services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

fedora updates and systemd renames
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 58s
Details

Browse Source
This commit is contained in:
Reese Wells
2025-10-30 22:51:53 -04:00
parent 6df02e8dff
commit b97f41eb70
8 changed files with 303 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
active/os_fedora/fedora-server.md
View File

@@ -561,7 +561,7 @@ dnf upgrade --refresh
reboot reboot
# Set the releasever to the version you want to upgrade to # Set the releasever to the version you want to upgrade to
dnf system-upgrade download --releasever=42 dnf system-upgrade download --releasever=43
dnf system-upgrade reboot dnf system-upgrade reboot
``` ```
@@ -666,6 +666,8 @@ mkfs.xfs /dev/mapper/vg0-docker--data
```bash ```bash
nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64 nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64
nmcli connection modify Wired\ connection\ 1 ipv6.ip6-privacy disabled
systemctl restart NetworkManager
``` ```
### Install and Enable Cockpit ### Install and Enable Cockpit

2
active/os_fedora/fedora-software.md
View File

@@ -603,7 +603,7 @@ flatpak install org.gnome.Evolution
# Virtualization # Virtualization
sudo dnf group install --with-optional virtualization sudo dnf group install --with-optional virtualization
sudo systemctl start libvirtd sudo systemctl enable --now libvirtd virtnetworkd.service
``` ```
## NVM ## NVM

97
retired/systemd_freeipa/freeipa.md → active/software_freeipa/freeipa.md
View File

@@ -4,6 +4,7 @@
- [Notes](#notes) - [Notes](#notes)
- [Quickstart Debugging Setup](#quickstart-debugging-setup) - [Quickstart Debugging Setup](#quickstart-debugging-setup)
- [Quickstart Production Setup](#quickstart-production-setup) - [Quickstart Production Setup](#quickstart-production-setup)
- [NFS](#nfs)
- [Tips](#tips) - [Tips](#tips)
- [Adding a user](#adding-a-user) - [Adding a user](#adding-a-user)
- [Adding a Smart Card Certificate](#adding-a-smart-card-certificate) - [Adding a Smart Card Certificate](#adding-a-smart-card-certificate)
@@ -100,17 +101,24 @@ Now skip to [Get PIV Working](#piv)
<https://www.freeipa.org/page/Quick_Start_Guide> <https://www.freeipa.org/page/Quick_Start_Guide>
- Set your hostname to your server's fqdn with `hostnamectl hostname freeipa.reeselink.com` 1. Set your hostname to your server's fqdn with `hostnamectl hostname freeipa.reeselink.com`
- Ensure you have a DNS entry pointing to your host 2. If you want freeipa to manage your DNS, make sure you don't have a DNS address pointing to your domain
- Open ports: 3. Open freeipa ports
```bash ```bash
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent firewall-cmd --add-service=freeipa-4
firewall-cmd --add-service=freeipa-4 --permanent
firewall-cmd --reload firewall-cmd --reload
``` ```
- Set a permanet DNS resolver: `sudo echo "nameserver 1.1.1.1" > /etc/resolv.conf` 4. Set a permanent DNS resolver
- Disable NetworkManager DNS management
```bash
rm /etc/resolv.conf
echo "nameserver 1.1.1.1" > /etc/resolv.conf
```
5. Disable NetworkManager DNS management
```bash ```bash
vim /etc/NetworkManager/NetworkManager.conf vim /etc/NetworkManager/NetworkManager.conf
@@ -119,22 +127,73 @@ vim /etc/NetworkManager/NetworkManager.conf
dns=none dns=none
``` ```
Note, if installing for local use only, set /etc/hosts and reply "yes" to configure dns. 6. Reboot
7. Ensure resolv.conf hasn't been repopulated: `cat /etc/resolv.conf`
```bash 8. Install freeipa: `dnf install -y freeipa-server freeipa-server-dns`
vim /etc/hosts 9. Install the server (mostly choose defaults and sane options): `ipa-server-install`
10. Authenticate as admin: `kinit admin`
192.168.122.100 freeipa.reeselink.com
```
- Restart NetworkManager: `systemctl restart NetworkManager`
- Ensure resolv.conf hasn't been repopulated: `cat /etc/resolv.conf`
- Install freeipa: `dnf install -y freeipa-server freeipa-server-dns`
- Install the server (mostly choose defaults and sane options): `ipa-server-install`
- Authenticate as admin: `kinit admin`
Now skip to [Get PIV Working](#piv) Now skip to [Get PIV Working](#piv)
## NFS
<https://www.techrepublic.com/article/kerberos-authentication-with-nfsv4/>
```bash
mkdir /exports
chmod 1777 /exports
mount --bind /srv /exports/srv
```
What this does is remounts /srv to /exports/srv. Effectively, this means that
/srv can be accessed directly, or via /exports/srv and changes in one location
reflect in the other.
To make this persistent, add the mount command above to /etc/rc.d/rc.local or
some similar executed-at-boot script.
Next, edit `/etc/sysconfig/nfs` and enable the SECURE_NFS option:
```conf
SECURE_NFS="yes"
```
Then edit `/etc/exports`. The “/exports” entry has the “fsid=0” option, which
tells NFS that this is the “root” export.
```fstab
/exports gss/krb5(rw,sync,fsid=0,insecure,no_subtree_check)
/exports/srv gss/krb5(rw,sync,nohide,insecure,no_subtree_check)
```
Create the server principal for the NFS server and add it to the keytab file on
the server using kadmin (usually /etc/krb5.keytab):
```bash
kadmin.local
kadmin.local: addprinc -randkey nfs/nfsserver.domain.com
kadmin.local: ktadd -e des-cbc-crc:normal -k /etc/krb5.keytab nfs/nfsserver.domain.com
kadmin.local: quit
```
Edit `/etc/idmapd.conf` and make sure the Nobody-User and Nobody-Group options
are correct (i.e. on Red Hat Enterprise Linux and Fedora, use the “nfsnobody”
user and group, other distributions may just use “nobody”)
```bash
systemctl restart nfs rpcidmapd
```
open TCP port 2049 for use with NFsv4
```bash
firewall-cmd --add-service=nfs
firewall-cmd --add-service=nfs --permanent
firewall-cmd --reload
```
## Tips ## Tips
```bash ```bash

5
active/software_packer/packer.md Normal file
View File

@@ -0,0 +1,5 @@
# Packer
## Qemu Builds
<https://github.com/goffinet/packer-kvm?tab=readme-ov-file>

4
active/systemd_qemu/qemu.md → active/software_qemu/qemu.md
View File

@@ -2,7 +2,7 @@
- [QEMU](#qemu) - [QEMU](#qemu)
- [QCOW2](#qcow2) - [QCOW2](#qcow2)
- [Restore qcow snapshots](#restore-qcow-snapshots) - [QCOW2 Snapshots](#qcow2-snapshots)
- [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive) - [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive)
- [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow) - [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow)
- [ISO](#iso) - [ISO](#iso)
@@ -17,7 +17,7 @@ VDI (VirtualBox) vdi
VHD (Hyper-V) vpc VHD (Hyper-V) vpc
VMDK (VMware) vmdk VMDK (VMware) vmdk
### Restore qcow snapshots ### QCOW2 Snapshots
```bash ```bash
# Create a snapshot # Create a snapshot

11
active/software_virsh/dual-stack-dhcp.xml Normal file
View File

@@ -0,0 +1,11 @@
<network>
<name>dual-stack</name>
<forward mode="nat"/>
<domain name="dual-stack"/>
<ip address="192.168.100.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.100.2" end="192.168.100.254"/>
</dhcp>
</ip>
<ip family="ipv6" address="fd4d:58e7:17f6:1::1" prefix="64"/>
</network>

7
active/software_virsh/dual-stack-no-dhcp.xml Normal file
View File

@@ -0,0 +1,7 @@
<network>
<name>dual-stack-no-dhcp</name>
<forward mode="nat"/>
<domain name="dual-stack-no-dhcp"/>
<ip address="192.168.123.1" netmask="255.255.255.0"/>
<ip family="ipv6" address="fd4d:58e7:17f6:1::1" prefix="64"/>
</network>

222
active/software_virsh/virsh.md
View File

@@ -2,6 +2,19 @@
Virtual Machine Management Virtual Machine Management
- [Virsh](#virsh)
- [Before you Begin](#before-you-begin)
- [Useful Virsh Commands](#useful-virsh-commands)
- [Virsh Networking](#virsh-networking)
- [Create a Virtual Network](#create-a-virtual-network)
- [Attach a New Virtual Network](#attach-a-new-virtual-network)
- [Set a Static IP](#set-a-static-ip)
- [Creating VMs](#creating-vms)
- [Create VM with No Graphics and use an Existing QCOW2 Disk](#create-vm-with-no-graphics-and-use-an-existing-qcow2-disk)
- [Create VM with Graphics using an ISO Installation Disk](#create-vm-with-graphics-using-an-iso-installation-disk)
- [Create VM using Host Device as Disk](#create-vm-using-host-device-as-disk)
- [Snapshots](#snapshots)
## Before you Begin ## Before you Begin
1. Add yourself to the `qemu` and `libvirt` groups: `usermod -aG libvirt,qemu ducoterra` 1. Add yourself to the `qemu` and `libvirt` groups: `usermod -aG libvirt,qemu ducoterra`
@@ -10,8 +23,9 @@ Virtual Machine Management
4. Allow group write access to images: `chmod 770 /var/lib/libvirt/images` 4. Allow group write access to images: `chmod 770 /var/lib/libvirt/images`
5. Allow group write access to iso: `chmod 770 /var/lib/libvirt/iso` 5. Allow group write access to iso: `chmod 770 /var/lib/libvirt/iso`
6. Tell virsh to connect to your root system rather than your user: `export LIBVIRT_DEFAULT_URI='qemu:///system'` 6. Tell virsh to connect to your root system rather than your user: `export LIBVIRT_DEFAULT_URI='qemu:///system'`
7. Export your editor so virsh knows what to use: `export EDITOR=vim`
## VM Details ## Useful Virsh Commands
```bash ```bash
# Show node info # Show node info
@@ -22,37 +36,6 @@ osinfo-query os
# List all current machines # List all current machines
virsh list --all virsh list --all
```
## Creating VMs
If you have [an osbuild
image](/active/software_osbuild/image_builder.md#installing) you can run
```bash
sudo systemctl start osbuild-composer.socket
composer-cli compose list
composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-test.qcow2 image-uuid
```
now to have a qcow2 available during install.
```bash
# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`)
# `--import` skips the installation process.
# `--graphics spice --video qxl --channel spicevmc` installs graphics
# `--console pty,target.type=virtio` adds a console connection
# For any command, use `virt-install --arg=?` to see all available options
virt-install \
--name fedora42-test \
--description "Test VM with Fedora42" \
--cpu host-model --vcpus sockets=1,cores=8,threads=2 \
--ram=8192 \
--os-variant=fedora41 \
--import --disk path=/var/lib/libvirt/images/fedora-42-test.qcow2,bus=virtio \
--network bridge:virbr0 \
--graphics none \
--console pty,target.type=virtio
# Connect to console VM # Connect to console VM
virsh console fedora42-test virsh console fedora42-test
@@ -78,3 +61,178 @@ virsh undefine <domain>
# Remove a VM including storage # Remove a VM including storage
virsh undefine <domain> --remove-all-storage virsh undefine <domain> --remove-all-storage
``` ```
## Virsh Networking
### Create a Virtual Network
Creating a new network will require an XML configuration file. To see the
default network's configuration, use
```bash
virsh net-dumpxml default > virbr0.xml
```
To create a dual-stack network, use the following. (Note, I generated a unique
local ipv6 address [here](https://www.unique-local-ipv6.com/)).
```xml
<network>
<name>dual-stack</name>
<forward mode="nat"/>
<domain name="dual-stack"/>
<ip address="192.168.100.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.100.2" end="192.168.100.254"/>
</dhcp>
</ip>
<ip family="ipv6" address="fd4d:58e7:17f6:1::1" prefix="64"/>
</network>
```
I've already defined this network in `active/software_virsh/dual-stack-dhcp.xml`. Install it with
```bash
# Define and autostart the network
virsh net-define active/software_virsh/dual-stack-dhcp.xml
virsh net-start dual-stack-dhcp
virsh net-autostart dual-stack-dhcp
# List networks to ensure it created
virsh net-list --all
# Get the UUID of the created network
virsh net-uuid dual-stack-dhcp
```
### Attach a New Virtual Network
```bash
export VM_NAME=my_vm
virsh attach-interface \
--type bridge \
--source virbr1 \
--model virtio \
--config \
--live \
--domain ${VM_NAME}
```
### Set a Static IP
To set a static IP, run `virsh net-edit default` and add the following between `<dhcp>` and `</dhcp>`
```xml
<host mac='xx:xx:0x:xx:xx:1x' name='virtual_machine' ip='1xx.1xx.1xx.xx'/>
```
Then run
```bash
# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`)
# `--import` skips the installation process.
# `--graphics spice --video qxl --channel spicevmc` installs graphics
# `--console pty,target.type=virtio` adds a console connection
# For any command, use `virt-install --arg=?` to see all available options
virsh net-destroy default
virsh net-start default
virsh shutdown virtual_machine
systemctl restart libvirtd
virsh start virtual_machine
```
## Creating VMs
If you have [an osbuild
image](/active/software_osbuild/image_builder.md#installing) you can run the
following to generate a qcow2 disk image. Then you can [create a VM with an
existing qcow2
disk](#create-vm-with-no-graphics-and-use-an-existing-qcow2-disk) and skip the
installation process altogether.
```bash
sudo systemctl start osbuild-composer.socket
composer-cli compose list
composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-test.qcow2 image-uuid
```
### Create VM with No Graphics and use an Existing QCOW2 Disk
```bash
# Start the default network if it isn't already
virsh net-start --network default
# `--location /path/to/image.iso` supplies a disk installer. (Remove `--import`)
# `--import` skips the installation process.
# `--graphics spice --video qxl --channel spicevmc` installs graphics
# `--console pty,target.type=virtio` adds a console connection
# For any command, use `virt-install --arg=?` to see all available options
export VM_NAME="fedora42-test"
export VM_DESCRIPTION="Test VM with Fedora42"
export VM_DISK_PATH="/var/lib/libvirt/images/fedora-42-test.qcow2"
virt-install \
--name "${VM_NAME}" \
--description "${DESCRIPTION}" \
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
--ram=8192 \
--os-variant=fedora41 \
--network bridge:virbr0 \
--graphics none \
--console pty,target.type=virtio \
--import --disk "path=${VM_DISK_PATH},bus=virtio"
```
### Create VM with Graphics using an ISO Installation Disk
```bash
# `--cdrom /path/to/image.iso` supplies a disk installer. (Remove `--import`)
# `--import` skips the installation process.
# `--graphics spice --video qxl --channel spicevmc` installs graphics
# `--console pty,target.type=virtio` adds a console connection
# For any command, use `virt-install --arg=?` to see all available options
export VM_NAME="fedora43-kinoite-test"
export VM_DESCRIPTION="Test VM with Fedora43 Kinoite"
export VM_DISK_PATH="/var/lib/libvirt/images/fedora-43-kinoite.qcow2"
export VM_ISO_PATH="/var/lib/libvirt/iso/Fedora-Kinoite-ostree-x86_64-43-1.6.iso"
virt-install \
--name "${VM_NAME}" \
--description "${DESCRIPTION}" \
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
--ram=8192 \
--os-variant=fedora41 \
--network bridge:virbr0 \
--graphics spice --video qxl --channel spicevmc \
--cdrom ${VM_ISO_PATH} \
--disk "path=${VM_DISK_PATH},size=64,bus=virtio,format=qcow2"
```
### Create VM using Host Device as Disk
```bash
# `--cdrom /path/to/image.iso` supplies a disk installer. (Remove `--import`)
# `--import` skips the installation process.
# `--graphics spice --video qxl --channel spicevmc` installs graphics
# `--console pty,target.type=virtio` adds a console connection
# `--hostdev 0x1234:0x5678` adds a block storage device
# For any command, use `virt-install --arg=?` to see all available options
export VM_NAME="usb-linux"
export VM_DESCRIPTION="Linux running 0x13fe:0x6500 as the boot drive"
virt-install \
--name "${VM_NAME}" \
--description "${DESCRIPTION}" \
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
--import \
--cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
--ram=8192 \
--os-variant=fedora41 \
--network bridge:virbr0 \
--graphics spice --video qxl --channel spicevmc \
--hostdev 0x13fe:0x6500,boot.order=1 \
--disk none
```
## Snapshots
See [qemu qcow2 snapshots](/active/software_qemu/qemu.md#qcow2-snapshots)