co.id 577m 3% 6181Mi 39% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-025001:infra3.paas.telkom.co.id 478m 2% 5913Mi 37% </span></div><div><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200720-030001:infra3.paas.telkom.co.id 437m 2% 5803Mi 36% </span></div><div><span style="font-size: x-small;"><font face="courier">/root/logtop/d-20200720-031001:infra3.paas.telkom.co.id 513m 3% 5854Mi 37%</font></span></div></div><p style="text-align: left;">Another example:</p><p><span style="font-family: courier; font-size: x-small;">[root@master1 ~]# grep infra2 /root/logtop/d-20200723* | tail</span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-072001:infra2.paas.telkom.co.id 454m 2% 10399Mi 65% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-073001:infra2.paas.telkom.co.id 461m 2% 11237Mi 71% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-074001:infra2.paas.telkom.co.id 2713m 16% 13194Mi 83% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-075001:infra2.paas.telkom.co.id 9033m 56% 15134Mi 95% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-080001:infra2.paas.telkom.co.id 10490m 65% 15183Mi 96% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-081001:infra2.paas.telkom.co.id 925m 5% 2795Mi 17% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-083001:infra2.paas.telkom.co.id 8197m 51% 10963Mi 69% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-085001:infra2.paas.telkom.co.id 3783m 23% 5095Mi 32% </span></p><p><span style="font-family: courier; font-size: x-small;">/root/logtop/d-20200723-090001:infra2.paas.telkom.co.id 5559m 34% 12428Mi 78% </span></p><p><span style="font-family: courier;"><font size="1">/root/logtop/d-20200723-091001:infra2.paas.telkom.co.id 15261m 95% 14896Mi 94%</font></span></p><h4 style="text-align: left;">Conclusion</h4><div>This post shows how to get resource utilization per host/vm using oc adm and workaround for common errors such as malformed HTTP response and could not find requested resource.</div><div><br /></div><div>Addendum</div><div><br /></div>yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-38959987430565176762020-07-27T17:36:00.001-07:002020-07-27T17:36:39.713-07:00Debugging Web Services in Netweaver ABAP Server<div dir="ltr" style="text-align: left;" trbidi="on">
When running an application in the server, sometimes things doesn't goes the way it supposed to be, and we need to debug the application. For desktop application based on Java or .NET technology, it is just a matter of setting the breakpoint in IDE and then running the application with debug enabled. For web application based on ASP.NET, similar thing could be done by using Visual Studio and running the web application in debug mode using IIS Express. But what about web services that being served by SAP Netweaver AS ? This post shows how.<br />
<br />
<h4 style="text-align: left;">
Option 1. Execute - Debugging in SE37</h4>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhRXCYYpYTWIJtlXeHo_U9BlbuQhUt0FRc9idARpLCWKU-1UYc14gGNBR8Gp7rQ2XFaCIapr3tPjxp9TsswL_PDyMt3xG6be2GDfxcMMeqfWO4e3t-rIqjrqQySdjErU9DuCuwSA6YE05E/s1600/se_37_scr_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="504" data-original-width="946" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhRXCYYpYTWIJtlXeHo_U9BlbuQhUt0FRc9idARpLCWKU-1UYc14gGNBR8Gp7rQ2XFaCIapr3tPjxp9TsswL_PDyMt3xG6be2GDfxcMMeqfWO4e3t-rIqjrqQySdjErU9DuCuwSA6YE05E/s320/se_37_scr_1.png" width="320" /></a>This is the most standard way to debug ABAP remote function module. Just open up transaction SE37, type function module name, and click on the caliper icon (For those who are not so into STEM stuffs, you could see this wiki <a href="https://en.wikipedia.org/wiki/Calipers">page</a> to know about calipers). Then fill in the input parameters before clicking on the Execute - Debugging icon.<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHXwLAfc6zMf4FjqGtkrowrL9_uxdyODAWAYnMd19eKgKGEdjZYDxNa0NbIaJiH5A4AoDhvOu-ZpHmXv8EthYOtlPS83eTvHuoKMdEWDvK462MaB1p2maGjvJ7-UY4o4fbqMHQ9vzt-f2Z/s1600/se_37_scr_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="952" data-original-width="904" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHXwLAfc6zMf4FjqGtkrowrL9_uxdyODAWAYnMd19eKgKGEdjZYDxNa0NbIaJiH5A4AoDhvOu-ZpHmXv8EthYOtlPS83eTvHuoKMdEWDvK462MaB1p2maGjvJ7-UY4o4fbqMHQ9vzt-f2Z/s320/se_37_scr_2.png" width="303" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Now you are inside the ABAP debugger, and the function is ready to run and to debug.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPEdy1MCHu5_jXZTacDG36OK7oEANlTjg89G2SUg-8guZiPzrX_2LRXkfG6GLh8nLCAKUtb4GoVqINar9FGmAsPHJAZr9kWKDjaYL6HIOA38eZFnfwSC4mgt3ETlbr3Hfitp4CMGwr9D6M/s1600/se_37_debugger.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="845" data-original-width="1600" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPEdy1MCHu5_jXZTacDG36OK7oEANlTjg89G2SUg-8guZiPzrX_2LRXkfG6GLh8nLCAKUtb4GoVqINar9FGmAsPHJAZr9kWKDjaYL6HIOA38eZFnfwSC4mgt3ETlbr3Hfitp4CMGwr9D6M/s640/se_37_debugger.png" width="640" /></a></div>
<br />
<h4 style="text-align: left;">
Option 2. By Activating Debug</h4>
<br />
But sometimes filling the expected parameter in SE37 and running the function module from there yield different result compared to calling the web service from external application. In this case, we need to activate debugging for specific url in the Netweaver AS. Open transaction SICF, type the url of the web service being called in the 'Service path' field. I usually uses the built in /sap/bc/soap/rfc url because creating dedicated web services is quite a hassle. Then click on Execute button.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC7VPinGk3qYcys0knTXWmTis2myHX68jtPkyOEc4C9g6-PFsTZc8TY3DpQUowdC0b_cj8RL4wjmtc33ihQr7Keq4cdAlCvbLJPcMP0S5Jte1aw1DHmbKcbGRzucLiRYPGuixJ5kx8oujO/s1600/sicf_scr1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="604" data-original-width="1390" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC7VPinGk3qYcys0knTXWmTis2myHX68jtPkyOEc4C9g6-PFsTZc8TY3DpQUowdC0b_cj8RL4wjmtc33ihQr7Keq4cdAlCvbLJPcMP0S5Jte1aw1DHmbKcbGRzucLiRYPGuixJ5kx8oujO/s400/sicf_scr1.png" width="400" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<br />
Navigate the tree in the bottom panel to choose the web service being debugged. Ensure focus on the web service in the tree.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB44yX41kXy1PB252x2yCh5DpFTV8T6NEoQvZqLMxcoF5AWKB0Wjby0zItFx2lHbM9EKMDQ68McTdM93xTvzD-CUAiy9d6NqzOCin38cE1lI8oiQ3olGuSPS-bnC4vMC0b-2bBAQmt6t5o/s1600/sicf_scr2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="598" data-original-width="1218" height="157" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB44yX41kXy1PB252x2yCh5DpFTV8T6NEoQvZqLMxcoF5AWKB0Wjby0zItFx2lHbM9EKMDQ68McTdM93xTvzD-CUAiy9d6NqzOCin38cE1lI8oiQ3olGuSPS-bnC4vMC0b-2bBAQmt6t5o/s320/sicf_scr2.png" width="320" /></a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
In the Edit menu, you will find Debugging menu, and then click on the menu item 'Activate Debugging'.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gZw45T-JDdQoMD_6pJXr0wHs8HF40dRLenor5-_PlI2_QNeggd5M7pFs9pNNKeOWVVnsT7Wmd-n-P5r-bxi1zEzLVs2BSJKzJeTaeHwnd6xFLojvE9N7BJDInkvRU_cO-yZYFNKYhSPR/s1600/sicf_scr3.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="664" data-original-width="1026" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gZw45T-JDdQoMD_6pJXr0wHs8HF40dRLenor5-_PlI2_QNeggd5M7pFs9pNNKeOWVVnsT7Wmd-n-P5r-bxi1zEzLVs2BSJKzJeTaeHwnd6xFLojvE9N7BJDInkvRU_cO-yZYFNKYhSPR/s400/sicf_scr3.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTRnBTH0o2WYWre8tp0RzUEAZn4w6Xa_qKXpSPzSRi2NiyY6beXrL-Gs1KuUr_JwHpDBSzhRKQgO6YLLgdHPp5wxQ2ZwG1vV4uiNjyTHl7epw3l8bx8GKG6ZQRaBuUviUIJ0Nkh0O890Ar/s1600/sicf_scr4.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="704" data-original-width="1378" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTRnBTH0o2WYWre8tp0RzUEAZn4w6Xa_qKXpSPzSRi2NiyY6beXrL-Gs1KuUr_JwHpDBSzhRKQgO6YLLgdHPp5wxQ2ZwG1vV4uiNjyTHl7epw3l8bx8GKG6ZQRaBuUviUIJ0Nkh0O890Ar/s320/sicf_scr4.png" width="320" /></a></div>
Fill the username of the web service being debugged, then click Activate.<br />
If all is well, you get a message in status bar : 'Breakpoint was set for external debugging (User: xxxx Validity : yy:zz:aa)'.<br />
<br />
<br />
<br />
<br />
<br />
<br />
When Debugging is active, the debugger would pop up in the same session whenever the web service url being called from other application.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0Xx09-o6oEUyNC9Oq7p1AM-NAeJnh3Li-HLLy3InQiVCF88zNT0zSYhc6rWqlie4JHUnKnbJ-Ep5hoVXqUrHgvL1k2WBqn8vC5peo-HBklnq68VSMHJejLQuZ2DefEyL_HKk2tpYf-wE8/s1600/sicf_scr5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="850" data-original-width="1600" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0Xx09-o6oEUyNC9Oq7p1AM-NAeJnh3Li-HLLy3InQiVCF88zNT0zSYhc6rWqlie4JHUnKnbJ-Ep5hoVXqUrHgvL1k2WBqn8vC5peo-HBklnq68VSMHJejLQuZ2DefEyL_HKk2tpYf-wE8/s320/sicf_scr5.png" width="320" /></a></div>
<br />
<h4 style="text-align: left;">
Conclusion</h4>
Features of Netweaver Application Server could be used to debug known function modules, one of the option is to perform debugging on the function module using SE37. The other option is to use transaction SICF and activate debugging using menu Edit : Debugging : Activate debugging when the SICF node is being selected.</div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-66928095125441520722019-10-13T03:55:00.001-07:002020-01-13T17:25:45.224-08:00Repair Your Windows Store and Metro Apps After Windows Update<div dir="ltr" style="text-align: left;" trbidi="on">
<h3 style="text-align: left;">
Background</h3>
<div>
Sometimes after updating Windows 10, the Windows Modern UI / Metro Apps no longer works. You could try starting any of them, such as Calculator, Photo, or Microsoft Store - and after opening a blank window it will just close. This has happened several times, twice in my wife's laptop, and once in our home Desktop PC. This post will try to give few options to solve this problem. But I still don't know what caused it.</div>
<h3 style="text-align: left;">
Step 1. Assess condition of installed VCLib Packages</h3>
<div>
Open up Powershell by pressing Windows Key and typing Powershell. Click Run as administrator if it is shown (if not, right click on the Powershell icon first).</div>
<div>
Type :</div>
<div>
Get-AppxPackage Microsoft*VC* | Select InstallLocation</div>
<div>
<br /></div>
<div>
The result will be the location where VCLibs packages were installed. We concern only the VCLibs 140 version without UWPDesktop in the package names. </div>
<div>
<br /></div>
<div>
Try to check the files of the installed VCLibs packages (we need to do this twice, once for the x86 and the second for the x64).</div>
<div>
<br /></div>
<div>
cd "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe"</div>
<div>
dir</div>
<div>
<br /></div>
<div>
If several files has 0-bytes length, then you know that this is the reason why Windows Modern UI apps no longer works.<br />
<br />
I also found a case where there is a missing file in the directory (instead of 0-bytes file), which is harder to detect. For this I will write another blog post.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Step 2. Download replacement packages</h3>
<div>
If the corrupt installed version is 27323, we could solve the situation by installing newer version of VCLibs. In order to get url to download the newer package, try opening Windows Calculator store page : <a href="https://www.microsoft.com/en-us/p/windows-calculator/9wzdncrfhvn5%C2%A0">https://www.microsoft.com/en-us/p/windows-calculator/9wzdncrfhvn5 </a></div>
<div>
Then we need help to get the urls, open up <a href="https://store.rg-adguard.net/">https://store.rg-adguard.net/</a> and paste the windows calculator url.</div>
<div>
From there we get VCLibs version 27810 or higher : the x64 version : <a href="http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/628f920b-6ee5-4f64-9988-8e840bc0aa5d?P1=1570963476&P2=402&P3=2&P4=fNONpS%2b%2bAHqzsNC1GMSjigdfY22i5b%2bZfbuJFsmzVMUWrsxC36WLNA0DRkGXn4ljKQlaeb7qW8B8As3imHqkXQ%3d%3d" rel="noreferrer" style="background-color: rgba(188, 235, 240, 0.8); font-family: "Palatino Linotype", "Book Antiqua", Palatino, serif; font-size: 14px;">Microsoft.VCLibs.140.00_14.0.27810.0_x64__8wekyb3d8bbwe.appx</a> </div>
<div>
and the x86 version : <a href="http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a0025085-6aee-41eb-a47e-1a0d6de801dc?P1=1570963476&P2=402&P3=2&P4=QoXfpg4ja3MBMijf7ZSaULqPbtIMOFS6E%2fTMzPcgXTJfUV5PR%2bJe9033vBn7nwpzAtEy%2fCEVbJFjif8TscPy1Q%3d%3d" rel="noreferrer" style="background-color: rgba(188, 235, 240, 0.8); font-family: "Palatino Linotype", "Book Antiqua", Palatino, serif; font-size: 14px;">Microsoft.VCLibs.140.00_14.0.27810.0_x86__8wekyb3d8bbwe.appx</a></div>
<div>
Store the resulting appx files in your Downloads directory or somewhere that is easy to access.</div>
<div>
<br /></div>
<div>
As alternative, you could get the existing VCLibs package directory from a healthy Windows 10 PC/Laptop. Be mindful that even admininstrator-level user could not replace package files manually without changing many directory permissions, so this options is keep for last resort only.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Step 3. Install replacement packages</h3>
<div>
Back using the powershell, execute these commands :</div>
<div>
cd C:\Users\<usrname>\Downloads</usrname></div>
<div>
Add-AppxPackage .\Microsoft.VCLibs.140.00_14.0.27810.0_x86__8wekyb3d8bbwe.Appx</div>
<div>
Add-AppxPackage .\Microsoft.VCLibs.140.00_14.0.27810.0_x64__8wekyb3d8bbwe.Appx</div>
<div>
<br /></div>
<div>
Done!</div>
<div>
Complications could happen if your corrupt VCLibs package is higher than 27810, therefore you cannot upgrade to 27810, and you also will not be able to reinstall 27810. If that is the case, borrowing from technique from <a href="https://www.vacuumbreather.com/index.php/blog/item/89-the-case-of-corrupted-store-apps">https://www.vacuumbreather.com/index.php/blog/item/89-the-case-of-corrupted-store-apps</a>, we could override the package's state to be not OK before installing the Appx package. The steps are :<br />
a. Push Windows Button -> type regedit -> choose Registry Editor<br />
b. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\<br />
c. Right click on package list, create a new folder with package full name, example : "Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe"<br />
d. Right click on the new folder, create a new DWORD key, rename it to PackageStatus<br />
e. double click on the PackageStatus and set 2 as the value<br />
f. install!<br />
Add-AppxPackage .\Microsoft.VCLibs.140.00_14.0.27810.0_x64__8wekyb3d8bbwe.Appx<br />
<br /></div>
<div>
Question: Why, couldn't we repair windows in this case? It seems that the WindowsApps directory it not part of the files registered to System File Checker, and also in order to get the package recognized by windows it involves some kind of registry but not in Windows Registry. These condition is too complicated for the system file checker to handle, so it is not designed to check for these problems.</div>
<h3 style="text-align: left;">
Conclusion</h3>
<div>
To fix Windows Metro Apps not running, try to upgrade Microsoft VCLibs library by installing newer version of the library or try to reinstall the library if the latest version is already installed.</div>
</div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com7tag:blogger.com,1999:blog-7335438738304284149.post-78331564542751966632019-05-30T19:49:00.000-07:002019-05-30T20:00:16.028-07:00Backing Up MySQL Database using Openshift/Kubernetes Cron Job<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Periodic Backups</h2>
<div>
When running an application in production, the data and app should be backed up periodically. One way to do that is by using git repository for the source code and periodically dumping the database. This article shows how to do such periodic jobs using CronJob functionality of Openshift/Kubernetes.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Technique</h2>
<div>
When running a cronjob, the filesystem that being used to run the pod will be ephemeral, that is, non-persistent. To work around this limit we should mount from external volume, which can be in the form of persistent volume claim or directly provided volume specification. </div>
<div>
<br /></div>
<h3 style="text-align: left;">
The Job specs</h3>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">apiVersion: batch/v1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">kind: Job</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">metadata:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: job04-test </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> template:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> containers:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: job04c-test</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> image: centos/mysql-57-centos7</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> command: ["/bin/sh","-c", "/opt/rh/rh-mysql57/root/usr/bin/mysqldump --single-transaction -u $MYSQL_USER $MYSQL_DB -h $MYSQL_HOST | gzip > /tmp/dump`date '+%Y%m%d'`.sql.gz"]</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumeMounts:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - mountPath: /tmp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> subPath: job03</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> env :</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_USER</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbuser"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_DB</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbname"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_PWD</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "xxxx"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_HOST</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "10.1.2.3"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> restartPolicy: Never</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumes:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> persistentVolumeClaim:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> claimName: dbdumps</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> backoffLimit: 4</span><br />
<br />
This job is using persistent volume claim, in which the persistent volume need to be prepared before. If you want to use direct specification, for instance referencing hostpath, the spec will be like this :<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">apiVersion: batch/v1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">kind: Job</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">metadata:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: job05-hostpath</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> template:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> containers:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: job05</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> image: centos/mysql-57-centos7</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> command: ["/bin/sh","-c", "/opt/rh/rh-mysql57/root/usr/bin/mysqldump --single-transaction -u $MYSQL_USER $MYSQL_DB -h $MYSQL_HOST | gzip > /tmp/dump`date '+%Y%m%d'`.sql.gz"]</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumeMounts:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - mountPath: /tmp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> subPath: job05</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> env :</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_USER</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbuser"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_DB</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbname"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_PWD</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "xxxx"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_HOST</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "10.1.2.3"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> restartPolicy: Never</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumes:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> hostPath:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> path: /data/dbdumps</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> type: Directory</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> backoffLimit: 4</span><br />
<br />
To run the job, save the job spec into a file (example: job05.yaml) first. If using kubernetes, this should do the job :<br />
kubectl apply -f job05.yaml<br />
or if using openshift command line interface :<br />
oc create -f job05.yaml<br />
or if using openshift web console:<br />
<br />
<ol style="text-align: left;">
<li>login to console, choose one existing project </li>
<li>click add to project</li>
<li>click import YAML/JSON</li>
<li>paste the job spec</li>
<li>click create</li>
</ol>
<div>
<br /></div>
<br />
<h3 style="text-align: left;">
Converting To CronJob</h3>
<br />
A cronjob is just a job with a cron schedule, for instance this cronjob is running once every hour at the 27th minute :<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">apiVersion: batch/v2alpha1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">kind: CronJob</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">metadata:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: crondbdump1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> schedule: "27 * * * *" </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> successfulJobsHistoryLimit: 7</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> jobTemplate: </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> template:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> metadata:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> labels: </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> parent: "crondumpifrs"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> spec:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> containers:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: crondbdump1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> image: centos/mysql-57-centos7</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> command: ["/bin/sh","-c", "/opt/rh/rh-mysql57/root/usr/bin/mysqldump --single-transaction --routines -u $MYSQL_USER $MYSQL_DB -h $MYSQL_HOST | gzip > /tmp/dump`date '+%Y%m%d_%H%M%S'`.sql.gz"]</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumeMounts:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - mountPath: /tmp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> subPath: job03</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> env :</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_USER</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbuser"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_DB</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "dbname"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_PWD</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "xxxx"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: MYSQL_HOST</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> value: "10.1.2.3"</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> restartPolicy: OnFailure </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> volumes:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> - name: dbdumpsvol</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> hostPath:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> path: /data/dbdumps</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> type: Directory</span><br />
<div>
<br /></div>
<div>
To run the cronjob, use the same procedure (oc create -f and kubectl apply -f ). In Openshift, we are limited to command-line interface monitoring the cron jobs :</div>
<br />
<br />
<div class="p1">
<span class="s1" style="font-family: Courier New, Courier, monospace;"><span class="Apple-converted-space"> </span>oc get cronjobs</span></div>
<div>
<div class="p1">
<span class="s1" style="font-family: Courier New, Courier, monospace;">NAME <span class="Apple-converted-space"> </span>SCHEDULE<span class="Apple-converted-space"> </span>SUSPEND <span class="Apple-converted-space"> </span>ACTIVE<span class="Apple-converted-space"> </span>LAST-SCHEDULE</span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><span style="font-variant-ligatures: no-common-ligatures;">crondumpifrs2</span><span class="Apple-converted-space" style="font-variant-ligatures: no-common-ligatures;"> </span><span style="font-variant-ligatures: no-common-ligatures;">27 * * * *</span><span class="Apple-converted-space" style="font-variant-ligatures: no-common-ligatures;"> </span><span style="font-variant-ligatures: no-common-ligatures;">True</span><span class="Apple-converted-space" style="font-variant-ligatures: no-common-ligatures;"> </span><span style="font-variant-ligatures: no-common-ligatures;">0</span><span style="font-variant-ligatures: no-common-ligatures;"> </span><span class="Apple-converted-space" style="font-variant-ligatures: no-common-ligatures;"> </span><span style="font-variant-ligatures: no-common-ligatures;">Mon, 16 Apr 2018 16:27:00 +0700</span></span></div>
<div class="p1">
<span class="s1" style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p1">
<span class="s1" style="font-family: Courier New, Courier, monospace;">oc edit crondumpifrs</span></div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
References</h3>
<div>
<br /></div>
<div>
1. <a href="https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/">https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/</a></div>
<div>
2. <a href="https://kubernetes.io/docs/concepts/storage/volumes/#hostpath">https://kubernetes.io/docs/concepts/storage/volumes/#hostpath</a></div>
<div>
3. <a href="https://docs.openshift.com/container-platform/3.5/dev_guide/cron_jobs.html">https://docs.openshift.com/container-platform/3.5/dev_guide/cron_jobs.html</a> </div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style></div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-20556519302650868482019-04-11T19:55:00.002-07:002019-04-11T19:55:13.502-07:00Find out Lock Path in ZFS<div dir="ltr" style="text-align: left;" trbidi="on">
<h3 style="text-align: left;">
Scenario</h3>
<div>
A linux server that using ZFS storage, exports the directory in the storage using NFS. There is a need to confirm that some files are still locked or not. </div>
<div>
<br /></div>
<h3 style="text-align: left;">
1. Determine Inode</h3>
<div>
The ls command has -i option to show inode id for each directory/files.</div>
<div>
<br /></div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #4c7aff}
</style>
<div class="p1">
<span class="s1">[root@pv1 mysql]# ls -il</span></div>
<div class="p1">
<span class="s1">total 200867</span></div>
<div class="p1">
<span class="s1">41506 -rw-rw-r--+ 1 1000070000 nfsnobody <span class="Apple-converted-space"> </span>0 Aug 15<span class="Apple-converted-space"> </span>2017 debian-5.5.flag</span></div>
<div class="p1">
<span class="s1"><b>41509</b> -rw-rw----+ 1 1000070000 nfsnobody 195035136 Apr<span class="Apple-converted-space"> </span>5 12:02 ibdata1</span></div>
<div class="p1">
<span class="s1">41507 -rw-rw----+ 1 1000070000 nfsnobody <span class="Apple-converted-space"> </span>5242880 Apr<span class="Apple-converted-space"> </span>5 12:02 ib_logfile0</span></div>
<div class="p1">
<span class="s1">41508 -rw-rw----+ 1 1000070000 nfsnobody <span class="Apple-converted-space"> </span>5242880 Mar 26 19:33 ib_logfile1</span></div>
<div class="p1">
<span class="s1">41376 drwx------+ 2 1000070000 nfsnobody <span class="Apple-converted-space"> </span>119 Jul 30<span class="Apple-converted-space"> </span>2018 </span><span class="s2">jwdb</span></div>
<div class="p1">
<span class="s1">41511 drwxr-x---+ 2 1000070000 nfsnobody<span class="Apple-converted-space"> </span>74 Aug 15<span class="Apple-converted-space"> </span>2017 </span><span class="s2">mysql</span></div>
<div class="p1">
<span class="s1">41510 -rw-------+ 1 1000070000 nfsnobody <span class="Apple-converted-space"> </span>6 Aug 15<span class="Apple-converted-space"> </span>2017 mysql_upgrade_info</span></div>
<div class="p1">
<span class="s1">41487 drwx------+ 2 1000070000 nfsnobody<span class="Apple-converted-space"> </span>20 Aug 15<span class="Apple-converted-space"> </span>2017 </span><span class="s2">performance_schema</span></div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
2. Determine Locks</h3>
<div>
Locks are stored in /proc/locks; the columns are : row number, POSIX/FLOCK, mandatory/advisory, lock mode, process id, major:minor:inode</div>
<div>
<div class="p1">
<span class="s1">[root@pv1 ~]# head /proc/locks</span></div>
<div class="p1">
<span class="s1">1: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:5841 0 EOF</span></div>
<div class="p1">
<span class="s1">2: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:69634 0 EOF</span></div>
<div class="p1">
<span class="s1">3: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:35661 0 EOF</span></div>
<div class="p1">
<span class="s1">4: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:82713 0 EOF</span></div>
<div class="p1">
<span class="s1">5: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:82707 0 EOF</span></div>
<div class="p1">
<span class="s1">6: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:28639 0 EOF</span></div>
<div class="p1">
<span class="s1">7: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 29695 fd:00:17154793 0 EOF</span></div>
<div class="p1">
<span class="s1">8: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 1417 00:12:18009 0 EOF</span></div>
<div class="p1">
<span class="s1">9: FLOCK<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 1416 00:12:18004 0 EOF</span></div>
<div class="p1">
<span class="s1">10: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:261122 0 EOF</span></div>
<div class="p1">
<span class="s1"><br /></span></div>
</div>
<h3 style="text-align: left;">
3. Cross check inode id and locks</h3>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #c33720}
</style>
<div class="p1">
<span class="s1">[root@pv1 ~]# cat /proc/locks | grep 41509</span></div>
<div class="p1">
<span class="s1">345: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:</span><span class="s2"><b>41509</b></span><span class="s1"> 0 EOF</span></div>
</div>
<div>
<br /></div>
<div>
This means the <span style="background-color: white; font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">ibdata1 file are still locked.</span></div>
<h3 style="text-align: left;">
4. Alternative : Determine Path From Inode ID</h3>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span class="s1">[root@pv1 ~]# head /proc/locks</span></div>
<div class="p1">
<span class="s1">1: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:<b>5841</b> 0 EOF</span></div>
<div class="p1">
<span class="s1">2: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:69634 0 EOF</span></div>
<div class="p1">
<span class="s1">3: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:35661 0 EOF</span></div>
<div class="p1">
<span class="s1">4: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:82713 0 EOF</span></div>
<div class="p1">
<span class="s1">5: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:82707 0 EOF</span></div>
<div class="p1">
<span class="s1">6: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:28639 0 EOF</span></div>
<div class="p1">
<span class="s1">7: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 29695 fd:00:17154793 0 EOF</span></div>
<div class="p1">
<span class="s1">8: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 1417 00:12:18009 0 EOF</span></div>
<div class="p1">
<span class="s1">9: FLOCK<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 1416 00:12:18004 0 EOF</span></div>
<div class="p1">
<span class="s1">10: POSIX<span class="Apple-converted-space"> </span>ADVISORY<span class="Apple-converted-space"> </span>WRITE 5127 00:27:261122 0 EOF</span></div>
</div>
<div>
<br /></div>
<div>
Try one of the Inode id shown (5841):</div>
<div>
<br /></div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.Apple-tab-span {white-space:pre}
</style>
<div class="p1">
<span class="s1">[root@pv1 ~]# zfs list</span></div>
<div class="p1">
<span class="s1">NAME<span class="Apple-converted-space"> </span>USED<span class="Apple-converted-space"> </span>AVAIL<span class="Apple-converted-space"> </span>REFER<span class="Apple-converted-space"> </span>MOUNTPOINT</span></div>
<div class="p1">
<span class="s1">pool1 <span class="Apple-converted-space"> </span>426G<span class="Apple-converted-space"> </span>43.6G<span class="Apple-converted-space"> </span>19K<span class="Apple-converted-space"> </span>/pool1</span></div>
<div class="p1">
<span class="s1">pool1/data1 <span class="Apple-converted-space"> </span>426G<span class="Apple-converted-space"> </span>43.6G <span class="Apple-converted-space"> </span>364G<span class="Apple-converted-space"> </span>/data</span></div>
<div class="p1">
<span class="s1">[root@pv1 ~]# zdb -dddd pool1/data1 5841</span></div>
<div class="p1">
<span class="s1">Dataset pool1/data1 [ZPL], ID 41, cr_txg 28, 364G, 229744 objects, rootbp DVA[0]=<0:f0b562c00:200> DVA[1]=<1:354d34c00:200> [L0 DMU objset] fletcher4 lz4 LE contiguous unique double size=800L/200P birth=12610129L/12610129P fill=229744 cksum=174031e67e:6cd4fa9f9ec:1280395cd1030:253e3b3c546d06</1:354d34c00:200></0:f0b562c00:200></span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Object<span class="Apple-converted-space"> </span>lvl <span class="Apple-converted-space"> </span>iblk <span class="Apple-converted-space"> </span>dblk<span class="Apple-converted-space"> </span>dsize<span class="Apple-converted-space"> </span>lsize <span class="Apple-converted-space"> </span>%full<span class="Apple-converted-space"> </span>type</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>5841<span class="Apple-converted-space"> </span>1<span class="Apple-converted-space"> </span>16K<span class="Apple-converted-space"> </span>96.0K<span class="Apple-converted-space"> </span>96.0K<span class="Apple-converted-space"> </span>96.0K<span class="Apple-converted-space"> </span>100.00<span class="Apple-converted-space"> </span>ZFS plain file</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>292 <span class="Apple-converted-space"> </span>bonus<span class="Apple-converted-space"> </span>System attributes</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>dnode flags: USED_BYTES USERUSED_ACCOUNTED<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>dnode maxblkid: 0</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>path<span class="Apple-tab-span"> </span>/exports/pv0000021/mysql/engine_cost.ibd</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>uid <span class="Apple-converted-space"> </span>1000510000</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>gid <span class="Apple-converted-space"> </span>65534</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>atime<span class="Apple-tab-span"> </span>Wed Apr 10 14:49:17 2019</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>mtime<span class="Apple-tab-span"> </span>Mon Aug 14 18:47:44 2017</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>ctime<span class="Apple-tab-span"> </span>Mon Aug 14 18:47:44 2017</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>crtime<span class="Apple-tab-span"> </span>Mon Aug 14 18:47:41 2017</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>gen<span class="Apple-tab-span"> </span>1072474</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>mode<span class="Apple-tab-span"> </span>100640</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>size<span class="Apple-tab-span"> </span>98304</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>parent<span class="Apple-tab-span"> </span>5756</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>links<span class="Apple-tab-span"> </span>1</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>pflags<span class="Apple-tab-span"> </span>40800000004</span></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span>SA xattrs: 116 bytes, 1 entries</span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1"><span class="Apple-tab-span"> </span><span class="Apple-tab-span"> </span>system.posix_acl_access = \002\000\000\000\001\000\006\000\377\377\377\377\002\000\007\000\376\377\000\000\004\000\007\000\377\377\377\377\010\000\007\000\376\377\000\000\020\000\004\000\377\377\377\377 \000\000\000\377\377\377\377</span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1">[root@pv1 ~]#<span class="Apple-converted-space"> </span></span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #c33720}
</style></div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-26024615162787640312019-03-28T15:52:00.001-07:002019-03-28T15:52:51.633-07:00How to Build Your Own Openshift Builder Image (PHP 5.6 with oci, pdo_oci, rfc) - part II<div dir="ltr" style="text-align: left;" trbidi="on">
In the previous post, I described the final process of building an Openshift builder docker image. This post is like a flashback - where I describe the processes <b>before </b> the final docker image can be built.<br />
The processes are necessary to build two files; the pdo-oci rpm (<span style="background-color: #e0e0e0; white-space: pre-wrap;">rh-php56-php-pdo_oci-5.6.25-1.el7.centos.x86_64.rpm</span>) and the oci8.so extension file.<br />
<br />
<h3 style="text-align: left;">
Checkout</h3>
Let us checkout the pdo_oci8 branch first from (my) github : (skip if you already followed part I)<br />
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
<span class="s1" style="color: #c33720; font-variant-ligatures: no-common-ligatures;"><b>aws@broker ~ $ </b></span><span style="font-variant-ligatures: no-common-ligatures;">git clone https://github.com/yudhiwidyatama/s2i-php-container.git</span></div>
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
<span class="s1" style="color: #c33720; font-variant-ligatures: no-common-ligatures;"><b>aws@broker </b></span><span class="s2" style="color: #5230e1; font-variant-ligatures: no-common-ligatures;"><b>~ $ </b></span><span class="s3" style="color: black; font-variant-ligatures: no-common-ligatures;">cd s2i-php-container/</span></div>
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
<span class="s1" style="color: #c33720; font-variant-ligatures: no-common-ligatures;"><b>aws@broker </b></span><span class="s2" style="color: #5230e1; font-variant-ligatures: no-common-ligatures;"><b>s2i-php-container $ </b></span><span class="s3" style="color: black; font-variant-ligatures: no-common-ligatures;">git checkout pdo_oci8</span></div>
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
<span class="s3" style="color: black; font-variant-ligatures: no-common-ligatures;">Branch pdo_oci8 set up to track remote branch pdo_oci8 from origin.</span></div>
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
</div>
<div class="p1" style="background-color: #e0e0e0; color: #333333; font-family: Verdana, sans-serif; font-size: 13px;">
<span class="s3" style="color: black; font-variant-ligatures: no-common-ligatures;">Switched to a new branch 'pdo_oci8'</span></div>
<br />
Go to the 5.6 php version directory :<br />
<br />
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #5230e1; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #4c7aff}
</style>
<br />
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>s2i-php-container $ </b></span><span class="s3">ls</span></div>
<div class="p2">
<span class="s4">5.5</span><span class="s2"><span class="Apple-converted-space"> </span></span><span class="s4">5.6</span><span class="s2"><span class="Apple-converted-space"> </span></span><span class="s4">7.0</span><span class="s2"><span class="Apple-converted-space"> </span></span><span class="s4">7.1</span><span class="s2"><span class="Apple-converted-space"> </span></span><span class="s4">common</span><span class="s2"><span class="Apple-converted-space"> </span>LICENSE<span class="Apple-converted-space"> </span>Makefile<span class="Apple-converted-space"> </span>README.md</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>s2i-php-container $ </b></span><span class="s3">cd 5.6</span></div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #ff3b1e}
span.s5 {font-variant-ligatures: no-common-ligatures; color: #4c7aff}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">ls -l</span></div>
<div class="p2">
<span class="s1">total 24716</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws<span class="Apple-converted-space"> </span>112 Nov 20 14:30 cccp.yml</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>3623 Mar 28 20:36 Dockerfile</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>3184 Mar 28 20:36 Dockerfile.rhel7</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>2087 Mar 28 20:36 Dockerfile.stage1</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>2947 Mar 28 20:36 Dockerfile.stage2</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>2873 Mar 28 20:36 Dockerfile.stage3</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>3589 Mar 28 20:36 Dockerfile.stage4min</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>576120 Mar 28 20:36 oci8.so</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws<span class="Apple-converted-space"> </span>92980 Mar 28 20:36 php.spec</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>6879 Mar 28 20:36 README.md</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws 24322441 Nov 29 07:48 </span><span class="s4">rfcsdk.tar.gz</span></div>
<div class="p3">
<span class="s3">-rw-rw-r--. 1 aws aws<span class="Apple-converted-space"> </span>47984 Mar 28 20:36 </span><span class="s1">rh-php56-php-pdo_oci-5.6.25-1.el7.centos.x86_64.rpm</span></div>
<div class="p2">
<span class="s1">drwxrwxr-x. 4 aws aws <span class="Apple-converted-space"> </span>4096 Mar 28 20:36 </span><span class="s5">root</span></div>
<div class="p2">
<span class="s1">drwxrwxr-x. 3 aws aws <span class="Apple-converted-space"> </span>4096 Nov 20 14:30 </span><span class="s5">s2i</span></div>
<div class="p2">
<span class="s1">-rw-rw-r--. 1 aws aws <span class="Apple-converted-space"> </span>210104 Nov 29 07:48 </span><span class="s4">saprfc.tar.gz</span></div>
<div class="p2">
<span class="s1">drwxrwxr-x. 3 aws aws <span class="Apple-converted-space"> </span>4096 Mar 28 20:36 </span><span class="s5">test</span></div>
<br /><br />
We have Dockerfile for stage1,stage2, stage3 and stage4min.<br />
The purpose of stage1 is to prepare base image for stage2 and stage3.<br />
The stage2's purpose is to create pdo_oci8 rpm, and stage3 is to prepare create oci8.so.<br />
<br />
<h3 style="text-align: left;">
Preparation </h3>
Please ensure the centos base image are up-to-date.<br />
<br />
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
<br />
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker pull centos/s2i-base-centos7</span></div>
<div class="p1">
<span class="s3">latest: Pulling from centos/s2i-base-centos7</span></div>
<div class="p1">
<span class="s3">28b0a3c5ee4c: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">1f2965b8bcc4: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">d5e8864a9881: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">038d5dbe0fc5: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">7d08112f59e8: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">af124b8fb0b8: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">bd3cf27801f8: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">40f85a17a5d8: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">14db5037ed83: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">d40cd7dcf2b0: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">bb4f537a6349: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">c123b367e221: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">7f36614f2297: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">bdd505fa3756: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">bed782a275ce: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">912543b1b0fb: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">1b165c5ac84d: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">02cf7c504a28: Pull complete<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Digest: sha256:2ae5946a7d35ec324778baac86eb87538dac135e46e98c6da67ccd433a40782c</span></div>
<div class="p1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p1">
<span class="s3">Status: Downloaded newer image for centos/s2i-base-centos7:latest</span></div>
<h3 style="text-align: left;">
Stage1</h3>
<div>
In this first stage we build a baseline docker image with the required php56 packages. </div>
<div>
Note: if the <span style="background-color: white; font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;">rh-php56-php </span>packages not found, please pull the latest pdo_oci8 from github project s2i-php-container because the packages were just recently moved to vault so needing an additional repo file (see Step 6 below). And you could change the git hub user prefix tag, but also remember to change the first line in the next stage files.</div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
<br />
<div class="p1">
<br /></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker build -f Dockerfile.stage1 -t yudhiwidyatama/s2i-php56-oci8-stage1 .</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon 89.48 MB</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Step 0 : FROM centos/s2i-base-centos7</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 02cf7c504a28</span></div>
<div class="p1">
<span class="s3">Step 1 : EXPOSE 8080</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 0704834d55c5</span></div>
<div class="p1">
<span class="s3">Step 2 : EXPOSE 8443</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in c320d3fc0750</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 855ee9806db5</span></div>
<div class="p1">
<span class="s3">Removing intermediate container c320d3fc0750</span></div>
<div class="p1">
<span class="s3">Step 3 : ENV PHP_VERSION 5.6 PATH $PATH:/opt/rh/rh-php56/root/usr/bin</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in f11d106d4cf3</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> b536c07632d5</span></div>
<div class="p1">
<span class="s3">Removing intermediate container f11d106d4cf3</span></div>
<div class="p1">
<span class="s3">Step 4 : ENV SUMMARY "Platform for building and running PHP $PHP_VERSION applications" DESCRIPTION "PHP $PHP_VERSION available as docker container is a base platform for building and running various PHP $PHP_VERSION applications and frameworks. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts."</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in 4ad14576a47f</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 2b49e0cfbba8</span></div>
<div class="p1">
<span class="s3">Removing intermediate container 4ad14576a47f</span></div>
<div class="p1">
<span class="s3">Step 5 : LABEL summary "$SUMMARY" description "$DESCRIPTION" io.k8s.description "$DESCRIPTION" io.k8s.display-name "Apache 2.4 with PHP 5.6" io.openshift.expose-services "8080:http" io.openshift.tags "builder,php,php56,rh-php56" name "centos/php-56-centos7" com.redhat.component "rh-php56-docker" version "5.6" release "1" maintainer "SoftwareCollections.org <sclorg redhat.com="">"</sclorg></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in d3879d6e25ca</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> e8ec6ee45349</span></div>
<div class="p1">
<span class="s3">Removing intermediate container d3879d6e25ca</span></div>
<div class="p1">
<span class="s3">Step 6 : COPY ./VaultRh.repo /etc/yum.repos.d/VaultRh.repo</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> d1e45c3082ff</span></div>
<div class="p1">
<span class="s3">Removing intermediate container 1d6dad140b74</span></div>
<div class="p1">
<span class="s3">Step 7 : RUN yum install -y centos-release-scl && <span class="Apple-converted-space"> </span>INSTALL_PKGS="rh-php56 rh-php56-php rh-php56-php-mysqlnd rh-php56-php-pgsql rh-php56-php-bcmath <span class="Apple-converted-space"> </span>rh-php56-php-gd rh-php56-php-intl rh-php56-php-ldap rh-php56-php-mbstring rh-php56-php-pdo <span class="Apple-converted-space"> </span>rh-php56-php-pecl-memcache rh-php56-php-process rh-php56-php-soap rh-php56-php-opcache rh-php56-php-xml <span class="Apple-converted-space"> </span>rh-php56-php-pecl-xdebug rh-php56-php-gmp rh-php56-php-devel" && <span class="Apple-converted-space"> </span>yum install -y --setopt=tsflags=nodocs --enablerepo=centosplus --enablerepo=vaultrh $INSTALL_PKGS && <span class="Apple-converted-space"> </span>rpm -V $INSTALL_PKGS && <span class="Apple-converted-space"> </span>yum clean all -y</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in d3cd88f1e6b8</span></div>
<div class="p1">
<span class="s3">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s3">Determining fastest mirrors</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* base: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* extras: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* updates: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3">Package centos-release-scl-2-2.el7.centos.noarch already installed and latest version</span></div>
<div class="p1">
<span class="s3">Nothing to do</span></div>
<div class="p1">
<span class="s3">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s3">Loading mirror speeds from cached hostfile</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* base: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* centosplus: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* extras: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* updates: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3">Resolving Dependencies</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56.x86_64 0:2.3-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-runtime(x86-64) = 2.3-1.el7 for package: rh-php56-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-runtime for package: rh-php56-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-php-pear for package: rh-php56-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-php-common(x86-64) for package: rh-php56-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-php-cli(x86-64) for package: rh-php56-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: httpd24-httpd-mmn = 20120211x8664 for package: rh-php56-php-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: httpd24-httpd for package: rh-php56-php-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-bcmath.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-devel.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-php-pecl-jsonc-devel(x86-64) for package: rh-php56-php-devel-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-gd.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libvpx.so.1()(64bit) for package: rh-php56-php-gd-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libt1.so.5()(64bit) for package: rh-php56-php-gd-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-gmp.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-intl.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libicuuc.so.50()(64bit) for package: rh-php56-php-intl-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libicuio.so.50()(64bit) for package: rh-php56-php-intl-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libicui18n.so.50()(64bit) for package: rh-php56-php-intl-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libicudata.so.50()(64bit) for package: rh-php56-php-intl-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-ldap.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-mbstring.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-mysqlnd.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-opcache.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pdo.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pecl-memcache.x86_64 0:3.0.8-12.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pecl-xdebug.x86_64 0:2.2.7-3.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pgsql.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-process.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-soap.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-xml.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package httpd24-httpd.x86_64 0:2.4.34-7.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: httpd24-httpd-tools = 2.4.34-7.el7 for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: policycoreutils-python for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: policycoreutils for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: httpd24-runtime for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: /etc/mime.types for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libnghttp2-httpd24.so.14()(64bit) for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libjansson.so.4()(64bit) for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libcurl-httpd24.so.4()(64bit) for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd24-httpd-2.4.34-7.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package libicu.x86_64 0:50.1.2-17.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package libvpx.x86_64 0:1.3.0-5.el7_0 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-cli.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-common.x86_64 0:5.6.25-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: rh-php56-php-pecl-jsonc(x86-64) for package: rh-php56-php-common-5.6.25-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pear.noarch 1:1.9.5-4.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pecl-jsonc-devel.x86_64 0:1.3.6-3.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-runtime.x86_64 0:2.3-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libselinux-utils for package: rh-php56-runtime-2.3-1.el7.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package t1lib.x86_64 0:5.1.2-14.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed</span></div>
<div class="p1">
<span class="s3">---> Package httpd24-httpd-tools.x86_64 0:2.4.34-7.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package httpd24-libcurl.x86_64 0:7.61.1-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package httpd24-libnghttp2.x86_64 0:1.7.1-7.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package httpd24-runtime.x86_64 0:1.1-18.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package jansson.x86_64 0:2.10-1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package libselinux-utils.x86_64 0:2.5-14.1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libselinux-python for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64</span></div>
<div class="p1">
<span class="s3">---> Package rh-php56-php-pecl-jsonc.x86_64 0:1.3.6-3.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package libselinux-python.x86_64 0:2.5-14.1.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package python-IPy.noarch 0:0.75-6.el7 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Finished Dependency Resolution</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Dependencies Resolved</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Package <span class="Apple-converted-space"> </span>Arch <span class="Apple-converted-space"> </span>Version<span class="Apple-converted-space"> </span>Repository<span class="Apple-converted-space"> </span>Size</span></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3">Installing:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56<span class="Apple-converted-space"> </span>x86_64 2.3-1.el7<span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>4.0 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>1.3 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-bcmath <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>59 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-devel<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>629 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-gd <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>158 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-gmp<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>56 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-intl <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>150 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-ldap <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>57 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-mbstring <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>519 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-mysqlnd<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>185 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-opcache<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>101 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pdo<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>100 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-memcache<span class="Apple-converted-space"> </span>x86_64 3.0.8-12.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>69 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-xdebug<span class="Apple-converted-space"> </span>x86_64 2.2.7-3.el7<span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>122 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pgsql<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>95 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-process<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>61 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-soap <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>165 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-xml<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>162 k</span></div>
<div class="p1">
<span class="s3">Installing for dependencies:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>apr <span class="Apple-converted-space"> </span>x86_64 1.4.8-3.el7_4.1<span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>103 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>apr-util<span class="Apple-converted-space"> </span>x86_64 1.5.2-6.el7<span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>92 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>audit-libs-python <span class="Apple-converted-space"> </span>x86_64 2.8.4-4.el7<span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>76 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>centos-logos<span class="Apple-converted-space"> </span>noarch 70.0.6-3.el7.centos<span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>21 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>checkpolicy <span class="Apple-converted-space"> </span>x86_64 2.5-8.el7<span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>295 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-httpd <span class="Apple-converted-space"> </span>x86_64 2.4.34-7.el7 <span class="Apple-converted-space"> </span>centos-sclo-rh 1.5 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-httpd-tools <span class="Apple-converted-space"> </span>x86_64 2.4.34-7.el7 <span class="Apple-converted-space"> </span>centos-sclo-rh<span class="Apple-converted-space"> </span>88 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-libcurl <span class="Apple-converted-space"> </span>x86_64 7.61.1-1.el7 <span class="Apple-converted-space"> </span>centos-sclo-rh 268 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-libnghttp2<span class="Apple-converted-space"> </span>x86_64 1.7.1-7.el7<span class="Apple-converted-space"> </span>centos-sclo-rh<span class="Apple-converted-space"> </span>61 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-runtime <span class="Apple-converted-space"> </span>x86_64 1.1-18.el7 <span class="Apple-converted-space"> </span>centos-sclo-rh<span class="Apple-converted-space"> </span>28 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>jansson <span class="Apple-converted-space"> </span>x86_64 2.10-1.el7 <span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>37 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libcgroup <span class="Apple-converted-space"> </span>x86_64 0.41-20.el7<span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>66 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libicu<span class="Apple-converted-space"> </span>x86_64 50.1.2-17.el7<span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>6.9 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libselinux-python <span class="Apple-converted-space"> </span>x86_64 2.5-14.1.el7 <span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>235 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libselinux-utils<span class="Apple-converted-space"> </span>x86_64 2.5-14.1.el7 <span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>151 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libsemanage-python<span class="Apple-converted-space"> </span>x86_64 2.5-14.el7 <span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>113 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libvpx<span class="Apple-converted-space"> </span>x86_64 1.3.0-5.el7_0<span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>498 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>mailcap <span class="Apple-converted-space"> </span>noarch 2.1.41-2.el7 <span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>31 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>policycoreutils <span class="Apple-converted-space"> </span>x86_64 2.5-29.el7_6.1 <span class="Apple-converted-space"> </span>updates<span class="Apple-converted-space"> </span>916 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>policycoreutils-python<span class="Apple-converted-space"> </span>x86_64 2.5-29.el7_6.1 <span class="Apple-converted-space"> </span>updates<span class="Apple-converted-space"> </span>456 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>python-IPy<span class="Apple-converted-space"> </span>noarch 0.75-6.el7 <span class="Apple-converted-space"> </span>base<span class="Apple-converted-space"> </span>32 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-cli<span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>2.6 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-common <span class="Apple-converted-space"> </span>x86_64 5.6.25-1.el7 <span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>742 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pear <span class="Apple-converted-space"> </span>noarch 1:1.9.5-4.el7<span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>367 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-jsonc <span class="Apple-converted-space"> </span>x86_64 1.3.6-3.el7<span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>44 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-jsonc-devel x86_64 1.3.6-3.el7<span class="Apple-converted-space"> </span>vaultrh <span class="Apple-converted-space"> </span>27 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-runtime<span class="Apple-converted-space"> </span>x86_64 2.3-1.el7<span class="Apple-converted-space"> </span>vaultrh<span class="Apple-converted-space"> </span>1.1 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>setools-libs<span class="Apple-converted-space"> </span>x86_64 3.3.8-4.el7<span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>620 k</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>t1lib <span class="Apple-converted-space"> </span>x86_64 5.1.2-14.el7 <span class="Apple-converted-space"> </span>base <span class="Apple-converted-space"> </span>166 k</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Transaction Summary</span></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3">Install<span class="Apple-converted-space"> </span>18 Packages (+29 Dependent packages)</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Total download size: 43 M</span></div>
<div class="p1">
<span class="s3">Installed size: 93 M</span></div>
<div class="p1">
<span class="s3">Downloading packages:</span></div>
<div class="p1">
<span class="s3">--------------------------------------------------------------------------------</span></div>
<div class="p1">
<span class="s3">Total<span class="Apple-converted-space"> </span>1.6 MB/s |<span class="Apple-converted-space"> </span>43 MB<span class="Apple-converted-space"> </span>00:27<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Running transaction check</span></div>
<div class="p1">
<span class="s3">Running transaction test</span></div>
<div class="p1">
<span class="s3">Transaction test succeeded</span></div>
<div class="p1">
<span class="s3">Running transaction</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : apr-1.4.8-3.el7_4.1.x86_64<span class="Apple-converted-space"> </span>1/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : apr-util-1.5.2-6.el7.x86_64 <span class="Apple-converted-space"> </span>2/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libselinux-utils-2.5-14.1.el7.x86_64<span class="Apple-converted-space"> </span>3/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : policycoreutils-2.5-29.el7_6.1.x86_64 <span class="Apple-converted-space"> </span>4/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libvpx-1.3.0-5.el7_0.x86_64 <span class="Apple-converted-space"> </span>5/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libcgroup-0.41-20.el7.x86_64<span class="Apple-converted-space"> </span>6/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : audit-libs-python-2.8.4-4.el7.x86_64<span class="Apple-converted-space"> </span>7/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libselinux-python-2.5-14.1.el7.x86_64 <span class="Apple-converted-space"> </span>8/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libsemanage-python-2.5-14.el7.x86_64<span class="Apple-converted-space"> </span>9/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libicu-50.1.2-17.el7.x86_64<span class="Apple-converted-space"> </span>10/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : t1lib-5.1.2-14.el7.x86_64<span class="Apple-converted-space"> </span>11/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : setools-libs-3.3.8-4.el7.x86_64<span class="Apple-converted-space"> </span>12/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : centos-logos-70.0.6-3.el7.centos.noarch<span class="Apple-converted-space"> </span>13/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : python-IPy-0.75-6.el7.noarch <span class="Apple-converted-space"> </span>14/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : checkpolicy-2.5-8.el7.x86_64 <span class="Apple-converted-space"> </span>15/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : policycoreutils-python-2.5-29.el7_6.1.x86_64 <span class="Apple-converted-space"> </span>16/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-runtime-2.3-1.el7.x86_64<span class="Apple-converted-space"> </span>17/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : httpd24-runtime-1.1-18.el7.x86_64<span class="Apple-converted-space"> </span>18/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pecl-jsonc-1.3.6-3.el7.x86_64 <span class="Apple-converted-space"> </span>19/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-common-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>20/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-cli-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>21/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pdo-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>22/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pecl-jsonc-devel-1.3.6-3.el7.x86_64 <span class="Apple-converted-space"> </span>23/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-devel-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>24/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-process-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>25/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-xml-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>26/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : 1:rh-php56-php-pear-1.9.5-4.el7.noarch <span class="Apple-converted-space"> </span>27/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : httpd24-libcurl-7.61.1-1.el7.x86_64<span class="Apple-converted-space"> </span>28/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : httpd24-libnghttp2-1.7.1-7.el7.x86_64<span class="Apple-converted-space"> </span>29/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : httpd24-httpd-tools-2.4.34-7.el7.x86_64<span class="Apple-converted-space"> </span>30/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : mailcap-2.1.41-2.el7.noarch<span class="Apple-converted-space"> </span>31/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : jansson-2.10-1.el7.x86_64<span class="Apple-converted-space"> </span>32/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : httpd24-httpd-2.4.34-7.el7.x86_64<span class="Apple-converted-space"> </span>33/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>34/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-2.3-1.el7.x86_64<span class="Apple-converted-space"> </span>35/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pgsql-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>36/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>37/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-soap-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>38/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-intl-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>39/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pecl-xdebug-2.2.7-3.el7.x86_64<span class="Apple-converted-space"> </span>40/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-pecl-memcache-3.0.8-12.el7.x86_64 <span class="Apple-converted-space"> </span>41/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-opcache-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>42/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-mbstring-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>43/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-ldap-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>44/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-gmp-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>45/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-bcmath-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>46/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : rh-php56-php-gd-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>47/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>1/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-devel-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>2/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: jansson-2.10-1.el7.x86_64 <span class="Apple-converted-space"> </span>3/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: mailcap-2.1.41-2.el7.noarch <span class="Apple-converted-space"> </span>4/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: httpd24-libcurl-7.61.1-1.el7.x86_64 <span class="Apple-converted-space"> </span>5/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-soap-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>6/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-intl-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>7/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: policycoreutils-2.5-29.el7_6.1.x86_64 <span class="Apple-converted-space"> </span>8/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pecl-xdebug-2.2.7-3.el7.x86_64 <span class="Apple-converted-space"> </span>9/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: 1:rh-php56-php-pear-1.9.5-4.el7.noarch <span class="Apple-converted-space"> </span>10/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-cli-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>11/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pecl-memcache-3.0.8-12.el7.x86_64 <span class="Apple-converted-space"> </span>12/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-runtime-2.3-1.el7.x86_64<span class="Apple-converted-space"> </span>13/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: checkpolicy-2.5-8.el7.x86_64 <span class="Apple-converted-space"> </span>14/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: httpd24-httpd-tools-2.4.34-7.el7.x86_64<span class="Apple-converted-space"> </span>15/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pecl-jsonc-devel-1.3.6-3.el7.x86_64 <span class="Apple-converted-space"> </span>16/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: httpd24-runtime-1.1-18.el7.x86_64<span class="Apple-converted-space"> </span>17/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-opcache-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>18/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: python-IPy-0.75-6.el7.noarch <span class="Apple-converted-space"> </span>19/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: httpd24-libnghttp2-1.7.1-7.el7.x86_64<span class="Apple-converted-space"> </span>20/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: centos-logos-70.0.6-3.el7.centos.noarch<span class="Apple-converted-space"> </span>21/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-mbstring-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>22/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-ldap-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>23/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: httpd24-httpd-2.4.34-7.el7.x86_64<span class="Apple-converted-space"> </span>24/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: setools-libs-3.3.8-4.el7.x86_64<span class="Apple-converted-space"> </span>25/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: policycoreutils-python-2.5-29.el7_6.1.x86_64 <span class="Apple-converted-space"> </span>26/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: t1lib-5.1.2-14.el7.x86_64<span class="Apple-converted-space"> </span>27/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libicu-50.1.2-17.el7.x86_64<span class="Apple-converted-space"> </span>28/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libsemanage-python-2.5-14.el7.x86_64 <span class="Apple-converted-space"> </span>29/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: apr-util-1.5.2-6.el7.x86_64<span class="Apple-converted-space"> </span>30/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-gmp-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>31/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pgsql-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>32/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: apr-1.4.8-3.el7_4.1.x86_64 <span class="Apple-converted-space"> </span>33/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libselinux-python-2.5-14.1.el7.x86_64<span class="Apple-converted-space"> </span>34/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>35/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pdo-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>36/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-bcmath-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>37/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libselinux-utils-2.5-14.1.el7.x86_64 <span class="Apple-converted-space"> </span>38/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: audit-libs-python-2.8.4-4.el7.x86_64 <span class="Apple-converted-space"> </span>39/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-process-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>40/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-pecl-jsonc-1.3.6-3.el7.x86_64 <span class="Apple-converted-space"> </span>41/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-xml-5.6.25-1.el7.x86_64 <span class="Apple-converted-space"> </span>42/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libcgroup-0.41-20.el7.x86_64 <span class="Apple-converted-space"> </span>43/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-gd-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>44/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libvpx-1.3.0-5.el7_0.x86_64<span class="Apple-converted-space"> </span>45/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-php-common-5.6.25-1.el7.x86_64<span class="Apple-converted-space"> </span>46/47<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rh-php56-2.3-1.el7.x86_64<span class="Apple-converted-space"> </span>47/47<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Installed:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56.x86_64 0:2.3-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-bcmath.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-devel.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-gd.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-gmp.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-intl.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-ldap.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-mbstring.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-mysqlnd.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-opcache.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pdo.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-memcache.x86_64 0:3.0.8-12.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-xdebug.x86_64 0:2.2.7-3.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pgsql.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-process.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-soap.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-xml.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Dependency Installed:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>apr.x86_64 0:1.4.8-3.el7_4.1 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>apr-util.x86_64 0:1.5.2-6.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>audit-libs-python.x86_64 0:2.8.4-4.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>centos-logos.noarch 0:70.0.6-3.el7.centos<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>checkpolicy.x86_64 0:2.5-8.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-httpd.x86_64 0:2.4.34-7.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-httpd-tools.x86_64 0:2.4.34-7.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-libcurl.x86_64 0:7.61.1-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-libnghttp2.x86_64 0:1.7.1-7.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>httpd24-runtime.x86_64 0:1.1-18.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>jansson.x86_64 0:2.10-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libcgroup.x86_64 0:0.41-20.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libicu.x86_64 0:50.1.2-17.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libselinux-python.x86_64 0:2.5-14.1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libselinux-utils.x86_64 0:2.5-14.1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libsemanage-python.x86_64 0:2.5-14.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libvpx.x86_64 0:1.3.0-5.el7_0<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>mailcap.noarch 0:2.1.41-2.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>policycoreutils.x86_64 0:2.5-29.el7_6.1<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>policycoreutils-python.x86_64 0:2.5-29.el7_6.1 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>python-IPy.noarch 0:0.75-6.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-cli.x86_64 0:5.6.25-1.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-common.x86_64 0:5.6.25-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pear.noarch 1:1.9.5-4.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-jsonc.x86_64 0:1.3.6-3.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-php-pecl-jsonc-devel.x86_64 0:1.3.6-3.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>rh-php56-runtime.x86_64 0:2.3-1.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>setools-libs.x86_64 0:3.3.8-4.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>t1lib.x86_64 0:5.1.2-14.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Complete!</span></div>
<div class="p1">
<span class="s3">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s3">Cleaning repos: base centos-sclo-rh centos-sclo-sclo extras updates</span></div>
<div class="p1">
<span class="s3">Cleaning up list of fastest mirrors</span></div>
<div class="p1">
<span class="s3">Other repos take up 30 M of disk space (use --verbose for details)</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> f6e1d1252855</span></div>
<div class="p1">
<span class="s3">Removing intermediate container d3cd88f1e6b8</span></div>
<div class="p1">
<span class="s3">Step 8 : COPY ./s2i/bin/ $STI_SCRIPTS_PATH</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> ec70e190f0c4</span></div>
<div class="p1">
<span class="s3">Removing intermediate container 789baa35a4e6</span></div>
<div class="p1">
<span class="s3">Step 9 : COPY ./root/ /</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 4caba3c9683f</span></div>
<div class="p1">
<span class="s3">Removing intermediate container 817af004b60e</span></div>
<div class="p1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p1">
<span class="s3">Successfully built 4caba3c9683f</span></div>
<div class="p1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p2">
<span class="s3"><b>aws@broker </b></span><span class="s2"><b>5.6 $</b></span></div>
<br />
<br />
<h3 style="text-align: left;">
Stage2</h3>
<div>
During the second phase we build pdo_oci extension. Be wary that this step takes quite a long time. In order to be able to build pdo_oci, oracle 12 client libraries are required (please see <a href="http://inventorsparadox.blogspot.com/2018/11/how-to-build-your-own-openshift-builder_20.html">part one</a> of this post). In step 6, we build oci8 extension using pecl. Then we download the sources for rh-php56-php-pdo package. When linking to the oracle 12 library, ldap.h will conflict so it is renamed in step 15. In step 18 we replace the php.spec file with another one that I updated to build pdo_oci rpm.</div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span style="font-variant-ligatures: no-common-ligatures;"><br /></span></div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 </b></span><span class="s3">docker build -f Dockerfile.stage2 -t yudhiwidyatama/s2i-php56-oci8:stage2 .</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon 89.48 MB</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Step 0 : FROM yudhiwidyatama/s2i-php56-oci8-stage1</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 4caba3c9683f</span></div>
<div class="p1">
<span class="s3">Step 1 : EXPOSE 8080</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 7b78228ff5ea</span></div>
<div class="p1">
<span class="s3">Step 2 : EXPOSE 8443</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 62d3dbe570ae</span></div>
<div class="p1">
<span class="s3">Step 3 : ENV PHP_VERSION 5.6 PATH $PATH:/opt/rh/rh-php56/root/usr/bin</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in add5db5697e8</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 0775ff086126</span></div>
<div class="p1">
<span class="s3">Removing intermediate container add5db5697e8</span></div>
<div class="p1">
<span class="s3">Step 4 : ENV SUMMARY "Platform for building and running PHP $PHP_VERSION applications" DESCRIPTION "PHP $PHP_VERSION available as docker container is a base platform for building and running various PHP $PHP_VERSION applications and frameworks. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts."</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in 20718f9ea516</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> d3b46547e221</span></div>
<div class="p1">
<span class="s3">Removing intermediate container 20718f9ea516</span></div>
<div class="p1">
<span class="s3">Step 5 : LABEL summary "$SUMMARY" description "$DESCRIPTION" io.k8s.description "$DESCRIPTION" io.k8s.display-name "Apache 2.4 with PHP 5.6" io.openshift.expose-services "8080:http" io.openshift.tags "builder,php,php56,rh-php56" name "centos/php-56-centos7" com.redhat.component "rh-php56-docker" version "5.6" release "1" maintainer "SoftwareCollections.org <sclorg redhat.com="">"</sclorg></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in c811e53d6122</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> d4efb247eeed</span></div>
<div class="p1">
<span class="s3">Removing intermediate container c811e53d6122</span></div>
<div class="p1">
<span class="s3">Step 6 : RUN yum install -y /root/oracle-instantclient12* && <span class="Apple-converted-space"> </span>scl enable rh-php56 'pecl install oci8-2.0.12' && <span class="Apple-converted-space"> </span>yum clean all -y</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Running in 141d36b3cd3f</span></div>
<div class="p1">
<span class="s3">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s3">Examining /root/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm: oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3">Marking /root/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm to be installed</span></div>
<div class="p1">
<span class="s3">Examining /root/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm: oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3">Marking /root/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm to be installed</span></div>
<div class="p1">
<span class="s3">Examining /root/oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm: oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3">Marking /root/oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm to be installed</span></div>
<div class="p1">
<span class="s3">Resolving Dependencies</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package oracle-instantclient12.1-basic.x86_64 0:12.1.0.2.0-1 will be installed</span></div>
<div class="p1">
<span class="s3">--> Processing Dependency: libaio for package: oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3">Determining fastest mirrors</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* base: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* extras: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>* updates: mirror.buana.web.id</span></div>
<div class="p1">
<span class="s3">---> Package oracle-instantclient12.1-devel.x86_64 0:12.1.0.2.0-1 will be installed</span></div>
<div class="p1">
<span class="s3">---> Package oracle-instantclient12.1-sqlplus.x86_64 0:12.1.0.2.0-1 will be installed</span></div>
<div class="p1">
<span class="s3">--> Running transaction check</span></div>
<div class="p1">
<span class="s3">---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed</span></div>
<div class="p1">
<span class="s3">--> Finished Dependency Resolution</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Dependencies Resolved</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Package<span class="Apple-converted-space"> </span>Arch <span class="Apple-converted-space"> </span>Version<span class="Apple-converted-space"> </span>Repository <span class="Apple-converted-space"> </span>Size</span></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3">Installing:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-basic <span class="Apple-converted-space"> </span>x86_64 12.1.0.2.0-1 <span class="Apple-converted-space"> </span>/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>185 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-devel <span class="Apple-converted-space"> </span>x86_64 12.1.0.2.0-1 <span class="Apple-converted-space"> </span>/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>1.9 M</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-sqlplus x86_64 12.1.0.2.0-1 <span class="Apple-converted-space"> </span>/oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>3.0 M</span></div>
<div class="p1">
<span class="s3">Installing for dependencies:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libaio <span class="Apple-converted-space"> </span>x86_64 0.3.109-13.el7 base <span class="Apple-converted-space"> </span>24 k</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Transaction Summary</span></div>
<div class="p1">
<span class="s3">================================================================================</span></div>
<div class="p1">
<span class="s3">Install<span class="Apple-converted-space"> </span>3 Packages (+1 Dependent package)</span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Total size: 190 M</span></div>
<div class="p1">
<span class="s3">Total download size: 24 k</span></div>
<div class="p1">
<span class="s3">Installed size: 190 M</span></div>
<div class="p1">
<span class="s3">Downloading packages:</span></div>
<div class="p1">
<span class="s3">Running transaction check</span></div>
<div class="p1">
<span class="s3">Running transaction test</span></div>
<div class="p1">
<span class="s3">Transaction test succeeded</span></div>
<div class="p1">
<span class="s3">Running transaction</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : libaio-0.3.109-13.el7.x86_64 <span class="Apple-converted-space"> </span>1/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>2/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>3/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Installing : oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>4/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: libaio-0.3.109-13.el7.x86_64 <span class="Apple-converted-space"> </span>1/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>2/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>3/4<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64 <span class="Apple-converted-space"> </span>4/4<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Installed:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-basic.x86_64 0:12.1.0.2.0-1 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-devel.x86_64 0:12.1.0.2.0-1 <span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>oracle-instantclient12.1-sqlplus.x86_64 0:12.1.0.2.0-1 <span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span class="s3">Dependency Installed:</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>libaio.x86_64 0:0.3.109-13.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s3"></span><br /></div>
<div class="p1">
<span style="font-variant-ligatures: no-common-ligatures;">Complete!</span><span style="font-variant-ligatures: no-common-ligatures;"> </span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">..</span></span></div>
<div class="p1">
<span class="s1">WARNING: channel "pecl.php.net" has updated its protocols, use "pecl channel-update pecl.php.net" to update</span></div>
<div class="p1">
<span class="s1">downloading oci8-2.0.12.tgz ...</span></div>
<div class="p1">
<span class="s1">Starting to download oci8-2.0.12.tgz (191,954 bytes)</span></div>
<div class="p1">
<span class="s1">.........................................done: 191,954 bytes</span></div>
<div class="p1">
<span class="s1">11 source files, building</span></div>
<div class="p1">
<span class="s1">running: phpize</span></div>
<div class="p1">
<span class="s1">Configuring for:</span></div>
<div class="p1">
<span class="s1">PHP Api Version: <span class="Apple-converted-space"> </span>20131106</span></div>
<div class="p1">
<span class="s1">Zend Module Api No:<span class="Apple-converted-space"> </span>20131226</span></div>
<div class="p1">
<span class="s1">Zend Extension Api No: <span class="Apple-converted-space"> </span>220131226</span></div>
<div class="p1">
<span class="s1">Please provide the path to the ORACLE_HOME directory. Use 'instantclient,/path/to/instant/client/lib' if you're compiling with Oracle Instant Client [autodetect] : building in /var/tmp/pear-build-defaultusersm3dKh/oci8-2.0.12</span></div>
<div class="p1">
<span class="s1">running: /var/tmp/oci8/configure --with-oci8</span></div>
<div class="p1">
<span class="s1">checking for grep that handles long lines and -e... /usr/bin/grep</span></div>
<div class="p1">
<span class="s1">checking for egrep... /usr/bin/grep -E</span></div>
<div class="p1">
<span class="s1">checking for a sed that does not truncate output... /usr/bin/sed</span></div>
<div class="p1">
<span class="s1">checking for cc... cc</span></div>
<div class="p1">
<span class="s1">checking whether the C compiler works... yes</span></div>
<div class="p1">
<span class="s1">checking for C compiler default output file name... a.out</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
</span></span></div>
<div class="p1">
<span class="s1">checking for suffix of executables...</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">..</span></span></div>
<div class="p1">
<span class="s1">Build process completed successfully</span></div>
<div class="p1">
<span class="s1">Installing '/opt/rh/rh-php56/root/usr/lib64/php/modules/oci8.so'</span></div>
<div class="p1">
<span class="s1">install ok: channel://pecl.php.net/oci8-2.0.12</span></div>
<div class="p1">
<span class="s1">configuration option "php_ini" is not set to php.ini location</span></div>
<div class="p1">
<span class="s1">You should add "extension=oci8.so" to php.ini</span></div>
<div class="p1">
<span class="s1">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s1">Cleaning repos: base centos-sclo-rh centos-sclo-sclo extras updates</span></div>
<div class="p1">
<span class="s1">Cleaning up list of fastest mirrors</span></div>
<div class="p1">
<span class="s1">Other repos take up 30 M of disk space (use --verbose for details)</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> e8fd101e147d</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 3e873b87c3ad</span></div>
<div class="p1">
<span class="s1">Step 7 : USER 1001</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in c96d002c2347</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 4307cca55d51</span></div>
<div class="p1">
<span class="s1">Removing intermediate container c96d002c2347</span></div>
<div class="p1">
<span class="s1">Step 8 : RUN yumdownloader --enablerepo=vaultrh --source rh-php56-php-pdo</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in f97b271187c4</span></div>
<div class="p1">
<span class="s1">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p2">
<span class="s1">ovl: Error while doing RPMdb copy-up:</span></div>
<div class="p2">
<span class="s1">[Errno 13] Permission denied: '/var/lib/rpm/Packages'</span></div>
<div class="p1">
<span class="s1">Enabling centos-sclo-rh-source repository</span></div>
<div class="p1">
<span class="s1">Enabling updates-source repository</span></div>
<div class="p1">
<span class="s1">Enabling base-source repository</span></div>
<div class="p1">
<span class="s1">Enabling centos-sclo-sclo-source repository</span></div>
<div class="p1">
<span class="s1">Enabling extras-source repository</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 58d623dc7075</span></div>
<div class="p1">
<span class="s1">Removing intermediate container f97b271187c4</span></div>
<div class="p1">
<span class="s1">Step 9 : USER root</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 8885fd1d4288</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 03dc89ded770</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 8885fd1d4288</span></div>
<div class="p1">
<span class="s1">Step 10 : RUN yum-builddep -y rh-php56-php-5.6.25-1.el7.src.rpm</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in a805437810bf</span></div>
<div class="p1">
<span class="s1">Loaded plugins: fastestmirror, ovl</span></div>
<div class="p1">
<span class="s1">Enabling base-source repository</span></div>
<div class="p1">
<span class="s1">Enabling centos-sclo-rh-source repository</span></div>
<div class="p1">
<span class="s1">Enabling centos-sclo-sclo-source repository</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
</span></span></div>
<div class="p1">
<span class="s1">Enabling extras-source repository</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">..</span></span></div>
<div class="p1">
<span class="s1">Running transaction test</span></div>
<div class="p1">
<span class="s1">Transaction test succeeded</span></div>
<div class="p1">
<span class="s1">Running transaction</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Installing : elfutils-0.172-2.el7.x86_64<span class="Apple-converted-space"> </span>1/3<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Installing : file-5.11-35.el7.x86_64<span class="Apple-converted-space"> </span>2/3<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Installing : rpm-build-4.11.3-35.el7.x86_64 <span class="Apple-converted-space"> </span>3/3<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: rpm-build-4.11.3-35.el7.x86_64 <span class="Apple-converted-space"> </span>1/3<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: file-5.11-35.el7.x86_64<span class="Apple-converted-space"> </span>2/3<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>Verifying<span class="Apple-converted-space"> </span>: elfutils-0.172-2.el7.x86_64<span class="Apple-converted-space"> </span>3/3<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1">Installed:</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>rpm-build.x86_64 0:4.11.3-35.el7 <span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1">Dependency Installed:</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>elfutils.x86_64 0:0.172-2.el7<span class="Apple-converted-space"> </span>file.x86_64 0:5.11-35.el7<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1">Complete!</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 0d75cc66df69</span></div>
<div class="p1">
<span class="s1">Removing intermediate container eb770b46689a</span></div>
<div class="p1">
<span class="s1">Step 12 : COPY ./s2i/bin/ $STI_SCRIPTS_PATH</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 13c23ae477f6</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 1a86c43e9903</span></div>
<div class="p1">
<span class="s1">Step 13 : ENV PHP_CONTAINER_SCRIPTS_PATH /usr/share/container-scripts/php/ APP_DATA ${APP_ROOT}/src PHP_DEFAULT_INCLUDE_PATH /opt/rh/rh-php56/root/usr/share/pear PHP_SYSCONF_PATH /etc/opt/rh/rh-php56 PHP_HTTPD_CONF_FILE rh-php56-php.conf HTTPD_CONFIGURATION_PATH ${APP_ROOT}/etc/conf.d HTTPD_MAIN_CONF_PATH /etc/httpd/conf HTTPD_MAIN_CONF_D_PATH /etc/httpd/conf.d HTTPD_VAR_RUN /var/run/httpd HTTPD_DATA_PATH /var/www HTTPD_DATA_ORIG_PATH /opt/rh/httpd24/root/var/www HTTPD_VAR_PATH /opt/rh/httpd24/root/var SCL_ENABLED rh-php56</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 2066c7a10274</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> b26ffb136e80</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 2066c7a10274</span></div>
<div class="p1">
<span class="s1">Step 14 : RUN /usr/libexec/container-setup && rpm-file-permissions</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 72a9895f19b0</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>AllowOverride All</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 15a8e007b1ef</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 72a9895f19b0</span></div>
<div class="p1">
<span class="s1">Step 15 : RUN mv /usr/include/oracle/12.1/client64/ldap.h /usr/include/oracle/12.1/client64/ldap.h.ori</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in defd5f2c069f</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 6fd53234571b</span></div>
<div class="p1">
<span class="s1">Removing intermediate container defd5f2c069f</span></div>
<div class="p1">
<span class="s1">Step 16 : USER 1001</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 0dce0ba843bb</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> fdb2b67d4a20</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 0dce0ba843bb</span></div>
<div class="p1">
<span class="s1">Step 17 : RUN rpm -ivh rh-php56-php-5.6.25-1.el7.src.rpm</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
</span></span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in f6f6a7e628af</span></div>
<div class="p1">
<span class="s1">..</span></div>
<div class="p1">
<span class="s1">warning: user mockbuild does not exist - using root</span></div>
<div class="p1">
<span class="s1">warning: group mockbuild does not exist - using root</span></div>
<div class="p1">
<span class="s1">warning: user mockbuild does not exist - using root</span></div>
<div class="p1">
<span class="s1">warning: group mockbuild does not exist - using root</span></div>
<div class="p2">
<span class="s1"><span class="Apple-converted-space"> </span>---> 3026970a49b2</span></div>
<div class="p2">
<span class="s1">Removing intermediate container f6f6a7e628af</span></div>
<div class="p2">
<span class="s1">Step 18 : COPY ./php.spec /opt/app-root/src/rpmbuild/SPECS/php.spec</span></div>
<div class="p2">
<span class="s1"><span class="Apple-converted-space"> </span>---> 7601e45b50af</span></div>
<div class="p2">
<span class="s1">Removing intermediate container 0cbb51fcce9d</span></div>
<div class="p2">
<span class="s1">Step 19 : RUN rpmbuild -bb rpmbuild/SPECS/php.spec --define 'scl rh-php56'</span></div>
<div class="p1">
<span class="s1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
</span></div>
<div class="p2">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 3832c1a68a61</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">..</span></span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-pdo_oci-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-process-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Wrote: /opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1">Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.8Aq09K</span></div>
<div class="p2">
<span class="s1">+ umask 022</span></div>
<div class="p2">
<span class="s1">+ cd /opt/app-root/src/rpmbuild/BUILD</span></div>
<div class="p2">
<span class="s1">+ cd php-5.6.25</span></div>
<div class="p2">
<span class="s1">+ '[' /opt/app-root/src/rpmbuild/BUILDROOT/rh-php56-php-5.6.25-1.el7.x86_64 '!=' / ']'</span></div>
<div class="p2">
<span class="s1">+ rm -rf /opt/app-root/src/rpmbuild/BUILDROOT/rh-php56-php-5.6.25-1.el7.x86_64</span></div>
<div class="p2">
<span class="s1">+ rm files.bcmath files.bz2 files.calendar files.common files.ctype files.curl files.dba files.dom files.enchant files.exif files.fileinfo files.fpm files.ftp files.gd files.gettext files.gmp files.iconv files.intl files.ldap files.mbstring files.mysql files.mysqli files.mysqlnd files.odbc files.opcache files.pdo files.pdo_mysql files.pdo_oci files.pdo_odbc files.pdo_pgsql files.pdo_sqlite files.pgsql files.phar files.posix files.process files.pspell files.recode files.shmop files.simplexml files.snmp files.soap files.sockets files.sqlite3 files.sysvmsg files.sysvsem files.sysvshm files.tokenizer files.wddx files.xml files.xmlreader files.xmlrpc files.xmlwriter files.xsl files.zip macros.php</span></div>
<div class="p2">
<span class="s1">+ exit 0</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> f3dd1494536e</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 2c7e953622a3</span></div>
<div class="p1">
<span class="s1">Step 20 : CMD $STI_SCRIPTS_PATH/usage</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> Running in 8faf81f6aa31</span></div>
<div class="p1">
<span class="s1"><span class="Apple-converted-space"> </span>---> 749d23debaa3</span></div>
<div class="p1">
<span class="s1">Removing intermediate container 8faf81f6aa31</span></div>
<div class="p1">
<span class="s1">Successfully built 749d23debaa3</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
</style>
</span></span></div>
<div class="p1">
<span class="s2"><b>aws@broker </b></span><span class="s3"><b>5.6 $</b></span></div>
<div class="p1">
<br /></div>
</div>
<div>
Finished compiling all the entire php extensions, lets check out the resulting files.</div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker run -it yudhiwidyatama/s2i-php56-oci8:stage2 bash</span></div>
<div class="p1">
<span class="s3">bash-4.2$ ls</span></div>
<div class="p1">
<span class="s3">rh-php56-php-5.6.25-1.el7.src.rpm<span class="Apple-converted-space"> </span>rpmbuild</span></div>
<div class="p1">
<span class="s3">bash-4.2$ cd rpmbuild/RPMS</span></div>
<div class="p1">
<span class="s3">bash-4.2$ cd x86_64/</span></div>
<div class="p1">
<span class="s3">bash-4.2$ ls -l | grep pdo</span></div>
<div class="p1">
<span class="s3">-rw-r--r--. 1 default root <span class="Apple-converted-space"> </span>101308 Mar 28 22:21 rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s3">-rw-r--r--. 1 default root<span class="Apple-converted-space"> </span>47992 Mar 28 22:21 rh-php56-php-pdo_oci-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s3">bash-4.2$<span class="Apple-converted-space"> exit</span></span></div>
</div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker run --name stage2 -it yudhiwidyatama/s2i-php56-oci8:stage2 bash</span></div>
<div class="p1">
<span class="s3">bash-4.2$ exit</span></div>
<div class="p1">
<span class="s3">exit</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker start stage2</span></div>
<div class="p1">
<span class="s3">stage2</span></div>
<div class="p2">
<span class="s3"><b>aws@broker </b></span><span class="s2"><b>5.6 $</b></span></div>
Lets copy the files.</div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #000000}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker cp stage2:/opt/app-root/src/rpmbuild/RPMS/x86_64/rh-php56-php-pdo_oci-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo_oci-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p2">
<span class="s3"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s4">ls *.rpm</span></div>
<div class="p3">
<span class="s3">rh-php56-php-pdo_oci-5.6.25-1.el7.x86_64.rpm</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker cp stage2:/opt/rh/rh-php56/root/usr/lib64/php/modules/oci8.so oci8.so</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">ls -l oci8.so</span></div>
<div class="p1">
<span class="s3">total 564</span></div>
<div class="p1">
<span class="s3">-rw-r--r--. 1 aws aws 576208 Mar 29 04:49 oci8.so</span></div>
<div class="p2">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p2">
<span class="s3"><b>aws@broker </b></span><span class="s2"><b>5.6 $<span class="Apple-converted-space"> </span></b></span></div>
</div>
<div>
After copying the oci8.so file and pdo_oci rpm file, we are prepared to finish preparing the final image (the steps are shown in the<a href="http://inventorsparadox.blogspot.com/2018/11/how-to-build-your-own-openshift-builder_20.html"> first part</a> of this post)</div>
<h3 style="text-align: left;">
Conclusion</h3>
<div>
It will take a bit of time to prepare pdo_oci rpm and oci8.so files, mainly because base php package doesn't create pdo_oci rpm out of the box and oracle 12 libraries included its own ldap.h which would conflict with php compilation. Recently php56 packages are moved out from centos live repository which needs additonal repo file as workaround.</div>
</div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0tag:blogger.com,1999:blog-7335438738304284149.post-81281874419047529002018-11-20T03:06:00.000-08:002018-11-20T03:06:27.576-08:00How to Build Your Own Openshift Builder Image (PHP 5.6 with oci, pdo_oci, rfc)<div dir="ltr" style="text-align: left;" trbidi="on">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #4c7aff}
span.s5 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
</style>
<br />
<div style="text-align: left;">
This post is written to show how to build Openshift PHP builder image that are using Oracle database connections, specifically using PDO-OCI extension. OCI8 connection is also being prepared. </div>
<h3 style="text-align: left;">
Checkout </h3>
<div>
The git repository I prepared in github have a branch for our specific purpose : 'pdo_oci8'</div>
<div class="p1">
<span class="s1"><b><br /></b></span></div>
<div class="p1">
<span class="s1"><b>aws@broker ~ $ </b></span><span style="font-variant-ligatures: no-common-ligatures;">git clone https://github.com/yudhiwidyatama/s2i-php-container.git</span></div>
<br />
<br />
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>~ $ </b></span><span class="s3">cd s2i-php-container/</span></div>
<br />
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>s2i-php-container $ </b></span><span class="s3">git checkout pdo_oci8</span></div>
<div class="p1">
<span class="s3">Branch pdo_oci8 set up to track remote branch pdo_oci8 from origin.</span></div>
<div class="p1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p1">
<span class="s3">Switched to a new branch 'pdo_oci8'</span></div>
<div class="p1">
<br /></div>
<div style="text-align: left;">
<span class="s3">Checking the 5.6/root directory, there is a file that shows the required Oracle instant client rpm files. </span></div>
<div style="text-align: left;">
<span class="s1" style="font-family: Menlo; font-size: 11px;"><b><br /></b></span></div>
<div style="text-align: left;">
<span class="s1" style="font-family: Menlo; font-size: 11px;"><b>aws@broker </b></span><span class="s2" style="font-family: Menlo; font-size: 11px;"><b>s2i-php-container $ </b></span><span class="s3" style="font-family: Menlo; font-size: 11px;">cd 5.6</span></div>
<div class="p1">
<span class="s3"></span></div>
<div class="p2">
<span class="s2"><b>aws@broker </b></span><span class="s4"><b>5.6 $ </b></span><span class="s3">cd root</span></div>
<br />
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">ls</span></div>
<div class="p2">
<span class="s4">opt</span><span class="s1"><span class="Apple-converted-space"> </span>stage1.list.txt</span></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">cat stage1.list.txt<span class="Apple-converted-space"> </span></span></div>
<div class="p2">
<span class="s1">-rw-r--r-- 1 root root 62587782 Oct 29 11:40 oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<span class="s1">-rw-r--r-- 1 root root <span class="Apple-converted-space"> </span>634803 Oct 29 11:38 oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<span class="s1">-rw-r--r-- 1 root root <span class="Apple-converted-space"> </span>852271 Oct 29 11:38 oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm</span></div>
<div style="text-align: left;">
<span class="s3"><br /></span></div>
<div style="text-align: left;">
<span class="s3">Then we need to download instant client from oracle. This is complicated by Oracle insisting us to sign-in using OTN Account. Open your browser and point to "https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html", click on "Instant Client for Linux x86-64".</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjY2wN-q8CXh6gIURyG1nc-d0X4Bf8jAZcWMc8tBMQyDb3i4ZLkVmPMtTbmbqwI8xbCVrJAdPC8TDSMwMOOk2CkC5pEhV27bp6HgB2Q8VNFxT_36xTWcpBhbqW45j_KAc-VeibKuTNxTky/s1600/Oracle+Instant+Client+Downloads+2018-11-20+17-14-17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="870" data-original-width="1494" height="372" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjY2wN-q8CXh6gIURyG1nc-d0X4Bf8jAZcWMc8tBMQyDb3i4ZLkVmPMtTbmbqwI8xbCVrJAdPC8TDSMwMOOk2CkC5pEhV27bp6HgB2Q8VNFxT_36xTWcpBhbqW45j_KAc-VeibKuTNxTky/s640/Oracle+Instant+Client+Downloads+2018-11-20+17-14-17.png" width="640" /></a></div>
<div style="text-align: left;">
<span class="s3"><br /></span></div>
<div style="text-align: left;">
<span class="s3">Click Accept License Agreement, then proceed to click the required rpm files (basic, devel, and sqlplus for 12.1.0.2 version). Do a dummy download using your browser (at this point Oracle would ask for your Oracle Account / OTN login, which we could request at no charge) and then copying the Link Address from browser, so we could use the Link Address URL in our wget commands.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDxWzssHcMozNqcMCsguSaFCZnl4RQZSS1jCacuQfTLeThUjc1I_-KbT5p7ZfR6pWF2fQJZWbxBlbxFsmpZnORU1Klns636w3bKp6uWwJRVR3rEE6TfTkHvkPfKK02F0QA82WAoUpL1U3d/s1600/Instant+Client+for+Linux+x86-64+%252864-bit%2529+2018-11-20+17-16-24.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="613" data-original-width="657" height="596" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDxWzssHcMozNqcMCsguSaFCZnl4RQZSS1jCacuQfTLeThUjc1I_-KbT5p7ZfR6pWF2fQJZWbxBlbxFsmpZnORU1Klns636w3bKp6uWwJRVR3rEE6TfTkHvkPfKK02F0QA82WAoUpL1U3d/s640/Instant+Client+for+Linux+x86-64+%252864-bit%2529+2018-11-20+17-16-24.png" width="640" /></a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
The Url is obtainable from the Chrome's Downloads menu. Right click and choose 'Copy Link Address'.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiizL3MwsMxiIgO-5rNKJMhQq6FSIWPIm4mk7pQtc_Hrt6auFP0HxNkaZp_6d37fCUmoJIw3s0L3rOK4zcg1RgpgFXLDVUIRk1Ofr1JZfNfSprWMqH1YxkFCOeDZSHmZA7hnhXuC1fwNe6/s1600/Downloads+2018-11-20+17-19-00.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="940" data-original-width="1600" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiizL3MwsMxiIgO-5rNKJMhQq6FSIWPIm4mk7pQtc_Hrt6auFP0HxNkaZp_6d37fCUmoJIw3s0L3rOK4zcg1RgpgFXLDVUIRk1Ofr1JZfNfSprWMqH1YxkFCOeDZSHmZA7hnhXuC1fwNe6/s640/Downloads+2018-11-20+17-19-00.png" width="640" /></a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Create another 'root' under the 'root' directory. Paste the URL between quotes to wget, and rename to take out AuthParam in the resulting file :</div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">mkdir root</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">cd root</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">ls</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">pwd</span></div>
<div class="p2">
<span class="s1">/home/aws/s2i-php-container/5.6/root/root</span></div>
<div class="p2">
<br /></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">wget "<span style="background-color: yellow;">https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707896_f8e27ebee187829c54ba8692f79d720c</span>"</span></div>
<div class="p2">
<span class="s1">--2018-11-20 16:56:51--<span class="Apple-converted-space"> </span>https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707896_f8e27ebee187829c54ba8692f79d720c</span></div>
<div class="p2">
<span class="s1">Resolving download.oracle.com... 104.93.96.131</span></div>
<div class="p2">
<span class="s1">Connecting to download.oracle.com|104.93.96.131|:443... connected.</span></div>
<div class="p2">
<span class="s1">HTTP request sent, awaiting response... 200 OK</span></div>
<div class="p2">
<span class="s1">Length: 62587782 (60M) [application/x-redhat-package-manager]</span></div>
<div class="p2">
<span class="s1">Saving to: “oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707896_f8e27ebee187829c54ba8692f79d720c”</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">100%[===================================================================================================================================>] 62,587,782<span class="Apple-converted-space"> </span>33.7M/s <span class="Apple-converted-space"> </span>in 1.8s <span class="Apple-converted-space"> </span></span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">2018-11-20 16:56:53 (33.7 MB/s) - “oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707896_f8e27ebee187829c54ba8692f79d720c” saved [62587782/62587782]</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">mv oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm\?AuthParam\=1542707896_f8e27ebee187829c54ba8692f79d720c oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">wget "<span style="background-color: yellow;">https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707982_0f69007df1efaa246b884e175eb1e7b9</span>"</span></div>
<div class="p2">
<span class="s1">--2018-11-20 16:58:23--<span class="Apple-converted-space"> </span>https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707982_0f69007df1efaa246b884e175eb1e7b9</span></div>
<div class="p2">
<span class="s1">Resolving download.oracle.com... 104.93.96.131</span></div>
<div class="p2">
<span class="s1">Connecting to download.oracle.com|104.93.96.131|:443... connected.</span></div>
<div class="p2">
<span class="s1">HTTP request sent, awaiting response... 200 OK</span></div>
<div class="p2">
<span class="s1">Length: 634803 (620K) [application/x-redhat-package-manager]</span></div>
<div class="p2">
<span class="s1">Saving to: “oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707982_0f69007df1efaa246b884e175eb1e7b9”</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">100%[===================================================================================================================================>] 634,803 <span class="Apple-converted-space"> </span>--.-K/s <span class="Apple-converted-space"> </span>in 0.04s<span class="Apple-converted-space"> </span></span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">2018-11-20 16:58:23 (14.8 MB/s) - “oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542707982_0f69007df1efaa246b884e175eb1e7b9” saved [634803/634803]</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">mv oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm\?AuthParam\=1542707982_0f69007df1efaa246b884e175eb1e7b9 oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">wget "<span style="background-color: yellow;">https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542708072_4faad0ac9a5562e854f08cadee1d87a8</span>"</span></div>
<div class="p2">
<span class="s1">--2018-11-20 16:59:30--<span class="Apple-converted-space"> </span>https://download.oracle.com/otn/linux/instantclient/121020/oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542708072_4faad0ac9a5562e854f08cadee1d87a8</span></div>
<div class="p2">
<span class="s1">Resolving download.oracle.com... 104.93.96.131</span></div>
<div class="p2">
<span class="s1">Connecting to download.oracle.com|104.93.96.131|:443... connected.</span></div>
<div class="p2">
<span class="s1">HTTP request sent, awaiting response... 200 OK</span></div>
<div class="p2">
<span class="s1">Length: 852271 (832K) [application/x-redhat-package-manager]</span></div>
<div class="p2">
<span class="s1">Saving to: “oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542708072_4faad0ac9a5562e854f08cadee1d87a8”</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">100%[===================================================================================================================================>] 852,271 <span class="Apple-converted-space"> </span>--.-K/s <span class="Apple-converted-space"> </span>in 0.04s<span class="Apple-converted-space"> </span></span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s1">2018-11-20 16:59:30 (19.1 MB/s) - “oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm?AuthParam=1542708072_4faad0ac9a5562e854f08cadee1d87a8” saved [852271/852271]</span></div>
<div class="p3">
<span class="s1"></span><br /></div>
<div class="p2">
<span class="s5"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s1">mv oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm\?AuthParam\=1542708072_4faad0ac9a5562e854f08cadee1d87a8 oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<span class="s1"><br /></span></div>
<h3 style="text-align: left;">
Building</h3>
<div>
Check the rpm files :</div>
<div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ff3b1e; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">ls</span></div>
<div class="p2">
<span class="s1">oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm</span><span class="s3"> </span><span class="s1">oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm</span><span class="s3"> </span><span class="s1">oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm</span></div>
<div class="p2">
<br /></div>
Proceed with building process :<br /><br /><div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">cd ..</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>root $ </b></span><span class="s3">cd ..</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">pwd</span></div>
<div class="p2">
<span class="s1">/home/aws/s2i-php-container/5.6</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $<span class="Apple-converted-space"> </span></b></span><span class="s3"> docker build -t s2i-php56-pdooci .</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon 64.92 MB</span></div>
<div class="p1">
<span class="s3">Sending build context to Docker daemon<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Step 0 : FROM centos/s2i-base-centos7</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> ff41d164f277</span></div>
<div class="p1">
<span class="s3">Step 1 : EXPOSE 8080</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> da1f2520288f</span></div>
<div class="p1">
<span class="s3">Step 2 : ENV PHP_VERSION 5.6 PATH $PATH:/opt/rh/rh-php56/root/usr/bin</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> f944130c7708</span></div>
<div class="p1">
<span class="s3">Step 3 : ENV SUMMARY "Platform for building and running PHP $PHP_VERSION applications" DESCRIPTION "PHP $PHP_VERSION available as docker container is a base platform for building and running various PHP $PHP_VERSION applications and frameworks. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts."</span></div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> Using cache</span></div>
<div class="p2">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
</div>
<div class="p1">
<span class="s3"><span class="Apple-converted-space"> </span>---> 247b1e7eeb1b</span></div>
<div class="p1">
<span class="s3">...</span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Step 16 : RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && <span class="Apple-converted-space"> </span>echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && <span class="Apple-converted-space"> </span>sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php56-php.conf && <span class="Apple-converted-space"> </span>head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && <span class="Apple-converted-space"> </span>mkdir /tmp/sessions && <span class="Apple-converted-space"> </span>chown -R 1001:0 /opt/app-root /tmp/sessions && <span class="Apple-converted-space"> </span>chmod -R a+rwx /tmp/sessions && <span class="Apple-converted-space"> </span>chmod -R ug+rwx /opt/app-root && <span class="Apple-converted-space"> </span>chmod -R a+rwx /etc/opt/rh/rh-php56 && <span class="Apple-converted-space"> </span>chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> Running in e877a82cbebd</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>AllowOverride All</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> 94bbfa64540a</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Removing intermediate container e877a82cbebd</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Step 17 : USER 1001</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> Running in b573ed446725</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> f11275cfcbe4</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Removing intermediate container b573ed446725</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Step 18 : CMD $STI_SCRIPTS_PATH/usage</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> Running in 84fd15f0d378</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><span class="Apple-converted-space"> </span>---> 27ab6f7675d2</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Removing intermediate container 84fd15f0d378</span></span></div>
<div class="p1">
<span class="s3">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style>
</span></div>
<div class="p1">
<span class="s1"><span style="color: black;">Successfully built 27ab6f7675d2</span></span></div>
<div class="p1">
<span class="s1"><span style="color: black;"><br /></span></span></div>
<h3 style="text-align: left;">
<span class="s1"><span style="color: black;">Publishing to Docker Hub</span></span></h3>
<div>
<span class="s1"><span style="color: black;">Next step we tag and publish the image:</span></span></div>
<div>
<span class="s1">
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker tag s2i-php56-pdooci yudhiwidyatama/s2i-php56-pdooci:201801</span></div>
<div class="p1">
<span class="s1"><b>aws@broker </b></span><span class="s2"><b>5.6 $ </b></span><span class="s3">docker push yudhiwidyatama/s2i-php56-pdooci:201801</span></div>
<div class="p1">
<span class="s3">The push refers to a repository [yudhiwidyatama/s2i-php56-pdooci] (len: 1)</span></div>
<div class="p1">
<span class="s3">27ab6f7675d2: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">f11275cfcbe4: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">94bbfa64540a: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">47fb29191938: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">892ec8a5ac86: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">d633eb1d08f2: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">80831f5d7bb9: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">647b25811b6a: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">4049a4cf7897: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">eee73b56a072: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">beefd8a9f746: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">cdba5a3f763b: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">72906bd3915f: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">e071aabb7f3d: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">8a7c8fc193ee: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">247b1e7eeb1b: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">f944130c7708: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">da1f2520288f: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">ff41d164f277: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">59c89aefca2f: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">c5013bcc9b43: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">bb83746f161c: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">c240b147d043: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">581d3e9fafdb: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">3fa399969e3d: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">3f12a77fa51e: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">78d20169a434: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">53a0573f2c8c: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">69852c4e3982: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">c8fa6e2ee625: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">4d20e7d02f9a: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">cc56be4d597b: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">4b21f2a7e518: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">9cc5960c49d3: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">eb72e5beea78: Image already exists<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">3993223e10aa: Image successfully pushed<span class="Apple-converted-space"> </span></span></div>
<div class="p1">
<span class="s3">Digest: sha256:045bb0077acd4a910837955c2a676fb0985b84dca7db1f877c96dfd7813559eb</span></div>
<div class="p1">
<span class="s3"><br /></span></div>
<div style="text-align: left;">
<span class="s3">The image pushed successfully to Docker hub.</span></div>
<div style="text-align: left;">
<span class="s3"><br /></span></div>
<h3 style="text-align: left;">
<span class="s3">The hard part</span></h3>
<div>
<span class="s3">Now I will try to describe the Dockerfile modifications (line 48-60).</span></div>
<div>
<span class="s3"><br /></span></div>
<div>
<span class="s3">First install the oracle instant client rpms and iproute :</span></div>
<div>
<span class="s3"><pre style="font-variant-ligatures: normal; overflow-wrap: break-word; white-space: pre-wrap;"># PDO_OCI, OCI8 extensions
RUN yum install -y iproute /root/oracle-instantclient12* && yum clean all -y && rm -rf /root/oracle-instantclient12*</pre>
<pre style="font-variant-ligatures: normal; overflow-wrap: break-word; white-space: pre-wrap;">
</pre>
Next copy the oci8 extension into modules directory :<pre style="overflow-wrap: break-word;"><span style="font-variant-ligatures: normal; white-space: pre-wrap;">COPY ./oci8.so /opt/rh/rh-php56/root/usr/lib64/php/modules/
</span></pre>
The pdo_oci rpm also need to be copied and installed<br /><pre style="overflow-wrap: break-word;"><span style="font-variant-ligatures: normal; white-space: pre-wrap;">COPY ./rh-php56-php-pdo_oci-5.6.25-1.el7.centos.x86_64.rpm /opt/app-root/
RUN rpm -ivh /opt/app-root/rh-php56-php-pdo_oci-5.6.25-1.el7.centos.x86_64.rpm
</span></pre>
Oracle client library somehow not installed in the system, add the library by creating oracle12.conf file :<br /><pre style="font-variant-ligatures: normal; overflow-wrap: break-word; white-space: pre-wrap;">RUN echo "/usr/lib/oracle/12.1/client64/lib" > /etc/ld.so.conf.d/oracle12.conf
RUN ldconfig
</pre>
Install the oci8 extension INI (the PDO_OCI already installed in the RPM, I think)</span></div>
<div>
<span style="color: black;"><br /></span><span class="s3"><pre style="overflow-wrap: break-word;"><span style="font-variant-ligatures: normal; white-space: pre-wrap;">RUN echo "extension=oci8.so" > /opt/rh/rh-php56/root/etc/php.d/20-oci8.ini</span></pre>
</span></div>
<div>
<span class="s3"><div class="d-flex flex-justify-start flex-items-start" style="align-items: flex-start !important; background-color: white; box-sizing: border-box; color: #24292e; display: flex !important; font-family: -apple-system, system-ui, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 14px; font-variant-ligatures: normal; justify-content: flex-start !important;">
<div class="blob-code blob-code-inner js-file-line" id="LC48" style="box-sizing: border-box; flex-grow: 1; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 12px; line-height: 20px; overflow-wrap: normal; overflow: visible; padding: 3px 10px; position: relative; vertical-align: top; white-space: pre;">
<br /></div>
</div>
</span></div>
</span></div>
<div>
The harder part is how to create the oci8.so and pdo_oci rpm, which would be described in another post..</div>
<div class="p1">
<span class="s1"><br /></span></div>
</div>
<br />
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures}
</style><style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
</style><style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #5230e1; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
span.s2 {font-variant-ligatures: no-common-ligatures}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
</style><style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #34bc26; background-color: #ffffff}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff}
span.s1 {font-variant-ligatures: no-common-ligatures}
span.s2 {font-variant-ligatures: no-common-ligatures; color: #5230e1}
span.s3 {font-variant-ligatures: no-common-ligatures; color: #000000}
span.s4 {font-variant-ligatures: no-common-ligatures; color: #34bc26}
</style></div>
yudhiwidyatamahttp://www.blogger.com/profile/09175713355753162410noreply@blogger.com0