From b97f41eb70442ca72ab4bbc7bf3682f0f7636705 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Thu, 30 Oct 2025 22:51:53 -0400 Subject: [PATCH] fedora updates and systemd renames --- active/os_fedora/fedora-server.md | 4 +- active/os_fedora/fedora-software.md | 2 +- .../software_freeipa}/freeipa.md | 109 +++++++-- active/software_packer/packer.md | 5 + .../{systemd_qemu => software_qemu}/qemu.md | 4 +- active/software_virsh/dual-stack-dhcp.xml | 11 + active/software_virsh/dual-stack-no-dhcp.xml | 7 + active/software_virsh/virsh.md | 222 +++++++++++++++--- 8 files changed, 303 insertions(+), 61 deletions(-) rename {retired/systemd_freeipa => active/software_freeipa}/freeipa.md (82%) create mode 100644 active/software_packer/packer.md rename active/{systemd_qemu => software_qemu}/qemu.md (94%) create mode 100644 active/software_virsh/dual-stack-dhcp.xml create mode 100644 active/software_virsh/dual-stack-no-dhcp.xml diff --git a/active/os_fedora/fedora-server.md b/active/os_fedora/fedora-server.md index 4063133..f3a9732 100644 --- a/active/os_fedora/fedora-server.md +++ b/active/os_fedora/fedora-server.md @@ -561,7 +561,7 @@ dnf upgrade --refresh reboot # Set the releasever to the version you want to upgrade to -dnf system-upgrade download --releasever=42 +dnf system-upgrade download --releasever=43 dnf system-upgrade reboot ``` @@ -666,6 +666,8 @@ mkfs.xfs /dev/mapper/vg0-docker--data ```bash nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64 +nmcli connection modify Wired\ connection\ 1 ipv6.ip6-privacy disabled +systemctl restart NetworkManager ``` ### Install and Enable Cockpit diff --git a/active/os_fedora/fedora-software.md b/active/os_fedora/fedora-software.md index 8192d86..49e7f14 100644 --- a/active/os_fedora/fedora-software.md +++ b/active/os_fedora/fedora-software.md @@ -603,7 +603,7 @@ flatpak install org.gnome.Evolution # Virtualization sudo dnf group install --with-optional virtualization -sudo systemctl start libvirtd +sudo systemctl enable --now libvirtd virtnetworkd.service ``` ## NVM diff --git a/retired/systemd_freeipa/freeipa.md b/active/software_freeipa/freeipa.md similarity index 82% rename from retired/systemd_freeipa/freeipa.md rename to active/software_freeipa/freeipa.md index 3e23f04..e1d8ad6 100644 --- a/retired/systemd_freeipa/freeipa.md +++ b/active/software_freeipa/freeipa.md @@ -4,6 +4,7 @@ - [Notes](#notes) - [Quickstart Debugging Setup](#quickstart-debugging-setup) - [Quickstart Production Setup](#quickstart-production-setup) + - [NFS](#nfs) - [Tips](#tips) - [Adding a user](#adding-a-user) - [Adding a Smart Card Certificate](#adding-a-smart-card-certificate) @@ -100,41 +101,99 @@ Now skip to [Get PIV Working](#piv) -- Set your hostname to your server's fqdn with `hostnamectl hostname freeipa.reeselink.com` -- Ensure you have a DNS entry pointing to your host -- Open ports: +1. Set your hostname to your server's fqdn with `hostnamectl hostname freeipa.reeselink.com` +2. If you want freeipa to manage your DNS, make sure you don't have a DNS address pointing to your domain +3. Open freeipa ports -```bash -firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent -firewall-cmd --reload -``` + ```bash + firewall-cmd --add-service=freeipa-4 + firewall-cmd --add-service=freeipa-4 --permanent + firewall-cmd --reload + ``` -- Set a permanet DNS resolver: `sudo echo "nameserver 1.1.1.1" > /etc/resolv.conf` -- Disable NetworkManager DNS management +4. Set a permanent DNS resolver -```bash -vim /etc/NetworkManager/NetworkManager.conf + ```bash + rm /etc/resolv.conf + echo "nameserver 1.1.1.1" > /etc/resolv.conf + ``` -[main] -dns=none -``` +5. Disable NetworkManager DNS management -Note, if installing for local use only, set /etc/hosts and reply "yes" to configure dns. + ```bash + vim /etc/NetworkManager/NetworkManager.conf -```bash -vim /etc/hosts + [main] + dns=none + ``` -192.168.122.100 freeipa.reeselink.com -``` - -- Restart NetworkManager: `systemctl restart NetworkManager` -- Ensure resolv.conf hasn't been repopulated: `cat /etc/resolv.conf` -- Install freeipa: `dnf install -y freeipa-server freeipa-server-dns` -- Install the server (mostly choose defaults and sane options): `ipa-server-install` -- Authenticate as admin: `kinit admin` +6. Reboot +7. Ensure resolv.conf hasn't been repopulated: `cat /etc/resolv.conf` +8. Install freeipa: `dnf install -y freeipa-server freeipa-server-dns` +9. Install the server (mostly choose defaults and sane options): `ipa-server-install` +10. Authenticate as admin: `kinit admin` Now skip to [Get PIV Working](#piv) +## NFS + + + +```bash +mkdir /exports +chmod 1777 /exports +mount --bind /srv /exports/srv +``` + +What this does is remounts /srv to /exports/srv. Effectively, this means that +/srv can be accessed directly, or via /exports/srv and changes in one location +reflect in the other. + +To make this persistent, add the mount command above to /etc/rc.d/rc.local or +some similar executed-at-boot script. + +Next, edit `/etc/sysconfig/nfs` and enable the SECURE_NFS option: + +```conf +SECURE_NFS="yes" +``` + +Then edit `/etc/exports`. The “/exports” entry has the “fsid=0” option, which +tells NFS that this is the “root” export. + +```fstab +/exports gss/krb5(rw,sync,fsid=0,insecure,no_subtree_check) + +/exports/srv gss/krb5(rw,sync,nohide,insecure,no_subtree_check) +``` + +Create the server principal for the NFS server and add it to the keytab file on +the server using kadmin (usually /etc/krb5.keytab): + +```bash +kadmin.local + +kadmin.local: addprinc -randkey nfs/nfsserver.domain.com +kadmin.local: ktadd -e des-cbc-crc:normal -k /etc/krb5.keytab nfs/nfsserver.domain.com +kadmin.local: quit +``` + +Edit `/etc/idmapd.conf` and make sure the Nobody-User and Nobody-Group options +are correct (i.e. on Red Hat Enterprise Linux and Fedora, use the “nfsnobody” +user and group, other distributions may just use “nobody”) + +```bash +systemctl restart nfs rpcidmapd +``` + +open TCP port 2049 for use with NFsv4 + +```bash +firewall-cmd --add-service=nfs +firewall-cmd --add-service=nfs --permanent +firewall-cmd --reload +``` + ## Tips ```bash diff --git a/active/software_packer/packer.md b/active/software_packer/packer.md new file mode 100644 index 0000000..73e49c9 --- /dev/null +++ b/active/software_packer/packer.md @@ -0,0 +1,5 @@ +# Packer + +## Qemu Builds + + \ No newline at end of file diff --git a/active/systemd_qemu/qemu.md b/active/software_qemu/qemu.md similarity index 94% rename from active/systemd_qemu/qemu.md rename to active/software_qemu/qemu.md index 19e47fd..7a0f987 100644 --- a/active/systemd_qemu/qemu.md +++ b/active/software_qemu/qemu.md @@ -2,7 +2,7 @@ - [QEMU](#qemu) - [QCOW2](#qcow2) - - [Restore qcow snapshots](#restore-qcow-snapshots) + - [QCOW2 Snapshots](#qcow2-snapshots) - [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive) - [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow) - [ISO](#iso) @@ -17,7 +17,7 @@ VDI (VirtualBox) vdi VHD (Hyper-V) vpc VMDK (VMware) vmdk -### Restore qcow snapshots +### QCOW2 Snapshots ```bash # Create a snapshot diff --git a/active/software_virsh/dual-stack-dhcp.xml b/active/software_virsh/dual-stack-dhcp.xml new file mode 100644 index 0000000..9a78211 --- /dev/null +++ b/active/software_virsh/dual-stack-dhcp.xml @@ -0,0 +1,11 @@ + + dual-stack + + + + + + + + + diff --git a/active/software_virsh/dual-stack-no-dhcp.xml b/active/software_virsh/dual-stack-no-dhcp.xml new file mode 100644 index 0000000..76c4311 --- /dev/null +++ b/active/software_virsh/dual-stack-no-dhcp.xml @@ -0,0 +1,7 @@ + + dual-stack-no-dhcp + + + + + diff --git a/active/software_virsh/virsh.md b/active/software_virsh/virsh.md index 0fba5b6..7ab3f90 100644 --- a/active/software_virsh/virsh.md +++ b/active/software_virsh/virsh.md @@ -2,6 +2,19 @@ Virtual Machine Management +- [Virsh](#virsh) + - [Before you Begin](#before-you-begin) + - [Useful Virsh Commands](#useful-virsh-commands) + - [Virsh Networking](#virsh-networking) + - [Create a Virtual Network](#create-a-virtual-network) + - [Attach a New Virtual Network](#attach-a-new-virtual-network) + - [Set a Static IP](#set-a-static-ip) + - [Creating VMs](#creating-vms) + - [Create VM with No Graphics and use an Existing QCOW2 Disk](#create-vm-with-no-graphics-and-use-an-existing-qcow2-disk) + - [Create VM with Graphics using an ISO Installation Disk](#create-vm-with-graphics-using-an-iso-installation-disk) + - [Create VM using Host Device as Disk](#create-vm-using-host-device-as-disk) + - [Snapshots](#snapshots) + ## Before you Begin 1. Add yourself to the `qemu` and `libvirt` groups: `usermod -aG libvirt,qemu ducoterra` @@ -10,8 +23,9 @@ Virtual Machine Management 4. Allow group write access to images: `chmod 770 /var/lib/libvirt/images` 5. Allow group write access to iso: `chmod 770 /var/lib/libvirt/iso` 6. Tell virsh to connect to your root system rather than your user: `export LIBVIRT_DEFAULT_URI='qemu:///system'` +7. Export your editor so virsh knows what to use: `export EDITOR=vim` -## VM Details +## Useful Virsh Commands ```bash # Show node info @@ -22,37 +36,6 @@ osinfo-query os # List all current machines virsh list --all -``` - -## Creating VMs - -If you have [an osbuild -image](/active/software_osbuild/image_builder.md#installing) you can run - -```bash -sudo systemctl start osbuild-composer.socket -composer-cli compose list -composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-test.qcow2 image-uuid -``` - -now to have a qcow2 available during install. - -```bash -# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`) -# `--import` skips the installation process. -# `--graphics spice --video qxl --channel spicevmc` installs graphics -# `--console pty,target.type=virtio` adds a console connection -# For any command, use `virt-install --arg=?` to see all available options -virt-install \ ---name fedora42-test \ ---description "Test VM with Fedora42" \ ---cpu host-model --vcpus sockets=1,cores=8,threads=2 \ ---ram=8192 \ ---os-variant=fedora41 \ ---import --disk path=/var/lib/libvirt/images/fedora-42-test.qcow2,bus=virtio \ ---network bridge:virbr0 \ ---graphics none \ ---console pty,target.type=virtio # Connect to console VM virsh console fedora42-test @@ -78,3 +61,178 @@ virsh undefine # Remove a VM including storage virsh undefine --remove-all-storage ``` + +## Virsh Networking + +### Create a Virtual Network + +Creating a new network will require an XML configuration file. To see the +default network's configuration, use + +```bash +virsh net-dumpxml default > virbr0.xml +``` + +To create a dual-stack network, use the following. (Note, I generated a unique +local ipv6 address [here](https://www.unique-local-ipv6.com/)). + +```xml + + dual-stack + + + + + + + + + +``` + +I've already defined this network in `active/software_virsh/dual-stack-dhcp.xml`. Install it with + +```bash +# Define and autostart the network +virsh net-define active/software_virsh/dual-stack-dhcp.xml +virsh net-start dual-stack-dhcp +virsh net-autostart dual-stack-dhcp + +# List networks to ensure it created +virsh net-list --all + +# Get the UUID of the created network +virsh net-uuid dual-stack-dhcp +``` + +### Attach a New Virtual Network + +```bash +export VM_NAME=my_vm +virsh attach-interface \ +--type bridge \ +--source virbr1 \ +--model virtio \ +--config \ +--live \ +--domain ${VM_NAME} +``` + +### Set a Static IP + +To set a static IP, run `virsh net-edit default` and add the following between `` and `` + +```xml + +``` + +Then run + +```bash +# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`) +# `--import` skips the installation process. +# `--graphics spice --video qxl --channel spicevmc` installs graphics +# `--console pty,target.type=virtio` adds a console connection +# For any command, use `virt-install --arg=?` to see all available options +virsh net-destroy default +virsh net-start default +virsh shutdown virtual_machine +systemctl restart libvirtd +virsh start virtual_machine +``` + +## Creating VMs + +If you have [an osbuild +image](/active/software_osbuild/image_builder.md#installing) you can run the +following to generate a qcow2 disk image. Then you can [create a VM with an +existing qcow2 +disk](#create-vm-with-no-graphics-and-use-an-existing-qcow2-disk) and skip the +installation process altogether. + +```bash +sudo systemctl start osbuild-composer.socket +composer-cli compose list +composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-test.qcow2 image-uuid +``` + +### Create VM with No Graphics and use an Existing QCOW2 Disk + +```bash +# Start the default network if it isn't already +virsh net-start --network default + +# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`) +# `--import` skips the installation process. +# `--graphics spice --video qxl --channel spicevmc` installs graphics +# `--console pty,target.type=virtio` adds a console connection +# For any command, use `virt-install --arg=?` to see all available options +export VM_NAME="fedora42-test" +export VM_DESCRIPTION="Test VM with Fedora42" +export VM_DISK_PATH="/var/lib/libvirt/images/fedora-42-test.qcow2" +virt-install \ +--name "${VM_NAME}" \ +--description "${DESCRIPTION}" \ +--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \ +--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \ +--ram=8192 \ +--os-variant=fedora41 \ +--network bridge:virbr0 \ +--graphics none \ +--console pty,target.type=virtio \ +--import --disk "path=${VM_DISK_PATH},bus=virtio" +``` + +### Create VM with Graphics using an ISO Installation Disk + +```bash +# `--cdrom /path/to/image.iso` supplies a disk installer. (Remove `--import`) +# `--import` skips the installation process. +# `--graphics spice --video qxl --channel spicevmc` installs graphics +# `--console pty,target.type=virtio` adds a console connection +# For any command, use `virt-install --arg=?` to see all available options +export VM_NAME="fedora43-kinoite-test" +export VM_DESCRIPTION="Test VM with Fedora43 Kinoite" +export VM_DISK_PATH="/var/lib/libvirt/images/fedora-43-kinoite.qcow2" +export VM_ISO_PATH="/var/lib/libvirt/iso/Fedora-Kinoite-ostree-x86_64-43-1.6.iso" +virt-install \ +--name "${VM_NAME}" \ +--description "${DESCRIPTION}" \ +--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \ +--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \ +--ram=8192 \ +--os-variant=fedora41 \ +--network bridge:virbr0 \ +--graphics spice --video qxl --channel spicevmc \ +--cdrom ${VM_ISO_PATH} \ +--disk "path=${VM_DISK_PATH},size=64,bus=virtio,format=qcow2" +``` + +### Create VM using Host Device as Disk + +```bash +# `--cdrom /path/to/image.iso` supplies a disk installer. (Remove `--import`) +# `--import` skips the installation process. +# `--graphics spice --video qxl --channel spicevmc` installs graphics +# `--console pty,target.type=virtio` adds a console connection +# `--hostdev 0x1234:0x5678` adds a block storage device +# For any command, use `virt-install --arg=?` to see all available options +export VM_NAME="usb-linux" +export VM_DESCRIPTION="Linux running 0x13fe:0x6500 as the boot drive" +virt-install \ +--name "${VM_NAME}" \ +--description "${DESCRIPTION}" \ +--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \ +--import \ +--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \ +--ram=8192 \ +--os-variant=fedora41 \ +--network bridge:virbr0 \ +--graphics spice --video qxl --channel spicevmc \ +--hostdev 0x13fe:0x6500,boot.order=1 \ +--disk none +``` + +## Snapshots + +See [qemu qcow2 snapshots](/active/software_qemu/qemu.md#qcow2-snapshots)