64 on QEMU

Posted on January 15, 2023 by aitayemi

Setup Solaris 9/10/11 x86/64 and Solaris 10 x86 on QEMU: 
--------------------------------------------------------

Background: I got the "long" qemu-system-x86_64 VM-creation command by using virt-install to create the VM and filtering the output of "ps -ef | grep qemu-system". Attempts to setup a Solaris 10 VM with a basic command resulted in the installation stuck in a reboot loop once it loads the kernel from the installation ISO.
Sample virt-install command: virt-install --name s10x64 --memory 4096 --vcpus 2 --disk /s10x64/s10x64.qcow2 --cdrom /s10x64/sol-10-u1-ga-x86-dvd-iso.iso --os-variant solaris10 --graphics vnc


Setup the Ubuntu QEMU hypervisor host
-------------------------------------

- NOTE: this installed QEMU version 6.2.0 in /usr/sbin/ which I won't be using.
root@itamint:~/# apt update -y
root@itamint:~/# apt -y install bridge-utils cpu-checker libvirt-clients virtinst libvirt-daemon libvirt-daemon-system qemu qemu-kvm 
root@itamint:~/# usermod -aG kvm root
root@itamint:~/# newgrp kvm
root@itamint:~/# systemctl enable libvirtd
root@itamint:~/# systemctl start libvirtd


- Setup VDE for networking:
root@itamint:~/# apt install vde2
root@itamint:~/# apt-get install libvdeplug-dev


- Compile/Install the latest  QEMU (version 7.2.0) with VDE enabled in /usr/local/bin:
root@itamint:~/# apt install -y gcc make ninja-build libglib2.0-dev libpixman-1-dev ncurses-dev
root@itamint:~/# apt install -y libusb-dev libusb-1.0-0-dev libusbredirparser1 libusbredirhost1 usbutils
root@itamint:~/# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@itamint:~/# tar xf qemu-7.2.0.tar.xz
root@itamint:~/# cd qemu-7.2.0
root@itamint:~/qemu-7.2.0# ./configure --enable-vde --enable-libusb
root@itamint:~/qemu-7.2.0# make
root@itamint:~/qemu-7.2.0# make install

---------- End Of QEMU host setup -----------------------------


- Setup a network (VDE) switch that VMs are logically connected to:

- Create a VDE switch and assign it an IP address which will be the gateway of VMs (note that it goes away if you reboot the host):
root@itamint:~/# vde_switch -tap vde0 -daemon
root@itamint:~/# ip link set dev vde0 up
root@itamint:~/# ip route add 10.0.2.0/24 dev vde0
root@itamint:~/# echo 1 > /proc/sys/net/ipv4/conf/vde0/proxy_arp


- Internet access to the VMs (execute on the QEMU hypervisor host) where wlp5s0 is the WAN NIC on the Ubuntu QEMU host:
root@itamint:~/# echo 1 > /proc/sys/net/ipv4/ip_forward
root@itamint:~/# iptables -t nat -A POSTROUTING -o wlp5s0 -j MASQUERADE
root@itamint:~/# iptables -I FORWARD 1 -i vde0 -j ACCEPT
root@itamint:~/# iptables -I FORWARD 1 -o vde0 -m state --state RELATED,ESTABLISHED -j ACCEPT

---------- End of VDE network switch setup --------------------

- Location of PC BIOS ("-L /path/to/dir"). Same file, but first is from the QEMU 7.2.0 and second is from the seabios Ubuntu package.
root@itamint:~# find /usr -iname bios-256k.bin
/usr/local/share/qemu/bios-256k.bin
/usr/share/seabios/bios-256k.bin



- Create a Solaris 9 VM and install the O/S from the ISO:
---------------------------------------------------------

root@itamint:/s9x86# qemu-img create -f qcow2 s9x86.qcow2 20G
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s9x86,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s9x86/s9x86.qcow2 -boot d --cdrom /s9x86/sol-9-u8-ga-x86-dvd.iso -device i82801,netdev=net0,mac=52:54:00:e6:5d:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- NOTE: with bridge/tap/vde variants of e1000 NIC did not work. The arp table on the QEMU host shows "incomplete" for the MAC address of the VM, and no communication is possible. With NIC model i82801, it works properly. The NIC is detected by Solaris 9 as "PCI: Intel i815/82559 Ethernet" , interface name iprb0 in Solaris. This is a 10/100Mbps NIC.


- connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.
- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s9x86,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s9x86/s9x86.qcow2 -device i82801,netdev=net0,mac=2a:e8:ec:b2:1f:7b,bus=pci.0,addr=0x3 -netdev vde,id=net0


- First boot after install, if using MobaXterm VNC client, switch it to "Full Screen" otherwise the desktop/login won't display properly. Once you login, you can use to skip installation of the "Java Enterprise System" after which the system will reboot again. Once you login again, you will be prompted to choose either CDE or Gnome 2.0 desktop.

- Optionally disable CDE (GUI): 
bash-2.05# /usr/dt/bin/dtconfig -d
bash-2.05# mv /etc/rc2.d/S99dtlogin /etc/rc2.d/DISABLE_s99dtlogin


- Edit /etc/ssh/sshd_config file in the VM and change "PermitRootLogin no" to "PermitRootLogin yes" (do not do in Production environment)
- restart SSHD with the command "kill -HUP  <sshd-pid>"

- SSH to the VM from the Ubuntu QEMU host (10.0.2.150 is what I assigned to the VM during setup):
root@itamint:~# ssh -oHostKeyAlgorithms=+ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc root@10.0.2.150

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 9 setup --------------------------------



- Create a Solaris 10 VM and install the O/S from the ISO:
----------------------------------------------------------

root@itamint:/s9x86# qemu-img create -f qcow2 /s10x64/s10x64.qcow2 20G 
root@itamint:/s9x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s10x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s10x64/s10x64.qcow2 -boot d --cdrom /root/s10x86/sol-10-u8-ga-x86-dvd.iso -device e1000,netdev=net0,mac=52:54:00:e6:4d:15,bus=pci.0,addr=0x3 -netdev vde,id=net0

- Connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.

- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:~/s10x86# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s10x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s10x64/s10x64.qcow2 -device e1000,netdev=net0,mac=52:54:00:e6:4d:15,bus=pci.0,addr=0x3 -netdev vde,id=net0

- First boot after install, if using MobaXterm VNC client, switch it to "Full Screen" otherwise the desktop/login won't display properly.

- optionally disable CDE (GUI). 
bash-3.00# /usr/dt/bin/dtconfig -d
bash-3.00# svcadm disable cde-login
bash-3.00#

- Edit /etc/ssh/sshd_config file in the VM and change "PermitRootLogin no" to "PermitRootLogin yes" (do not do in Production environment)
- restart SSHD with the command "svcadm restart sshd"

- SSH to the VM from the Ubuntu QEMU host (10.0.2.105 is what I assigned to the VM during setup):
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa root@10.0.2.105

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 10 setup -------------------------------




- Create a Solaris 11 VM and install the O/S from the ISO:
----------------------------------------------------------

root@itamint:~/s10x86# mkdir /s11x64
root@itamint:~/s10x86# qemu-img create -f qcow2 /s11x64/s11x64.qcow2 8G
root@itamint:~/s10x86# cd /s11x64/
root@itamint:/s11x64# ls
s11x64.qcow2  sol-11-1111-text-x86.iso
root@itamint:/s11x64# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s11x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s11x64/s11x64.qcow2 -boot d --cdrom /s11x64/sol-11-1111-text-x86.iso -device e1000,netdev=net0,mac=52:54:00:e7:4e:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- Connect to the installation using a VNC client such as MobaXterm or realVNC or tigerVNC to complete the installation process.

- NOTE: if you choose the auto-reboot option, the system will reboot again from the CD at the end of the install. Break/Cancel the QEMU command then launch the VM from the O/S boot disk e.g.,
root@itamint:/s11x64# /usr/local/bin/qemu-system-x86_64 -L /usr/local/share/qemu/ -name guest=s11x64,debug-threads=on -machine pc,usb=off -accel kvm -cpu host,migratable=on -m 4096 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 -device VGA,id=video0,vgamem_mb=32,bus=pci.0,addr=0x2 -hda /s11x64/s11x64.qcow2 -device e1000,netdev=net0,mac=52:54:00:e7:4e:16,bus=pci.0,addr=0x3 -netdev vde,id=net0

- After the install, I had to manually create /etc/hostname.net0 
echo "s11x64" > /etc/hostname.net0

- SSH to the VM from the Ubuntu QEMU host (10.0.2.160 is what I assigned to the VM during setup):
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa itababa@10.0.2.160

- NOTE: once the VM has network access, you can start it with the "--daemonize" so it detaches from the SHELL session on the QEMU host.

------------- End of Solaris 11 setup -------------------------------
 


Some useful Commands:
---------------------

- 7 commands to get info about processors in Solaris: 
psrinfo -pv ; isalist ; kstat -p cpu_info ; kstat -m cpu_info ; prtdiag -v  ; prtpicl -v  ;  smbios


- Get list of supported OS types/variants 
root@kvm:~# virt-install --os-variant list


- Flush ARP table in Linux:
ip -s -s neigh flush all


- Destroy a VM created by virt-install
root@itamint:~# virsh list --all
root@itamint:~# virsh destroy s10x64
root@itamint:~# virsh undefine s10x64


https://support.oracle.com/knowledge/Sun%20Microsystems/1444358_1.html
https://www.unix.com/unix-for-dummies-questions-and-answers/9130-removing-cde-openwindows.html



- Virtually mount a Solaris VM disk image:
  modprobe nbd max_part=8
  qemu-nbd --connect=/dev/nbd0 /s9x86/s9x86.qcow2
  fdisk /dev/nbd0 -l
  mkdir /tmp/sol
  mount /dev/nbd0p5 /tmp/sol
  ls /tmp/sol/

NOTE: the mountable slices may be different e.g., p1, p5, etc.

- to disconnect the device:
  umount /tmp/sol
  qemu-nbd  --disconnect /dev/nbd0

Solaris 10 x86 VM running on Qemu hypervisor on an Ubuntu host

Posted on January 1, 2023 by aitayemi

Solaris 10 VM on QEMU running on a Ubuntu host
==============================================

- Login to the Ubuntu host and install QEMU:

root@ip-172-31-23-252:~# apt update -y
root@ip-172-31-23-252:~# apt install -y gcc make ninja-build
root@ip-172-31-23-252:~# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# tar xvf qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# cd qemu-7.2.0/
root@ip-172-31-23-252:~/qemu-7.2.0# apt install libglib2.0-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt-get install -y libpixman-1-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt install ncurses-dev
root@ip-172-31-23-252:~/qemu-7.2.0# ./configure
root@ip-172-31-23-252:~# make
root@ip-172-31-23-252:~# make install


- Setup Networking (tap2 will be the NIC of the Solaris VM):
root@ip-172-31-23-252:/wip# ip tuntap add tap2 mode tap  &&  ip link set dev tap2 up


- Setup the host for routing (including Internet access from the Solaris VM). IP address 10.0.2.50 will be assigned to the Solaris VM.
NOTE: it might be better to put this in a start-up script so it "permanent".
echo 1 > /proc/sys/net/ipv4/conf/tap2/proxy_arp
ip route add 10.0.2.50 dev tap2
arp -Ds 10.0.2.50 eth0 pub
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD 1 -i tap2 -j ACCEPT
iptables -I FORWARD 1 -o tap2 -m state --state RELATED,ESTABLISHED -j ACCEPT


- Create VM disk:
root@ip-172-31-23-252:/wip# mkdir -p /wip/sol10x86
root@ip-172-31-23-252:/wip# cd /wip/sol10x86
root@ip-172-31-23-252:/wip/sol10x86# qemu-img create -f qcow2 solaris-disk-amd64.img 10G

root@ip-172-31-23-252:/wip/sol10x86# wget https://ftp.deu.edu.tr/pub/Solaris/iso/Solaris-10,8_11/sol-10-u10-ga2-x86-dvd.iso

- Create and Start the VM booting from the DVD (QEMU launches a VNC server running on 127.0.0.1:5900 for example):
root@ip-172-31-23-252:/wip/sol10x86# qemu-system-x86_64 -name s10qemu -m 4G -cdrom sol-10-u10-ga2-x86-dvd.iso -boot d -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no

- for Solaris 11, boot from CDROM ISO file sol-11_4-text-x86.iso instead of sol-10-u10-ga2-x86-dvd.iso
- use the MAC address of the tap2 NIC ("ip a") in the qemu-system-x86_64 command when starting the VM
- use putty to connect to the Ubuntu host while setting up tunnelling on 5900 (5900 on the Windows client tunneled to 127.0.0.1:5900 on the remote Ubuntu host)
- use real VNC (or tigerVNC) to connect to the VM's console and install solaris 10
- if setting up network, you MUST assign a gateway e.g., 10.0.2.254, otherwise networking doesn't work in the VM
- it will reboot to the install DVD. shutdown the VM ( e.g., CTRL+Z to kill the qemu-system-x86_64 process on the Ubuntu host). For Solaris 11, choose to halt the system at the end of the installation (instead of reboot) then shutdown the VM ( e.g., CTRL+Z to kill the qemu-system-x86_64 process on the Ubuntu host).

- boot VM from O/S disk with networking:
//root@ip-172-31-23-252:/wip# ip tuntap add tap2 mode tap  &&  ip link set dev tap2 up
root@ip-172-31-23-252:/wip# qemu-system-x86_64 -name s10qemu -m 4G -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no

- Connect via VNC client, login to the GUI desktop (choose Java Desktop or CDE) with root and password supplied during install, 

- shutdown the system e.g., from the terminal (Applications > Utilities) run "shutdown -y -g0 -i0"

- take a snapshot of the O/S disk for backup purposes:
# qemu-img create -f qcow2 -b solaris-disk-amd64.img -F qcow2 solaris-disk-amd64.snap.img 5G

- boot VM from O/S disk with networking:
root@ip-172-31-23-252:/wip# qemu-system-x86_64 -name s10qemu -m 4G -hda solaris-disk-amd64.img -net nic,model=e1000,macaddr=7a:30:2a:cd:d0:1c -net tap,script=no,ifname=tap2,downscript=no
NOTE: add the --daemonize to detach the running VM from the host bash session. This is a good way to start the VM once you can access it via SSH.


- Disable the GUI/desktop (graphic environment) since I chose to manage the system remotely using SSH. Note that Solaris 11 boots to run-level 3 so no need to disable the desktop.
# svcadm disable cde-login   
(older Solaris version may use the command "/usr/dt/bin/dtconfig -d")

- Add a user for remote SSH connection (itababa/James007!)
# useradd itababa
# password itababa

- SSH connection from host to Solaris VM (can't use root by default unless you reconfigure SSHD on the Solaris to "PermitRootLogin")
root@ip-172-31-23-252:/wip/sol10x86# ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=ssh-rsa itababa@10.0.2.50

- you can make the above connection options permanent by editing the SSH client configuration file on the host/client and adding a line to it such as the following. (Once done, you can connect to the Solaris VM with "ssh itababa@10.0.2.50" for example):
root@ip-172-31-23-252:/wip/sol10x86# vi $HOME/.ssh/config
Host 10.0.2.50
    KexAlgorithms +diffie-hellman-group1-sha1
	HostKeyAlgorithms ssh-rsa



---------- IF YOU SETUP NETWORKING DURING INSTALL SKIP THIS SECTION ---------

- Configure the network interface e1000g0 (in Solaris 11, the interface is called net0 instead of e1000g0)

1. Edit /etc/hostname.e1000g0 and add the IP address and Netmask:
# echo "10.0.2.50 netmask 255.255.255.0" > /etc/hostname.e1000g0

2. Add the IP-address/hostname entry to file /etc/inet/hosts :
# echo "10.0.2.50 `hostname`" >> /etc/inet/hosts

3. Add the default router/gateway:
# echo "10.0.2.254" > /etc/defaultrouter

4. Bring up the NIC in the current running session:
# ifconfig e1000g0 plumb
# ifconfig e1000g0 10.0.2.50 netmask 255.255.255.0 up
# route add default 10.0.2.254 -ifp e1000g0

6. Configure DNS
# echo "nameserver 8.8.8.8" >> /etc/resolv.conf
# vi /etc/nsswitch.conf  (change the line "hosts:     files" to "hosts:     files dns")

------ END OF NETWORKING SETUP IF YOU DIDN'T SETUP IT UP DURING INSTALL ------
========================================================================


Unable to successfully installing Solaris 10/11 SPARC:
- Solaris 10 boots but has no keyboard input so unable to actually install. Solaris 11 doesn't boot at all.

NOTE: For Solaris 11 x86, be sure to add a user account/password aside the root user during the installation as you can't login directly using the root account from the console. 

-------------------------------------------------------------------



-------------------------------------------------------------------

Some commands:

- to disable sound and set the language e.g., launch with:
LC_ALL=C QEMU_AUDIO_DRV=none qemu-system-sparc -m 256 -cdrom ...

- to use terminal install, add the "-nographic" option which prevents QEMU from creating a VNC listener

- Create a snapshot of the AIX O/S disk for backup purposes:
qemu-img create -f qcow2 -b sol10hdisk.qcow2 -F qcow2 sol10hdisk.snap.qcow2 5G

- How to disable the graphic environment, this can be done with that command: "/usr/dt/bin/dtconfig -d" or better with latest Solaris 10: "svcadm disable cde-login".

- Halt the VM:  # shutdown -y -g0 -i0

Keyboard not working as expected in QEMU? When starting QEMU just pass these flags to give yourself a USB keyboard and mouse:
-usb -device usb-mouse -device usb-kbd  -device usb-tablet
You may also try the flag for some ppc/sparc (https://github.com/qemu/SLOF/issues/1 ):  -prom-env 'input-device=hvterm'


// qemu-system-arm -M overo -m 256 -sd ./test.img -clock unix -serial stdio -device usb-mouse -device usb-kbd
// -vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]


- remove a tap device from a master
root@ip-172-31-23-252:/wip/sol10x86# ip link set dev tap2 nomaster



Links:
https://archive.org/download/sunsolaris10operatingsystem1106x86sparc/SOL_10_1106_SPARC.mdf
https://www.oracle.com/solaris/solaris10/downloads/solaris10-get-jsp-downloads.html
Download Solaris 11:  http://ftp.escuelaing.edu.co/pub/Unix/Solaris/11/
Download Solaris 11:  http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/
http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/sol-10-u11-ga-x86-dvd.iso
http://ftp.escuelaing.edu.co/pub/Unix/Solaris/10/sol-10-u11-ga-sparc-dvd.iso
https://ftp.deu.edu.tr/pub/Solaris/iso/Solaris-10,8_11/
https://wiki.qemu.org/Documentation/Platforms/SPARC
https://helpmanual.io/help/qemu-system-sparc/
https://chrispinnock.com/stuff/emulation/running-solaris-in-vms/
https://learn.adafruit.com/build-your-own-sparc-with-qemu-and-solaris
Solaris 10 Network Config

https://stackoverflow.com/questions/19665412/mouse-and-keyboard-not-working-in-qemu-emulator
https://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2

PALO ALTO VM on VirtualBox

Posted on December 28, 2022 by aitayemi

NOTE: for educational purposes only.
NOTE: this procedure places a Oracle Enterprise Linux system "behind" a Palo Alto NGFW (firewall) and registers the OEL system with the ULN (Unbreakable Linux Network). It is part of investigation into an issue noticed with OEL 8.x in combination with Palo Alto v10.1.x/10.2.x where once a certain profile is applied on the Palo Alto, the OEL system is no longer able to communicate with the ULN (initial registration fails for new systems, and retrieving packages via yum fails for already registered systems). In one scenario, editing the file /etc/sysconfig/rhn/up2date and setting the useNoSSLForPackages=1 (default is 0) appeared to resolve the issue.

NOTE: For some reason, the Palo Alto qcow2 image does not boot up completely by default in VirtualBox. It boots up to the PA-HDF login prompt instead of the PA VM login prompt. The PA-HDF prompt implies the system has not booted up completely.

-----------------------------------------------------

Setup Palo Alto VM on VirtualBox:  https://nfv.dev/blog/2022/03/how-to-run-a-palo-alto-vm-series-firewall-in-virtualbox/

1. Convert the qcow2 disk image o hyper-v VHDX, setup Hyoer-V on your Windows 10 host, create a VM with the PA disk in Hyper-V, launch the VM, login ( be patient as it takes a while to get the "PA VM" prompt. The initial "PA-HDF" should be ignored. You might need to press ENTER key a few times for the prompt to change). Shut down the Hyper-V VM ("request shutdown system" command in PA). Then convert the VHDX disk to VMDK/VDI. Now use the new VMDK/VDI disk to create a VirtualBox VM. 

2. Convert PA qcow2 disk to VHDX:
C:\PaloAlto1010>c:\qemu\qemu-img.exe convert -f qcow2 PA-VM-KVM-10.1.0.qcow2 -O vhdx PA-VM-1010.vhdx   (qemu makes a sparse copy of the disk which is not supported by Hyper-V which will complain that the file must not be sparse: https://www.mail-archive.com/qemu-discuss@nongnu.org/msg04963.html)

3. Make a non-sparse copy of the VHDX disk using "copy" command or even the Windows Explorer copy. 
C:\PaloAlto1010>copy PA-VM-1010.vhdx PA-VM-1010a.vhdx

4. Create Hyper-V VM from PA-VM-10102a.vhdx, power it on, login, change password if prompted, shutdown the VM

Note that since the PA VM boots up properly on Hyper-V, you can use Hyper-V instead of VirtualBox. 

5. Convert VHDX to VDI after shutting down the Hyper-V VM:
C:\PaloAlto1010>c:\qemu\qemu-img.exe convert PA-VM-10102a.vhdx -O vdi PA-VM-1010.vdi


NOTE: default PA credential is admin/admin (it takes some time after boot-up for the credentials to be accepted i.e., the true login prompt when the system is fully up should be something like "PA VM" but you may initially be presented with the "PA-HDF" prompt)

-----------------------------------------------------


INITIAL BASIC CONFIG OF PALO ALTO VM TO SERVE AS INTERNET GATEWAY:  https://rowelldionicio.com/setting-up-palo-alto-networks-firewall-first-time/

My test config (all on a Windows 10 host system):
- OEL8.6 VM (VBox) <-----> PA 10.1.0 VM (VBox) <------> Windows 10 laptop (Host) <------> Home Internet Router
- IMPORTANT: all 4x NICs on the PA VM was enabled in VBox. First NIC is mgmt, second NIC is Ethernet1/1, third NIC is Ethernet1/2
- First and second NIC are bridged to the WiFi adapter in Windows 10 host so they can get DHCP IPs from my home router
- Third NIC (Ethernet1/2) is connected to the default "Internal Network" named "intnet" in VBox
- The single NIC attached to the OEL8.6 VM is also connected to the default "Internal Network" named "intnet" in VBox so that it can communicate with the PA VM which will serve as the DHCP server and gateway for the OEL8.6 VM
- NOTE: the PA 10.1.0 did NOT come with the "rule1" ACL (mentioned in the referenced URL above)that allows traffic between trusted and untrusted zone. You NEED to create the ACL rule.
- NOTE: you need to add a "Static Route"  (default route) to the default "Virtual Router" that sends all traffic to the Internet Router IP. For example, I created a "Static Route" nanmed "Default Route" with Destination 0.0.0.0/0 ; Interface ethernet1/1 ; Next Hop "IP Address" 192.168.10.1 (the LAN IP address of my home internet router)
- NOTE: you can add a second NIC to the OEL8.6 VM in Vbox and attach the NIC to the "Host-Only Adapter". This allows you to connect via SSH from the Windows 10 host to the OEL 8.6 for troubleshooting purposes.


- Other NOTES:
- install the UEK kernel on the OEL 8.6 VM:
[root@oel86vb ~]# yum install -y kernel-uek.x86_64

------------------------------------------------------


References:
How to run a Palo Alto VM Series Firewall in VirtualBox

https://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/networking/palo_alto_config.html
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltrCAC
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/use-the-web-interface\
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloQCAS
https://www.wiresandwi.fi/blog/palo-alto-basic-setup
Oracle Linux: How to De-Register a System from ULN (Doc ID 2133228.1)


-------------------

Register a system with ULN:
[root@oel86 ~]# wget https://linux-update.oracle.com/rpms/uln_register_ol8.tgz
[root@oel86 ~]# wget https://linux-update.oracle.com/rpms/uln_register-gnome_ol8.tgz
[root@oel86 ~]# tar xf uln_register-gnome_ol8.tgz
[root@oel86 ~]# tar xf uln_register_ol8.tgz
[root@oel86 ~]# yum install -y *rpm
[root@oel86 ~]# uln_register
 - use uln_register command for the interactive option or ulnreg_ks for the CLI option. The profilename is optional. Without it, the entry in ULN for the system will be named the system's hostname e.g., # ulnreg_ks --profilename=OEL86vbox --username=<my-registered-uln-email> --password=<my-oracle-support-password> --csi=<my-oracle-support-csi-#>


De-register a system from ULN:
 - Login to the ULN registration page (http://linux.oracle.com ) and delete the registered system from ULN.  You must login as the user that registered the system with ULN.
      - Select the System tab  >  Select the system to be removed and select the Delete button
 - Remove the system registration information from the local system.  This can be done by removing the systemid file: # rm /etc/sysconfig/rhn/systemid
 - Setup  the public yum repository files in /etc/yum.repos.d/ .  Instructions for setting up public yum can be found at the following URL: http://yum.oracle.com/


---------------------------------

- Some commands:

- Get details of the IP received via DHCP over the bridge to the host WNIC from the home router
admin@PA-VM> show dhcp client mgmt-interface-state

- Assign same IP permanently:
configure
set deviceconfig system type static
set deviceconfig system ip-address 192.168.10.60 netmask 255.255.255.0 default-gateway 192.168.10.1
commit

- Enable HTTPS web mgmt on the mgmt interface:
set deviceconfig system service disable-https no
set deviceconfig system service disable-ssh no
set deviceconfig system service disable-icmp no
commit

- Retreive mgmt interface IP details:
admin@PA-VM> show interface management

- Graceful shutdown:
admin@PA-VM> request shutdown system

- Ping a host from the PA:
admin@PA-VM> ping host 8.8.8.8

---------------------------------

RUNNING AIX v7.2 VM ON QEMU HYPERVISOR ON AN UBUNTU HOST

Posted on December 16, 2022 by aitayemi

This procedure documents setting up the latest available QEMU on Ubuntu in order to run an AIX v7.2 VM.
Most of the steps are from http://aix4admins.blogspot.com/2020/04/qemu-aix-on-x86-qemu-quick-emulator-is.html?m=1

The host in this case is an AWS t3.xlarge compute instance running Ubuntu 22.04.1 LTS (Jammy Jellyfish)
I also attached a secondary EBS volume (55G) to the instance which I mounted on /wip and where I stored all the relevant files.


- Login to the Ubuntu host and install QEMU:

root@ip-172-31-23-252:~# apt update -y
root@ip-172-31-23-252:~# apt install -y gcc make ninja-build
root@ip-172-31-23-252:~# wget https://download.qemu.org/qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# tar xvf qemu-7.2.0.tar.xz
root@ip-172-31-23-252:~# cd qemu-7.2.0/
root@ip-172-31-23-252:~/qemu-7.2.0# apt install libglib2.0-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt-get install -y libpixman-1-dev
root@ip-172-31-23-252:~/qemu-7.2.0# apt install ncurses-dev
root@ip-172-31-23-252:~/qemu-7.2.0# ./configure
// ALTERNATIVELY - build only PPC64 support: # ./configure --target-list=ppc64-softmmu --enable-curses --disable-gtk && make
root@ip-172-31-23-252:~# make
root@ip-172-31-23-252:~# make install


- Partition the secondary volume and format the file system:

root@ip-172-31-23-252:~# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
loop0          7:0    0 24.4M  1 loop /snap/amazon-ssm-agent/6312
loop1          7:1    0 55.6M  1 loop /snap/core18/2632
loop2          7:2    0 63.2M  1 loop /snap/core20/1695
loop3          7:3    0  103M  1 loop /snap/lxd/23541
loop4          7:4    0 49.6M  1 loop /snap/snapd/17883
nvme0n1      259:0    0    8G  0 disk
├─nvme0n1p1  259:1    0  7.9G  0 part /
├─nvme0n1p14 259:2    0    4M  0 part
└─nvme0n1p15 259:3    0  106M  0 part /boot/efi
nvme1n1      259:4    0   55G  0 disk
root@ip-172-31-23-252:~#
root@ip-172-31-23-252:~# fdisk /dev/nvme1n1
root@ip-172-31-23-252:~# partprobe
root@ip-172-31-23-252:~# mkfs -t ext4  /dev/nvme1n1p1
root@ip-172-31-23-252:~# blkid
/dev/nvme0n1p1: LABEL="cloudimg-rootfs" UUID="687fab62-1ba5-4282-890e-9266064f7d27" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="895d8984-5441-4c70-b87c-a6b6ebb8c95e"
/dev/nvme0n1p15: LABEL_FATBOOT="UEFI" LABEL="UEFI" UUID="B2B4-82AC" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="0cf1c52c-98f5-48ae-8a07-fff782190e30"
/dev/loop0: TYPE="squashfs"
/dev/nvme1n1p1: UUID="a5051753-344e-43da-ba1f-cc785cab98b0" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="d816173f-01"
root@ip-172-31-23-252:~# vi /etc/fstab
root@ip-172-31-23-252:~# grep wip /etc/fstab
UUID="a5051753-344e-43da-ba1f-cc785cab98b0"  /wip  ext4  defaults 0 0
root@ip-172-31-23-252:~#
root@ip-172-31-23-252:~# mkdir /wip
root@ip-172-31-23-252:~# mount /wip


- Copy the AIX v7.2 ISO files to the Ubuntu instance. Please ensure you get it from a legal source.

root@ip-172-31-23-252:~# cd /wip
root@ip-172-31-23-252:/wip# mkdir AIX72ISOs
root@ip-172-31-23-252:/wip# cd AIX72ISOs/
root@ip-172-31-23-252:/wip/AIX72ISOs# scp -i ~/.ssh/wipalinux ubuntu@172.31.18.141:/wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso .


- Create a disk for the AIX VM:
root@ip-172-31-23-252:~# cd /wip/
root@ip-172-31-23-252:/wip# qemu-img create -f qcow2 hdisk0.qcow2 20G


- Install AIX (you can change install settings e.g., to include SSH client and server). The installation tool approx 110 mins 
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom /wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso -prom-env "boot-command=boot cdrom:"

   - NOTE: the VM will get stuck in a reboot loop at the end of installation. Use CTRL+C to terminate the VM
   
   
- Fix/solve the fsck64 issue to fix the reboot loop by booting the VM into maintenance mode:
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom /wip/AIX72ISOs/aix_7200-04-02-2027_1of2_072020.iso -prom-env "boot-command=boot cdrom:"
   - menu options to select:  1 to "define the System Console" > 1 for English > 3 for Maintenance mode > 1 to access root VG > 0 to continue > 1 to select VG/disk > 1 to "Access this Volume Group and start a shell"
  - NOTE: no keyboard BACKSPACE key, and don't use CTRL+C as that terminates the VM.

  # cd /sbin/helpers/jfs2
  # cp fsck64 fsck64.org

  - truncate the fsck64 exeutable binary file and replace content with shell script
  # > fsck64
  # cat > fsck64 << EOF
  #!/bin/ksh
  exit 0
  EOF
  #
  # cat fsck64
  #!/bin/ksh
  exit 0
  #

  - Alternative to the cat sequence above is to edit the fsck64 file after truncating it and add the 2 lines to the file:
  # > fsck64
  # export TERM=vt100
  # vi fsck64
  # cat fsck64
  #!/bin/ksh
  exit 0
  #


  - Shutdown the VM:
  #
  # sync; sync
  # halt


- Create a snapshot of the AIX O/S disk for backup purposes:
root@ip-172-31-23-252:/wip# qemu-img create -f qcow2 -b hdisk0.qcow2 -F qcow2 hdisk0.snap.qcow2 10G


- Boot the VM to AIX O/S 7.2 using the O/S disk, and accept license (I excluded cdrom since I no longer need it):
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:"
   - choose vt100 (type it and press ENTER) when prompted for terminal type
   - choose to accept the license (default is no, press TAB key to change it to yes) then ENTER to accept
   - Esc+0 (hold down ESC then press 0) to go back
   - accept the software maintenance terms/conditions
   - Esc+0 (hold down ESC then press 0) to go back
   - Set any of the additional settings as required (date/time; root password; etc)
   - Option "Tasks completed - Exit to Login"
   
   - Login as root on the console (prompt)
-----------------------------------------------
   
- Fix the RPM DB error:  https://bobcares.com/blog/rpm-db_runrecovery-errors/
# cd /opt/freeware
# tar -chvf `date +"%d%m%Y"`.rpm.packages.tar packages
# rm -f /opt/freeware/packages/__*
# /usr/bin/rpm --rebuilddb
# /usr/bin/rpm -qa

-----------------------------------------------
   
   
- Setup networking: https://kwakousys.wordpress.com/2020/09/06/run-aix-7-2-on-x86-with-qemu/
    - in this example, we assign IP address 10.0.2.16 to AIX and 10.0.2.20 to the bridge we defined on the Ubuntu host.

- Setup a bridge (br0) on the Ubuntu host:
    root@ip-172-31-23-252:/wip# apt-get install bridge-utils
    root@ip-172-31-23-252:/wip# mkdir -p /usr/local/etc/qemu
    root@ip-172-31-23-252:/wip# echo "allow br0" > /usr/local/etc/qemu/bridge.conf
	
    NOTE: you can put the following network-related commands a single script that you can just run as a single command
	
    root@ip-172-31-23-252:/wip# ip link add name br0 type bridge
    root@ip-172-31-23-252:/wip# ip link set dev br0 up
    root@ip-172-31-23-252:/wip# ip addr add 10.0.2.20/24 dev br0


- Setup the tap NIC for the AIX VM:
    root@ip-172-31-23-252:/wip# ip tuntap add tap0 mode tap
    root@ip-172-31-23-252:/wip# ip link set dev tap0 up
    root@ip-172-31-23-252:/wip# ip link set dev tap0 master br0

    NOTE: tap0 interface comes up when the VM is started


- Setup the Ubuntu host for routing (including Internet access from the AIX VM):
    root@ip-172-31-23-252:/wip# echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
    root@ip-172-31-23-252:/wip# ip route add 10.0.2.16 dev tap0
    root@ip-172-31-23-252:/wip# arp -Ds 10.0.2.16 eth0 pub
    root@ip-172-31-23-252:/wip# echo 1 > /proc/sys/net/ipv4/ip_forward
    root@ip-172-31-23-252:/wip# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    root@ip-172-31-23-252:/wip# iptables -I FORWARD 1 -i tap0 -j ACCEPT
    root@ip-172-31-23-252:/wip# iptables -I FORWARD 1 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT
        

- Start the AIX VM normally (assign a randomly selected MAC address to the VM's NIC):
root@ip-172-31-23-252:/wip# qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no


- Assign the IP address 10.0.2.16 to the en0 NIC in AIX  (use SMIT to make it permanent)
# chdev -l en0 -a netaddr=10.0.2.16 -a netmask=255.255.255.0 -a state=up

- Make the IP assignment permanent with SMIT (assign any IP on the same network as the gateway e.g., 10.0.2.254):
# smit tcpip > Min Config & Startup > en0 > (setup hostname/netmask/IP/nameserver & domain name & gateway e.g., aix7vm/10.0.2.16/255.255.255.0/8.8.8.8 & acme.com/10.0.2.254) > "START Now" = yes (TAB key to change it) then ENTER key to execute the change
   NOTE: the name server (e.g., Google's 8.8.8.8 DNS server) and a domain name MUST be provided if you decide to set the name server.


- Install BASH shell in AIX VM (bash is easier to use than the default Korn shell):

- increase /opt as the bash instal requires about 40MB space:
# chfs -a size=+60M /opt

# wget http://www.oss4aix.org/download/latest/aix71/libiconv-1.16-1.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/latest/aix71/bash-5.0-8.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/latest/aix71/gettext-0.19.8.1-1.aix5.1.ppc.rpm
# wget http://www.oss4aix.org/download/RPMS/gcc/libgcc-6.3.0-1.aix7.2.ppc.rpm
# rpm -ivh bash_5_0_8_aix5_1_ppc.rpm gettext_0_19_8_1_1_aix5_1_ppc.rpm libiconv_1_16_1_aix5_1_ppc.rpm libgcc_6_3_0_1_aix7_2_ppc.rpm

- In AIX, after installing bash, "authorize" AIX to allow bash shell to run:
# export TERM=vt100
   - Edit file /etc/security/login.cfg, append "/usr/bin/bash" (without the double quotes)  to the line containing "shells ="
   - Edit file /etc/shells, append this on a new line "/usr/bin/bash" (without the double quotes)
   

--------------- END OF PROCEDURE ---------------


- Extra step in order to access the AIX VM using SSH from outside the Ubuntu host (particularly useful if you are using the "--daemonize" headless option when starting the AIX VM):
Summary is to use iptables to redirect incoming attempts to connect to the Ubuntu instance on some alternate port (e.g., 2222/tcp) to port 22 on the AIX VM. Note that you also need to allow incoming traffic on this alternate port in your AWS/OCI/GCP VPC/subnet using the relevant security group rule.

root@ip-172-31-23-252:/wip# iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
root@ip-172-31-23-252:/wip# iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.2.16:22


You can then connect to the AIX with putty (Ubuntu IP address and port 2222) or using SSH with a command such as: ssh root@<ubuntu-ip> -p 2222


   
References:
http://aix4admins.blogspot.com/2020/04/qemu-aix-on-x86-qemu-quick-emulator-is.html?m=1
Run AIX 7.2 on x86 with QEMU
https://worthdoingbadly.com/aixqemu/
http://www.visidon.com/blog/2015/02/bash-on-aix-7-1/
RPM DB_RUNRECOVERY errors: How to resolve

http://www.oss4aix.org/download/latest/aix71/    - download RPMs for various packages
http://www.oss4aix.org/download/RPMS/gcc/
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/


- Some useful commands:
# qemu-system-ppc64  ...  -daemonize  (to run the VM in "headless" mode so access it using SSH). If you use this option, delete the "-serial stdio" from the command. QEMU starts the VM and gives a message such as "VNC server running on 127.0.0.1:5900" so you can use VNC to manage the VM as well.

root@ip-172-31-23-252:/wip# mount -o loop /wip/bash51-aix71.iso /iso
root@ip-172-31-23-252:/wip# ip link set dev br0 down
root@ip-172-31-23-252:/wip# ip link delete dev br0
root@ip-172-31-23-252:/wip# ip a
# mount -vcdrfs -oro /dev/cd0 /mnt

# entstat -d en0 | grep -i hard
Hardware Address: be:16:43:37:16:ec

#aix# chsh <username> /bin/bash

logout from session, after AIX shutdown is possible using "~~.", same as in HMC console

root@ip-172-31-23-252:/wip# apt install -y genisoimage
root@ip-172-31-23-252:/wip# mkisofs -max-iso9660-filenames -o bash50.iso ./bash50

- boot the AIX with the ISO image containing the bash rpm package;
qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0 -cdrom /wip/bash50.iso



- Some notes:
"make" of QEMU took about 85 mins on t3.xlarge when compiling all supported platforms, but under 10 mins when compiling for ppc64 support only)
ensure you have plenty of space for the compiler. qemu-7.2.0.tar.xz is 117M, extracted folder qemu-7.2.0 is 799M, compiled, the extracted folder goes to almost 6GB!
if you didn't include the ssh client/server during the installation, you will need to start the VM with the ISO image inserted in the CDROM so you can install them.


- Optionally disable some un-needed services to speed up the boot process:
     - edit file /etc/rc.tcpip and comment out # some services if not required e.g., sendmail, snmpd, hostmibd, snmpmibd, aixmibd
(look for lines similar to:  start /usr/sbin/aixmibd "$src_running")

     - to disable the NFSD server, edit file /etc/rc.nfs and comment out the line:  start biod /usr/sbin/biod
     - you may use the "stopsrc -s <service-name>" command to shut them down in the current session as well.


- Optionally disable additional services defined in the /etc/inittab file to make subsequent boot ups faster (using the following commands):
# rmitab rcnfs
# rmitab cron
# rmitab piobe
# rmitab qdaemon
# rmitab writesrv
# rmitab naudio2
# rmitab naudio
# rmitab aso
# rmitab clcomd
# chrctcp -S -d tftpd

- The networking setup, and AIX VM launch command scripts (execute the network script before the AIX VM launch script so that the VM will have network access):

root@ip-172-31-23-252:/wip# cat setup_networking_for_aix.sh
#!/usr/bin/bash

#- Setup the tap NIC for the AIX VM:
ip tuntap add tap0 mode tap
ip link set dev tap0 up

#NOTE: tap0 interface comes up when the VM is started:

#- Setup the host for routing (including Internet access from the AIX VM):
echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
ip route add 10.0.2.16 dev tap0
arp -Ds 10.0.2.16 eth0 pub
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD 1 -i tap0 -j ACCEPT
iptables -I FORWARD 1 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT

#- Setup port forwarding so that the AIX VM is accessible remotely:
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.2.16:22



root@ip-172-31-23-252:/wip# cat launch_aix72_vm.sh
#!/usr/bin/bash

/usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no --daemonize
#/usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no

- VNC connection to the AIX VM
When qemu is executed with the --daemonize option, it also creates a VNC session that you can connect to. By default the VNC session is started on only the loopback (127.0.0.1) interface. In the sample command below, it is started on the primary interface of the Ubuntu host with the IP 172.31.23.252. I can then use any VNC viewer such as tightvnc to connect to the VM's console using the Ubuntu hosts' public IP:
root@ip-172-31-23-252:/wip# /usr/local/bin/qemu-system-ppc64 -cpu POWER8 -machine pseries -m 4096 -drive file=/wip/hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -prom-env "boot-command=boot disk:" -net nic,macaddr=be:16:43:37:16:ec -net tap,script=no,ifname=tap0,downscript=no --daemonize -vnc 172.31.23.252:0

RUN ORACLE LINUX 8.X DOCKER CONTAINER ON WINDOWS 10 WITH WSL2

Posted on December 9, 2022 by aitayemi

The purpose of this guide is to run an Oracle Linux container on a Windows 10 system using Windows Subsystem for Linux v2.
(This may be an alternative to using a full-blown hypervisor type 2 such as Oracle VirtualBox or VMWare Player/Workstation.)

NOTE: Using container images from the official Oracle repository
NOTE: You will need to be running Windows 10 build 18917 or higher to use WSL 2. If you are on an earlier Windows 10 build, launch Windows Update Settings, you should be able to update it to the latest available version.
NOTE: there are docker images for 7/8/9 and slim versions of 7/8/9 (minimal environment with minimal number of packages) from the ghcr.io repository.

1. Prepare an Oracle Linux 8.x container and export it to a single TAR file using an existing Linux system as the work platform:

[root@wip]# yum install -y docker
[root@wip]# usermod -aG docker root
[root@wip]# newgrp docker
[root@wip]# id
uid=0(root) gid=992(docker) groups=992(docker),0(root)
[root@wip]#
[root@wip]# systemctl start docker.service
[root@wip]# systemctl enable docker.service

– Create the Dockerfile to use to build the container:
[root@wip]# vi Dockerfile
[root@wip]# cat Dockerfile
FROM ghcr.io/oracle/oraclelinux:8

CMD [“/bin/bash”]

– Build the docker container:
[root@wip]# docker build -t ghcr.io/oracle/oraclelinux:8 .
Sending build context to Docker daemon 23.04kB
Step 1/2 : FROM ghcr.io/oracle/oraclelinux:8
8: Pulling from oracle/oraclelinux
4c770e098606: Pull complete
Digest: sha256:07a995ecaf9db1ce613648a08facc162de69f26c39712f1acc93629c2e6c4e73
Status: Downloaded newer image for ghcr.io/oracle/oraclelinux:8
—> b0045ea7bbde
Step 2/2 : CMD [“/bin/bash”]
—> Running in 168cb6d08c9e
Removing intermediate container 168cb6d08c9e
—> 53be01d92e18
Successfully built 53be01d92e18
Successfully tagged ghcr.io/oracle/oraclelinux:8

– Test the container:
[root@wip]# docker run -it 53be01d92e18
[root@ec6e4b0f7c3b /]# cat /etc/oracle-release
Oracle Linux Server release 8.7
[root@ec6e4b0f7c3b /]# exit

– List all containers (note the container id ec6e4b0f7c3b associated with the image id 53be01d92e18 from the earlier build command output):

[root@wip]# docker ps -a
CONTAINER ID    IMAGE          COMMAND       CREATED              STATUS                         PORTS     NAMES
ec6e4b0f7c3b    53be01d92e18   "/bin/bash"   About a minute ago   Exited (0) 23 seconds ago                reverent_ellis

– Export the container into a single TAR file (222M size):
[root@wip]# docker export –output=”oellinux8.tar” aa565b335857

– Optionally zip the file (85MB zipped) to reduce the amount of data transferred when copying it to the Windows 10 system:
[root@wip]# gzip oellinux8.tar

– Transfer the container output TAR file to the Windows 10 system. In this case I will be using pscp to pull the file down into the Windows 10 system using a user other than root, so I copied the file to /tmp which is accessible to all users and changed the permission on the file so other users can read it:
[root@wip]# cp oellinux8.tar.gz /tmp/
[root@wip]# chmod 666 /tmp/oellinux8.tar.gz

2. SETUP WSL2 on Windows 10:
– Using elavated/admin powershell, run: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
– Using elavated/admin command or powershell, run: dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
– Reboot the Windows 10 system (WSL2 upgrade fails without a reboot after installing WSL)
– Upgrade WSL to WSL2 via the installer https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi

3. Pull down the container file to the local Windows 10 system with WSL2 installed:
C:\Users\user1> md wsl2\oellinux8
C:\Users\user1\wsl2\oellinux8>cd wsl2\oellinux8
C:\Users\user1\wsl2\oellinux8>pscp -i ….\Downloads\centos8.ppk ec2-user@my-linux-wip-server:/tmp/oellinux8.tar.gz .

4. Unzip the container file oellinux8.tar.gz (if you compressed the original TAR file):

5. Import the TAR file into WSL (syntax: wsl –import [DISTRO NAME] [STORAGE LOCATION] [FILE NAME]):
C:\Users\user1\wsl2\oellinux8>wsl –import oellinux8 “C:\Users\user1\wsl2\oellinux8” oellinux8.tar

NOTE: the import step extracts the TAR file into rootfs and temp directories:
C:\Users\user1\wsl2\oellinux8>dir
12/07/2022 11:47 PM 232,101,888 oellinux8.tar
12/07/2022 11:59 PM 84,593,746 oellinux8.tar.gz
12/08/2022 12:25 AM rootfs
12/08/2022 12:46 AM temp

6. Start the new WSL container (which ends at the running Linux prompt):
C:\Users\user1\wsl2\oellinux8> wsl -d oellinux8
[root@mywinpc wsl2]#

7. Execute some commands in the running container:
[root@mywinpc wsl2]# ping google.com
PING google.com (172.217.7.110) 56(84) bytes of data.
64 bytes from slc08s01-in-f14.1e100.net (172.217.7.110): icmp_seq=1 ttl=59 time=4.64 ms
64 bytes from slc08s01-in-f14.1e100.net (172.217.7.110): icmp_seq=2 ttl=59 time=5.59 ms
^C
— google.com ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.639/5.116/5.594/0.482 ms
[root@mywinpc wsl2]#
[root@mywinpc wsl2]# yum repolist
repo id repo name
ol8_appstream Oracle Linux 8 Application Stream (x86_64)
ol8_baseos_latest Oracle Linux 8 BaseOS Latest (x86_64)
[root@mywinpc user1]#
[root@mywinpc user1]# yum provides gdisk
Oracle Linux 8 BaseOS Latest (x86_64) 805 kB/s | 53 MB 01:07
Oracle Linux 8 Application Stream (x86_64) 926 kB/s | 42 MB 00:45
Last metadata expiration check: 0:00:14 ago on Thu 08 Dec 2022 12:29:18 AM MST.
gdisk-1.0.3-6.el8.x86_64 : An fdisk-like partitioning tool for GPT disks
Repo : ol8_baseos_latest
Matched from:
Provide : gdisk = 1.0.3-6.el8

gdisk-1.0.3-9.el8.x86_64 : An fdisk-like partitioning tool for GPT disks
Repo : ol8_baseos_latest
Matched from:
Provide : gdisk = 1.0.3-9.el8

gdisk-1.0.3-11.el8.x86_64 : An fdisk-like partitioning tool for GPT disks
Repo : ol8_baseos_latest
Matched from:
Provide : gdisk = 1.0.3-11.el8

[root@mywinpc user1]#

8. Optionally ENTER exit command to quit the running Linux container:
[root@mywinpc user1]# exit
C:\Users\user1\wsl2\oellinux8>

—————— END OF PROCEDURE ———————————

The following setup is to allow remote connectivity to the container

- Start a  temporary container (e.g., using the image id) to copy SSHD config files from it:
[root@ip-172-31-6-136 ~]# mkdir /oel8_etc_ssh
[root@ip-172-31-6-136 ~]# docker run --name wip -it -v /oel8_etc_ssh:/tmp/mpoint 18a22840eed9
[root@609b0ec071bb /]#
[root@609b0ec071bb /]# cp -a /etc/ssh /tmp/mpoint/
[root@609b0ec071bb /]# exit

- Delete the temporary container:
[root@ip-172-31-6-136 ~]# docker rm wip

- Start the "production" container with /oel8_etc_ssh/ssh on the host mounted to /etc/ssh in the container (running headless or detached mode with "-d"):
  NOTE: mapped port 2222/tcp on the host to the SSH port in the container. This is handy to access the container remotely from outside the host.
[root@ip-172-31-6-136 ~]# docker run --name oel87c -it -p 2222:22 -v /oel8_etc_ssh/ssh:/etc/ssh -d 18a22840eed9

- Attach to the console of the container:
[root@ip-172-31-6-136 ~]# docker attach d99789174764

- Create the ssh host keys (one-time task since they are stored persistently on the underlying host):
[root@d99789174764 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
[root@d99789174764 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@d99789174764 /]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''

- Create the system log file (otherwise SSHD will be unable to authenticate login attempts):
[root@d99789174764 /]# touch /var/log/messages

- Start SSHD service:
[root@d99789174764 /]# /usr/sbin/sshd &

- Add a user to the container to login remotely:
[root@d99789174764 /]# useradd user1
[root@d99789174764 /]# passwd user1

- Optionally install/configure visudo to allow "user1" switch to the root user:
[root@d99789174764 /]# yum install -y sudo
[root@d99789174764 /]# visudo
[root@d99789174764 /]# grep user1 /etc/sudoers
user1   ALL=(ALL)       NOPASSWD: ALL
[root@d99789174764 /]#

- Detach from the container and keep it running: Press Ctrl-P, followed by Ctrl-Q,
  NOTE: if you mistakenly typed exit in the container which causes it to stop, start it again with "docker start <container-id>" on the host

- It is now possible to access the container remotely from outside the host. SSH to the container using the hosts' IP address on port 2222/tcp e.g.
  From a Windows/Linux system (you can also use Putty): ssh user@<host-ip> -p 2222

------------------- END -------------------

- Sample command to retrieve the IP of the container from the underlying host. [root@ip-172-31-6-136 ~]# docker ps    (command to get the container id)
[root@ip-172-31-6-136 ~]# docker container inspect -f '{{ .NetworkSettings.IPAddress }}' d99789174764
172.17.0.2

- Note: mounting the whole /etc and /var/log to directories on the underlying host should help to "persist" all the relevant configuration of the container.

References:
https://learn.microsoft.com/en-us/windows/wsl/install-manual
https://www.sanner.io/posts/2022/03/create-a-custom-linux-setup-for-wsl2/
https://learn.microsoft.com/en-us/windows/wsl/use-custom-distro
https://www.sanner.io/posts/2022/03/create-a-custom-linux-setup-for-wsl2/
https://learn.microsoft.com/en-us/windows/wsl/install-manual
https://hub.docker.com/_/oraclelinux?tab=tags
https://github.com/oracle/container-images/pkgs/container/oraclelinux
https://yum.oracle.com/oracle-linux-isos.html
https://social.technet.microsoft.com/Forums/en-US/e655c45f-3a74-4acb-8df1-3607e4fe6b49/issue-with-installing-linux-subsystem?forum=winserverhyperv
https://community.oracle.com/mosc/discussion/3949381/yum-update-error-rhn-plugin-network-error-connection-reset-by-peer

Eulogy for Debo

Posted on October 15, 2022 by aitayemi

Good morning. I am Tunde, Debo’s cousin.

Thank you for your presence here physically or via zoom today. We gather to recognize this painful reality, to remember Debo’s joyful spirit, to reaffirm our beliefs, and to release Debo’s spirit into the arms of our Heavenly Father.

I pray that God comfort all of us at this time and in the days, weeks, months and years to come.

It is impossible to do justice to the person Debo was with mere words. Debo was the best of us. No mean bone in his body. Always bubbly and ready to go. Never a dull moment with him. He will party with people, and party by himself. He liked music and he is always playing some artist’s album or another. You can expect him to ask if you have heard some new track by one artist or another. I would tell him regularly, that if we could find a way to bottle that spark he had inside him for resale, we would be billionaires.

I looked briefly through the pictures in his Facebook profile, as well as the comments on the remembrance page put up by Bayo on the Internet, and the theme is similar – the pictures and comments describe a person that was caring, easy to talk to, and unforgettable. Ever the life of the party.

“Egbon e je ka jade” was his refrain on Fridays in particular. And while facing his own challenges he was concerned about how others were doing.

“Egbon, you can’t spend your birthday alone o. Where’s the party?”

“Egbon, you can’t be drinking instant coffee. You can get a cheap coffee maker at Walmart.” He took off, and arrived later with a coffee maker, coffee grounds, and paper filters. I knew he demonstrated similar care for all his friends and family. If he can assist or solve a problem, he was all action. Even if he can’t directly help, he’s already thinking of someone he can link you up with that may be able to help. Debo had contacts in every zip code.

Debo praised people and gave compliments sincerely. His admiration of friends and family and their achievements in their professional and personal lives was genuine. He spoke glowingly of people such as Akin, Dare, and Patrick to name a few.

Debo made friends everywhere. He saw the good in people, and believed in you even when you didn’t believe in yourself. You can’t help but like Debo. He gave you no choice in the matter. Family was important to him, and work colleagues and casual acquaintances became his lifelong friends. He worked hard and played hard. He was always present in the moment wherever he was and he made his presence known in a way that drew people to him.

He found his calling in supply chain management and logistics. He enjoyed his job and delivered results. SAP was his bread and butter. He had anecdotal stories from his vast work experience especially his days in BAT. Debo had very strong opinions on everything. He loved to debate politics.

Debo was not everything to everyone. Instead Debo was a few important things to everyone. He was loyal, he was dependable, he was caring, he was fun. Debo loved, and was and is loved.

He made an impact everywhere he went and on everyone he met. He spent about a month in Utah late 2019 early 2020. People that met him only a couple of times during that month still remember him to this day.

I feel I need to mention some names. I apologize because I know I am going to leave out names I should mention, so please forgive me. But looking at the faces here and some not present: Dare, Patrick, Akin, Leye, Jumai, Banqee, Bayo, Dapo, Victor, Tunji, Ben, Simi and Dami, Uduak, Lola, Femi, Damola, Tony, Samuel, Daplosyne, Michael, Laide, the Adegokes , the Odumosus, the Adelekes, the Itayemis, the list is endless. Everyone here and on zoom was important to him. Know that he held you all in a special place in his heart.

Edward J. Stieglitz said: “It is not the years in your life that count. It Is the life in your years”. Debo packed a lot of living into his 41 years. But he also had a lot more he wanted to do. We had plans. He had plans. He wanted to get married. He wanted kids. He wanted all that was possible by hardwork, and a little bit of luck. He wanted his own unique version of the American dream, a hybrid Nigerian-American dream because Nigeria was home as well, and because Debo was unique, Debo was in a category all his own. Debo was ever optimistic. He was a naturally happy person. Every time we reminisce about him, some new adventure we had comes into mind.

While we necessarily mourn his passing, I am sure he wants us to celebrate his life, and find as much happiness as possible in remembering those fun times we had with him.

Rest on Debo, Mr Debo, Debasco, Lafog, Lafogido, Adeborich, the prince. Till we meet again.

My faith is convenient

Posted on September 18, 2022 by aitayemi

I came out of the store. There’s a man in a wheelchair. I think he is quadriplegic. One arm is bandaged and he might have had a feeding tube as well (I am not sure). As I maneuver the small table unto the back seat of my car, he must have greeted me or so. He then asked for my name; and I asked for his too – Nate. He said he liked my car and asked for the year. He asks where I am from. I told him Nigeria. “How do you like the USA?” he asked. I said I liked it just fine. He said he thinks I am around his age (35). I laughed and told him my age (I am much older than him). He said I didn’t look it. I said my bones tell me otherwise. Even as I made that statement, I felt awkward. What are my aches and pains compared to his? I asked if he was waiting for someone to pick him up. He said his mum is still in the store. I bid him good day, and he returned the wishes.

I sat in my car and kept watching him. I had a strong urge to go back and pray with him. But I felt the weight of my unbelief, and my numerous sins. What point is it to pray with him if I cannot pray him to full health; if I cannot ask him to get up and pick up his wheelchair?

So I watched and despaired. His mum and possibly much younger brothers came out of the store. They got into a small van but didn’t leave immediately.

My faith is convenient. We can be tested by a lot of things and appear to still have total faith in God. But the worst trial above divorce; above heartbreak; above financial troubles and so on is a health crisis. If you haven’t undergone one, your faith hasn’t been tested. Whether it is you personally or someone close like a sibling, a parent, or a child.

It is easy to sing in church when one is healthy. To believe or think one believes. To be completely without doubt. To be like Nathaniel – an Israelite in whom there’s no guile (John 1:47).

Has my faith really been tested if I have not lived in some part of the world where your (religious) believe determines if you are a second or third class citizen? Where you live under a cloud of the possibility of violence to your person and all you hold dear without provocation at any moment?

It is when health challenges occur that a lot of people love the Lord with their whole might, body and soul or try their hardest to do so (the greatest commandment – one of two on which all the law and prophets rest – Matthew 22:37-40). But therein can lie disappointment beyond measure, for like king David what we fast and pray for – the miracle we want does not usually come to pass. So like him, we dust ourselves off, take a bath, oil our skin, eat and attempt to carry on as best as we can (2 Samuel 12:20). After all, the lord giveth and taketh (Job 1:21).

. . . .

And the more I thought about Nate in his wheelchair, the more I despaired. So I cried for my father; and for my brother; and for my cousin; and for Nate.

After a while I dried my tears and watched a young lady walk to her car. I thought to myself that since I am single, I was not doing anything wrong. But woe unto me, “for I have the desire to do what is good, but I cannot carry it out. For I do not do the good I want to do. Instead, I keep on doing the evil I do not want to do. And if I do what I do not want, it is no longer I who do it, but it is sin living in me that does it.” (Romans 7:18-20). Because as a man of flesh and blood, it wasn’t just admiration of God’s handiwork that crossed my mind.

Jesus did not do any “there’s someone here …” miracles. We let our pastors get away with being no better than “life coaches”.

Jesus said we will do his works (including miracles) and much more (John 14:12). So, since no one is doing all His works, it begs the question “when the Son of Man returns, will He find faith on earth? (Luke 18:8).

Jesus was always specific. He did not send his disciples to catch 100 fishes, and maybe by chance there will be a coin in one of them. Instead, he said to take the very first fish they (the disciples) caught and it will contain a coin with which they should pay the tax man (Matthew 17:27). And when He sent his disciples ahead to go prepare a place to eat the Passover, He was specific about exactly what they will see – “a certain man” (Matthew 26:18) not “there is a (random) man in that city …” Even on His triumphant entry into Jerusalem, he told them specifically where to get the young donkey (Mark 11:2). He didn’t use the get-out-of-jail-free card “there’s an ass somewhere in that village that’s never been ridden …” which is equivalent to the “there is someone here …” modern-day preachers are known for.

Pastors preach fervently about everything in the Bible, and claim (rightly) they are to be taken literally (except the obvious parables) – pay tithe; obey the commandments; fast; but when it comes to healing, they are quick to say it is God who heals but ignore the fact that people like Peter and John were flesh like us, and yet they were able to pray and heal (Acts 3:4-8). Even Paul says if anyone is sick/ill, he should call the elders of the church to pray over him and he will be healed (James 5:14). I have even heard some preachers claim miracles were needed in the early days of the church to help in propagating the gospels, which is why they (miracles) are no longer commonplace now. I am yet to see a bible verse that backs up that position (on miracles).

If God can send Elijah (the prophet) to a specific widow (Luke 4:26), God can tell you (the pastor/preacher/etc.) particular names or attributes that’s peculiar to the person the miracle is intended for in your church or service. Otherwise, we are no better than those who conduct séances – after all, going by probability, same as there’s likely for someone present at a séance (session) to have a dearly departed named John (for example), in a church there’s likely to be someone that’s barren or someone that’s in dire financial straits. So should we say it is lack of true spiritual gift or spiritual laziness to throw out the generic all-encompassing “there is someone here …” message?

God knows the number of hairs on our head (Luke 12:7) and not a bird drops out of the sky without His knowledge (Matthew 10:29). If He intends you to “deliver” a miracle to someone, He will be specific. He can tell you his/her name instead of having people guessing and hoping the “word” (miracle) is meant for them. If you are sure God is talking to you, then ask Him for specifics – so you can in turn say “Mr. XYZ, God said” or “the hunchback sitting 5 rows from the back of this hall, please step forward”. After all, if Elijah had turned up in Zarephath and announced God sent him to a widow without being specific, he would have either had a stampede on his hands, or alternatively, if not for their (widows) hunger/lack, they would likely have laughed him to scorn (1 King 17:9).

. . . .

The van has left. So I finally headed home too.

(12:21am 09/07/2022)

Roasting corn in an air fryer

Posted on September 5, 2022 by aitayemi

Place the corn cobs in the air fryer’s basket; use a cooking spray to lightly spray the cobs; fry at 330F for 30 minutes (total). Rotate the cobs after 15 minutes.

Analysis of an attempted Facebook Scam

Posted on May 6, 2022 by aitayemi

I have an “extra” iPhone that’s completely new, and still in its unopened original box.
I posted it for sale on the Facebook marketplace.
I soon got a request someone wanted to send me a message which I approved
The “lady” then engaged me as follows via FB messenger:

Friday last week:
Bonnie Monalisa: Hi. I’d like to purchase the Apple iPhone XS Max 64GB space gray$720

Monday this week:
Me: Hi. Ok. no shipping though. Would have to exchange it for cash or venmo at any convenient location in the neighborhood. I can go up as far as SLC or south as far as Provo if necessary.

Bonnie Monalisa: do you still have the purchase receipt and for how long have you had it ? I Hope it is in good condition and can I ask you why you selling it?
Bonnie Monalisa: What is your username and email

Today (Friday this week):
Me: Yeah. I should have it somewhere. Never opened it. I mistakenly purchased a second phone while waiting for another to arrive. itaba—-h@gmail.com

Bonnie Monalisa: Sending now
Bonnie Monalisa: Payment sent, let me know when you get it

Me: Ha ha. Payment sent to where?

Bonnie Monalisa: Here: itaba—-h@gmail.com

Me: got an email that you sent me money by Venmo, but no money in Venmo. If you are attempting to scam me, you have to try harder! 😅🤣

PS: I knew it was likely a scam once she said she sent me money. But I went ahead and checked my email (got an email) and Venmo before my final response above. From the screenshot, you can see she/he has seen my last message, but no reaction.

Her profile on IG (I guess since FB owns IG now, you don’t need an FB profile for the FB marketplace) has only 4x posts, all of them of 4x different women.
https://www.instagram.com/bonnie_barnes_/?fbclid=IwAR3WR14WUbJurkDprk24xD9mplmZ2DnKRIf2z9bXg7a0QrerqaLBd8Yi8c0

Look closely at the email which looks very official and is supposedly from Venmo:
– But the sender is venmo.pay@yandex.com
– It is addressed to @Reilyn-Miguel who supposedly received a Business payment of $720.00 (same amount I listed the iPhone for)
– The signature says “The Venmo Team”
– I called the listed number “+1 (702) 660-5409” and it showed up as a Las Vegas (Nevada) number even though the address in the email says “The Venmo Team” is based in Scottsdale, Arizona.
– the first time it connected, it appeared someone cut the call, so I tried again
– the second time I got the automated message “The party you are trying to reach is unavailable, please leave a message and someone will get back to you later.” (I didn’t bother to leave a message)
– By the way, Venmo’s contact page (obviously) lists a different number: +1 (855) 812-4430

Air-fried Plantain

Posted on January 9, 2022 by aitayemi

So let’s start with the fact that all the good stuff will kill you. But then, like Red Sonja said to Conan, “do you want to live forever?”. So you should limit your consumption of plantain. On top of that, the way I like it most is “fried”. And now, we know anything deep-fried is not good for you either. So I decided to explore the air-fried option. Air-frying works by circulating a little amount of oil around your food using hot air to do the frying. So it is much healthier – not sure whether it will taste as good though.

There are lots of recipes out there, and contrary to what I am always complaining about, I am dong exactly the same thing – “front-loading” this post with everything but the recipe – well, disclaimer, this is not primarily a recipe post – consider it an article about air-frying plantains.

So, I cut up the plantain, don’t make them too thick, otherwise they don’t cook through properly. I then put about 6 tablespoons of peanut oil in the container with the plantain (I would estimate I cut up about 6 to 8 ripe plantains). Shake the pot to get the oil to coat all the plantain pieces. You should consider a sprayer instead. I do have am olive oil sprayer that I use to coat cake pans, but I didn’t want to fry the plantain with Olive oil.

I then transferred a single layer of plantain pieces to the airfryer (I have a Ninja AirFryer AF101) on the metal grate that came with the unit. The problem is that after the airfrying is done, the plaintain pieces stuck to the metal grill. So I decided to use the flat plate that came with the unit instead of the grate. (pics below)

So, I ran one layer of plantains through the fryer at 330F for 15mins. Once I had gone through all the plantains. I mixed them all up and then put a double layer of them at a time back into the fryer and ran it at 315F for 10 mins.

I future, I would likely try the doubling the layer and running it through the fryer for 20 mins at 315F. mixing up all the runs, then running it through the fryer again at 315F for another 20mins.

The problem is that with the plate, only the top of the plantain pieces get browned, while I think with the grate, both sides would likely get browned in one run.

So I cut the plantains at 90 degrees (i.e., straight down). But traditionally, it is cut diagonally. I think that will give the pieces more surface area and allow them to stay properly on the grate. They might still stick to the grate, but because they would be larger, they should be easier to pry off the grate.

Air-Fried plantain

Ninja Air-Fryer AF101

Deep-fried plantain

Air-Fryer grates (had better luck with the plate on the right)

Fresh plantain from Ranchos (an Hispanic supermarket chain)

Oil Sprayers (the vegetable oil on the right is about $1.60 at WinCo supermarket)

Illumination

seek …

Author Archives: aitayemi