Mount an lvm logical volume from a qcow2 file

Mounting qcow2 files to host filesystem

Converting to raw and mounting

kpartx does not work very well with qcow2 files. You can convert the qcow2 file to a raw file:

qemu-img convert "${oldfile}" "${newfile}"

You can now find the partitions and map them:

kpartx -av "${newfile}"
mount /dev/loop2p2 /mnt/foo

Modifying a virtual machine to use the new image file

You can modify a virtual machine definition to use this new file:

virsh dumpxml ${domain} > domain.xml
vi domain.xml # Lines “source file=/path/file.raw” and “driver name=qemu type=raw"
virsh create domain.xml

Mounting lvm logical volumes from the image file

Update lvm with the currently attached disks.

pvscan; lvscan; lvdisplay

Now you can mount /dev/mapper/cl_centos7–02a_root to a mount point.



  1. Converting qcow2 file to raw to make it work with kpartx
  2. An alternate way to mount a qcow2 file

Man pages

  1. virsh

Resize a live logical volume

Resizing a live logical volume

If you use lvm to abstract the filesystems away from the direct hardware, you might need to know how to add additional space without taking the filesystem offline. This post shows how you might do that.

Attach new disk

Save current state to a file for comparison.

ls -l /dev/{s,v}d* > ~/

Install additional disk to system (in hypervisor or attach to physical machine).
Scan with (from sg3_utils package).
If that fails, try

find /sys/class/scsi_host/host*/scan | while read line; do echo "- - -" > $line; done

Find the name of the new disk:

ls -l /dev/{s,v}d* > ~/
diff ~/ ~/

The output should be the name of the new disk.

Create a new partition

How to do it in fdisk:

fdisk /dev/newdisk

Add the partition to lvm and the logical volume

pvcreate /dev/newdisk1
vgextend vgname /dev/newdisk1
lvextend /dev/vgname/lvname /dev/newdisk1

Resize the filesystem

Filesystem type ext4 can be resized live:

resize2fs /dev/vgname/lvname

sshd_config match negate address


Match Address *,!

Negating address in match statement in sshd_config

I was locking down my ssh server configuration on a host, so that it will not accept password auth from outside a certain IP address range.
I had to learn how to get the Match Address directive to work with a negation. To make it work, you need to insert a wildcard before you then state the exclusion.

Match Address *,!

And then I added the directives for this matched IP address range.

   AuthenticationMethods publickey
   PubkeyAuthentication yes
   PasswordAuthentication no
   X11Forwarding no




Man pages

  1. sshd_config
  2. ssh_config

Send authenticated gmail from cli with mailx


I’ve shown how to send authenticated gmail from the command line before. That uses msmtp which takes some configuration.
This document shows how to use mailx itself to send authenticated gmail.


echo "this is the message" | mailx -s "Subject line here" \
-S smtp-use-starttls -S ssl-verify=ignore -S smtp-auth=login \
-S smtp=smtp:// -S from=" Stack)" \
-S smtp-auth-user="" \
-S smtp-auth-password="${SMTPPASSWORD}" -S ssl-verify=ignore \
-S nss-config-dir=/etc/pki/nssdb/


You need a certificate chain somewhere. You could also try nss-config-dir=~/.mozilla/firefox/xxxxxxxx.default.
If you use the whole command in the tl;dr section, you don’t need any config file. Of course, be aware that any parameter passed on the command line is visible to any other program running, so passing in the password like seen above is risky.
You can redirect standard in from a file if you wish, of course, or from a here-document.
For a dedicated configuration, and better password security, consider adding in to your ~/.mailrc file:

set smtp-use-starttls
set nss-config-dir=/etc/pki/nss/
set ssl-verify=ignore
set smtp=smtp://
set smtp-auth=login
set smtp-auth-password=QWERTYUIOP
set from=" Stack)"

And then just use:

mailx -s "Subject line"



  2. Inspiration for entire contents

Cinnamon on VNC on CentOS 7


This document describes how to install Cinnamon desktop environment on CentOS 7 for use in VNC. Basically, you can take a headless server and turn it into a virtual desktop controller.


Limitations of this design prevent this from scaling up past so many users, so this would be best suited for home or small office use.
VNC uses no security. Consider alternatives or additions to this process when security is a consideration.

Installing Cinnamon for VNC

Installing the components

Install the vnc server.

yum install tigervnc-server tigervnc vnc

Install the desktop environment.

yum install cinnamon

Install any applications to be used.

yum install firefox gnome-terminal

Configuring the components

For each user that uses a virtual desktop on this host, you will need a separate systemd service, as well as a vnc password which is separate from the regular user password. Also set up the xstartup file for vnc.

sudo cp -p /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@\:${tn}.service
sed -r -i -e "s//${tu}/g;' /etc/systemd/system/vncserver@\:${tn}.service
systemctl enable vncserver@\:${tn}.service
firewall-cmd --permanent --add-port 59$( printf '%02i' "${tn}")/tcp
printf "For user ${tu} please provide new "
su - ${tu} -c vncpasswd
test -f "${tf}" && \cp -p "${tf}" "${tf}.$( date "+%Y-%m-%dT%H%M%S" )"; touch "${tf}"; chmod 0755 "${tf}"
cat <<EOF > "${tf}"
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
exec /usr/bin/cinnamon-session
systemctl start vncserver@\:${tn}.service

Connecting to the desktop

On a client, run

vncviewer hostname:1

System selecting wrong time due to not UTC

The problem

I use kickstart files to configure my CentOS 7 virtual machines. One problem I discovered is that the vms can get the wrong time from the hwclock. I guess I haven’t mastered ntpd or chronyd. I can always just run ntpdate but haven’t bothered to set up a cronjob/systemd unit for that.
Anyway, I finally discovered how to get the hwclock and system date to actually grab the time correctly from the host OS. If I don’t set the timezone correctly in the kickstart file with the –utc option:

timezone America/New_York --utc

I can go modify /etc/adjtime myself.
An incorrect file:

0.000000 1499048878 0.000000

The correct file replaces the LOCAL with UTC, to tell the system that the hardware clock (hwclock) is showing the UTC time:

0.000000 1499048878 0.000000

A reboot later, and now my vm has the correct time, so I have achieved my ultimate goal of gssapi auth.



  1. That such a file exists as /etc/adjtime

Inject hostname into kickstart

The story

I have been learning how to automate my centos installations in my virtual environment. I’ve learned how to use the virsh command line to spin up a new vm the way I like, and to feed it a kickstart file. I also learned how to use kickstarts.

Set hostname automatically with a kickstart

In the main area of the kickstart file, include this line:

%include /tmp/network.ks

Include in your %pre section this section:

echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname" > /tmp/network.ks
for x in $( cat /proc/cmdline );
   case $x in SERVERNAME*)
      eval $x
      echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}" > /tmp/network.ks

To paraphrase the post I’m duplicating for myself, you need the first echo redirection to the file in case there was no SERVERNAME= parameter given to the kernel.
When you boot, you need to include on the kernel command (usually the “linux” one), the value SERVERNAME=myhostname.

For my virsh command, that is:

vm=centos7-02a ; virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=rhel7.2 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/CentOS-7-x86_64-Minimal-1511.iso  --initrd-inject=/mnt/public/Public/centos7-ks.cfg --extra-args "ks=file:/centos7-ks.cfg SERVERNAME=${vm}" --debug --network type=direct,source=eno1


  1. Install system-config-kickstart on Fedora 25
    sudo dnf install python-kickstart system-config-kickstart;

List available packages from one repository

For dnf

dnf list available --disablerepo=* --enablerepo=reponame

For dpkg (low-level package manager for apt)

ff() { for file in /etc/apt/sources.list.d/$1.list; do grep -iE "Package:" "/var/lib/apt/lists/$( cut -d' ' -f2 "${file}" | sed -r -e 'sX\/X_Xg;' -e 's/\<http.__//g;')Packages"; done; }
ff reponame

The story

For some reason it is harder to manage packages with apt: This is a main reason I don’t like to use it. I had to go write this crazy one-liner function to accomplish the same task that dnf provides with just two flags.
Also, the apt command here shows all the packages from that repository, regardless of its installed state. The dnf command will show only the ones available that are not already installed.

Cannot create items in Google Calendar

If you use Google Calendar in Firefox, you might be unable to add calendar items. It displays this error: “Oops, we couldn’t create this event, please try again in a few minutes.”

A workaround was discovered by a user on the Google Calendar Help Forum.

harpseal said:

I think I found an answer. Delete the google calendar specific cookies and reload. After I did this it lets me create events. YAY! Hope this works for others.