Aug 25, 2020

Review: Running Containers in Production for dummies

 Last evening i read the following booklet:

Here my review:

Chapter one gives within 7 pages an excellent introduction into "Containers & Orchestration Platforms". From Kubernetes over Openshift/Docker Swarm up to Amazon EKS - many services are described. In my opinion Azure AKS is missing, but it is clear, that every hyperscaler will provide you its managed Kubernetes environment. At the end even Apache Mesos is listed - which is out of scope for the most of us. 
Building & Deploying Containers is the headline of chapter 2 and a brief, solid description of these topics is given. If you want to know what all the buzzwords like CI/CD/CS, Pipelines, Container Registries are about: Read that chapter and you have a good starting point.

Nearly 33% of the book(let) is abount Monitoring Containers (chapter 3). This points in to the right directions. You have to know what your containers are doing and what you have to change with continuous delivery and continuous deployment. If you are running tens or hundreds of containers, the monitoring has to be  automatic as well - or you are lost. "A best practice for using containers is to isolate workloads by running only a single process per container.  Placing a monitoring agent — which amounts to a second process or service — in each container to get visibility risks destroying a key value of containers: simplicity." - So building up a monitoring is not such easy, as is was on full-stack servers...

Chapter 4 is about Security. This focuses on the following topics: Implementing container limits against resource abuse, how to avoid outdated container images, management of secrets and image authenticity.

The last chapter closes with "Ten Container Takeaways".

 

Within 43 pages a really nice starting point to learn about the world of docker and container orchestration.

Posted by at No comments:
Labels: , , ,

Aug 7, 2020

openssl: strange error.... (at first glance) error:2008F002:BIO

Some days ago i wanted to do a check of a certificate of an ip address. No big deal - so i did:
schroff@zerberus:~$ openssl s_client -showcerts  -connect 82.165.229.87.87:443 

140011908769088:error:2008F002:BIO routines:BIO_lookup_ex:system 
lib:../crypto/bio/b_addr.c:726:Name or service not known
connect:errno=22
So i opened google to find a solution.
But on google i found nothing really helpful.

?

The answer was very easy:
If i read the command line carfully, i would have detected my error:

THE IP ADDRESS WAS INVALID

I wrote an ipv4 with 5 numbers and not with 4...

After using a correct ipv4 number the command worked like expected:
schroff@zerberus:~$ openssl s_client -showcerts  -connect 82.165.229.87:443 #
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust RSA CA 2018
verify return:1
depth=0 C = DE, ST = Rheinland-Pfalz, L = Montabaur, O = 1&1 Mail & Media GmbH, CN = gmx.net
verify return:1
---
Posted by at 2 comments:
Labels: ,

Jun 13, 2020

Google GSI: Generic System Images for Smartphones

After building my own ROM i got some problems with the devices drivers for the modem (the dual SIM was not recognized).
I discussed that with a few very skilled Android developers and the device drivers are the most important problem for building ROMs.

But there is something called GSI: Generic System Images.

(s. https://source.android.com/setup/build/gsi)

and:

The good point is that for my Samsung J530 there was a developer which built a project which allows to install GSIs:


With this plus Havoc 3.5



And here the steps to Android 10 (which where provided to me by Micro[ice]:
  1. install TWRP 3.3.0
  2. install create vendor 2.0
  3. reboot recovery
  4. install project spaget x
    (if u get symlink error 7 flash revert vendor 2.0 and repeat from step 1 without revert vendor 2.0)
  5. install GSI (Havoc)-OS to system partition
    (dont reboot after u flash project spaget x)
  6. if u need to flash gapps first u need to go
    Wipe -> Advanced Wipe -> Tick System -> Repair -> Resize
    (if u get error 1 resize again it will be successful) then u flash gapps
  7. (optional) flash areskernel rc2
  8. (optional) flash magisk
  9. reboot
  10. enjoy
And after that i have a running Android 10 on my Samsung J5... (without any Samsung Bloatware)
Posted by at No comments:
Labels:

Jun 5, 2020

Lineage OS: Building my own system from scratch...

For my Samsung J5 is was only able to find a lineage 15.1 image but no lineage 16 or even 17.
So i decided to build the image on my own.

I followed this guide:
https://github.com/lineage-doge/device-j5y17lte/tree/lineage-16.0

But on this page the roomservice.xml is wrong:

Just change it to

The rest was following the instructions:
mkdir -p android/lineage-16.0
cd android/lineage-16.0
repo init -u git://github.com/LineageOS/android.git -b lineage-16.0
repo sync

Create .repo/local_manifests/roomservice.xml with the content shown above.
Then run "repo sync" once again.

Most important point it to extract the binaries from your device. To get a background just read this:
https://wiki.lineageos.org/extracting_blobs_from_zips.html


I extracted /system from my Android device via TWRP (under advanced you can find a file explorer and this can copy the partition to your sd card).
After that point STOCK_ROM_DIR to your sd card and run: 
cd device/samsung/j5y17lte
STOCK_ROM_DIR=/path/to/system ./extract-files.sh
Now we are ready to rumble:
cd ../../
source build/envsetup.sh
brunch lineage_j5y17lte-userdebug
But after some minutes:
LD      kernel/built-in.o
/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/kernel/samsung/exynos7870/drivers/net/wireless/Makefile:62: android version 1: 90000
/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/kernel/samsung/exynos7870/drivers/net/wireless/Makefile:63: MAJOR_VERSION version 1: 9
/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/kernel/samsung/exynos7870/drivers/net/wireless/Makefile:107: platform version 3 : 9.0.0
/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/kernel/samsung/exynos7870/drivers/net/wireless/Makefile:108: MAJOR_VERSION version 3: 9
  LD      drivers/built-in.o
make[1]: Leaving directory '/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/target/product/j5y17lte/obj/KERNEL_OBJ'
Makefile:145: recipe for target 'sub-make' failed
make: *** [sub-make] Error 2
make: Leaving directory '/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/kernel/samsung/exynos7870'
[  1% 555/35382] target StaticLib: libv8src_32 (/media/schroff/895337b7-c4eb-44a4-...arget/product/j5y17lte/obj_arm/STATIC_LIBRARIES/libv8src_intermediates/libv8src.a)
ninja: build stopped: subcommand failed.
19:21:20 ninja failed with: exit status 1

#### failed to build some targets (05:29 (mm:ss)) ####
But this error is easy to fix:
cd ~/android/lineage-16.0/out/target/product/j5y17lte/obj/KERNEL_OBJ/firmware/tsp_imagis
cp ~/android/lineage-16.0/kernel/samsung/exynos7870/firmware/tsp_imagis/ist3038h_a3x_cmcs.bin .
~/android/lineage-16.0/kernel/samsung/exynos7870/firmware/tsp_imagis/ist3038h_a3x.fw .
schroff@zerberus:~/android/lineage-16.0/out/target/product/j5y17lte/obj/KERNEL_OBJ/firmware/tsp_imagis$

and try once again!

And after a while:
  Imgdiff Stats Report 
========================

Compressing system.new.dat with brotli
  running:  brotli --quality=6 --output=/tmp/tmpAOkKFk/system.new.dat.br /tmp/tmpAOkKFk/system.new.dat
using prebuilt boot.img from BOOTABLE_IMAGES...
  running:  java -Xmx2048m -Djava.library.path=/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/host/linux-x86/lib64 -jar /media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/host/linux-x86/framework/signapk.jar -w build/target/product/security/testkey.x509.pem build/target/product/security/testkey.pk8 /tmp/tmptUxdfx.zip /tmp/tmpSgxnBy.zip
  running:  zip -d /tmp/tmpSgxnBy.zip META-INF/com/android/metadata
  running:  java -Xmx2048m -Djava.library.path=/media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/host/linux-x86/lib64 -jar /media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/host/linux-x86/framework/signapk.jar -w build/target/product/security/testkey.x509.pem build/target/product/security/testkey.pk8 /tmp/tmpSgxnBy.zip /media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/target/product/j5y17lte/lineage_j5y17lte-ota-eng.schroff.zip
done.
[100% 453/453] build bacon
Package Complete: /media/schroff/895337b7-c4eb-44a4-9063-00f629e5149f/lineage-16.0/out/target/product/j5y17lte/lineage-16.0-20200502-UNOFFICIAL-j5y17lte.zip

#### build completed successfully (27:31 (mm:ss)) ####


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)