Friday, August 17, 2018

Red Hat Container Development Kit 3.5 - Installation Issue with Libvirt (KVM) Group Membership

If you follow the installation instructions for Red Hat's Container Development Kit 3.5, on RHEL 7.5, most everything works well, until you get to the point of starting the virtualized minishift host:

You get a failure when trying to connect to Docker on the VM.  The problem is that, if you strictly follow the instructions, your user is not a member of the 'libvirt' group.  This is easy to rectify, though.  All you need to do is:

1) Remove the existing minishift VM:

2) Add yourself to the requisite group:

3) And relaunch minishift:

Hopefully I can get the docs updated, so this isn't necessary, in the near future.

Wednesday, August 1, 2018

Suspend Issues with the Lenovo ThinkPad X1 Carbon 6th Generation

UPDATE 2018/09/12:
And the final solution seems to be at hand!  Lenovo has released 0.1.30, and that apparently re-adds S3 sleep to the ACPI tables:

UPDATE 2018/09/07:
So, it appears that there is a new firmware version available from Lenovo, 0.1.28, the patch no longer cleanly applies, and Adrian has re-rolled it:

Thanks, Adrian, that's a much easier way to reliably patch the ACPI tables!

I'll update this post, later, with an updated step-by-step guide.

Those of you who have the new (and very nicely built!) Lenovo ThinkPad X1 Carbon 6th generation, and who run Linux, may have noticed that suspend doesn't work properly.  I'm running Fedora 28, but this problem has been reported on Arch and Ubuntu, as well.  The issue seems to be that the X1 is using a new suspend technology called "Windows Modern Standby," or S0i3, and has removed classic S3 sleep.  S0i3 technology was added to the mainline Linux kernel with v4.13, but there is apparently a BIOS bug preventing this from working properly.

To work around this problem, we need to patch the ACPI DSDT tables, created by the BIOS, to re-add S3 sleep.  There's a fantastic guide here, which was written by Erik Sonnleitner of the University of Applied Sciences of Upper Austria.

To summarize his excellent directions:
  • In the BIOS, set "Thunderbolt BIOS Assist Mode" to Enabled, and disable secure boot.
  • Install "iasl" and "cpio"
  • Once the system has booted whichever Linux distribution that you use, dump the DSDT table
sudo cat /sys/firmware/acpi/tables/DSDT > dsdt.aml
  • Reverse compile the DSDT table
iasl -d dsdt.aml
  • Download the patch, and patch your decompiled code
    • I had to hand-patch hunk #7, by hand, but this wasn't a big deal
patch --verbose < X1C6_S3_DSDT.patch
  • Compile your updated DSDT code
iasl -ve -tc dsdt.dsl
  • Create a new ACPI override package
mkdir -p kernel/firmware/acpi
cp dsdt.aml kernel/firmware/acpi
find kernel | cpio -H newc --create > acpi_override
sudo cp acpi_override /boot

  • Now, you need to update your grub.cfg
sudo sed -i 's/quiet"/quiet mem_sleep_default=deep"/' /etc/default/grub
echo GRUB_EARLY_INITRD_LINUX_CUSTOM=acpi_override | sudo tee -a /etc/default/grub
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
  • The second change won't work immediately, on Fedora, as GRUB_EARLY_INITRD_LINUX_CUSTOM isn't yet supported
  • So, we need to update the grub boot config, and then manually update the initrd entries to add the new ACPI overlay, before booting the initial ramdisk
sudo sed -i 's/initrd16 \/initramfs/initrd16 \/acpi_override \/initramfs/' /boot/grub2/grub.cfg
  • Upon reboot, suspend should work properly.

Friday, June 29, 2018

Adding Packages to RHEL Containers on Amazon EC2 with Cloud Access

I just ran into an interesting use case, where I'd needed to be able to add packages to my RHEL containers, when they are hosted on Amazon's EC2.  Anyone else who has tried this may have run into the same problem, that RHEL subscription information isn't passed to containers, by default, when run on cloud access instances.

For example:

# podman run --rm -it
[root@7a52d3bac972 /]# yum install httpd
Loaded plugins: ovl, product-id, search-disabled-repos, subscription-manager
This system is not receiving updates. You can use subscription-manager on the host to register and assign subscriptions.
There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 To enable Red Hat Subscription Management repositories:
     subscription-manager repos --enable <repo>
 To enable custom repositories:
     yum-config-manager --enable <repo>

In order to work around this, you can use bind mounts, as described in the podman man page, in the section on --volume.  There are a number of files and directories that you will need to mount.  In the below example, you can see a successful run:

# podman run \-v /etc/pki/rhui:/etc/pki/rhui \-v /etc/yum/pluginconf.d:/etc/yum/pluginconf.d \ -v /etc/yum/pluginconf.d/rhnplugin.conf:/etc/yum/pluginconf.d/rhnplugin.conf \-v /etc/yum.repos.d/redhat-rhui.repo:/etc/yum.repos.d/redhat-rhui.repo \-v /etc/yum.repos.d/redhat-rhui-client-config.repo:/etc/yum.repos.d/redhat-rhui-client-config.repo \-v /etc/yum.repos.d/rhui-load-balancers.conf:/etc/yum.repos.d/rhui-load-balancers.conf \-v /usr/lib/yum-plugins:/usr/lib/yum-plugins \-v /usr/share/rhn:/usr/share/rhn \-v /usr/share/yum-plugins:/usr/share/yum-plugins \--rm -it

For an offline run of the container, you will need to copy in those same files.  However, if you only want to install files to a container running on persistent storage, temporary mapping of the RHUI-required files and directories is sufficient.