Mount an lvm logical volume from a qcow2 file

Mounting qcow2 files to host filesystem

Converting to raw and mounting

kpartx does not work very well with qcow2 files. You can convert the qcow2 file to a raw file:

oldfile=file.qcow2
newfile=file.raw
qemu-img convert "${oldfile}" "${newfile}"

You can now find the partitions and map them:

kpartx -av "${newfile}"
mount /dev/loop2p2 /mnt/foo

Modifying a virtual machine to use the new image file

You can modify a virtual machine definition to use this new file:

virsh dumpxml ${domain} > domain.xml
vi domain.xml # Lines “source file=/path/file.raw” and “driver name=qemu type=raw"
virsh create domain.xml

Mounting lvm logical volumes from the image file

Update lvm with the currently attached disks.

pvscan; lvscan; lvdisplay

Now you can mount /dev/mapper/cl_centos7–02a_root to a mount point.

References

Weblinks

  1. Converting qcow2 file to raw to make it work with kpartx https://www.certdepot.net/rhel7-access-virtual-machines-console/#comment-41448
  2. An alternate way to mount a qcow2 file http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html

Man pages

  1. virsh

Resize a live logical volume

Resizing a live logical volume

If you use lvm to abstract the filesystems away from the direct hardware, you might need to know how to add additional space without taking the filesystem offline. This post shows how you might do that.

Attach new disk

Save current state to a file for comparison.

ls -l /dev/{s,v}d* > ~/ls.dev.sd.before

Install additional disk to system (in hypervisor or attach to physical machine).
Scan with rescan-scsi-bus.sh (from sg3_utils package).
If that fails, try

find /sys/class/scsi_host/host*/scan | while read line; do echo "- - -" > $line; done
lsblk

Find the name of the new disk:

ls -l /dev/{s,v}d* > ~/ls.dev.sd.after
diff ~/ls.dev.sd.before ~/ls.dev.sd.after

The output should be the name of the new disk.

Create a new partition

How to do it in fdisk:

fdisk /dev/newdisk
n[enter]
p[enter]
1[enter]
[enter]
w[enter]

Add the partition to lvm and the logical volume

pvcreate /dev/newdisk1
vgextend vgname /dev/newdisk1
lvextend /dev/vgname/lvname /dev/newdisk1

Resize the filesystem

Filesystem type ext4 can be resized live:

resize2fs /dev/vgname/lvname

sshd_config match negate address

tl;dr

Match Address *,!192.168.1.0/24

Negating address in match statement in sshd_config

I was locking down my ssh server configuration on a host, so that it will not accept password auth from outside a certain IP address range.
I had to learn how to get the Match Address directive to work with a negation. To make it work, you need to insert a wildcard before you then state the exclusion.

Match Address *,!192.168.1.0/24

And then I added the directives for this matched IP address range.

   AuthenticationMethods publickey
   PubkeyAuthentication yes
   PasswordAuthentication no
   X11Forwarding no

References

Weblinks

  1. https://serverfault.com/questions/408284/how-can-the-address-condition-in-a-match-conditional-block-in-sshd-config-be-neg

Man pages

  1. sshd_config
  2. ssh_config

Send authenticated gmail from cli with mailx

Overview

I’ve shown how to send authenticated gmail from the command line before. That uses msmtp which takes some configuration.
This document shows how to use mailx itself to send authenticated gmail.

tl;dr

echo "this is the message" | mailx -s "Subject line here" \
-S smtp-use-starttls -S ssl-verify=ignore -S smtp-auth=login \
-S smtp=smtp://smtp.gmail.com:587 -S from="bgstack15@gmail.com(B Stack)" \
-S smtp-auth-user="bgstack15@gmail.com" \
-S smtp-auth-password="${SMTPPASSWORD}" -S ssl-verify=ignore \
-S nss-config-dir=/etc/pki/nssdb/ destination@example.com

Explanation

You need a certificate chain somewhere. You could also try nss-config-dir=~/.mozilla/firefox/xxxxxxxx.default.
If you use the whole command in the tl;dr section, you don’t need any config file. Of course, be aware that any parameter passed on the command line is visible to any other program running, so passing in the password like seen above is risky.
You can redirect standard in from a file if you wish, of course, or from a here-document.
For a dedicated configuration, and better password security, consider adding in to your ~/.mailrc file:

set smtp-use-starttls
set nss-config-dir=/etc/pki/nss/
set ssl-verify=ignore
set smtp=smtp://smtp.gmail.com:587
set smtp-auth=login
set smtp-auth-user=bgstack15@gmail.com
set smtp-auth-password=QWERTYUIOP
set from="bgstack15@gmail.com(B Stack)"

And then just use:

mailx -s "Subject line" destination@example.com

References

Weblinks

  1. https://bgstack15.wordpress.com/2017/04/03/send-authenticated-gmail-from-command-line/
  2. Inspiration for entire contents https://www.systutorials.com/1411/sending-email-from-mailx-command-in-linux-using-gmails-smtp/

Cinnamon on VNC on CentOS 7

Overview

This document describes how to install Cinnamon desktop environment on CentOS 7 for use in VNC. Basically, you can take a headless server and turn it into a virtual desktop controller.

Caveats

Limitations of this design prevent this from scaling up past so many users, so this would be best suited for home or small office use.
VNC uses no security. Consider alternatives or additions to this process when security is a consideration.

Installing Cinnamon for VNC

Installing the components

Install the vnc server.

yum install tigervnc-server tigervnc vnc

Install the desktop environment.

yum install cinnamon

Install any applications to be used.

yum install firefox gnome-terminal

Configuring the components

For each user that uses a virtual desktop on this host, you will need a separate systemd service, as well as a vnc password which is separate from the regular user password. Also set up the xstartup file for vnc.

tu=bgstack15
tn=1
sudo cp -p /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@\:${tn}.service
sed -r -i -e "s//${tu}/g;' /etc/systemd/system/vncserver@\:${tn}.service
systemctl enable vncserver@\:${tn}.service
firewall-cmd --permanent --add-port 59$( printf '%02i' "${tn}")/tcp
printf "For user ${tu} please provide new "
su - ${tu} -c vncpasswd
tf=~/.vnc/xstartup
test -f "${tf}" && \cp -p "${tf}" "${tf}.$( date "+%Y-%m-%dT%H%M%S" )"; touch "${tf}"; chmod 0755 "${tf}"
cat <<EOF > "${tf}"
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
exec /usr/bin/cinnamon-session
EOF
systemctl start vncserver@\:${tn}.service

Connecting to the desktop

On a client, run

vncviewer hostname:1

System selecting wrong time due to not UTC

The problem

I use kickstart files to configure my CentOS 7 virtual machines. One problem I discovered is that the vms can get the wrong time from the hwclock. I guess I haven’t mastered ntpd or chronyd. I can always just run ntpdate dns1.ipa.example.com but haven’t bothered to set up a cronjob/systemd unit for that.
Anyway, I finally discovered how to get the hwclock and system date to actually grab the time correctly from the host OS. If I don’t set the timezone correctly in the kickstart file with the –utc option:

timezone America/New_York --utc

I can go modify /etc/adjtime myself.
An incorrect file:

0.000000 1499048878 0.000000
1499048878
LOCAL

The correct file replaces the LOCAL with UTC, to tell the system that the hardware clock (hwclock) is showing the UTC time:

0.000000 1499048878 0.000000
1499048878
UTC

A reboot later, and now my vm has the correct time, so I have achieved my ultimate goal of gssapi auth.

References

Weblinks

  1. That such a file exists as /etc/adjtime https://eloquence.marxmeier.com/sdb/html/954237377.html
  2. https://bugzilla.redhat.com/show_bug.cgi?id=672194

Inject hostname into kickstart

The story

I have been learning how to automate my centos installations in my virtual environment. I’ve learned how to use the virsh command line to spin up a new vm the way I like, and to feed it a kickstart file. I also learned how to use kickstarts.

Set hostname automatically with a kickstart

In the main area of the kickstart file, include this line:

%include /tmp/network.ks

Include in your %pre section this section:

%pre
echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname renameme.ipa.example.com" > /tmp/network.ks
for x in $( cat /proc/cmdline );
do
   case $x in SERVERNAME*)
      eval $x
      echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}.ipa.example.com" > /tmp/network.ks
      ;;
   esac
done
%end

To paraphrase the post I’m duplicating for myself, you need the first echo redirection to the file in case there was no SERVERNAME= parameter given to the kernel.
When you boot, you need to include on the kernel command (usually the “linux” one), the value SERVERNAME=myhostname.

For my virsh command, that is:

vm=centos7-02a ; virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=rhel7.2 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/CentOS-7-x86_64-Minimal-1511.iso  --initrd-inject=/mnt/public/Public/centos7-ks.cfg --extra-args "ks=file:/centos7-ks.cfg SERVERNAME=${vm}" --debug --network type=direct,source=eno1

References

  1. Install system-config-kickstart on Fedora 25 http://bytefreaks.net/gnulinux/fedora-25-workaround-to-install-system-config-kickstart
    sudo dnf install
    https://kojipkgs.fedoraproject.org/packages/system-config-date/1.10.9/3.fc25/noarch/system-config-date-1.10.9-3.fc25.noarch.rpm python-kickstart system-config-kickstart;
  2. https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/

List available packages from one repository

For dnf

dnf list available --disablerepo=* --enablerepo=reponame

For dpkg (low-level package manager for apt)

ff() { for file in /etc/apt/sources.list.d/$1.list; do grep -iE "Package:" "/var/lib/apt/lists/$( cut -d' ' -f2 "${file}" | sed -r -e 'sX\/X_Xg;' -e 's/\<http.__//g;')Packages"; done; }
ff reponame

The story

For some reason it is harder to manage packages with apt: This is a main reason I don’t like to use it. I had to go write this crazy one-liner function to accomplish the same task that dnf provides with just two flags.
Also, the apt command here shows all the packages from that repository, regardless of its installed state. The dnf command will show only the ones available that are not already installed.

Cannot create items in Google Calendar

If you use Google Calendar in Firefox, you might be unable to add calendar items. It displays this error: “Oops, we couldn’t create this event, please try again in a few minutes.”

A workaround was discovered by a user on the Google Calendar Help Forum.

harpseal said:

I think I found an answer. Delete the google calendar specific cookies and reload. After I did this it lets me create events. YAY! Hope this works for others.

References

Weblinks

  1. https://productforums.google.com/d/msg/calendar/8513S6SqGBY/KiubCBSKBwAJ