Mount an lvm logical volume from a qcow2 file

Mounting qcow2 files to host filesystem

Converting to raw and mounting

kpartx does not work very well with qcow2 files. You can convert the qcow2 file to a raw file:

oldfile=file.qcow2
newfile=file.raw
qemu-img convert "${oldfile}" "${newfile}"

You can now find the partitions and map them:

kpartx -av "${newfile}"
mount /dev/loop2p2 /mnt/foo

Modifying a virtual machine to use the new image file

You can modify a virtual machine definition to use this new file:

virsh dumpxml ${domain} > domain.xml
vi domain.xml # Lines “source file=/path/file.raw” and “driver name=qemu type=raw"
virsh create domain.xml

Mounting lvm logical volumes from the image file

Update lvm with the currently attached disks.

pvscan; lvscan; lvdisplay

Now you can mount /dev/mapper/cl_centos7–02a_root to a mount point.

References

Weblinks

  1. Converting qcow2 file to raw to make it work with kpartx https://www.certdepot.net/rhel7-access-virtual-machines-console/#comment-41448
  2. An alternate way to mount a qcow2 file http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html

Man pages

  1. virsh

Resize a live logical volume

Resizing a live logical volume

If you use lvm to abstract the filesystems away from the direct hardware, you might need to know how to add additional space without taking the filesystem offline. This post shows how you might do that.

Attach new disk

Save current state to a file for comparison.

ls -l /dev/{s,v}d* > ~/ls.dev.sd.before

Install additional disk to system (in hypervisor or attach to physical machine).
Scan with rescan-scsi-bus.sh (from sg3_utils package).
If that fails, try

find /sys/class/scsi_host/host*/scan | while read line; do echo "- - -" > $line; done
lsblk

Find the name of the new disk:

ls -l /dev/{s,v}d* > ~/ls.dev.sd.after
diff ~/ls.dev.sd.before ~/ls.dev.sd.after

The output should be the name of the new disk.

Create a new partition

How to do it in fdisk:

fdisk /dev/newdisk
n[enter]
p[enter]
1[enter]
[enter]
w[enter]

Add the partition to lvm and the logical volume

pvcreate /dev/newdisk1
vgextend vgname /dev/newdisk1
lvextend /dev/vgname/lvname /dev/newdisk1

Resize the filesystem

Filesystem type ext4 can be resized live:

resize2fs /dev/vgname/lvname

sshd_config match negate address

tl;dr

Match Address *,!192.168.1.0/24

Negating address in match statement in sshd_config

I was locking down my ssh server configuration on a host, so that it will not accept password auth from outside a certain IP address range.
I had to learn how to get the Match Address directive to work with a negation. To make it work, you need to insert a wildcard before you then state the exclusion.

Match Address *,!192.168.1.0/24

And then I added the directives for this matched IP address range.

   AuthenticationMethods publickey
   PubkeyAuthentication yes
   PasswordAuthentication no
   X11Forwarding no

References

Weblinks

  1. https://serverfault.com/questions/408284/how-can-the-address-condition-in-a-match-conditional-block-in-sshd-config-be-neg

Man pages

  1. sshd_config
  2. ssh_config

Send authenticated gmail from cli with mailx

Overview

I’ve shown how to send authenticated gmail from the command line before. That uses msmtp which takes some configuration.
This document shows how to use mailx itself to send authenticated gmail.

tl;dr

echo "this is the message" | mailx -s "Subject line here" \
-S smtp-use-starttls -S ssl-verify=ignore -S smtp-auth=login \
-S smtp=smtp://smtp.gmail.com:587 -S from="bgstack15@gmail.com(B Stack)" \
-S smtp-auth-user="bgstack15@gmail.com" \
-S smtp-auth-password="${SMTPPASSWORD}" -S ssl-verify=ignore \
-S nss-config-dir=/etc/pki/nssdb/ destination@example.com

Explanation

You need a certificate chain somewhere. You could also try nss-config-dir=~/.mozilla/firefox/xxxxxxxx.default.
If you use the whole command in the tl;dr section, you don’t need any config file. Of course, be aware that any parameter passed on the command line is visible to any other program running, so passing in the password like seen above is risky.
You can redirect standard in from a file if you wish, of course, or from a here-document.
For a dedicated configuration, and better password security, consider adding in to your ~/.mailrc file:

set smtp-use-starttls
set nss-config-dir=/etc/pki/nss/
set ssl-verify=ignore
set smtp=smtp://smtp.gmail.com:587
set smtp-auth=login
set smtp-auth-user=bgstack15@gmail.com
set smtp-auth-password=QWERTYUIOP
set from="bgstack15@gmail.com(B Stack)"

And then just use:

mailx -s "Subject line" destination@example.com

References

Weblinks

  1. https://bgstack15.wordpress.com/2017/04/03/send-authenticated-gmail-from-command-line/
  2. Inspiration for entire contents https://www.systutorials.com/1411/sending-email-from-mailx-command-in-linux-using-gmails-smtp/

Cinnamon on VNC on CentOS 7

Overview

This document describes how to install Cinnamon desktop environment on CentOS 7 for use in VNC. Basically, you can take a headless server and turn it into a virtual desktop controller.

Caveats

Limitations of this design prevent this from scaling up past so many users, so this would be best suited for home or small office use.
VNC uses no security. Consider alternatives or additions to this process when security is a consideration.

Installing Cinnamon for VNC

Installing the components

Install the vnc server.

yum install tigervnc-server tigervnc vnc

Install the desktop environment.

yum install cinnamon

Install any applications to be used.

yum install firefox gnome-terminal

Configuring the components

For each user that uses a virtual desktop on this host, you will need a separate systemd service, as well as a vnc password which is separate from the regular user password. Also set up the xstartup file for vnc.

tu=bgstack15
tn=1
sudo cp -p /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@\:${tn}.service
sed -r -i -e "s//${tu}/g;' /etc/systemd/system/vncserver@\:${tn}.service
systemctl enable vncserver@\:${tn}.service
firewall-cmd --permanent --add-port 59$( printf '%02i' "${tn}")/tcp
printf "For user ${tu} please provide new "
su - ${tu} -c vncpasswd
tf=~/.vnc/xstartup
test -f "${tf}" && \cp -p "${tf}" "${tf}.$( date "+%Y-%m-%dT%H%M%S" )"; touch "${tf}"; chmod 0755 "${tf}"
cat <<EOF > "${tf}"
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
exec /usr/bin/cinnamon-session
EOF
systemctl start vncserver@\:${tn}.service

Connecting to the desktop

On a client, run

vncviewer hostname:1