# qemu-img resize <name>.qcow2 +10G

During installation, select and append kernel parameters net.ifnames and biosdevname.

vmlinuz .. net.ifnames=0 biosdevname=0

1. Use ssh-keygen to generate rsa (default) key pair in ~/.ssh for userX.

2. Use ssh-copy-id userX@hostname to copy userX public (default) key to the host's ~/.ssh/authorized_keys for userX. Note: completing this step prior to disabling SSH password simplifies the process.

3. Use ssh-keyscan hostname to retrieve pubic keys of a host to ~/.ssh/known_hosts

If local time is off, so will UTC and RTC. At this time, chrony is problematic, so

# dnf remove chrony
# dnf install ntpd
# vi /etc/ntp.conf

Also

# timedatectl set-ntp off
# timedatectl set-time "2016-09-11 06:20:00"
# timedatectl set-ntp on
# reboot

ss -4nutas

iptables -I INPUT -p udp -m multiport --dports 88,464,53,123 -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 80,443,389,636,88,464,53 -j ACCEPT

KDM does not appear to support IPA, however, GDM does. Not a fan of Gnome 3, so..

# systemctl stop chronyd
# systemctl disable chronyd
# systemctl mask chronyd

If assigning DNS via DHCP to use FreeIPA hosts, name resolution is ready. Otherwise, you will need to configure the client host to use FreeIPA hosts.

1. Update /etc/NetworkManager/NetworkManager.conf to have "DNS=none" under the "[MAIN]" section.
2. systemctl restart NetworkManager
3. rm /etc/resolv.conf (?unnecessary?)
4. echo "search mydomain.net" > /etc/resolv.conf
5. echo "nameserver 192.168.10.1" >> /etc/resolv.conf
6. echo "nameserver 192.168.10.2" >> /etc/resolv.conf

# ipa-client-install --force-ntpd --enable-dns-updates --mkhomedir

# ipa-replica-manage list -v $HOSTNAME

log: (/var/log/dirsrv/slapd-YOUR-REALM/errors

# ipa-replica-manage re-initialize --from [FQDN]

Reference:

https://github.com/oVirt/ovirt-engine-extension-aaa-ldap

The root certificate should be obtained from the LDAP server, exact method is vendor specific.

OpenLDAP

Open /etc/openldap/slapd.conf Seek TLSCACertificateFile or TLSCACertificatePath. Locate certificate file.

FreeIPA

/etc/ipa/ca.crt

Active Directory

Windows: > certutil -ca.cert myrootca.der Linux: $ openssl -in myrootca.der -inform DER -out myrootca.pem

Most LDAP servers will provide root certificate within TLS/SSL negotiation. Use the following sequence to extract:

$ openssl s_client -connect @HOST@:636 -showcerts < /dev/null

Copy/paste the last certificate into myrootca.pem Copy/paste the first certificate into end.pem

Check if it is a root certificate:

$ openssl verify -CAfile myrootca.pem end.pem

Enabled?

cat /sys/module/kvm_intel/parameters/nested
N

If not edit /boot/efi/EFI/fedora/grub.cfg

and add

kvm-intel.nested=1

reboot and check

cat /sys/module/kvm_intel/parameters/nested
Y

Using virtmanager, edit guest cpu and TYPE "host-passthrough"

execute "virt-host-validate" (after ovirt-guest-agent-common?) = pass for all checks.

alternative, use vmWares CPUID utility from waaay-back

http://download3.vmware.com/software/vi/VMware-CPU-Compatibility-e.x.p-160658.zip

Reference: http://www.ovirt.org/develop/developer-guide/engine/engine-tools/

1. Copy oVirt OVA to oVirt Engine host /tmp/filename.ova
2. Execute engine-image-uploader -e exportdom --name=ManageIQ upload /tmp/manageiq-ovirt-darga-4.1.ova
3. Connect to oVirt Administrator portal
4. From "System" select the Export Domain; exportdom
5. Select "Template Import" tab
6. Select "Import" then "OK"
7. Specify a name then "OK"
8. Monitor the template import task until complete.
9. Done Note that the OVA import may (will?) fail if not an oVirt OVA. Using virt-v2v is an option.

# yum install yum-utils deltarpm tmux bind-utils iptables-services

sed -i 's/=enforcing/=permissive/g' /etc/selinux/config

Add user with specified UID and auto-create with GID of the same value.

# useradd -u 2000 userx

Modify existing user with new UID / GID. User home updates with the correct UID but not GID. Research!

# usermod -u 2000 userx
# groupmod -g 2000 userx

https://github.com/rharmonson/richtech/wiki/OSVDC-Series:--Virtual-Disk-Management-on-oVirt-4-and-CentOS-7

sed -i 's/=enforcing/=permissive/g' /etc/selinux/config

Identify the device

lsblk

Create image for device sdc with one or more partitions.

sudo dd if=/dev/sdc of=/path/to/file.img bs=4M status=progress

Review the results

ls -i ~/*.img

sudo dnf install mediawriter

cp -ar /etc/skel/ /home/$user && chown -R $user:$user /home/$user 

Edit /etc/yum.conf to exclude packages.

exclude=kernel*

Update and ignore excludes.

yum --disableexcludes=all update

sudo dd if=CentOS-7-x86_64-DVD-1908.iso of=/dev/sdc status=progress

script ~/file.log

During dnf system-upgrade reboot you may receive an error and abort.

Error:

terminate called after throwing an instance of 'libdnf::ModulePackageContainer::EnableMultipleStreamsException'
  what():  Cannot enable multiple streams for module 'gimp'
Aborted (core dumped)

Fix:

dnf module reset gimp

grep -l [searchstring] [path/file]

for file wildcards can be used to search files in a directory and -r supports recursive greps.

grep -rl test/*.json.

If you want to display the matching line as well as the file, use -H instead of -l.

grep -Hr test

The following one-liner will delete all duplicate lines in a file but not !NF blank lines.

gawk -i inplace '!NF || !a[$0]++' /path/to/file

openssl req -new -nodes -sha256 -out myserver.csr -newkey rsa:2048 -keyout myserver.key -extensions v3_req -subj "/C=US/ST=myState/L=myCity/O=myCompany/OU=IT/CN=myserver.domain.dom" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:myserver.domain.dom,DNS:altmyserver.domain.dom,IP:###.###.###.###"))