Kubernetes and Ceph : I think I want to marry you

I’ve been playing with my Kubernetes Cluster for quite sometime now. Mostly trying to learn by deploying simple workloads. I’ve played with Ceph before and was really impressed with it. So I have that old Ceph cluster around and I was thinking (and because I’m in a LSS with that Bruno Mar’s song while writing this), why not marry the two after reading the following today:

According to Gartner, 50% of global enterprises will be running containers in production by the year 2020. By that time, over 20% of enterprise storage capacity will be allocated to container workloads, compared to only 1% today.

Similar to CNI, there’s also a standard for Storage Vendors when developing a plugin that works on Orchestration Systems. I stumbled upon rbd-provisioner and this is my experience on how I managed to use Ceph as my storage provider for my Kubernetes Cluster.

Let’s start by creating the ClusterRole, ClusterRoleBinding, Role, RoleBinding, Service Account, and the RBD Provisioner Deployment resources using this.

[me@devops Ceph]# kubectl create -n kube-system -f Ceph-RBD-Provisioner.yaml
clusterrole.rbac.authorization.k8s.io/rbd-provisioner created
clusterrolebinding.rbac.authorization.k8s.io/rbd-provisioner created
role.rbac.authorization.k8s.io/rbd-provisioner created
rolebinding.rbac.authorization.k8s.io/rbd-provisioner created
serviceaccount/rbd-provisioner created
deployment.extensions/rbd-provisioner created
[me@devops Ceph]#

Checking the rbd-provisioner deployment

[me@devops Ceph]# kubectl get pods -l app=rbd-provisioner -n kube-system
NAME READY STATUS RESTARTS AGE
rbd-provisioner-67b4857bcd-nb97h 1/1 Running 0 58s
[me@devops Ceph]#

rbd-provisioner requires the admin client key which you can get by issuing the following on your Ceph cluster

[cephuser@ceph-admin-mon ~]$ ceph auth get-key client.admin
AQCp+ltdatIKFhAAOia5xyKg/CeTvwd4rUImvw==
[cephuser@ceph-admin-mon ~]$

And using that key, let’s create a Secret resource using the following

kubectl create secret generic ceph-secret — type=”kubernetes.io/rbd” — from-literal=key=’AQCp+ltdatIKFhAAOia5xyKg/CeTvwd4rUImvw==’ — namespace=kube-system

Let’s now create a new Ceph pool and also a client key for it.

[cephuser@ceph-admin-mon ~]$ ceph — cluster ceph osd pool create kube 16 16
pool ‘kube’ created
[cephuser@ceph-admin-mon ~]$

[cephuser@ceph-admin-mon ~]$ ceph — cluster ceph auth get-or-create client.kube mon ‘allow r’ osd ‘allow rwx pool=kube’
[client.kube]
key = AQCFsIhdiHVuMRAAIps556gTO6UiUotI41LGog==
[cephuser@ceph-admin-mon ~]$

Let’s create a Secret resource that will hold that key for the pool.

[me@devops Ceph]# kubectl create secret generic ceph-secret-kube — type=”kubernetes.io/rbd” — from-literal=key=”AQCFsIhdiHVuMRAAIps556gTO6UiUotI41LGog==” — namespace=kube-system
secret/ceph-secret-kube created
[me@devops Ceph]#

Let’s now create a new Storage Class for our Ceph pool. This basically holds the client information details (ceph cluster, client keys etc) and the provisioner to be used (remember that Deployment resource earlier?).

[me@devops Ceph]# kubectl create -f Ceph-RBD-StorageClass.yaml
storageclass.storage.k8s.io/fast-rbd created
[me@devops Ceph]#

Let’s check the rbd-provisioner

[me@devops Ceph]# kubectl describe po rbd-provisioner-67b4857bcd-nb97h -n kube-system
Name: rbd-provisioner-67b4857bcd-nb97h
Namespace: kube-system
Priority: 0
PriorityClassName: <none>
Node: k8s-node2/192.168.0.158
Start Time: Mon, 23 Sep 2019 20:40:17 +0800
Labels: app=rbd-provisioner
pod-template-hash=67b4857bcd
Annotations: cni.projectcalico.org/podIP: 10.244.2.184/32
Status: Running
IP: 10.244.2.184
Controlled By: ReplicaSet/rbd-provisioner-67b4857bcd
Containers:
rbd-provisioner:
Container ID: docker://eef78544e2047020de1d2e7614413d0bf1f49220fb6a7922602cb5c902022420
Image: quay.io/external_storage/rbd-provisioner:latest
Image ID: docker-pullable://quay.io/external_storage/rbd-provisioner@sha256:94fd36b8625141b62ff1addfa914d45f7b39619e55891bad0294263ecd2ce09a
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 23 Sep 2019 20:41:11 +0800
Ready: True
Restart Count: 0
Environment:
PROVISIONER_NAME: ceph.com/rbd
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from rbd-provisioner-token-nmrj6 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
rbd-provisioner-token-nmrj6:
Type: Secret (a volume populated by a Secret)
SecretName: rbd-provisioner-token-nmrj6
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
— — — — — — — — — — — — –
Normal Scheduled <invalid> default-scheduler Successfully assigned kube-system/rbd-provisioner-67b4857bcd-nb97h to k8s-node2
Normal Pulling <invalid> kubelet, k8s-node2 pulling image “quay.io/external_storage/rbd-provisioner:latest”
Normal Pulled <invalid> kubelet, k8s-node2 Successfully pulled image “quay.io/external_storage/rbd-provisioner:latest”
Normal Created <invalid> kubelet, k8s-node2 Created container
Normal Started <invalid> kubelet, k8s-node2 Started container
[me@devops Ceph]#

Let’s test it out by creating a PersistentVolumeClaim using this.

[me@devops Ceph]# kubectl create -f Ceph-RBD-PVC.yaml
persistentvolumeclaim/testclaim created

You will see that a PersistentVolume is automatically created

[me@devops Ceph]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
mysql-pv-volume 1Gi RWO Retain Bound ehandoff/mysql-pv-claim manual 100d
pvc-4d816e48-de02–11e9–9d31–525400459b48 1Gi RWO Delete Bound default/testclaim fast-rbd 4s
[me@devops Ceph]#

And here is our PersistentVolumeClaim

[me@devops Ceph]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
testclaim Bound pvc-4d816e48-de02–11e9–9d31–525400459b48 1Gi RWO fast-rbd 8m55s
[me@devops Ceph]#

Looking at our Ceph Cluster

So far so good. Let’s now try and use that PVC in our Container mounting it under /data.

[me@devops Ceph]# kubectl create -f nginx-ceph.yaml
pod/nginx-ceph created
[me@devops Ceph]#

So far so good. But

[root@devops Ceph]# kubectl get po
NAME READY STATUS RESTARTS AGE
nginx-ceph 0/1 ContainerCreating 0 118s
[root@devops Ceph]#

But checking in detail what’s going on with the above, I am getting the following

Normal SuccessfulAttachVolume <invalid> attachdetach-controller AttachVolume.Attach succeeded for volume “pvc-4d816e48-de02–11e9–9d31–525400459b48”
Warning FailedMount <invalid> (x6 over <invalid>) kubelet, k8s-master Unable to mount volumes for pod “nginx-ceph_default(a9e6054d-de04–11e9–9d31–525400459b48)”: timeout expired waiting for volumes to attach or mount for pod “default”/”nginx-ceph”. list of unmounted volumes=[ceph-rbd-storage]. list of unattached volumes=[ceph-rbd-storage default-token-99fc5]

And here is the culprit

Warning FailedMount <invalid> (x15 over <invalid>) kubelet, k8s-master MountVolume.WaitForAttach failed for volume “pvc-4d816e48-de02–11e9–9d31–525400459b48” : fail to check rbd image status with: (executable file not found in $PATH), rbd output: ()

Going to the node, I forgot that this needs the Ceph client specifically rbd to work. Easily we can get that by installing ceph-common

[me@k8s-master ~]# yum install ceph-common

Once installed, redeploying our pod, we can now see in our node that the RBD is mounted correctly.

[me@k8s-master ~]# df -h | grep rbd
/dev/rbd0 976M 2.6M 958M 1% /var/lib/kubelet/plugins/kubernetes.io/rbd/mounts/kube-image-kubernetes-dynamic-pvc-4e191de7-de02–11e9–9d2c-aa2e8e29c249
[me@k8s-master ~]#

And going inside our container

Let’s create a sample file

me@nginx-ceph:/data# touch test.txt
me@nginx-ceph:/data# ls- ltrh
me@nginx-ceph:/data# ls -ltrh
total 16K
drwx — — — 2 root root 16K Sep 23 13:39 lost+found
-rw-r — r — 1 root root 0 Sep 23 13:41 test.txt
me@nginx-ceph:/data#

And checking Ceph again, we can see an object was created.

Conclusion

In this post we have seen how to integrate Kubernetes and Ceph. Aside from ceph-rbd, we can also leverage Ceph using ceph-fs. This is just a simple test on how we can leverage Ceph and provide storage for our Kubernetes workloads.

Batcycle - An intro to implementing Sidecar Pattern in K8s

Pod is the basic — smallest and simplest, object of a Kubernetes deployment (application). I’ve been working and pushing out applications in my Kubernetes Cluster with the “one-Container-one-Pod” model. You can actually also deploy multiple Containers in a single Pod.

There are three common design patterns for running multiple containers in a Pod. These are Sidecar pattern, Adapter pattern, and the ambassador pattern.

In this blog post, I will be focusing on the Sidecar Pattern.

In Sidecar Pattern, you have a your main application and a helper container running on a single Pod. The functions of the helper container is essential to the main application but it’s not necessarily part of the application. The most common example of this is having a Web application running on a container AND a helper monitoring / logging application on another separate container.

Main application and sidecar application can be independently written in different languages. The sidecar application can access the same resources as the primary application. Latency between the applications running on the same pod should be low. Code and dependencies between the main application and the side car application can be managed independently.

Using the simple application in my example, I deployed the containers using the following:

apiVersion: apps/v1
kind: Deployment
metadata:  
  name: myapp  
  labels:    
    app: myapp
spec:  
  replicas: 1  
  selector:    
    matchLabels:      
      app: myapp  
  template:    
    metadata:      
      labels:        
        app: myapp    
    spec:      
      containers:
      # Main application container      
      - name: myapp        
        image: myapp:latest        
        ports:        
        - containerPort: 8080      
     # Sidecar application container
      - name: mysidecar       
        image: mysidecar:latest
[me@devops resources]# kubectl create -f deploy.yml -n fusion
deployment.apps/myapp created
[me@devops resources]#

Let’s check the newly created pods

[me@devops resources]# kubectl get pods -n fusion
NAME                  READY STATUS  RESTARTS AGE
myapp-fb6b9f85d-f89md 2/2   Running 0        19s
[me@devops resources]#

Listing out all the containers in this pod, we could see the two containers.

[me@devops resources]# kubectl get pods — all-namespaces -o=jsonpath=’{range .items[*]}{“\n”}{.metadata.name}{“:\t”}{range .spec.containers[*]}{.image}{“, “}{end}{end}’ | sort
myapp-fb6b9f85d-f89md: gcr.io/kube-cluster-234414/myapp:latest, gcr.io/kube-cluster-234414/mysidecar:latest,
[me@devops resources]#

Let’s go inside both containers. First myapp,

[me@devops resources]# kubectl exec -ti myapp-fb6b9f85d-f89md -c myapp -n fusion /bin/bash
root@myapp-fb6b9f85d-f89md:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
 link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
 link/ether 26:96:93:cd:da:df brd ff:ff:ff:ff:ff:ff
 inet 10.244.0.105/32 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::2496:93ff:fecd:dadf/64 scope link
 valid_lft forever preferred_lft forever
root@myapp-fb6b9f85d-f89md:/#

For mysidecar

[me@devops resources]# kubectl exec -ti myapp-fb6b9f85d-f89md -c mysidecar -n fusion /bin/bash
root@myapp-fb6b9f85d-f89md:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
 link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
 link/ether 26:96:93:cd:da:df brd ff:ff:ff:ff:ff:ff
 inet 10.244.0.105/32 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::2496:93ff:fecd:dadf/64 scope link
 valid_lft forever preferred_lft forever
root@myapp-fb6b9f85d-f89md:/#

As you can see from the above, they are actually using the same IP Address (10.244.0.105)

Let’s try our application. My main application is just a simple web application that runs on port 8080. When the index resource of my main application (right pane) is hit, it sends an HTTP POST request to the sidecar application. The sidecar application receives the request (left pane). Think that the sidecar application can further process what it received ( i.e. forwards it to log aggregator, writes it to a file etc).

Summary

This was just a simple attempt to deploy a multi-container application. Before pushing functionality using the Sidecar pattern, consider carefully if the process works better as a separate service. Or you could look into implementing it as a Daemonset. Also consider inter-process communication mechanism that you will be using between the main application and the sidecar application. Use language/framework agnostic technologies as much as possible.

Build container images using buildah

buildah is a command line tool that facilitates building OCI compliant images.

The Buildah package provides a command line tool that can be used to

  • create a working container, either from scratch or using an image as a starting point
  • create an image, either from a working container or via the instructions in a Dockerfile
  • images can be built in either the OCI image format or the traditional upstream docker image format
  • mount a working container’s root filesystem for manipulation
  • unmount a working container’s root filesystem
  • use the updated contents of a container’s root filesystem as a filesystem layer to create a new image
  • delete a working container or an image
  • rename a local container

Installing buildah

buildah is available in the CentOS repo. All we need to do is to run the following to install it:

[podman@localhost ]# yum install -y buildah

After installation is done, we can check the version of the installed package

[podman@localhost base]# buildah --version
buildah version 1.7.1 (image-spec 1.0.0, runtime-spec 1.0.0)

I am going to use a previous Dockerfile that I have to build a test container image. The application is just a simple flask test application.

[podman@localhost base]# ls
Dockerfile hello.py requirements.txt run.py

[podman@localhost base]# cat Dockerfile
from python:2.7.10

COPY requirements.txt /app/requirements.txt
COPY hello.py /app/hello.py

RUN pip install -r /app/requirements.txt

CMD ["python","/app/hello.py"]

And running build-using-dockerfile,  you’ll find a pretty similar output when using docker build command

[podman@localhost base]# buildah build-using-dockerfile -t base_bud .
STEP 1: FROM python:2.7.10
Getting image source signatures
Copying blob d4bce7fd68df [======================================] 1.5GiB / 1.5GiB
Copying blob a3ed95caeb02 [======================================] 1.5GiB / 1.5GiB
Copying blob 816152842605 [======================================] 1.5GiB / 1.5GiB
Copying blob 5dcab2c7e430 [======================================] 1.5GiB / 1.5GiB
Copying blob dc54ada22a60 [======================================] 1.5GiB / 1.5GiB
Copying blob b7b0de78f891 [======================================] 1.5GiB / 1.5GiB
Copying blob a3ed95caeb02 [======================================] 1.5GiB / 1.5GiB
Copying blob 88363ed594cb [======================================] 1.5GiB / 1.5GiB
Copying blob a3ed95caeb02 [======================================] 1.5GiB / 1.5GiB
Copying blob a3ed95caeb02 [======================================] 1.5GiB / 1.5GiB
Copying blob f8c4a940a0da [======================================] 1.5GiB / 1.5GiB
Copying blob dd19554ab82c [======================================] 1.5GiB / 1.5GiB
Copying blob a3ed95caeb02 [======================================] 1.5GiB / 1.5GiB
Writing manifest to image destination
Storing signatures
STEP 2: COPY requirements.txt /app/requirements.txt
STEP 3: COPY hello.py /app/hello.py
STEP 4: RUN pip install -r /app/requirements.txt
Collecting flask (from -r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/9a/74/670ae9737d14114753b8c8fdf2e8bd212a05d3b361ab15b44937dfd40985/Flask-1.0.3-py2.py3-none-any.whl (92kB)
 100% |████████████████████████████████| 94kB 905kB/s
Collecting itsdangerous>=0.24 (from flask->-r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/76/ae/44b03b253d6fade317f32c24d100b3b35c2239807046a4c953c7b89fa49e/itsdangerous-1.1.0-py2.py3-none-any.whl
Collecting Werkzeug>=0.14 (from flask->-r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/9f/57/92a497e38161ce40606c27a86759c6b92dd34fcdb33f64171ec559257c02/Werkzeug-0.15.4-py2.py3-none-any.whl (327kB)
 100% |████████████████████████████████| 327kB 394kB/s
Collecting Jinja2>=2.10 (from flask->-r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/1d/e7/fd8b501e7a6dfe492a433deb7b9d833d39ca74916fa8bc63dd1a4947a671/Jinja2-2.10.1-py2.py3-none-any.whl (124kB)
 100% |████████████████████████████████| 126kB 796kB/s
Collecting click>=5.1 (from flask->-r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/fa/37/45185cb5abbc30d7257104c434fe0b07e5a195a6847506c074527aa599ec/Click-7.0-py2.py3-none-any.whl (81kB)
 100% |████████████████████████████████| 81kB 847kB/s
Collecting MarkupSafe>=0.23 (from Jinja2>=2.10->flask->-r /app/requirements.txt (line 1))
 Downloading https://files.pythonhosted.org/packages/b9/2e/64db92e53b86efccfaea71321f597fa2e1b2bd3853d8ce658568f7a13094/MarkupSafe-1.1.1.tar.gz
Building wheels for collected packages: MarkupSafe
 Running setup.py bdist_wheel for MarkupSafe
 Stored in directory: /root/.cache/pip/wheels/f2/aa/04/0edf07a1b8a5f5f1aed7580fffb69ce8972edc16a505916a77
Successfully built MarkupSafe
Installing collected packages: itsdangerous, Werkzeug, MarkupSafe, Jinja2, click, flask
Successfully installed Jinja2-2.10.1 MarkupSafe-1.1.1 Werkzeug-0.15.4 click-7.0 flask-1.0.3 itsdangerous-1.1.0
You are using pip version 7.1.2, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
STEP 5: CMD ["python","/app/hello.py"]
STEP 6: COMMIT containers-storage:[overlay@/var/lib/containers/storage+/var/run/containers/storage]localhost/base_bud:latest
Getting image source signatures
Copying blob 12e469267d21 [======================================] 124.9MiB / 124.9MiB
Copying blob 5f70bf18a086 [======================================] 1.0KiB / 1.0KiB
Copying blob 0d78baeff42f [======================================] 43.1MiB / 43.1MiB
Copying blob c32291971339 [======================================] 120.4MiB / 120.4MiB
Copying blob d6d84a7ea9f1 [======================================] 307.6MiB / 307.6MiB
Copying blob a21d673437af [======================================] 1.4MiB / 1.4MiB
Copying blob 5f70bf18a086 [======================================] 1.0KiB / 1.0KiB
Copying blob 3c62eeb65f64 [======================================] 33.0KiB / 33.0KiB
Copying blob 5f70bf18a086 [======================================] 1.0KiB / 1.0KiB
Copying blob 5f70bf18a086 [======================================] 1.0KiB / 1.0KiB
Copying blob 641946be2935 [======================================] 60.9MiB / 60.9MiB
Copying blob 7ce007c412b5 [======================================] 5.8MiB / 5.8MiB
Copying blob 5f70bf18a086 [======================================] 1.0KiB / 1.0KiB
Copying blob ff620944702d [======================================] 5.9MiB / 5.9MiB
Copying config e3b4c77357 [======================================] 4.6KiB / 4.6KiB
Writing manifest to image destination
Storing signatures
--> e3b4c773576230182c498a12b5a3fd8611da958ba5b273947eedc46b50ff6617

Listing our images using buildah

[podman@localhost base]# buildah images
IMAGE NAME IMAGE TAG IMAGE ID CREATED AT SIZE
docker.io/library/python 2.7.10 4442f7b981c4 Dec 6, 2015 05:49 696 MB
localhost/base_bud latest e3b4c7735762 May 27, 2019 22:47 703 MB

Using podman (podman is a tool for managing pods, containers, and container images.), let’s try the newly created image

[podman@localhost base]# podman run base_bud
 * Serving Flask app "hello" (lazy loading)
 * Environment: production
 WARNING: This is a development server. Do not use it in a production deployment.
 Use a production WSGI server instead.
 * Debug mode: on
 * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 437-588-275

And listing our running container

[podman@localhost base]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
32597e3dd8c5 localhost/base_bud:latest python /app/hello... 2 minutes ago Up About a minute ago upbeat_mcnulty

Checking our app by going inside the container

[podman@localhost base]# podman exec -it 32597e3dd8c5 /bin/sh
# curl localhost:8080
127.0.0.1 - - [27/May/2019 14:56:46] "GET / HTTP/1.1" 200 -
Hello World
#

In this post we saw how simple (and identical to docker) it is to use buildah to create an OCI compliant container image.

 

MetalLB for K8S Cluster on Bare-Metal

On Bare-metal servers, K8S doesn’t offer any LoadBalancer implementation.  K8S ships with a Network LB implementation that’s primarily suited/works with IaaS platforms.

We are left mostly with using NodePort if we want to get external traffic to our cluster.

I recently stumbled into MetalLB that provides Network Load-Balancing for K8S deployed on Bare-metal servers. I’ll be sharing in this post how I installed MetalLB on my K8S Cluster.

Install MetalLB by applying the manifest available at https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/metallb.yaml

This will create resources which basically is related to access control. It will also create metallb-system/controller that handles IP Address assignment.
It also creates a metallb-system/speaker which handles the protocol(s) to make the service reachable.

[k8smaster ~]# kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/metallb.yaml
namespace/metallb-system created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
daemonset.apps/speaker created
deployment.apps/controller created
[k8smaster ~]#

Once created we could check the pods under metallb-systems namespace

[k8smaster ~]# kubectl get pods -n metallb-system
NAME READY STATUS RESTARTS AGE
controller-7cc9c87cfb-qj5gb 1/1 Running 0 28s
speaker-8bn5d 1/1 Running 0 29s
[k8smaster ~]#

I will create a Layer2 configuration as its the most simplest way to test this.

Basically I provided a set of available IP range (which my DHCP server provides ) to MetalLB.

[k8smaster ~]# cat mlb-layer2-config.yml
apiVersion: v1
kind: ConfigMap
metadata:
 namespace: metallb-system
 name: config
data:
 config: |
 address-pools:
 - name: my-ip-space
 protocol: layer2
 addresses:
 - 192.168.0.240-192.168.0.250
[k8smaster ~]#



[k8smaster ~]# kubectl apply -f mlb-layer2-config.yml
configmap/config created
[k8smaster ~]#



[k8smaster ~]# kubectl describe ConfigMap config --namespace metallb-system
Name: config
Namespace: metallb-system
Labels: <none>
Annotations: <none>

Data
====
config:
----
address-pools:
- name: my-ip-space
 protocol: layer2
 addresses:
 - 192.168.0.240-192.168.0.250

Events: <none>
[k8smaster ~]#

Let’s now test this LoadBalancer by creating the following deployment and service resources.

[development python-webapp]# cat deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
 name: awesome-webapp
 labels:
 app: awesome-webapp
spec:
 replicas: 2
 selector:
 matchLabels:
 app: awesome-webapp
 template:
 metadata:
 labels:
 app: awesome-webapp
 spec:
 containers:
 - name: python-webapp
 image: gcr.io/kube-cluster-234414/python-webapp:2
 ports:
 - containerPort: 8080

[development python-webapp]#

[development python-webapp]# cat mlb-service.yml
apiVersion: v1
kind: Service
metadata:
 name: awesome-webapp-mlb-service
spec:
 ports:
 - name: http
 port: 80
 protocol: TCP
 targetPort: 8080
 selector:
 app: awesome-webapp
 type: LoadBalancer

[development python-webapp]#



[development python-webapp]# kubectl apply -f deploy.yml
deployment.apps/awesome-webapp created
[development python-webapp]# kubectl apply -f mlb-service.yml
service/awesome-webapp-mlb-service created
[development python-webapp]#

I deployed a replica set with 2 instance that is accessible via a LoadBalancer service.

[development python-webapp]# kubectl get service,deploy,po
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/awesome-webapp-mlb-service LoadBalancer 10.103.126.242 192.168.0.240 80:31485/TCP 16m

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/awesome-webapp 2/2 2 2 16m

NAME READY STATUS RESTARTS AGE
pod/awesome-webapp-6d9b76bd54-6hqzc 1/1 Running 0 12m
pod/awesome-webapp-6d9b76bd54-md6xf 1/1 Running 0 12m
[development python-webapp]#

Now I can access this application using the External IP provided.

Although still in it’s early phase and with critical limitations, MetalLB looks to be promising for K8S deployments on bare-metal servers. You can find more information about MetalLB at https://metallb.universe.tf.

 

Testing dotnetcore on CentOS Docker image

Continuing the last post, I wanted to try dotnetcore on CentOS.

I’m going to copy the root filesystem structure and install dotnetcore and create a Docker image out of it.

[dotnet]# cp -R centos_image/ centos_image_dotnetcore
[dotnet]# export centos_root='/centos_image_dotnetcore/rootfs'
[dotnet]# cp /etc/resolv.conf $centos_root/etc
[dotnet]# mount -o bind /dev $centos_root/dev
[dotnet]# chroot $centos_root /bin/bash <<EOF
> rpm -Uvh https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm
> yum install aspnetcore-runtime-2.2 -y
> yum clean all
> EOF
Retrieving https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm
warning: /var/tmp/rpm-tmp.vnu7hw: Header V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY
Preparing... ################################# [100%]
 package packages-microsoft-prod-1.0-1.el7.noarch is already installed
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.0x.sg
 * extras: mirror.0x.sg
 * updates: mirror.0x.sg
Resolving Dependencies
--> Running transaction check
---> Package aspnetcore-runtime-2.2.x86_64 0:2.2.2-1 will be installed
--> Processing Dependency: dotnet-runtime-2.2 >= 2.2.2 for package: aspnetcore-runtime-2.2-2.2.2-1.x86_64
--> Running transaction check
---> Package dotnet-runtime-2.2.x86_64 0:2.2.2-1 will be installed
--> Processing Dependency: dotnet-runtime-deps-2.2 >= 2.2.2 for package: dotnet-runtime-2.2-2.2.2-1.x86_64
--> Processing Dependency: dotnet-hostfxr-2.2 >= 2.2.2 for package: dotnet-runtime-2.2-2.2.2-1.x86_64
--> Running transaction check
---> Package dotnet-hostfxr-2.2.x86_64 0:2.2.2-1 will be installed
--> Processing Dependency: dotnet-host >= 2.2.2 for package: dotnet-hostfxr-2.2-2.2.2-1.x86_64
---> Package dotnet-runtime-deps-2.2.x86_64 0:2.2.2-1 will be installed
--> Processing Dependency: libicu for package: dotnet-runtime-deps-2.2-2.2.2-1.x86_64
--> Running transaction check
---> Package dotnet-host.x86_64 0:2.2.2-1 will be installed
---> Package libicu.x86_64 0:50.1.2-17.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================
 Package Arch Version Repository Size
=====================================================================================================================================================
Installing:
 aspnetcore-runtime-2.2 x86_64 2.2.2-1 packages-microsoft-com-prod 30 M
Installing for dependencies:
 dotnet-host x86_64 2.2.2-1 packages-microsoft-com-prod 45 k
 dotnet-hostfxr-2.2 x86_64 2.2.2-1 packages-microsoft-com-prod 196 k
 dotnet-runtime-2.2 x86_64 2.2.2-1 packages-microsoft-com-prod 27 M
 dotnet-runtime-deps-2.2 x86_64 2.2.2-1 packages-microsoft-com-prod 2.8 k
 libicu x86_64 50.1.2-17.el7 base 6.9 M

Transaction Summary
=====================================================================================================================================================
Install 1 Package (+5 Dependent packages)

Total download size: 64 M
Installed size: 81 M
Downloading packages:
warning: [fd 20]: Header V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY ] 0.0 B/s | 0 B --:--:-- ETA
Public key for dotnet-host-2.2.2-x64.rpm is not installed
(1/6): dotnet-host-2.2.2-x64.rpm | 45 kB 00:00:00
(2/6): dotnet-hostfxr-2.2.2-x64.rpm | 196 kB 00:00:00
(3/6): dotnet-runtime-2.2.2-x64.rpm | 27 MB 00:00:01
(4/6): dotnet-runtime-deps-2.2.2-rhel.7-x64.rpm | 2.8 kB 00:00:00
(5/6): aspnetcore-runtime-2.2.2-x64.rpm | 30 MB 00:00:03
(6/6): libicu-50.1.2-17.el7.x86_64.rpm | 6.9 MB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------
Total 18 MB/s | 64 MB 00:00:03
Retrieving key from https://packages.microsoft.com/keys/microsoft.asc
Importing GPG key 0xBE1229CF:
 Userid : "Microsoft (Release signing) <gpgsecurity@microsoft.com>"
 Fingerprint: bc52 8686 b50d 79e3 39d3 721c eb3e 94ad be12 29cf
 From : https://packages.microsoft.com/keys/microsoft.asc
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
 Installing : libicu-50.1.2-17.el7.x86_64 1/6
 Installing : dotnet-runtime-deps-2.2-2.2.2-1.x86_64 2/6
 Installing : dotnet-host-2.2.2-1.x86_64 3/6
Creating dotnet host symbolic link: /usr/bin/dotnet
 Installing : dotnet-hostfxr-2.2-2.2.2-1.x86_64 4/6
 Installing : dotnet-runtime-2.2-2.2.2-1.x86_64 5/6
 Installing : aspnetcore-runtime-2.2-2.2.2-1.x86_64 6/6
 Verifying : dotnet-runtime-2.2-2.2.2-1.x86_64 1/6
 Verifying : dotnet-runtime-deps-2.2-2.2.2-1.x86_64 2/6
 Verifying : dotnet-hostfxr-2.2-2.2.2-1.x86_64 3/6
 Verifying : dotnet-host-2.2.2-1.x86_64 4/6
 Verifying : aspnetcore-runtime-2.2-2.2.2-1.x86_64 5/6
 Verifying : libicu-50.1.2-17.el7.x86_64 6/6

Installed:
 aspnetcore-runtime-2.2.x86_64 0:2.2.2-1

Dependency Installed:
 dotnet-host.x86_64 0:2.2.2-1 dotnet-hostfxr-2.2.x86_64 0:2.2.2-1 dotnet-runtime-2.2.x86_64 0:2.2.2-1 dotnet-runtime-deps-2.2.x86_64 0:2.2.2-1
 libicu.x86_64 0:50.1.2-17.el7

Complete!
Loaded plugins: fastestmirror
Cleaning repos: base extras packages-microsoft-com-prod updates
Cleaning up list of fastest mirrors
[dotnet]# rm -f $centos_root/etc/resolv.conf
[dotnet]# umount $centos_root/dev
[dotnet]# tar -C $centos_root -c . | docker import - centos-dotnetcore
sha256:f5953a7e49df031d7c6199ef20e79e27d208cfeafec1ad51d8957883720c3494
[dotnet]#

Checking our newly created image

[dotnet]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-dotnetcore latest f5953a7e49df 44 seconds ago 378 MB
centos latest 6fced9621cdc 25 hours ago 193 MB
docker.io/registry 2 d0eed8dad114 5 weeks ago 25.8 MB
[dotnet]#

Publishing an ASP.NET web application, I copied it to my docker host and created the following Dockerfile. (NOTE: Need to secure this. This runs as root)

[dotnet]# cat Dockerfile
# Use the recently built centos-dotnetcore as the parent image
FROM centos-dotnetcore

# Set the working directory in the container to /app
WORKDIR /app

# Copy the current directory contents into the container at /app
ADD . /app

# Make the container's port 5000 available to the outside world
EXPOSE 5000

# Run when the container launches
CMD ["/bin/dotnet", "/app/Release/netcoreapp2.2/publish/FusionApp.dll", "--urls=http://0.0.0.0:5000/"]

Doing a docker build

 [dotnet]#  docker build -t dotnet-webapp .

And checking our images

[dotnet]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dotnet-webapp latest 5f7d3e66ae78 About a minute ago 383 MB
centos-dotnetcore latest 390de8bce490 50 minutes ago 378 MB
centos latest 6fced9621cdc 27 hours ago 193 MB

And running a container out of the newly created image

[dotnet]# docker run -d -p 5001:5000 --name webapp dotnet-webapp
7b97c0e8c7bc9c602ca8ac3eff89194e1c9c3948cb0f845c77d387c723ca5879
[dotnet]#

Let’s check if our container is running

[dotnet]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7b97c0e8c7bc dotnet-webapp "/bin/dotnet /app/..." 34 seconds ago Up 32 seconds 0.0.0.0:5001->5000/tcp webapp

Let’s check the logs

[dotnet]# docker logs webapp
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
 User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[58]
 Creating key {36f9c085-9148-44b1-9e06-92824fd7b5e8} with creation date 2019-03-09 13:05:26Z, activation date 2019-03-09 13:05:26Z, and expiration date 2019-06-07 13:05:26Z.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
 No XML encryptor configured. Key {36f9c085-9148-44b1-9e06-92824fd7b5e8} may be persisted to storage in unencrypted form.
info: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[39]
 Writing data to file '/root/.aspnet/DataProtection-Keys/key-36f9c085-9148-44b1-9e06-92824fd7b5e8.xml'.
Hosting environment: Production
Content root path: /app
Now listening on: http://0.0.0.0:5000
Application started. Press Ctrl+C to shut down.
[dotnet]#

Checking our app from browser

 

 

 

Creating minimal CentOS base Docker image

Let’s create the root file system for our CentOS image.

Create a new directory for our new root structure. Also initialize rpm database.

[root@lab-host]# export centos_base_root='/centos_image/rootfs'
[root@lab-host]# mkdir -p $centos_base_root
[root@lab-host]# rpm --root $centos_base_root --initdb

Download centos-release package

[root@lab-host]# yum reinstall --downloadonly --downloaddir . centos-release
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 3.0 kB 00:00:00
 * base: mirror.vodien.com
 * epel: ftp.jaist.ac.jp
 * extras: mirror.vodien.com
 * updates: mirror.vodien.com
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
kubernetes | 1.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): updates/7/x86_64/primary_db | 2.5 MB 00:00:06
(2/4): kubernetes/primary | 45 kB 00:00:06
(3/4): epel/x86_64/primary_db | 6.6 MB 00:00:07
(4/4): epel/x86_64/updateinfo | 953 kB 00:00:07
kubernetes 323/323
Resolving Dependencies
--> Running transaction check
---> Package centos-release.x86_64 0:7-6.1810.2.el7.centos will be reinstalled
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package Arch Version Repository Size
======================================================================================================================================================
Reinstalling:
 centos-release x86_64 7-6.1810.2.el7.centos base 26 k

Transaction Summary
======================================================================================================================================================
Reinstall 1 Package

Total download size: 26 k
Installed size: 40 k
Background downloading packages, then exiting:
centos-release-7-6.1810.2.el7.centos.x86_64.rpm | 26 kB 00:00:00
exiting because "Download Only" specified

 

[root@lab-host]# ls
centos-release-7-6.1810.2.el7.centos.x86_64.rpm
[root@lab-host]#

Let’s install it to our centos_base_root directory.

[root@lab-host]# rpm --root $centos_base_root -ivh --nodeps centos-release*.rpm
warning: centos-release-7-6.1810.2.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:centos-release-7-6.1810.2.el7.cen################################# [100%]
warning: %posttrans(centos-release-7-6.1810.2.el7.centos.x86_64) scriptlet failed, exit status 127
[root@lab-host]# rpm --root $centos_base_root --import $centos_base_root/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

I need yum so let’s install it.

[root@lab-host]# yum -y --installroot=$centos_base_root --setopt=tsflags='nodocs' --setopt=override_install_langs=en_US.utf8 install yum
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirror.vodien.com
 * extras: mirror.vodien.com
 * updates: mirror.vodien.com
Resolving Dependencies
--> Running transaction check
---> Package yum.noarch 0:3.4.3-161.el7.centos will be installed
--> Processing Dependency: python(abi) = 2.7 for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: yum-metadata-parser >= 1.1.0 for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: rpm >= 4.11.3-22 for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: python-urlgrabber >= 3.10-8 for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: python >= 2.4 for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: yum-plugin-fastestmirror for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: rpm-python for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: pyxattr for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: python-sqlite for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: python-iniparse for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: pyliblzma for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: pygpgme for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: diffutils for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: cpio for package: yum-3.4.3-161.el7.centos.noarch
--> Processing Dependency: /usr/bin/python for package: yum-3.4.3-161.el7.centos.noarch
--> Running transaction check
---> Package cpio.x86_64 0:2.11-27.el7 will be installed
--> Processing Dependency: rtld(GNU_HASH) for package: cpio-2.11-27.el7.x86_64
--> Processing Dependency: libc.so.6(GLIBC_2.17)(64bit) for package: cpio-2.11-27.el7.x86_64
--> Processing Dependency: /sbin/install-info for package: cpio-2.11-27.el7.x86_64
--> Processing Dependency: /sbin/install-info for package: cpio-2.11-27.el7.x86_64
--> Processing Dependency: /bin/sh for package: cpio-2.11-27.el7.x86_64
--> Processing Dependency: /bin/sh for package: cpio-2.11-27.el7.x86_64
---> Package diffutils.x86_64 0:3.3-4.el7 will be installed
---> Package pygpgme.x86_64 0:0.3-9.el7 will be installed
--> Processing Dependency: libgpgme.so.11(GPGME_1.1)(64bit) for package: pygpgme-0.3-9.el7.x86_64
--> Processing Dependency: libgpgme.so.11(GPGME_1.0)(64bit) for package: pygpgme-0.3-9.el7.x86_64
--> Processing Dependency: libpython2.7.so.1.0()(64bit) for package: pygpgme-0.3-9.el7.x86_64
--> Processing Dependency: libgpgme.so.11()(64bit) for package: pygpgme-0.3-9.el7.x86_64
---> Package pyliblzma.x86_64 0:0.5.3-11.el7 will be installed
--> Processing Dependency: liblzma.so.5(XZ_5.0)(64bit) for package: pyliblzma-0.5.3-11.el7.x86_64
--> Processing Dependency: liblzma.so.5()(64bit) for package: pyliblzma-0.5.3-11.el7.x86_64
---> Package python.x86_64 0:2.7.5-76.el7 will be installed
---> Package python-iniparse.noarch 0:0.4-9.el7 will be installed
---> Package python-urlgrabber.noarch 0:3.10-9.el7 will be installed
--> Processing Dependency: python-pycurl for package: python-urlgrabber-3.10-9.el7.noarch
---> Package pyxattr.x86_64 0:0.5.1-5.el7 will be installed
--> Processing Dependency: libattr.so.1(ATTR_1.0)(64bit) for package: pyxattr-0.5.1-5.el7.x86_64
--> Processing Dependency: libattr.so.1()(64bit) for package: pyxattr-0.5.1-5.el7.x86_64
---> Package rpm.x86_64 0:4.11.3-35.el7 will be installed
--> Processing Dependency: popt(x86-64) >= 1.10.2.1 for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libpopt.so.0(LIBPOPT_0)(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: curl for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: coreutils for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: /usr/bin/db_stat for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libz.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libselinux.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: librpmio.so.3()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: librpm.so.3()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libpopt.so.0()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libnss3.so()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: liblua-5.1.so()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libelf.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libdb-5.3.so()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libcap.so.2()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libbz2.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libaudit.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
--> Processing Dependency: libacl.so.1()(64bit) for package: rpm-4.11.3-35.el7.x86_64
---> Package rpm-python.x86_64 0:4.11.3-35.el7 will be installed
--> Processing Dependency: librpmsign.so.1()(64bit) for package: rpm-python-4.11.3-35.el7.x86_64
--> Processing Dependency: librpmbuild.so.3()(64bit) for package: rpm-python-4.11.3-35.el7.x86_64
--> Processing Dependency: libmagic.so.1()(64bit) for package: rpm-python-4.11.3-35.el7.x86_64
---> Package yum-metadata-parser.x86_64 0:1.1.4-10.el7 will be installed
--> Processing Dependency: glib2 >= 2.15 for package: yum-metadata-parser-1.1.4-10.el7.x86_64
--> Processing Dependency: libxml2.so.2(LIBXML2_2.4.30)(64bit) for package: yum-metadata-parser-1.1.4-10.el7.x86_64
--> Processing Dependency: libxml2.so.2()(64bit) for package: yum-metadata-parser-1.1.4-10.el7.x86_64
--> Processing Dependency: libsqlite3.so.0()(64bit) for package: yum-metadata-parser-1.1.4-10.el7.x86_64
--> Processing Dependency: libglib-2.0.so.0()(64bit) for package: yum-metadata-parser-1.1.4-10.el7.x86_64
---> Package yum-plugin-fastestmirror.noarch 0:1.1.31-50.el7 will be installed
--> Running transaction check
---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be installed
--> Processing Dependency: libcap-ng.so.0()(64bit) for package: audit-libs-2.8.4-4.el7.x86_64
---> Package bash.x86_64 0:4.2.46-31.el7 will be installed
--> Processing Dependency: libtinfo.so.5()(64bit) for package: bash-4.2.46-31.el7.x86_64
---> Package bzip2-libs.x86_64 0:1.0.6-13.el7 will be installed
---> Package coreutils.x86_64 0:8.22-23.el7 will be installed
--> Processing Dependency: ncurses for package: coreutils-8.22-23.el7.x86_64
--> Processing Dependency: libcrypto.so.10(libcrypto.so.10)(64bit) for package: coreutils-8.22-23.el7.x86_64
--> Processing Dependency: grep for package: coreutils-8.22-23.el7.x86_64
--> Processing Dependency: gmp for package: coreutils-8.22-23.el7.x86_64
--> Processing Dependency: libgmp.so.10()(64bit) for package: coreutils-8.22-23.el7.x86_64
--> Processing Dependency: libcrypto.so.10()(64bit) for package: coreutils-8.22-23.el7.x86_64
---> Package curl.x86_64 0:7.29.0-51.el7 will be installed
--> Processing Dependency: libcurl = 7.29.0-51.el7 for package: curl-7.29.0-51.el7.x86_64
--> Processing Dependency: libplds4.so()(64bit) for package: curl-7.29.0-51.el7.x86_64
--> Processing Dependency: libplc4.so()(64bit) for package: curl-7.29.0-51.el7.x86_64
--> Processing Dependency: libnssutil3.so()(64bit) for package: curl-7.29.0-51.el7.x86_64
--> Processing Dependency: libnspr4.so()(64bit) for package: curl-7.29.0-51.el7.x86_64
--> Processing Dependency: libcurl.so.4()(64bit) for package: curl-7.29.0-51.el7.x86_64
---> Package elfutils-libelf.x86_64 0:0.172-2.el7 will be installed
---> Package file-libs.x86_64 0:5.11-35.el7 will be installed
---> Package glib2.x86_64 0:2.56.1-2.el7 will be installed
--> Processing Dependency: shared-mime-info for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libmount.so.1(MOUNT_2.19)(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libgcc_s.so.1(GCC_3.3.1)(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libgcc_s.so.1(GCC_3.0)(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libpcre.so.1()(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libmount.so.1()(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libgcc_s.so.1()(64bit) for package: glib2-2.56.1-2.el7.x86_64
--> Processing Dependency: libffi.so.6()(64bit) for package: glib2-2.56.1-2.el7.x86_64
---> Package glibc.x86_64 0:2.17-260.el7_6.3 will be installed
--> Processing Dependency: glibc-common = 2.17-260.el7_6.3 for package: glibc-2.17-260.el7_6.3.x86_64
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3)(64bit) for package: glibc-2.17-260.el7_6.3.x86_64
--> Processing Dependency: basesystem for package: glibc-2.17-260.el7_6.3.x86_64
--> Processing Dependency: libfreebl3.so()(64bit) for package: glibc-2.17-260.el7_6.3.x86_64
---> Package gpgme.x86_64 0:1.3.2-5.el7 will be installed
--> Processing Dependency: libassuan.so.0(LIBASSUAN_1.0)(64bit) for package: gpgme-1.3.2-5.el7.x86_64
--> Processing Dependency: gnupg2 for package: gpgme-1.3.2-5.el7.x86_64
--> Processing Dependency: libgpg-error.so.0()(64bit) for package: gpgme-1.3.2-5.el7.x86_64
--> Processing Dependency: libassuan.so.0()(64bit) for package: gpgme-1.3.2-5.el7.x86_64
---> Package info.x86_64 0:5.1-5.el7 will be installed
---> Package libacl.x86_64 0:2.2.51-14.el7 will be installed
---> Package libattr.x86_64 0:2.4.46-13.el7 will be installed
---> Package libcap.x86_64 0:2.22-9.el7 will be installed
---> Package libdb.x86_64 0:5.3.21-24.el7 will be installed
---> Package libdb-utils.x86_64 0:5.3.21-24.el7 will be installed
---> Package libselinux.x86_64 0:2.5-14.1.el7 will be installed
--> Processing Dependency: libsepol(x86-64) >= 2.5-10 for package: libselinux-2.5-14.1.el7.x86_64
--> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: libselinux-2.5-14.1.el7.x86_64
--> Processing Dependency: libsepol.so.1()(64bit) for package: libselinux-2.5-14.1.el7.x86_64
---> Package libxml2.x86_64 0:2.9.1-6.el7_2.3 will be installed
---> Package lua.x86_64 0:5.1.4-15.el7 will be installed
--> Processing Dependency: libreadline.so.6()(64bit) for package: lua-5.1.4-15.el7.x86_64
---> Package nss.x86_64 0:3.36.0-7.1.el7_6 will be installed
--> Processing Dependency: nss-softokn(x86-64) >= 3.36.0-1 for package: nss-3.36.0-7.1.el7_6.x86_64
--> Processing Dependency: nss-system-init for package: nss-3.36.0-7.1.el7_6.x86_64
--> Processing Dependency: nss-pem(x86-64) for package: nss-3.36.0-7.1.el7_6.x86_64
--> Processing Dependency: /usr/sbin/update-alternatives for package: nss-3.36.0-7.1.el7_6.x86_64
--> Processing Dependency: /usr/sbin/update-alternatives for package: nss-3.36.0-7.1.el7_6.x86_64
---> Package popt.x86_64 0:1.13-16.el7 will be installed
---> Package python-libs.x86_64 0:2.7.5-76.el7 will be installed
--> Processing Dependency: expat >= 2.1.0 for package: python-libs-2.7.5-76.el7.x86_64
--> Processing Dependency: libgdbm_compat.so.4()(64bit) for package: python-libs-2.7.5-76.el7.x86_64
--> Processing Dependency: libgdbm.so.4()(64bit) for package: python-libs-2.7.5-76.el7.x86_64
--> Processing Dependency: libexpat.so.1()(64bit) for package: python-libs-2.7.5-76.el7.x86_64
---> Package python-pycurl.x86_64 0:7.19.0-19.el7 will be installed
--> Processing Dependency: keyutils-libs for package: python-pycurl-7.19.0-19.el7.x86_64
---> Package rpm-build-libs.x86_64 0:4.11.3-35.el7 will be installed
---> Package rpm-libs.x86_64 0:4.11.3-35.el7 will be installed
---> Package sqlite.x86_64 0:3.7.17-8.el7 will be installed
---> Package xz-libs.x86_64 0:5.2.2-1.el7 will be installed
---> Package zlib.x86_64 0:1.2.7-18.el7 will be installed
--> Running transaction check
---> Package basesystem.noarch 0:10.0-7.el7.centos will be installed
--> Processing Dependency: setup for package: basesystem-10.0-7.el7.centos.noarch
--> Processing Dependency: filesystem for package: basesystem-10.0-7.el7.centos.noarch
---> Package chkconfig.x86_64 0:1.7.4-1.el7 will be installed
---> Package expat.x86_64 0:2.1.0-10.el7_3 will be installed
---> Package gdbm.x86_64 0:1.10-8.el7 will be installed
---> Package glibc-common.x86_64 0:2.17-260.el7_6.3 will be installed
--> Processing Dependency: tzdata >= 2003a for package: glibc-common-2.17-260.el7_6.3.x86_64
---> Package gmp.x86_64 1:6.0.0-15.el7 will be installed
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4.11)(64bit) for package: 1:gmp-6.0.0-15.el7.x86_64
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4)(64bit) for package: 1:gmp-6.0.0-15.el7.x86_64
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3)(64bit) for package: 1:gmp-6.0.0-15.el7.x86_64
--> Processing Dependency: libstdc++.so.6()(64bit) for package: 1:gmp-6.0.0-15.el7.x86_64
---> Package gnupg2.x86_64 0:2.0.22-5.el7_5 will be installed
--> Processing Dependency: pinentry for package: gnupg2-2.0.22-5.el7_5.x86_64
--> Processing Dependency: libgcrypt.so.11(GCRYPT_1.2)(64bit) for package: gnupg2-2.0.22-5.el7_5.x86_64
--> Processing Dependency: libpth.so.20()(64bit) for package: gnupg2-2.0.22-5.el7_5.x86_64
--> Processing Dependency: libldap-2.4.so.2()(64bit) for package: gnupg2-2.0.22-5.el7_5.x86_64
--> Processing Dependency: libgcrypt.so.11()(64bit) for package: gnupg2-2.0.22-5.el7_5.x86_64
---> Package grep.x86_64 0:2.20-3.el7 will be installed
---> Package keyutils-libs.x86_64 0:1.5.8-3.el7 will be installed
---> Package libassuan.x86_64 0:2.1.0-3.el7 will be installed
---> Package libcap-ng.x86_64 0:0.7.5-4.el7 will be installed
---> Package libcurl.x86_64 0:7.29.0-51.el7 will be installed
--> Processing Dependency: libssh2(x86-64) >= 1.4.3 for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libidn.so.11(LIBIDN_1.0)(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libssh2.so.1()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libkrb5.so.3()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libk5crypto.so.3()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libidn.so.11()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libgssapi_krb5.so.2()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
--> Processing Dependency: libcom_err.so.2()(64bit) for package: libcurl-7.29.0-51.el7.x86_64
---> Package libffi.x86_64 0:3.0.13-18.el7 will be installed
---> Package libgcc.x86_64 0:4.8.5-36.el7 will be installed
---> Package libgpg-error.x86_64 0:1.12-3.el7 will be installed
---> Package libmount.x86_64 0:2.23.2-59.el7 will be installed
--> Processing Dependency: libuuid = 2.23.2-59.el7 for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libblkid = 2.23.2-59.el7 for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libblkid.so.1(BLKID_2.17)(64bit) for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libblkid.so.1(BLKID_2.15)(64bit) for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libblkid.so.1(BLKID_1.0)(64bit) for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libuuid.so.1()(64bit) for package: libmount-2.23.2-59.el7.x86_64
--> Processing Dependency: libblkid.so.1()(64bit) for package: libmount-2.23.2-59.el7.x86_64
---> Package libsepol.x86_64 0:2.5-10.el7 will be installed
---> Package ncurses.x86_64 0:5.9-14.20130511.el7_4 will be installed
---> Package ncurses-libs.x86_64 0:5.9-14.20130511.el7_4 will be installed
--> Processing Dependency: ncurses-base = 5.9-14.20130511.el7_4 for package: ncurses-libs-5.9-14.20130511.el7_4.x86_64
---> Package nspr.x86_64 0:4.19.0-1.el7_5 will be installed
---> Package nss-pem.x86_64 0:1.0.3-5.el7 will be installed
---> Package nss-softokn.x86_64 0:3.36.0-5.el7_5 will be installed
---> Package nss-softokn-freebl.x86_64 0:3.36.0-5.el7_5 will be installed
---> Package nss-sysinit.x86_64 0:3.36.0-7.1.el7_6 will be installed
--> Processing Dependency: sed for package: nss-sysinit-3.36.0-7.1.el7_6.x86_64
---> Package nss-util.x86_64 0:3.36.0-1.1.el7_6 will be installed
---> Package openssl-libs.x86_64 1:1.0.2k-16.el7 will be installed
--> Processing Dependency: ca-certificates >= 2008-5 for package: 1:openssl-libs-1.0.2k-16.el7.x86_64
---> Package pcre.x86_64 0:8.32-17.el7 will be installed
---> Package readline.x86_64 0:6.2-10.el7 will be installed
---> Package shared-mime-info.x86_64 0:1.8-4.el7 will be installed
--> Running transaction check
---> Package ca-certificates.noarch 0:2018.2.22-70.0.el7_5 will be installed
--> Processing Dependency: p11-kit-trust >= 0.23.5 for package: ca-certificates-2018.2.22-70.0.el7_5.noarch
--> Processing Dependency: p11-kit >= 0.23.5 for package: ca-certificates-2018.2.22-70.0.el7_5.noarch
---> Package filesystem.x86_64 0:3.2-25.el7 will be installed
---> Package krb5-libs.x86_64 0:1.15.1-37.el7_6 will be installed
--> Processing Dependency: gawk for package: krb5-libs-1.15.1-37.el7_6.x86_64
--> Processing Dependency: libverto.so.1()(64bit) for package: krb5-libs-1.15.1-37.el7_6.x86_64
---> Package libblkid.x86_64 0:2.23.2-59.el7 will be installed
---> Package libcom_err.x86_64 0:1.42.9-13.el7 will be installed
---> Package libgcrypt.x86_64 0:1.5.3-14.el7 will be installed
---> Package libidn.x86_64 0:1.28-4.el7 will be installed
---> Package libssh2.x86_64 0:1.4.3-12.el7 will be installed
---> Package libstdc++.x86_64 0:4.8.5-36.el7 will be installed
---> Package libuuid.x86_64 0:2.23.2-59.el7 will be installed
---> Package ncurses-base.noarch 0:5.9-14.20130511.el7_4 will be installed
---> Package openldap.x86_64 0:2.4.44-21.el7_6 will be installed
--> Processing Dependency: nss-tools for package: openldap-2.4.44-21.el7_6.x86_64
--> Processing Dependency: findutils for package: openldap-2.4.44-21.el7_6.x86_64
--> Processing Dependency: libsasl2.so.3()(64bit) for package: openldap-2.4.44-21.el7_6.x86_64
---> Package pinentry.x86_64 0:0.8.1-17.el7 will be installed
---> Package pth.x86_64 0:2.0.7-23.el7 will be installed
---> Package sed.x86_64 0:4.2.2-5.el7 will be installed
---> Package setup.noarch 0:2.8.71-10.el7 will be installed
---> Package tzdata.noarch 0:2018i-1.el7 will be installed
--> Running transaction check
---> Package cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 will be installed
---> Package findutils.x86_64 1:4.5.11-6.el7 will be installed
---> Package gawk.x86_64 0:4.0.2-4.el7_3.1 will be installed
---> Package libverto.x86_64 0:0.2.5-4.el7 will be installed
---> Package nss-tools.x86_64 0:3.36.0-7.1.el7_6 will be installed
---> Package p11-kit.x86_64 0:0.23.5-3.el7 will be installed
---> Package p11-kit-trust.x86_64 0:0.23.5-3.el7 will be installed
--> Processing Dependency: libtasn1.so.6(LIBTASN1_0_3)(64bit) for package: p11-kit-trust-0.23.5-3.el7.x86_64
--> Processing Dependency: libtasn1.so.6()(64bit) for package: p11-kit-trust-0.23.5-3.el7.x86_64
--> Running transaction check
---> Package libtasn1.x86_64 0:4.10-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package Arch Version Repository Size
======================================================================================================================================================
Installing:
 yum noarch 3.4.3-161.el7.centos base 1.2 M
Installing for dependencies:
 audit-libs x86_64 2.8.4-4.el7 base 100 k
 basesystem noarch 10.0-7.el7.centos base 5.0 k
 bash x86_64 4.2.46-31.el7 base 1.0 M
 bzip2-libs x86_64 1.0.6-13.el7 base 40 k
 ca-certificates noarch 2018.2.22-70.0.el7_5 base 392 k
 chkconfig x86_64 1.7.4-1.el7 base 181 k
 coreutils x86_64 8.22-23.el7 base 3.3 M
 cpio x86_64 2.11-27.el7 base 211 k
 curl x86_64 7.29.0-51.el7 base 269 k
 cyrus-sasl-lib x86_64 2.1.26-23.el7 base 155 k
 diffutils x86_64 3.3-4.el7 base 322 k
 elfutils-libelf x86_64 0.172-2.el7 base 194 k
 expat x86_64 2.1.0-10.el7_3 base 81 k
 file-libs x86_64 5.11-35.el7 base 340 k
 filesystem x86_64 3.2-25.el7 base 1.0 M
 findutils x86_64 1:4.5.11-6.el7 base 559 k
 gawk x86_64 4.0.2-4.el7_3.1 base 874 k
 gdbm x86_64 1.10-8.el7 base 70 k
 glib2 x86_64 2.56.1-2.el7 base 2.5 M
 glibc x86_64 2.17-260.el7_6.3 updates 3.7 M
 glibc-common x86_64 2.17-260.el7_6.3 updates 12 M
 gmp x86_64 1:6.0.0-15.el7 base 281 k
 gnupg2 x86_64 2.0.22-5.el7_5 base 1.5 M
 gpgme x86_64 1.3.2-5.el7 base 146 k
 grep x86_64 2.20-3.el7 base 344 k
 info x86_64 5.1-5.el7 base 233 k
 keyutils-libs x86_64 1.5.8-3.el7 base 25 k
 krb5-libs x86_64 1.15.1-37.el7_6 updates 803 k
 libacl x86_64 2.2.51-14.el7 base 27 k
 libassuan x86_64 2.1.0-3.el7 base 63 k
 libattr x86_64 2.4.46-13.el7 base 18 k
 libblkid x86_64 2.23.2-59.el7 base 181 k
 libcap x86_64 2.22-9.el7 base 47 k
 libcap-ng x86_64 0.7.5-4.el7 base 25 k
 libcom_err x86_64 1.42.9-13.el7 base 41 k
 libcurl x86_64 7.29.0-51.el7 base 221 k
 libdb x86_64 5.3.21-24.el7 base 720 k
 libdb-utils x86_64 5.3.21-24.el7 base 132 k
 libffi x86_64 3.0.13-18.el7 base 30 k
 libgcc x86_64 4.8.5-36.el7 base 102 k
 libgcrypt x86_64 1.5.3-14.el7 base 263 k
 libgpg-error x86_64 1.12-3.el7 base 87 k
 libidn x86_64 1.28-4.el7 base 209 k
 libmount x86_64 2.23.2-59.el7 base 182 k
 libselinux x86_64 2.5-14.1.el7 base 162 k
 libsepol x86_64 2.5-10.el7 base 297 k
 libssh2 x86_64 1.4.3-12.el7 base 134 k
 libstdc++ x86_64 4.8.5-36.el7 base 304 k
 libtasn1 x86_64 4.10-1.el7 base 320 k
 libuuid x86_64 2.23.2-59.el7 base 82 k
 libverto x86_64 0.2.5-4.el7 base 16 k
 libxml2 x86_64 2.9.1-6.el7_2.3 base 668 k
 lua x86_64 5.1.4-15.el7 base 201 k
 ncurses x86_64 5.9-14.20130511.el7_4 base 304 k
 ncurses-base noarch 5.9-14.20130511.el7_4 base 68 k
 ncurses-libs x86_64 5.9-14.20130511.el7_4 base 316 k
 nspr x86_64 4.19.0-1.el7_5 base 127 k
 nss x86_64 3.36.0-7.1.el7_6 updates 835 k
 nss-pem x86_64 1.0.3-5.el7 base 74 k
 nss-softokn x86_64 3.36.0-5.el7_5 base 315 k
 nss-softokn-freebl x86_64 3.36.0-5.el7_5 base 222 k
 nss-sysinit x86_64 3.36.0-7.1.el7_6 updates 62 k
 nss-tools x86_64 3.36.0-7.1.el7_6 updates 515 k
 nss-util x86_64 3.36.0-1.1.el7_6 updates 78 k
 openldap x86_64 2.4.44-21.el7_6 updates 356 k
 openssl-libs x86_64 1:1.0.2k-16.el7 base 1.2 M
 p11-kit x86_64 0.23.5-3.el7 base 252 k
 p11-kit-trust x86_64 0.23.5-3.el7 base 129 k
 pcre x86_64 8.32-17.el7 base 422 k
 pinentry x86_64 0.8.1-17.el7 base 73 k
 popt x86_64 1.13-16.el7 base 42 k
 pth x86_64 2.0.7-23.el7 base 89 k
 pygpgme x86_64 0.3-9.el7 base 63 k
 pyliblzma x86_64 0.5.3-11.el7 base 47 k
 python x86_64 2.7.5-76.el7 base 94 k
 python-iniparse noarch 0.4-9.el7 base 39 k
 python-libs x86_64 2.7.5-76.el7 base 5.6 M
 python-pycurl x86_64 7.19.0-19.el7 base 80 k
 python-urlgrabber noarch 3.10-9.el7 base 108 k
 pyxattr x86_64 0.5.1-5.el7 base 28 k
 readline x86_64 6.2-10.el7 base 193 k
 rpm x86_64 4.11.3-35.el7 base 1.2 M
 rpm-build-libs x86_64 4.11.3-35.el7 base 106 k
 rpm-libs x86_64 4.11.3-35.el7 base 277 k
 rpm-python x86_64 4.11.3-35.el7 base 83 k
 sed x86_64 4.2.2-5.el7 base 231 k
 setup noarch 2.8.71-10.el7 base 166 k
 shared-mime-info x86_64 1.8-4.el7 base 312 k
 sqlite x86_64 3.7.17-8.el7 base 393 k
 tzdata noarch 2018i-1.el7 updates 490 k
 xz-libs x86_64 5.2.2-1.el7 base 103 k
 yum-metadata-parser x86_64 1.1.4-10.el7 base 28 k
 yum-plugin-fastestmirror noarch 1.1.31-50.el7 base 34 k
 zlib x86_64 1.2.7-18.el7 base 90 k

Transaction Summary
======================================================================================================================================================
Install 1 Package (+94 Dependent packages)

Total download size: 51 M
Installed size: 249 M
Downloading packages:
(1/95): basesystem-10.0-7.el7.centos.noarch.rpm | 5.0 kB 00:00:00
(2/95): chkconfig-1.7.4-1.el7.x86_64.rpm | 181 kB 00:00:00
(3/95): bash-4.2.46-31.el7.x86_64.rpm | 1.0 MB 00:00:00
(4/95): cpio-2.11-27.el7.x86_64.rpm | 211 kB 00:00:00
(5/95): audit-libs-2.8.4-4.el7.x86_64.rpm | 100 kB 00:00:00
(6/95): ca-certificates-2018.2.22-70.0.el7_5.noarch.rpm | 392 kB 00:00:00
(7/95): curl-7.29.0-51.el7.x86_64.rpm | 269 kB 00:00:00
(8/95): diffutils-3.3-4.el7.x86_64.rpm | 322 kB 00:00:00
(9/95): elfutils-libelf-0.172-2.el7.x86_64.rpm | 194 kB 00:00:00
(10/95): bzip2-libs-1.0.6-13.el7.x86_64.rpm | 40 kB 00:00:00
(11/95): expat-2.1.0-10.el7_3.x86_64.rpm | 81 kB 00:00:00
(12/95): file-libs-5.11-35.el7.x86_64.rpm | 340 kB 00:00:00
(13/95): filesystem-3.2-25.el7.x86_64.rpm | 1.0 MB 00:00:00
(14/95): findutils-4.5.11-6.el7.x86_64.rpm | 559 kB 00:00:00
(15/95): cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm | 155 kB 00:00:00
(16/95): gdbm-1.10-8.el7.x86_64.rpm | 70 kB 00:00:00
(17/95): gawk-4.0.2-4.el7_3.1.x86_64.rpm | 874 kB 00:00:00
(18/95): gmp-6.0.0-15.el7.x86_64.rpm | 281 kB 00:00:00
(19/95): glib2-2.56.1-2.el7.x86_64.rpm | 2.5 MB 00:00:00
(20/95): gnupg2-2.0.22-5.el7_5.x86_64.rpm | 1.5 MB 00:00:00
(21/95): coreutils-8.22-23.el7.x86_64.rpm | 3.3 MB 00:00:01
(22/95): gpgme-1.3.2-5.el7.x86_64.rpm | 146 kB 00:00:00
(23/95): keyutils-libs-1.5.8-3.el7.x86_64.rpm | 25 kB 00:00:00
(24/95): info-5.1-5.el7.x86_64.rpm | 233 kB 00:00:00
(25/95): grep-2.20-3.el7.x86_64.rpm | 344 kB 00:00:00
(26/95): libacl-2.2.51-14.el7.x86_64.rpm | 27 kB 00:00:00
(27/95): glibc-2.17-260.el7_6.3.x86_64.rpm | 3.7 MB 00:00:01
(28/95): libattr-2.4.46-13.el7.x86_64.rpm | 18 kB 00:00:00
(29/95): libblkid-2.23.2-59.el7.x86_64.rpm | 181 kB 00:00:00
(30/95): libcap-2.22-9.el7.x86_64.rpm | 47 kB 00:00:00
(31/95): libassuan-2.1.0-3.el7.x86_64.rpm | 63 kB 00:00:00
(32/95): libcom_err-1.42.9-13.el7.x86_64.rpm | 41 kB 00:00:00
(33/95): libcap-ng-0.7.5-4.el7.x86_64.rpm | 25 kB 00:00:00
(34/95): libcurl-7.29.0-51.el7.x86_64.rpm | 221 kB 00:00:00
(35/95): krb5-libs-1.15.1-37.el7_6.x86_64.rpm | 803 kB 00:00:00
(36/95): libdb-utils-5.3.21-24.el7.x86_64.rpm | 132 kB 00:00:00
(37/95): libdb-5.3.21-24.el7.x86_64.rpm | 720 kB 00:00:00
(38/95): libffi-3.0.13-18.el7.x86_64.rpm | 30 kB 00:00:00
(39/95): libgcc-4.8.5-36.el7.x86_64.rpm | 102 kB 00:00:00
(40/95): libidn-1.28-4.el7.x86_64.rpm | 209 kB 00:00:00
(41/95): libmount-2.23.2-59.el7.x86_64.rpm | 182 kB 00:00:00
(42/95): libselinux-2.5-14.1.el7.x86_64.rpm | 162 kB 00:00:00
(43/95): glibc-common-2.17-260.el7_6.3.x86_64.rpm | 12 MB 00:00:02
(44/95): libgpg-error-1.12-3.el7.x86_64.rpm | 87 kB 00:00:00
(45/95): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00
(46/95): libgcrypt-1.5.3-14.el7.x86_64.rpm | 263 kB 00:00:00
(47/95): libssh2-1.4.3-12.el7.x86_64.rpm | 134 kB 00:00:00
(48/95): libuuid-2.23.2-59.el7.x86_64.rpm | 82 kB 00:00:00
(49/95): libverto-0.2.5-4.el7.x86_64.rpm | 16 kB 00:00:00
(50/95): libxml2-2.9.1-6.el7_2.3.x86_64.rpm | 668 kB 00:00:00
(51/95): lua-5.1.4-15.el7.x86_64.rpm | 201 kB 00:00:00
(52/95): ncurses-5.9-14.20130511.el7_4.x86_64.rpm | 304 kB 00:00:00
(53/95): libtasn1-4.10-1.el7.x86_64.rpm | 320 kB 00:00:00
(54/95): ncurses-base-5.9-14.20130511.el7_4.noarch.rpm | 68 kB 00:00:00
(55/95): ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm | 316 kB 00:00:00
(56/95): libstdc++-4.8.5-36.el7.x86_64.rpm | 304 kB 00:00:00
(57/95): nspr-4.19.0-1.el7_5.x86_64.rpm | 127 kB 00:00:00
(58/95): nss-pem-1.0.3-5.el7.x86_64.rpm | 74 kB 00:00:00
(59/95): nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm | 222 kB 00:00:00
(60/95): nss-softokn-3.36.0-5.el7_5.x86_64.rpm | 315 kB 00:00:00
(61/95): nss-3.36.0-7.1.el7_6.x86_64.rpm | 835 kB 00:00:00
(62/95): nss-tools-3.36.0-7.1.el7_6.x86_64.rpm | 515 kB 00:00:00
(63/95): nss-sysinit-3.36.0-7.1.el7_6.x86_64.rpm | 62 kB 00:00:00
(64/95): nss-util-3.36.0-1.1.el7_6.x86_64.rpm | 78 kB 00:00:00
(65/95): openldap-2.4.44-21.el7_6.x86_64.rpm | 356 kB 00:00:00
(66/95): openssl-libs-1.0.2k-16.el7.x86_64.rpm | 1.2 MB 00:00:00
(67/95): pcre-8.32-17.el7.x86_64.rpm | 422 kB 00:00:00
(68/95): pinentry-0.8.1-17.el7.x86_64.rpm | 73 kB 00:00:00
(69/95): popt-1.13-16.el7.x86_64.rpm | 42 kB 00:00:00
(70/95): p11-kit-trust-0.23.5-3.el7.x86_64.rpm | 129 kB 00:00:00
(71/95): pth-2.0.7-23.el7.x86_64.rpm | 89 kB 00:00:00
(72/95): p11-kit-0.23.5-3.el7.x86_64.rpm | 252 kB 00:00:00
(73/95): pygpgme-0.3-9.el7.x86_64.rpm | 63 kB 00:00:00
(74/95): python-iniparse-0.4-9.el7.noarch.rpm | 39 kB 00:00:00
(75/95): python-2.7.5-76.el7.x86_64.rpm | 94 kB 00:00:00
(76/95): pyliblzma-0.5.3-11.el7.x86_64.rpm | 47 kB 00:00:00
(77/95): python-pycurl-7.19.0-19.el7.x86_64.rpm | 80 kB 00:00:00
(78/95): python-libs-2.7.5-76.el7.x86_64.rpm | 5.6 MB 00:00:00
(79/95): python-urlgrabber-3.10-9.el7.noarch.rpm | 108 kB 00:00:00
(80/95): pyxattr-0.5.1-5.el7.x86_64.rpm | 28 kB 00:00:00
(81/95): readline-6.2-10.el7.x86_64.rpm | 193 kB 00:00:00
(82/95): rpm-build-libs-4.11.3-35.el7.x86_64.rpm | 106 kB 00:00:00
(83/95): rpm-libs-4.11.3-35.el7.x86_64.rpm | 277 kB 00:00:00
(84/95): rpm-python-4.11.3-35.el7.x86_64.rpm | 83 kB 00:00:00
(85/95): sed-4.2.2-5.el7.x86_64.rpm | 231 kB 00:00:00
(86/95): rpm-4.11.3-35.el7.x86_64.rpm | 1.2 MB 00:00:00
(87/95): setup-2.8.71-10.el7.noarch.rpm | 166 kB 00:00:00
(88/95): shared-mime-info-1.8-4.el7.x86_64.rpm | 312 kB 00:00:00
(89/95): sqlite-3.7.17-8.el7.x86_64.rpm | 393 kB 00:00:00
(90/95): xz-libs-5.2.2-1.el7.x86_64.rpm | 103 kB 00:00:00
(91/95): yum-metadata-parser-1.1.4-10.el7.x86_64.rpm | 28 kB 00:00:00
(92/95): yum-plugin-fastestmirror-1.1.31-50.el7.noarch.rpm | 34 kB 00:00:00
(93/95): zlib-1.2.7-18.el7.x86_64.rpm | 90 kB 00:00:00
(94/95): tzdata-2018i-1.el7.noarch.rpm | 490 kB 00:00:00
(95/95): yum-3.4.3-161.el7.centos.noarch.rpm | 1.2 MB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------
Total 7.3 MB/s | 51 MB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
centos-release-7-6.1810.2.el7.centos.x86_64 has missing requires of /bin/sh
 Installing : libgcc-4.8.5-36.el7.x86_64 1/95
 Installing : setup-2.8.71-10.el7.noarch 2/95
 Installing : filesystem-3.2-25.el7.x86_64 3/95
 Installing : basesystem-10.0-7.el7.centos.noarch 4/95
 Installing : ncurses-base-5.9-14.20130511.el7_4.noarch 5/95
 Installing : tzdata-2018i-1.el7.noarch 6/95
 Installing : glibc-common-2.17-260.el7_6.3.x86_64 7/95
 Installing : nss-softokn-freebl-3.36.0-5.el7_5.x86_64 8/95
 Installing : glibc-2.17-260.el7_6.3.x86_64 9/95
 Installing : nspr-4.19.0-1.el7_5.x86_64 10/95
 Installing : nss-util-3.36.0-1.1.el7_6.x86_64 11/95
 Installing : libstdc++-4.8.5-36.el7.x86_64 12/95
 Installing : ncurses-libs-5.9-14.20130511.el7_4.x86_64 13/95
 Installing : bash-4.2.46-31.el7.x86_64 14/95
 Installing : pcre-8.32-17.el7.x86_64 15/95
 Installing : libsepol-2.5-10.el7.x86_64 16/95
 Installing : libselinux-2.5-14.1.el7.x86_64 17/95
 Installing : zlib-1.2.7-18.el7.x86_64 18/95
 Installing : info-5.1-5.el7.x86_64 19/95
 Installing : libdb-5.3.21-24.el7.x86_64 20/95
 Installing : xz-libs-5.2.2-1.el7.x86_64 21/95
 Installing : bzip2-libs-1.0.6-13.el7.x86_64 22/95
 Installing : popt-1.13-16.el7.x86_64 23/95
 Installing : readline-6.2-10.el7.x86_64 24/95
 Installing : lua-5.1.4-15.el7.x86_64 25/95
 Installing : elfutils-libelf-0.172-2.el7.x86_64 26/95
 Installing : libffi-3.0.13-18.el7.x86_64 27/95
 Installing : libgpg-error-1.12-3.el7.x86_64 28/95
 Installing : libcom_err-1.42.9-13.el7.x86_64 29/95
 Installing : libattr-2.4.46-13.el7.x86_64 30/95
 Installing : libcap-2.22-9.el7.x86_64 31/95
 Installing : libacl-2.2.51-14.el7.x86_64 32/95
 Installing : sqlite-3.7.17-8.el7.x86_64 33/95
 Installing : chkconfig-1.7.4-1.el7.x86_64 34/95
 Installing : nss-softokn-3.36.0-5.el7_5.x86_64 35/95
 Installing : libassuan-2.1.0-3.el7.x86_64 36/95
 Installing : p11-kit-0.23.5-3.el7.x86_64 37/95
 Installing : libxml2-2.9.1-6.el7_2.3.x86_64 38/95
 Installing : grep-2.20-3.el7.x86_64 39/95
install-info: No such file or directory for /usr/share/info/grep.info.gz
 Installing : sed-4.2.2-5.el7.x86_64 40/95
install-info: No such file or directory for /usr/share/info/sed.info.gz
 Installing : file-libs-5.11-35.el7.x86_64 41/95
 Installing : libuuid-2.23.2-59.el7.x86_64 42/95
 Installing : keyutils-libs-1.5.8-3.el7.x86_64 43/95
 Installing : pinentry-0.8.1-17.el7.x86_64 44/95
 Installing : libgcrypt-1.5.3-14.el7.x86_64 45/95
 Installing : libdb-utils-5.3.21-24.el7.x86_64 46/95
 Installing : libidn-1.28-4.el7.x86_64 47/95
install-info: No such file or directory for /usr/share/info/libidn.info.gz
 Installing : cpio-2.11-27.el7.x86_64 48/95
 Installing : gawk-4.0.2-4.el7_3.1.x86_64 49/95
 Installing : 1:findutils-4.5.11-6.el7.x86_64 50/95
 Installing : diffutils-3.3-4.el7.x86_64 51/95
install-info: No such file or directory for /usr/share/info/diffutils.info
 Installing : ncurses-5.9-14.20130511.el7_4.x86_64 52/95
 Installing : 1:gmp-6.0.0-15.el7.x86_64 53/95
 Installing : libverto-0.2.5-4.el7.x86_64 54/95
 Installing : libtasn1-4.10-1.el7.x86_64 55/95
 Installing : p11-kit-trust-0.23.5-3.el7.x86_64 56/95
 Installing : ca-certificates-2018.2.22-70.0.el7_5.noarch 57/95
 Installing : 1:openssl-libs-1.0.2k-16.el7.x86_64 58/95
 Installing : coreutils-8.22-23.el7.x86_64 59/95
 Installing : krb5-libs-1.15.1-37.el7_6.x86_64 60/95
 Installing : cyrus-sasl-lib-2.1.26-23.el7.x86_64 61/95
 Installing : nss-pem-1.0.3-5.el7.x86_64 62/95
 Installing : nss-3.36.0-7.1.el7_6.x86_64 63/95
 Installing : nss-sysinit-3.36.0-7.1.el7_6.x86_64 64/95
 Installing : nss-tools-3.36.0-7.1.el7_6.x86_64 65/95
 Installing : libblkid-2.23.2-59.el7.x86_64 66/95
 Installing : libmount-2.23.2-59.el7.x86_64 67/95
 Installing : glib2-2.56.1-2.el7.x86_64 68/95
 Installing : shared-mime-info-1.8-4.el7.x86_64 69/95
 Installing : libssh2-1.4.3-12.el7.x86_64 70/95
 Installing : gdbm-1.10-8.el7.x86_64 71/95
 Installing : expat-2.1.0-10.el7_3.x86_64 72/95
 Installing : python-libs-2.7.5-76.el7.x86_64 73/95
 Installing : python-2.7.5-76.el7.x86_64 74/95
 Installing : python-iniparse-0.4-9.el7.noarch 75/95
 Installing : pyliblzma-0.5.3-11.el7.x86_64 76/95
 Installing : yum-metadata-parser-1.1.4-10.el7.x86_64 77/95
 Installing : pyxattr-0.5.1-5.el7.x86_64 78/95
 Installing : libcap-ng-0.7.5-4.el7.x86_64 79/95
 Installing : audit-libs-2.8.4-4.el7.x86_64 80/95
 Installing : libcurl-7.29.0-51.el7.x86_64 81/95
 Installing : curl-7.29.0-51.el7.x86_64 82/95
 Installing : rpm-libs-4.11.3-35.el7.x86_64 83/95
 Installing : rpm-4.11.3-35.el7.x86_64 84/95
 Installing : openldap-2.4.44-21.el7_6.x86_64 85/95
 Installing : python-pycurl-7.19.0-19.el7.x86_64 86/95
 Installing : python-urlgrabber-3.10-9.el7.noarch 87/95
 Installing : pth-2.0.7-23.el7.x86_64 88/95
 Installing : gnupg2-2.0.22-5.el7_5.x86_64 89/95
install-info: No such file or directory for /usr/share/info/gnupg.info
 Installing : rpm-build-libs-4.11.3-35.el7.x86_64 90/95
 Installing : rpm-python-4.11.3-35.el7.x86_64 91/95
 Installing : gpgme-1.3.2-5.el7.x86_64 92/95
 Installing : pygpgme-0.3-9.el7.x86_64 93/95
 Installing : yum-plugin-fastestmirror-1.1.31-50.el7.noarch 94/95
 Installing : yum-3.4.3-161.el7.centos.noarch 95/95
 Verifying : python-2.7.5-76.el7.x86_64 1/95
 Verifying : rpm-python-4.11.3-35.el7.x86_64 2/95
 Verifying : pygpgme-0.3-9.el7.x86_64 3/95
 Verifying : libgcc-4.8.5-36.el7.x86_64 4/95
 Verifying : pcre-8.32-17.el7.x86_64 5/95
 Verifying : xz-libs-5.2.2-1.el7.x86_64 6/95
 Verifying : libstdc++-4.8.5-36.el7.x86_64 7/95
 Verifying : file-libs-5.11-35.el7.x86_64 8/95
 Verifying : libffi-3.0.13-18.el7.x86_64 9/95
 Verifying : libassuan-2.1.0-3.el7.x86_64 10/95
 Verifying : readline-6.2-10.el7.x86_64 11/95
 Verifying : chkconfig-1.7.4-1.el7.x86_64 12/95
 Verifying : lua-5.1.4-15.el7.x86_64 13/95
 Verifying : sqlite-3.7.17-8.el7.x86_64 14/95
 Verifying : libidn-1.28-4.el7.x86_64 15/95
 Verifying : nss-tools-3.36.0-7.1.el7_6.x86_64 16/95
 Verifying : ncurses-libs-5.9-14.20130511.el7_4.x86_64 17/95
 Verifying : bash-4.2.46-31.el7.x86_64 18/95
 Verifying : rpm-libs-4.11.3-35.el7.x86_64 19/95
 Verifying : python-iniparse-0.4-9.el7.noarch 20/95
 Verifying : glibc-2.17-260.el7_6.3.x86_64 21/95
 Verifying : libuuid-2.23.2-59.el7.x86_64 22/95
 Verifying : krb5-libs-1.15.1-37.el7_6.x86_64 23/95
 Verifying : basesystem-10.0-7.el7.centos.noarch 24/95
 Verifying : nss-sysinit-3.36.0-7.1.el7_6.x86_64 25/95
 Verifying : libverto-0.2.5-4.el7.x86_64 26/95
 Verifying : info-5.1-5.el7.x86_64 27/95
 Verifying : coreutils-8.22-23.el7.x86_64 28/95
 Verifying : rpm-build-libs-4.11.3-35.el7.x86_64 29/95
 Verifying : nss-3.36.0-7.1.el7_6.x86_64 30/95
 Verifying : elfutils-libelf-0.172-2.el7.x86_64 31/95
 Verifying : bzip2-libs-1.0.6-13.el7.x86_64 32/95
 Verifying : libsepol-2.5-10.el7.x86_64 33/95
 Verifying : pyliblzma-0.5.3-11.el7.x86_64 34/95
 Verifying : yum-metadata-parser-1.1.4-10.el7.x86_64 35/95
 Verifying : nss-softokn-3.36.0-5.el7_5.x86_64 36/95
 Verifying : ca-certificates-2018.2.22-70.0.el7_5.noarch 37/95
 Verifying : setup-2.8.71-10.el7.noarch 38/95
 Verifying : libtasn1-4.10-1.el7.x86_64 39/95
 Verifying : libgpg-error-1.12-3.el7.x86_64 40/95
 Verifying : libcom_err-1.42.9-13.el7.x86_64 41/95
 Verifying : yum-3.4.3-161.el7.centos.noarch 42/95
 Verifying : openldap-2.4.44-21.el7_6.x86_64 43/95
 Verifying : libselinux-2.5-14.1.el7.x86_64 44/95
 Verifying : gnupg2-2.0.22-5.el7_5.x86_64 45/95
 Verifying : libblkid-2.23.2-59.el7.x86_64 46/95
 Verifying : popt-1.13-16.el7.x86_64 47/95
 Verifying : libdb-utils-5.3.21-24.el7.x86_64 48/95
 Verifying : p11-kit-0.23.5-3.el7.x86_64 49/95
 Verifying : zlib-1.2.7-18.el7.x86_64 50/95
 Verifying : cpio-2.11-27.el7.x86_64 51/95
 Verifying : libattr-2.4.46-13.el7.x86_64 52/95
 Verifying : gawk-4.0.2-4.el7_3.1.x86_64 53/95
 Verifying : python-urlgrabber-3.10-9.el7.noarch 54/95
 Verifying : glib2-2.56.1-2.el7.x86_64 55/95
 Verifying : libxml2-2.9.1-6.el7_2.3.x86_64 56/95
 Verifying : rpm-4.11.3-35.el7.x86_64 57/95
 Verifying : grep-2.20-3.el7.x86_64 58/95
 Verifying : libdb-5.3.21-24.el7.x86_64 59/95
 Verifying : filesystem-3.2-25.el7.x86_64 60/95
 Verifying : pinentry-0.8.1-17.el7.x86_64 61/95
 Verifying : gdbm-1.10-8.el7.x86_64 62/95
 Verifying : python-pycurl-7.19.0-19.el7.x86_64 63/95
 Verifying : libmount-2.23.2-59.el7.x86_64 64/95
 Verifying : libcurl-7.29.0-51.el7.x86_64 65/95
 Verifying : python-libs-2.7.5-76.el7.x86_64 66/95
 Verifying : tzdata-2018i-1.el7.noarch 67/95
 Verifying : 1:findutils-4.5.11-6.el7.x86_64 68/95
 Verifying : nss-softokn-freebl-3.36.0-5.el7_5.x86_64 69/95
 Verifying : glibc-common-2.17-260.el7_6.3.x86_64 70/95
 Verifying : nspr-4.19.0-1.el7_5.x86_64 71/95
 Verifying : ncurses-5.9-14.20130511.el7_4.x86_64 72/95
 Verifying : ncurses-base-5.9-14.20130511.el7_4.noarch 73/95
 Verifying : expat-2.1.0-10.el7_3.x86_64 74/95
 Verifying : gpgme-1.3.2-5.el7.x86_64 75/95
 Verifying : keyutils-libs-1.5.8-3.el7.x86_64 76/95
 Verifying : 1:openssl-libs-1.0.2k-16.el7.x86_64 77/95
 Verifying : nss-util-3.36.0-1.1.el7_6.x86_64 78/95
 Verifying : audit-libs-2.8.4-4.el7.x86_64 79/95
 Verifying : nss-pem-1.0.3-5.el7.x86_64 80/95
 Verifying : libssh2-1.4.3-12.el7.x86_64 81/95
 Verifying : yum-plugin-fastestmirror-1.1.31-50.el7.noarch 82/95
 Verifying : libcap-2.22-9.el7.x86_64 83/95
 Verifying : libcap-ng-0.7.5-4.el7.x86_64 84/95
 Verifying : 1:gmp-6.0.0-15.el7.x86_64 85/95
 Verifying : libacl-2.2.51-14.el7.x86_64 86/95
 Verifying : p11-kit-trust-0.23.5-3.el7.x86_64 87/95
 Verifying : libgcrypt-1.5.3-14.el7.x86_64 88/95
 Verifying : pyxattr-0.5.1-5.el7.x86_64 89/95
 Verifying : sed-4.2.2-5.el7.x86_64 90/95
 Verifying : shared-mime-info-1.8-4.el7.x86_64 91/95
 Verifying : curl-7.29.0-51.el7.x86_64 92/95
 Verifying : cyrus-sasl-lib-2.1.26-23.el7.x86_64 93/95
 Verifying : diffutils-3.3-4.el7.x86_64 94/95
 Verifying : pth-2.0.7-23.el7.x86_64 95/95

Installed:
 yum.noarch 0:3.4.3-161.el7.centos

Dependency Installed:
 audit-libs.x86_64 0:2.8.4-4.el7 basesystem.noarch 0:10.0-7.el7.centos bash.x86_64 0:4.2.46-31.el7
 bzip2-libs.x86_64 0:1.0.6-13.el7 ca-certificates.noarch 0:2018.2.22-70.0.el7_5 chkconfig.x86_64 0:1.7.4-1.el7
 coreutils.x86_64 0:8.22-23.el7 cpio.x86_64 0:2.11-27.el7 curl.x86_64 0:7.29.0-51.el7
 cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 diffutils.x86_64 0:3.3-4.el7 elfutils-libelf.x86_64 0:0.172-2.el7
 expat.x86_64 0:2.1.0-10.el7_3 file-libs.x86_64 0:5.11-35.el7 filesystem.x86_64 0:3.2-25.el7
 findutils.x86_64 1:4.5.11-6.el7 gawk.x86_64 0:4.0.2-4.el7_3.1 gdbm.x86_64 0:1.10-8.el7
 glib2.x86_64 0:2.56.1-2.el7 glibc.x86_64 0:2.17-260.el7_6.3 glibc-common.x86_64 0:2.17-260.el7_6.3
 gmp.x86_64 1:6.0.0-15.el7 gnupg2.x86_64 0:2.0.22-5.el7_5 gpgme.x86_64 0:1.3.2-5.el7
 grep.x86_64 0:2.20-3.el7 info.x86_64 0:5.1-5.el7 keyutils-libs.x86_64 0:1.5.8-3.el7
 krb5-libs.x86_64 0:1.15.1-37.el7_6 libacl.x86_64 0:2.2.51-14.el7 libassuan.x86_64 0:2.1.0-3.el7
 libattr.x86_64 0:2.4.46-13.el7 libblkid.x86_64 0:2.23.2-59.el7 libcap.x86_64 0:2.22-9.el7
 libcap-ng.x86_64 0:0.7.5-4.el7 libcom_err.x86_64 0:1.42.9-13.el7 libcurl.x86_64 0:7.29.0-51.el7
 libdb.x86_64 0:5.3.21-24.el7 libdb-utils.x86_64 0:5.3.21-24.el7 libffi.x86_64 0:3.0.13-18.el7
 libgcc.x86_64 0:4.8.5-36.el7 libgcrypt.x86_64 0:1.5.3-14.el7 libgpg-error.x86_64 0:1.12-3.el7
 libidn.x86_64 0:1.28-4.el7 libmount.x86_64 0:2.23.2-59.el7 libselinux.x86_64 0:2.5-14.1.el7
 libsepol.x86_64 0:2.5-10.el7 libssh2.x86_64 0:1.4.3-12.el7 libstdc++.x86_64 0:4.8.5-36.el7
 libtasn1.x86_64 0:4.10-1.el7 libuuid.x86_64 0:2.23.2-59.el7 libverto.x86_64 0:0.2.5-4.el7
 libxml2.x86_64 0:2.9.1-6.el7_2.3 lua.x86_64 0:5.1.4-15.el7 ncurses.x86_64 0:5.9-14.20130511.el7_4
 ncurses-base.noarch 0:5.9-14.20130511.el7_4 ncurses-libs.x86_64 0:5.9-14.20130511.el7_4 nspr.x86_64 0:4.19.0-1.el7_5
 nss.x86_64 0:3.36.0-7.1.el7_6 nss-pem.x86_64 0:1.0.3-5.el7 nss-softokn.x86_64 0:3.36.0-5.el7_5
 nss-softokn-freebl.x86_64 0:3.36.0-5.el7_5 nss-sysinit.x86_64 0:3.36.0-7.1.el7_6 nss-tools.x86_64 0:3.36.0-7.1.el7_6
 nss-util.x86_64 0:3.36.0-1.1.el7_6 openldap.x86_64 0:2.4.44-21.el7_6 openssl-libs.x86_64 1:1.0.2k-16.el7
 p11-kit.x86_64 0:0.23.5-3.el7 p11-kit-trust.x86_64 0:0.23.5-3.el7 pcre.x86_64 0:8.32-17.el7
 pinentry.x86_64 0:0.8.1-17.el7 popt.x86_64 0:1.13-16.el7 pth.x86_64 0:2.0.7-23.el7
 pygpgme.x86_64 0:0.3-9.el7 pyliblzma.x86_64 0:0.5.3-11.el7 python.x86_64 0:2.7.5-76.el7
 python-iniparse.noarch 0:0.4-9.el7 python-libs.x86_64 0:2.7.5-76.el7 python-pycurl.x86_64 0:7.19.0-19.el7
 python-urlgrabber.noarch 0:3.10-9.el7 pyxattr.x86_64 0:0.5.1-5.el7 readline.x86_64 0:6.2-10.el7
 rpm.x86_64 0:4.11.3-35.el7 rpm-build-libs.x86_64 0:4.11.3-35.el7 rpm-libs.x86_64 0:4.11.3-35.el7
 rpm-python.x86_64 0:4.11.3-35.el7 sed.x86_64 0:4.2.2-5.el7 setup.noarch 0:2.8.71-10.el7
 shared-mime-info.x86_64 0:1.8-4.el7 sqlite.x86_64 0:3.7.17-8.el7 tzdata.noarch 0:2018i-1.el7
 xz-libs.x86_64 0:5.2.2-1.el7 yum-metadata-parser.x86_64 0:1.1.4-10.el7 yum-plugin-fastestmirror.noarch 0:1.1.31-50.el7
 zlib.x86_64 0:1.2.7-18.el7

Complete!
[root@lab-host]#

 

chroot to the environment and let’s install additional tools

[root@lab-host]# sed -i "/distroverpkg=centos-release/a override_install_langs=en_US.utf8\ntsflags=nodocs" $centos_base_root/etc/yum.conf
[root@lab-host]# cp /etc/resolv.conf $centos_base_root/etc

[root@lab-host]# mount -o bind /dev $centos_base_root/dev
[root@lab-host]# chroot $centos_base_root /bin/bash <<EOF
> yum install -y procps-ng iputils
> yum clean all
> EOF
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.vodien.com
 * extras: mirror.vodien.com
 * updates: mirror.vodien.com
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
base/7/x86_64/group_gz | 166 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package iputils.x86_64 0:20160308-10.el7 will be installed
--> Processing Dependency: systemd for package: iputils-20160308-10.el7.x86_64
--> Processing Dependency: systemd for package: iputils-20160308-10.el7.x86_64
---> Package procps-ng.x86_64 0:3.3.10-23.el7 will be installed
--> Processing Dependency: libsystemd.so.0(LIBSYSTEMD_209)(64bit) for package: procps-ng-3.3.10-23.el7.x86_64
--> Processing Dependency: libsystemd.so.0()(64bit) for package: procps-ng-3.3.10-23.el7.x86_64
--> Running transaction check
---> Package systemd.x86_64 0:219-62.el7_6.5 will be installed
--> Processing Dependency: kmod >= 18-4 for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libpam.so.0(LIBPAM_1.0)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libkmod.so.2(LIBKMOD_5)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libdw.so.1(ELFUTILS_0.158)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libdw.so.1(ELFUTILS_0.130)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libdw.so.1(ELFUTILS_0.122)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: dbus for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: acl for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: /usr/sbin/groupadd for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libqrencode.so.3()(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libpam.so.0()(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libkmod.so.2()(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libdw.so.1()(64bit) for package: systemd-219-62.el7_6.5.x86_64
--> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-62.el7_6.5.x86_64
---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be installed
--> Running transaction check
---> Package acl.x86_64 0:2.2.51-14.el7 will be installed
---> Package cryptsetup-libs.x86_64 0:2.0.3-3.el7 will be installed
--> Processing Dependency: libdevmapper.so.1.02(DM_1_02_97)(64bit) for package: cryptsetup-libs-2.0.3-3.el7.x86_64
--> Processing Dependency: libdevmapper.so.1.02(Base)(64bit) for package: cryptsetup-libs-2.0.3-3.el7.x86_64
--> Processing Dependency: libjson-c.so.2()(64bit) for package: cryptsetup-libs-2.0.3-3.el7.x86_64
--> Processing Dependency: libdevmapper.so.1.02()(64bit) for package: cryptsetup-libs-2.0.3-3.el7.x86_64
---> Package dbus.x86_64 1:1.10.24-12.el7 will be installed
--> Processing Dependency: dbus-libs(x86-64) = 1:1.10.24-12.el7 for package: 1:dbus-1.10.24-12.el7.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_PRIVATE_1.10.24)(64bit) for package: 1:dbus-1.10.24-12.el7.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) for package: 1:dbus-1.10.24-12.el7.x86_64
--> Processing Dependency: libdbus-1.so.3()(64bit) for package: 1:dbus-1.10.24-12.el7.x86_64
---> Package elfutils-libs.x86_64 0:0.172-2.el7 will be installed
--> Processing Dependency: default-yama-scope for package: elfutils-libs-0.172-2.el7.x86_64
---> Package kmod.x86_64 0:20-23.el7 will be installed
--> Processing Dependency: dracut for package: kmod-20-23.el7.x86_64
--> Processing Dependency: /usr/bin/xz for package: kmod-20-23.el7.x86_64
--> Processing Dependency: /usr/bin/nm for package: kmod-20-23.el7.x86_64
--> Processing Dependency: /usr/bin/gzip for package: kmod-20-23.el7.x86_64
---> Package kmod-libs.x86_64 0:20-23.el7 will be installed
---> Package lz4.x86_64 0:1.7.5-2.el7 will be installed
---> Package pam.x86_64 0:1.1.8-22.el7 will be installed
--> Processing Dependency: libpwquality >= 0.9.9 for package: pam-1.1.8-22.el7.x86_64
--> Processing Dependency: cracklib-dicts >= 2.8 for package: pam-1.1.8-22.el7.x86_64
--> Processing Dependency: libcrack.so.2()(64bit) for package: pam-1.1.8-22.el7.x86_64
---> Package qrencode-libs.x86_64 0:3.4.1-3.el7 will be installed
---> Package shadow-utils.x86_64 2:4.1.5.1-25.el7 will be installed
--> Processing Dependency: libsemanage.so.1(LIBSEMANAGE_1.0)(64bit) for package: 2:shadow-utils-4.1.5.1-25.el7.x86_64
--> Processing Dependency: libsemanage.so.1()(64bit) for package: 2:shadow-utils-4.1.5.1-25.el7.x86_64
--> Running transaction check
---> Package binutils.x86_64 0:2.27-34.base.el7 will be installed
---> Package cracklib.x86_64 0:2.9.0-11.el7 will be installed
---> Package cracklib-dicts.x86_64 0:2.9.0-11.el7 will be installed
---> Package dbus-libs.x86_64 1:1.10.24-12.el7 will be installed
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.3 will be installed
--> Processing Dependency: device-mapper = 7:1.02.149-10.el7_6.3 for package: 7:device-mapper-libs-1.02.149-10.el7_6.3.x86_64
---> Package dracut.x86_64 0:033-554.el7 will be installed
--> Processing Dependency: util-linux >= 2.21 for package: dracut-033-554.el7.x86_64
--> Processing Dependency: tar for package: dracut-033-554.el7.x86_64
--> Processing Dependency: kpartx for package: dracut-033-554.el7.x86_64
--> Processing Dependency: hardlink for package: dracut-033-554.el7.x86_64
--> Processing Dependency: /usr/bin/pkg-config for package: dracut-033-554.el7.x86_64
---> Package elfutils-default-yama-scope.noarch 0:0.172-2.el7 will be installed
---> Package gzip.x86_64 0:1.5-10.el7 will be installed
---> Package json-c.x86_64 0:0.11-4.el7_0 will be installed
---> Package libpwquality.x86_64 0:1.2.3-5.el7 will be installed
---> Package libsemanage.x86_64 0:2.5-14.el7 will be installed
--> Processing Dependency: libustr-1.0.so.1(USTR_1.0.1)(64bit) for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libustr-1.0.so.1(USTR_1.0)(64bit) for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libustr-1.0.so.1()(64bit) for package: libsemanage-2.5-14.el7.x86_64
---> Package xz.x86_64 0:5.2.2-1.el7 will be installed
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.3 will be installed
---> Package hardlink.x86_64 1:1.0-19.el7 will be installed
---> Package kpartx.x86_64 0:0.4.9-123.el7 will be installed
---> Package pkgconfig.x86_64 1:0.27.1-4.el7 will be installed
---> Package tar.x86_64 2:1.26-35.el7 will be installed
---> Package ustr.x86_64 0:1.0.4-16.el7 will be installed
---> Package util-linux.x86_64 0:2.23.2-59.el7 will be installed
--> Processing Dependency: libsmartcols = 2.23.2-59.el7 for package: util-linux-2.23.2-59.el7.x86_64
--> Processing Dependency: libutempter.so.0(UTEMPTER_1.1)(64bit) for package: util-linux-2.23.2-59.el7.x86_64
--> Processing Dependency: libsmartcols.so.1(SMARTCOLS_2.25)(64bit) for package: util-linux-2.23.2-59.el7.x86_64
--> Processing Dependency: libutempter.so.0()(64bit) for package: util-linux-2.23.2-59.el7.x86_64
--> Processing Dependency: libuser.so.1()(64bit) for package: util-linux-2.23.2-59.el7.x86_64
--> Processing Dependency: libsmartcols.so.1()(64bit) for package: util-linux-2.23.2-59.el7.x86_64
--> Running transaction check
---> Package libsmartcols.x86_64 0:2.23.2-59.el7 will be installed
---> Package libuser.x86_64 0:0.60-9.el7 will be installed
---> Package libutempter.x86_64 0:1.1.6-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package Arch Version Repository Size
======================================================================================================================================================
Installing:
 iputils x86_64 20160308-10.el7 base 148 k
 procps-ng x86_64 3.3.10-23.el7 base 291 k
Installing for dependencies:
 acl x86_64 2.2.51-14.el7 base 81 k
 binutils x86_64 2.27-34.base.el7 base 5.9 M
 cracklib x86_64 2.9.0-11.el7 base 80 k
 cracklib-dicts x86_64 2.9.0-11.el7 base 3.6 M
 cryptsetup-libs x86_64 2.0.3-3.el7 base 338 k
 dbus x86_64 1:1.10.24-12.el7 base 245 k
 dbus-libs x86_64 1:1.10.24-12.el7 base 169 k
 device-mapper x86_64 7:1.02.149-10.el7_6.3 updates 292 k
 device-mapper-libs x86_64 7:1.02.149-10.el7_6.3 updates 320 k
 dracut x86_64 033-554.el7 base 327 k
 elfutils-default-yama-scope noarch 0.172-2.el7 base 32 k
 elfutils-libs x86_64 0.172-2.el7 base 285 k
 gzip x86_64 1.5-10.el7 base 130 k
 hardlink x86_64 1:1.0-19.el7 base 14 k
 json-c x86_64 0.11-4.el7_0 base 31 k
 kmod x86_64 20-23.el7 base 121 k
 kmod-libs x86_64 20-23.el7 base 50 k
 kpartx x86_64 0.4.9-123.el7 base 77 k
 libpwquality x86_64 1.2.3-5.el7 base 85 k
 libsemanage x86_64 2.5-14.el7 base 151 k
 libsmartcols x86_64 2.23.2-59.el7 base 140 k
 libuser x86_64 0.60-9.el7 base 400 k
 libutempter x86_64 1.1.6-4.el7 base 25 k
 lz4 x86_64 1.7.5-2.el7 base 98 k
 pam x86_64 1.1.8-22.el7 base 720 k
 pkgconfig x86_64 1:0.27.1-4.el7 base 54 k
 qrencode-libs x86_64 3.4.1-3.el7 base 50 k
 shadow-utils x86_64 2:4.1.5.1-25.el7 base 1.1 M
 systemd x86_64 219-62.el7_6.5 updates 5.1 M
 systemd-libs x86_64 219-62.el7_6.5 updates 407 k
 tar x86_64 2:1.26-35.el7 base 846 k
 ustr x86_64 1.0.4-16.el7 base 92 k
 util-linux x86_64 2.23.2-59.el7 base 2.0 M
 xz x86_64 5.2.2-1.el7 base 229 k

Transaction Summary
======================================================================================================================================================
Install 2 Packages (+34 Dependent packages)

Total download size: 24 M
Installed size: 85 M
Downloading packages:
(1/36): acl-2.2.51-14.el7.x86_64.rpm | 81 kB 00:00:00
(2/36): cracklib-2.9.0-11.el7.x86_64.rpm | 80 kB 00:00:00
(3/36): binutils-2.27-34.base.el7.x86_64.rpm | 5.9 MB 00:00:00
(4/36): cracklib-dicts-2.9.0-11.el7.x86_64.rpm | 3.6 MB 00:00:00
(5/36): cryptsetup-libs-2.0.3-3.el7.x86_64.rpm | 338 kB 00:00:00
(6/36): dbus-1.10.24-12.el7.x86_64.rpm | 245 kB 00:00:00
(7/36): dbus-libs-1.10.24-12.el7.x86_64.rpm | 169 kB 00:00:00
(8/36): dracut-033-554.el7.x86_64.rpm | 327 kB 00:00:00
(9/36): elfutils-libs-0.172-2.el7.x86_64.rpm | 285 kB 00:00:00
(10/36): gzip-1.5-10.el7.x86_64.rpm | 130 kB 00:00:00
(11/36): hardlink-1.0-19.el7.x86_64.rpm | 14 kB 00:00:00
(12/36): iputils-20160308-10.el7.x86_64.rpm | 148 kB 00:00:00
(13/36): device-mapper-libs-1.02.149-10.el7_6.3.x86_64.rpm | 320 kB 00:00:00
(14/36): json-c-0.11-4.el7_0.x86_64.rpm | 31 kB 00:00:00
(15/36): device-mapper-1.02.149-10.el7_6.3.x86_64.rpm | 292 kB 00:00:00
(16/36): kmod-20-23.el7.x86_64.rpm | 121 kB 00:00:00
(17/36): kmod-libs-20-23.el7.x86_64.rpm | 50 kB 00:00:00
(18/36): kpartx-0.4.9-123.el7.x86_64.rpm | 77 kB 00:00:00
(19/36): elfutils-default-yama-scope-0.172-2.el7.noarch.rpm | 32 kB 00:00:00
(20/36): libpwquality-1.2.3-5.el7.x86_64.rpm | 85 kB 00:00:00
(21/36): libsmartcols-2.23.2-59.el7.x86_64.rpm | 140 kB 00:00:00
(22/36): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00
(23/36): libutempter-1.1.6-4.el7.x86_64.rpm | 25 kB 00:00:00
(24/36): libuser-0.60-9.el7.x86_64.rpm | 400 kB 00:00:00
(25/36): lz4-1.7.5-2.el7.x86_64.rpm | 98 kB 00:00:00
(26/36): pkgconfig-0.27.1-4.el7.x86_64.rpm | 54 kB 00:00:00
(27/36): procps-ng-3.3.10-23.el7.x86_64.rpm | 291 kB 00:00:00
(28/36): pam-1.1.8-22.el7.x86_64.rpm | 720 kB 00:00:00
(29/36): qrencode-libs-3.4.1-3.el7.x86_64.rpm | 50 kB 00:00:00
(30/36): shadow-utils-4.1.5.1-25.el7.x86_64.rpm | 1.1 MB 00:00:00
(31/36): tar-1.26-35.el7.x86_64.rpm | 846 kB 00:00:00
(32/36): ustr-1.0.4-16.el7.x86_64.rpm | 92 kB 00:00:00
(33/36): xz-5.2.2-1.el7.x86_64.rpm | 229 kB 00:00:00
(34/36): util-linux-2.23.2-59.el7.x86_64.rpm | 2.0 MB 00:00:00
(35/36): systemd-libs-219-62.el7_6.5.x86_64.rpm | 407 kB 00:00:00
(36/36): systemd-219-62.el7_6.5.x86_64.rpm | 5.1 MB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.3 MB/s | 24 MB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
 Installing : gzip-1.5-10.el7.x86_64 1/36
 Installing : cracklib-2.9.0-11.el7.x86_64 2/36
 Installing : cracklib-dicts-2.9.0-11.el7.x86_64 3/36
 Installing : pam-1.1.8-22.el7.x86_64 4/36
 Installing : libpwquality-1.2.3-5.el7.x86_64 5/36
 Installing : xz-5.2.2-1.el7.x86_64 6/36
 Installing : lz4-1.7.5-2.el7.x86_64 7/36
 Installing : libuser-0.60-9.el7.x86_64 8/36
 Installing : ustr-1.0.4-16.el7.x86_64 9/36
 Installing : libsemanage-2.5-14.el7.x86_64 10/36
 Installing : 2:shadow-utils-4.1.5.1-25.el7.x86_64 11/36
 Installing : libutempter-1.1.6-4.el7.x86_64 12/36
 Installing : 1:hardlink-1.0-19.el7.x86_64 13/36
 Installing : libsmartcols-2.23.2-59.el7.x86_64 14/36
 Installing : json-c-0.11-4.el7_0.x86_64 15/36
 Installing : binutils-2.27-34.base.el7.x86_64 16/36
install-info: No such file or directory for /usr/share/info/as.info.gz
install-info: No such file or directory for /usr/share/info/binutils.info.gz
install-info: No such file or directory for /usr/share/info/gprof.info.gz
install-info: No such file or directory for /usr/share/info/ld.info.gz
install-info: No such file or directory for /usr/share/info/standards.info.gz
 Installing : kmod-libs-20-23.el7.x86_64 17/36
 Installing : acl-2.2.51-14.el7.x86_64 18/36
 Installing : qrencode-libs-3.4.1-3.el7.x86_64 19/36
 Installing : 2:tar-1.26-35.el7.x86_64 20/36
 Installing : 1:pkgconfig-0.27.1-4.el7.x86_64 21/36
 Installing : util-linux-2.23.2-59.el7.x86_64 22/36
 Installing : procps-ng-3.3.10-23.el7.x86_64 23/36
 Installing : 7:device-mapper-1.02.149-10.el7_6.3.x86_64 24/36
 Installing : kpartx-0.4.9-123.el7.x86_64 25/36
 Installing : 7:device-mapper-libs-1.02.149-10.el7_6.3.x86_64 26/36
 Installing : cryptsetup-libs-2.0.3-3.el7.x86_64 27/36
 Installing : dracut-033-554.el7.x86_64 28/36
 Installing : kmod-20-23.el7.x86_64 29/36
 Installing : elfutils-libs-0.172-2.el7.x86_64 30/36
 Installing : systemd-libs-219-62.el7_6.5.x86_64 31/36
 Installing : 1:dbus-libs-1.10.24-12.el7.x86_64 32/36
 Installing : systemd-219-62.el7_6.5.x86_64 33/36
Failed to get D-Bus connection: Operation not permitted
 Installing : elfutils-default-yama-scope-0.172-2.el7.noarch 34/36
 Installing : 1:dbus-1.10.24-12.el7.x86_64 35/36
 Installing : iputils-20160308-10.el7.x86_64 36/36
 Verifying : kpartx-0.4.9-123.el7.x86_64 1/36
 Verifying : gzip-1.5-10.el7.x86_64 2/36
 Verifying : 1:pkgconfig-0.27.1-4.el7.x86_64 3/36
 Verifying : 2:tar-1.26-35.el7.x86_64 4/36
 Verifying : qrencode-libs-3.4.1-3.el7.x86_64 5/36
 Verifying : util-linux-2.23.2-59.el7.x86_64 6/36
 Verifying : dracut-033-554.el7.x86_64 7/36
 Verifying : acl-2.2.51-14.el7.x86_64 8/36
 Verifying : procps-ng-3.3.10-23.el7.x86_64 9/36
 Verifying : cryptsetup-libs-2.0.3-3.el7.x86_64 10/36
 Verifying : 7:device-mapper-libs-1.02.149-10.el7_6.3.x86_64 11/36
 Verifying : kmod-libs-20-23.el7.x86_64 12/36
 Verifying : binutils-2.27-34.base.el7.x86_64 13/36
 Verifying : systemd-libs-219-62.el7_6.5.x86_64 14/36
 Verifying : json-c-0.11-4.el7_0.x86_64 15/36
 Verifying : 1:dbus-libs-1.10.24-12.el7.x86_64 16/36
 Verifying : systemd-219-62.el7_6.5.x86_64 17/36
 Verifying : 2:shadow-utils-4.1.5.1-25.el7.x86_64 18/36
 Verifying : kmod-20-23.el7.x86_64 19/36
 Verifying : iputils-20160308-10.el7.x86_64 20/36
 Verifying : elfutils-default-yama-scope-0.172-2.el7.noarch 21/36
 Verifying : lz4-1.7.5-2.el7.x86_64 22/36
 Verifying : libsemanage-2.5-14.el7.x86_64 23/36
 Verifying : xz-5.2.2-1.el7.x86_64 24/36
 Verifying : elfutils-libs-0.172-2.el7.x86_64 25/36
 Verifying : libsmartcols-2.23.2-59.el7.x86_64 26/36
 Verifying : cracklib-dicts-2.9.0-11.el7.x86_64 27/36
 Verifying : pam-1.1.8-22.el7.x86_64 28/36
 Verifying : libuser-0.60-9.el7.x86_64 29/36
 Verifying : 1:dbus-1.10.24-12.el7.x86_64 30/36
 Verifying : 1:hardlink-1.0-19.el7.x86_64 31/36
 Verifying : cracklib-2.9.0-11.el7.x86_64 32/36
 Verifying : libpwquality-1.2.3-5.el7.x86_64 33/36
 Verifying : ustr-1.0.4-16.el7.x86_64 34/36
 Verifying : 7:device-mapper-1.02.149-10.el7_6.3.x86_64 35/36
 Verifying : libutempter-1.1.6-4.el7.x86_64 36/36

Installed:
 iputils.x86_64 0:20160308-10.el7 procps-ng.x86_64 0:3.3.10-23.el7

Dependency Installed:
 acl.x86_64 0:2.2.51-14.el7 binutils.x86_64 0:2.27-34.base.el7 cracklib.x86_64 0:2.9.0-11.el7
 cracklib-dicts.x86_64 0:2.9.0-11.el7 cryptsetup-libs.x86_64 0:2.0.3-3.el7 dbus.x86_64 1:1.10.24-12.el7
 dbus-libs.x86_64 1:1.10.24-12.el7 device-mapper.x86_64 7:1.02.149-10.el7_6.3 device-mapper-libs.x86_64 7:1.02.149-10.el7_6.3
 dracut.x86_64 0:033-554.el7 elfutils-default-yama-scope.noarch 0:0.172-2.el7 elfutils-libs.x86_64 0:0.172-2.el7
 gzip.x86_64 0:1.5-10.el7 hardlink.x86_64 1:1.0-19.el7 json-c.x86_64 0:0.11-4.el7_0
 kmod.x86_64 0:20-23.el7 kmod-libs.x86_64 0:20-23.el7 kpartx.x86_64 0:0.4.9-123.el7
 libpwquality.x86_64 0:1.2.3-5.el7 libsemanage.x86_64 0:2.5-14.el7 libsmartcols.x86_64 0:2.23.2-59.el7
 libuser.x86_64 0:0.60-9.el7 libutempter.x86_64 0:1.1.6-4.el7 lz4.x86_64 0:1.7.5-2.el7
 pam.x86_64 0:1.1.8-22.el7 pkgconfig.x86_64 1:0.27.1-4.el7 qrencode-libs.x86_64 0:3.4.1-3.el7
 shadow-utils.x86_64 2:4.1.5.1-25.el7 systemd.x86_64 0:219-62.el7_6.5 systemd-libs.x86_64 0:219-62.el7_6.5
 tar.x86_64 2:1.26-35.el7 ustr.x86_64 0:1.0.4-16.el7 util-linux.x86_64 0:2.23.2-59.el7
 xz.x86_64 0:5.2.2-1.el7

Complete!
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors

[root@lab-host]# rm -f $centos_base_root/etc/resolv.conf 
[root@lab-host]# umount $centos_base_root/dev

Let’s create our Docker image

[root@lab-host]# tar -C $centos_base_root -c . | docker import - centos
sha256:6fced9621cdc62b22a1287921505dfe9dea9637539baf1b1d17eef7213a00eea

Still “small” in size at 193 MB.

[root@lab-host]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 6fced9621cdc 3 seconds ago 193 MB
[root@lab-host]#

You can now push the image to a registry. But let’s test this one out first.

[root@lab-host]# docker run --name centos-linux -d centos /bin/sh -c "while true; do ping 8.8.8.8; done"
124d76002af2a04afacb6b012d6dad7c41cae6fa1ca9501fdc36451364bc5335
[root@lab-host]#

 

[root@lab-host]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
124d76002af2 centos "/bin/sh -c 'while..." 4 seconds ago Up 2 seconds centos-linux

 

Let’s go inside our container.

[root@lab-host]# docker exec -ti centos-linux /bin/bash
bash-4.2# uname -a
Linux 124d76002af2 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
bash-4.2#

 

 

Launching and resizing an EC2 instance using AWS cli

In trying to answer an ex-colleague question on how to migrate/resize an instance, I tried doing things using AWS cli.

Let’s configure our aws cli 

[preyes@development ~]# aws configure
AWS Access Key ID [None]: ############
AWS Secret Access Key [None]: ###################
Default region name [None]: us-east-1
Default output format [None]:
[preyes@development ~]#

Let’s create a new instance using run-instances

[preyes@development ~]# aws ec2 run-instances --image-id ami-04681a1dbd79675a5 --count 1 --instance-type t2.micro --key-name ec2-keypair --security-group-ids sg-035ee364e7e068140 --subnet-id subnet-8a5ed3d6
{
 "Instances": [
 {
 "Monitoring": {
 "State": "disabled"
 },
 "PublicDnsName": "",
 "StateReason": {
 "Message": "pending",
 "Code": "pending"
 },
 "State": {
 "Code": 0,
 "Name": "pending"
 },
 "EbsOptimized": false,
 "LaunchTime": "2018-10-02T13:08:31.000Z",
 "PrivateIpAddress": "xxx.xx.xx.xxx",
 "ProductCodes": [],
 "VpcId": "vpc-60ab771a",
 "CpuOptions": {
 "CoreCount": 1,
 "ThreadsPerCore": 1
 },
 "StateTransitionReason": "",
 "InstanceId": "i-082500af8fb8d8487",
 "ImageId": "ami-04681a1dbd79675a5",
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "KeyName": "ec2-keypair",
 "SecurityGroups": [
 {
 "GroupName": "ec2-securitygroup",
 "GroupId": "sg-035ee364e7e068140"
 }
 ],
 "ClientToken": "",
 "SubnetId": "subnet-8a5ed3d6",
 "InstanceType": "t2.micro",
 "NetworkInterfaces": [
 {
 "Status": "in-use",
 "MacAddress": "0e:0a:a0:87:68:a0",
 "SourceDestCheck": true,
 "VpcId": "vpc-60ab771a",
 "Description": "",
 "NetworkInterfaceId": "eni-058a75e0cd972f66a",
 "PrivateIpAddresses": [
 {
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "Primary": true,
 "PrivateIpAddress": "xxx.xx.xx.xxx"
 }
 ],
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "Attachment": {
 "Status": "attaching",
 "DeviceIndex": 0,
 "DeleteOnTermination": true,
 "AttachmentId": "eni-attach-0b79c1b5ed1e10d5c",
 "AttachTime": "2018-10-02T13:08:31.000Z"
 },
 "Groups": [
 {
 "GroupName": "ec2-securitygroup",
 "GroupId": "sg-035ee364e7e068140"
 }
 ],
 "Ipv6Addresses": [],
 "OwnerId": "265563422353",
 "SubnetId": "subnet-8a5ed3d6",
 "PrivateIpAddress": "xxx.xx.xx.xx"
 }
 ],
 "SourceDestCheck": true,
 "Placement": {
 "Tenancy": "default",
 "GroupName": "",
 "AvailabilityZone": "us-east-1a"
 },
 "Hypervisor": "xen",
 "BlockDeviceMappings": [],
 "Architecture": "x86_64",
 "RootDeviceType": "ebs",
 "RootDeviceName": "/dev/xvda",
 "VirtualizationType": "hvm",
 "AmiLaunchIndex": 0
 }
 ],
 "ReservationId": "r-0c54b78db90b9a2be",
 "Groups": [],
 "OwnerId": "265563422353"
}
[preyes@development ~]#

Checking the instance status using describe-instances

[preyes@development ~]# aws ec2 describe-instances
{
 "Reservations": [
 {
 "Instances": [
 {
 "Monitoring": {
 "State": "disabled"
 },
 "PublicDnsName": "ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com",
 "State": {
 "Code": 16,
 "Name": "running"
 },
 "EbsOptimized": false,
 "LaunchTime": "2018-10-02T13:08:31.000Z",
 "PublicIpAddress": "xx.xxx.xxx.xx",
 "PrivateIpAddress": "xxx.xx.xx.xxx",
 "ProductCodes": [],
 "VpcId": "vpc-60ab771a",
 "CpuOptions": {
 "CoreCount": 1,
 "ThreadsPerCore": 1
 },
 "StateTransitionReason": "",
 "InstanceId": "i-082500af8fb8d8487",
 "EnaSupport": true,
 "ImageId": "ami-04681a1dbd79675a5",
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "KeyName": "ec2-keypair",
 "SecurityGroups": [
 {
 "GroupName": "ec2-securitygroup",
 "GroupId": "sg-035ee364e7e068140"
 }
 ],
 "ClientToken": "",
 "SubnetId": "subnet-8a5ed3d6",
 "InstanceType": "t2.micro",
 "NetworkInterfaces": [
 {
 "Status": "in-use",
 "MacAddress": "0e:0a:a0:87:68:a0",
 "SourceDestCheck": true,
 "VpcId": "vpc-60ab771a",
 "Description": "",
 "NetworkInterfaceId": "eni-058a75e0cd972f66a",
 "PrivateIpAddresses": [
 {
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "PrivateIpAddress": "xxx.xx.xx.xxx",
 "Primary": true,
 "Association": {
 "PublicIp": "xx.xxx.xxx.xx",
 "PublicDnsName": "ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com",
 "IpOwnerId": "amazon"
 }
 }
 ],
 "PrivateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
 "Attachment": {
 "Status": "attached",
 "DeviceIndex": 0,
 "DeleteOnTermination": true,
 "AttachmentId": "eni-attach-0b79c1b5ed1e10d5c",
 "AttachTime": "2018-10-02T13:08:31.000Z"
 },
 "Groups": [
 {
 "GroupName": "ec2-securitygroup",
 "GroupId": "sg-035ee364e7e068140"
 }
 ],
 "Ipv6Addresses": [],
 "OwnerId": "265563422353",
 "PrivateIpAddress": "xxx.xx.xx.xxx",
 "SubnetId": "subnet-8a5ed3d6",
 "Association": {
 "PublicIp": "xxx.xx.xx.xxx",
 "PublicDnsName": "ec2-xx-xx-xxx-xx.compute-1.amazonaws.com",
 "IpOwnerId": "amazon"
 }
 }
 ],
 "SourceDestCheck": true,
 "Placement": {
 "Tenancy": "default",
 "GroupName": "",
 "AvailabilityZone": "us-east-1a"
 },
 "Hypervisor": "xen",
 "BlockDeviceMappings": [
 {
 "DeviceName": "/dev/xvda",
 "Ebs": {
 "Status": "attached",
 "DeleteOnTermination": true,
 "VolumeId": "vol-0adcd79e3ad20f7d2",
 "AttachTime": "2018-10-02T13:08:32.000Z"
 }
 }
 ],
 "Architecture": "x86_64",
 "RootDeviceType": "ebs",
 "RootDeviceName": "/dev/xvda",
 "VirtualizationType": "hvm",
 "AmiLaunchIndex": 0
 }
 ],
 "ReservationId": "r-0c54b78db90b9a2be",
 "Groups": [],
 "OwnerId": "265563422353"
 }
 ]
}
[preyes@development ~]#

Now let’s try resizing our instance. For this, we need the instance to be in stopped state. Note that you can only stop an EBS-backed instance. You cannot stop an  Instance-store backed instance as the data will be lost when the an instance-store back instance is stopped.  For information on how to resize an instance-store backed instance, kindly check this page.

Let’s stop our instance using stop-instances action

[preyes@development ~]# aws ec2 stop-instances --instance-id i-082500af8fb8d8487
{
 "StoppingInstances": [
 {
 "InstanceId": "i-082500af8fb8d8487",
 "CurrentState": {
 "Code": 64,
 "Name": "stopping"
 },
 "PreviousState": {
 "Code": 16,
 "Name": "running"
 }
 }
 ]
}
[preyes@development ~]#

Let’s check if our instance is in stopped state

[preyes@development ~]# aws ec2 describe-instances --instance-id i-082500af8fb8d8487 --query Reservations[].Instances[].State
[
 {
 "Code": 80,
 "Name": "stopped"
 }
]
[preyes@development ~]#

Now that our instance is in stopped state, we can now change the instance type. I’m changing my instance from t2.micro to t2.nano

[preyes@development ~]# aws ec2 modify-instance-attribute --instance-type t2.nano --instance-id i-082500af8fb8d8487

Here we can now see that our instance was changed to t2.nano

[preyes@development ~]# aws ec2 describe-instances --instance-id i-082500af8fb8d8487 --query Reservations[].Instances[].InstanceType
[
 "t2.nano"
]
[preyes@development ~]#

Starting back our instance using start-instances

[preyes@development ~]# aws ec2 start-instances --instance-id i-082500af8fb8d8487
{
 "StartingInstances": [
 {
 "InstanceId": "i-082500af8fb8d8487",
 "CurrentState": {
 "Code": 0,
 "Name": "pending"
 },
 "PreviousState": {
 "Code": 80,
 "Name": "stopped"
 }
 }
 ]
}
[preyes@development ~]#

And again running describe-instances querying the state

[preyes@development ~]# aws ec2 describe-instances --instance-id i-082500af8fb8d8487 --query Reservations[].Instances[].State
[
 {
 "Code": 16,
 "Name": "running"
 }
]
[preyes@development ~]#

What approach do you take in order to minimize downtime? I’m thinking you should have a resilient system in the first place.  Instance groups?

Docker Image + Automated Builds

In the previous post I listed the steps on setting up a Kubernetes Cluster system. In this session, I will run through on how to create an image, build it, and use the same image to create our pods. I will also show how automated build works in Docker Hub.

Create a Docker Hub account if you haven’t done so. We would also need a repository for your codes. I am using Github to store my codes.

Create new Github repo

In your Github account, create a new repository and upload your codes. Our Node.js application will just output some text as an http response.

We will also need a Docker file. A Docker file contains instructions on how to create our image. Here’s the structure of my Github repo.

Basically our Dockerfile contains the following steps. First is, I declared that I will be using the alpine image and  install nodejs package on it. We will also copy index.js to the /src directory of the image and set it to listen to web port 8080 and start the Node.js application.

Configure Source Provider

Login to your Docker Hub account (http://cloud.docker.com) and go to Cloud Settings section.

Under the Source Provider, configure GitHub provider using your Github details.

Now that our Source provider is configured, we can now start to create a new Docker Hub repository.

In the Build Settings section, select the Source Provider and the repo

Click Create & Build to start building our docker image.

You can see from the Timeline section the steps it is doing to build our image. You can click the specific step to view more details.

Once our image is built, you can see under the General Section that we now have a new docker image (latest)

We can now use this image to create our pods. In my repo, I created a yml file that I’ll use to create a pod in our Kubernetes Cluster. Issue the following command to create our pod.

After a couple of minutes, we can see that a pod has been created.

Using the pod IP address, we can curl port 8080 to test our image.

As you can see from the above, we got an http response from our pod from our Node.js application.

Let’s try to update our code in Github. Update index.js adding in a version 2 in the response string.

Once you commit the changes, you will see in Docker hub that an Automatic Build will be triggered to update our docker image.

We could have created a deployment to simulate Blue-Green deployment/Update our pods but for simplicity, we will focus on just creating pods manually. Delete the current running pod. Re-running the steps to create a pod by passing in the same yml file, we should be able to see the updated Node.js application.

Still new to this technology, I hope this post provided some understanding on the basics of Containers/image/Kubernetes. There’s so much more to learn and explore on this Container Technology. Connect with me on LinkedIn as I would like to know how others implement CI/CD process and what framework/methodology or tools they follow.

 

Setup IPSec VPN Server with Raspberry Pi

On my previous post, I shared how to configure a direct connection between my private home network and Google Cloud VPN. In my setup I was using my Raspberry Pi as my local VPN Gateway using OpenSwan. In this tutorial I’m going to show how I configure that.

Why did I choose Raspberry Pi?

First is I don’t own/have access to a dedicated VPN device/appliance. Having a Cisco ASA device would have been a good choice just to have that “Enterprise grade” experience but since this is just a POC, I think the Raspberry Pi is very well suited for this. Second, the low power consumption of this pocket-sized computer really makes it a better choice. Instead of running a power-hungry x86 server or DLXXX hardware, I could leave this one up and running all night without worrying about my electricity bill going up. But since we are using OpenSwan, you can definitely run this on any commodity hardware.

On with the installation

I have my pi up and running Raspbian Jessie Lite since I was using it as my Kodi media server. All I need to do now is to install openswan.

root@gateway:~# apt-get install openswan

When prompted ‘Use an X.509 certificate for this host?’, answer ‘No’. If you want to add it, use ‘dpkg-reconfigure openswan’ to come back.

Once installed, let’s configure our ipsec.secrets

root@gateway:~# vi /etc/ipsec.secrets

Add the following to the end of the line. Change raspberrypi_IP with the IP Address of your pi. Change the  pre-shared-key-password with something else. This will be used by both peers for authentication (RFC2409). Generate a long PSK with atleast 30 characters to mitigate brute force attack.

<raspberrypi_IP> %any: PSK "<pre-shared-key-password>"

We now need to define our VPN connection. Edit ipsec.conf

root@gateway:~# vi /etc/ipsec.conf

Add the following connection definition at the bottom part of the config file.

## connection definition in vpc-google ##
conn vpc-google     #vpc-google is the name of the connection
 auto=add
 authby=secret     #since we are using PSK, this is set to secret 
 type=tunnel #OpenSwan support l2tpd as well. For site-to-site use tunnel
 leftsubnet=192.168.0.0/24 # This is our local subnet.
 rightsubnet=10.128.0.0/20 # Remote site subnet.
 leftid=xx.xx.xxx.xx # My public IP
 left=192.168.0.100 # Raspberry PI ip address
 leftsourceip=192.168.0.100 # Raspberry PI ip address
 right=%any
 aggrmode=no

 

Under the default connection, I actually set the following

keyexchange=ike
nat_traversal=yes

I forgot to mention that this Raspberry PI is behind my router. I had to do port forwarding. IPSec uses udp port 500/4500. You need to do port forwarding if your gateway will be behind a router.

Restart openswan service.

root@gateway:~# service ipsec restart

All we need to do now is to configure a VPN Connection in GCP.

Once configured,  we can do the following to check if it’s working as expected.

Check ipsec status

root@gateway:~# service ipsec status
● ipsec.service - LSB: Start Openswan IPsec at boot time
 Loaded: loaded (/etc/init.d/ipsec)
 Active: active (running) since Thu 2017-07-20 14:23:39 UTC; 18s ago
 Process: 6866 ExecStop=/etc/init.d/ipsec stop (code=exited, status=0/SUCCESS)
 Process: 6964 ExecStart=/etc/init.d/ipsec start (code=exited, status=0/SUCCESS)
 CGroup: /system.slice/ipsec.service
 ├─7090 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes -...
 ├─7091 logger -s -p daemon.error -t ipsec__plutorun
 ├─7094 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes -...
 ├─7095 /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
 ├─7096 /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal --v...
 ├─7100 pluto helper # 0 
 └─7188 _pluto_adns

Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #1: new NAT mapping for #1, was 35.188.205.71:500, now 35.188.205.71:4500
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHAR...modp1024}
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #1: the peer proposed: 192.168.0.0/24:0/0 -> 10.128.0.0/20:0/0
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: responding to Quick Mode proposal {msgid:3e4ab184}
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: us: 192.168.0.0/24===192.168.0.100<192.168.0.100>[xx.xxx.xx.xx]
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: them: 35.188.205.71===10.128.0.0/20
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 20 14:23:44 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jul 20 14:23:45 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 20 14:23:45 gateway pluto[7096]: "vpc-google"[1] 35.188.205.71 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x1baf69...DPD=none}
Hint: Some lines were ellipsized, use -l to show in full.
root@gateway:~#

35.188.205.71 is my GCP VPN Gateway IP. We need to see that IPsec SA established tunnel mode to confirm everything is working fine.

ipsec auto –status

root@gateway:~# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.100
000 interface eth0/eth0 192.168.0.100
000 interface wlan0/wlan0 192.168.1.1
000 interface wlan0/wlan0 192.168.1.1
000 %myid = (none)
000 debug none
000 
000 virtual_private (%priv):
000 - allowed 6 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 25.0.0.0/8, fd00::/8, fe80::/10
000 - disallowed 0 subnets: 
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have 
000 private address space in internal use, it should be excluded!
000 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
000 
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000 
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000 
000 "vpc-google": 192.168.0.0/24===192.168.0.100<192.168.0.100>[xx.xx.xx.xx]...%any===10.128.0.0/20; unrouted; eroute owner: #0
000 "vpc-google": myip=192.168.0.100; hisip=unset;
000 "vpc-google": ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 3 
000 "vpc-google": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,20; interface: eth0; 
000 "vpc-google": newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "vpc-google": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1024(2); flags=-strict
000 "vpc-google": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1024(2)
000 "vpc-google": ESP algorithms wanted: AES(12)_256-SHA1(2)_000; flags=-strict
000 "vpc-google": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vpc-google"[1]: 192.168.0.0/24===192.168.0.100<192.168.0.100>[xx.xx.xxx.xx]...35.188.205.71===10.128.0.0/20; erouted; eroute owner: #2
000 "vpc-google"[1]: myip=192.168.0.100; hisip=unset;
000 "vpc-google"[1]: ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 3 
000 "vpc-google"[1]: policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,20; interface: eth0; 
000 "vpc-google"[1]: newest ISAKMP SA: #1; newest IPsec SA: #2; 
000 "vpc-google"[1]: IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1024(2); flags=-strict
000 "vpc-google"[1]: IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1024(2)
000 "vpc-google"[1]: IKE algorithm newest: AES_CBC_128-SHA1-MODP1024
000 "vpc-google"[1]: ESP algorithms wanted: AES(12)_256-SHA1(2)_000; flags=-strict
000 "vpc-google"[1]: ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vpc-google"[1]: ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<Phase1>
000 
000 #2: "vpc-google"[1] 35.188.205.71:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 671s; newest IPSEC; eroute owner; isakmp#1; idle; import:not set
000 #2: "vpc-google"[1] 35.188.205.71 esp.1baf698c@35.188.205.71 esp.c810f1e5@192.168.0.100 tun.0@35.188.205.71 tun.0@192.168.0.100 ref=0 refhim=4294901761
000 #1: "vpc-google"[1] 35.188.205.71:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3070s; newest ISAKMP; lastdpd=20s(seq in:0 out:0); idle; import:not set
000 
root@gateway:~#

If tunnel isn’t coming up/establishing, your best pal is tcpdump. Initiate a ping or some traffic from the remote site to your local network. I prefer to start by pinging my local VPN gateway from one of my cloud instance.

root@gateway:~# tcpdump -n "port 4500" -vvvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:35:24.609126 IP (tos 0x0, ttl 64, id 448, offset 0, flags [DF], proto UDP (17), length 29)
 192.168.0.100.4500 > 35.188.205.71.4500: [bad udp cksum 0xb22a -> 0x2ba3!] isakmp-nat-keep-alive
14:35:24.609953 IP (tos 0x0, ttl 64, id 449, offset 0, flags [DF], proto UDP (17), length 29)
 192.168.0.100.4500 > 35.188.205.71.4500: [bad udp cksum 0xb22a -> 0x2ba3!] isakmp-nat-keep-alive

If everything is ok we can test connectivity from our local network to any of our remote instance.

root@gateway:~# ping 10.128.0.3
PING 10.128.0.3 (10.128.0.3) 56(84) bytes of data.
64 bytes from 10.128.0.3: icmp_seq=1 ttl=64 time=210 ms
64 bytes from 10.128.0.3: icmp_seq=2 ttl=64 time=211 ms
^C
--- 10.128.0.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 210.571/210.973/211.375/0.402 ms
root@gateway:~# ssh root@10.128.0.3
The authenticity of host '10.128.0.3 (10.128.0.3)' can't be established.
ECDSA key fingerprint is 8f:f7:62:4f:1e:85:ad:1e:50:cc:bc:21:fd:ae:bb:9e.
Are you sure you want to continue connecting (yes/no)? 

From the above, we can see that we are able to connect to one of my instance in GCP.

 

 

Let’s Git it on!

Install Git

# yum install git
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 5.4 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 3.4 kB 00:00:00
google-chrome | 951 B 00:00:00
nux-dextop | 2.9 kB 00:00:00
updates | 3.4 kB 00:00:00
epel/x86_64/primary_db FAILED ] 0.0 B/s | 1.2 MB –:–:– ETA
http://mirror.rise.ph/fedora-epel/7/x86_64/repodata/167fde3ffebcbd63c6850b6c2301b20d575eb884d2657a26003f078878c52a77-primary.sqlite.xz: [Errno 14] HTTP Error 404 – Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/articles/1320623

If above article doesn’t help to resolve this issue please create a bug on https://bugs.centos.org/

(1/5): epel/x86_64/group_gz | 170 kB 00:00:00
(2/5): updates/7/x86_64/primary_db | 4.8 MB 00:00:01
(3/5): epel/x86_64/updateinfo | 799 kB 00:00:04
(4/5): epel/x86_64/primary_db | 4.7 MB 00:00:07
(5/5): nux-dextop/x86_64/primary_db | 1.7 MB 00:00:11
Loading mirror speeds from cached hostfile
* base: mirror.qoxy.com
* epel: mirror.rise.ph
* extras: mirror.qoxy.com
* nux-dextop: mirror.li.nux.ro
* updates: mirror.qoxy.com
Resolving Dependencies
–> Running transaction check
—> Package git.x86_64 0:1.8.3.1-6.el7_2.1 will be installed
–> Processing Dependency: perl-Git = 1.8.3.1-6.el7_2.1 for package: git-1.8.3.1-6.el7_2.1.x86_64
–> Processing Dependency: perl(Term::ReadKey) for package: git-1.8.3.1-6.el7_2.1.x86_64
–> Processing Dependency: perl(Git) for package: git-1.8.3.1-6.el7_2.1.x86_64
–> Processing Dependency: perl(Error) for package: git-1.8.3.1-6.el7_2.1.x86_64
–> Running transaction check
—> Package perl-Error.noarch 1:0.17020-2.el7 will be installed
—> Package perl-Git.noarch 0:1.8.3.1-6.el7_2.1 will be installed
—> Package perl-TermReadKey.x86_64 0:2.30-20.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================
Installing:
git x86_64 1.8.3.1-6.el7_2.1 base 4.4 M
Installing for dependencies:
perl-Error noarch 1:0.17020-2.el7 base 32 k
perl-Git noarch 1.8.3.1-6.el7_2.1 base 53 k
perl-TermReadKey x86_64 2.30-20.el7 base 31 k

Transaction Summary
======================================================================================================================================================
Install 1 Package (+3 Dependent packages)

Total download size: 4.5 M
Installed size: 22 M
Is this ok [y/d/N]: y
Downloading packages:
(1/4): git-1.8.3.1-6.el7_2.1.x86_64.rpm | 4.4 MB 00:00:07
(2/4): perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm | 53 kB 00:00:00
(3/4): perl-TermReadKey-2.30-20.el7.x86_64.rpm | 31 kB 00:00:00
(4/4): perl-Error-0.17020-2.el7.noarch.rpm | 32 kB 00:00:10
——————————————————————————————————————————————————
Total 425 kB/s | 4.5 MB 00:00:10
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:perl-Error-0.17020-2.el7.noarch 1/4
Installing : perl-TermReadKey-2.30-20.el7.x86_64 2/4
Installing : git-1.8.3.1-6.el7_2.1.x86_64 3/4
Installing : perl-Git-1.8.3.1-6.el7_2.1.noarch 4/4
Verifying : perl-Git-1.8.3.1-6.el7_2.1.noarch 1/4
Verifying : perl-TermReadKey-2.30-20.el7.x86_64 2/4
Verifying : 1:perl-Error-0.17020-2.el7.noarch 3/4
Verifying : git-1.8.3.1-6.el7_2.1.x86_64 4/4

Installed:
git.x86_64 0:1.8.3.1-6.el7_2.1

Dependency Installed:
perl-Error.noarch 1:0.17020-2.el7 perl-Git.noarch 0:1.8.3.1-6.el7_2.1 perl-TermReadKey.x86_64 0:2.30-20.el7

Complete!

Generate SSH Keys

# ssh-keygen -t rsa -b 4096 -C “youremail@address.com”
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fe:41:cc:88:23:0f:9d:0d:8b:f4:b6:a6:2f:70:45:4f youremail@address.com
The key’s randomart image is:
+–[ RSA 4096]—-+
| |
| . E |
| …o |
| . +.*.+ |
| +.O S + |
| . .= + . |
| o + . . |
| .o . . |
| .o. . |
+—————–+

Add your SSH key to your SSH agent.

Start SSH agent in the background

# eval “$(ssh-agent -s)”
Agent pid 11120

Add your SSH private key to the ssh-agent

#ssh-add ~/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

Add the SSH key to your Github account

First, copy the SSH key to your clipboard.

# xclip -sel clip < ~/.ssh/id_rsa.pub

Login to your Github account and inn the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click SSH and GPG keys.

Click New SSH key or Add SSH key

In the Title filed add a descriptive name for this SSH key. Paste your key into the “Key” field

Click Add SSH key

If prompted enter your Github password.

You now have Git configured!