Sunday, May 31, 2020

ovirt: Cannot authenticate user 'admin@internal': Unable to log in because the user account is disabled or locked. Contact the system administrator..

Tried to login with wrong password in Engine more than 3 times and I got:

Cannot authenticate user 'admin@internal': Unable to log in because the user account is disabled or locked. Contact the system administrator..


To unlock:
On Engine machine:
# ovirt-aaa-jdbc-tool user unlock admin

Saturday, May 30, 2020

golang: execCommand example

// execCommand executes a command from cmdName with args
// provided from cmdArgs. Returns the stdout in []byte and error or nil
func execCommand(cmdName string, cmdArgs ...string) ([]byte, error) {
        logrus.Debugf("Executing: %s %s ", cmdName, cmdArgs)
        cmd := exec.Command(cmdName, cmdArgs...)
        stdout, err := cmd.Output()
        if err != nil {
                return nil, errors.Wrapf(err, "Error executing the command")
        }

        return stdout, nil
}

ovirt/rhev host: virsh (requiring user/password)

# virsh  capabilities 
Please enter your authentication name: vdsm@ovirt    
Please enter your password: shibboleth

<capabilities>

  <host>
    <uuid>ed618474-2399-47ce-90a7-0dadbee585dc</uuid>
    <cpu>
      <arch>x86_64</arch>
      <model>Broadwell-noTSX-IBRS</model>
      <vendor>Intel</vendor>
      <microcode version='180'/>
      <counter name='tsc' frequency='3503985000' scaling='no'/>
      <topology sockets='1' cores='2' threads='2'/>
      <feature name='vme'/>
      <feature name='ds'/>
      <feature name='acpi'/>
      <feature name='ss'/>
      <feature name='ht'/>
      <feature name='tm'/>
      <feature name='pbe'/>
      <feature name='dtes64'/>
      <feature name='monitor'/>
      <feature name='ds_cpl'/>
      <feature name='vmx'/>
      <feature name='est'/>
      <feature name='tm2'/>
      <feature name='xtpr'/>
      <feature name='pdcm'/>
      <feature name='osxsave'/>
      <feature name='f16c'/>
      <feature name='rdrand'/>
      <feature name='arat'/>
      <feature name='tsc_adjust'/>
      <feature name='mpx'/>
      <feature name='clflushopt'/>
      <feature name='intel-pt'/>
      <feature name='md-clear'/>
      <feature name='stibp'/>
      <feature name='ssbd'/>
      <feature name='xsaveopt'/>
      <feature name='xsavec'/>
      <feature name='xgetbv1'/>
      <feature name='xsaves'/>
      <feature name='pdpe1gb'/>
      <feature name='abm'/>
      <feature name='invtsc'/>
      <pages unit='KiB' size='4'/>
      <pages unit='KiB' size='2048'/>
      <pages unit='KiB' size='1048576'/>
    </cpu>
    <power_management>
      <suspend_mem/>
    </power_management>
    <iommu support='no'/>
    <migration_features>
      <live/>
      <uri_transports>
        <uri_transport>tcp</uri_transport>
        <uri_transport>rdma</uri_transport>
      </uri_transports>
    </migration_features>
    <topology>
      <cells num='1'>
        <cell id='0'>
          <memory unit='KiB'>33437624</memory>
          <pages unit='KiB' size='4'>8359406</pages>
          <pages unit='KiB' size='2048'>0</pages>
          <pages unit='KiB' size='1048576'>0</pages>
          <distances>
            <sibling id='0' value='10'/>
          </distances>
          <cpus num='4'>
            <cpu id='0' socket_id='0' core_id='0' siblings='0,2'/>
            <cpu id='1' socket_id='0' core_id='1' siblings='1,3'/>
            <cpu id='2' socket_id='0' core_id='0' siblings='0,2'/>
            <cpu id='3' socket_id='0' core_id='1' siblings='1,3'/>
          </cpus>
        </cell>
      </cells>
    </topology>
    <cache>
      <bank id='0' level='3' type='both' size='4' unit='MiB' cpus='0-3'/>
    </cache>
    <secmodel>
      <model>selinux</model>
      <doi>0</doi>
      <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
      <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
    </secmodel>
    <secmodel>
      <model>dac</model>
      <doi>0</doi>
      <baselabel type='kvm'>+107:+107</baselabel>
      <baselabel type='qemu'>+107:+107</baselabel>
    </secmodel>
  </host>

  <guest>
    <os_type>hvm</os_type>
    <arch name='i686'>
      <wordsize>32</wordsize>
      <emulator>/usr/libexec/qemu-kvm</emulator>
      <machine maxCpus='240'>pc-i440fx-rhel7.6.0</machine>
      <machine canonical='pc-i440fx-rhel7.6.0' maxCpus='240'>pc</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.0.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.6.0</machine>
      <machine canonical='pc-q35-rhel7.6.0' maxCpus='384'>q35</machine>
      <machine maxCpus='240'>rhel6.3.0</machine>
      <machine maxCpus='240'>rhel6.4.0</machine>
      <machine maxCpus='240'>rhel6.0.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.5.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.1.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.2.0</machine>
      <machine maxCpus='255'>pc-q35-rhel7.3.0</machine>
      <machine maxCpus='240'>rhel6.5.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.4.0</machine>
      <machine maxCpus='240'>rhel6.6.0</machine>
      <machine maxCpus='240'>rhel6.1.0</machine>
      <machine maxCpus='240'>rhel6.2.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.3.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.4.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.5.0</machine>
      <domain type='qemu'/>
      <domain type='kvm'>
        <emulator>/usr/libexec/qemu-kvm</emulator>
      </domain>
    </arch>
    <features>
      <cpuselection/>
      <deviceboot/>
      <disksnapshot default='on' toggle='no'/>
      <acpi default='on' toggle='yes'/>
      <apic default='on' toggle='no'/>
      <pae/>
      <nonpae/>
    </features>
  </guest>

  <guest>
    <os_type>hvm</os_type>
    <arch name='x86_64'>
      <wordsize>64</wordsize>
      <emulator>/usr/libexec/qemu-kvm</emulator>
      <machine maxCpus='240'>pc-i440fx-rhel7.6.0</machine>
      <machine canonical='pc-i440fx-rhel7.6.0' maxCpus='240'>pc</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.0.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.6.0</machine>
      <machine canonical='pc-q35-rhel7.6.0' maxCpus='384'>q35</machine>
      <machine maxCpus='240'>rhel6.3.0</machine>
      <machine maxCpus='240'>rhel6.4.0</machine>
      <machine maxCpus='240'>rhel6.0.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.5.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.1.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.2.0</machine>
      <machine maxCpus='255'>pc-q35-rhel7.3.0</machine>
      <machine maxCpus='240'>rhel6.5.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.4.0</machine>
      <machine maxCpus='240'>rhel6.6.0</machine>
      <machine maxCpus='240'>rhel6.1.0</machine>
      <machine maxCpus='240'>rhel6.2.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.3.0</machine>
      <machine maxCpus='240'>pc-i440fx-rhel7.4.0</machine>
      <machine maxCpus='384'>pc-q35-rhel7.5.0</machine>
      <domain type='qemu'/>
      <domain type='kvm'>
        <emulator>/usr/libexec/qemu-kvm</emulator>
      </domain>
    </arch>
    <features>
      <cpuselection/>
      <deviceboot/>
      <disksnapshot default='on' toggle='no'/>
      <acpi default='on' toggle='yes'/>
      <apic default='on' toggle='no'/>
    </features>
  </guest>

</capabilities>

Friday, May 15, 2020

rhel8 - how to enable FIPS 8

Red Hat Enterprise Linux 8 is designed to follow the FIPS 140-2 level 1 requirements for all of its core cryptographic components 

How to enable:

# fips-mode-setup --enable
# reboot

Disable:

# fips-mode-setup --disable
# reboot

Monday, May 4, 2020

git: delete a branch (locally and remote)

$ git branch -d ${LOCAL_BRANCH_NAME}
$ git push origin --delete ${REMOTE_BRANCH_NAME}

gitlab: working with non default ssh key pair paths

1. Set perm for ~/.ssh/config
$ chmod 644 ~/.ssh/config

2. Generate the rsa key
$ ssh-keygen -t rsa -b 2048 -C "${MY_EMAIL_ADDRESS}"

3. Add the new key to the ssh agent
$ ssh-add ~/.ssh/id_rsa_${MY_PRIVATE_KEY}

4. Set the configuration file for the gitlab host
$ cat ~/.ssh/config
Host gitlab.com
   PreferredAuthentications publickey
   IdentityFile ~/.ssh/id_rsa_${PRIVATE_KEY}
   User git

Ref: https://docs.gitlab.com/ee/ssh/#working-with-non-default-ssh-key-pair-paths