From 8bb6a17f0fb121067a8d72584172b7d118ae8f3a Mon Sep 17 00:00:00 2001 From: Peter Boy Date: Aug 29 2023 14:54:28 +0000 Subject: Moved those files from _partials out of the way. Should be completely removed when the current articles with the former partials included are checked. --- diff --git a/modules/ROOT/pages/_partials/2delete-con_Getting-started-with-nmcli.adoc b/modules/ROOT/pages/_partials/2delete-con_Getting-started-with-nmcli.adoc deleted file mode 100644 index c5ce689..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_Getting-started-with-nmcli.adoc +++ /dev/null @@ -1,120 +0,0 @@ -// Module included in the following assemblies: -// -// assembly_Configuring-networking-with-nmcli.adoc - -[id='Getting-started-with-nmcli'] -= Getting started with nmcli - -The [application]*nmcli* (NetworkManager Command Line Interface) command-line utility is used for controlling NetworkManager and reporting network status. It can be utilized as a replacement for [application]*nm-applet* or other graphical clients. [application]*nmcli* is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status. - -The [application]*nmcli* utility can be used by both users and scripts for controlling [application]*NetworkManager*: - -* For servers, headless machines, and terminals, [application]*nmcli* can be used to control [application]*NetworkManager* directly, without GUI, including creating, editing, starting and stopping network connections and viewing network status. - -* For scripts, [application]*nmcli* supports a terse output format which is better suited for script processing. It is a way to integrate network configuration instead of managing network connections manually. - -The basic format of a [application]*nmcli* command is as follows: - -[literal,subs="+quotes,verbatim"] -.... -nmcli [OPTIONS] OBJECT { COMMAND | help } -.... - -where OBJECT can be one of the following options: `general`, `networking`, `radio`, `connection`, `device`, `agent`, and `monitor`. You can use any prefix of these options in your commands. For example, [command]`nmcli con help`, [command]`nmcli c help`, [command]`nmcli connection help` generate the same output. - -Some of useful optional OPTIONS to get started are: - --t, terse:: -+ -This mode can be used for computer script processing as you can see a terse output displaying only the values. -+ -[[ex-Viewing_a_terse_output_for_scripts]] -.Viewing a terse output -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli -t device` -ens3:ethernet:connected:Profile 1 -lo:loopback:unmanaged: - -.... - -==== - --f, field:: -+ -This option specifies what fields can be displayed in output. For example, NAME,UUID,TYPE,AUTOCONNECT,ACTIVE,DEVICE,STATE. You can use one or more fields. If you want to use more, do not use space after comma to separate the fields. -+ -[[ex-Specifying_Fields_in_the_output]] -.Specifying Fields in the output -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli -f DEVICE,TYPE device` -DEVICE TYPE -ens3 ethernet -lo loopback -.... - -or even better for scripting: - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli -t -f DEVICE,TYPE device` -ens3:ethernet -lo:loopback - -.... - -==== - --p, pretty:: -+ -This option causes [application]*nmcli* to produce human-readable output. For example, values are aligned and headers are printed. -+ -[[ex-Viewing_an_output_in_pretty_Mode]] -.Viewing an output in pretty mode -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli -p device` -===================== - Status of devices -===================== -DEVICE TYPE STATE CONNECTION --------------------------------------------------------------- -ens3 ethernet connected Profile 1 -lo loopback unmanaged -- - -.... - -==== - --h, help:: -+ -Prints help information. - -The [application]*nmcli* tool has some built-in context-sensitive help. To list the available options and object names: -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ [command]`nmcli help` -.... - -To list available actions related to a specified object: -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ [command]`nmcli _object_ help` -.... - -For example, -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ [command]`nmcli c help` -.... - -[discrete] -== Additional resources -* link:++https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/getting_started_with_networkmanager++[Getting Started With NetworkManager] diff --git a/modules/ROOT/pages/_partials/2delete-con_Understanding-the-nmcli-options.adoc b/modules/ROOT/pages/_partials/2delete-con_Understanding-the-nmcli-options.adoc deleted file mode 100644 index 0fbd953..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_Understanding-the-nmcli-options.adoc +++ /dev/null @@ -1,65 +0,0 @@ -// Module included in the following assemblies: -// -// assembly_Configuring-networking-with-nmcli.adoc - -[id='Understanding-the-nmcli-options'] -= The nmcli options - -Following are some of the important [application]*nmcli* property options: - - -[option]`connection.type`:: -+ -A connection type. Allowed values are: adsl, bond, bond-slave, bridge, bridge-slave, bluetooth, cdma, ethernet, gsm, infiniband, olpc-mesh, team, team-slave, vlan, wifi, wimax. Each connection type has type-specific command options. For example: -+ -** A `gsm` connection requires the access point name specified in an [option]`apn`. -+ -[literal,subs="+quotes,verbatim,macros"] -.... -nmcli c add connection.type gsm apn pass:quotes[_access_point_name_] -.... -+ -** A `wifi` device requires the service set identifier specified in a [option]`ssid`. -+ -[literal,subs="+quotes,verbatim,macros"] -.... -nmcli c add connection.type wifi ssid -_My identifier_ -.... - -You can see the `TYPE_SPECIFIC_OPTIONS` list in the [citetitle]_pass:attributes[{blank}]*nmcli*(1)_ man page. - -[option]`connection.interface-name`:: -+ -A device name relevant for the connection. -+ -[literal,subs="+quotes,verbatim,macros"] -.... -nmcli con add connection.interface-name _eth0_ type _ethernet_ -.... - -[option]`connection.id`:: -+ -A name used for the connection profile. If you do not specify a connection name, one will be generated as follows: -+ -[literal,subs="+quotes,verbatim,macros"] -.... -_connection.type -connection.interface-name_ -.... -+ -The [option]`connection.id` is the name of a _connection profile_ and should not be confused with the interface name which denotes a device (`wlan0`, `ens3`, `em1`). However, users can name the connections after interfaces, but they are not the same thing. There can be multiple connection profiles available for a device. This is particularly useful for mobile devices or when switching a network cable back and forth between different devices. Rather than edit the configuration, create different profiles and apply them to the interface as needed. The [option]`id` option also refers to the connection profile name. - -The most important options for [application]*nmcli* commands such as `show`, `up`, `down` are: - -[option]`id`:: -+ -An identification string assigned by the user to a connection profile. Id can be used in nmcli connection commands to identify a connection. The NAME field in the command output always denotes the connection id. It refers to the same connection profile name that the con-name does. - -[option]`uuid`:: -+ -A unique identification string assigned by the system to a connection profile. The `uuid` can be used in [command]`nmcli connection` commands to identify a connection. - -[discrete] -== Additional resources - -* See the comprehensive list in the [citetitle]_pass:attributes[{blank}]*nmcli*(1)_ man page. diff --git a/modules/ROOT/pages/_partials/2delete-con_benefits-of-selinux.adoc b/modules/ROOT/pages/_partials/2delete-con_benefits-of-selinux.adoc deleted file mode 100644 index 4f32531..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_benefits-of-selinux.adoc +++ /dev/null @@ -1,29 +0,0 @@ -// Module included in the following assemblies: -// -// getting-started-with-selinux.adoc -:experimental: - -[#{context}-benefits-of-selinux] -= Benefits of running SELinux - -SELinux provides the following benefits: - -* All processes and files are labeled. SELinux policy rules define how processes interact with files, as well as how processes interact with each other. Access is only allowed if an SELinux policy rule exists that specifically allows it. - -* Fine-grained access control. Stepping beyond traditional UNIX permissions that are controlled at user discretion and based on Linux user and group IDs, SELinux access decisions are based on all available information, such as an SELinux user, role, type, and, optionally, a security level. - -* SELinux policy is administratively-defined and enforced system-wide. - -* Improved mitigation for privilege escalation attacks. Processes run in domains, and are therefore separated from each other. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker only has access to the normal functions of that process, and to files the process has been configured to have access to. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories, unless a specific SELinux policy rule was added or configured to allow such access. - -* SELinux can be used to enforce data confidentiality and integrity, as well as protecting processes from untrusted inputs. - -However, SELinux is not: - -* antivirus software, - -* replacement for passwords, firewalls, and other security systems, - -* all-in-one security solution. - -SELinux is designed to enhance existing security solutions, not replace them. Even when running SELinux, it is important to continue to follow good security practices, such as keeping software up-to-date, using hard-to-guess passwords, or firewalls. diff --git a/modules/ROOT/pages/_partials/2delete-con_controlling_ports_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-con_controlling_ports_firewalld.adoc deleted file mode 100644 index 9d9c009..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_controlling_ports_firewalld.adoc +++ /dev/null @@ -1,13 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - - -[id='controlling-ports-firewalld-fedora'] - -= Controlling ports using firewalld - -== What are ports? -Ports are logical devices that enable an operating system to receive and distinguish network traffic and forward it accordingly to system services. These are usually represented by a daemon that listens on the port, that is it waits for any traffic coming to this port. - -Normally, system services listen on standard ports that are reserved for them. The httpd daemon, for example, listens on port 80. However, system administrators may configure daemons to listen on different ports to enhance security. diff --git a/modules/ROOT/pages/_partials/2delete-con_cups-known-issues.adoc b/modules/ROOT/pages/_partials/2delete-con_cups-known-issues.adoc deleted file mode 100644 index 9cbbfa5..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_cups-known-issues.adoc +++ /dev/null @@ -1,231 +0,0 @@ -[id='con_cups-known-issues'] -= Known issues - -Here are several known issues, which arise with certain circumstances, and there isn't general solution or upstream didn't want to add the solution to its project: - -== cups-browsed - -=== Cannot print due 'No destination hostname provided by cups-browsed, is it running?' - - -cups-browsed sometimes loses connection to print server (usually with old ones, like cups-1.4.2) when laptop changes network connection (change of WiFi network or after hibernate/suspend). You can make printing working again with cancelling your jobs and restarting cups-browsed by - ----- -$ cancel -a -$ sudo systemctl restart cups-browsed ----- - -=== cups-browsed consumes large amount of CPU - -Creating local printer queues takes long time for some printers with larger PPD file, so timeout of http connection will time out and it creates infinite loop of creating local printer queues. To solve this issue, please add - ----- -HttpLocalTimeout N -HttpRemoteTimeout N ----- - -into [filename]`/etc/cups/cups-browsed.conf`, where `N` is number of seconds after which connection is timed out. Then restart cups-browsed service. This option is currently in Fedora 27 and above. - -=== [SINCE FEDORA 27] cups-browsed creates different printer queue names than before - -This issue is connected to remote cups queues, which are advertised by older CUPS version (usually below cups-1.5, e.g. RHEL 6). Cups-browsed creates local print queues named by printer's DNS-SD ID by default and naming by remote cups queue is enabled again by adding: - ----- -LocalQueueNamingRemoteCUPS RemoteName ----- - -into [filename]`/etc/cups/cups-browsed.conf` and restart cups-browsed service. - -== cups-filters - -=== Printing takes a long time or doesn't print at all - -When your printer needs a lot of time to do printing (from your POV) or doesn't print at all (some Xerox printers have such problems with gs renderer, so they are working again only with pdftops renderer), you can try to change the default postscript renderer. The default renderer in Fedora for most printers is gs filter from Ghostscript, but we have pdftops filter from Poppler for Brother, Minolta and Konica Minolta printers - this setup is called hybrid. - -Other available renderer setups are gs (from Ghostscript), pdftops and pdftocairo (from Poppler), mupdf (from mupdf) and acroread (from adobe reader, not in Fedora official repositories), then you can set different default renderer for your print queue like this: - ----- -# lpadmin -p -o pdftops-renderer-default=gs/pdftops/pdftocairo/mudpf/acroread/hybrid ----- - -*BEWARE:* Most 'slow' printing issues are caused by PDF creating applications, which generates bad PDF file - and that bad generated PDF file is mostly the core of problem. To sum it up, slow printing issue can rise again with different PDF file, then it is on user's decision: if he wants to print fast and probably sometimes change the default renderer, or slow printing is not such critical issue. - -== CUPS - -=== [Fixed in F33 and later] Firefox, Evince (PDF viewer), GVim, Gedit, Gnome Control Center show a 'dummy'/duplicate print queue, which doesn't work - -This bug is connected to every application which uses GTK print dialog. GTK dialog decided to take information about available from two sources - mDNS messages from Avahi and CUPS - this dummy/duplicate print queue is a print queue GTK created in its dialog based on Avahi messages, but it doesn't exist in CUPS, because no one created it, and later GTK behaves like it exists in CUPS. So every time an user wants to print, GTK sends a request to CUPS for this queue, but it gets dropped by CUPS because the queue doesn't exist. - -The feature which GTK is trying to do here is called CUPS temporary queues - GTK developers is currently working on a immediate fix in this https://bugzilla.redhat.com/show_bug.cgi?id=1784449[bugzilla]. The future plan is to use https://github.com/OpenPrinting/cpdb-backend-cups[cpdb-backend-cups] backend in GTK, but right now we are focusing on the intermediate fix. - -=== CUPS doesn't take nicely some kinds of FQDN - -CUPS sometimes has problems with some kinds of FQDN - that means when you use FQDN in [option]`BrowsePoll` directive in [filename]`/etc/cups/cups-browsed.conf`, CUPS doesn't recognize it as valid hostname - it is solved by adding: - ----- -ServerAlias your.own.fully.qualified.hostname.com ----- - -into [filename]`/etc/cups/client.conf` and restarting cups service. - -=== There are less options available if the device is used as driverless than with a classic driver - -The similar situation can happen with *sane-airscan* supported scanners. Some devices declare less options via protocols - f.e. IPP 2.0+, WSD, eSCL - which support driverless solutions than via classic drivers. Usually it is an issue with device's firmware, which can be verify by checking the output of the following command: - ----- -$ ipptool -tv get-printer-attributes.test ----- - -The commands does the same IPP request which is done when a temporary queue appears in the print dialog or when you install the queue permanently. The printer options are set from the IPP response for this request, so if the option is missing in the response, CUPS cannot generate such a printer option. The solution is to try to update the device firmware, report the issue to the device manufacturer and at https://bugzilla.redhat.com[bugzilla] with logs. - -=== [F33+] Printing via IPPS doesn't work - -Fedora 33 came up with a raised bar regarding crypto-policies, so SSL and older TLS protocols are disabled on system level. The change breaks printing via IPPS to devices which don't support newer protocols. You can set back legacy crypto support in crypto-policies via: - ----- -$ sudo update-crypto-policies --set DEFAULT:FEDORA32 ----- - -The policy change transitionally has an impact on devices found by cups-browsed, because the daemon prefers IPPS uris if they are reported as available by printer/server. - -== HPLIP - -First I would like to mention that we are not responsible for support HPLIP, which is downloaded and installed from HP website. Please install hplip rpms from official Fedora repositories at most cases. - -=== Hp-plugin: file does not match its checksum. File may have been corrupted or altered - -This common error is mostly caused by external causes (server outage, network outage), when wget tries to download plugin, but it returns only error message. It is connected with message: - ----- -Plugin download failed with error code = N ----- - -where `N` is return value of [command]`wget` ([command]`man wget`), which is used for downloading proprietary plugin. Solutions for this issue may vary - you can wait until servers go up again or try to install plugin, which you download manually from http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/ (select "Select and install an existing local copy of the plug-in file" during [command]`hp-setup` or [command]`hp-plugin`). - -=== Unable to load cupsext - -This error can occur when hplip is installed from HP website, or its dependencies are mixed python2 and python3 packages or installed by pip. This is solved by removing all hplip packages (hplip, hplip-gui, hplip-libs, hplip-common, libsane-hpiao) and installing them again all from repositories. - -=== Missing hplip-gui - -GUI tools and GUI parts of HP commands are moved to hplip-gui subpackage, because the main package can work without GUI, so the main package is smaller. The outcome of this decision is HP commands need to be run with `-i` option for interactive mode, or hplip-gui subpackage needs to be installed. - -Tools, which need to be run with `-i` option for CLI or need to have hplip-gui installed for GUI: - ----- -hp-align -hp-clean -hp-colorcal -hp-diagnose_queues -hp-fab -hp-firmware -hp-info -hp-plugin -hp-sendfax -hp-setup -hp-testpage -hp-unload ----- - -Tools, which are in hplip-gui: - ----- -hp-check -hp-print -hp-systray -hp-toolbox -hp-devicesettings -hp-faxsetup -hp-linefeedcal -hp-makecopies -hp-printsettings -hp-wificonfig ----- - -=== HP printer isn't discovered, doesn't print or doesn't print well - -Some HP printers don't work well with URIs provided by CUPS (dnssd, usb, ipp) or they need proprietary plugin from HP, which cannot be in Fedora because of licensing issues. For such printers please try to run: - ----- -hp-setup -i -g ----- - -for interactive mode, or: - ----- -hp-setup -g ----- - -for graphic mode. This command installs HP printers and HP scanners. If you have issue about HP printer/HP scanner, which isn't discovered, doesn't print or doesn't print well, please try to install it by [command]`hp-setup`, if it helps. If it doesn't help, please file a bugzilla, attach output of hp-setup and mention that you tried [command]`hp-setup`. - -=== Device which needs plugin does not work after HPLIP update - -Devices which need plugin can stop to work after update to newer HPLIP version - it is due the check for plugin version in the code. The check is necessary to prevent inconsitencies when new features in open sourced HPLIP need new proprietary libraries from plugin. To make your printer work again, just download and install plugin again with: - ----- -$ hp-plugin -i ----- - -=== Devices which require a binary plugin stopped to work on Fedora Silverblue/CoreOS - -Devices which require a HP close source binary plugin need to have plugin installed every time you start/restart your PC by default. HP closed source script installs the plugins into a readonly directories, so the plugins are removed once you start/restart Fedora. The workaround is to try if your device supports driverless printing and scanning, try hplip-plugin package from RPMFusion or keep installing the plugin everytime you want to print. - -== golang-github-openprinting-ipp-usb - -=== USB printer/scanner doesn't work due a conflict on USB port - -*ipp-usb* daemon keeps the USB port of IPP-over-USB device opened for any possible IPP communication in the future, which blocks the port for other drivers (f.e. HPLIP, gutenprint, sane-backends...). - -For printers the solution is to _uninstall the queue with the driver_ by: - ----- -$ lpadmin -x ----- - -and start using the one from *ipp-usb* (as a xref:cups-terminology.adoc#_temporary_print_queues[CUPS temporary queue] or install a permanent one - the default device uri is `ipp://localhost:60000/ipp/print`). - -In case of scanners *sane-airscan* automatically picks up the virtual device from *ipp-usb* if the device is capable of using WSD or eSCL protocols. However, if the scanner had been supported by classic scanner driver such as hplip or sane-backends and is now claimed by *ipp-usb* because it supports *IPP-over-USB* driverless standard, the old scanner is still shown, but it won't work for scanning due USB conflict. It happens because classic backends just list any device which they can find on USB interfaces and matches the description the backend supports, but backends don't check whether they actually can communicate with the device until they try to open the USB port for scanning process itself. This becomes a problem for scanning applications, which automatically choose the previous scanner as a default choice for scanning (such as _Simple Scan_) - users have to pick a driverless scanner from the list of available scanners before they scan. - -The scanner device discovered by classic SANE backends can be disabled from showing it among available scanners by commenting out its entry in backend's configuration file located in [filename]`/etc/sane.d` or the whole backend name in [filename]`/etc/sane.d/dll.conf`/[filename]`/etc/sane.d/dll.d`, f.e. Canon MF440 Series is reported by `pixma` and `airscan` backends, but only `airscan` works because it is a backend based on network protocol and USB interface is claimed by `ipp-usb`, so we will disable the `pixma` backend by commenting its line in [filename]`/etc/sane.d/dll.conf`: - ----- -$ cat /etc/sane.d/dll.conf -... -pint -#pixma -plustek -... ----- - -If *ipp-usb* created device doesn't match your use case (the options you use are missing, the device doesn't work even if it is IPP-over-USB supported), please report the issue together with logs from [filename]`/var/log/ipp-usb/` directory at https://bugzilla.redhat.com[bugzilla]. *ipp-usb* itself supports quirks, which allows you to set the daemon to ignore your device and you can switch back to a classic driver. The steps are following: - -- get the device model name f.e. Canon MF440 Series: - ----- -$ sudo ipp-usb check -Configuration files: OK -IPP over USB devices: - Num Device Vndr:Prod Model - 1. Bus 001 Device 005 04a9:2823 "Canon MF440 Series" ----- - -- create a quirk file in [filename]`/etc/ipp-usb/quirks` directory in the format below: - ----- -$ cat /etc/ipp-usb/quirks/canon.conf -[Canon MF440 Series] - blacklist = true ----- - -- restart the `ipp-usb` service: - ----- -$ sudo systemctl restart ipp-usb ----- - - -== sane-airscan - -=== There are less options available if the device is discovered by sane-airscan than with a classic driver - -The similar situation can happen with `everywhere` or `driverless` printer models. Some devices declare less options via protocols - f.e. IPP 2.0+, WSD, eSCL - which support driverless solutions than via classic drivers. Usually it is an issue with device's firmware, which can be verify in sane-airscan debug logs and network traffic. The solution is to try to update the device firmware, report the issue to the device manufacturer and at https://bugzilla.redhat.com[bugzilla] with logs. diff --git a/modules/ROOT/pages/_partials/2delete-con_cups-terminology-for-printing-and-scanning.adoc b/modules/ROOT/pages/_partials/2delete-con_cups-terminology-for-printing-and-scanning.adoc deleted file mode 100644 index 823e581..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_cups-terminology-for-printing-and-scanning.adoc +++ /dev/null @@ -1,91 +0,0 @@ -[id='con_cups-terminology-for-printing-and-scanning'] -= Terminology for printing and scanning - -== Printing - -=== Print queue - -Abstraction unit in CUPS for a printer - it has a device uri, which represents connection to the device, and can exist with classic driver (PPD file from different package) or without (driverless printing). The entries you see in print dialogs and settings are those _print queues_. They can be _permanent or temporary_. - -=== Permanent print queues - -The queues with classic driver or driverless print queue which need to be shared further down the network. - -=== Temporary print queues - -The queue which don't need to be installed at all - they show up during print dialog and they disappear once the printing is done successfully. They rely on _driverless printing_. - -=== Remote CUPS queue - -The queue on the different machine, where other cupsd process is running, than on the local machine. They are usually found in enterprise solutions, where printers aren't in the same network as users or if admin wants a centralized monitoring above all printers. In such solutions, users set up _cups-browsed_ to install remote CUPS queue as local queues via _BrowsePoll_ directive, or install a specific queue via GNOME. There can be a solution how to redirect mDNS messages which CUPS server advertises to the networks with users, but I haven't been to setup this correctly yet. - -=== Classic drivers - -Those are the binaries and PPD files, which need to be installed for the device to work. This is older way of supporting devices, which will go away in the future. - -=== Driverless printing (wireless/ethernet) - -Most of modern devices (2010+) complies to AirPrint, Mopria or IPP Everywhere standard, which means they don't need a classic driver for being able to print. Those devices have IPP (Internet Printing Protocol) 2.0+ implemented within, are capable to 'advertise' themselves via mDNS and they support document formats like PDF, PCLm, JPEG, Apple Raster or PWG Raster. - -There are several prerequitises which need to fulfill in OS to have an access to the driverless feature: - -* avahi-daemon must run -* there needs to be a '.local' address resolver active - systemd-resolved or nss-mdns -* the device itself must have IPP port (631) and Bonjour/MDNS enabled -* IPP and MDNS need to be enabled in firewall - -How does the driverless printing work under the roof (put it simply): - -* CUPS sees the printer in mDNS messages via Avahi -* CUPS will find out the printer capabilities via IPP -* if there is a print job, CUPS will set up the filter chain to convert the incoming file into document format which printer understands (Apple Raster, PDF, PWG Raster, PCLm, JPEG) - -In case it is needed, PPD file is generated by PPD generator in CUPS or by _driverless_ binary. - -One of the features which use driverless printing is _CUPS temporary queues_. - -See xref:cups-useful-tricks.adoc#_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing[manual] how to check if your printer is capable of driverless printing. - -=== Printing using a driver - -This printing is similar to driverless printing in matter of setting up a filter chain, but: - -* it can use limited mDNS and IPP functionality or it doesn't use them at all -* all information about device capabilities is taken from PPD (Postscript Printer Description) file -* can use a specialized filters and specialized communication with the device (depends on driver) - -The downsides of this approach is to rely on 3rd party drivers, you need to always install a permanent queue for it and it will go away in the future. - -=== Raw queue - -No filters are started by CUPS if you print to such a queue, the data are sent as they are to the target, no options are applied by CUPS - all regardless of incoming document format. It is required the application you use for printing sends a printer-ready data (in the correct format, with all chosen options applied) or the destination is set to the desired settings (f.e. printer/print server is set to do two-sided-long-edge duplex with grayscale settings, so every document printed will have this settings and user won't be able to change it in an application). - -This approach is usually set for printing to older label printers via a specific application, or, in the past, for printing to remote CUPS queue. Because CUPS has no way how to provide common user experience (finding out printer properties, converting various document formats into a document format the printer accepts, setting printing options) for such queues, their usage is deprecated and it will be removed in the future (in CUPS 3.X). - -=== Raw printing - -Raw printing happens if CUPS receives a file in document format which printer accepts directly and CUPS recognizes the format based on rules from its MIME database. CUPS daemon doesn't start any filters for such a job (it might encapsulate options into IPP packet, if the connection with the printer is over IPP) with exception for PDFs, where the _pdftopdf_ filter is started to apply generic settings like scaling, rotation etc. Raw printing itself happens on print queues with classic driver and driverless print queues. This functionality stays with CUPS 3.X. - -The difference between raw printing and raw queue is the raw printing is a situation which happens if CUPS daemon gets a file in format which printer accepts, so the daemon does not spawn additional filters for such job (with PDF being an exception), and spawns filters for document formats, which are not acceptable by the printer directly, whereas the raw queue is a queue, which CUPS daemon does not spawn any filters in any circumstances, and behaves like a Unix pipeline. - -=== Printer applications - -The binaries which provide support for older devices which aren't capable of complying to driverless standards. The core idea is they will be capable of accepting the old driver and then advertise itself as a device capable of driverless printing. Then the new CUPS will be able to see them and user will be able to print via them as if they were temporary queues. The currently available printer applications in Fedora are _ippeveprinter_ (a part of CUPS - see cups-printerapp package) and _lprint_ (provides support for devices which requires raw printing - mostly label printers). Other printer applications like https://github.com/OpenPrinting/ps-printer-app[ps-printer-app], https://github.com/OpenPrinting/ghostscript-printer-app[ghostscript-printer-app], https://github.com/OpenPrinting/hplip-printer-app[hplip-printer-app] and https://github.com/OpenPrinting/gutenprint-printer-app[gutenprint-printer-app] are currently available as SNAPs until cups-filters 2.0 is released and packaged. Printer applications are, except for _ippeveprinter_, written using _PAPPL_ library, so such printer application provides CLI interface and Web Interface for users to interact with. - -=== Driverless printing (USB) - -Driverless printing has its variant for devices which are connected via USB - it is covered by 'IPP over USB' standard. For make it work, you need 'ipp-usb' package, which will register the device with Avahi on localhost - then USB device will look as a wireless/ethernet device. The discovery/printing looks the same as with a wireless/ethernet device with driverless support. - -See xref:cups-useful-tricks.adoc#_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing[manual] how to check for IPP-over-USB. - -== Scanning - -=== Classic scanning (via hplip and sane-backends) - -The classic scanning works via backends, which are binaries for communication with device. There are several backends, usually created by reverse engineering communication between scanner and MS Windows driver. None of classic backends implements a protocol, which is compatible with most devices available. - -=== Driverless scanning - -The driverless scanning uses sane-escl (not built in Fedora) and sane-airscan backends for communicating with newer devices. Those newer devices usually support eSCL (based on AirScan protocol by Apple) or WSD (Web Services for Devices by Microsoft), which _sane-airscan_ is able to use. - -Regarding USB scanning, it has the same requirement as printing. The device must support IPP over USB driverless standard and _ipp-usb_ package must be installed to get driverless scanning via USB - the package is required because it creates a driverless interface over USB interface which _sane-airscan_ uses for driverless communication with device. diff --git a/modules/ROOT/pages/_partials/2delete-con_cups-useful-tricks.adoc b/modules/ROOT/pages/_partials/2delete-con_cups-useful-tricks.adoc deleted file mode 100644 index 12b3be6..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_cups-useful-tricks.adoc +++ /dev/null @@ -1,399 +0,0 @@ -[id='con_cups-useful-tricks'] -= Useful tricks - -== How to install a print queue - -The fact whether you have to install a printer or not depends on several things: - -* what is the device you want to install - a printer from remote CUPS server (called remote print queue) or a printer, -* where is the device you want to install - connected by USB to your PC, in your local network, in a different network or installed on a remote server, -* how old is the device you want to install: -** standalone printers - most SOHO (Small Office, Home Office) and office printers made after 2010 have at least one way of supporting driverless printing, older devices depend on drivers - classic or printer applications, -** remote print queues on a server - any OS with CUPS 2.2.8 and newer or OS where IPP Everywhere support was backported (f.e. RHEL 8) are capable of supporting IPP Everywhere, otherwise a combination of driver and raw queue is needed in client-server communication, -* what is the purpose of the device where you install the printer - endpoint device, which is used by user as a desktop, or a server, which shares the installed printers further, -* what are your personal preferences - using or not using IPP protocol, using or not using mDNS for autoinstallation if possible from network layout. - -So there are several user stories based on those dependencies, which are described further down. - -=== Common user stories - -==== I have a printer made after 2015, I'm at home and want to print from my PC - -* the most common setup on desktop -* the printer is new enough to support driverless standards via USB and network, so driverless support doesn't depend on your connection -* the PC is an endpoint device, I don't want to share the printer -* I don't mind using mDNS and IPP, mDNS is enabled in my firewall, IPP and mDNS (or similar settings) are enabled on the printer, and mDNS resolution works (checked by pinging .local hostname) - -CUPS temporary queues for xref:_how_to_setup_cups_temporary_queues_with_usb_printer[USB] or xref:_how_to_setup_cups_temporary_queues_with_network_printer[network] are ideal for this use case. - -==== I have an older printer, I'm at home and want to print from my PC - -* the printer doesn't have a driverless support - check via xref:_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing?[ipptool] for network printers (if the printer has IPP support and you enable the port) and via xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[lsusb] for USB printers, -* my PC is an endpoint device - -Currently there are two options - install the printer in xref:_how_to_install_a_printer_via_printer_application_in_snap_and_making_it_available_for_cups[printer application] and CUPS will automatically see it, or install it with classic driver xref:_how_to_install_a_permanent_print_queue[permanently]. Installation with classic driver is deprecated and will be removed in CUPS 3.0. - -==== I'm in a company which has a print server where office printers are installed, I want to print to the print server - no mDNS, but with driverless - -* the print server supports IPP Everywhere and is in a different network or doesn't register on mDNS, or I don't want to use mDNS -* remote print queue has the URI ipp://:631/printers/, where is the hostname of print server and is a name of a print queue I want to connect to -* xref:_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing?[ipptool] command passes if the URI is used - -Such printers has to be installed xref:_how_to_install_a_permanent_print_queue[permanently] with IPP Everywhere driver. - -==== I'm in a company which has a printer server where office printers are installed, I want to print to the print server - with working mDNS in local network - -Such remote printers are discovered automatically via mDNS and used as xref:_how_to_setup_cups_temporary_queues_with_network_printer[CUPS temporary queues] on network - they are seen on mDNS and automatically picked up by dialogs. - -==== I want to print, but I don't want to or can't use mDNS, regardless whether my printer supports driverless printing - -Every printer which can't be discovered by mDNS has to be installed xref:_how_to_install_a_permanent_print_queue[permanently] in CUPS or, in CUPS 3.0, by printer profile. - -. Driverless printers: -* all of them supported by *IPP Everywhere* model under Manufacturer entry in CUPS Web UI and as *everywhere* in CLI -* types based on origin: -** Network: -*** URI: ipp://:631/ipp/print , where is hostname or IP address of the printer -** IPP-over-USB printers via ipp-usb: -*** URI: ipp://localhost:60000/ipp/print -** Printers installed via printer application: -*** URI: ipp://localhost:8000/ipp/print/ , where is the printer name chosen in printer application - -. Remote print queues on a print server: -* URI: ipp://:631/printers/ , where is server's IP address or hostname and is a name of the print queue installed on the server -* it depends on CUPS on the server whether a local printer which points to a printer on the server can be installed as IPP Everywhere model - usually CUPS 2.2.8 and newer support driverless and some distributions such as CentOS 8 backported the functionality as well -* otherwise it depends on printer's driver on the old server - the key is to prevent applying the options multiple times (so one of the connections has to be raw and loses some of the functionality) - -. Legacy or specialized printers -* (deprecated, to be removed in CUPS 3.0) can be discovered by CUPS and installed with classic drivers -* can be installed in printer application and then installed in CUPS as a permanent queue (see driverless printers - printers installed via printer application above) - -==== Driverless options don't do the trick for me on my driverless printer, I want to use features from the driver - -The current recommended action is to install the printer via xref:_how_to_install_a_printer_via_printer_application_in_snap_and_making_it_available_for_cups[printer application], which contains the classic driver, because installation the printer permanently in CUPS with classic driver is deprecated and it will be removed in CUPS 3.0. Then mDNS can be used to catch it by CUPS or the printer from printer application has to be installed permanently in CUPS as a IPP Everywhere printer. - -In case of IPP-over-USB printers, a reject rule has to be added as described in xref:cups-known-issues.adoc#_usb_printerscanner_doesnt_work_due_a_conflict_on_usb_port[known issues]. - -==== I install the printer on a server, which will share the printer further - -Printers on the server have to be installed xref:_how_to_install_a_permanent_print_queue[permanently] to be shared. IPP Everywhere model (directly to the printer or via printer application) is the ideal, but a classic driver with standardized PPD options on a server capable of using driverless is fine as well - clients can use IPP Everywhere model when pointing to the server and options are translated properly. Otherwise there is a possibility that some options aren't applied or applied twice. Don't forget about enabling IPP in firewall, setting ACLs to the server via [filename]`/etc/cups/cupsd.conf` and attaching the daemon to port 631 instead of localhost. - -==== I'm in a company with old print server incapable of driverless, I want to print - -The important thing is to prevent applying options multiple times in this scenario. There are several ways how to do it: - -* ask your IT support for the driver (print queue on the server has to be raw) -* use *ServerName* directive in [filename]`/etc/cups/client.conf` or *CUPS_SERVER* environment variable to connect to the server directly - you won't be able to do admin tasks, but capable of printing. - -=== How to find out whether my printer is capable of driverless printing? - -Network printers have the prerequisites - enablement of IPP port on the printer is the minimum, mDNS is required for automatic printer discovery by `libcups`. - -* [command]`ipptool` command which sends IPP Get-Printer-Attributes request to the network printer passes: - ----- -$ ipptool -tv ipp://printer.example.com:631/ipp/print get-printer-attributes.test -"/usr/share/cups/ipptool/get-printer-attributes.test": - Get-Printer-Attributes: - attributes-charset (charset) = utf-8 - attributes-natural-language (naturalLanguage) = en - printer-uri (uri) = ipp://printer.example.com:631/ipp/print - requested-attributes (1setOf keyword) = all,media-col-database - Get printer attributes using get-printer-attributes [PASS] -... ----- - -, where `printer.example.com` is the hostname or IP of your network printer, - -* look for AirPrint among device specification, -* https://www.pwg.org/printers/[Officially certified printers for IPP Everywhere], -* check xref:_how_to_setup_cups_temporary_queues_with_network_printer[manual] for enabling CUPS temporary queues - if your printer is seen in the end in CUPS commands that way, your printer is capable of driverless printing, -* [USB devices only] check for IPP over USB (xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[manual] here). - -=== How to find out if my USB device supports IPP over USB - -Check whether your USB device has a following text in [command]`lsusb -v` output: - ----- -... - bInterfaceClass 7 Printer - bInterfaceSubClass 1 Printer - bInterfaceProtocol 4 - iInterface 0 -... ----- - -If the device has the _bInterfaceClass 7_, _bInterfaceSubClass 1_ and _bInterfaceProtocol 4_ in the sequence, it supports IPP over USB which is critical for USB device driverless printing and scanning. - -=== How to setup CUPS temporary queues - -To setup the temporary queues correctly, there are several prerequisities: - -* printer/remote print queue has a driverless support and has it enabled, -* your PC has avahi-daemon service or avahi-daemon socket running, -* your PC has cups socket or service running, -* mDNS hostnames are resolvable - test by pinging a .local hostname - -==== How to setup CUPS temporary queues with network printer - -* additional requirement: -** enable MDNS in your firewall settings - -After this the temporary queue will appear in the print dialog and you don't need to install a specific print queue unless you have a reason for it. - -You can check if your printer is seen in mDNS messages by (*avahi-tools* must be installed): - ----- -$ avahi-browse -avrt -... -= enp0s25 IPv4 HP LaserJet M1536dnf MFP (42307C) _ipp._tcp local - hostname = [NPI42307C.local] - address = [192.168.1.10] - port = [631] - txt = ["UUID=434e4239-4243-4a42-5859-3c4a9242307c" "Scan=T" "Duplex=T" "Color=F" "note=" "adminurl=http://NPI42307C.local." "priority=10" "product=(HP LaserJet M1536dnf MFP)" "ty=HP LaserJet M1536dnf MFP" "URF=CP99,W8,OB10,PQ3-4-5,DM1,IS1-4,MT1-2-3-5,MT1-2-3-5,RS600" "rp=ipp/printer" "pdl=application/postscript,application/vnd.hp-PCL,application/vnd.hp-PCLXL,application/pdf,image/urf" "qtotal=1" "txtvers=1"] -... ----- - -and if CUPS or its backends see the printer by commands: - -(lists all existing print queues - permanent or temporary) - ----- -$ lpstat -e -HP_LaserJet_M1536dnf_MFP_42307C_ ----- - -or - -(lists all devices, which CUPS sees in the local network or USB) - ----- -$ lpinfo -l -v -... -Device: uri = ipp://HP%20LaserJet%20M1536dnf%20MFP%20(42307C)._ipp._tcp.local/ - class = network - info = HP LaserJet M1536dnf MFP (driverless) - make-and-model = HP LaserJet M1536dnf MFP - device-id = MFG:HP;MDL:LaserJet M1536dnf MFP;CMD:PDF,PS,PCL,AppleRaster,URF; - location = -... ----- - -==== How to setup CUPS temporary queues with USB printer - -* additional requirements: -** install *ipp-usb*, which will transform IPP over USB devices to network printer on localhost: - ----- -$ sudo dnf -y install ipp-usb ----- - -Then you can follow the steps in xref:_how_to_setup_cups_temporary_queues_with_network_printer[manual] for network printers. - -=== How to install a permanent print queue - -Prerequisties for permanent driverless printers: enable IPP in your firewall, enable IPP on your printer if possible. - -==== Installation via CUPS web UI ==== - -* start cups.service - ----- -$ sudo systemctl start cups ----- - -* go to *http://localhost:631* in your browser -* go to *Administration* tab -* click on *Add printer* -* enter your credentials -* choose the found device or the connection you prefer - for driverless permanent queue choose *Internet Printing Protocol (ipp)* -* in case you didn't choose a found device, enter the device uri at the next page - for driverless printers they usually are: - ----- -Network printers: -ipp://:631/ipp/print - -USB printers via ipp-usb: -ipp://localhost:60000/ipp/print - -Non-driverless printers via printer application: -ipp://localhost:8000/ipp/print/ - -Printers pointing to a remote CUPS server: -ipp://:631/printers/ ----- - -* choose device manufacturer and model (*IPP Everywhere* for driverless printers) -* set a different default options if needed and finish - -*Notes:* - -Adding a permanent queue for driverless USB printers or non-driverless printers installed in a printer application is usually unnecessary, because they are shared by mDNS on localhost, so any application using CUPS 2.0+ API functions (cupsGetDests(), cupsGetNamedDest(), cupsCopyDestInfo()) should be able to pick them automatically (for network printer it depends whether the device is in the same subnet as your machine). Installling them permanently should be necessary only if an application doesn't use the recent API or to work around a bug which happens when using them as temporary queues. - -If there are more devices via *ipp-usb* or printer applications, they listen on different ports - devices via ipp-usb start on port 60000, separate printer applications start on port 8000. - - -==== Installation via CLI commands ==== - -* you will need a device uri - ``, which you can find by `lpinfo -v`: - ----- -$ lpinfo -v -direct usb://HP/Officejet%20Pro%208500%20A909a?serial=NNNNNNNNN&interface=1 - ==================================================================== -network dnssd://Officejet%20Pro%208500%20A909a%20%5B43FD8E%5D._pdl-datastream._tcp.local/ - ================================================================================= ----- - -or construct it manually - f.e. for IPP printers: - ----- -ipp://:631/ipp/print ----- - -and a driver name - ``, f.e.: - ----- -$ lpinfo -m -.... -everywhere IPP Everywhere -========== -... ----- - ----- -$ lpadmin -p -v -m -E ----- - -where `` and `` are underscored strings from previous commands and `` is a print queue name, which is chosen by you. - -== How to install a printer via printer application in SNAP and making it available for CUPS - -Currently printer applications are available in SNAPs on Fedora. I'm planning to release them as RPMs, but the code base will be the same, so its testing can happen even with SNAPs. - -* install snapd, - -First we have to install snapd for testing purposes: - ----- -$ sudo dnf -y install snapd -$ sudo ln -s /var/lib/snapd/snap /snap -$ snap version ----- - -If the installation had been successful, the last command will show snapd's version. - -* install and run printer application, - -First the SNAP with printer application has to be installed and started by the commands below. All printer applications are available in SNAP Store under the same names as they are at https://github.com/orgs/OpenPrinting/repositories[OpenPrinting repositories]. We will use [filename]`ps-printer-app` printer application in the next steps. - ----- -$ sudo snapd install --edge ps-printer-app -$ sudo snapd run ps-printer-app ----- - -* go to http://localhost:8000, - -After starting the printer application its web interface becomes available at http://localhost:8000 - if user installs and runs another printer application, it will become available at localhost on the next port (8001). The printer application can contain several printers (as [filename]`cupsd` does). - -* click on `Add Printer` on the main page, -* choose the printer's name, -* select the found device or choose `Network printer` from `Device` scroll menu and provide hostname or IP of the device, -* choose to auto-detect driver or select the driver by yourself, -* click on `Add Printer`, -* now the printer should be available at least on localhost via mDNS (if [filename]`avahi-daemon` is running and `nss-mdns` is installed)- check it by [filename]`avahi-browse`(`avahi-tools` has to be installed): - ----- -$ avahi-browse -avrt -... -= lo IPv4 HP Laserjet M1536 _ipp._tcp local - hostname = [fedora-2.local] - address = [127.0.0.1] - port = [8000] - txt = ["Scan=F" "PaperMax=legal-A4" "Fax=F" "product=(HP LaserJet M1536dnf MFP Postscript (recommended))" "mopria-certified=1.3" "priority=0" "qtotal=1" "txtvers=1" "Duplex=T" "Color=F" "TLS=1.2" "URF=V1.5,W8,PQ3-4-5,DM1,FN3,IS0-20,MT1-5-6-3,OB10,RS300-600" "UUID=24837a30-5f87-3ac9-6d85-086d486092dd" "pdl=image/pwg-raster,image/urf,application/vnd.printer-specific,application/pdf,application/postscript,image/jpeg,image/png" "note=" "adminurl=http://fedora-2.local:8000/HP_Laserjet_M1536/" "ty=HP LaserJet M1536dnf MFP Postscript (recommended)" "rp=ipp/print/HP_Laserjet_M1536"] -... ----- - -* and by `lpstat -e`: - ----- -$ lpstat -e -... -HP_Laserjet_M1536 -... ----- - -The available printing options for the printer installed via printer application can be checked with [filename]`lpoptions` command: - ----- -$ lpoptions -p HP_Laserjet_M1536 -l -PageSize/Media Size: 184.15x260mm 195.09x269.88mm A4 A5 B5 DoublePostcardRotated Env10 EnvC5 EnvDL EnvMonarch Executive FanFoldGermanLegal ISOB5 Legal *Letter Postcard roc16k Custom.WIDTHxHEIGHT -InputSlot/Media Source: *Auto Tray1 Auto -MediaType/Media Type: *Unspecified Stationery Light6074 MidWeight96110 Heavy111130 ExtraHeavy131175 MonochromeLaserTransparency Labels StationeryLetterhead Envelope StationeryPreprinted Prepunched Colored Bond StationeryRecycled Rough Vellum -cupsPrintQuality/cupsPrintQuality: Draft *Normal High -ColorModel/Output Mode: *Gray -Duplex/Duplex: *None DuplexNoTumble DuplexTumble -OutputBin/OutputBin: *FaceDown ----- - -== How to install a scanner - -Scanners in Linux don't have to be installed the same way as printers are if they are in the same network or connected via USB - you just need *sane-backends* to be installed and any scanning application will communicate with scanner/multifunction device via the backend which supports the scanner. - -However, the older HP scanners and multifunction devices require an additional package - *hplip* - and its binary plugins downloaded via [command]`hp-plugin -i` if they aren't supported by sane-backends already. - -=== How to find out my multifunction device or standalone scanner is capable of driverless scanning? - -* check the device specification and look for eSCL/AirScan/WSD - if any of these are mentioned, the device is capable of driverless scanning -* most devices which advertise they can do AirPrint are capable of AirScan too -* [USB devices only] check for IPP over USB (xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[manual] here). - -=== How to make driverless scanning work - -For LAN located and USB devices: - -* have *avahi-daemon* enabled and running - ----- -$ sudo systemctl enable avahi-daemon -$ sudo systemctl start avahi-daemon ----- - -* enable MDNS in firewall -* [USB devices only] install *ipp-usb* - -For network scanners in a different network: - -* set the scanner device uri in [filename]`/etc/sane.d/airscan.conf` - see: - ----- -man sane-airscan ----- - -== How to setup mDNS with systemd-resolved - -systemd-resolved is enabled and running by default since F33 and can be setup to work with Avahi on mDNS support which CUPS needs - Avahi does the advertising, registering and sharing devices, and resolved will handle '.local' address resolution. It will work with following steps: - -* put [option]`MulticastDNS=resolve` into [filename]`/etc/systemd/resolved.conf` - ----- -$ sudo systemctl restart systemd-resolved -$ sudo nmcli connection modify connection.mdns yes connection.llmnr yes -$ sudo systemctl restart NetworkManager ----- - -== How to compress files - -Example: - ----- -$ tar -czvf cups-information.tar.gz /etc/cups cups.logs troubleshoot.txt lpinfo.log ----- - -== Restarting cups service - -You restart cups service with: - ----- -su -c 'systemctl restart cups.service' ----- diff --git a/modules/ROOT/pages/_partials/2delete-con_cups-user-stories.adoc b/modules/ROOT/pages/_partials/2delete-con_cups-user-stories.adoc deleted file mode 100644 index 67c8049..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_cups-user-stories.adoc +++ /dev/null @@ -1,114 +0,0 @@ -[id='proc_cups-user-stories'] -= User stories - -There are several common user stories when it comes to debugging printing issues. I'll mention some of them with steps how to get necessary information. - -== I have HP printer and have a problem with HPLIP script - -Please follow the steps in the following sections: - -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_journal_logging[start to capture journal logs] -* xref:how-to-debug-printing-problems.adoc#_hplip_scripts_debug_logging[run the script with enabled debugging] -* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_journal_logging[get the journal logs] -* attach the files to the bugzilla ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] -* provide printer model name and printer PPD file from `/etc/cups/ppd/` - -== I have HP printer, installed it with HPLIP and have a problem with it - -HPLIP installed print queue has a device uri starting with hp://. - -Please follow the steps in the following sections: - -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_journal_logging[start to capture journal logs] -* trigger your issue -* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_journal_logging[get the journal logs] -* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB -* attach the files to the bugzilla ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] -* provide printer model name and printer PPD file from `/etc/cups/ppd/` - -== My printer doesn't print correctly or at all, but I can see the printer in print dialog - -Please follow the steps in the following sections: - -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture logs] -* trigger your issue - print the specific document to the specific print queue you have problem with -* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[get the logs] -* attach the created files to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] -* attach your printer PPD file from `/etc/cups/ppd/` if available -* attach the file you wanted to print -* tell what application you printed from -* mention your xref:how-to-debug-printing-problems.adoc#_which_driver_am_i_using[printer model] -* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB - -== CUPS generic issue - -For generic issues - printer wasn't found, segfault - please follow the steps in the following sections (`avahi-daemon` must run): - -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture logs] -* trigger the issue - e.g. try to find printers via [command]`sudo lpinfo -l -v`, do some action in web ui - depends on your problem -* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[get the logs] -* attach created files to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] -* put the output of xref:how-to-debug-printing-problems.adoc#_what_make_and_model_is_my_printer[lpinfo] into a file and attach it -* put the output of xref:how-to-debug-printing-problems.adoc#_which_print_queues_are_available_for_me[both lpstat commands] into a file and attach it -* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB - -== My printer doesn't print correctly - I use 'everywhere' model - -Please follow the steps in the following sections: - -* xref:how-to-debug-printing-problems.adoc#_cups_everywhere_model[get data from get-printer-attributes request] -* xref:how-to-debug-printing-problems.adoc#_my_printer_doesnt_print_correctly_or_at_all_but_i_can_see_the_printer_in_print_dialog[follow the steps with CUPS job log user story] - -== I have a generic problem with cups-browsed - -Please follow the steps in the following sections: - -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[enable cups-browsed logging], but don't restart cups-browsed yet. -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture cupsd logs] -* start cups-browsed via `systemctl` and start to capture its logs: - ----- -$ journalctl -u cups-browsed -f > cups_browsed_log ----- - -* trigger the issue or wait until cups-browsed triggers the issue itself -* cancel cups-browsed and xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[cupsd log] captures -* attach created files [filename]`cups_whole_log` and [filename]`cups_browsed_log` to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] - -== Printer found by cups-browsed doesn't print or print badly - -The most difficult user story - we need to know how the print queue was created and how it behaves during printing. The print queue found by cups-browsed has a device uri starting with `implicitclass://`. - -Please follow the steps: - -* xref:how-to-debug-printing-problems.adoc#_cups_filters_driverless_driver[get printer info from get-printer-attributes and PPD file] -* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] -* xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[enable cups-browsed logging], but don't restart cups-browsed yet. -* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture cupsd logs] -* start cups-browsed via `systemctl` and start to capture its logs: - ----- -$ journalctl -u cups-browsed -f > cups_browsed_queue_creation ----- - -* give cups-browsed some time to process found devices (depends on how many devices you have in the local network or how many print queues are stored in the location you set with [option]`BrowsePoll` directive) -* cancel cups-browsed and xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[cupsd log] captures - save the files as `cups_queue_creation` and `cups_browsed_queue_creation` - -Now we need to capture the logs during printing: - -* xref:how-to-debug-printing-problems.adoc#_prepare_cups_for_job_logging[prepare CUPS for job logging] -* xref:cups-useful-tricks.adoc#_restarting_cups_service[restart CUPS service] -* start to capture cups_browsed logs again: - ----- -$ journalctl -u cups-browsed -f > cups_browsed_printing ----- - -* trigger your issue - print the specific document to the specific print queue you have problem with -* xref:how-to-debug-printing-problems.adoc#_get_a_job_log_for_a_specific_job_id[get the job log for the job you have just triggered] and cancel the capture of cups-browsed logging -* attach all gathered log files diff --git a/modules/ROOT/pages/_partials/2delete-con_disk-partition-linux.adoc b/modules/ROOT/pages/_partials/2delete-con_disk-partition-linux.adoc deleted file mode 100644 index dedd8c6..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_disk-partition-linux.adoc +++ /dev/null @@ -1,9 +0,0 @@ -// Module included in the following assemblies: -// -// creating-a-disk-partition-in-linux-using-the-parted-command.adoc -:experimental: - -[#{context}-disk-partition-linux] -= Disk Partitioning in Linux - -Creating and deleting partitions in Linux is a regular practice because storage devices (such as hard drives and USB drives) must be structured in some way before they can be used. In most cases, large storage devices are divided into separate sections called partitions. Partitioning also allows you to divide your hard drive into isolated sections, where each section behaves as its own hard drive. Partitioning is particularly useful if you run multiple operating systems. diff --git a/modules/ROOT/pages/_partials/2delete-con_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-con_firewalld.adoc deleted file mode 100644 index 43faa31..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_firewalld.adoc +++ /dev/null @@ -1,22 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -[id='concept-firewalld-fedora'] -= Using firewalld - -== What is firewalld? - -A _firewall_ is a way to protect machines from any unwanted traffic from outside. It enables users to control incoming network traffic on host machines by defining a set of _firewall rules_. These rules are used to sort the incoming traffic and either block it or allow through. - -`firewalld` is a firewall service daemon that provides a dynamic customizable host-based firewall with a `D-Bus` interface. Being dynamic, it enables creating, changing, and deleting the rules without the necessity to restart the firewall daemon each time the rules are changed. - -`firewalld` uses the concepts of _zones_ and _services_, that simplify the traffic management. - -`_Zones_` are predefined sets of rules. Network interfaces and sources can be assigned to a zone. The traffic allowed depends on the network your computer is connected to and the security level this network is assigned. Firewall services are predefined rules that cover all necessary settings to allow incoming traffic for a specific service and they apply within a zone. - -`_Services_` use one or more ports or addresses for network communication. Firewalls filter communication based on ports. To allow network traffic for a service, its ports must be open. `firewalld` blocks all traffic on ports that are not explicitly set as open. Some zones, such as trusted, allow all traffic by default. - -.Additional resources - -For more information about using firewalld and configuring zones and services, see link:https://firewalld.org/documentation/[firewalld documentation] or link:https://fedoraproject.org/wiki/Firewalld[Fedora wiki:firewalld] diff --git a/modules/ROOT/pages/_partials/2delete-con_introduction-to-selinux.adoc b/modules/ROOT/pages/_partials/2delete-con_introduction-to-selinux.adoc deleted file mode 100644 index 29a262a..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_introduction-to-selinux.adoc +++ /dev/null @@ -1,39 +0,0 @@ -// Module included in the following assemblies: -// -// getting-started-with-selinux.adoc - -[#{context}-introduction-to-selinux] -= Introduction to SELinux - -Security Enhanced Linux (SELinux) provides an additional layer of system security. SELinux fundamentally answers the question: _May do to ?_, for example: _May a web server access files in users' home directories?_ - -The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files. - -SELinux implements Mandatory Access Control (MAC). Every process and system resource has a special security label called a _SELinux context_. A SELinux context, sometimes referred to as a _SELinux label_, is an identifier which abstracts away the system-level details and focuses on the security properties of the entity. Not only does this provide a consistent way of referencing objects in the SELinux policy, but it also removes any ambiguity that can be found in other identification methods; for example, a file can have multiple valid path names on a system that makes use of bind mounts. - -The SELinux policy uses these contexts in a series of rules which define how processes can interact with each other and the various system resources. By default, the policy does not allow any interaction unless a rule explicitly grants access. - -[NOTE] -==== -It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first, which means that no SELinux denial is logged if the traditional DAC rules prevent the access. -==== - -SELinux contexts have several fields: user, role, type, and security level. The SELinux type information is perhaps the most important when it comes to the SELinux policy, as the most common policy rule which defines the allowed interactions between processes and system resources uses SELinux types and not the full SELinux context. SELinux types usually end with `_t`. For example, the type name for the web server is `httpd_t`. The type context for files and directories normally found in `/var/www/html/` is `httpd_sys_content_t`. The type contexts for files and directories normally found in `/tmp` and `/var/tmp/` is `tmp_t`. The type context for web server ports is `http_port_t`. - -For example, there is a policy rule that permits Apache (the web server process running as `httpd_t`) to access files and directories with a context normally found in `/var/www/html/` and other web server directories (`httpd_sys_content_t`). There is no allow rule in the policy for files normally found in `/tmp` and `/var/tmp/`, so access is not permitted. With SELinux, even if Apache is compromised, and a malicious script gains access, it is still not able to access the `/tmp` directory. - -[#fig-intro-httpd-mysqld] -.SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t. -image::selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example] - -[discrete] -== Additional resources -To better understand SELinux basic concepts, see the following documentation: - -* link:++https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf++[The SELinux Coloring Book] - -* link:++https://people.redhat.com/tcameron/Summit2012/SELinux/cameron_w_120_selinux_for_mere_mortals.pdf++[SELinux for Mere Mortals] - -* link:++http://selinuxproject.org/page/FAQ++[SELinux Wiki FAQ] - -* link:++http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf++[The SELinux Notebook] diff --git a/modules/ROOT/pages/_partials/2delete-con_logging-sudo-commands.adoc b/modules/ROOT/pages/_partials/2delete-con_logging-sudo-commands.adoc deleted file mode 100644 index 6872e01..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_logging-sudo-commands.adoc +++ /dev/null @@ -1,21 +0,0 @@ -[id="concept-logging-sudo-commands"] -= Logging sudo commands - -Each successful authentication using the [command]`sudo` command is logged to the [filename]`/var/log/messages` file. For each authentication, the [filename]`/var/log/secure` file lists the user name and the command that was executed. - -For additional logging, use the `pam_tty_audit` module to enable TTY auditing for specific users. TTY auditing prints the file name of the terminal connected to the standard I/O. To enable TTY auditing, add the following line to your [filename]`/etc/pam.d/system-auth` file: - -[subs=quotes] ----- -session required pam_tty_audit.so disable=pattern enable=_PATTERN_ ----- - -Replace `_PATTERN_` with a comma-separated list of users (and globs, if needed). - -For example, the following command enables TTY auditing for the root user and disables it for all other users: - ----- -session required pam_tty_audit.so disable=* enable=root ----- - -Using the `pam_tty_audit` PAM module for auditing only records TTY input. As a result, when the audited user logs in, `pam_tty_audit` records the user’s exact keystrokes and saves them in [filename]`/var/log/audit/audit.log`. For more information, see the *pam_tty_audit(8)* manual page. diff --git a/modules/ROOT/pages/_partials/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc b/modules/ROOT/pages/_partials/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc deleted file mode 100644 index 816b40b..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc +++ /dev/null @@ -1,34 +0,0 @@ -// Module included in the following assemblies: -// -// changing-selinux-states-and-modes.adoc - -[#{context}-changing-selinux-modes] -= Permanent changes in SELinux states and modes - -As discussed in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-introduction[Introduction to SELinux], SELinux can be enabled or disabled. When enabled, SELinux has two modes: enforcing and permissive. - -Use the [command]`getenforce` or [command]`sestatus` commands to check in which mode SELinux is running. The [command]`getenforce` command returns `Enforcing`, `Permissive`, or `Disabled`. - -The [command]`sestatus` command returns the SELinux status and the SELinux policy being used: - -[source,bash] ----- -~]$ sestatus -SELinux status: enabled -SELinuxfs mount: /sys/fs/selinux -SELinux root directory: /etc/selinux -Loaded policy name: targeted -Current mode: enforcing -Mode from config file: enforcing -Policy MLS status: enabled -Policy deny_unknown status: allowed -Memory protection checking: actual (secure) -Max kernel policy version: 31 ----- - -[NOTE] -==== -When systems run SELinux in permissive mode, users and processes can label various file-system objects incorrectly. File-system objects created while SELinux is disabled are not labeled at all. This behavior causes problems when changing to enforcing mode because SELinux relies on correct labels of file-system objects. - -To prevent incorrectly labeled and unlabeled files from causing problems, file systems are automatically relabeled when changing from the disabled state to permissive or enforcing mode. In permissive mode, use the [command]`fixfiles -F onboot` command as root to create `/.autorelabel` file containing the `-F` option to ensure that files are relabeled upon next reboot. -==== diff --git a/modules/ROOT/pages/_partials/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc b/modules/ROOT/pages/_partials/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc deleted file mode 100644 index 6ad8ca2..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc +++ /dev/null @@ -1,72 +0,0 @@ -[id='relationship-between-fedora-and-red-hat-enterprise-linux'] -= Relationship between Fedora and RHEL - -Red Hat Enterprise Linux (RHEL) and Fedora both are open source operating systems. They are related projects, with Fedora being "upstream" of Red Hat Enterprise Linux. Whereas Fedora is a community-supported project suitable for different kinds of users, Red Hat Enterprise Linux is enterprise business-oriented software supported via commercial subscription options. - -== Red Hat Enterprise Linux - -Red Hat Enterprise Linux is an enterprise Linux operating system. It is oriented toward enterprise and commercial users, is certified for many hardware and cloud platforms, and is supported by Red Hat via various subscription options. Compared to Fedora, Red Hat Enterprise Linux emphasizes stability and enterprise-readiness over the latest technologies or rapid releases. More information about Red Hat offerings can be found at https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux[Red Hat's web site]. - -Individual software developers can access a free-of-charge subscription as part of the https://developers.redhat.com/about[Red Hat Developer Program]. Developers can use Red Hat Enterprise Linux on up to 16 physical or virtual systems for development, quality assurance, demos, or small production uses. See the Frequently Asked Questions for the https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux[No-cost Red Hat Enterprise Linux Individual Developer Subscription]. - -== Fedora - -Fedora is developed by the Fedora Project and sponsored by Red Hat. It follows its own release schedule, with a new version approximately every six months. Fedora provides a modern Linux operating system utilizing many of the latest technologies. It is free for all users and supported via the Fedora community. - -To create Red Hat Enterprise Linux, some version of Fedora is forked and enters an extensive development, testing and certification process to become a new version of Red Hat Enterprise Linux. - -== History of Red Hat Enterprise Linux and Fedora - -Red Hat first offered an enterprise Linux support subscription for Red Hat Linux 6.1. It was not a separate product, but the subscription offering was branded as Red Hat 6.2E. Subsequently, Red Hat started creating a separate product with commercial service level agreements and longer lifecyle based on Red Hat Linux, and later on Fedora. - -.Red Hat Enterprise Linux and Fedora Lineage -[options="header"] -|=== -|Release |Codename |Release Date |Based on -|Red Hat Linux 6.2E |Zoot |2000-03-27 |Red Hat Linux 6.2 - -|Red Hat Enterprise Linux 2.1 |Pensacola (AS)/ Panama (ES) |2002-03-26 -(AS) |Red Hat Linux 7.2 - -|Red Hat Enterprise Linux 3 |Taroon |2003-10-22 |Red Hat Linux 9 - -|Red Hat Enterprise Linux 4 |Nahant |2005-02-15 |Fedora Core 3 - -|Red Hat Enterprise Linux 5 |Tikanga |2007-03-14 |Fedora Core 6 - -|Red Hat Enterprise Linux 6 |Santiago |2010-11-10 |Mix of Fedora 12 -Fedora 13 and several modifications - -|Red Hat Enterprise Linux 7 |Maipo |2014-06-10 |Primarily Fedora 19 with -several changes from 20 and later - -|Red Hat Enterprise Linux 8|Ootpa |2019-05-07 |Fedora 28 - -|Red Hat Enterprise Linux 9|Plow |2022-05-17 |Fedora 34 -|=== - -== Difference between Red Hat Enterprise Linux and Fedora - -.Difference between Red Hat Enterprise Linux and Fedora -[cols="1,3,3",options="header"] -|=== -| -|Red Hat Enterprise Linux -|Fedora - -|support -|Red Hat Enterprise Linux is a commercially supported product by Red Hat and provides service level agreements that is important for enterprise customers. This support involves product assistance as well as prioritization of bug fixes, feature requests, certified hardware and software. -|Fedora is supported by a wide community of developers and users but it is not commercially supported by Red Hat. Red Hat does http://fedoraproject.org/sponsors[sponsor] the Fedora Project. - -|releases -|A new version of Red Hat Enterprise Linux comes out every few years and is supported for up to 10 years. -|New Fedora releases are available about every six months and every release gets updates for about 13 months. - -|available software -|Software in Red Hat Enterprise Linux is a subset of that available in Fedora. These are the packages enterprise customers need and are supported by Red Hat. -|Fedora offers a wide range of software, with many thousands of packages available in the repository. - -|update policy -|Red Hat Enterprise Linux updates are more conservative and generally focus on security and bug fixes. -|Fedora's Updates Policy is more liberal compared to Red Hat Enterprise Linux. -|=== diff --git a/modules/ROOT/pages/_partials/2delete-con_runtime_and_permanent_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-con_runtime_and_permanent_firewalld.adoc deleted file mode 100644 index 8862a6c..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_runtime_and_permanent_firewalld.adoc +++ /dev/null @@ -1,15 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -[id='concept-runtime-and-permanent-firewalld-fedora'] - -= Runtime and permanent settings - -Any changes made while firewalld is running will be lost when firewalld is restarted. When firewalld is restarted, the settings revert to their permanent values. - -These changes are said to be made in _runtime mode_. - -To make the changes persistent across reboots, apply them again using the `--permanent` option. Alternatively, to make changes persistent while firewalld is running, use the `--runtime-to-permanent _firewall-cmd_` option. - -If you make changes while firewalld is running using only the `--permanent` option, they do not become effective until firewalld is restarted. However, restarting firewalld briefly stops the networking traffic, causing disruption to your system. diff --git a/modules/ROOT/pages/_partials/2delete-con_selinux-architecture.adoc b/modules/ROOT/pages/_partials/2delete-con_selinux-architecture.adoc deleted file mode 100644 index f636ef8..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_selinux-architecture.adoc +++ /dev/null @@ -1,11 +0,0 @@ -// Module included in the following assemblies: -// -// getting-started-with-selinux.adoc -:experimental: - -[#{context}-selinux-architecture] -= SELinux architecture - -SELinux is a Linux Security Module (LSM) that is built into the Linux kernel. The SELinux subsystem in the kernel is driven by a security policy which is controlled by the administrator and loaded at boot. All security-relevant, kernel-level access operations on the system are intercepted by SELinux and examined in the context of the loaded security policy. If the loaded policy allows the operation, it continues. Otherwise, the operation is blocked and the process receives an error. - -SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. Remember that SELinux policy rules have no effect if DAC rules deny access first. diff --git a/modules/ROOT/pages/_partials/2delete-con_selinux-examples.adoc b/modules/ROOT/pages/_partials/2delete-con_selinux-examples.adoc deleted file mode 100644 index f5d5c42..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_selinux-examples.adoc +++ /dev/null @@ -1,19 +0,0 @@ -// Module included in the following assemblies: -// -// getting-started-with-selinux.adoc -:experimental: - -[#{context}-selinux-examples] -= SELinux examples - -The following examples demonstrate how SELinux increases security: - -* The default action is deny. If an SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied. - -* SELinux can confine Linux users. A number of confined SELinux users exist in SELinux policy. Linux users can be mapped to confined SELinux users to take advantage of the security rules and mechanisms applied to them. For example, mapping a Linux user to the SELinux `user_u` user, results in a Linux user that is not able to run (unless configured otherwise) set user ID (setuid) applications, such as [command]`sudo` and [command]`su`, as well as preventing them from executing files and applications in their home directory. If configured, this prevents users from executing malicious files from their home directories. - -* Increased process and data separation. Processes run in their own domains, preventing processes from accessing files used by other processes, as well as preventing processes from accessing other processes. For example, when running SELinux, unless otherwise configured, an attacker cannot compromise a Samba server, and then use that Samba server as an attack vector to read and write to files used by other processes, such as MariaDB databases. - -* SELinux helps mitigate the damage made by configuration mistakes. Domain Name System (DNS) servers often replicate information between each other in what is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the Berkeley Internet Name Domain (BIND) as a DNS server in Fedora, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files footnote:[Text files that include information, such as host name to IP address mappings, that are used by DNS servers.] from being updated using zone transfers, by the BIND `named` daemon itself, and by other processes. - -* See the link:++https://www.networkworld.com++[NetworkWorld.com] article, link:++https://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[A seatbelt for server software: SELinux blocks real-world exploits]footnote:[Marti, Don. "A seatbelt for server software: SELinux blocks real-world exploits". Published 24 February 2008. Accessed 27 August 2009: link:++https://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[].], for background information about SELinux, and information about various exploits that SELinux has prevented. diff --git a/modules/ROOT/pages/_partials/2delete-con_selinux-states-and-modes.adoc b/modules/ROOT/pages/_partials/2delete-con_selinux-states-and-modes.adoc deleted file mode 100644 index b83bc04..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_selinux-states-and-modes.adoc +++ /dev/null @@ -1,47 +0,0 @@ -// Module included in the following assemblies: -// -// getting-started-with-selinux.adoc -:experimental: - -[#{context}-selinux-states-and-modes] -= SELinux states and modes - -SELinux can run in one of three modes: disabled, permissive, or enforcing. - -Disabled mode is strongly discouraged; not only does the system avoid enforcing the SELinux policy, it also avoids labeling any persistent objects such as files, making it difficult to enable SELinux in the future. - -In permissive mode, the system acts as if SELinux is enforcing the loaded security policy, including labeling objects and emitting access denial entries in the logs, but it does not actually deny any operations. While not recommended for production systems, permissive mode can be helpful for SELinux policy development. - -Enforcing mode is the default, and recommended, mode of operation; in enforcing mode SELinux operates normally, enforcing the loaded security policy on the entire system. - -Use the [command]`setenforce` utility to change between enforcing and permissive mode. Changes made with [command]`setenforce` do not persist across reboots. To change to enforcing mode, enter the [command]`setenforce 1` command as the Linux root user. To change to permissive mode, enter the [command]`setenforce 0` command. Use the [command]`getenforce` utility to view the current SELinux mode: - ----- -~]# getenforce -Enforcing ----- - ----- -~]# setenforce 0 -~]# getenforce -Permissive ----- - ----- -~]# setenforce 1 -~]# getenforce -Enforcing ----- - -In Fedora, you can set individual domains to permissive mode while the system runs in enforcing mode. For example, to make the `httpd_t` domain permissive: - ----- -~]# semanage permissive -a httpd_t ----- - -// See <> for more information. - -// [NOTE] -// ==== -// Persistent states and modes changes are covered in <>. -// ==== diff --git a/modules/ROOT/pages/_partials/2delete-con_sudo-timeout.adoc b/modules/ROOT/pages/_partials/2delete-con_sudo-timeout.adoc deleted file mode 100644 index 3b34ded..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_sudo-timeout.adoc +++ /dev/null @@ -1,15 +0,0 @@ -[[concept-sudo-timeout]] -= sudo timeout - -By default, [command]`sudo` stores the password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt you for a password. This could be exploited by an attacker if you leave your workstation unattended and unlocked while still being logged in. You can change this behavior by adding the following line to the `/etc/sudoers` configuration file: - -[subs=quotes] ------------- -Defaults timestamp_timeout=_VALUE_ ------------- - -Here, `_VALUE_` is the desired timeout length in minutes. Setting the value to 0 causes [command]`sudo` to require a password every time. - -If an account is compromised, an attacker can use [command]`sudo` to open a new shell with administrative privileges. - -Opening a new shell as a root user in this way allows an attacker administrative access for a theoretically unlimited period of time and bypasses the timeout period specified in the `/etc/sudoers` file. Using this method, the attacker *does not* need to provide a password for [command]`sudo` again until the session ends. diff --git a/modules/ROOT/pages/_partials/2delete-con_the-purpose-of-rpm-fusion.adoc b/modules/ROOT/pages/_partials/2delete-con_the-purpose-of-rpm-fusion.adoc deleted file mode 100644 index 48d5a31..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_the-purpose-of-rpm-fusion.adoc +++ /dev/null @@ -1,37 +0,0 @@ -// Module included in the following assemblies: -// -// - -// This module can be included from assemblies using the following include statement: -// include::modules//con_the-purpose-of-rpm-fusion.adoc[leveloffset=+1] - -// The file name and the ID are based on the module title. For example: -// * file name: con_my-concept-module-a.adoc -// * ID: [id='con_my-concept-module-a_{context}'] -// * Title: = My concept module A -// -// The ID is used as an anchor for linking to the module. Avoid changing -// it after the module has been published to ensure existing links are not -// broken. -// -// The `context` attribute enables module reuse. Every module's ID includes -// {context}, which ensures that the module has a unique ID even if it is -// reused multiple times in a guide. -// -// In the title, include nouns that are used in the body text. This helps -// readers and search engines find information quickly. -// Do not start the title with a verb. See also _Wording of headings_ -// in _The IBM Style Guide_. -[id="con_the-purpose-of-rpm-fusion_{context}"] -= The purpose of RPM Fusion - -The RPM Fusion project is a community-maintained software repository providing additional packages that are not distributed by Fedora. - - -[discrete] -== Additional resources - -* RPM Fusion home page: link:https://rpmfusion.org/[] -* For more information on what packages are allowed to be distributed with Fedora, see the following wiki page: link:https://fedoraproject.org/wiki/Forbidden_items[] -* You can buy multimedia codecs from Fluendo. This is a legal solution for users from countries where software patents apply. For more information, see: link:https://fluendo.com/en/products/enterprise/fluendo-codec-pack/[]. - diff --git a/modules/ROOT/pages/_partials/2delete-con_understanding-systemd.adoc b/modules/ROOT/pages/_partials/2delete-con_understanding-systemd.adoc deleted file mode 100644 index 784d3c0..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_understanding-systemd.adoc +++ /dev/null @@ -1,51 +0,0 @@ -[id='understanding-systemd'] -= Understanding systemd - -_Systemd_ is a system and service manager for Linux, compatible with SysV and LSB init scripts. _Systemd_ provides: - -* Aggressive parallelization capabilities -* Uses socket and D-Bus activation for starting services -* Offers on-demand starting of daemons, keeps track of processes using Linux cgroups -* Supports snapshotting and restoring of the system state -* Maintains mount and automount points -* Implements an elaborate transactional dependency-based service control logic. - -The `systemctl` command is the primary tool to manage _systemd_. It combines the functionality of SysVinit's `service` and `chkconfig` commands into a single tool you can use to enable and disable services permanently or only for the current session. - -_Systemd_ manages so-called *_units_*, which are representations of system resources and services. This following list shows the unit types that _systemd_ can manage: - -service:: - A service on the system, including instructions for starting, restarting, and stopping the service. - -socket:: - A network socket associated with a service. - -device:: - A device specifically managed with _systemd_. - -mount:: - A mountpoint managed with _systemd_. - -automount:: - A mountpoint automatically mounted on boot. - -swap:: - Swap space on the system. - -target:: - A synchronization point for other units. Usually used to start enabled services on boot. - -path:: - A path for path-based activation. For example, you can start services based on the state of a certain path, such as whether it exists or not. - -timer:: - A timer to schedule activation of another unit. - -snapshot:: - A snapshot of the current _systemd_ state. Usually used to rollback after making temporary changes to _systemd_. - -slice:: - Restriction of resources through Linux Control Group nodes (cgroups). - -scope:: - Information from _systemd_ bus interfaces. Usually used to manage external system processes. diff --git a/modules/ROOT/pages/_partials/2delete-con_using-sudo-access-docker.adoc b/modules/ROOT/pages/_partials/2delete-con_using-sudo-access-docker.adoc deleted file mode 100644 index 1c789cc..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_using-sudo-access-docker.adoc +++ /dev/null @@ -1,8 +0,0 @@ -[id="concept-using-sudo-access-docker"] -= Using sudo to access Docker - -Docker has the ability to change the group ownership of the Docker socket to allow users added to the Docker group to be able to run Docker containers without having to execute the [command]`sudo` or [command]`su` command to become root. - -Enabling access to the Docker daemon from non-root users is a problem from a security perspective. It is a security issue for Fedora, because if a user can talk to the Docker socket they can execute a command which gives them full root access to the host system. Docker has no auditing or logging built in, while [command]`sudo` does. - -It is recommended that sudo rules are implemented to permit access to the Docker daemon. This allows [command]`sudo` to provide logging and audit functionality. diff --git a/modules/ROOT/pages/_partials/2delete-con_using-sudo-assign-admin-privileges.adoc b/modules/ROOT/pages/_partials/2delete-con_using-sudo-assign-admin-privileges.adoc deleted file mode 100644 index bdee72e..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_using-sudo-assign-admin-privileges.adoc +++ /dev/null @@ -1,26 +0,0 @@ -[id="con_using-sudo-assign-admin-privileges"] -= Using sudo to assign administrator privileges - -Add users to the [directory]`/etc/sudoers` configuration file to allow them to use the [command]`sudo` command. For these users, the [command]`sudo` command is run in the user’s shell instead of in a root shell. As a result, the root shell can be disabled for increased security. - -The administrator can also allow different users access to specific commands using the sudo configuration. Administrators must use the [command]`visudo` command to edit the [directory]`/etc/sudoers` configuration file. - -To assign full administrative privileges to a user, type [command]`visudo` and add the following line to the user privilege section after replacing `_USERNAME_` with the target user name: - -[subs=quotes] ----- -_USERNAME_ ALL=(ALL) ALL ----- - -This line allows the specified user to use [command]`sudo` from any host and execute any command. - -To allow a user access to specific commands, use the following example after replacing `_USERS_` with a target system group: - -[subs=quotes] ----- -_%USERS_ localhost=/usr/sbin/shutdown -h now ----- - -This command allows all members of the `_USERS_` system group to issue the [command]`/sbin/shutdown -h` as long as the command is issued from the console. - -The man page for [command]`sudoers` has a detailed listing of options for this file. diff --git a/modules/ROOT/pages/_partials/2delete-con_using-sudo-without-password.adoc b/modules/ROOT/pages/_partials/2delete-con_using-sudo-without-password.adoc deleted file mode 100644 index 4129b8b..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_using-sudo-without-password.adoc +++ /dev/null @@ -1,13 +0,0 @@ -[[concept-using-sudo-without-password]] -= Using sudo without a password - -You can enable `root` access without a password specified, allowing any process on your system to become `root`. Add the following line to your `/etc/sudoers` file: - -[subs=quotes] ------------- -_user_ ALL=(ALL) NOPASSWD: /usr/bin/docker ------------- - -This will allow `_user_` to access docker without a password. - -IMPORTANT: For security reasons, it is recommended that you always use [command]`sudo` with a password. diff --git a/modules/ROOT/pages/_partials/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc deleted file mode 100644 index c8b5bc1..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc +++ /dev/null @@ -1,18 +0,0 @@ -[[using-the-system-wide-trust-store]] -= Using the System-wide Trust Store - -In Fedora, the consolidated system-wide trust store is located in the `/etc/pki/ca-trust/` and `/usr/share/pki/ca-trust-source/` directories. The trust settings in `/usr/share/pki/ca-trust-source/` are processed with lower priority than settings in `/etc/pki/ca-trust/`. - -Certificate files are treated depending on the subdirectory they are installed to the following directories: - -* for trust anchors -** `/usr/share/pki/ca-trust-source/anchors/` or -** `/etc/pki/ca-trust/source/anchors/` -* for distrusted certificates -** `/usr/share/pki/ca-trust-source/blocklist/` or -** `/etc/pki/ca-trust/source/blocklist/` -* for certificates in the extended BEGIN TRUSTED file format -** `/usr/share/pki/ca-trust-source/` or -** `/etc/pki/ca-trust/source/` - -NOTE: In a hierarchical cryptographic system, a trust anchor is an authoritative entity which is assumed to be trustworthy. For example, in X.509 architecture, a root certificate is a trust anchor from which a chain of trust is derived. The trust anchor must be put in the possession of the trusting party beforehand to make path validation possible. diff --git a/modules/ROOT/pages/_partials/2delete-con_viewing-logs.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-con_viewing-logs.adoc.delete.adoc deleted file mode 100644 index 1fa9702..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_viewing-logs.adoc.delete.adoc +++ /dev/null @@ -1,12 +0,0 @@ -[id='viewing-logs in Fedora'] - -Log files contain messages about the system, including the kernel, services, and applications running on it. -These contain information that helps troubleshoot issues, or simply monitor system functions. -Fedora uses the https://freedesktop.org/wiki/Software/systemd/[systemd] system and service manager. -With systemd, messages for most services are now stored in the systemd journal which is a binary file that must be accessed usinng the `journalctl` command. - -System tools that do not use systemd for their logs continue to place them as plain text files in the `/var/log/` directory. -In Fedora, there are two ways of accessing system logs: - -* The command line -* A GUI applications diff --git a/modules/ROOT/pages/_partials/2delete-con_what-is-sudo.adoc b/modules/ROOT/pages/_partials/2delete-con_what-is-sudo.adoc deleted file mode 100644 index b310538..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_what-is-sudo.adoc +++ /dev/null @@ -1,15 +0,0 @@ -[id='con_what-is-sudo'] -= What is sudo? - -The [command]`sudo` command allows users to gain administrative or root access. When trusted users precede an administrative command with [command]`sudo`, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user. - -Only users listed in the [filename]`/etc/sudoers` configuration file are allowed to use the [command]`sudo` command. The command is executed in the user's shell, not a root shell. - -The syntax for the sudo command is as follows: - -[subs=quotes] ----- -sudo _COMMAND_ ----- - -Replace `_COMMAND_` with the command to run as the root user. diff --git a/modules/ROOT/pages/_partials/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc b/modules/ROOT/pages/_partials/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc deleted file mode 100644 index c4e2db3..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc +++ /dev/null @@ -1,8 +0,0 @@ -[id='why-it-is-important-to-keep-your-system-up-to-date'] -= Why it is important to keep your system up-to-date - -// Bara: This section is based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-keeping_your_system_up-to-date - -This section briefly explains the importance of updating your system on a regular basis. - -All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited. diff --git a/modules/ROOT/pages/_partials/2delete-con_xorg-conf.adoc b/modules/ROOT/pages/_partials/2delete-con_xorg-conf.adoc deleted file mode 100644 index eacd418..0000000 --- a/modules/ROOT/pages/_partials/2delete-con_xorg-conf.adoc +++ /dev/null @@ -1,6 +0,0 @@ -[id='con_about-xorg-conf'] -= About xorg.conf - -Traditionally, the xorg.conf file is used to configure an Xorg display server. In Fedora (where an Xorg display server is configured instead of the default Wayland) the X configuration is determined automatically each time X is started. As a result, no xorg.conf file is created. In most cases, this works well and there is no need to manually specify X configuration. - -If you need to make manual changes to your X configuration for any reason, you will first need to create an `xorg.conf` file. diff --git a/modules/ROOT/pages/_partials/2delete-concept_chromium-web-browser.adoc b/modules/ROOT/pages/_partials/2delete-concept_chromium-web-browser.adoc deleted file mode 100644 index 5dad452..0000000 --- a/modules/ROOT/pages/_partials/2delete-concept_chromium-web-browser.adoc +++ /dev/null @@ -1,16 +0,0 @@ -[id='chromium-and-google-chrome'] -= Chromium and Google Chrome web browsers - -Fedora Workstation, in its out of the box configuration, only includes free and open source software. **Mozilla Firefox** is the browser included in Fedora Workstation by default. However, it easy to install either **Google Chrome** or **Chromium**, if preferred. - -[id='chromium'] -== Chromium - -Chromium is the upstream project for Google Chrome. Chromium is included in the Fedora Repositories. Fedora's Chromium package only contains free and open source software, so does not include several features of Google Chrome that rely on proprietary software. - -[id='google-chrome'] -== Google Chrome - -Google Chrome is a popular web browser developed by Google. Chrome is built on top of the open-source browser project, Chromium. Chrome includes additional features such as support for proprietary media files (such as H.264 or AAC) and playback of rights-protected media (Netflix, etc.) Chrome also includes support for other Google services such as browser sync and location services, which are not supported by Chromium. - -Google Chrome is available in Fedora Workstation via a curated third-party repository. Once this repository is enabled, Chrome can be installed via Software or the command line. diff --git a/modules/ROOT/pages/_partials/2delete-concept_third-party-repositories.adoc b/modules/ROOT/pages/_partials/2delete-concept_third-party-repositories.adoc deleted file mode 100644 index 9a6b2ae..0000000 --- a/modules/ROOT/pages/_partials/2delete-concept_third-party-repositories.adoc +++ /dev/null @@ -1,13 +0,0 @@ -[id='third-party-repositories'] -= Third party repositories - -There are a number of third-party software repositories for Fedora. They have more liberal licensing policies and provide software packages that Fedora excludes for various reasons. These software repositories are not officially affiliated or endorsed by the Fedora Project. Use them at your own discretion. For complete list, see https://rpmfusion.org/FedoraThirdPartyRepos[FedoraThirdPartyRepos] -The following repositories are commonly used by end users and do not conflict with each other: - -* https://rpmfusion.org - -* rpm.livna.org (Obsoleted! Replaced by RPM Fusion free tainted) - -== Mixing third party software repositories - -Mixing a lot of third party repositories is not recommended since they might conflict with each other causing instability and hard to debug issues. If you are not a technical user, one way is to not enable the third-party repo by default and instead use the *--enablerepo* switch for dnf, or a similar method configurable in the graphical package manager. diff --git a/modules/ROOT/pages/_partials/2delete-proc_Brief-selection-of-nmcli-examples.adoc b/modules/ROOT/pages/_partials/2delete-proc_Brief-selection-of-nmcli-examples.adoc deleted file mode 100644 index 2ee76d6..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_Brief-selection-of-nmcli-examples.adoc +++ /dev/null @@ -1,108 +0,0 @@ -// Module included in the following assemblies: -// -// assembly_Configuring-networking-with-nmcli.adoc - -[id='Brief-selection-of-nmcli-examples'] -= Brief Selection of nmcli Examples - -This section provides a brief selection of [application]*nmcli* examples. - -[discrete] -== Prerequisites -<> - - -.Checking the overall status of NetworkManager -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli general status` -STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN -connected full enabled enabled enabled enabled -.... - -In terse mode: - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli -t -f STATE general` -connected -.... - -==== - -.Viewing NetworkManager logging status -==== - -[literal,subs="+quotes,verbatim"] -.... -~]$ [command]`nmcli general logging` - LEVEL DOMAINS - INFO PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,WIFI_SCAN,IP4,IP6,A -UTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC, -WIMAX,INFINIBAND,FIREWALL,ADSL,BOND,VLAN,BRIDGE,DBUS_PROPS,TEAM,CONCHECK,DC -B,DISPATCH -.... - -==== - -.Viewing all connections -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli connection show` - NAME UUID TYPE DEVICE -Profile 1 db1060e9-c164-476f-b2b5-caec62dc1b05 ethernet ens3 -ens3 aaf6eb56-73e5-4746-9037-eed42caa8a65 ethernet -- -.... - -==== - -.Viewing only currently active connections -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli connection show --active` - NAME UUID TYPE DEVICE -Profile 1 db1060e9-c164-476f-b2b5-caec62dc1b05 ethernet ens3 -.... - -==== - -.Viewing only devices recognized by [application]*NetworkManager* and their state -==== - -[literal,subs="+quotes,verbatim,macros"] -.... -~]$ pass:attributes[{blank}][command]`nmcli device status` -DEVICE TYPE STATE CONNECTION -ens3 ethernet connected Profile 1 -lo loopback unmanaged -- -.... - -==== - -You can also use the following abbreviations of the [application]*nmcli* commands: - -[[tabl-nmcli_examples]] -.Abbreviations of some nmcli commands - -[options="header"] -|=== -|nmcli command|abbreviation -|nmcli general status|nmcli g -|nmcli general logging|nmcli g log -|nmcli connection show|nmcli con show -|nmcli connection show --active|nmcli con show -a -|nmcli device status|nmcli dev -|=== - -[discrete] -== Additional resources - -* For more examples, see the - [citetitle]_pass:attributes[{blank}]*nmcli-examples*(5)_ - man page. diff --git a/modules/ROOT/pages/_partials/2delete-proc_adding-new-certificates.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_adding-new-certificates.adoc.delete.adoc deleted file mode 100644 index bc760b9..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_adding-new-certificates.adoc.delete.adoc +++ /dev/null @@ -1,27 +0,0 @@ -[id='proc_adding-new-certificates'] -= Adding New Certificates - -Often, system administrators want to install a certificate into the trust store. This can be done with the [command]`trust anchor` sub-command of the [command]`trust` command, as described in xref:managing-trusted-system-certificates[Managing Trusted System Certificates]. - -Alternatively, you can simply copy the certificate file in the PEM or DER file format to the `/etc/pki/ca-trust/source/anchors/` directory, followed by running the [command]`update-ca-trust` command, for example: - -[subs="+quotes,macros"] ----- -# cp _~/certificate-trust-examples/Cert-trust-test-ca.pem_ _/etc/pki/ca-trust/source/anchors/_ ----- - ----- -# update-ca-trust ----- - -The [command]`update-ca-trust` command ensures that the certificate bundles in application-specific formats, such as Java keystore, are regenerated. - -[NOTE] -==== -The certificates installed in the above steps cannot be removed with the [command]`trust anchor --remove`. -==== - -[NOTE] -==== -While the Firefox browser is able to use an added certificate without executing [command]`update-ca-trust`, it is recommended to run [command]`update-ca-trust` after a CA change. Also note that browsers, such as Firefox, Epiphany, or Chromium, cache files, and you might need to clear the browser's cache or restart your browser to load the current system certificates configuration. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_adding-other-operating-systems-grub2.adoc b/modules/ROOT/pages/_partials/2delete-proc_adding-other-operating-systems-grub2.adoc deleted file mode 100644 index fa89f95..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_adding-other-operating-systems-grub2.adoc +++ /dev/null @@ -1,37 +0,0 @@ -[[adding-other-operating-systems-grub2]] -= Adding other operating systems to the GRUB2 menu - -Normally, *GRUB2* is preset to boot multiple operating systems during the Fedora installation process. If you can, it is advisable to install non-Linux operating systems first. Then, during the installation process, all those operating systems and their locations will be discovered and properly set. - -Adding other records into the *GRUB2* menu only means to run `grub2-mkconfig` command to regenerate the configuration files. During this process, all operating systems known to the system will be added into the configuration. By reinstalling *GRUB2*, this configuration will be used for further boots. - -.Before you start - -* Make sure that the operating systems are on disks, connected to the system. -* You have the `os-prober` package installed. - -.Procedure - -. Recreate the *GRUB2* configuration file. -+ ----- -# grub2-mkconfig -o /boot/grub2/grub.cfg ----- - -. Install *GRUB2*. -* On UEFI systems. -+ ----- -# dnf reinstall shim-* grub2-efi-* grub2-common ----- -* On BIOS systems, specify the disk where the bootloader should be installed. -+ ----- -# grub2-install /dev/sda ----- - -.More information - -* The `grub2-mkconfig` command will add entries for all operating systems it can find. -* When problems appear, see the link:https://www.gnu.org/software/grub/manual/grub/grub.html#Multi_002dboot-manual-config[GRUB manual] to solve issues with booting secondary operating systems. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_adding-repositories.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_adding-repositories.adoc.delete.adoc deleted file mode 100644 index cae1546..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_adding-repositories.adoc.delete.adoc +++ /dev/null @@ -1,23 +0,0 @@ -[id='adding-repositories'] -= Adding repositories - -include::{partialsdir}/attributes.adoc[] - -This section describes how to add software repositories with the `dnf config-manager` command. - -* To add a new repository, do the following as `*root*`. - -. Define a new repository by adding a new file with the `.repo` suffix to the [filename]`/etc/yum.repos.d/` directory. For details about various options to use in the `.repo` file, see the xref:f{MAJOROSVER}@fedora:system-administrators-guide:package-management/DNF.adoc#sec-Setting_repository_Options[Setting [repository\] Options] section in the System Administrator's Guide - -. Add the newly created repository. -+ -[literal,subs="+quotes,attributes"] ----- -dnf config-manager --add-repo `*_repository_*` ----- -+ -Where *_repository_* is the path to the created `.repo` file, for example: -+ ----- -dnf config-manager --add-repo /etc/yum.repos.d/fedora_extras.repo ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_adding-shortcut-custom-app-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_adding-shortcut-custom-app-gnome.adoc deleted file mode 100644 index 1bc2564..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_adding-shortcut-custom-app-gnome.adoc +++ /dev/null @@ -1,56 +0,0 @@ -[id='adding-shortcut-custom-app-gnome'] -= Adding keyboard shortcuts for custom applications in GNOME - -This section describes how to add a keyboard shortcut for starting a custom application in GNOME. - -[discrete] -== Procedure - -. Open *Settings* and choose the *Devices* entry from the list: -+ -image::shortcuts-settings-devices.png[] -+ -NOTE: Earlier Fedora versions might not need this step. - -. Choose the *Keyboard Shortcuts* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: -+ -image::shortcuts-keyboard-scroll.png[] - -. Click the *+* button at the bottom of the list. -+ -A window for entering the details appears: -+ -image::shortcuts-add-empty.png[] - -. Fill in details for the application. -+ -image::shortcuts-add-filled.png[] -+ -Replace _My Application_ with the name of the application and _myapp --special options_ with the command to run this application, including any options. - -. Click the *Set shortcut...* button. -+ -A window for entering the keyboard shortcut appears: -+ -image::shortcuts-add-enter.png[] - -. Press the key combination that should become the shortcut for starting the application. -+ -As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortcut: -+ -image::shortcuts-add-shortcut.png[] - -. Click the *Add* button. -+ -Your application shortcut now appears in the list under _Custom Shortcuts_: -+ -image::shortcuts-added.png[] - -// o ptional - close settings? - -//// -info sources: - -http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/ -https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en -//// diff --git a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-cli.adoc b/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-cli.adoc deleted file mode 100644 index c4f7add..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-cli.adoc +++ /dev/null @@ -1,12 +0,0 @@ -[[backup-gpg-keys-cli]] -= Making a Key Backup Using the Command Line - -Use the following command to make the backup, which you can then copy to a destination of your choice: - ----- -gpg --export-secret-keys --armor johndoe@example.com > johndoe-privkey.asc ----- - -Store the copy in a secure place, such as a locked container. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-gnome.adoc deleted file mode 100644 index 986437c..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-gnome.adoc +++ /dev/null @@ -1,12 +0,0 @@ -[[backup-gpg-keys-gnome]] -= Making a Key Backup Using the GNOME Desktop - -. Right-click your key and select _Properties_. - -. Select the _Details_ tab, and select menu:Export to file[Export secret key]. - -. Select a destination filename and click btn:[Export]. - -Store the copy in a secure place, such as a locked container. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-kde.adoc b/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-kde.adoc deleted file mode 100644 index 436f4da..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_backup-gpg-keys-kde.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[[backup-gpg-keys-kde]] -= Making a Key Backup Using the KDE Desktop - -. Right-click your key and select _Export Secret Key_. - -. Click btn:[Continue] to continue at the confirmation dialog. - -. Select a destination filename. - -. Click btn:[Save]. - -Store the copy in a secure place, such as a locked container. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc deleted file mode 100644 index 85d9e8f..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc +++ /dev/null @@ -1,49 +0,0 @@ -[id='booting_from_USB_sticks'] -= Booting from USB sticks - -:toc: - -Almost all modern PCs can boot from USB sticks. However, how you tell the system to boot from a USB stick varies substantially from system to system. Initially, you can try this: - -. Power off the computer. -. Plug the USB drive into a USB port. -. Remove all other portable media, such as CDs, DVDs, floppy disks or other USB sticks. -. Power on the computer. -. If the computer is configured to automatically boot from the USB drive, you will see a screen that says "Automatic boot in 10 seconds..." with a countdown. -+ -If you do a native UEFI boot, where you will see a rather more minimal boot menu. - -If the computer starts to boot off the hard drive as normal, you'll need to manually configure it to boot off the USB drive. Usually, that should work like this: - -. Wait for a safe point to reboot. -. As the machine starts to reboot, watch carefully for instructions on which key to press. Usually a function key, `Escape`, `Tab`, `F11`, `F12` or `Delete` is to be pressed to enter the boot device selection menu, `BIOS setup`, `firmware`, or `UEFI`. Press and hold that key. If you miss the window of opportunity, often only a few seconds, then reboot and try again. (If this does not work, consult the manual of your computer) -. Use the firmware, `BIOS`, interface or the boot device menu to put your USB drive first in the boot sequence. It might be listed as a hard drive rather than a removable drive. Each hardware manufacturer has a slightly different method for doing so. -+ -IMPORTANT: Your computer could become unbootable or lose functionality if you change any other settings. Though these settings can be reverted, you'll need to remember what you changed in order to do so. -. Save the changes, exit, and the computer should boot from the USB drive. - -If your system has a UEFI firmware, it will usually allow you to boot the stick in UEFI native mode or BIOS compatibility mode. If you boot in UEFI native mode and perform a Fedora installation, you will get a UEFI native Fedora installation. If you boot in BIOS compatibility mode and perform a Fedora installation, you will get a BIOS compatibility mode Fedora installation. - -For more information on all this, see the https://fedoraproject.org/wiki/Unified_Extensible_Firmware_Interface[UEFI page]. USB sticks written from x86_64 images with xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer], xref:creating-and-using-a-live-installation-image.adoc#gnome-disk-utility[GNOME Disk Utility], `dd`, other dd-style utilities should be UEFI native bootable. Sticks written with other utilities may not be UEFI native bootable, and sticks written from i686 images will never be UEFI bootable. - - -[id='identifying_stick'] -== Identifying a stick on Linux - -Most of the writing methods will require you to know the `/dev` name for your USB stick, e.g. `/dev/sdc`, when using them on Linux. You do not need to know this in order to use Fedora Media Writer. To find this out: - -. Insert the USB stick into a USB port. -. Open a terminal and run `dmesg`. -. Near the end of the output, you will see something like: -+ -[options="nowrap"] ----- -[32656.573467] sd 8:0:0:0: [sdX] Attached SCSI removable disk ----- -+ -`sdX` will be `sdb`, `sdc`, `sdd`, etc. - -[NOTE] -==== -This is the name of the disk you will use. We'll call it `sdX` from now on. If you have connected more than one USB stick to the system, be careful that you identify the correct one, often you will see a manufacturer name or capacity in the output which you can use to make sure you identified the correct stick. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_booting-specific-kernel-default.adoc b/modules/ROOT/pages/_partials/2delete-proc_booting-specific-kernel-default.adoc deleted file mode 100644 index 6985fa0..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_booting-specific-kernel-default.adoc +++ /dev/null @@ -1,44 +0,0 @@ -[[booting_specific_kernel_default]] -== Setting an installed kernel to boot by default - -To set a specific installed kernel to boot by default, first check the kernels installed on the system. - ----- -sudo ls /boot | grep vmlinuz ----- - -Identify the kernel to be set to boot by default. - -Use the following command to set the default kernel to boot: - ----- -sudo grubby --set-default /boot/vmlinuz-.. ----- - -Here is a sample output (on an `x84_64` architecture system): - ----- -sudo ls /boot | grep vmlinuz - -vmlinuz-0-rescue-c722f5f7d614446b99c39b846c2bb76c -vmlinuz-5.12.18-200.fc33.x86_64 -vmlinuz-5.8.15-301.fc33.x86_64 ----- - -If `vmlinuz-..` is chosen to be set as the default, we issue the following command: - ----- -sudo grubby --set-default /boot/vmlinuz-.. ----- - -For the above scenario, the command will look like so - ----- -sudo grubby --set-default /boot/vmlinuz-5.12.18-200.fc33.x86_64 ----- - - -[[sect-references]] -=== References: - -* https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader/[Fedora Rawhide Docs :: Working with the GRUB 2 Boot Loader] diff --git a/modules/ROOT/pages/_partials/2delete-proc_booting-with-configfile-on-different-partition.adoc b/modules/ROOT/pages/_partials/2delete-proc_booting-with-configfile-on-different-partition.adoc deleted file mode 100644 index 238535d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_booting-with-configfile-on-different-partition.adoc +++ /dev/null @@ -1,40 +0,0 @@ -[[booting-with-configfile-on-different-partition]] -= Booting the system using a configuration file on a different partition. - -If you end up in *GRUB2* boot prompt, it is also possible to boot using a _configfile_ that's located on another -partition, as is often the case with multi-boot systems containing Ubuntu and Fedora. Follow the below procedure -if you need to boot from a configuration file on a different partition. - -.Procedure - -. Load the necessary modules to read your system's partitions (you will also need to load `part_msdos` or `part_gpt`, depending on your partition table). -+ -* For BTRFS filesystems. -+ ----- -grub> insmod btrfs ----- -+ -* For LVM filesystems. -+ ----- -grub> insmod xfs -grub> insmod lvm ----- - -. Set *GRUB2* root to your `/boot` partition. On UEFI systems, you should set *GRUB2* root to the EFI system partition. -+ ----- -grub> set root=(hd0,msdos1) ----- - -. Set the path to the configuration file. -+ ----- -grub> configfile /grub2/grub.cfg ----- - -.More information - -* The *hd0,msdos1* line shows the pertinent `/boot` partition, which holds the `grub.cfg` file. The setting may be different on your system. See also xref:_using_the_grub2_boot_prompt[Using the GRUB2 boot prompt] for more information. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_changing-the-hostname.adoc b/modules/ROOT/pages/_partials/2delete-proc_changing-the-hostname.adoc deleted file mode 100644 index ba6ac03..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_changing-the-hostname.adoc +++ /dev/null @@ -1,40 +0,0 @@ -// Module included in the following assemblies: -// -// changing-hostname.adoc - -[id='changing-the-hostname'] - -== Changing the hostname - -For Fedora Workstation, using the default GNOME desktop, open the Settings application and choose About. - -image::changing-hostname-1.png[GNOME Settings - About] - -You can replace the value in the Device name field with the name of your choosing. The effect of this field is as follows: - -* If you use a name that is shorter, contains only lowercase letters, numbers and/or dashes ("-"), this will set the host's static name, and the pretty name will be left blank. -* If you enter a name that is more descriptive, contains mixed-case and other types of characters, this will set the pretty name, and a static name will be derived from that automatically. - -You can see the effect of the change by using the `hostnamectl` command again: - -.... - Static hostname: emilys-2nd-dev-laptop - Pretty hostname: Emily's 2nd dev laptop - Icon name: computer-laptop - Chassis: laptop - Machine ID: 15fc9e69d007013025f31bc5272c4ed1 - Boot ID: 41ac938872bae052294bcb277241ac93 - Operating System: Fedora 33 (Workstation Edition) - CPE OS Name: cpe:/o:fedoraproject:fedora:33 - Kernel: Linux 5.10.10-200.fc33.x86_64 - Architecture: x86-64 -.... - -In the previous example, "Emily's 2nd dev laptop" was entered via the Settings app, and the static hostname "emilys-2nd-dev-laptop" was set automatically. - -Hostnames can also be set at the command line with the `hostnamectl set-hostname` command. For example: - -.... -sudo hostnamectl set-hostname --pretty "Emily's 2nd dev laptop" -sudo hostnamectl set-hostname --static emily-dev-2 -.... diff --git a/modules/ROOT/pages/_partials/2delete-proc_changing-to-enforcing-mode.adoc b/modules/ROOT/pages/_partials/2delete-proc_changing-to-enforcing-mode.adoc deleted file mode 100644 index 3635af6..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_changing-to-enforcing-mode.adoc +++ /dev/null @@ -1,79 +0,0 @@ -// Module included in the following assemblies: -// -// changing-selinux-states-and-modes.adoc - -[#{context}-changing-to-enforcing-mode] -= Changing to enforcing mode - -Use the following procedure to switch SELinux to enforcing mode. When SELinux is running in enforcing mode, it enforces the SELinux policy and denies access based on SELinux policy rules. In Fedora, enforcing mode is enabled by default when the system was initially installed with SELinux. - -.Prerequisites - -* The `selinux-policy-targeted`, `libselinux-utils`, and `policycoreutils` packages are installed on your system. - -* The `selinux=0` or `enforcing=0` kernel parameters are not used. - -.Procedure - -. Open the `/etc/selinux/config` file in a text editor of your choice, for example: - ----- -# vi /etc/selinux/config ----- - -. Configure the `SELINUX=enforcing` option: - -[subs="quotes"] ----- -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=*enforcing* -# SELINUXTYPE= can take one of these two values: -# targeted - Targeted processes are protected, -# mls - Multi Level Security protection. -SELINUXTYPE=targeted ----- - -. Save the change, and restart the system: -+ -[subs="quotes"] ----- -# reboot ----- -+ -On the next boot, SELinux relabels all the files and directories within the system and adds SELinux context for files and directories that were created when SELinux was disabled. - -.Verification - -. After the system restarts, confirm that the `getenforce` command returns `Enforcing`: - ----- -$ getenforce -Enforcing ----- - -[NOTE] -==== -After changing to enforcing mode, SELinux may deny some actions because of incorrect or missing SELinux policy rules. To view what actions SELinux denies, enter the following command as root: -[subs="quotes"] ----- -# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today ----- -Alternatively, with the [package]`setroubleshoot-server` package installed, enter: -[subs="quotes"] ----- -# grep "SELinux is preventing" /var/log/messages ----- - -Standard users can use the GUI `setroubleshoot` to file bugs directly to Bugzilla. - -If SELinux is active and the Audit daemon (auditd) is not running on your system, then search for certain SELinux messages in the output of the dmesg command: ----- -# dmesg | grep -i -e type=1300 -e type=1400 ----- - -If SELinux denies some actions, see the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux[Troubleshooting problems related to SELinux] chapter in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/index[RHEL 8 Using SELinux] document for information about troubleshooting. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_changing_runtime_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_changing_runtime_firewalld.adoc deleted file mode 100644 index 52eb6b5..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_changing_runtime_firewalld.adoc +++ /dev/null @@ -1,50 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -[id='changing_runtime_firewalld_fedora'] - -= Changing settings in runtime and permanent configuration using CLI - -Using the CLI, you can only modify either runtime or permanent mode. To modify the firewall settings in permanent mode, use the `--permanent` option with the `firewall-cmd` command. - ----- -$ sudo firewall-cmd --permanent ----- - -Without this option, the command modifies runtime mode. -To change settings in both modes, you can use two methods: - -* Change runtime settings and then make them permanent as follows: - -. Change the runtime settings: -+ -`firewall-cmd ` -+ -. Use `--runtime-to-permanent` to make the changes permanent. -+ -`firewall-cmd --runtime-to-permanent` - -* Set permanent settings and reload the settings into runtime mode: - -. Make the changes in permanent mode: -+ -`firewall-cmd --permanent ` -+ -. Reload the settings: -+ -`firewall-cmd --reload` - -The first method allows you to test the settings before you apply them to permanent mode. - -[NOTE] -==== -It is possible that an incorrect setting will result in a user locking themselves out of a machine. To prevent this, use the `--timeout` option. Using this option means that after a specified amount of time, any change reverts to its previous state. -You can not use the `--permanent` option with the `--timeout` option. - -For example, to add the SSH service for 15 minutes use this command: ----- -$ sudo firewall-cmd --add-service=ssh --timeout 15m ----- -The SSH service will be available until access is removed after 15 minutes. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_checking_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_checking_firewalld.adoc deleted file mode 100644 index a31d331..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_checking_firewalld.adoc +++ /dev/null @@ -1,130 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=checking-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Checking the firewalld status - -== Viewing the current status of `firewalld` - -The firewall service, `firewalld`, is installed on the system by default. Use the `firewalld` CLI interface to check that the service is running. - -To see the status of the service: - ----- -$ sudo firewall-cmd --state ----- - -For more information about the service status, use the [command]`systemctl status` sub-command: - ----- -$ sudo systemctl status firewalld -firewalld.service - firewalld - dynamic firewall daemon - Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor pr - Active: active (running) since Mon 2017-12-18 16:05:15 CET; 50min ago - Docs: man:firewalld(1) - Main PID: 705 (firewalld) - Tasks: 2 (limit: 4915) - CGroup: /system.slice/firewalld.service - └─705 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid ----- - -Furthermore, it is important to know how `firewalld` is set up and which rules are in force before you try to edit the settings. To display the firewall settings, see <> - -[[sec-Viewing_Current_firewalld_Settings]] -== Viewing current firewalld settings - -[[sec-Viewing_Allowed_Services_Using_GUI]] -=== Viewing allowed services using GUI - -To view the list of services using the graphical [application]*firewall-config* tool, press the kbd:[Super] key to enter the Activities Overview, type [command]`firewall`, and press kbd:[Enter]. The [application]*firewall-config* tool appears. You can now view the list of services under the `Services` tab. - -Alternatively, to start the graphical firewall configuration tool using the command-line, enter the following command: - -[subs="quotes, macros"] ----- -$ [command]`firewall-config` ----- - -The `Firewall Configuration` window opens. Note that this command can be run as a normal user, but you are prompted for an administrator password occasionally. -//// -[[exam-firewall_config_services]] -.The Services tab in firewall-config - -image::images/firewall-config-services.png[A screenshot of the firewall configuration tool - the Services tab] -//// -[[sec-Viewing_firewalld_Settings_Using_CLI]] -=== Viewing firewalld settings using CLI - -With the CLI client, it is possible to get different views of the current firewall settings. The [option]`--list-all` option shows a complete overview of the `firewalld` settings. - -`firewalld` uses zones to manage the traffic. If a zone is not specified by the [option]`--zone` option, the command is effective in the default zone assigned to the active network interface and connection. - -To list all the relevant information for the default zone: - ----- -$ firewall-cmd --list-all -public - target: default - icmp-block-inversion: no - interfaces: - sources: - services: ssh dhcpv6-client - ports: - protocols: - masquerade: no - forward-ports: - source-ports: - icmp-blocks: - rich rules: ----- - -[NOTE] -==== -To specify the zone for which to display the settings, add the [option]`--zone=pass:attributes[{blank}]_zone-name_pass:attributes[{blank}]` argument to the [command]`firewall-cmd --list-all` command, for example: ----- -~]# firewall-cmd --list-all --zone=home -home - target: default - icmp-block-inversion: no - interfaces: - sources: - services: ssh mdns samba-client dhcpv6-client -... [output truncated] - ----- -==== - -To see the settings for particular information, such as services or ports, use a specific option. See the `firewalld` manual pages or get a list of the options using the command help: - ----- -$ firewall-cmd --help - -Usage: firewall-cmd [OPTIONS...] - -General Options - -h, --help Prints a short help text and exists - -V, --version Print the version string of firewalld - -q, --quiet Do not print status messages - -Status Options - --state Return and print firewalld state - --reload Reload firewall and keep state information -... [output truncated] ----- - -For example, to see which services are allowed in the current zone: - ----- -$ firewall-cmd --list-services -samba-client ssh dhcpv6-client ----- - -Listing the settings for a certain subpart using the CLI tool can sometimes be difficult to interpret. For example, you allow the `SSH` service and `firewalld` opens the necessary port (22) for the service. Later, if you list the allowed services, the list shows the `SSH` service, but if you list open ports, it does not show any. Therefore, it is recommended to use the [option]`--list-all` option to make sure you receive a complete information. diff --git a/modules/ROOT/pages/_partials/2delete-proc_closing_ports_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_closing_ports_firewalld.adoc deleted file mode 100644 index 6953b95..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_closing_ports_firewalld.adoc +++ /dev/null @@ -1,42 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=closing-ports-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Closing a port - -When an open port is no longer needed, close that port in firewalld. It is highly recommended to close all unnecessary ports as soon as they are not used because leaving a port open represents a security risk. - -.Closing a port using the command line - -To close a port, remove it from the list of allowed ports: - -. List all allowed ports: -+ ----- -$ firewall-cmd --list-ports ----- -+ -[WARNING] -==== -This command will only give you a list of ports that have been opened as ports. You will not be able to see any open ports that have been opened as a service. Therefore, you should consider using the --list-all option instead of --list-ports. -==== -+ -. Remove the port from the allowed ports to close it for the incoming traffic: -+ ----- -$ sudo firewall-cmd --remove-port=port-number/port-type ----- -+ -. Make the new settings persistent: -+ ----- -$ sudo firewall-cmd --runtime-to-permanent ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_configuring-apache-httpd.adoc b/modules/ROOT/pages/_partials/2delete-proc_configuring-apache-httpd.adoc deleted file mode 100644 index 3c9572d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_configuring-apache-httpd.adoc +++ /dev/null @@ -1,145 +0,0 @@ -[id='configuring-apache-httpd'] -= Configuring Apache HTTPD - -`/etc/httpd/conf/httpd.conf` is the main Apache configuration file. Custom confirguration files are specified under `/etc/httpd/conf.d/*.conf`. If the same settings are specified in both `/etc/httpd/conf/httpd.conf` and a `.conf` file in `/etc/httpd/conf.d/`, the setting from the `/etc/httpd/conf.d/` file will be used. - -Files in `/etc/httpd/conf.d/` are read in alphabetical order: a setting from `/etc/httpd/conf.d/z-foo.conf` will be used over a setting from `/etc/httpd/conf.d/foo.conf`. Similarly, a setting from `/etc/httpd/conf.d/99-foo.conf`, will be used over a setting from `/etc/httpd/conf.d/00-foo.conf`. - -As a best practice, do not modify `/etc/httpd/conf/httpd.conf` or any of the `/etc/httpd/conf.d` files shipped by Fedora packages directly. If you make any local changes to these files, then any changes to them in newer package versions will not be directly applied. Instead, a `.rpmnew` file will be created, and you will have to merge the changes manually. - -It is recommended to create a new file in `/etc/httpd/conf.d/` which will take precedence over the file you wish to modify, and edit the required settings. For instance, to change a setting specified in `/etc/httpd/conf.d/foo.conf` you could create the file `/etc/httpd/conf.d/z-foo-local.conf`, and place your setting in that file. - -[NOTE] -==== -After making any changes to your server configuration, execute the following command: - ----- -sudo systemctl reload httpd.service ----- - -Certain changes may require Apache to be fully restarted. To fully restart Apache, execute the following command: - ----- -sudo systemctl restart httpd.service ----- -==== - -[id='enabling-access-to-web-applications'] -== Enabling access to web applications - -By default Fedora-packaged web applications are usually configured such that, access is allowed only from the localhost. This is defined by the file `/etc/httpd/conf.d/webapp.conf` which contains the following settings: - ----- - - - # Apache 2.4 - Require local - - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - - ----- - -Before allowing general access to the webapp, ensure to do the following: - -* [*] Webapp has been configured correctly -* [*] Administration interface and other sensitive areas are not accessible without appropriate authentication -* [*] Database configuration is secure, if the application uses a database - -To broaden access to the application, create a file `/etc/httpd/conf.d/z-webapp-allow.conf`. To allow access to all systems on a typical local network, add the following lines into the file: - ----- - - - # Apache 2.4 - Require local - Require ip 192.168.1 - - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - Allow from 192.168.1 - - ----- - -Once the application is correctly configured, add the following configuration to allow access from any host: - ----- - - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order Deny,Allow - Allow from all - - ----- - -[id='opening-firewall-ports'] -== Opening firewall ports - -IMPORTANT: This exposes your computer to the Internet and potential attackers. Secure your system and your Apache installation properly before exposing your server to the Internet. - -Apache uses port 80 for plain http connections and port 443 for TLS/SSL connections by default. To make this service available from other computers or the Internet, allow Apache through the firewall using any one the following commands: - -To allow Apache through the firewall at each boot: - -* For plain HTTP connections: -+ ----- -sudo firewall-cmd --permanent --add-service=http ----- - -* For TLS/SSL connections: -+ ----- -sudo firewall-cmd --permanent --add-service=https ----- - -To allow Apache through the firewall instantly: - -* For plain HTTP connections: -+ ----- -sudo firewall-cmd --add-service=http ----- - -* For TLS/SSL connections: -+ ----- -sudo firewall-cmd --add-service=https ----- - -NOTE: If your server is running in a network with a NAT router, you will also need to configure your router to forward the HTTP and HTTPS ports to your server, if you wish to allow access from outside your local network. - - -[id='disabling-test-page'] -== Disabling Test Page - -To disable the test page, comment out all the lines in the file `/etc/httpd/conf.d/welcome.conf` using `pass:[#]` as follows: - ----- -# -# Options -Indexes -# ErrorDocument 403 /.noindex.html -# - -# -# AllowOverride None -# Require all granted -# - -# Alias /.noindex.html /usr/share/httpd/noindex/index.html ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc b/modules/ROOT/pages/_partials/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc deleted file mode 100644 index 7416fde..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc +++ /dev/null @@ -1,13 +0,0 @@ -[[proc_configuring-nested-virtualization-in-virt-manager]] -= Configuring nested virtualization in virt-manager - -Configure your VM to use nested virtualization: - -. Open virt-manager, double-click the VM in which you wish to enable nested virtualization, and click the *Show virtual hardware details* icon. - -. Click *CPUs* in the side menu. In the *Configuration* section, there are two options - either type `host-passthrough` in the *Model:* field, or select the *Copy host CPU configuration* check box (that fills the `host-model` value in the *Model* field). -+ -NOTE: Using host-passthrough is not recommended for general usage. It should only be used for nested virtualization purposes. -+ -. Click *Apply*. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_configuring-xorg-as-default-gnome-session.adoc b/modules/ROOT/pages/_partials/2delete-proc_configuring-xorg-as-default-gnome-session.adoc deleted file mode 100644 index a62df82..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_configuring-xorg-as-default-gnome-session.adoc +++ /dev/null @@ -1,33 +0,0 @@ -[id='proc-configuring-xorg-as-default-gnome-session'] -= Configuring GNOME to use Xorg - -At the login screen, select the "gear" icon and select *GNOME on Xorg*. - -image::configuring-xorg-as-default-gnome-session_2.png[Login screen - select GNOME on Xorg] - -Once login is completed the X11 windowing system will be in use, as can be seen by returning to *Settings* > *About*. This change will persist unless changed back at the login screen. - - -image::configuring-xorg-as-default-gnome-session_3.png[Settings - About] - -[discrete] -== Changing the default GNOME session via configuration file - -As an alternative, this change can be made by editing a configuration file `/etc/gdm/custom.conf`. - -. Open `/etc/gdm/custom.conf` and uncomment the line: - - WaylandEnable=false - -. Add the following line to the `[daemon]` section: - - DefaultSession=gnome-xorg.desktop - -. Save the `custom.conf` file. - -. Logout or reboot to enter the new session. - -[NOTE] -==== -With the above changes applied, the option to set the GNOME session to use Wayland will actually be removed from the "gear icon" menu on the login screen. -==== \ No newline at end of file diff --git a/modules/ROOT/pages/_partials/2delete-proc_configuring_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_configuring_firewalld.adoc deleted file mode 100644 index ceec17d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_configuring_firewalld.adoc +++ /dev/null @@ -1,43 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -[id='configuring_firewalld_fedora'] - -= Modifying Settings in runtime and permanent configuration using CLI - -Using the CLI, you do not modify the firewall settings in both modes at the same time. You only modify either runtime or permanent mode. To modify the firewall settings in the permanent mode, use the --permanent option with the firewall-cmd command. - ----- -$ sudo firewall-cmd --permanent ----- - -Without this option, the command modifies runtime mode. -To change settings in both modes, you can use two methods: - -Change runtime settings and then make them permanent as follows: ----- -$ sudo firewall-cmd -$ sudo firewall-cmd --runtime-to-permanent ----- - -Set permanent settings and reload the settings into runtime mode: - ----- -$ sudo firewall-cmd --permanent -$ sudo firewall-cmd --reload ----- - -The first method allows you to test the settings before you apply them to the permanent mode. - -[Note] -==== - -It is possible, especially on remote systems, that an incorrect setting results in a user locking themselves out of a machine. To prevent such situations, use the `--timeout` option. After a specified amount of time, any change reverts to its previous state. Using this options excludes the --permanent option. -For example, to add the SSH service for 15 minutes: - ----- -$ sudo firewall-cmd --add-service=ssh --timeout 15m ----- - -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_converting-sysvinit-services.adoc b/modules/ROOT/pages/_partials/2delete-proc_converting-sysvinit-services.adoc deleted file mode 100644 index ec9ef1c..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_converting-sysvinit-services.adoc +++ /dev/null @@ -1,99 +0,0 @@ -[#converting-sysvinit-services] -= Converting SysVinit services to systemd - -Older versions of Fedora use SysVinit scripts to manage services. This section provides some guidelines on how to convert a SysVinit script to a _systemd_ equivalent. - -[discrete] -== Prerequisites - -* You are logged in as a user with administrator-level permissions. - -* You have a custom SysVinit script to convert to a _systemd_ configuration. - -[discrete] -== Procedure - -. Identify the runlevels in your SysVinit script. This is usually defined with `chkconfig` directive in the commented section at the beginning of the script. For example, the following indicates the service is using runlevels 3, 4, and 5: -+ ----- -# chkconfig: 235 20 80 ----- -+ -systemd uses targets instead of runlevels. Use the table in <<#converting-sysvinit-services>> to map the runlevels to targets. In this example, runlevels 2, 3, and 5 are all multi-user runlevels, so the _systemd_ service can use the following: -+ ----- -[Install] -WantedBy=multi-user.target ----- -+ -If you enable the custom _systemd_ service to start at boot (`systemctl enable foo.service`), _systemd_ loads the service when loading the `multi-user.target` at boot time. - -. Identify the dependent services and targets. For example, if the custom service requires network connectivity, specify the `network.target` as a dependency: -+ ----- -[Unit] -Description=My custom service -After=network.target ----- - -. Identify the command used to start the service in the SysVinit script and convert this to the _systemd_ equivalent. For example, the script might contain a `start` function in the following format: -+ -[source,bash] ----- -start() { - echo "Starting My Custom Service..." - /usr/bin/myservice -D -} ----- -+ -In this example, the `/usr/bin/myservice` command is the custom service command set to daemonize with the `-D` option. Set the `ExecStart` parameter to use this command: -+ ----- -[Service] -ExecStart=/usr/bin/myservice -D ----- - -. Check the SysVinit script to see if the service uses a special command to restart the service. For example, the script might contain a `reboot` function that reloads the service: -+ -[source,bash] ----- -reboot() { - echo "Reloading My Custom Service..." - /usr/bin/myservice reload -} ----- -+ -In this example, the `/usr/bin/myservice` command is the custom service command and reloads the service using the `reload` subcommand. Set the `ExecReload` parameter to use this command: -+ ----- -[Service] -ExecReload=/usr/bin/myservice reload ----- -+ -Alternatively, you can omit `ExecReload` and use the default behavior, which kills the service and starts it again. - -. Check the SysVinit script to see if the service uses a special command to stop the service. For example, the script might contain a `stop` function that reloads the service: -+ -[source,bash] ----- -reboot() { - echo "Stopping My Custom Service..." - /usr/bin/myservice shutdown -} ----- -+ -In this example, the `/usr/bin/myservice` command is the custom service command and stop the service gracefully using the `shutdown` subcommand. Set the `ExecStop` parameter to use this command: -+ ----- -[Service] -ExecStop=/usr/bin/myservice shutdown ----- -+ -Alternatively, you can omit `ExecStop` and use the default behavior, which kills the service. - -. Review the SysVinit script and identify any additional parameters or functions. Use _systemd_ parameters to replicate any identified SysVinit functions that might be relevant to your service. - -[discrete] -== Related Information - -* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/pages/_partials/2delete-proc_copying-public-gpg-keys-manually.adoc b/modules/ROOT/pages/_partials/2delete-proc_copying-public-gpg-keys-manually.adoc deleted file mode 100644 index 3046835..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_copying-public-gpg-keys-manually.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[[copying-public-gpg-keys-manually]] -= Copying a Public Key Manually - -If you want to give or send a file copy of your key to someone, use this command to write it to an ASCII text file: - ----- -gpg --export --armor johndoe@example.com > johndoe-pubkey.asc ----- - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-a-disk-partition-in-linux.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-a-disk-partition-in-linux.adoc deleted file mode 100644 index c518b61..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-a-disk-partition-in-linux.adoc +++ /dev/null @@ -1,103 +0,0 @@ -// Module included in the following assemblies: -// -// - -// Base the file name and the ID on the module title. For example: -// * file name: proc_creating-a-disk-partition-in-linux.adoc -// * ID: [id='creating-a-disk-partition-in-linux'] - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='creating-a-disk-partition-in-linux_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Creating a Disk Partition in Linux -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -This procedure describes how to partition a storage disk in Linux using the `parted` command. - -== Procedure - -. List the partitions using the `parted -l` command to identify the storage device you want to partition. Typically, the first hard disk (`/dev/sda` or `/dev/vda`) will contain the operating system, so look for another disk to find the one you want. For example: -+ ----- -sudo parted -l -Model: ATA RevuAhn_850X1TU5 (scsi) -Disk /dev/vdc: 512GB -Sector size (logical/physical): 512B/512B -Partition Table: msdos -Disk Flags: - -Number Start End Size Type File system Flags - 1 1049kB 525MB 524MB primary ext4 boot - 2 525MB 512GB 512GB primary lvm ----- -+ -. Open the storage device. Use the `parted` command to begin working with the selected storage device. For example: -+ ----- -sudo parted /dev/vdc -GNU Parted 3.3 -Using /dev/vdc -Welcome to GNU Parted! Type 'help' to view a list of commands. -(parted) ----- -+ -[IMPORTANT] -==== -Be sure to indicate the specific device you want to partition. If you just enter `parted` without a device name, it will randomly select a storage device to modify. -==== -+ -. Set the partition table type to `gpt`, then enter `Yes` to accept it. -+ ----- -(parted) mklabel gpt -Warning: the existing disk label on /dev/vdc will be destroyed -and all data on this disk will be lost. Do you want to continue? -Yes/No? Yes ----- -+ -[NOTE] -==== -The `mklabel` and `mktable` commands are both used for making a partition table on a storage device. At the time of writing, the supported partition tables are: `aix`, `amiga`, `bsd`, `dvh`, `gpt`, `mac`, `ms-dos`, `pc98`, `sun`, `atari`, and `loop`. Use `help mklabel` to get a list of supported partition tables. Remember `mklabel` will not make a partition, rather it will make a partition table. -==== -. Review the partition table of the storage device. -+ ----- -(parted) print -Model: Virtio Block Device (virtblk) -Disk /dev/vdc: 1396MB -Sector size (logical/physical): 512B/512B -Partition Table: gpt -Disk Flags: -Number Start End Size File system Name Flags ----- -+ -. Create a new partition using the following command. For example, 1396 MB on partition 0: -+ ----- -(parted) mkpart primary 0 1396MB - -Warning: The resulting partition is not properly aligned for best performance -Ignore/Cancel? I - -(parted) print -Model: Virtio Block Device (virtblk) -Disk /dev/vdc: 1396MB -Sector size (logical/physical): 512B/512B -Partition Table: gpt -Disk Flags: -Number Start End Size File system Name Flags - 1 17.4kB 1396MB 1396MB primary ----- -+ -[NOTE] -==== -Providing a partition name under GPT is a must; in the above example, primary is the name, not the partition type. In a GPT partition table, the partition type is used as partition name. -==== -+ -. Quit using the `quit` command. Changes are automatically saved when you quit `parted`. -+ ----- -(parted) quit -Information: You may need to update /etc/fstab. ----- -+ diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc deleted file mode 100644 index 21fdc68..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc +++ /dev/null @@ -1,139 +0,0 @@ -[id='proc_creating-and-using-live-cd'] -= Creating and using live CD - -[[getting-started]] -== Getting started - -To create a live image, the `livecd-creator` tool is used. For this, super user privileges are needed. - -The `livecd-creator` tool is part of the _livecd-tools_package. If it is not installed on your system, add it with DNF: - -[options="nowrap"] ----- -# dnf install livecd-tools spin-kickstarts ----- - -If you are interested in localized (i.e. translated into other languages) live CD files, install also _l10n-kickstarts_. - - -[id='configuring-the-image'] -== Configuring the image - -The configuration of the live image is defined by a file called _kickstart_. It can include some basic system configuration items, the package manifest, and a script to be run at the end of the build process. - -For the Fedora project, the most important live image configurations files are: - -* https://pagure.io/fedora-kickstarts/blob/main/f/fedora-live-base.ks[fedora-live-base.ks] - : The base live image system, included in the _livecd-tools_ package. -* For _Fedora 21 and later_: https://pagure.io/fedora-kickstarts/blob/main/f/fedora-live-workstation.ks[fedora-live-workstation.ks]. This is the Workstation product configuration. - -_kickstart_ files for other spins, e.g. Fedora Electronics Lab, can be found in `/usr/share/spin-kickstarts/` after installing the `spin-kickstarts` package. These pre-made configuration files can be a great place to start, as they already have some useful pre and post-installation scripts. - -image:system-config-kickstart.png[system-config-kickstart,title="fig:system-config-kickstart"] - -You can create a customized _kickstart_ file by running `system-config-kickstart`. - -[NOTE] -==== -You might have to install the package first with `dnf install system-config-kickstart`.\ -This tool is mainly intended for generating kickstart files for automated installs, not live images, so the output will probably not be usable without editing, but it may help you to generate particular kickstart directives. Remember to add the line `%include /usr/share/spin-kickstarts/fedora-live-base.ks` at the beginning of your _kickstart_ file to include the base live configuration. -==== - -[id='making-the-image'] -== Making the image - -To make the image, simply issue the following command: - -[options="nowrap"] ----- -ksflatten -c /usr/share/spin-kickstarts/fedora-live-workstation.ks \ --o fedora-live-workstation-flat.ks -livecd-creator --verbose \ ---config=fedora-live-workstation-flat.ks \ ---fslabel=Fedora-LiveCD \ ---cache =/var/cache/live ----- - -The name given by `--fs-label` is used: - -* As a file system label on the ext3 and iso9660 file systems. As such, it's visible on the desktop as the CD name. -* In the _isolinux_ boot loader. - -If you have the repositories available locally and don't want to wait for the download of packages, just substitute the URLs listed in the configuration file to point to your local repositories. - -[NOTE] -==== -If you have an x86_64 machine you're building on but you want a 32-bit happy iso image, add the following before your livecd-creator command: - -[options="nowrap"] ----- -setarch i686 livecd-creator [...] ----- -==== - - -[id='examples'] -== Examples - - -[id='spinning-the-fedora-desktop'] -=== Spinning the Fedora desktop - -The following command: - -[options="nowrap"] ----- -ksflatten -c /usr/share/spin-kickstarts/fedora-live-workstation.ks \ --o fedora-live-workstation-flat.ks -livecd-creator --verbose \ ---config=fedora-live-workstation-flat.ks \ ---fslabel=Fedora-LiveCD \ ---cache=/var/cache/live ----- - -This will create a live CD called *Fedora-LiveCD* using the `fedora-live-workstation.ks` configuration file. - - -[id='a-barebones-live-cd'] -=== A Barebones live CD - -The following command: - -[options="nowrap"] ----- -livecd-creator --verbose \ ---config=/usr/share/doc/livecd-tools-$(rpm -q livecd-tools --qf "%{VERSION}")/livecd-fedora-minimal.ks \ ---cache=/var/cache/live ----- - -This will create a live CD that will boot to a login prompt. - - -[id='testing-your-live-cd-using-kvm-or-qemu'] -== Testing your live CD using KVM or qemu - -image:qemu_gtk3.png[QEMU running Fedora 17,title="QEMU running Fedora 17"] - -As root: - -[options="nowrap"] ----- -# qemu-kvm -m 2048 -vga qxl -cdrom filename.iso ----- - -[NOTE] -==== -If you do not have https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[KVM] support, you have to use qemu instead. - -[options="nowrap"] ----- -# qemu-system-x86_64 -m 2048 -vga qxl -cdrom filename.iso ----- -==== - -Replace `_filename.iso_` with the name of your created Live CD image and `_qemu-system-x86_64_` with an appropriate qemu binary for the target system, e.g. `qemu-system-i386`. - -[id='live-image-media-verification'] -== Live image media verification - -The live image can incorporate functionality to verify itself. To do so, you need to have _isomd5sum_ installed both on the system used for creating the image and installed into the image. This is so that the `implantisomd5` and `checkisomd5` utilities can be used. These utilities take advantage of embedding an _md5sum_ into the application area of the iso9660 image. This then gets verified before mounting the real root filesystem. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc deleted file mode 100644 index ede4b7b..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc +++ /dev/null @@ -1,178 +0,0 @@ -:experimental: -include::{partialsdir}/attributes.adoc[] - -[id='proc_creating-and-using-live-usb'] -= Creating and using live USB - -You can write all Fedora ISO images to a USB stick, making this a convenient way on any USB-bootable computer to either install Fedora or try a *live* Fedora environment without writing to the computer's hard disk. You will need a USB stick at least as large as the image you wish to write. - -[id='using-fedora-media-writer'] -== Using Fedora Media Writer - -The official and supported tool to create a Fedora USB stick is the *Fedora Media Writer* utility, which was formerly known as *LiveUSB Creator*. - - -[IMPORTANT] -==== -*Fedora Media Writer* destroys all data on the USB stick. If you need a non-destructive write method (to preserve existing data on your USB stick) or support for 'data persistence', you can use the xref:creating-and-using-a-live-installation-image.adoc#using-the-livecd-iso-to-disk-tool[livecd-iso-to-disk] utility on Fedora. -==== - -[id='gnome-disk-utility'] -== Using GNOME Disk Utility - -IMPORTANT: This method will destroy all data on the USB stick. If you need a non-destructive write method (to preserve existing data on your USB stick) and/or support for 'data persistence', you can use the `livecd-iso-to-disk` utility on Fedora. - -[WARNING] -==== -This method is considered unsupported. You can use it on your own risk. -==== - -This method is for people running Linux, or another unix with GNOME, Nautilus and the GNOME Disk Utility installed. Particularly, if you are using a distribution other than Fedora which does not support Flatpak, this may be the easiest available method. A standard installation of Fedora, or a standard GNOME installation of many other distributions, should be able to use this method. On Fedora, ensure the packages _nautilus_ and _gnome-disk-utility_ are installed. Similar graphical direct-write tools may be available for other desktops, or you may use the command-line _direct write_ method. - -. Download a Fedora image, choose a USB stick that does not contain any data you need, and connect it. -. Run Nautilus (Files), open the *Overview* by pressing the *Start/Super* key, type Files, and hit kbd:[Enter]. -. Find the downloaded image, right-click on it, go to *Open With*, and click *Disk Image Writer*. -. Select your USB stick as the *Destination*, and click *Start Restoring*. - - -[id='command-line-method'] -== Command line methods - -[WARNING] -==== -These methods are considered unsupported. You can use them on your own risk. -==== - -[id='using-the-livecd-iso-to-disk-tool'] -=== Using the livecd-iso-to-disk tool - -IMPORTANT: This method will destroy all data on the USB stick _if the `--format` parameter is passed_. - -The `livecd-iso-to-disk` method is slightly less reliable than Fedora Media Writer and can be used reliably only from within Fedora: it does not work in Windows or macOS, and is not supported (and will usually fail) in non-Fedora distributions. However, it supports three advanced features which FMW does not include: - -. You may use a _non-destructive_ method to create the stick, meaning existing files on the stick will not be destroyed. This is less reliable than the _destructive_ write methods, and should be used only if you have no stick you can afford to wipe. -. On live images, you can include a feature called a _persistent overlay_, which allows changes made to persist across reboots. You can perform updates just like a regular installation to your hard disk, except that kernel updates require manual intervention and overlay space may be insufficient. Without a _persistent overlay_, the stick will return to a fresh state each time it is booted. -. On live images, you can also have a separate area to store user account information and data such as documents and downloaded files, with optional encryption for security and peace of mind. - -By combining these features, you can carry your computer with you in your pocket, booting it on nearly any system you find yourself using. - -It is not a good idea to try and write a new Fedora release using the version of `livecd-iso-to-disk` in a much older Fedora release: it is best to only use a release a maximum of two versions older than the release you are trying to write. - -Ensure the https://packages.fedoraproject.org/pkgs/livecd-tools/livecd-tools/[livecd-tools] package is installed: `dnf install livecd-tools`. - -[NOTE] -==== -Remember to identify your USB stick's device name first. In all cases, you can add the parameter `--efi` to render the stick bootable in native UEFI mode. Detailed usage information is available by running: `livecd-iso-to-disk --help` or `man livecd-iso-to-disk`. - -To make an existing USB stick bootable as a Fedora image, without deleting any of the data on it, make sure that the USB drive is not mounted before executing the following, and give the root password when prompted: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX ----- - -In case it is not possible to boot from a disk created with the method shown above, before re-partitioning and re-formatting, often resetting the master boot record will enable booting: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk --reset-mbr Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX ----- -==== - -IMPORTANT: Using the `--format` option in the following command will erase all data on the USB drive. - -If necessary, you can have `livecd-iso-to-disk` re-partition and re-format the target stick: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk --format --reset-mbr Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX ----- - -To include a persistent filesystem for `/home`, use the `--home-size-mb` parameter. For example: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk --home-size-mb 2048 Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX ----- - -This will create a 2 GiB filesystem that will be mounted as `/home` each time the stick is booted, allowing you to preserve data in `/home` across boots. - -To enable 'data persistence' support - so changes you make to the entire live environment will persist across boots - add the `--overlay-size-mb` parameter to add a persistent data storage area to the target stick. For example: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk --overlay-size-mb 2048 Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX ----- - -Here, `_2048_` is the desired size (in megabytes) of the overlay. The `livecd-iso-to-disk` tool will not accept an overlay size value greater than _4095_ for VFAT, but for ext[234] filesystems it is only limited by the available space. - -[NOTE] -==== -Due to the way it's currently implemented, every single change to this form of overlay, writes AND deletes, subtracts from its free space so it will eventually be "used up" and your USB stick will no longer boot. You can use `dmsetup` status `live-rw` to see how much space remains in the overlay. - -The output will contain something like snapshot `42296/204800`, indicating that 4229 of 204800 512-byte sectors are allocated. Because of these limitations, it is advisable to use the `system-level` persistence sparingly, for configuration changes and important security updates only. Or, if you have sufficient disk space available, changes to the `LiveOS` root filesystem snapshot can be merged into a new copy of the root filesystem. -==== - -You can combine `--home-size-mb` and `--overlay-size-mb`, in which case data written to `/home` will not exhaust the persistent overlay. - - -=== Using a direct write method - - -[IMPORTANT] -==== -This method will destroy all data on the USB stick. If you need a non-destructive write method, to preserve existing data on your USB stick, and/or support for `data persistence`, you can use the `livecd-iso-to-disk` utility on Fedora. -==== - -This method directly writes the image to the USB stick much like xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer] or GNOME Disk Utility, but uses a command line utility named `dd`. Like the other _direct write_ methods, it will destroy all data on the stick and does not support any of the advanced features like data persistence, but it is a very reliable method. The `dd` tool is available on most Unix-like operating systems, including Linux distributions and macOS, and a Windows port is available. This may be your best method if you cannot use xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer] or GNOME Disk Utility, or just if you prefer command line utilities and want a simple, quick way to write a stick. - -. Identify the name of the USB drive partition. If using this method on Windows, with the port linked above, the `dd --list` command should provide you with the correct name. -. *Unmount all mounted partition from that device*. This is very important, otherwise the written image might get corrupted. You can umount all mounted partitions from the device with `umount /dev/sdX*`, where `_X_` is the appropriate letter, e.g. `umount /dev/sdc*`. -. Write the ISO file to the device: -+ -[source,shell,subs="attributes"] ----- -# dd if=/path/to/image.iso of=/dev/sdX bs=8M status=progress oflag=direct ----- -. Wait until the command completes. -+ -NOTE: If you see `dd: invalid status flag: 'progress'`, your dd version doesn't support the `status=progress` option and you'll need to remove it. In this case, you won't see writing progress. - - -[id='unetbootin'] -== Using UNetbootin for Windows, macOS, and Linux - -[WARNING] -==== -This method is considered unsupported. You can use it on your own risk. -==== - -[NOTE] -==== -UNetbootin may work in some cases but not others - for instance, it will likely create a stick that is bootable in BIOS mode, but not UEFI mode. Fedora cannot guarantee support for UNetbootin-written images. - -While your results may vary, it is usually the case that the Fedora Media Writer, `livecd-iso-to-disk`, GNOME, and `dd` methods give better results than UNetbootin. If you encounter problems with UNetbootin, please contact the UNetbootin developers, not the Fedora developers. -==== - -https://unetbootin.github.io/[UNetbootin] is a graphical, bootable USB image creator. Using it will allow you to preserve any data you have in the USB drive. If you have trouble booting, however, you may wish to try with a blank, cleanly FAT32-formatted drive. - -NOTE: If you are running a 64-bit Linux distribution, UNetbootin may fail to run until you install the 32-bit versions of quite a lot of system libraries. - -. Download the latest UNetbootin version from the https://unetbootin.github.io/[official site] and install it. On Linux, the download is an executable file: save it somewhere, change it to be executable using `chmod ugo+x` filename or a file manager, and then run it. -. Launch UNetbootin. On Linux, you might have to type the root password. -. Click on `Diskimage` and search for the ISO file you downloaded. -. Select Type: USB drive and choose the correct device for your stick. -. Click OK. - -NOTE: If you do not see _sdX_ listed, you might have to reformat the drive. You can do this from most file manager or disk utility tools, e.g. the GNOME disk utility ("Disks") on Fedora. The FAT32 format is most likely to result in a bootable stick. This will cause you to lose all data on the drive. - - -[id='creating_usb_stick_from_a_running_live_environment'] -== Creating a USB stick from a running live environment - -If you are already running a live CD, DVD, or USB and want to convert that into a bootable USB stick, run the following command: - -[source,shell,subs="attributes"] ----- -# livecd-iso-to-disk /run/initramfs/livedev /dev/sdX" ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-cli.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-cli.adoc deleted file mode 100644 index f2dc10e..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-cli.adoc +++ /dev/null @@ -1,130 +0,0 @@ -[[creating-gpg-keys-cli]] -= Creating GPG Keys Using the Command Line - -. Use the following shell command: -+ ----- -gpg --full-generate-key ----- -+ -This command generates a key pair that consists of a public and a private key. -Other people use your public key to authenticate and/or decrypt your communications. -Distribute your *public* key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. - -. Press the kbd:[Enter] key to assign a default value if desired. - The first prompt asks you to select what kind of key you prefer: -+ ----- -Please select what kind of key you want: - (1) RSA and RSA (default) - (2) DSA and Elgamal - (3) DSA (sign only) - (4) RSA (sign only) - (14) Existing key from card -Your selection? ----- -+ -In almost all cases, the default is the correct choice. -A RSA/RSA key allows you not only to sign communications, but also to encrypt files. - -. Choose the key size: -+ ----- -RSA keys may be between 1024 and 4096 bits long. -What keysize do you want? (3072) ----- -+ -Again, the default is sufficient for almost all users, and represents an _extremely_ strong level of security. - -. Choose when the key will expire. - It is a good idea to choose an expiration date instead of using the default, which is _none._ - If, for example, the email address on the key becomes invalid, an expiration date will remind others to stop using that public key. -+ ----- -Please specify how long the key should be valid. - 0 = key does not expire - = key expires in n days - w = key expires in n weeks - m = key expires in n months - y = key expires in n years -Key is valid for? (0) ----- -+ -Entering a value of `1y`, for example, makes the key valid for one year. -(You may change this expiration date after the key is generated, if you change your mind.) -Before the `gpg` program asks for signature information, the following prompt appears: -+ ----- -Is this correct (y/N)? ----- -+ -. Enter `y` to finish the process. - -. Enter your name and email address. - _Remember this process is about authenticating you as a real individual._ - For this reason, include your _real name_. - Do not use aliases or handles, since these disguise or obfuscate your identity. - -. Enter your real email address for your GPG key. - If you choose a bogus email address, it will be more difficult for others to find your public key. - This makes authenticating your communications difficult. - If you are using this GPG key for https://fedoraproject.org/wiki/Introduce_yourself_to_the_Docs_Project[self-introduction] on a mailing list, for example, enter the email address you use on that list. - -. Use the comment field to include aliases or other information. - (Some people use different keys for different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.") - -. Enter the letter `O` at the confirmation prompt to continue if all entries are correct, or use the other options to fix any problems. - -. Enter a passphrase for your secret key. - The `gpg` program asks you to enter your passphrase twice to ensure you made no typing errors. - -Finally, `gpg` generates random data to make your key as unique as possible. -Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. -Once this step is finished, your keys are complete and ready to use: - ----- -pub rsa3072 2021-02-09 [SC] [expires: 2022-02-09] - 3782CBB60147010B330523DD26FBCC7836BF353A -uid John Doe (Fedora Docs) -sub rsa3072 2021-02-09 [E] [expires: 2022-02-09] ----- - -The key fingerprint is a shorthand signature for your key. -It allows you to confirm to others that they have received your actual public key without any tampering. -You do not need to write this fingerprint down. -To display the fingerprint at any time, use this command, substituting your email address: - ----- -gpg --fingerprint johndoe@example.com ----- - -Your key fingerprint is actually a 160 bit SHA-1 hash of the key, represented as a 40 character string of hexadecimal digits. -Though shorter than the public key itself, it's still a bit unwieldy, so people tend to use a shorter _GPG key ID_ to refer to a key when, for example, looking up a key in a keyserver. -The GPG key ID is a small number of hex digits drawn from the characters representing the lower-order bits of the fingerprint. -The "short" GPG key ID consists of the final 8 characters of the hexadecimal fingerprint, that is, the last 32 bits of the fingerprint. -Short keys are unsafe and no longer recommended because it's possible to create collisions so that an attacker's forged key has the same short ID as your key. -Thus if you give someone the short GPG key ID of your key, they may retrieve the attacker's key from a keyserver instead. - -For this reason, it's preferred to use the "long" GPG key ID, which consists of the final 16 characters of your key's hexadecimal fingerprint. -This represents the 64 lower-order bits of your fingerprint, which is sufficient to be collision-resistant. -The `gpg` program makes it easy for you to find your key's long GPG key ID: - ----- -gpg --list-keys --fingerprint --key-id-format 0xlong johndoe@example.com ----- - -The `0xlong` format prepends "0x" to the key ID to make it clear that this is a series of hexadecimal digits; it is considered good practice to do this. -The output from the above command looks like this: - ----- -pub rsa3072/0x26FBCC7836BF353A 2021-02-09 [SC] [expires: 2022-02-09] - Key fingerprint = 3782 CBB6 0147 010B 3305 23DD 26FB CC78 36BF 353A -uid John Doe (Fedora Docs) -sub rsa3072/0xF834D62672E88A6F 2021-02-09 [E] [expires: 2022-02-09] ----- - -The first line (beginning with "pub") tells you what kind the key is (that is, 3072 bit RSA) and what the long key ID is (that is, `0x26FBCC7836BF353A`). -You can see that this corresponds to the last 16 characters of the Key fingerprint in the output. - -Now see <>. -Make sure to back up your revocation keys for all active keys as this allows to revoke keys in the event of lost passphrase of key compromise. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-gnome.adoc deleted file mode 100644 index 7425cda..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-gnome.adoc +++ /dev/null @@ -1,27 +0,0 @@ -[[creating-gpg-keys-gnome]] -= Creating GPG Keys Using the GNOME Desktop - -Install the Seahorse utility, which makes GPG key management easier. - -. Select menu:Activities[Software]. - -. Click the _Search_ button and enter the name 'Seahorse'. - -. Click the Seahorse package and click btn:[Install] to add the software. - You can also install Seahorse using the command line with the command `sudo dnf install seahorse`. - -To create a key: - -. Select menu:Activities[Passwords and Encryption Keys], which starts the application Seahorse. - -. At the top left hand corner, click the menu:Plus Button[GPG Key]. - -. Type your full name, email address, and an optional comment describing who you are (e.g.: John C. Smith, jsmith@example.com, The Man). - -. Click btn:[Create]. - -. Choose a passphrase that is strong but also easy to remember in the dialog that is displayed. - -. Click btn:[OK] and the key is created. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-kde.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-kde.adoc deleted file mode 100644 index 7da4eb1..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-gpg-keys-kde.adoc +++ /dev/null @@ -1,16 +0,0 @@ -[[creating-gpg-keys-kde]] -= Creating GPG Keys Using the KDE Desktop - -. Start the KGpg program from the main menu by selecting menu:Applications[Utilities > KGpg]. - If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. - -. Enter your name, email address, and an optional comment in the dialog box that appears prompting you to create a new key pair. - You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. - -. Enter your passphrase in the next dialog box. - At this point, your key appears in the main KGpg window. - -To find your GPG key ID, look in the _ID_ column next to the newly created key. -In most cases, if you are asked for the key ID, you should prepend `0x` to the last 8 characters of the key ID, as in `0x6789ABCD`. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-new-systemd-services.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-new-systemd-services.adoc deleted file mode 100644 index 2100fb3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-new-systemd-services.adoc +++ /dev/null @@ -1,107 +0,0 @@ -[#creating-new-systemd-services] -= Creating new systemd services - -This example shows how to create a unit file for a custom service. Custom unit files are located in `/etc/systemd/system/` and have a `.service` extension. For example, a custom `foo` service uses `/etc/systemd/system/foo.service` unit file. - -[discrete] -== Prerequisites - -* You are logged in as a user with administrator-level permissions. - -[discrete] -== Procedure - -This procedure creates a basic configuration file to control the `foo` service. - -. Create and edit the new configuration file: -+ ----- -# nano /etc/systemd/system/foo.service ----- - -. The next few steps describe each section its parameters to add to the file: - -.. The `[Unit]` section provides basic information about the service. The `foo` service uses the following parameters: -+ -`Description`:: - A string describing the unit. _Systemd_ displays this description next to the unit name in the user interface. -`After`:: - Defines a relationship with a second unit. If you activate the unit, _systemd_ activates it only after the second one. For example, the `foo` service might require network connectivity, which means the `foo` services specifies `network.target` as an `After=` condition. -+ -The resulting `[Unit]` section looks like this: -+ ----- -[Unit] -Description=My custom service -After=network.target ----- - -.. The `[Service]` section provides instructions on how to control the service. The `foo` service uses the following parameters: -+ -`Type`:: - Defines the type of _systemd_ service. In this example, the `foo` service is a `simple` service, which starts the service without any special consideration. -`ExecStart`:: - The command to run to start the service. This includes the full path to the command and arguments to modify the service. -+ -The resulting `[Service]` section looks like this: -+ ----- -[Service] -Type=simple -ExecStart=/usr/bin/sleep infinity ----- - -.. The `[Install]` section provides instructions on how _systemd_ installs the service. The `foo` service uses the following parameters: -+ -`WantedBy`:: - Defines which service triggers the custom service if enabled with `systemctl enable`. This is mostly used for starting the custom service on boot. In this example, `foo.service` uses `multi-user.target`, which starts `foo.service` when _systemd_ loads `multi-user.target` on boot. - -. The full `foo.service` file contains the following contents: -+ ----- -[Unit] -Description=My custom service -After=network.target - -[Service] -Type=simple -ExecStart=/usr/bin/sleep infinity - -[Install] -WantedBy=multi-user.target ----- -+ -Save the file. - -. To make _systemd_ aware of the new service, reload its service files -+ ----- -# systemctl daemon-reload ----- - - -. Start the custom `foo` service: -+ ----- -# systemctl start foo ----- - -. Check the status of the service to ensure the service is running: -+ ----- -$ systemctl status foo -● foo.service - My custom service - Loaded: loaded (/etc/systemd/system/foo.service; static; vendor preset: disabled) - Active: active (running) since Thu 2017-12-14 14:09:12 AEST; 6s ago - Main PID: 31837 (sleep) - Tasks: 1 (limit: 4915) - CGroup: /system.slice/foo.service - └─31837 /usr/bin/sleep infinity - -Dec 14 14:09:12 dansmachine systemd[1]: Started My custom service. ----- - -[discrete] -== Related Information - -* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating-virtual-machines.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating-virtual-machines.adoc deleted file mode 100644 index 8bfe32e..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating-virtual-machines.adoc +++ /dev/null @@ -1,128 +0,0 @@ -[[creating-virtual-machines]] -= Creating virtual machines -include::{partialsdir}/attributes.adoc[] -:experimental: - -The installation of Fedora guests using Anaconda is supported. The installation can be started on the command-line using the `virt-install` program or in the user interface program `virt-manager`. - -[[creating-a-guest-with-virt-install]] -== Creating a guest with virt-install - -`virt-install` is a command-line based tool for creating virtualized guests. Execute `virt-install --help` for command line help, or you can find the manual page at `man 1 virt-install`. - -To use the virt-install command, you should first download an ISO of the Fedora version you wish to install. You can find the latest Fedora images at https://getfedora.org. This ISO is only needed during Fedora installation, and can be deleted to free up storage space afterwards if desired. More information about Fedora installation can be found in the xref:f{MAJOROSVER}@fedora:install-guide:index.adoc[Installation Guide]. In this example we'll use Fedora Workstation. - -=== Planning VM Resources -Adjust the ram, vcpus, and disk size parameters according to the resources you have available. - -* Storage: An easy way to check your disk size from a bash shell is using the `df(1)`` utility from the shell: - -[source,shell,subs="attributes"] ----- -# df -h ----- -* Memory: You can check your available memory from the shell using free(1): - -[source,shell,subs="attributes"] ----- -# free -m ----- -* VCPU: You can check your processor information using `lscpu(1)`: - -[source,shell,subs="attributes"] ----- -# lscpu ----- - -When allocating resources to your VM, keep in mind the minimum system requirements for the version of Fedora you are installing as well as your use case requirements. For Fedora {MAJOROSVER}, you can find this in the xref:f{MAJOROSVER}@fedora:release-notes:welcome/Hardware_Overview.adoc[Release Notes]. - -==== Create Storage for the VM - -The libvirt default storage pool is located at ``/var/lib/libvirt/images` - which is the parent file path we use in this example. For individuals who are lacking enough storage in that path, you can simply mount a new disk or partition to that directory path (from the BASH shell, type `man 1 mount`) or select a new path. In the example `virt-install` command below, the disk did not exist prior to running virt-install. When the specified disk is not pre-existing, you must specify the size so virt-install can create a disk for you. If your disk already exists, you can safely remove the `,size=20` parameter from the disk argument. - -You have several disk storage options for your VM. While it's outside the scope of this article to discuss these in detail, the following are a few common options. These examples use 20G as the upper limit for disk size, but you can adjust this size to fit your needs. - -[NOTE] -==== -Again, you do not need to manually allocate storage using the example options shown below if you specify the size parameter in the virt-install example shown below. -==== - -===== Raw File (Non-Sparse) - -To create a fully allocated (non-sparse) raw file: - -[source,shell,subs="attributes"] ----- -# sudo dd if=/dev/zero of=/var/lib/libvirt/images/guest.img bs=1M count=20480 ----- - -you can also use fallocate(1): - -[source,shell,subs="attributes"] ----- -# sudo fallocate -l 20480M /var/lib/libvirt/images/guest.img ----- - -===== Raw File (Sparse) - -To create a dynamically allocated (sparse) raw file: - -[source,shell,subs="attributes"] ----- -# sudo rm -f /var/lib/libvirt/images/guest.img -# sudo truncate --size=20480M /var/lib/libvirt/images/guest.img ----- - - -===== QCOW2 -To create a new qcow2-formatted disk separately, you can use qemu-img (the example below specifies a disk size of 20G): - -[source,shell,subs="attributes"] ----- -# sudo qemu-img create -f qcow2 /var/lib/libvirt/images/guest.qcow2 20480 ----- - -More information about libvirt storage options can be found at https://libvirt.org/storage.html. - -Finally, run the virt-install command using the following format (adjusting parameters as needed): - -[source,shell,subs="attributes"] ----- -# sudo virt-install --name Fedora{MAJOROSVER} \ ---description 'Fedora {MAJOROSVER} Workstation' \ ---ram 4096 \ ---vcpus 2 \ ---disk path=/var/lib/libvirt/images/Fedora-Workstation-{MAJOROSVER}/Fedora-Workstation-{MAJOROSVER}-20180518.0.x86_64.qcow2,size=20 \ ---os-type linux \ ---os-variant fedora{MAJOROSVER} \ ---network bridge=virbr0 \ ---graphics vnc,listen=127.0.0.1,port=5901 \ ---cdrom /var/lib/libvirt/images/Fedora-Workstation-{MAJOROSVER}/Fedora-Workstation-Live-x86-64-{MAJOROSVER}-1.1.iso \ ---noautoconsole ----- - -[NOTE] -==== -Note: For the graphics parameter, we're setting the vnc listener to localhost because it's more secure to tunnel your VNC connection through SSH so that you don't expose VNC to everyone with access to the network. -==== - -`virt-install` can use kickstart files, for example, `virt-install -x ks=kickstart-file-name.ks`. - -If graphics were enabled, a VNC window will open and present the graphical installer. If graphics were not enabled, a text installer will appear. Proceed with the Fedora installation. - -[[creating-a-guest-with-virt-manager]] -== Creating a guest with virt-manager - -. Start Virtual Machine Manager by navigating to menu:Applications[System Tools], or by running the following command: -+ -[source,shell,subs="attributes"] ----- -# sudo virt-manager ----- -+ -. Open a connection to a hypervisor by navigating to menu:File[Add connection]. -. Choose *qemu* for KVM, or *Xen* for Xen. -. Choose *local* or select a method to connect to a remote hypervisor. -. After a connection is opened, click the new icon next to the hypervisor, or right-click on the active hypervisor and select *New*. -. Configure the virtual machine following the steps in the *New VM* wizard. -. Click *Finish* at the end of the wizard to provision the guest operating system. After a few moments a VNC window will appear. Proceed with the Fedora installation. diff --git a/modules/ROOT/pages/_partials/2delete-proc_creating_xorg_conf.adoc b/modules/ROOT/pages/_partials/2delete-proc_creating_xorg_conf.adoc deleted file mode 100644 index 5507a81..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_creating_xorg_conf.adoc +++ /dev/null @@ -1,18 +0,0 @@ -[[creating-an-xorg-conf-file]] -= Creating an xorg.conf file - -You can create a basic file using the `X` executable. It will contain sections and entries that you can edit to suit your needs. To create the file, enter this command as *root*: - ----- -# Xorg :1 -configure ----- - -Next, copy the file to the correct location: - ----- -# cp /root/xorg.conf.new /etc/X11/xorg.conf ----- - -Now you may edit the file according to your needs. - -See the `xorg.conf(5)` man page for more information. diff --git a/modules/ROOT/pages/_partials/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc deleted file mode 100644 index 5941575..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc +++ /dev/null @@ -1,74 +0,0 @@ -[id='proc_cups-filing-a-bug-report'] -= Filing a bug report - -:experimental: -include::{partialsdir}/attributes.adoc[] - -== Deciding which component - -Problems involving printing may relate to several components. - -The configuration GUI (See above) is either https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=control-center[GNOME 3 System Settings application] or https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=system-config-printer[system-config-printer]. These packages also provide the printer applet, handle automatic queue creation, and disable/enable queues when USB printers are disconnected and reconnected. - -Most GTK+ applications use the GTK+ print dialog. If the problem occurs when using GTK+ applications but not when printing from the command line or from another non-GTK+ application, the problem should probably be reported against the GTK+ version which the application uses. You can find out the version by the following query (*thunderbird* is used as an example of RPM package): - ----- -$ rpm -q thunderbird | grep gtk -libgtk-3.so.0 ----- - -From the output you can see *thunderbird* uses GTK+ version 3. - -If the problem occurs with only one GTK+ application, and other GTK+ applications print fine, the bug should be filed against that particular application. - -If the problem only happens with PDF files, the bug may well be in https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=poppler[poppler] (the CUPS *pdftops* filter is a wrapper around one of the poppler utility programs). - -Report bugs only seen using the *smb* backend against https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=samba[samba]. - -For bugs only seen when using the *hp* backend, or the hpijs or hpcups drivers, select https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=hplip[hplip] for the component. - -For bugs for cups-browsed daemon and its printer discovery, please select https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=cups-filters[cups-filters] - -Other possibilities, depending on the problem, include: - -* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=foomatic[foomatic] (the Foomatic CUPS filter and driver) -* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=foomatic-db[foomatic-db] (the actual printer database used by Foomatic) -* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=ghostscript[ghostscript] (which converts PostScript to other formats) -* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=gutenprint[gutenprint] (a driver that supports very many printers) - -For anything else, or if you are not sure, choose https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=cups[cups] or use your best guess. - -== Other information to include - -Be prepared to include some information about your system as well. - -=== Before gathering of information - -* Please change your OS locale to English. -* Please attach gathered information as archive (example is xref:cups-useful-tricks.adoc#_how_to_compress_files[here], you may need root permissions) to the bugzilla issue. -* Please do not forget to trigger your issue after debug enabling and restarting cups and before information gathering. - -=== Information to gather - -* the PPD file for the print queue (from the `/etc/cups/ppd` directory) -* the document you are attempting to print -- if the document is large, please try to see if the problem also occurs with a smaller document -* cupsd journal logs when debug level 2 is turned on. See the xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[how-to for turning debug2 on and for getting logs from systemd-journald]. -* if the issue is connected to a print job, attach journal logs for this specific job too. How-to get logs xref:how-to-debug-printing-problems.adoc#_get_a_job_log_for_a_specific_job_id[here], example with JID. You can find out JID value by command: - ----- -$ lpstat -W all ----- - -Find your job there and JID is a number after '-'. - -* If the issue is about f.e. 'printing from evince prints garbage, but printing from libreoffice works', then attach two separate files - first will contain logs when you print from evince, latter logs when you print from libreoffice. -* [filename]`troubleshoot.txt` from system-config-printer (BEWARE: it doesn't contain journal logs - don't forget to attach them too). -* xref:how-to-debug-printing-problems.adoc#_what_make_and_model_is_my_printer[make and model] of printer -* config files - [filename]`/etc/cups/client.conf` (if it contains any changes from default), [filename]`/etc/cups/cupsd.conf` -* if the issue is with cups-browsed and printer's discovery, attach [filename]`/etc/cups/cups-browsed.conf` and cups-browsed logs gained by xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[this how-to]. - -Some example documents can be found in the https://fedoraproject.org/wiki/Category:Printing_Test_Cases[Printing Test Cases category]. - -== Further reading - -The https://fedoraproject.org/wiki/Printing[main printing page] and the xref:cups-terminology.adoc#_printing[printing terminology page] have more information about how printing works in Fedora. diff --git a/modules/ROOT/pages/_partials/2delete-proc_cups-how-to-debug-scanning-issues.adoc b/modules/ROOT/pages/_partials/2delete-proc_cups-how-to-debug-scanning-issues.adoc deleted file mode 100644 index 3313a05..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_cups-how-to-debug-scanning-issues.adoc +++ /dev/null @@ -1,115 +0,0 @@ -[id='proc_cups-how-to-debug-scanning-issues'] -= How to debug scanning issues - -SANE library, communication libraries and backends can turn on and off debug logging via `SANE_DEBUG_*` environment variables. - -The common environment variables: - -* `SANE_DEBUG_DLL` - enables debugging SANE library -* `SANE_DEBUG_SANEI_USB` - enables debugging communication library for USB - add the environment variable if your device is connected via USB cable -* `SANE_DEBUG_SANEI_TCP` - enables debugging communication library for wireless/ethernet - add the environment variable if your device is connected by Wifi or Ethernet - -Environment variables for enabling debugging a specific backends have a structure - `SANE_DEBUG_`, so the environment variable for f.e. *HPAIO* backend is `SANE_DEBUG_HPAIO*`. - -You can find which SANE backend supports your device http://www.sane-project.org/sane-mfgs.html[here]. If your device is HP and it isn't supported by *airscan* backend or any other SANE backend, it can be supported by *hpaio* backend from *hplip* package, see the list of supported devices https://developers.hp.com/hp-linux-imaging-and-printing/supported_devices/index[here]. - -== Debugging scanner discovery - -If you don't see your scanner in scanning application, then debugging of discovery process is in order. I prefer using [command]`scanimage` in the examples, but the similar steps can be applied for every scanning application like [command]`xsane`, [command]`scanadf`, [command]`simple-scan` etc. - -You will need to use environment variables when you start a scanning application ([command]`scanimage` in this case). The environment variables used with [command]`scanimage` command depends on how your scanner is connected and which backend suppose to support it. So for getting debug logs for HP LaserJet device, *connected via Ethernet/Wifi and supported by HPAIO backend*, use command: - ----- -$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 scanimage -L &> discovery_output ----- - -or, f.e. if you have CanoScan 8600F, connected by USB and supported by genesys backend, use command: - ----- -$ SANE_DEBUG_DLL=255 SANE_DEBUG_GENESYS=255 SANE_DEBUG_SANEI_USB=255 scanimage -L &> discovery_output ----- - -Please attach the created [filename]`discovery_output` file as an attachment to the bugzilla ticket. - -== Debugging scanning process - -If the scanner is found, but an issue happens during scanning itself, we need to debug scanning process itself - which means debugging communication between backend and scanner when you start scanning a document. - -The debugging scanning itself looks similar as discovery - setup the environment variables before running the command/scanning application and catch logs into a file. The possible command can be (f.e. if you have *network scanner supported by HPAIO backend*): - ----- -$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 xsane &> debug_log ----- - -or (once you find out device uri from [command]`scanimage -L` - see the xref:_getting_a_scanner_device_uri[next section]): - ----- -$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 scanimage -d > out.pnm 2> debug_log ----- - -, where you substitute `` for the actual device uri, f.e. 'hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112'. - -Please attach the created file - [filename]`debug_log` - as an attachment to the bugzilla ticket. - -== Getting a scanner device uri - -This point is basically a manual how to get a scanner uri for debugging scanning itself via [command]`scanimage`. You don't need to provide a scanner uri in GUI applications like [command]`xsane` or [command]`simple-scan`, because the application will do it for you or you can choose the scanner by a mouse click. - -The [command]`scanimage -L` command returns an output where device uri of the device is shown, f.e.: - ----- -$ scanimage -L -device `v4l:/dev/video0' is a Noname Integrated Camera: Integrated C virtual device -device `hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112&queue=false' is a Hewlett-Packard laserjet_m1536dnf_mfp all-in-one ----- - -F.e.the string 'hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112&queue=false' is a device uri for for Hewlett-Packard laserjet_m1536dnf_mfp all-in-one scanner. - -== Debugging HP scanner if it is supported by HPLIP - -The hplip package doesn't have unified logging, so some logs come out of HPAIO backend to standard output and HP internal utilities logs come to journal. So we need to capture both to get the understanding of situation. - -It can be done this way: - -* start capturing journal logs at background: - ----- -$ journalctl -f > journal_logs & ----- - -* trigger an action (xref:_debugging_scanner_discovery[discovery] or xref:_debugging_scanning_process[scanning]) -* kill the journalctl process, f.e. this way (if there is only one journactl process) - ----- -$ kill `pidof journalctl` ----- - -then attach the created file - [filename]`journal_logs` - as an attachment to the bugzilla ticket. Please do only one action per capture - that means if you are asked to attach log files for HP scanner discovery and scanning supported by hplip, you will attach as an attachment four files - [filename]`discovery_output`, [filename]`journal_logs` for discovery output, [filename]`debug_logs` and [filename]`journal_logs` for debug_logs. - -== Debugging sane-airscan - -If your device supports eSCL or WSD (you can find it out from device specification - look for the mentioned protocols or AirScan), then its scanning functionality is supported by *sane-airscan*. Regarding debugging, on the top of usual logging sane-airscan gathers a communication dump and output image, which is helpful during investigation. - -sane-airscan debugging can be enabled in [filename]`/etc/sane.d/airscan.conf` by setting: - ----- -[debug] -trace = /path/to/dir/where/debugfiles/will/be/saved -enable = true ----- - -Then do trigger your issue (xref:_debugging_scanner_discovery[discovery] or xref:_debugging_scanning_process[scanning]), go to the dir you defined in [filename]`/etc/sane.d/airscan.conf`, take all files from there and attach them to the bug ticket. - -== How to divide logs - -In case your debug log is too big for bugzilla to attach (because your issue doesn't happen with the lowest settings or logs are big even with the lowest settings), do divide the logs to three files like this: - ----- -$ grep dll debug_log > debug_log_dll -$ grep debug_log > debug_log_connection -$ grep debug_log > debug_log_backend ----- - - is the name of backend which supports your scanner (pixma, genesys, plustek, hpaio, airscan etc.), is the type of connection you use for the device (tcp, usb). - -The division makes the investigation more difficult (the person needs to have three opened files at the same time), so do divide the logs only if log file is too big. diff --git a/modules/ROOT/pages/_partials/2delete-proc_cups-identifying-your-problem-area.adoc b/modules/ROOT/pages/_partials/2delete-proc_cups-identifying-your-problem-area.adoc deleted file mode 100644 index ce34651..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_cups-identifying-your-problem-area.adoc +++ /dev/null @@ -1,422 +0,0 @@ -[id='proc_cups-identifying-your-problem-area'] -= Identifying your problem area - -Printing issues can be fairly complex and active cooperation or lots of data can be requested from reporter by maintainer to helping maintainer to at least understand and (if it is not hardware specific issue) reproduce the issue, so please have a patience and try to narrow the problem as much you are able to for maintainers. - -There can be: - -* issues with seeing or connecting to the printer (it can be cups backend issues, avahi issues, libusb issues, cups-browsed issues), -* accessibility issues (correct/wrong setup in cupsd.conf or its bad interpretation by cupsd daemon, bad cooperation with NIS, SSSD...), -* printing with help of samba (issues with smb backend, which is part of samba) or with samba authenticated through Kerberos (samba_krb5_printing), -* issues with filters used during filtering the document into document format supported by printer, which influence how or if the document will be printed (issue with filters - pdftops, pdftopdf, pstops, bannertopdf etc. - or issues with binaries or libraries which filters uses - libgs, qpdf, poppler...), -* issues with Postscript Printer Description files, which are old way of defining printers capabilities like supported page sizes, borders etc... - -Not mentioning possible limitations or issues in firmware or hardware of printer itself, so any kind of data or narrowing the issue is welcomed. - -The best start is to attach files with logs described further down. - -== CUPS logging - -All CUPS logging is redirected to journal by default since Fedora 28 (there was a redirecting of error_log to journal by default before Fedora 28). - -We need to define two different ways of capturing incident-bound CUPS whole logs - the one if the broken print queue isn't provided by HPLIP and the other if it is. They differs in the filter option of journald - if you use non-HPLIP queue for debugging, it is okay to gather the logs from cups systemd unit (by '-u cups'), because all error messages are correctly redirected to cups systemd unit logging and they are accessible in the output after unit filtering. HPLIP libraries are not implemented to do the same (upstream is unresponsive to accept a potencial fix into the project and the issue is not critical enough to drag a downstream patch forever), so their messages aren't marked for cups systemd unit and they're filtered out after calling journald with '-u cups'. For such queues journald log without filtering is required. - -[NOTE] -=============================== -Incident-bound journald log without filtering is required only for HPLIP print queues (their device uri starts with hp://) and it is unwanted for other queues, because it can be hard to read in larger cases. Please attach incident-bound journald log only when it is necessary. -=============================== - -=== Location of CUPS logging - -CUPS logging is located in the system journal by default, but the logging into a file can be set in [filename]`/etc/cups/cups-files.conf` with directive [option]`ErrorLog`. If you want to change the default settings, then the name of the logging file is irrelevant, but it is recommended to put the file into path `/var/log/cups`, otherwise SELinux will block cupsd from accessing it. - -Setting the logging to a file has following cons (without further operations): - -* unable to get only logs connected to a job without chaining more commands -* unable to get logs for specified time frame without chaining more commands - -For capturing a incident-bound logs `tail -f` can be used e.g.: - ----- -tail -f /var/log/cups/error_log ----- - -=== Enable CUPS debug logging - -Enable full debugging information with: - ----- -$ cupsctl LogLevel=debug2 ----- - -=== CUPS job log - -[IMPORTANT] -=============================== -If the problem appears when you sent document to print or if you are trying to, capture logs for this job. If the job log is available, its attaching is *REQUIRED*. -=============================== - -==== Prepare CUPS for job logging - -For being able to see specific job log, please turn on: - ----- -PreserveJobFiles Yes ----- - -in your [filename]`/etc/cups/cupsd.conf` file and restart cup service. Do not forget to remove the line after you are done with debugging. [command]`lpstat -W all` seems to be empty after printing if you do not enable the directive. - -==== Get a job log for a specific job ID - -To capture job log you need to know Job ID (JID) of the job - it is the number after dash in a request ID: - -Request ID looks like this: - ----- -- ----- - -and can be seen in terminal if you send a document to print by [command]`lp` command: - ----- -$ lp -d ... -request id is - (N file(s)) ----- - -Or when you list jobs (see [command]`man lpstat`) - the latest job is at the end: - ----- -$ lpstat -W all -... -- 1024 Wed 11 Jan 2017 05:52:19 PM CET ----- - -You can get the latest job logs automatically (if you have [command]`awk` installed and [command]`lpstat -W` all returns jobs) by: - ----- -$ journalctl -u cups JID=`lpstat -W all | awk '{print $1}' | awk -F '-' '{print $NF}' | tail -n 1` > cups_job_log ----- - -Or manually, if you found JID by yourself: - ----- -journalctl -u cups JID= > cups_job_log ----- - -=== Incident-bound cupsd log (broken print queue isn't HPLIP supported) - -Sometimes we cannot bind the error with a specific print job, so the job log is uneffective. Incident-bound cupsd log is needed. - -==== How to start to capture incident-bound cupsd logging - -In new terminal/terminal tab, please issue: - ----- -journalctl -f -u cups > cups_whole_log ----- - -==== How to get incident-bound cupsd logging - -After you trigger the error condition you are trying to diagnose e.g. printing something, try to find a printer via [command]`lpinfo` etc., you terminate capturing incident-bound cupsd log from xref:_how_to_start_to_capture_incident_bound_cupsd_logging[step above] by `+`. - -=== Incident-bound cupsd log (broken print queue is HPLIP supported) - -Unfortunately, HPLIP libraries don't log into CUPS unit in journal, so if your print queue is installed with HPLIP driver (its device uri starts with `hp://`), we need incident-bound journal log. - -==== How to start to capture incident-bound journal logging - -In new terminal/terminal tab, please issue: - ----- -journalctl -f > journal_whole_log ----- - -==== How to get incident-bound journal logging - -After you trigger the error condition you are trying to diagnose e.g. printing something, running HP script etc., you terminate capturing incident-bound journal log from xref:_how_to_start_to_capture_incident_bound_journal_logging[step above] by `+`. - -=== Turning off debug logging - -Please attach [filename]`cups_job_log` for the problematic job, [filename]`cups_whole_log` or [filename]`journal_log` if you caught whole cupsd log during the problematic event to bug report as an attachment. - -Then to turn off debugging information, do this: - ----- -$ sudo sed -i 's,LogLevel debug2,LogLevel warn,' /etc/cups/cupsd.conf -$ sudo systemctl restart cups ----- - -=== More commands for working with systemd-journald - -View the log messages with: - ----- -journalctl -u cups -e ----- - -or: - ----- -journalctl -u cups --since=... ----- - -To filter out messages relating to a specific job ID, use: - ----- -journalctl -u cups JID=... ----- - -(tab completion will show you which job IDs have log messages) - -== cups-browsed logging - -cups-browsed daemon was introduced in Fedora around cups-1.5 version. It can browse Bonjour broadcasts, CUPS broadcasts (deprecated) and LDAP servers for printers and create or remove local queues pointing to those printers. It can creates broadcasts of local CUPS queues, but it is marked as deprecated. - -For setting debug logging on you need to add: - ----- -DebugLogging stderr ----- - -to [filename]`/etc/cups/cups-browsed.conf`. - -The logs will be available in system journal after cups-browsed restart. - -== HPLIP scripts debug logging - -Python scripts from HPLIP (e.g. [command]`hp-setup`, [command]`hp-clean`, [command]`hp-scan`) have debug logging redirected to the standard error file descriptor, so they are not logged in journal. For getting their debug logging, run the script with `-ldebug` parameter e.g.: - ----- -$ hp-setup -ldebug -i ----- - -and reproduce the issue. Then copy the messages from terminal into [filename]`hp_script_log`. Please attach the file to the bugzilla ticket too. - -== What make and model is my printer? - -Each different printer has a model-specific Device ID. You can find out with the [command]`lpinfo` command: - ----- -su -c "lpinfo -l -v" ----- - -This command runs each of the backends in discovery mode, to get them to report devices they can automatically detect. This will output a series of blocks of lines, each one like this: - ----- -Device: uri = usb://HP/DESKJET%20990C?serial=U123456789AB - class = direct - info = HP DESKJET 990C - make-and-model = HP DESKJET 990C - device-id = MFG:HEWLETT-PACKARD;MDL:DESKJET 990C;CMD:MLC,PCL,PML;CLS:PRI -NTER;DES:Hewlett-Packard DeskJet 990C;SN:U123456789AB;S:00808880800010032C100000 -0C2000000;P:0800,FL,B0;J: ; - location = ----- - -The line which identifies this particular model type is the long one that starts "device-id =" (shown here wrapping over three lines). - -Note that if your printer cannot be automatically detected, you may still be able to find out the Device ID by running the appropriate backend with the printer hostname as the argument. The *usb*, *parallel*, *snmp*, and *dnssd* backends all try to report the actual Device ID given by the printer. - ----- -$ /usr/lib/cups/backend/snmp 10.34.18.3 - -network socket://10.34.18.3 "HP Color LaserJet CP2025dn" "HP Color LaserJet CP2025dn" -"MFG:Hewlett-Packard;CMD:PJL,PML,PCLXL,POSTSCRIPT,PCL;MDL:HP Color LaserJet CP2025dn; -CLS:PRINTER;DES:Hewlett-Packard Color LaserJet CP2025dn;MEM:MEM=55MB;COMMENT:RES=600x8;" "HP Color LaserJet CP2025dn" ----- - -Device ID is in this case (see http://www.cups.org/documentation.php/doc-1.5/man-backend.html[backend(7)]) the last but one field. - -== Which print queues are available for me? - -The queues on your machine can be permanent ones or temporary. CUPS is capable to list all available print queues on the local network (permanent and temporary queues) by: - ----- -$ lpstat -e ----- - -For permanent queues you are able to get more info with: - ----- -$ lpstat -t ----- - -== Which driver am I using? - -The PPD file for the printer queue can tell you which driver is in use. You can use this command to find out which driver is being used: - ----- -grep -H '^*NickName:' /etc/cups/ppd/*.ppd ----- - -You can also find this out using the [command]`system-config-printer` application. Double-click on the icon for the queue and look at the Make and Model field. - -To see the available drivers, click on the _Change..._ button next to that field. You might find it useful to try another driver to see if that shows the same problem. - -=== Driverless models - -Most printers released since 2010 are capable of AirPrint or IPP Everywhere, which means they don't need to be installed to work - the device is found by Avahi and the print capabilities are communicated via IPP protocol - they are basically driverless devices. There are two solutions in Fedora which implement IPP everywhere: - -- CUPS 'everywhere' model -- cups-filters 'driverless' driver - -==== CUPS 'everywhere' model - -It is CUPS implementation of IPP everywhere standard, available as a special printer model. The model is used when you use CUPS temporary queue for your device or if you install your device with as IPP Everywhere model in CUPS web ui or via lpadmin (using `-m everywhere`). - -Because the created PPD file depends on IPP communication with printer, we need info which is gathered from the device. You can use [command]`ipptool` for that: - ----- -$ ipptool --ippserver ipptool.attr get-printer-attributes.test ----- - -Attach the created [filename]`ipptool.attr` to the bugzilla ticket if needed. - -==== cups-filters 'driverless' driver - -Cups-filters special driver which is used for generating PPD according IPP Everywhere standard. The driver is used if you choose *driverless* model during printer installation. - -We need get-printer-attributes request output too: - ----- -$ ipptool --ippserver ipptool.attr get-printer-attributes.test ----- - -and debug logs from the driver itself when it generates PPD for your device: - ----- -$ driverless -d cat 2> driverless_debug > created_ppd ----- - -Attach all created files to the bugzilla ticket if needed. - -== Finding where the problem lies - -When a print job is processed it is sent through a chain of _filters_ to convert the file into a format the printer can understand, and then finally sent to a _backend_, a program which can transport the data to the printer. By slightly changing how you print you can try a different printing path to see if that changes anything. If it works around the problem, you know which area the problem was in -- include that information in a bug report so that we can fix it. - -=== Application - -Try printing from a different application to see if the problem goes away or if it occurs regardless of how a file is printed. Try printing the document from the command line using the [command]`lp` command. - -=== Document format - -If you are having problems printing PDF files, try printing other types of file to see if the problem is with printing anything or if it is specific to printing PDF files. Try converting the file to a different format and printing that. - -If the problem relates to printing text files, try removing/installing the paps package. This package provides an alternative text-to-PostScript filter to the one that comes with CUPS. - -To inspect the document that was submitted to CUPS for printing, enable the [option]`PreserveJobFiles` option like this: - ----- -cupsctl PreserveJobFiles=yes ----- - -Submitted job documents will remain in `/var/spool/cups`. There are files with two types of names - [filename]`dXXXXX-YYY` and [filename]`cXXXXX`. [filename]`dXXXXX-YYY` is file which goes to CUPS system, unfiltered file - `XXXXX` is job ID, which is filled with zeros to be 5 characters long, and `YYY` is sequence number of file in the job. [filename]`cXXXXX` is file which contains printing options for a job specified by job ID in `XXXXX`. Please attach [filename]`dXXXXX-YYY` to the bug for a job when you experience the issue - -==== Running filters by hand - -More advanced users may like to try running the CUPS filters by hand and examining the data file at each step as it is converted between different formats. Here is an example of doing this for a gutenprint queue named pqueue with the CUPS test page which is its own special MIME type, `application/vnd.cups-banner`: - -First you need to know the filter pipeline for `application/vnd.cups-banner` -> `printer/pqueue` (output MIME type). You can either xref:_enable_cups_debug_logging[enable debugging], print a test page, get xref:_cups_job_log[CUPS job log] and in cups_job_log you'll find something similar to: - ----- -envp[29]="FINAL_CONTENT_TYPE=printer/pqueue" -Started filter /usr/lib/cups/filter/bannertopdf (PID 1111) -Started filter /usr/lib/cups/filter/pdftopdf (PID 1112) -Started filter /usr/lib/cups/filter/gstoraster (PID 1113) -Started filter /usr/lib/cups/filter/rastertogutenprint.5.2 (PID 1114) ----- - -or run - ----- -/usr/lib/cups/filter/bannertopdf 1 me '' 1 '' bannertopdf.pdf -cupsfilter -e -m printer/pqueue -p /etc/cups/ppd/pqueue.ppd bannertopdf.pdf > /dev/null ----- - -and you'll see: - ----- -INFO: pdftopdf (PID 1111) started. -INFO: gstoraster (PID 1112) started. -INFO: rastertogutenprint.5.2 (PID 1113) started. ----- - - -[NOTE] -=============================== -This filter pipeline is from cups-1.6. With cups < 1.6 you can see bannertops -> pstops -> pstoraster instead. -=============================== - -Now you can run filters by hand: - ----- -export PPD=/etc/cups/ppd/pqueue.ppd -/usr/lib/cups/filter/bannertopdf 1 me '' 1 '' bannertopdf.pdf -/usr/lib/cups/filter/pdftopdf 1 me '' 1 '' pdftopdf.pdf -/usr/lib/cups/filter/pdftoraster 1 me '' 1 ''out.ras -/usr/lib/cups/filter/rastertogutenprint.5.2 1 me '' 1 ''out.prn ----- - -Here, [command]`evince` or [command]`okular` can be used to examine the output after the first two filters, [command]`rasterview` can be used to examine the output of the third filter, and the last filter's output must be inspected by hand or sent directly ([command]`lpr -oraw out.prn`) to the printer. - -=== Driver - -If you have access to a different make/model of printer it might be worth trying to see if the problem occurs on both of them or just one. This can give an indication about whether it is a problem with a particular driver, or if it is a more general problem. - -Even if you only have access to the one printer there is often a choice of drivers to use for a given printer model, and trying each one in turn can be useful in narrowing down the problem. See xref:_which_driver_am_i_using[above] for how to do that. - -==== Foomatic - -For Foomatic drivers you can try enabling Foomatic debugging by editing the file [filename]`/etc/foomatic/filter.conf` and adding a line: - ----- -debug: 1 ----- - -Next time you print a job to a queue using foomatic the debugging will be put in [filename]`/tmp/foomatic-rip.log`, and the input file as received by foomatic-rip will be in [filename]`/tmp/foomatic-rip.ps`. - -=== Backend (job transport) - -It may be possible for you to try a different backend. Using [command]`system-config-printer`, double-click on the printer queue icon and click the _Change..._ button next to the _Device URI_ field. You may see a _Connection_ expander arrow near the bottom right hand corner of the window -- click that to see which backends are available. For USB-connected HP printers, typically either of the *hp* and *usb* backends can be used. - -For capturing USB communication: - -* find out the bus number where USB device is connected, f.e.: - ----- -$ lsusb -Bus 002 Device 010: ID 03f0:012a HP, Inc HP LaserJet M1536dnf MFP - - = ----- - -* start USB packet capture: - ----- -$ sudo tcpdump -i usbmonN -s0 -w usb.pcap ----- - -where N is the bus number. - -For network printers you may have different protocols you can try. - -* *socket* is for HP JetDirect (usually port 9100) -* *lpd* is for older style UNIX print shares -* *smb* is for CIFS shares from Windows systems -* *ipp* is for Internet Printing Protocol-enabled devices and also for other CUPS servers --- You can capture the IPP traffic with [command]`tcpdump` like this (the interface name may differ from *p4p1*): - ----- - tcpdump -n -i p4p1 -U -s0 -w ipp.pcap port ipp ----- - -* *bjnp* is for Canon's proprietary bjnp network protocol (usually port 8611) - -=== Configuration tool - -If your problem relates to configuring print queues, try using one of the other methods of doing so. There are four available: - -* The GNOME 3 System Settings application (*control-center*), _System Settings_ > _Printers_ from the GNOME Shell -* [command]`system-config-printer`, _System_ > _Administration_ > _Printing_ from the GNOME menu -* the CUPS web interface, http://localhost:631/ -* the command line tools [command]`lpadmin`, [command]`lpoptions`, [command]`cupsctl`, [command]`cupsaccept`, [command]`cupsenable` etc. diff --git a/modules/ROOT/pages/_partials/2delete-proc_disabling-gnome-screenlock.adoc b/modules/ROOT/pages/_partials/2delete-proc_disabling-gnome-screenlock.adoc deleted file mode 100644 index 725ec0d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_disabling-gnome-screenlock.adoc +++ /dev/null @@ -1,24 +0,0 @@ -= Disabling the GNOME Automatic Screen Lock - -In the interest of safety and privacy, the GNOME automatic screen lock is enabled by default. - -When the screen locks after a period of inactivity, you must enter your password to unlock the screen. - -You can disable this feature at any time. - -To disable the GNOME automatic screen lock, complete the following steps. - -For Fedora 31 (GNOME 3.34): - -. On the desktop, navigate to the upper-right corner of the screen, click the arrow icon to expand the desktop options and then click the *Settings* icon. -. From the the *Settings* menu, select *Privacy*. -. On the *Privacy* page, select *Screen Lock*, and toggle the *Automatic Screen Lock* switch from *On* to *Off*. -. Close the window and verify that in the *Privacy* page, the *Screen Lock* is *Off*. - -For Fedora 32 (GNOME 3.36): - -. On the desktop, navigate to the upper-right corner of the screen, click the arrow icon to expand the desktop options and then click *Settings*. -. From the *Settings* menu, select *Privacy*, and then select *Screen Lock*. -. On the *Screen Lock* page, toggle the *Automatic Screen Lock* switch from *On* to *Off* - -To enable the automatic screen lock, repeat this process and toggle the switch from *Off* to *On*. diff --git a/modules/ROOT/pages/_partials/2delete-proc_disabling-repositories.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_disabling-repositories.adoc.delete.adoc deleted file mode 100644 index 52e7769..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_disabling-repositories.adoc.delete.adoc +++ /dev/null @@ -1,17 +0,0 @@ -[id='disabling-repositories'] -= Disabling repositories - -This section shows how to disable a particular software repository by using the `dnf config-manager` command. - -* To disable a particular repository, run the following command as `*root*`. -+ -[literal,subs="+quotes,attributes"] ----- -dnf config-manager --set-disabled *_repository_* ----- -+ -Where *_repository_* is the unique repository ID, for example: -+ ----- -dnf config-manager --set-disabled fedora-extras ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_disabling-selinux.adoc b/modules/ROOT/pages/_partials/2delete-proc_disabling-selinux.adoc deleted file mode 100644 index 6fb62c9..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_disabling-selinux.adoc +++ /dev/null @@ -1,70 +0,0 @@ -// Module included in the following assemblies: -// -// changing-selinux-states-and-modes.adoc - -[#{context}-disabling-selinux] -= Disabling SELinux - -Use the following procedure to permanently disable SELinux. - -[IMPORTANT] -==== -When SELinux is disabled, SELinux policy is not loaded at all; it is not enforced and AVC messages are not logged. Therefore, all benefits of running SELinux listed in xref:{context}-benefits-of-selinux[Benefits of SELinux] are lost. - -It is recommended to use permissive mode instead of permanently disabling SELinux. See xref:{context}-changing-to-permissive-mode[] for more information about permissive mode. -==== - -[Warning] -==== -Disabling SELinux using the SELINUX=disabled option in the /etc/selinux/config results in a process in which the kernel boots with SELinux enabled and switches to disabled mode later in the boot process. Because memory leaks and race conditions causing kernel panics can occur, prefer disabling SELinux by adding the selinux=0 parameter to the kernel command line as described in Changing SELinux modes at boot time if your scenario really requires to completely disable SELinux. -==== - -.Prerequisites - -* The [package]`grubby` package is installed: -+ -[subs="quotes"] ----- -$ *rpm -q grubby* -grubby-_version_ ----- - -.Procedure - -. Open the `/etc/selinux/config` file in a text editor of your choice, for example: -+ -[subs="quotes"] ----- -# vi /etc/selinux/config ----- - -. Configure the SELINUX=disabled option: -+ -[subs="quotes"] ----- -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=disabled -# SELINUXTYPE= can take one of these two values: -# targeted - Targeted processes are protected, -# mls - Multi Level Security protection. -SELINUXTYPE=targeted ----- - -. Save the change, and restart your system: ----- -# reboot ----- - -.Verification - -* After reboot, confirm that the [command]`getenforce` command returns `Disabled`: -+ -[subs="quotes"] ----- -$ *getenforce* -Disabled ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_disabling-shortcut-custom-app-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_disabling-shortcut-custom-app-gnome.adoc deleted file mode 100644 index 3874f61..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_disabling-shortcut-custom-app-gnome.adoc +++ /dev/null @@ -1,36 +0,0 @@ -[id='disabling-shortcut-custom-app-gnome'] -= Disabling keyboard shortcuts for custom applications in GNOME - -This section describes how to disable a keyboard shortcut for starting a custom application in GNOME. - -[discrete] -== Procedure - -. Open *Settings* and choose the *Devices* entry from the list: -+ -image::shortcuts-settings-devices.png[] -+ -NOTE: Earlier Fedora versions might not need this step. - -. Choose the *Keyboard Shortcuts* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: -+ -image::shortcuts-keyboard-scroll.png[] - -. Scroll down in the list of shortcuts and applications until you locate the application that you want to disable: -+ -image::shortcuts-added.png[] - -. Click on the entry. -+ -A window for editing the shortcut appears: -+ -image::shortcuts-edit.png[] - -. Click the small *x* button to the right of the displayed shortcut. -+ -The keyboard shortcut is removed from this shortcut and the shortcut list now displays _Disabled_ instead of the key combination: -+ -image::shortcuts-disabled.png[] - -. Close the shortcut editing window. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_discovering-the-firmware-type.adoc b/modules/ROOT/pages/_partials/2delete-proc_discovering-the-firmware-type.adoc deleted file mode 100644 index ab8277c..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_discovering-the-firmware-type.adoc +++ /dev/null @@ -1,11 +0,0 @@ -[[discovering-the-firmware-type]] -= Discovering the firmware type - -To discover what firmware your machine uses, run the following command: - -[source,bash] ----- -$ [ -d /sys/firmware/efi ] && echo UEFI || echo BIOS ----- - -The output returns only UEFI or BIOS, depending on the firmware your machine runs. diff --git a/modules/ROOT/pages/_partials/2delete-proc_displaying-current-hostname.adoc b/modules/ROOT/pages/_partials/2delete-proc_displaying-current-hostname.adoc deleted file mode 100644 index 3d5e931..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_displaying-current-hostname.adoc +++ /dev/null @@ -1,34 +0,0 @@ -// Module included in the following assemblies: -// -// changing-hostname.adoc - -[id='displaying-current-hostname'] - -== Displaying your current hostname - -For Fedora Workstation, using the default GNOME desktop, open the Settings application and choose About. - -image::displaying-current-hostname-1.png[GNOME Settings - About] - -To see the hostname from the command line, use the command `hostnamectl` with no options. The example output below shows the static and transient hostnames. Your output may be slightly different depending on which hostname types have been set. - -.... - Static hostname: localhost.localdomain -Transient hostname: fedora - Icon name: computer-laptop - Chassis: laptop - Machine ID: 15fc9e69d007013025f31bc5272c4ed1 - Boot ID: 41ac938872bae052294bcb277241ac93 - Operating System: Fedora 33 (Workstation Edition) - CPE OS Name: cpe:/o:fedoraproject:fedora:33 - Kernel: Linux 5.10.10-200.fc33.x86_64 - Architecture: x86-64 -.... - -To see the current static, transient or pretty hostname, you can use the `hostnamectl` command with options, such as: - -.... -hostnamectl --static -hostnamectl --transient -hostnamectl --pretty -.... diff --git a/modules/ROOT/pages/_partials/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc deleted file mode 100644 index 49fe560..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc +++ /dev/null @@ -1,70 +0,0 @@ -[id=displaying-user-prompt-instead-of-list-of-users-on-GNOME-login-screen] -= Displaying a user prompt instead of a list of users on the GNOME login screen - -To show a user prompt on the GNOME login screen, open a terminal and perform the following steps: - -. Create a file for the GNOME Display Manager (GDM) configuration. -+ ----- -$ sudo mkdir /etc/dconf/db/gdm.d ----- -+ ----- -$ sudo vim /etc/dconf/db/gdm.d/01-hide-users ----- - -. In a text editor of your choice, `vim` in this example, insert the following content to the `/etc/dconf/db/gdm.d/01-hide-users` file: -+ ----- -[org/gnome/login-screen] -banner-message-enable=true -banner-message-text='ENTER ANY MESSAGE YOU WANT HERE. FOR A NEW LINE USE \n.' -disable-restart-buttons=true -disable-user-list=true ----- -+ -[NOTE] --- -To not display the banner message, do not include the first and second line. To enable the `Restart` button, do not include the fourth line. --- -+ -Save the file and return to the terminal. - -. Create another file for GDM configuration. -+ ----- -$ sudo vim /etc/dconf/profile/gdm ----- -+ -Insert the following content in the `/etc/dconf/profile/gdm` file: -+ ----- -user-db:user -system-db:gdm ----- -+ -Save the file. - -. Enter the following command: -+ ----- -$ sudo dconf update ----- - -. Check if the command was executed correctly: -+ ----- -$ ls /etc/dconf/db ----- -+ -The output should contain the following: -+ ----- -gdm gdm.d ... [output truncated] ----- - -. Restart GDM for the changes to take effect. -+ ----- -$ sudo systemctl restart gdm ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_downloading-fedora.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_downloading-fedora.adoc.delete.adoc deleted file mode 100644 index 71c72a4..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_downloading-fedora.adoc.delete.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[id='downloading-fedora'] -= Downloading Fedora -include::{partialsdir}/attributes.adoc[] - -You can download Fedora from https://getfedora.org/. - -There are multiple desktops available for use with Fedora. Each has a slightly different look and feel and offers varying levels of customization. You can use the link:https://getfedora.org/en/workstation/[Fedora Workstation] image, which comes with the GNOME desktop by default, and then change your environment afterwards by installing additional packages, or you can download a spin image which will give you a different environment out of the box. Visit link:https://spins.fedoraproject.org/[Fedora Spins] for more information. - -You can also take advantage of Fedora Labs. Fedora Labs is a selection of curated bundles of purpose-driven software and content as curated and maintained by members of the Fedora Community. These may be installed as standalone full versions of Fedora or as add-ons to existing Fedora installations. Visit link:https://labs.fedoraproject.org/[Fedora Labs] for details. - -[NOTE] -==== -Please refer to xref:f{MAJOROSVER}@fedora:install-guide:index.adoc[Fedora Installation Guide] for getting help on the process of installing Fedora. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-hardware-virtualization-support.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-hardware-virtualization-support.adoc deleted file mode 100644 index c72a417..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-hardware-virtualization-support.adoc +++ /dev/null @@ -1,22 +0,0 @@ -[[enabling-hardware-virtualization-support]] -= Enabling hardware virtualization support - -This section covers setting up `libvirt` on your system. After setting up `libvirt`, you can create virtualized guest operating systems, also known as virtual machines. - - -[[system-requirements]] -== System requirements - -To run virtualization on Fedora, you need: - -* At least 600MB of hard disk storage per guest. A minimal command-line Fedora system requires 600MB of storage. Standard Fedora desktop guests require at least 3GB of space. - -* At least 256MB of RAM per guest, plus 256MB for the base operating system. At least 756MB is recommended for each guest of a modern operating system. A good way to estimate this is to think about how much memory is required for the operating system normally, and allocate that amount to the virtualized guest. - -KVM requires a CPU with virtualization extensions, found on most consumer CPUs. These extensions are called Intel VT or AMD-V. To check whether you have CPU support, run the following command: - ----- -$ egrep '^flags.*(vmx|svm)' /proc/cpuinfo ----- - -If this command results in nothing printed, your system does not support the relevant virtualization extensions. You can still use QEMU/KVM, but the emulator will fall back to software virtualization, which is much slower. diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-repositories.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-repositories.adoc.delete.adoc deleted file mode 100644 index cbfec9a..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-repositories.adoc.delete.adoc +++ /dev/null @@ -1,17 +0,0 @@ -[id='enabling-repositories'] -= Enabling repositories - -This section shows how to enable a particular software repository by using the `dnf config-manager` command. - -* To enable a particular repository, run the following command as `*root*`. -+ -[literal,subs="+quotes,attributes"] ----- -dnf config-manager --set-enabled *_repository_* ----- -+ -Where *_repository_* is the unique repository ID, for example: -+ ----- -dnf config-manager --set-enabled fedora-extras ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-selinux.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-selinux.adoc deleted file mode 100644 index 892b9a4..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-selinux.adoc +++ /dev/null @@ -1,72 +0,0 @@ -// Module included in the following assemblies: -// -// changing-selinux-states-and-modes.adoc - -[#{context}-enabling-selinux] -= Enabling SELinux - -When enabled, SELinux can run in one of two modes: enforcing or permissive. The following sections show how to permanently change into these modes. - -While enabling SELinux on systems that previously had it disabled, to avoid problems, such as systems unable to boot or process failures, follow this procedure. - -.Prerequisites - -* The [package]`selinux-policy-targeted`, [package]`selinux-policy`, [package]`libselinux-utils`, and [package]`grubby` packages are installed. To check that a particular package is installed: -+ -[subs="quotes"] ----- -$ *rpm -q _package_name_* ----- - -.Procedure - -. If your system has SELinux disabled at the kernel level (this is the recommended way, see xref:{context}-disabling-selinux[]), change this first. Check if you have the `selinux=0` option in your kernel command line: -+ -[subs="quotes"] ----- -$ *cat /proc/cmdline* -BOOT_IMAGE=... ... selinux=0 ----- - -.. Remove the `selinux=0` option from the bootloader configuration using [command]`grubby`: -+ -[subs="quotes"] ----- -$ *sudo grubby --update-kernel ALL --remove-args selinux* ----- - -.. The change applies after you restart the system in one of the following steps. - -. Ensure the file system is relabeled on the next boot: -+ -[subs="quotes"] ----- -$ *sudo fixfiles onboot* ----- - -. Enable SELinux in permissive mode. For more information, see xref:{context}-changing-to-permissive-mode[]. - -. Restart your system: -+ -[subs="quotes"] ----- -$ *reboot* ----- - -. Check for SELinux denial messages. -+ -[subs="quotes"] ----- -$ *sudo ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent* ----- - -. If there are no denials, switch to enforcing mode. For more information, see xref:{context}-changing-to-enforcing-mode[]. - -To run custom applications with SELinux in enforcing mode, choose one of the following scenarios: - -* Run your application in the `unconfined_service_t` domain. -// See <> for more information. - -* Write a new policy for your application. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux[Writing a custom SELinux policy] chapter in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/index[RHEL 8 Using SELinux] document for more information. - -// Temporary changes in modes are covered in <<{context}-selinux-states-and-modes>>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-serial-console-grub.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-serial-console-grub.adoc deleted file mode 100644 index 521708e..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-serial-console-grub.adoc +++ /dev/null @@ -1,18 +0,0 @@ -[[enabling-serial-console-grub]] -= Enabling Serial Console in GRUB2 - -To enable Serial console in grub: - -.Procedure - -. Edit the `/etc/default/grub` file. - -. Adjust `baudrate`, `parity`, `bits`, and `flow` controls to fit your environment and cables, see the example. -+ ----- -GRUB_CMDLINE_LINUX='console=tty0 console=ttyS0,115200n8' -GRUB_TERMINAL=serial -GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" ----- - -. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-shortcut-custom-app-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-shortcut-custom-app-gnome.adoc deleted file mode 100644 index 701f2a5..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-shortcut-custom-app-gnome.adoc +++ /dev/null @@ -1,39 +0,0 @@ -[id='enabling-shortcut-custom-app-gnome'] -= Enabling keyboard shortcuts for custom applications in GNOME - -This section describes how to enable a keyboard shortcut for starting a custom application in GNOME. - -. Open *Settings* and choose the *Devices* entry from the list: -+ -image::shortcuts-settings-devices.png[] -+ -NOTE: Earlier Fedora versions might not need this step. - -. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: -+ -image::shortcuts-keyboard-scroll.png[] - -. Scroll down in the list of shortcuts and applications until you locate the application that you want to enable: -+ -image::shortcuts-list-disabled.png[] - -. Click on the entry. -+ -A window for editing the shortcut appears: -+ -image::shortcuts-disabled.png[] - -. Click the *Set shortcut...* button. -+ -A window for entering the keyboard shortcut appears: -+ -image::shortcuts-enabling-entering.png[] - -. Press the key combination that should become the shortcut for starting the application. -+ -As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut: -+ -image::shortcuts-enabling-entered.png[] - -. Close the shortcut editing window. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc deleted file mode 100644 index 1729684..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc +++ /dev/null @@ -1,19 +0,0 @@ -[id="proc_enabling-the-rpmfusion-repositories-appstream-data_{context}"] -= Enabling Appstream data from the RPM Fusion repositories - -This procedure describes how to install the Appstream data provided by the RPM Fusion software repositories. - -[discrete] -== Prerequisites - -* You have internet access. -* You are using the Gnome desktop environment. -* You have the RPMFusion repositories installed - -[discrete] -== Procedure - -[subs=+quotes] ----- -$ sudo dnf group update core ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc deleted file mode 100644 index e326f39..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc +++ /dev/null @@ -1,65 +0,0 @@ -// Module included in the following assemblies: -// -// - -// This module can be included from assemblies using the following include statement: -// include::modules/proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc[leveloffset=+1] - -// The file name and the ID are based on the module title. For example: -// * file name: proc_doing-procedure-a.adoc -// * ID: [id='proc_doing-procedure-a_{context}'] -// * Title: = Doing procedure A -// -// The ID is used as an anchor for linking to the module. Avoid changing -// it after the module has been published to ensure existing links are not -// broken. -// -// The `context` attribute enables module reuse. Every module's ID includes -// {context}, which ensures that the module has a unique ID even if it is -// reused multiple times in a guide. -// -// Start the title with a verb, such as Creating or Create. See also -// _Wording of headings_ in _The IBM Style Guide_. -[id="proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems_{context}"] -= Enabling the RPM Fusion repositories for ostree-based systems - -This procedure describes how to enable the RPM Fusion software repositories for systems based on ostree (i.e. Silverblue, Kinoite, Fedora IoT). - -This is a two-stage process where you have to install versioned RPM Fusion repos and then you are able to replace them with unversioned RPM Fusion repos. - -[NOTE] -==== -For more information about this process and the problem it solves, please refer to the relevant https://discussion.fedoraproject.org/t/simplifying-updates-for-rpm-fusion-packages-and-other-packages-shipping-their-own-rpm-repos/30364[thread on the Fedora Discourse site]. -==== - -[discrete] -== Prerequisites - -* You are using an ostree-based system such as Silverblue, Kinoite, or Fedora IoT. -* You have internet access. - -[discrete] -== Procedure - -. To install the versioned _Free_ and _Nonfree_ RPM Fusion repos: -+ -[subs=+quotes] ----- -$ sudo rpm-ostree install \ - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -$ reboot ----- - -. To replace the versioned RPM Fusion repos that were previously installed with the unversioned repos: -+ -[subs=+quotes] ----- -$ sudo rpm-ostree update \ - --uninstall rpmfusion-free-release \ - --uninstall rpmfusion-nonfree-release \ - --install rpmfusion-free-release \ - --install rpmfusion-nonfree-release -$ reboot ----- - diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc deleted file mode 100644 index c26933f..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc +++ /dev/null @@ -1,53 +0,0 @@ -// Module included in the following assemblies: -// -// - -// This module can be included from assemblies using the following include statement: -// include::modules/proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc[leveloffset=+1] - -// The file name and the ID are based on the module title. For example: -// * file name: proc_doing-procedure-a.adoc -// * ID: [id='proc_doing-procedure-a_{context}'] -// * Title: = Doing procedure A -// -// The ID is used as an anchor for linking to the module. Avoid changing -// it after the module has been published to ensure existing links are not -// broken. -// -// The `context` attribute enables module reuse. Every module's ID includes -// {context}, which ensures that the module has a unique ID even if it is -// reused multiple times in a guide. -// -// Start the title with a verb, such as Creating or Create. See also -// _Wording of headings_ in _The IBM Style Guide_. -[id="proc_enabling-the-rpmfusion-repositories-using-command-line-utilities_{context}"] -= Enabling the RPM Fusion repositories using command-line utilities - -This procedure describes how to enable the RPM Fusion software repositories without using any graphical applications. - -[discrete] -== Prerequisites - -* You have internet access. - -[discrete] -== Procedure - -. To enable the _Free_ repository, use: -+ -[subs=+quotes] ----- -$ sudo dnf install \ - https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm ----- - -. Optionally, enable the _Nonfree_ repository: -+ -[subs=+quotes] ----- -$ sudo dnf install \ - https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm ----- - -. The first time you attempt to install packages from these repositories, the `dnf` utility prompts you to confirm the signature of the repositories. Confirm it. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc deleted file mode 100644 index 93eeae5..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc +++ /dev/null @@ -1,47 +0,0 @@ -// Module included in the following assemblies: -// -// - -// This module can be included from assemblies using the following include statement: -// include::modules/proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc[leveloffset=+1] - -// The file name and the ID are based on the module title. For example: -// * file name: proc_doing-procedure-a.adoc -// * ID: [id='proc_doing-procedure-a_{context}'] -// * Title: = Doing procedure A -// -// The ID is used as an anchor for linking to the module. Avoid changing -// it after the module has been published to ensure existing links are not -// broken. -// -// The `context` attribute enables module reuse. Every module's ID includes -// {context}, which ensures that the module has a unique ID even if it is -// reused multiple times in a guide. -// -// Start the title with a verb, such as Creating or Create. See also -// _Wording of headings_ in _The IBM Style Guide_. -[id="proc_enabling-the-rpmfusion-repositories-using-graphical-applications_{context}"] -= Enabling the RPM Fusion repositories using graphical applications - -This procedure describes how to enable the RPM Fusion software repositories without using any command-line utilities. - -[discrete] -== Prerequisites - -* You have internet access. -* You are using the Gnome desktop environment. - -[discrete] -== Procedure - -. In your web browser, open the following page: link:https://rpmfusion.org/Configuration[]. - -. To enable the _Free_ repository, click the *RPM Fusion free for Fedora _version_* link on the page, where _version_ is the Fedora release you are using. This prompts you to save or open the repo file. - -. Open the file using the *Software Install* application. - -. The *Software* application opens. Click the blue *Install* button. - -. Optionally, enable the _Nonfree_ repository: click the *RPM Fusion nonfree for Fedora _version_* link on the page, where _version_ is the Fedora release you are using. - -. Save and install the file with the *Software* application again. diff --git a/modules/ROOT/pages/_partials/2delete-proc_enabling_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_enabling_firewalld.adoc deleted file mode 100644 index 1f8c56a..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_enabling_firewalld.adoc +++ /dev/null @@ -1,81 +0,0 @@ -// Module included in the following assemblies: -// -// - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='doing-one-procedure_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Doing one procedure -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -This paragraph is the procedure module introduction: a short description of the procedure. - -.Prerequisites - -* A bulleted list of conditions that must be satisfied before the user starts following this assembly. -* You can also link to other modules or assemblies the user must follow before starting this assembly. -* Delete the section title and bullets if the assembly has no prerequisites. - -.Procedure - -. Start each step with an active verb. - -. Include one command or action per step. - -. Use an unnumbered bullet (*) if the procedure includes only one step. - -.Additional resources - -* A bulleted list of links to other material closely related to the contents of the procedure module. -* For more details on writing procedure modules, see the link:https://github.com/redhat-documentation/modular-docs#modular-documentation-reference-guide[Modular Documentation Reference Guide]. -* Use a consistent system for file names, IDs, and titles. For tips, see _Anchor Names and File Names_ in link:https://github.com/redhat-documentation/modular-docs#modular-documentation-reference-guide[Modular Documentation Reference Guide]. - - -== Do I have FirewallD on my system? - -FirewallD is the default firewall service for current releases of Fedora and is enabled by default. -If you are not sure whether FirewallD is on your Fedora installation use the following commands to check. - - -. Check if your system has FirewallD enabled. - Enter the folowing on the command line: - -[source,bash] - ----- - -sudo firewall-cmd --state - ----- - -You will see `running` if FirewallD is on your system. - -If you see `not running`, then FirewallD is not on your system. Use these commands to install it: - - -. Install FirewallD: - -[source,bash] - ----- - -sudo dnf install firewalld - ----- - -. Install the FirewallD graphical-user-interface application and open it from the command-line, type: - -[source,bash] - ----- - -sudo dnf install firewall-config - -sudo firewall-config - ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-cli.adoc b/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-cli.adoc deleted file mode 100644 index bd9dd51..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-cli.adoc +++ /dev/null @@ -1,19 +0,0 @@ -[[exporting-gpg-keys-cli]] -= Exporting a GPG Key Using the Command Line - -Use the following command to send your key to a public keyserver: - ----- -gpg --send-key KEYNAME ----- - -For `KEYNAME`, substitute the key ID or fingerprint of your primary keypair. -This will send your key to the gnupg default key server. If you prefer another one use: - ----- -gpg --keyserver hkp://pgp.mit.edu --send-key KEYNAME ----- - -Replacing `pgp.mit.edu` with your server of choice. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-gnome.adoc deleted file mode 100644 index 0422f28..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-gnome.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[[exporting-gpg-keys-gnome]] -= Exporting a GPG Key Using the GNOME Desktop - -. Click the menu:Menu Button[Sync and Publish Keys...] - -. Click btn:[Key Servers]. - -. Select _ldap://keyserver.pgp.com_ in the _Publish Keys To_ combobox. - -. Click btn:[Close]. - -. Click btn:[Sync]. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-kde.adoc b/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-kde.adoc deleted file mode 100644 index a78e9fd..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_exporting-gpg-keys-kde.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[[exporting-gpg-keys-kde]] -= Exporting a GPG Key Using the KDE Desktop - -After your key has been generated, you can export the key to a public keyserver - -. Right-click on the key in the main window. - -. Select _Export Public Keys._ - -. From there you can export your public key to the clipboard, an ASCII file, to an email, or directly to a key server. - -. Export your public key to the default key server. - -Now see <>. diff --git a/modules/ROOT/pages/_partials/2delete-proc_expose-outside-mysql.adoc b/modules/ROOT/pages/_partials/2delete-proc_expose-outside-mysql.adoc deleted file mode 100644 index 7ad3c36..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_expose-outside-mysql.adoc +++ /dev/null @@ -1,79 +0,0 @@ -= How To Allow Remote Access MySQL/MariaDB/MYSQL Community - -== Add New Rule to Firewalld - -Open SQL port (3306) on FireWalld: - ----- -sudo firewall-cmd --permanent --zone=public --add-service=mysql ----- - -## OR ## - ----- -sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp ----- - -== Restart firewalld.service - ----- -systemctl restart firewalld.service ----- - -== Editing Conf. Files: - -Configuration files: - -* MySQL -> `/etc/my.cnf/` -* MySQL Community -> `/etc/my.cnf.d/community-mysql-server.cnf` -* MariaDB -> `/etc/my.conf` - -NOTE: you can ensure that with the following command `rpm -qc [package]`. - -Navigate to the line that begins with the bind-address directive. It will look like this: -you could set this directive to a wildcard IP address, either *, ::, or 0.0.0.0: - ----- -bind-address = 0.0.0.0 ----- - -After changing this line, save and close the file and then restart the MySQL service: - ----- -sudo systemctl restart {mysqld|mariadb} ----- - -== Creating a USER - ----- -CREATE USER 'your_username'@'host_ip_addr' IDENTIFIED BY 'your_password'; ----- - -NOTE: Replace your_username and your_password depending on what you want the username and password to be. Here, host_ip_addr is the hostname or IP address of the computer from where you want to connect to the MySQL/MariaDB server. You can also use % as host_ip_addr if you want to connect from any computer. It can also be something like 192.168.2.% if you want to connect from computers from the IP range 192.168.2.1 – 192.168.2.254. - -== Allow Access - ----- -GRANT ALL PRIVILEGES ON *.* TO 'your_username'@'%'; - IDENTIFIED BY 'my-new-password' WITH GRANT OPTION; ----- - -#OR - -It is common for people to want to create a "root" user that can connect from anywhere, so as an example, we'll do just that, but to improve on it we'll create -a root user that can connect from anywhere on the local area network (LAN) - ----- -GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%' - IDENTIFIED BY 'my-new-password' WITH GRANT OPTION; ----- - ----- -FLUSH PRIVILEGES; ----- - -== Connecting - ----- -mysql -u [USER] -h [IP] -p ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_install-predefined-systems.adoc b/modules/ROOT/pages/_partials/2delete-proc_install-predefined-systems.adoc deleted file mode 100644 index 5b3befa..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_install-predefined-systems.adoc +++ /dev/null @@ -1,40 +0,0 @@ -// Module included in the following assemblies: -// -// installing-virtual-systems-with-gnome-boxes.adoc - -[#{context}-installing-virtual-os-predefined] -= Installing a virtual operating system from the list of predefined systems - -To install a virtual operating system: - -. Run *GNOME Boxes* using the *Super* key and type `Boxes`. In GNOME Boxes, click the *+* button and then *Create a Virtual Machine*. -+ -image::Boxes_new_machine.png[New machine] - -. Download an operating system. -+ -image::Download_os.png[Download your system] - -+ -Choose one of the predefined systems from the list. -+ -image::Select_virtual_machine.png[Select machine] -Alternatively, download an ISO image from the relevant website and select the file as shown in the screen below: -+ -image::Select_from_file.png[Select from file] -+ -. Review your installation. -+ -image::Installation_review.png[Installation review] -+ -To modify resources of the installed virtual operating system, such as RAM or disk size, click the *Customize* button. -+ -image::Customize_resources.png[Customize resources] -+ -. To start the installation of the virtual operating system, click the *Create* button. -+ -The actual installation process may differ based on the selected operating system. -+ -Installed systems are available to run in the main menu of *GNOME Boxes*. -+ -image::Select_from_boxes_menu.png[Select operating system] diff --git a/modules/ROOT/pages/_partials/2delete-proc_install_firewalld_gui.adoc b/modules/ROOT/pages/_partials/2delete-proc_install_firewalld_gui.adoc deleted file mode 100644 index 97f93f6..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_install_firewalld_gui.adoc +++ /dev/null @@ -1,18 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - - -[id=installing-firewalld-gui-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Installing the [application]*firewall-config* GUI configuration tool - -To use the [application]*firewall-config* GUI configuration tool, install the [package]*firewall-config* package as `root`: - ----- -$ sudo dnf install firewall-config ----- - -Alternatively, in [application]*GNOME*, use the kbd:[Super] key and type `Software` to launch the [application]*Software Sources* application. Type `firewall` to the search box, which appears after selecting the search button in the top-right corner. Select the `Firewall` item from the search results, and click on the btn:[Install] button. - -To run [application]*firewall-config*, use either the [command]`firewall-config` command or press the kbd:[Super] key to enter the `Activities Overview`, type `firewall`, and press kbd:[Enter]. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-chromium-web-browser.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-chromium-web-browser.adoc deleted file mode 100644 index a2c18f5..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-chromium-web-browser.adoc +++ /dev/null @@ -1,95 +0,0 @@ -[id='installing'] -= Installing the browsers - -Both Chromium and Google Chrome can be installed on Fedora. - - -[id='installing-chromium'] -== Installing Chromium - -Chromium can be installed using the Software application and via command line. - -=== Installing Chromium using Software (GUI) - -. Click on Software tool in Fedora. - -. Search for Chromium Web Browser. - -. Click on Install. - -=== Installing Chromium using Terminal - -. To install Chromium Web Browser, use the command: -+ ----- -# dnf install chromium ----- -+ -. To upgrade Chromium, use the command: -+ ----- -# dnf upgrade chromium ----- - -[TIP] -==== -If you require support for non-free multimedia formats like H.264 or AAC, or the ability to play DRM-protected media such as Netflix, Spotify, etc. it may be preferable to install the *chromium-freeworld* package from the https://docs.fedoraproject.org/en-US/quick-docs/setup_rpmfusion/[RPM Fusion] repositories, as the necessary plug-ins are already built-in. -==== - -[id='installing-chrome'] -== Installing Chrome - -Chrome can be installed using Software or a terminal, once the repository is enabled. - -=== Installing Chrome using Software (GUI) - -. Open the *Software* application. - -. Click on the menu at the top right and select *Software Repositories*. - -. Make sure Third Party Repositories is enabled. If the button label is *Install*, then click that button to install the third party repositiories. If the button reads *Remove All* then the third party repositories are already installed. -+ -image:installing-chromium-or-google-chrome-browsers-0.png[] -+ -. Scroll down to find the repository called *google-chrome*. Click on it and choose *Enable*. -+ -image:installing-chromium-or-google-chrome-browsers-1.png[] - -You can now search for *Google Chrome* in Software, and install it. - -=== Installing Chrome using Terminal - -The additional repositories can also be managed using a terminal and DNF. - -. Install Third Party Repositories -+ ----- -$ sudo dnf install fedora-workstation-repositories ----- -+ -. Enable the Google Chrome repo: -+ ----- -$ sudo dnf config-manager --set-enabled google-chrome ----- -+ -. Finally, install Chrome: -+ ----- -$ sudo dnf install google-chrome-stable ----- - -[NOTE] -==== -If you want to install the Chrome Dev Channel version, use the following command: - ----- -$ sudo dnf install google-chrome-unstable ----- - -If you want to install Chrome Beta use the following: - ----- -$ sudo dnf install google-chrome-beta ----- -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc deleted file mode 100644 index 0ab47f2..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc +++ /dev/null @@ -1,91 +0,0 @@ - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='installing-fedora-on-a-raspberry-pi-for-linux-users_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Installing Fedora on a Raspberry Pi for Linux users -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -This procedure shows Linux users how to add Fedora ARM to a microSD for use with a Raspberry Pi. - -._Prerequisites_ - -* A supported Raspberry Pi -* A microSD Card (16 GB or larger). -* A computer running Linux. -* Root user access (via `su` or `sudo`). -* SD card reader. -* A Fedora ARM aarch64 Workstation or server image from: link:https://fedoraproject.org/[]. - -._Procedure_ - -. Download a Fedora ARM image from the link:https://fedoraproject.org/[Fedora website]. -+ -. Run the following command to extract the `.raw` image and write the image to your microSD card: -+ -[NOTE] -The location of your microSD card will be /dev/sdX or /dev/mmcblkX depending on your computer hardware. -+ -[subs="quotes"] ----- -$ xzcat *Fedora-IMAGE-NAME.raw.xz* | sudo dd status=progress bs=4M of=*/dev/XXX* ----- -+ -. To resize the main partition, run `parted` and select the device. -+ ----- -(parted) select /dev/sdX ----- -+ -. Inspect the amount of unallocated space at the end and resize the root partition. -+ ----- -(parted) print free -(parted) resizepart ----- -+ -. Resize the LVM physical volume so it takes up all the available space. For this to work you must deactivate any logical volumes within. -+ ----- -# pvresize /dev/sdaX ----- -+ -. Then extend the logical volume that corresponds to the root directory (`/dev/fedora_fedora/root` in this example). -+ ----- -# lvextend -l +100%FREE /dev/fedora_fedora/root ----- -+ -. Finally, resize the XFS filesystem in the logical volume (`/dev/mapper/fedora_fedora-root` in this example). -+ ----- -# xfs_growfs -d /dev/mapper/fedora_fedora-root ----- -+ -. Alternatively, you can use gparted to resize the Root Partition on the microSD: -+ ----- -$ gparted /dev/XXX ----- -+ -For information on using gparted resize a partition, see: https://gparted.org/display-doc.php?name=help-manual#gparted-resize-partition[GNOME Partition Editor: GParted Manual - Resizing a Partition]. -+ -[NOTE] -The root partition is shrunk to the smallest size possible to ensure a small download. -You currently need to resize it manually. -Ideally we would like this to happen automatically (great community project idea!). - -Your microSD card is ready to be used with your Raspberry Pi. - -ifeval::["{context}" == "rpi"] -.Next Steps - -For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. -endif::[] - -.Additional Resources - -* For information on using `gparted`, see: link:https://gparted.org/display-doc.php?name=help-manual[GNOME Partition Editor: GParted Manual]. -* For assistance or support, see: -** link:https://ask.fedoraproject.org/[Ask Fedora] -** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] -** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc deleted file mode 100644 index 21d30e3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc +++ /dev/null @@ -1,50 +0,0 @@ -== Installing Fedora on a Raspberry Pi for macOS users -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -include::{partialsdir}/attributes.adoc[] - -This procedure shows macOS users how to add Fedora ARM to a microSD for use with a Raspberry Pi. - -._Prerequisites_ - -* A supported Raspberry Pi -* A microSD Card (16 GB or larger). -* A computer running macOS. -* SD card reader. -* A Fedora ARM image from: link:https://arm.fedoraproject.org/[]. -* File-decompression software (such as link:https://theunarchiver.com/[The Unarchiver desktop application] or link:https://theunarchiver.com/command-line[The Unarchiver command-line tools]). - -._Procedure_ - -. Download a Fedora ARM image from the link:https://arm.fedoraproject.org/[Fedora ARM website]. -+ -. Extract the `.raw` file from the Fedora ARM image using file-decompression software (such as link:https://theunarchiver.com/[The Unarchiver]) -+ -For example: -+ -[source,shell,subs="attributes"] ----- -$ unar Fedora-Server-armhfp-{MAJOROSVER}-1.1-sda.raw.xz ----- - -. Follow the instructions provided by the Raspberry Pi foundation for writing an image to a microSD card from macOS: link:https://www.raspberrypi.org/documentation/installation/installing-images/mac.md[Raspberry Pi Foundation: Installing operating system images on Mac OS]. -+ -[NOTE] -==== -The `.img` and `.raw` extensions are used interchangeably for RAW file. Where the instructions indicate an input file with the `.img` extension, use the Fedora ARM image '.raw'. -==== - -Your microSD card is ready to be used with your Raspberry Pi. - -ifeval::["{context}" == "rpi"] -._Next Steps_ - -For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. -endif::[] - -._Additional Resources_ - -* For assistance or support, see: -** link:https://ask.fedoraproject.org/[Ask Fedora] -** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] -** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc deleted file mode 100644 index 856a627..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc +++ /dev/null @@ -1,75 +0,0 @@ -== Installing Fedora on a Raspberry Pi using the Fedora ARM installer -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -:experimental: -include::{partialsdir}/attributes.adoc[] - -This procedure shows Fedora users how to add Fedora ARM to a microSD for use with a Raspberry Pi using the Fedora ARM installer. - -._Prerequisites_ - -* A supported Rasbperry Pi -* A microSD Card (16 GB or larger). -* A computer running Fedora 28 or newer. -* SD card reader. -* A Fedora ARM aarch64 Workstation or server image from: link:https://fedoraproject.org/[] - -._Procedure_ - -. Download a Fedora ARM image from the link:https://fedoraproject.org/[Fedora website] -+ -. Install the `arm-image-installer`: -+ -[source,shell,subs="attributes"] ----- -$ dnf install -y arm-image-installer ----- -+ -. As the root user, write the Fedora ARM image to the microSD card: -+ -[source,shell,subs="quotes,attributes"] ----- -# arm-image-installer --image=__</path/to/fedora_image>__ --target=__<RPi_Version>__ --media=/dev/__<sd_card_device>__ --resizefs ----- -+ -Where: -+ -* The `__</path/to/fedora_image>__` has the format `Fedora-__<spin>__-armhfp-__<fedora_version>__-sda.raw.xz`. -** For example: `/home/user/Downloads/Fedora-Server-armhfp-{MAJOROSVER}-1.1-sda.raw.xz`. -* `__<RPi_Version>__` is: -** `rpi2` for a Raspberry Pi 2. -** `rpi3` for a Raspberry Pi 3. -* `/dev/__<sd_card_device>__` is the microSD card 'device' on your system, such as `/dev/sdX` or `/dev/mmcblkX`. The `lsblk` command may help you identify your micro-SD card. -+ -[NOTE] -==== -* To see usage options for the `arm-image-installer`, run: -+ -[source,shell,subs="attributes"] ----- -$ arm-image-installer --help ----- - -* For list of supported boards please check SUPPORTED-BOARDS file. -+ -[source,shell,subs="attributes"] ----- -$ cat /usr/share/doc/arm-image-installer/SUPPORTED-BOARDS ----- -==== - -Your microSD card is ready to be used with your Raspberry Pi. - -ifeval::["{context}" == "rpi"] -._Next Steps_ - -For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. -endif::[] - -._Additional Resources_ - -* For information on using the Fedora ARM Installer, see: link:https://fedoraproject.org/wiki/Architectures/ARM/Installation[Fedora Wiki: Installing Fedora on your ARM device]. -* For assistance or support, see: -** link:https://ask.fedoraproject.org/[Ask Fedora] -** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] -** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-bios-system.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-bios-system.adoc deleted file mode 100644 index b9cc4e3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-bios-system.adoc +++ /dev/null @@ -1,48 +0,0 @@ -[[installing-grub-2-on-a-bios-system]] -= Installing GRUB2 on a BIOS system - -Normally, *GRUB2* will be installed and set up by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, especially if you need to repair the existing *GRUB2* installation or you want to change its configuration. - -This procedure shows the steps to install *GRUB2* on your _Master Boot Record_ (MBR) of your primary hard disk. - -.Before you start - -* Make sure you have the the *GRUB2* packages and the _os-prober_ package installed in your system. -+ ----- -$ dnf list installed | grep grub ----- - -* To automatically collect information about your disks and operating systems installed on them, the `os-prober` package needs to be installed on your system. - -.Procedure - -. List block devices available on the system. -+ ----- -$ lsblk ----- - -. Identify the primary hard disk. Usually, it is the `sda` device. - -. Install *GRUB2* in the MBR of the primary hard disk. -+ ----- -# grub2-install /dev/sda ----- - -. Create a configuration file for *GRUB2*. -+ ----- -# grub2-mkconfig -o /boot/grub2/grub.cfg ----- - -. Reboot your computer to boot with the newly installed bootloader. - -.More information - -* The `grub2-mkconfig` command creates a new configuration based on the currently running system. It collects information from the `/boot` partition (or directory), from the `/etc/default/grub` file, and the customizable scripts in `/etc/grub.d/`. - -* The configuration format is changing with time, and a new configuration file can become slightly incompatible with the older versions of the bootloader. Always run `grub2-install` before you create the configuration file with `grub2-mkconfig`. - -* In Fedora, it is generally safe to edit `/boot/grub2/grub.cfg` manually. *Grubby* in Fedora patches the configuration when a kernel update is performed and will try to not make any other changes than what is necessary. Manual changes can be overwritten with `grub2-mkconfig` when the system gets upgraded with *Anaconda*. Customizations placed in `/etc/grub.d/40_custom` or `/boot/grub2/custom.cfg` files will survive running the `grub2-mkconfig` command. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-efi-system.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-efi-system.adoc deleted file mode 100644 index ac0afb6..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-grub2-on-efi-system.adoc +++ /dev/null @@ -1,122 +0,0 @@ -[[installing-grub-2-configuration-on-uefi-system]] -= Installing GRUB2 on a UEFI system - -Normally, *GRUB2* will be installed and set up by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, especially if you need to repair the existing *GRUB2* installation or you want to change its configuration. - -This procedure shows the steps to install *GRUB2* on a UEFI system on Fedora 18 or newer. The procedure consists of four parts. - -[[create-an-esp]] -== Creating an EFI System Partition - -The UEFI firmware requires to boot from an _EFI System Partition_ on -a disk with a GPT label. To create such a partition: - -. List available block devices to find a place to create your ESP. -+ ----- -$ lsblk ----- - -. Create at least a 128 MiB disk partition using a GPT label on the primary hard disk. -+ ----- -# gdisk /dev/sda ----- -+ -For the sake of this procedure, we assume that the created partition is recognized as `/dev/sda1`. - -. Format the partition with the _FAT32_ file system. -+ ----- -# mkfs.vfat /dev/sda1 ----- - -. Create the `/boot/efi` directory as a mount point for the new partition. -+ ----- -# mkdir /boot/efi ----- - -. Mount the partition to the `/boot/efi` mount point. -+ ----- -# mount /dev/sda1 /boot/efi ----- - -. Proceed to the next part. - - -[[install-the-bootloader-files]] -== Install the bootloader files - -In order to use *GRUB2* with on the UEFI systems, you need to install or re-install appropriate packages: - - -. Re-install the necessary packages. -+ ----- -# dnf reinstall grub2-efi grub2-efi-modules shim ----- - -. If the above command ends with an error, install the packages. -+ ----- -# dnf install grub2-efi grub2-efi-modules shim ----- - -.More information - -* This installs the signed *shim* and the *GRUB2* binary. - - -[[create-a-grub-2-configuration]] -== Create a GRUB2 configuration - - -If you already have a working *GRUB2* EFI configuration file, you do not need to do anything else. - -Otherwise, create the configuration file using the `grub2-mkconfig` command. - ----- -# grub2-mkconfig -o /boot/grub2/grub.cfg ----- - -.More information - -* Under EFI, *GRUB2* looks for its configuration in `/boot/efi/EFI/fedora/grub.cfg`, however the postinstall script of `grub2-common` installs a small shim which chains to the standard configuration at `/boot/grub2/grub.cfg` which is generated above. To reset this shim to defaults, delete the existing `/boot/efi/EFI/fedora/grub.cfg` and then `dnf reinstall grub2-common`. -* For newly installed kernels to work, `grubby` expects `/etc/grub2-efi.cfg` to be a symlink to the real `grub.cfg` (for example `/boot/grub2/grub.cfg`). - - -[[solving-problems-with-uefi-bootloader]] -== Solving problems with UEFI bootloader - -When you power on your system, your firmware will look for EFI variables that tell it how to boot. On running systems, which have booted into the EFI mode and their EFI runtime services are working correctly, you can configure your boot menu with `efibootmgr`. - -If not, `shim` can help you bootstrap. The EFI program `/boot/efi/EFI/BOOT/fallback.efi` will look for files called `BOOT.CSV` in your ESP and will add boot entries corresponding to them. The `shim` command provides its own `BOOT.CSV` file that will add an entry for `grub2-efi`. - -During the boot process, you can use the *EFI Shell* to invoke the `fallback.efi` profile to boot the system: - -. Enter the boot partition. -+ ----- -> fs0: ----- - -. Navigate into the `EFI\BOOT` directory. -+ ----- -> cd EFI\BOOT ----- - -. Invoke the `fallback.efi` profile. -+ ----- -> fallback.efi ----- - -.More information - -* If you have no boot entries at all, then just booting off your disk in UEFI mode should automatically invoke `/boot/efi/EFI/BOOT/BOOTX64.EFI`, which will, in turn, invoke `fallback.efi`. - -* If you already have incorrect boot entries, you'll either need to delete them or to modify `BOOT.CSV` to create new entries with different names. - diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-httpd.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-httpd.adoc deleted file mode 100644 index 376c737..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-httpd.adoc +++ /dev/null @@ -1,27 +0,0 @@ -[id='installing-httpd'] -= Installing HTTPD - -This procedure describes the steps to install Apache *HTTPD* on Fedora. - -. Install *HTTPD* packages. -+ ----- -sudo dnf install httpd -y ----- - -. Start the *HTTPD* service. -+ ----- -sudo systemctl start httpd.service ----- - -[NOTE] -==== -To enable auto start of *HTTPD* service at boot, execute the following command: - ----- -sudo systemctl enable httpd.service ----- -==== - -Navigate to link:http://localhost[http://localhost] to access the Apache test page. You may not be able to access the server from any other host. To access the server from other hosts, see link:#opening-firewall-ports[Opening firewall ports]. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-container.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-container.adoc deleted file mode 100644 index 8b719ff..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-container.adoc +++ /dev/null @@ -1,76 +0,0 @@ -[id='install-from-container'] -= Install from Podman - -== Downloading a SQL Server Docker Image - ----- -podman pull {mysql/mysql-server|mariadb/server} ----- - -== See Logs - ----- -podman logs {mysql|mariadb} ----- - -== Starting a MySQL Server Instance - -The command's below contain the random password generated for the root user; - ----- -podman logs mysql 2>&1 | grep GENERATED ----- - ----- -podman -d -e MYSQL_ROOT_PASSWORD=mypassword mysql/mysql-Server ----- - -== Starting a MariaDB Server Instance - ----- -podman run -d --name=mariadb -ed MYSQL_ROOT_PASSWORD=mypassword -d mariadb/server ----- - -WARNING: Password blank default for MariaDB - -NOTE: The -d option used for _BOTH_ in the podman run command above makes the container run in the background. Use this command to monitor the output from the container: - -== Connecting to MySQL Server from within the Container - ----- -podman exec -it mysql mysql -uroot -p ----- - -you must reset the server root password by issuing this statement: - ----- -mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password'; ----- - -== Connecting to MariaDB Server from within the Container - ----- -podman exec -it mariadb bash ----- - -== Reseting SQL_ROOT_PASSWORD - -you must reset the server root password by issuing this statement: - ----- -mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password'; ----- - -== Stopping and Deleting a SQL Container - ----- -podman {start|stop|restart} {mysql|mariadb} ----- - -== Deleting a SQL Container - ----- -podman rm {mysql|mariadb} ----- - -WARNING: you can do the same with _docker_ just change _podman_ with _docker_. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-fedora-repo.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-fedora-repo.adoc deleted file mode 100644 index 177ce50..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-fedora-repo.adoc +++ /dev/null @@ -1,74 +0,0 @@ -[id='install-from-fedora-main-repo'] -= Install from Fedora Main Repo - -The community provide a MySQL package in the main repo. - ----- -sudo dnf install {community-mysql-server|mariadb-server} ----- - -== Configuring MySQL/MariaDB - -Enable the service at boot and start: - ----- -sudo systemctl enable {mysqld|mariadb} -sudo systemctl start {mysqld|mariadb} ----- - -== Installing MariaDB server from the Fedora Modular repository - -To list the available versions (_streams_ in modularity terminology) of MariaDB: - ----- -dnf module list mariadb ----- - -To enable the version of MariaDB you want to use and make the stream RPMs available in the package set: - ----- -sudo dnf module enable mariadb:10.4 ----- - -At this point you can verify that the available RPM provides the 10.4 verison of MariaDB server: - ----- -dnf list mariadb-server ----- - -To install MariaDB server: - ----- -sudo dnf module install mariadb/server ----- - -With modules, you could also install a specific profile: like client, devel or galera (the multi-master replica). -For instance, if you don't want to install the server stuff, but only the client packages: - ----- -sudo dnf module install mariadb:10.4/client ----- - -* MariaDB default root password is empty. - -== Configuring SQL before the first use - ----- -sudo mysql_secure_installation ----- - -Some questions will be asked: answer to them as you prefer; answering _yes_ to all of them is perfectly fine. - -== Using SQL - ----- -sudo mysql -u root -p ----- - -== Removing SQL - -I suggest to remove in the following way: - ----- -sudo dnf remove {community-mysql-server|mariadb-server} ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-oracle.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-oracle.adoc deleted file mode 100644 index 87f34df..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-mysql-from-oracle.adoc +++ /dev/null @@ -1,58 +0,0 @@ -[id='install-from-oracle-mysql'] -= Install from Oracle MySQL - -include::{partialsdir}/3rdparty-message.adoc[] - -== Adding the MySQL repository to Fedora - -Please download the release package provided by Oracle from: https://dev.mysql.com/downloads/repo/yum/ -Once downloaded, please install it using dnf: - ----- -sudo dnf install ----- - -Please note that this repository is provided by Oracle -so any issues/bugs encountered will need to be reported to them -via their communication channels: https://www.mysql.com/about/faq/ - -== Installing MySQL on Fedora - ----- -sudo dnf install mysql-community-server ----- - -== Start MySQL Service and Enable at Loggin: - ----- -sudo systemctl start mysqld -sudo systemctl enable mysqld ----- - -find Default Password, For security reasons, MySQL generates a temporary root key. Please note that MySQL has even stricter security policies than MariaDB. - ----- -sudo grep 'temporary password' /var/log/mysqld.log ----- - -== Configuring MySQL before the first use - ----- -sudo mysql_secure_installation ----- - -Then, answer the security questions as you prefer. or just say **yes** to all of them. - -== Using MySQL - ----- -sudo mysql -u root -p ----- - -== Removing MySQL - -I suggest to remove in the following way, the most appropriate and safe way without removing many dependencies is: - ----- -sudo rpm -e --nodeps mysql-community-libs mysql-community-common mysql-community-server ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-openjdk.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-openjdk.adoc deleted file mode 100644 index 4a5e2e3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-openjdk.adoc +++ /dev/null @@ -1,57 +0,0 @@ -[id='installing-openjdk'] -= Installing OpenJDK - -To install OpenJDK from the Fedora repository: - -* Run the following command to list available versions: - ----- -dnf search openjdk ----- - -* Copy the version of OpenJDK you want to install. - -[NOTE] -Various flavors of OpenJDK are available. For information about these options, search the link:https://openjdk.java.net/[OpenJDK web site]. - -* Run the following command to install OpenJDK: - ----- -sudo dnf install ----- - -Examples: - ----- -sudo dnf install java-1.8.0-openjdk.x86_64 ----- - ----- -sudo dnf install java-11-openjdk.x86_64 ----- - ----- -sudo dnf install java-latest-openjdk.x86_64 ----- - -== Installing OpenJDK for development - -In order to install the Java Development Kit, runtime environment and associated development tools. - ----- -sudo dnf install -devel ----- - -Examples: - ----- -sudo dnf install java-1.8.0-openjdk-devel.x86_64 ----- - ----- -sudo dnf install java-11-openjdk-devel.x86_64 ----- - ----- -sudo dnf install java-latest-openjdk-devel.x86_64 ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-oracle-java.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-oracle-java.adoc deleted file mode 100644 index f9fb061..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-oracle-java.adoc +++ /dev/null @@ -1,19 +0,0 @@ -[id='installing-oracle-java-se'] -= Installing Oracle Java SE - -include::{partialsdir}/3rdparty-message.adoc[] - -To install Oracle Java SE: - -. Navigate to link:https://www.oracle.com/java/technologies/javase-downloads.html[Oracle Java SE downloads page], and choose the version of Java you wish to use. - -. Accept the license agreement and download the appropriate tar.gz file for your systems architecture. - -. Unpack the tar.gz file somewhere. -For example, to extract it to the _/opt_ directory: -`sudo tar xf Downloads/jdk-18_linux-x64_bin.tar.gz -C /opt` - -. Set the _JAVA_HOME_ environment variable to that directory. -For example: `export JAVA_HOME=/opt/jdk-18.0.1.1` - -Note: Always make sure to download latest version available. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-virtualization-software.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-virtualization-software.adoc deleted file mode 100644 index 9fd9b6e..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-virtualization-software.adoc +++ /dev/null @@ -1,76 +0,0 @@ -[[installing-virtualization-software]] -= Installing virtualization software -include::{partialsdir}/attributes.adoc[] -:experimental: - -When installing Fedora, you can install the virtualization packages by -selecting *Virtualization* in the *Base Group* in the installer. See xref:f{MAJOROSVER}@fedora:install-guide:install/Installing_Using_Anaconda.adoc[Installing Using Anaconda]. - -For existing Fedora installations, you can install the virtualization tools via the command line using the Virtualization Package Group. To view the packages, run: - -[source,shell,subs="attributes"] ----- -$ dnf groupinfo virtualization - -Group: Virtualization - Description: These packages provide a graphical virtualization environment. - Mandatory Packages: - virt-install - Default Packages: - libvirt-daemon-config-network - libvirt-daemon-kvm - qemu-kvm - virt-manager - virt-viewer - Optional Packages: - libguestfs-tools - python3-libguestfs - virt-top ----- - -. Run the following command to install the mandatory and default packages in the virtualization group: -+ -[source,shell,subs="attributes"] ----- -# sudo dnf install @virtualization ----- -+ -Alternatively, to install the mandatory, default, and optional packages, run: -+ -[source,shell,subs="attributes"] ----- -# sudo dnf group install --with-optional virtualization ----- -+ -. After the packages install, start the `libvirtd` service: -+ -[source,shell,subs="attributes"] ----- -# sudo systemctl start libvirtd ----- -+ -To start the service on boot, run: -+ -[source,shell,subs="attributes"] ----- -# sudo systemctl enable libvirtd ----- -+ -. To verify that the KVM kernel modules are properly loaded: -+ -[source,shell,subs="attributes"] ----- -$ lsmod | grep kvm -kvm_amd 114688 0 -kvm 831488 1 kvm_amd ----- -+ -If this command lists `kvm_intel` or `kvm_amd`, KVM is properly configured. - - -[[networking-support]] -== Networking Support - -By default, libvirt will create a private network for your guests on the host machine. This private network will use a 192.168.x.x subnet and not be reachable directly from the network the host machine is on. However, virtual guests can use the host machine as a gateway and can connect out via it. If you need to provide services on your guests that are reachable via other machines on your host network you can use iptables DNAT rules to forward in specific ports, or you can set up a bridged environment. - -See the https://wiki.libvirt.org/page/Networking[libvirt networking setup page] for more information on how to setup a bridged network. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing-webapps.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing-webapps.adoc deleted file mode 100644 index 04ded0f..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing-webapps.adoc +++ /dev/null @@ -1,24 +0,0 @@ -[id='installing-webapps'] -= Installing webapps - -You probably want to run something on your web server. Many of the most popular web applications are packaged for Fedora. Using the packaged versions of web applications is recommended. These packages will be configured following the distribution's best practices which help to ensure the security of the installation. - -For instance, by installing static files to locations the web server does not have the ability to write to, and doing access control with configuration files rather than `.htaccess` files, which are slightly more vulnerable to attack. - -Packaged web applications will also be configured to work with SELinux, which provides significant security benefits. - -You will also receive updates through the usual Fedora update process, making it easier to keep your installation up to date. - -They will also often have the default configuration tweaked according to Fedora's conventions, meaning you have to do less work to get the application up and running. - -Most web applications are simply packaged according to their name. For instance, you can install Wordpress by executing the following command: - ----- -sudo dnf install wordpress ----- - -Packaged web applications will usually provide Fedora-specific instructions in a documentation file. For instance, Wordpress provides the files `/usr/share/doc/wordpress/README.fedora` and `/usr/share/doc/wordpress/README.fedora-multiuser`. - -Packaged web applications usually restrict access by default so you can access them only from the server host itself, to ensure you can run all initial configuration safely and things like administration interfaces are not left accessible to the public. For information on how to broaden access, see xref:getting-started-with-apache-http-server.adoc#enabling-access-to-web-applications[Enabling access to web applications]. - -Web applications commonly require the use of a database server. This wiki contains information on installing and configuring https://fedoraproject.org/wiki/PostgreSQL[PostgreSQL] and https://fedoraproject.org/wiki/MariaDB[MariaDB] on Fedora. diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing_firewalld.adoc deleted file mode 100644 index 10ae46d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing_firewalld.adoc +++ /dev/null @@ -1,25 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=installing-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Installing firewalld - -.Install firewalld: - -. Run this command on the command line: - -[source,bash] - ----- - -sudo dnf install firewalld - ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_installing_vlc.adoc b/modules/ROOT/pages/_partials/2delete-proc_installing_vlc.adoc deleted file mode 100644 index e018adb..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_installing_vlc.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[[installing-vlc]] -= Installing VLC - - -* Install VLC: -+ ----- -$ sudo dnf install vlc ----- - diff --git a/modules/ROOT/pages/_partials/2delete-proc_log-files-GUI.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_log-files-GUI.adoc.delete.adoc deleted file mode 100644 index 30b047b..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_log-files-GUI.adoc.delete.adoc +++ /dev/null @@ -1,27 +0,0 @@ -[id='using-gnome-logs-to-view-log-files'] -= Using Gnome Logs to view log files - -The `GNOME Logs` application provides a convenient GUI tool to view the systemd journal. -`GNOME Logs` is not currently installed by default on Fedora systems. - -* You can install `Gnome Logs` using the default software installation application on your system. - On a Fedora Workstation install running the GNOME desktop: - -** Press the `Super` key -** Type `Software` -** In the `Search` field type `Logs` and choose the `GNOME Logs` item from the list of results -** Install the application - -* You can also install `GNOME Logs` using the command line with `dnf`: - ----- -$ sudo dnf install gnome-logs ----- - -In `GNOME Logs`, you can filter for time periods, search within logs, and display categories. - -* To select a log file type, from the side bar of GNOME Logs, select the type to view. -* To select a time period, from the menu bar, click `Log`, and select a time period. -* To search within logs, select a log file from the results pane. -. Click the search icon. -. Enter one or more search criterion in the search field. diff --git a/modules/ROOT/pages/_partials/2delete-proc_log-files-command-line.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_log-files-command-line.adoc.delete.adoc deleted file mode 100644 index 39f9737..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_log-files-command-line.adoc.delete.adoc +++ /dev/null @@ -1,89 +0,0 @@ -[id='using-the-command-line-to-view-log-files] -= Using the command line to view log files - -The `journalctl` command can be used to view messages in the system journal on the command line. -For plain text log files, generic tools may be used: - -* `cat`, `more`, `less`, `tail`, or `head`. -* the `grep` command to search for specific information. -* any text editor of your choosing (nano/pico/vim/emacs) - -Please note that you may require `sudo` access to view these files. - -[id='using-journalctl-to-view-system-information'] -== Using journalctl to view system information - -* To view all collected journal entries, simply use: ----- -$ journalctl ----- - -* To view a logs related to a specific file, you can provide the `journalctl` command with a filepath. - The example shown below shows all logs of the kernel device node `/dev/sda`: ----- -$ journalctl /dev/sda ----- - -* To view log for the current boot use the `-b` option : ----- -$ journalctl -b ----- - -* To view kernel logs for the current boot, you can add the `-k` option: ----- -$ journalctl -k -b -1 ----- - - -[id='using-journalctl-to-view-log-information-for-a-specific-service'] -== Using journalctl to view log information for a specific service - -* To filter logs to only see ones matching the "foo" systemd service: ----- -$ journalctl -b _SYSTEMD_UNIT=foo ----- - -* Matches can be combined. - For example, to view logs for systemd-units that match `foo`, and the PID `number`: ----- -$ journalctl -b _SYSTEMD_UNIT=foo _PID=number ----- - -* If the separator "+" is used, two expressions may be combined in a logical OR. - For example, to view all messages from the `foo` service process with the `PID` plus all messages from the `foo1` service (from any of its processes): ----- -$ journalctl -b _SYSTEMD_UNIT=foo _PID=number + _SYSTEMD_UNIT=foo1 ----- - -* If two matches refer to the same field, all entries matching either expression are shown. - For example, this command will show logs matching a systemd-unit `foo` or a systemd-unit `foo1`: ----- -$ journalctl -b _SYSTEMD_UNIT=foo _SYSTEMD_UNIT=foo1 ----- - - -NOTE: The files for service modification are stored in a directory within `*/etc/systemd/system*`, to know more about systemd, please refer to <> - -[id='Using-journalctl-to-view-older-logs'] -== Using journalctl to view older logs - -* To view older logs use the `--list-boots` option : - -This will show a tabular list of boot numbers, their IDs, and the timestamps of the first and last message pertaining to the boot: - ----- -$ journalctl --list-boots --8 42cdeac65d494e938b9cb92f315b08a4 Mon 2018-11-12 10:36:42 CET—Mon 2018-11-12 20:08:24 CET --7 c110d2b8705345b786fe310de628bfc7 Tue 2018-11-13 10:29:27 CET—Tue 2018-11-13 10:04:00 CET ----- - -with this ID you can use `journalctl` as usual : - ----- -$ journalctl --boot=ID _SYSTEMD_UNIT=foo ----- - -* To know more about `journalctl`, read the man page: ----- -$ man journalctl ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-cli.adoc b/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-cli.adoc deleted file mode 100644 index d4b9837..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-cli.adoc +++ /dev/null @@ -1,23 +0,0 @@ -[id='manual-updating-using-cli'] -= Manual updating using CLI - -This section describes how to manually download and install new updates by using the DNF -package manager. - - -[discrete] -== Procedure - -* Upgrade the system: -+ ----- -sudo dnf upgrade ----- -+ -Confirm to download the available packages. - - -[discrete] -== Additional Resources - -* The `dnf(8)` manual page diff --git a/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-gui.adoc b/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-gui.adoc deleted file mode 100644 index 483be59..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_manual-updating-using-gui.adoc +++ /dev/null @@ -1,17 +0,0 @@ -[id='manual-updating-using-gui'] -= Manual updating using GUI - -This section describes how to manually download and install new updates by using GUI. - -[discrete] -== Procedure - -. Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it. - -. Click the btn:[Updates] button to view the available updates. - -. Click the btn:[Download] button to download new updates. - -. After the updates are downloaded click the btn:[Restart & Update] button. Your system will restart to perform the upgrade. - -image::software-updates.png[Updating by using the Software application] diff --git a/modules/ROOT/pages/_partials/2delete-proc_modifying-existing-systemd-services.adoc b/modules/ROOT/pages/_partials/2delete-proc_modifying-existing-systemd-services.adoc deleted file mode 100644 index 8f90e4e..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_modifying-existing-systemd-services.adoc +++ /dev/null @@ -1,53 +0,0 @@ -[#modifying-existing-systemd-services] -= Modifying existing systemd services - -This example shows how to modify an existing service. Service modification are stored within `/etc/systemd/system`, in a single file or in a subdirectory named after the service. For example, this procedure modifies the `httpd` service. - -[discrete] -== Prerequisites - -* You are logged in as a user with administrator-level permissions. - -* You have a configured `httpd` server running through _systemd_. - -[discrete] -== Procedure - -. _Systemd_ services can be modified using the `systemctl edit` command. -+ ----- -# systemctl edit httpd.service ----- -+ -This creates an override file `/etc/systemd/system/httpd.service.d/override.conf` and opens it in your text editor. Anything you put into this file will be *added* to the existing service file. - -. Add your custom configuration. For example: -+ ----- -[Service] -Restart=always -RestartSec=30 ----- -+ -To replace an option that can be set multiple times, it must cleared first, otherwise the override file will add the option a second time. -+ ----- -[Service] -ExecStart= -ExecStart= ----- - -. Save the file. _Systemd_ automatically loads the new service configuration. - -. Restart the `httpd` service: -+ ----- -# systemctl restart httpd ----- - -To completely replace (instead of just add to/modify) an existing service file, use `systemctl edit --full`, e.g. `systemctl edit --full httpd.service`. This will create `/etc/systemctl/system/httpd.service`, which will be used instead of the existing service file. - -[discrete] -== Related Information - -* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/pages/_partials/2delete-proc_opening_ports_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_opening_ports_firewalld.adoc deleted file mode 100644 index c30743a..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_opening_ports_firewalld.adoc +++ /dev/null @@ -1,37 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=opening-ports-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Opening a port - -Through open ports, the system is accessible from the outside, which represents a security risk. Generally, keep ports closed and only open them if they are required for certain services. - -.Opening a port using the command line - -. Get a list of allowed ports in the current zone: -+ ----- -$ firewall-cmd --list-ports ----- -+ -. Add a port to the allowed ports to open it for incoming traffic: -+ ----- -$ sudo firewall-cmd --add-port=port-number/port-type ----- -+ -. Make the new settings persistent: -+ ----- -$ sudo firewall-cmd --runtime-to-permanent ----- - -The port types are either tcp, udp, sctp, or dccp. The type must match the type of network communication. diff --git a/modules/ROOT/pages/_partials/2delete-proc_removing-repositories.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_removing-repositories.adoc.delete.adoc deleted file mode 100644 index d4a2d2d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_removing-repositories.adoc.delete.adoc +++ /dev/null @@ -1,21 +0,0 @@ -[id='removing-repositories'] -= Removing repositories - -This section shows how to remove a Yum repository (or `.repo` file). - -[NOTE] -==== -If you know the ID of a repository, but you're not sure what `.repo` it belongs to, -you can run the following command [red]#`pass:[grep -E "^\[.*\]" /etc/yum.repos.d/*]`#. -This will print a list of the repository IDs that are associated with each Yum repository. -==== - -* To remove a Yum repository, run the following command as `*root*`. -+ -[literal,subs="+quotes,attributes"] ----- -rm /etc/yum.repos.d/*_file_name_*.repo ----- -+ -Where *_file_name_* is the name of the `.repo` file. -+ \ No newline at end of file diff --git a/modules/ROOT/pages/_partials/2delete-proc_removing-shortcut-custom-app-gnome.adoc b/modules/ROOT/pages/_partials/2delete-proc_removing-shortcut-custom-app-gnome.adoc deleted file mode 100644 index c1a070b..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_removing-shortcut-custom-app-gnome.adoc +++ /dev/null @@ -1,31 +0,0 @@ -[id='removing-shortcut-custom-app-gnome'] -= Removing keyboard shortcuts for custom applications in GNOME - -This section describes how to remove a keyboard shortcut for starting a custom application in GNOME. - -[discrete] -== Procedure - -. Open *Settings* and choose the *Devices* entry from the list: -+ -image::shortcuts-settings-devices.png[] -+ -NOTE: Earlier Fedora versions might not need this step. - -. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: -+ -image::shortcuts-keyboard-scroll.png[] - -. Scroll down in the list of shortcuts and applications until you locate the application that you want to remove: -+ -image::shortcuts-added.png[] - -. Click on the entry. -+ -A window for editing the shortcut appears: -+ -image::shortcuts-edit.png[] - -. Click the red *Remove* button. -+ -The shortcut is removed. diff --git a/modules/ROOT/pages/_partials/2delete-proc_restoring-bootloader-using-live-disk.adoc b/modules/ROOT/pages/_partials/2delete-proc_restoring-bootloader-using-live-disk.adoc deleted file mode 100644 index c875a28..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_restoring-bootloader-using-live-disk.adoc +++ /dev/null @@ -1,221 +0,0 @@ -[[restoring-bootloader-using-live-disk]] -= Restoring the bootloader using the Live disk. - -Sometimes, especially after a secondary operating systems has been installed, -the master boot record gets damaged which then prevents the original Linux system -from booting. - -If this happens, it is necessary to reinstall *GRUB2* to recreate the original -settings. The process not only discovers all installed operating systems, but -usually adds them to the *GRUB2* configuration files, so they will all become -bootable by *GRUB2*. - -.Before you start - -* Get the Fedora Live ISO from link:https://download.fedoraproject.org/pub/fedora/linux/releases/[getfedora.org]. - -* Prepare a bootable device using the downloaded ISO, either a CD or a USB. - -.Procedure - -. Boot the Fedora live system from the bootable device you have created. - -. Open the terminal. - -. Examine the partition layout and identify the `/boot` and the `/root` partition. -+ ----- -# fdisk -l ----- - -. Follow the <> (Fedora 33 or newer) or <> (older than Fedora 33) to recover your system. - -[[btrfs-steps]] -== BTRFS steps - -. If your `/root` partition is encrypted by LUKS, it must be decrypted. - -.. Make sure the crypt module is in use. -+ ----- -# modprobe dm-crypt ----- - -.. Decrypt the `/root` partition (e.g. `/dev/sda3`). -+ ----- -# cryptsetup luksOpen /dev/sda3 myvolume ----- -+ -The decrypted device (i.e. `myvolume`) will be accessible under `/dev/mapper/`. - -. Mount the `/root` partition. - -* For LUKS. -+ ----- -# mount /dev/mapper/myvolume /mnt -o subvol=root ----- -* For non-LUKS. -+ ----- -# mount /dev/sda3 /mnt -o subvol=root ----- -+ - -. Mount the `/boot` partition (e.g. `/dev/sda2)`. -+ ----- -# mount /dev/sda2 /mnt/boot ----- -+ - -. Mount system processes and devices into the `/root` filesystem. -+ ----- -# mount -o bind /dev /mnt/dev -# mount -o bind /proc /mnt/proc -# mount -o bind /sys /mnt/sys -# mount -o bind /run /mnt/run ----- -+ -. On UEFI systems, bind the `efivars` directory and mount the EFI system partition (e.g. `/dev/sda1`). -+ ----- -# mount -o bind /sys/firmware/efi/efivars /mnt/sys/firmware/efi/efivars -# mount /dev/sda1 /mnt/boot/efi ----- -+ -. Change your filesystem to the one mounted under `/mnt/`. -+ ----- -# chroot /mnt/ ----- -+ -. Re-install *GRUB2*. - -* On UEFI systems, several packages are required. -+ ----- -/]# dnf reinstall shim-* grub2-efi-* grub2-common - ----- -* On BIOS systems, specify the disk (e.g. `/dev/sda`) where *GRUB2* should be installed. -+ ----- -/]# grub2-install /dev/sda ----- -+ -. Re-generate the *GRUB2* configuration file. -+ ----- -/]# grub2-mkconfig -o /boot/grub2/grub.cfg ----- -+ -. Sync and exit the chroot. -+ ----- -/]# sync && exit ----- -+ -. Reboot the system. - -[[lvm-steps]] -== LVM steps - -. If your `/root` partition is encrypted by LUKS, it must be decrypted. - -.. Make sure the crypt module is in use. -+ ----- -# modprobe dm-crypt ----- - -.. Decrypt the `/root` partition (e.g. `/dev/sda3`). -+ ----- -# cryptsetup luksOpen /dev/sda3 myvolume ----- - -.. Scan the LVM volumes for the volume group corresponding to the `/root` partition. -+ ----- -# vgscan ----- - -.. Activate the volume group (e.g. `fedora_localhost-live`). -+ ----- -# vgchange -ay fedora_localhost-live ----- - -.. Find the logical volume corresponding to `/root`. -+ ----- -# lvs ----- -+ -The logical volume will be accessible under `/dev/mapper/`. - -. Create a `root` directory under `/mnt`. -+ ----- -# mkdir -p /mnt/root ----- -+ -. Mount the logical volume (e.g. `/dev/mapper/fedora_localhost--live-root`) corresponding to the `/root` partition. -+ ----- -# mount /dev/mapper/fedora_localhost--live-root /mnt/root ----- -+ -. Mount the `/boot` partition (e.g. `/dev/sda2`). -+ ----- -# mount /dev/sda2 /mnt/root/boot ----- -+ -. Mount system processes and devices into the `/root` filesystem. -+ ----- -# mount -o bind /dev /mnt/root/dev -# mount -o bind /proc /mnt/root/proc -# mount -o bind /sys /mnt/root/sys -# mount -o bind /run /mnt/root/run ----- -+ -. On UEFI systems, bind the `efivars` directory and mount the EFI system partition (e.g. `/dev/sda1`). -+ ----- -# mount -o bind /sys/firmware/efi/efivars /mnt/root/sys/firmware/efi/efivars -# mount /dev/sda1 /mnt/root/boot/efi ----- -+ -. Change your filesystem to the one mounted under `/mnt/root`. -+ ----- -# chroot /mnt/root/ ----- -+ -. Re-install *GRUB2* and re-generate the *GRUB2* configuration file. - -* On UEFI systems, several packages are required. -+ ----- -/]# dnf reinstall shim-* grub2-efi-* grub2-common -/]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg ----- -* On BIOS systems, specify the disk (e.g. `/dev/sda`) where *GRUB2* should be installed. -+ ----- -/]# grub2-install /dev/sda -/]# grub2-mkconfig -o /boot/grub2/grub.cfg ----- -+ -. Sync and exit the chroot. -+ ----- -/]# sync && exit ----- -+ -. Reboot the system. \ No newline at end of file diff --git a/modules/ROOT/pages/_partials/2delete-proc_revoking-gpg-keys.adoc b/modules/ROOT/pages/_partials/2delete-proc_revoking-gpg-keys.adoc deleted file mode 100644 index c98d6dd..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_revoking-gpg-keys.adoc +++ /dev/null @@ -1,45 +0,0 @@ -[[revoking-gpg-keys]] -= GPG Key Revocation - -When you revoke a key, you withdraw it from public use. -_You should only have to do this if it is compromised or lost, or you forget the passphrase._ - -[[generating-a-revocation-certificate]] -== Generating a Revocation Certificate - -When you create the key pair you should also create a key revocation certificate. -If you later issue the revocation certificate, it notifies others that the public key is not to be used. -Users may still use a revoked public key to verify old signatures, but not encrypt messages. -As long as you still have access to the private key, messages received previously may still be decrypted. -If you forget the passphrase, you will not be able to decrypt messages encrypted to that key. - ----- -gpg --output revoke.asc --gen-revoke KEYNAME ----- - -If you do not use the `--output` flag, the certificate will print to standard output. - -For `KEYNAME`, substitute either the key ID of your primary keypair or any part of a user ID that identifies your keypair. -Once you create the certificate (the `revoke.asc` file), you should protect it. -If it is published by accident or through the malicious actions of others, the public key will become unusable. -It is a good idea to write the revocation certificate to secure removable media or print out a hard copy for secure storage to maintain secrecy. - -[[revoking-a-key]] -== Revoking a key - -. Revoke the key locally: -+ ----- -gpg --import revoke.asc ----- -+ -Once you locally revoke the key, you must send the revoked certificate to a keyserver, regardless of whether the key was originally issued in this way. -Distribution through a server helps other users to quickly become aware the key has been compromised. - -. Export to a keyserver with the following command: -+ ----- -gpg --keyserver hkp://pgp.mit.edu --send-keys KEYNAME ----- -+ -For `KEYNAME`, substitute either the key ID of your primary keypair or any part of a user ID that identifies your keypair. diff --git a/modules/ROOT/pages/_partials/2delete-proc_run-docker-using-sudo.adoc b/modules/ROOT/pages/_partials/2delete-proc_run-docker-using-sudo.adoc deleted file mode 100644 index 69a2e7d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_run-docker-using-sudo.adoc +++ /dev/null @@ -1,11 +0,0 @@ -[[procedure-run-docker-using-sudo]] -= Run Docker using sudo - -. Set up [command]`sudo` as shown in xref:performing-administration-tasks-using-sudo.adoc.adoc#con_using-sudo-assign-admin-privileges[Using sudo to assign administrator privileges]. -. Create an alias for running the docker command by adding the following line to your `~/.bashrc` file: -+ ----- -alias docker="sudo /usr/bin/docker" ----- -+ -When the user executes the docker command as non-root, sudo will be used to manage access and provide logging. diff --git a/modules/ROOT/pages/_partials/2delete-proc_running_vlc.adoc b/modules/ROOT/pages/_partials/2delete-proc_running_vlc.adoc deleted file mode 100644 index 3272b74..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_running_vlc.adoc +++ /dev/null @@ -1,20 +0,0 @@ -[[running-vlc]] -= Running VLC - -* To run the VLC media player using GUI: -+ --- -. Open the launcher by pressing the _Super_ key. -. Type _vlc_. -. Press _Enter_. --- - - -* To run VLC from the command line: -+ -[subs="quotes"] ----- -$ vlc _source_ ----- -+ -Replace _source_ with path to the file to be played, URL, or other data source. For more details, see link:https://wiki.videolan.org/Documentation:Command_line/#Opening_streams[Opening streams] on VideoLAN wiki. diff --git a/modules/ROOT/pages/_partials/2delete-proc_securing-apache-httpd.adoc b/modules/ROOT/pages/_partials/2delete-proc_securing-apache-httpd.adoc deleted file mode 100644 index 3d23b73..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_securing-apache-httpd.adoc +++ /dev/null @@ -1,121 +0,0 @@ -[id='securing-apache-httpd'] -= Securing Apache HTTPD - -To enable TLS/SSL support, download and install one of the following packages: - -* https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl], based on https://www.openssl.org[OpenSSL] -* https://packages.fedoraproject.org/pkgs/mod_gnutls/mod_gnutls/[mod_gnutls], based on https://www.gnutls.org/[GnuTLS] -* https://packages.fedoraproject.org/pkgs/mod_nss/mod_nss/[mod_nss], based on https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS[NSS] - - -[id='using-mod-ssl'] -== Using mod_ssl - - -[id='installing-mod-ssl'] -=== Installing mod_ssl - -The https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl] package will be automatically enabled post installation. Install the https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl] package using the following command: - ----- -sudo dnf install mod_ssl -y ----- - - -[id='generating-new-certificate'] -=== Generating a new certificate - -To generate a new certificate, refer to https://fedoraproject.org/wiki/Https#openssl[Create a certificate using OpenSSL]. -// The topic ID can be used here instead of the absolute link. Have used absolute link as the destination content in question is in a topic that may not be a part of this activity. - - -[id='installing-existing-certificate'] -=== Installing an existing certificate - -If you already have a certificate generated on another computer, do the following: - -. Move the certificate and the key file to the correct folder -+ ----- -sudo mv key_file.key /etc/pki/tls/private/myhost.com.key -sudo mv certificate.crt /etc/pki/tls/certs/myhost.com.crt ----- -+ -. Ensure that the following parameters are correct: -+ -.. SELinux contexts -+ ----- -restorecon /etc/pki/tls/private/myhost.com.key -restorecon /etc/pki/tls/certs/myhost.com.crt ----- -+ -.. Ownership -+ ----- -sudo chown root.root /etc/pki/tls/private/myhost.com.key -sudo chown root.root /etc/pki/tls/certs/myhost.com.crt ----- -+ -.. Permissions -+ ----- -sudo chmod 0600 /etc/pki/tls/private/myhost.com.key -sudo chmod 0600 /etc/pki/tls/certs/myhost.com.crt ----- - -After installing the existing certificate, set up the certificate using <>. - - -[id='mod-ssl-configuration'] -=== mod_ssl configuration - -The default TLS/SSL configuration is contained in the file `/etc/httpd/conf.d/ssl.conf`. In the `ssl.conf` file, following are the directives that specify where the TLS/SSL certificate and key are located: - ----- -SSLCertificateFile /etc/pki/tls/certs/localhost.crt -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ----- - -These directives are enclosed in a block defining a https://httpd.apache.org/docs/current/vhosts/[virtual host]: - ----- - -... -SSLCertificateFile /etc/pki/tls/certs/localhost.crt -... -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -... - ----- - -To define a different location for these files, do the following: - -. Create a copy of the `/etc/httpd/conf.d/ssl.conf` file and renew the file to `z-ssl-local.conf`. -+ -. Edit the following lines in the `z-ssl-local.conf` file: - ----- - -SSLCertificateFile /etc/pki/tls/certs/www.myhost.org.crt -SSLCertificateKeyFile /etc/pki/tls/private/www.myhost.org.key - ----- - -This file will override the two settings for the `pass:[_default_]:443` virtual host; all other settings from `ssl.conf` will be retained. - - -[id='settings-individual-virtual-hosts'] -=== Settings for individual virtual hosts - -To use SSL/TLS for a specific virtual host with a different certificate as default, do the following: - -. Open that virtual host's configuration file `/etc/httpd/conf.d/hostname.conf`. -+ -. Insert these lines between `` and ``: -+ ----- -SSLEngine on -SSLCertificateFile /etc/pki/tls/certs/hostname.crt -SSLCertificateKeyFile /etc/pki/tls/private/hostname.key ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_setting-automatic-updates.adoc b/modules/ROOT/pages/_partials/2delete-proc_setting-automatic-updates.adoc deleted file mode 100644 index b17c682..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_setting-automatic-updates.adoc +++ /dev/null @@ -1,66 +0,0 @@ -[id='setting-automatic-updates'] -= Setting automatic updates - -This section describes how to use the DNF Automatic application to automatically: - -* Download and install any new updates -* Only download the updates -* Get notified about the updates - -[discrete] -== Procedure - -. Install the [package]_dnf-automatic_ package: -+ ----- -sudo dnf install dnf-automatic ----- - -. Edit the [filename]`/etc/dnf/automatic.conf` configuration file as needed. See the https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation for details. - -. Enable and start the `systemd` timer: -+ -[literal,subs="+quotes,attributes"] ----- -sudo systemctl enable --now _timer_ ----- -+ -Replace `_timer_` with one of following ones depending on what action you want to do: -+ --- -* `dnf-automatic-install.timer` to download and install packages -* `dnf-automatic-download.timer` to only download packages -* `dnf-automatic-notifyonly.timer` to only get a notification using configured emitters in the [filename]`/etc/dnf/automatic.conf` file. --- -+ -For example: -+ ----- -sudo systemctl enable --now dnf-automatic-install.timer -Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer. ----- - -. Ensure that the timer has been successfully enabled and started: -+ -[literal,subs="+quotes,attributes"] ----- -sudo systemctl status _timer_ ----- -+ -Replace `_timer_` with the timer from the previous step, for example: -+ ----- -sudo systemctl status dnf-automatic-install.timer -● dnf-automatic-install.timer - dnf-automatic-install timer - Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled) - Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago - Trigger: Sat 2021-01-30 06:05:57 +08; 15h left - Triggers: ● dnf-automatic-install.service - -Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer. ----- - -[discrete] -== Additional Resources - -* The https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation diff --git a/modules/ROOT/pages/_partials/2delete-proc_setting-default-entry-for-grub2.adoc b/modules/ROOT/pages/_partials/2delete-proc_setting-default-entry-for-grub2.adoc deleted file mode 100644 index e793b59..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_setting-default-entry-for-grub2.adoc +++ /dev/null @@ -1,56 +0,0 @@ -[[setting-default-entry]] -= Setting default entry for GRUB2 - -Since `grub2-mkconfig` (and *os-prober*) cannot estimate which operating system, of those it finds, is to be marked as default, we usually are unable to predict the order of the entries in `/boot/grub2/grub.cfg`. To change the default layout, we need to set the default based on the `name` or `title`. - -.Before you start - -. Open `/etc/default/grub` and make sure these lines exist in the file. -+ ----- -GRUB_DEFAULT=saved -GRUB_SAVEDEFAULT=false ----- - -. If you needed to change the content of the `/etc/default/grub`, apply the changes to `grub.cfg`. -+ ----- -# grub2-mkconfig -o /boot/grub2/grub.cfg ----- - -.Procedure - -. List all possible menu entries. -+ ----- -# grep -P "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2 ----- - -. Select one of the displayed options and use it as an argument to set the default menu entry. -+ ----- -# grub2-set-default ----- - -. Verify the default menu entry -+ ----- -# grub2-editenv list ----- - -. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in link:#adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. - - -.More information - -If you understand the risks involved, you can manually modify the `/boot/grub2/grub.cfg` file. In that case, set the number of the default operating system using the `set default` variable. - -For example: ----- -set default="5" ----- - -[NOTE] -==== -If you edit the configuration file manually, the settings will be overwritten each time the `grub2-mkconfig` command runs. -==== diff --git a/modules/ROOT/pages/_partials/2delete-proc_setting-password-for-interactive-edit-mode.adoc b/modules/ROOT/pages/_partials/2delete-proc_setting-password-for-interactive-edit-mode.adoc deleted file mode 100644 index 49ce063..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_setting-password-for-interactive-edit-mode.adoc +++ /dev/null @@ -1,33 +0,0 @@ -[[setting-password-for-interactive-edit-mode]] -= Setting a password for interactive edit mode - -If you wish to protect the *GRUB2* interactive edit mode with a password, but allow ordinary users to boot the computer, you have to create a definition file where you set up this functionality: - -.Procedure - -. Create the `/etc/grub.d/01_users` file and write the following lines into the file. -+ ----- -set superusers="root" -export superusers -password root ----- - -. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. - - -.More information - -You can encrypt the password by using *pbkdf2*. Use `grub2-mkpasswd-pbkdf2` to encrypt the password, then replace the password line with: - ----- -password_pbkdf2 root grub.pbkdf2.sha512.10000.1B4BD9B60DE889A4C50AA9458C4044CBE129C9607B6231783F7E4E7191D8254C0732F4255178E2677BBE27D03186E44815EEFBAD82737D81C87F5D24313DDDE7.E9AEB53A46A16F30735E2558100D8340049A719474AEEE7E3F44C9C5201E2CA82221DCF2A12C39112A701292BF4AA071EB13E5EC8C8C84CC4B1A83304EA10F74 ----- - -More details can be found at https://help.ubuntu.com/community/Grub2/Passwords[Ubuntu Help: GRUB2 Passwords]. - -[NOTE] -==== -Starting from Fedora 21, the `--md5pass` kickstart option must be used when using the `grub2-mkpasswd-pbkdf2` command. -==== - diff --git a/modules/ROOT/pages/_partials/2delete-proc_solving-absent-floppy.adoc b/modules/ROOT/pages/_partials/2delete-proc_solving-absent-floppy.adoc deleted file mode 100644 index e7a74f3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_solving-absent-floppy.adoc +++ /dev/null @@ -1,11 +0,0 @@ -[[solving-absent-floppy]] -= Dealing with the "Absent Floppy Disk" Error - -It has been reported by some users that *GRUB2* may fail to install on a partition's boot sector if the computer's floppy controller is activated in BIOS without an actual floppy disk drive being present. Such situations resulted in an _Absent Floppy Disk_ error. - -To workaround this issue, go into the rescue mode and follow the procedure in link:#installing-grub-2-on-a-bios-system[Installing GRUB2 on a BIOS system] *GRUB2*, but use the `--no-floppy` option with the `grub2-install` command. - ----- -# grub2-install --no-floppy ----- - diff --git a/modules/ROOT/pages/_partials/2delete-proc_starting-stopping-and-querying-systemd-services.adoc b/modules/ROOT/pages/_partials/2delete-proc_starting-stopping-and-querying-systemd-services.adoc deleted file mode 100644 index 932a254..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_starting-stopping-and-querying-systemd-services.adoc +++ /dev/null @@ -1,67 +0,0 @@ -[#starting-stopping-and-querying-systemd-services] -= Starting, stopping, and querying systemd services - -You can perform various management tasks to control _systemd_ services using the `systemctl` command. The following is a set of example commands to demonstrate how to use `systemctl` to manage _systemd_ services. - -[discrete] -== Prerequisites - -You are logged in as a user with administrator-level permissions. - -[discrete] -== Procedure - -The following commands control the `foo` service: - -* Activate a service immediately: -+ ----- -# systemctl start foo ----- - -* Deactivate a service immediately: -+ ----- -# systemctl stop foo ----- - -* Restart a service: -+ ----- -# systemctl restart foo ----- - -* Show the status of a service including, whether it is running or not: -+ ----- -# systemctl status foo ----- - -* Enable a service to be started on boot: -+ ----- -# systemctl enable foo ----- - -* Disable a service to not start during boot: -+ ----- -# systemctl disable foo ----- - -* Prevent a service from starting dynamically or even manually unless unmasked: -+ ----- -# systemctl mask foo ----- - -* Check if a service is enabled or not: -+ ----- -# systemctl is-enabled foo ----- - -[discrete] -== Related Information - -* Run `man systemctl` for more details. diff --git a/modules/ROOT/pages/_partials/2delete-proc_starting_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_starting_firewalld.adoc deleted file mode 100644 index 47b13b2..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_starting_firewalld.adoc +++ /dev/null @@ -1,22 +0,0 @@ -// Module included in the following assemblies: -// -// firewalld.adoc - - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=starting-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Starting firewalld - -Start firewalld, by entering the following commands: - ----- -$ sudo systemctl unmask firewalld -$ sudo systemctl start firewalld ----- - -To make firewalld start automatically at system start: - ----- -$ sudo systemctl enable firewalld ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_stopping_firewalld.adoc b/modules/ROOT/pages/_partials/2delete-proc_stopping_firewalld.adoc deleted file mode 100644 index a8993b9..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_stopping_firewalld.adoc +++ /dev/null @@ -1,29 +0,0 @@ -// Module included in the following assemblies: -// -//firewalld.adoc - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id=stopping-firewalld-fedora] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Stopping firewalld - - -To stop firewalld, enter the following command as root: ----- -$ sudo systemctl stop firewalld ----- - -Prevent firewalld from starting automatically at system start, enter the following command as root: ----- -$ sudo systemctl disable firewalld ----- - -Make sure firewalld is not started by accessing the firewalld D-Bus interface and also if other services require firewalld, enter the following command as root: ----- -$ sudo systemctl mask firewalld ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_switching-between-java-versions.adoc b/modules/ROOT/pages/_partials/2delete-proc_switching-between-java-versions.adoc deleted file mode 100644 index 57cdc21..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_switching-between-java-versions.adoc +++ /dev/null @@ -1,17 +0,0 @@ -= Switching between Java Versions - -You might have installed several versions of Java on your system, you can switch from one. - -After running this command, you will see a list of all installed Java versions, select: - ----- -sudo alternatives --config java ----- - -Simply enter a selection number to choose which java executable should be used by default. - -* verify: - ----- -java -version ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc deleted file mode 100644 index d99baf3..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc +++ /dev/null @@ -1,60 +0,0 @@ -[id='troubleshooting_live_USB'] -= Troubleshooting a live USB - - -== livecd-iso-to-disk problems - -Partition isn't marked bootable:: If you get the message `Partition isn't marked bootable!`, you need to mark the partition bootable. To do this, run `parted /dev/sdX`, and use the `toggle N` boot command, where `_X_` is the appropriate letter, and `_N_` is the partition number. For example: -+ -[source,shell,subs="attributes"] ----- -$ parted /dev/sdb -GNU Parted 1.8.6 -Using /dev/sdb -Welcome to GNU Parted! Type 'help' to view a list of commands. -(parted) print -Model: Imation Flash Drive (scsi) -Disk /dev/sdX: 1062MB -Sector size (logical/physical): 512B/512B -Partition Table: msdos - -Number Start End Size Type File system Flags - 1 32.3kB 1062MB 1062MB primary fat16 - -(parted) toggle 1 boot -(parted) print -Model: Imation Flash Drive (scsi) -Disk /dev/sdX: 1062MB -Sector size (logical/physical): 512B/512B -Partition Table: msdos - -Number Start End Size Type File system Flags - 1 32.3kB 1062MB 1062MB primary fat16 boot - -(parted) quit -Information: Don't forget to update /etc/fstab, if necessary. ----- - -Partitions need a filesystem label:: If you get the message `Need to have a filesystem label` or `UUID` for your USB device, you need to label the partition: `dosfslabel /dev/sdX LIVE`. - -Partition has different physical/logical endings:: If you get this message from fdisk, you may need to reformat the flash drive when writing the image, by passing `--format` when writing the stick. - -MBR appears to be blank:: If your test boot reports a corrupted boot sector, or you get the message `MBR appears to be blank.`, you need to install or reset the master boot record (MBR), by passing `--reset-mbr` when writing the stick. - -livecd-iso-to-disk on other Linux distributions:: `livecd-iso-to-disk` is not meant to be run from a non-Fedora system. Even if it happens to run and write a stick apparently successfully from some other distribution, the stick may well fail to boot. Use of `livecd-iso-to-disk` on any distribution other than Fedora is unsupported and not expected to work: please use an alternative method, such as link:#using-fedora-media-writer[Fedora Media Writer]. - - -== Testing a USB stick using qemu - -You can test your stick using QEMU. - -[options="nowrap"] ----- -# umount /dev/sdX1 -$ qemu -hda /dev/sdX -m 1024 -vga std ----- - - -== Mounting a Live USB filesystem - -You can use the https://github.com/livecd-tools/livecd-tools/blob/master/tools/liveimage-mount[liveimage-mount] script in the https://packages.fedoraproject.org/pkgs/livecd-tools/livecd-tools/[livecd-tools] package to mount an attached Live USB device or other LiveOS image, such as an ISO or Live CD. This is convenient when you want to copy in or out some file from the LiveOS filesystem on a Live USB, or just examine the files in a Live ISO or Live CD. diff --git a/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-mysql.adoc b/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-mysql.adoc deleted file mode 100644 index 21a8b4d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_troubleshooting-mysql.adoc +++ /dev/null @@ -1,96 +0,0 @@ -[id='how-to-troubleshoot-issues-in-sql'] -= How To Troubleshoot Issues in SQL - -Version: - ----- -dnf list installed | grep -i -e maria -e mysql -e galera ----- - -Check parameters in configuration file: - -* MySQL: - ----- -mysqld --print-defaults ----- - -* MariaDB/MySQL Comunnity: - ----- -/usr/libexec/mysqld --print-defaults ----- - -WARNING: Compatiblity between different version are not allowed Just install one of them. - -== How to Access SQL Error Logs - -Oftentimes, the root cause of slowdowns, crashes, or other unexpected behavior in SQL can -In many cases, the error logs are most easily read with the less program, a command line u - -if SQL isn’t behaving as expected, you can obtain more information about the source of the - -* **systemctl status mysqld.service** doesn't start well, This information doesn’t explain - well what is happening?, after this command you should type `journalctl -xe -u mariadb -u mysqld`. -* Look at Log files, can be located in `/var/log/mysql/mysqld.log` for MySQL, and `/var/log/mariabd` for MariaDB. - -== How To Troubleshoot Socket Errors in SQL - -SQL manages connections to the database server through the use of a socket file, a special kind of file that facilitates communications between different processes. The MySQL server’s socket file is named mysqld.sock and on Ubuntu systems it’s usually stored in the /var/run/mysqld/ directory. This file is created by the MySQL service automatically. - -Sometimes, changes to your system or your SQL configuration can result in SQL being unable to read the socket file, preventing you from gaining access to your databases. The most common socket error looks like this: - ----- -ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) ----- - -There are a few reasons why this error may occur, and a few potential ways to resolve it. -One common cause of this error is that the SQL service is stopped or did not start to begin with, meaning that it was unable to create the socket file in the first place. To find out if this is the reason you’re seeing this error, try starting the service with _systemctl_: - ----- -sudo systemctl start {mysqld|mariadb} ----- - -Then try accessing the MySQL prompt again. If you still receive the socket error, double check the location where your MySQL installation is looking for the socket file. This information can be found in the `mysqld.cnf` file: - -look for the socket parameter in the [mysqld] section of this file. It will look like this: - ----- -[mysqld] -user = mysql -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 ----- - -Close this file, then ensure that the mysqld.sock file exists by running an ls command on the directory where SQL expects to find it: - ----- -ls -a /var/run/mysqld/ ----- - -If the socket file exists, you will see it in this command’s output: - ----- -mysqld.pid mysqld.sock mysqld.sock.lock ----- - -if the file does not exist, the reason may be that MySQL is trying to create it, but does not have adequate permissions to do so. You can ensure that the correct permissions are in place by changing the directory’s ownership to the mysql user and group: - ----- -sudo chown mysql:mysql /var/run/mysqld/ ----- - -Then ensure that the mysql user has the appropriate permissions over the directory. Setting these to 775 will work in most cases: - ----- -sudo chmod -R 755 /var/run/mysqld/ ----- - -Finally, restart the MySQL service so it can attempt to create the socket file again: - ----- -sudo systemctl restart {mysqld|mariadb} ----- - -Then try accessing the MySQL prompt once again. If you still encounter the socket error, there’s likely a deeper issue with your MySQL instance, in which case you should review the error log to see if it can provide any clues. diff --git a/modules/ROOT/pages/_partials/2delete-proc_using-grub2-prompt.adoc b/modules/ROOT/pages/_partials/2delete-proc_using-grub2-prompt.adoc deleted file mode 100644 index d9552f7..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_using-grub2-prompt.adoc +++ /dev/null @@ -1,147 +0,0 @@ -= Using the GRUB2 boot prompt -[[using-the-grub-2-boot-prompt]] - -If improperly configured, *GRUB2* may fail to load and subsequently drop -to a boot prompt. To boot into the system, follow the steps below. - -.Procedure - -. Load the necessary modules to read your system's partitions (you will also need to load `part_msdos` or `part_gpt`, depending on your partition table). -+ -* For BTRFS filesystems (Fedora 33 or newer). -+ ----- -grub> insmod btrfs ----- -+ -* For LVM filesystems (older than Fedora 33). -+ ----- -grub> insmod xfs -grub> insmod lvm ----- - -. List the drives which *GRUB2* sees. -+ ----- -grub> ls ----- - -. Examine the output to understand the partition table of the `/dev/sda` device. The following example shows a DOS partition table with three partitions. -+ ----- -(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1) ----- -+ -A GPT partition table of the `/dev/sda` device with four partitions could look like this. -+ ----- -(hd0) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) ----- - -. Probe each partition of the drive and locate your `vmlinuz` and `initramfs` files. -+ ----- -grub> ls (hd0,1)/ ----- -+ -The outcome of the previous command will list the files on `/dev/sda1`. The partition that contains the `/boot` directory is the correct one. There you will search for the full names of the `vmlinuz` and `initramfs` files. - -. Follow the <> or the <> to recover your system. - -. After the pre-boot setup, boot the system. -+ ----- -grub> boot ----- - -. To restore the bootloader's functionality, regenerate the *GRUB2* configuration file and reinstall the bootloader, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. - -[[btrfs-boot-setup]] -== Pre-boot setup for BTRFS filesystems. - -* On BIOS systems. - -. Set *GRUB2* root to your `/boot` partition. If your `/boot` partition is `(hd0,msdos1)`, the command will be. -+ ----- -grub> set root=(hd0,msdos1) ----- -+ - -. Next, select the desired kernel. Set the `/root` partition (e.g. `/dev/sda2`). -+ ----- -grub> linux /vmlinuz-5.14.10-300.fc35.x86_64 root=/dev/sda2 ro rootflags=subvol=root ----- -+ - -* On UEFI systems. - -. Set *GRUB2* root to your EFI system partition. If your EFI system partition is `(hd0,gpt1)`, use this command. -+ ----- -grub> set root=(hd0,gpt1) ----- -+ - -. Next, select the desired kernel. Find the path to `vmlinuz` and set the `/root` partition (e.g. `/dev/sda3`). -+ ----- -grub> linux (hd0,gpt2)/vmlinuz-5.14.10-300.fc35.x86_64 root=/dev/sda3 ro rootflags=subvol=root ----- -+ - -. Select the RAM filesystem that will be loaded. -+ ----- -grub> initrd (hd0,gpt2)/initramfs-5.14.10-300.fc35.x86_64.img ----- - -[[lvm-boot-setup]] -== Pre-boot setup for LVM filesystems. - -* On BIOS systems. - -. Set *GRUB2* root to your `/boot` partition. If your `/boot` partition is `(hd0,msdos1)`, use this command. -+ ----- -grub> set root=(hd0,msdos1) ----- -+ - -. Next, select the desired kernel. Set `root` to the logical volume that corresponds to the `/root` directory. -+ ----- -grub> linux /vmlinuz-3.0.0-1.fc16.i686 root=/dev/mapper/fedora_localhost--live-root ----- -+ - -. Select the RAM filesystem that will be loaded. -+ ----- -grub> initrd /initramfs-3.0.0-1.fc16.i686.img ----- -+ - -* On UEFI systems. - -. Set *GRUB2* root to your EFI system partition. If your EFI system partition is `(hd0,gpt1)`, use this command. -+ ----- -set root=(hd0,gpt1) ----- -+ - -. Next, select the desired kernel. Find the path to `vmlinuz` and set `root` to the logical volume that corresponds to the `/root` directory. -+ ----- -linux (hd0,gpt2)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/mapper/fedora_localhost--live-root ----- -+ - -. Select the RAM filesystem that will be loaded. -+ ----- -initrd (hd0,gpt2)/initramfs-3.0.0-1.fc16.i686.img ----- diff --git a/modules/ROOT/pages/_partials/2delete-proc_using-mysql-mariadb.adoc b/modules/ROOT/pages/_partials/2delete-proc_using-mysql-mariadb.adoc deleted file mode 100644 index 372a42d..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_using-mysql-mariadb.adoc +++ /dev/null @@ -1,37 +0,0 @@ -= Using the RDBMS - -Connect to the MySQL/MariaDB shell using the `mysql` command. - -For both of them, the command is `mysql`. The syntax an the options are generally the same. - ----- -$ mysql -u root -p ----- - -Once gained access to the shell you can get the running version of the software: - ----- -mysql> SELECT version(); ----- - -You can create a database: - ----- -mysql> create schema test; ----- - -Create a user: - ----- -mysql> GRANT ALL PRIVILEGES ON test.* TO 'my_user'@'localhost' IDENTIFIED BY 'PaSsWoRd'; ----- - -List the available databases: - ----- -mysql> show schemas; ----- - -== Files location - -The database disk storage is located in `/var/lib/mysql`. diff --git a/modules/ROOT/pages/_partials/2delete-proc_using-old-graphics-modes.adoc b/modules/ROOT/pages/_partials/2delete-proc_using-old-graphics-modes.adoc deleted file mode 100644 index 96883a7..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_using-old-graphics-modes.adoc +++ /dev/null @@ -1,18 +0,0 @@ -[[using-old-graphics-modes]] -= Using old graphics modes in bootloader - -The terminal device is chosen with GRUB_TERMINAL. For more information, see the link:https://www.gnu.org/software/grub/manual/grub/grub.html#Simple-configuration[Grub manual]. - -Valid terminal output names depend on the platform, but may include `console` (PC BIOS and EFI consoles), `serial` (serial terminal), `gfxterm` (graphics-mode output), `ofconsole` (Open Firmware console), or `vga_text` (VGA text output, mainly useful with Coreboot). - -The default is to use the platform's native terminal output. - -In Fedora, `gfxterm` is the default options. To get the legacy graphics modes: - -.Procedure - -. Edit the `/etc/default/grub` file. - -. Set the `GRUB_TERMINAL` variable to one of the above mentioned options. - -. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in link:#adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. diff --git a/modules/ROOT/pages/_partials/2delete-proc_using-same-password-for-root-as-user.adoc b/modules/ROOT/pages/_partials/2delete-proc_using-same-password-for-root-as-user.adoc deleted file mode 100644 index 0932808..0000000 --- a/modules/ROOT/pages/_partials/2delete-proc_using-same-password-for-root-as-user.adoc +++ /dev/null @@ -1,25 +0,0 @@ -[id='proc_using-same-password-for-root-as-user'] -= Using the same password for root as the user account - -If you use a single user desktop, you might find it convenient to configure [command]`sudo`, so you can use the same password to access *root* as you use for your regular account. To do this, select to be added to the Administration group during installation. To do it at later stage, or to add a different user, use the following procedure: - -. Become the *root* user: -+ ----- -$ su - ----- -+ -. Enter the password for the root account when prompted. - -. To use your regular password for the root access, run: -+ -[subs=quotes] ----- -# usermod _USERNAME_ -a -G groupname ----- -+ -Replace `_USERNAME_` with your account name - -. Log off and back on in order to have access to the group. - -NOTE: When [command]`sudo` prompts you for a password, it expects your user password, not the `root` password. diff --git a/modules/ROOT/pages/_partials/2delete-ref_changing-selinux-modes-at-boot-time.adoc b/modules/ROOT/pages/_partials/2delete-ref_changing-selinux-modes-at-boot-time.adoc deleted file mode 100644 index 34e660b..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_changing-selinux-modes-at-boot-time.adoc +++ /dev/null @@ -1,33 +0,0 @@ -// Module included in the following assemblies: -// -// assembly_changing-selinux-states-and-modes.adoc - -[#{context}-Enabling_and_Disabling_SELinux-Dracut-parameters] -= Changing SELinux Modes at Boot Time - -On boot, you can set several kernel parameters to change the way SELinux runs: - -enforcing=0:: Setting this parameter causes the system to start in permissive mode, which is useful when troubleshooting issues. Using permissive mode might be the only option to detect a problem if your file system is too corrupted. Moreover, in permissive mode, the system continues to create the labels correctly. The AVC messages that are created in this mode can be different than in enforcing mode. -+ -In permissive mode, only the first denial from a series of the same denials is reported. However, in enforcing mode, you might get a denial related to reading a directory, and an application stops. In permissive mode, you get the same AVC message, but the application continues reading files in the directory and you get an AVC for each denial in addition. - -selinux=0:: This parameter causes the kernel to not load any part of the SELinux infrastructure. The init scripts notice that the system booted with the [option]`selinux=0` parameter and touch the `/.autorelabel` file. This causes the system to automatically relabel the next time you boot with SELinux enabled. -+ -[IMPORTANT] -==== -Using the [option]`selinux=0` parameter is not recommended. To debug your system, prefer using permissive mode. -==== - -autorelabel=1:: This parameter forces the system to relabel similarly to the following commands: -+ ----- -# touch /.autorelabel -# reboot ----- -+ -If a file system contains a large amount of mislabeled objects, start the system in permissive mode to make the autorelabel process successful. - -For additional SELinux-related kernel boot parameters, such as [option]`checkreqprot`, see the `kernel-parameters.txt` file. This file is available in the source package of your Linux kernel (.src.rpm). To download the source package containing the currently used kernel: ----- -~]# dnf download --source kernel ----- diff --git a/modules/ROOT/pages/_partials/2delete-ref_common-service-parameters.adoc b/modules/ROOT/pages/_partials/2delete-ref_common-service-parameters.adoc deleted file mode 100644 index 7b40f46..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_common-service-parameters.adoc +++ /dev/null @@ -1,118 +0,0 @@ -[#common-service-parameters] -= Common service parameters - -== Unit Parameters - -This section contains parameters you can use in the `[Unit]` section of a service. These parameters are common to other _systemd_ units. - -This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. - -Description:: - A free-form string describing the service. - -Documentation:: - A space-separated list of URIs referencing documentation for this service or its configuration. Accepted are only URIs of the following types: `http://`, `https://`, `file:`, `info:`, `man:`. - -Requires:: - Configures requirement dependencies on other services. If this service gets activated, the units listed here are activated too. If one of the dependent services fails to activate, _systemd_ does not start this service. This option may be specified more than once or you can specify multiple space-separated units. - -Wants:: - Similar to `Requires`, except failed units do not have any effect on the service. - -BindsTo:: - Similar to `Requires`, except stopping the dependent units also stops the service. - -PartOf:: - Similar to `Requires`, except the stopping and restarting dependent units also stop and restart the service. - -Conflicts:: - A space-separated list of unit names that, if running, cause the service not to run. - -Before, After:: - A space-separated list of unit names that configures the ordering of dependencies between services. - -OnFailure:: - A space-separated list of unit names that are activated when this service enters a failed state. - -== Install Parameters - -This section contains parameters you can use in the `[Install]` section of a service. These parameters are common to other _systemd_ units. - -This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. - -Alias:: - A space-separated list of additional names this service shall be installed under. The names listed here must have the same suffix (i.e. type) as the service filename. - -RequiredBy, WantedBy:: - Defines the service as dependent of another service. This usually define the target to trigger an enabled service to run. These options are analogous to the `Requires` and `Wants` in the `[Units]` section. - -Also:: - Additional units to install or uninstall when this service is installed or uninstalled. - -== Service Parameters - -This section contains parameters you can use in the `[Service]` section of a service unit. These parameters are specific only to _systemd_ service units. - -This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. - -Type:: - Configures the process start-up type for this service service: -+ -* `simple` - The service starts as the main process. This is the default. -* `forking` - The service calls forked processes and run as part of the main daemon. -* `oneshot` - Similar to `simple`, except the process must exit before _systemd_ starts follow-up services. -* `dbus` - Similar to `simple`, except the daemon acquires a name of the D-Bus bus. -* `notify` - Similar to `simple`, except the daemon sends a notification message using `sd_notify` or an equivalent call after starting up. -* `idle` - Similar to `simple`, except the execution of the service is delayed until all active jobs are dispatched. - -RemainAfterExit:: - A boolean value that specifies whether the service shall be considered active even if all its processes exited. Defaults to no. - -GuessMainPID:: - A boolean value that specifies whether _systemd_ should guess the main PID of a service if it cannot be determined reliably. This option is ignored unless `Type=forking` is set and `PIDFile` is not set. Defaults to yes. - -PIDFile:: - An absolute filename pointing to the PID file of this daemon. Use of this option is recommended for services where `Type=forking`. _Systemd_ reads the PID of the main process of the daemon after start-up of the service. _Systemd_ does not write to the file configured here, although it removes the file after the service has shut down. - -BusName:: - A D-Bus bus name to reach this service. This option is mandatory for services where `Type=dbus`. - -ExecStart:: - The commands and arguments executed when the service starts. - -ExecStartPre, ExecStartPost:: - Additional commands that are executed before or after the command in `ExecStart`. - -ExecReload:: - The commands and arguments to execute when the service reloads. - -ExecStop:: - The commands and arguments to execute when the service stops. - -ExecStopPost:: - Additional commands to execute after the service stops. - -RestartSec:: - The time in seconds to sleep before restarting a service. - -TimeoutStartSec:: - The time in seconds to wait for the service to start. - -TimeoutStopSec:: - The time in seconds to wait for the service to stop. - -TimeoutSec:: - A shorthand for configuring both `TimeoutStartSec` and `TimeoutStopSec` simultaneously. - -RuntimeMaxSec:: - A maximum time in seconds for the service to run. Pass `infinity` (the default) to configure no runtime limit. - -Restart:: - Configures whether to restart the service when the service's process exits, is killed, or reaches a timeout: -+ -* `no` - The service will not be restarted. This is the default. -* `on-success` - Restart only when the service process exits cleanly (exit code 0). -* `on-failure` - Restart only when the service process does not exit cleanly (node-zero exit code). -* `on-abnormal` - Restart if the process terminates with a signal or when a timeout occurs. -* `on-abort` - Restart if the process exits due to an uncaught signal not specified as a clean exit status. -* `always` - Always restart. diff --git a/modules/ROOT/pages/_partials/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc b/modules/ROOT/pages/_partials/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc deleted file mode 100644 index 0084833..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc +++ /dev/null @@ -1,203 +0,0 @@ -// Module included in the following assemblies: -// -// - -// Base the file name and the ID on the module title. For example: -// * file name: my-reference-a.adoc -// * ID: [id='my-reference-a'] -// * Title: = My reference A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='reference-material_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -[[sect-frequently-asked-questions]] -= Fedora on Raspberry Pi: Frequently Asked Questions -//In the title of a reference module, include nouns that are used in the body text. For example, "Keyboard shortcuts for ___" or "Command options for ___." This helps readers and search engines find the information quickly. - -Frequently asked questions regarding what is supported. - -== Why do I get a rainbow display when I try and power on my Raspberry Pi? - -Common causes of the rainbow display include: - -* Insufficient power supply. See the xref:raspberry-pi-prerequisites[Prerequisites] section at the beginning of this document. - -* There's no operating system installed. Check that an operating system was installed and the microSD card was properly inserted into the Raspberry Pi. - For instructions about Fedora ARM on Raspberry Pi: -** For Fedora users, see: <>. -** For users of other Linux distributions, see: <>. -** For Microsoft Windows users, see: <>. -** For macOS users, see: <>. - -* If you try to use Fedora on a Raspberry Pi 1, Raspberry Pi Zero, or a Raspberry Pi model A, you will receive the rainbow display. This occurs because your Raspberry Pi is not supported (ARMv6 SoCs architectures are not supported). - -== What desktop environments are supported? - -All desktops as shipped in Fedora should work and both 2D and 3D graphics work out of the box. -There is an open source fully accelerated driver for the Video Core IV GPU. - -== Will there be more enhancements to the hardware support? - -Yes. -New enhancements will be delivered by the standard Fedora updates mechanism. -New, significant features will be announced by the link:https://fedoramagazine.org/[Fedora Magazine] or the link:http://fedoraplanet.org/[Fedora Planet]. - -== What about support for the Raspberry Pi Models A/A+, B/B+ (generation 1), Zero/ZeroW and Compute Module? - -These Raspberry Pi models are not supported. - -Fedora is not supported on ARMv6 processors. -There's been a number of attempts to support these over the years. -The current best effort is Pignus based on Fedora 23. -More information can be found at link:https://pignus.computer[the Pignus site]. - -NOTE: Fedora DOES support the Compute Module 3 based on the same SoC as the Raspberry Pi 3, but *as the previous generation Compute Modules are based on ARMv6 architecture, they are [#.underline]#not supported#*. - -== What USB devices are supported on the Raspberry Pi? - -Most USB-2 compatible devices that are supported in Fedora on other devices. -There are some limitations to the USB bus of the Raspberry Pi hardware as link:https://www.raspberrypi.org/documentation/hardware/raspberrypi/usb/README.md[documented here]. - -== Is the onboard Wi-Fi supported on the Raspberry Pi 3? - -Wifi on the Raspberry Pi 3-series devices works out of the box with Fedora 29. - -*Using Wi-Fi on CLI* - -To use Wi-Fi on minimal and server images you can configure the device using command line: - -* To list available networks: -+ ----- -$ nmcli device wifi list ----- - -* To connect to a network: -+ -[subs="quotes"] ----- -nmcli device wifi connect __$SSID__ --ask ----- -+ -Where: `_$SSID_` is the network identifier (or name). - -== Is the onboard Bluetooth supported on the Raspberry Pi 3? - -Bluetooth works and is stable. The device sometimes has a generic bluetooth address but should work without any configuration. - -== Does sound work? - -HDMI audio output is included with Fedora, however, the analog port is not yet supported. -Audio output using a USB audio interface should work. - -== Does the add-on camera work? - -Not at this time. -There is still ongoing work to support this upstream and to add the appropriated media acceleration support. - -== Does accelerated media decode work? - -No. -The upstream kernel does not support the kernel subsystems required for accelerated media decoding. - -== Does HDMI-CEC work? - -Yes. -Yes. It's supported using the new upstream CEC support. There's a `/dev/cec0` character device, it can be accessed using any application that supports the IR remote using the `rc-cec` keymap in the `v4l-utils` package, there's also a `cec-ctl` utility for use on the command line. - -== Is the Raspberry Pi Touch Display supported? - -Work on the official Raspberry Pi Touch Display is ongoing upstream and initial support is provided in the 4.10 kernel, see: link:https://github.com/anholt/linux/issues/8[GitHub: raspberrypi/linux issues - 7" LCD touchscreen not supported]. -Fedora will review any missing pieces for support soon. -The touchscreen driver isn't yet released upstream. -Support for other displays is not currently planned. - -== Is the composite TV out supported? - -The composite TV out is not currently supported in a stable Fedora release but the core support is in the 4.10 kernel. -There is some missing enabling patches which will be added to the Fedora kernel soon. - -== Are the expansion HATs supported? - -The the expansion HATs are not currently supported. - -The long answer is a lot more complex. Most of the hardware interfaces that are exposed by the 40 pin HAT connector are supported with drivers shipped with Fedora. - -Drivers for the hardware contained on a lot of the common HATs are also enabled and supported in Fedora. The core means of supporting the HAT add-on boards require the use of device tree overlays. The kernel and the u-boot 2016.09 boot-loader supports the loading over overlays manually. Currently there is no upstream consensus on the means of autoloading these overlays by means of an "overlay manager" (also known as Cape Manager and by numerous other names) by reading the EEPROM ID and loading the appropriate overlay automatically. - -There's also no consensus on the extensions to the dtc (Device Tree Compiler) to build the binary blob overlays, and no consensus of the exact format of the overlay file. There is now a group of people working to resolve this issue which enable Fedora to better support HATs (Raspberry Pi), Capes (BeagleBone), DIPs (C.H.I.P) and Mezzanine (96boards) before long. - -The first focus HAT to support will be the official Raspberry Pi Sense HAT. This will be documented using the manual process to build and load the overlay to provide access to the onboard devices as a means of demonstrating how this process works for those wishing to use this manual method in the interim. The link to this documentation will be added here once that is complete. - -== The use of config.txt - -The `config.txt` is only used for basic configuration at the moment. Because of the use of the opensource vc4 GPU driver, most of the video configuration is done by Linux. - -The configuration of HATs using `config.txt` is unsupported but is being actively developed. - -== Are Device Tree Overlays supported? - -There's basic support for overlays in u-boot and the Linux kernel but an overlay manager is not supported upstream. - -== Is GPIO supported? - -GPIO is supported with the use of libgpiod and associated bindings and utilities. - -RPI.GPIO is not currently supported. - -== Is SPI supported? - -Yes, basic SPI is supported. - -== Is I2C supported? - -Yes, basic I2C is supported. - -== Is there Raspberry Pi 3 aarch64 support? - -Yes! You can download the aarch64 disk images for the Raspberry Pi 3 link:https://archive.fedoraproject.org/pub/fedora-secondary/releases/[here.] - -== How do I use a serial console? - -The serial console is disabled by default on the Raspberry Pi 2 and 3 because it requires the device to run at significantly slower speeds. - -To wire up the USB to TTL adapter follow link:https://learn.adafruit.com/adafruits-raspberry-pi-lesson-5-using-a-console-cable/connect-the-lead[this guide from Adafruit]. -You'll need a 3.3 volt USB to TTL Serial Cable like link:https://www.adafruit.com/product/954[this one from Adafruit]. - -To enable the serial console follow the specific steps for the Raspberry Pi 2 or 3 as they both differ slightly: - -*Raspberry Pi 2:* - -. Insert the microSD card into a PC -. On the VFAT partition edit the `config.txt` file and uncomment the `enable_uart` line: -+ ----- -$ enable_uart=1 ----- -+ -. On the boot partition edit the `extlinux/extlinux.conf` file adding `console=tty0 console=ttyAMA0,115200` to the end of the append line so it looks similar to: -+ ----- -$ append ro root=UUID="LARGE UUID STRING OF TEXT" console=tty0 console=ttyAMA0,115200 ----- -+ -. Safely unmount the microSD card -. Insert microSD into Raspberry Pi, connect serial console, power on - -*Raspberry Pi 3:* - -. Insert the microSD card into a PC -. On the VFAT partition edit the `config.txt` file and uncomment the `enable_uart` line: -+ ----- -$ enable_uart=1 ----- -+ -. On the boot partition edit the `extlinux/extlinux.conf` file adding: `console=tty0 console=ttyS0,115200` to the end of the append line so it looks similar to: -+ ----- -$ append ro root=UUID="LARGE UUID STRING OF TEXT" console=tty0 console=ttyS0,115200 ----- -+ -. Safely unmount the microSD card -. Insert microSD into Raspberry Pi, connect serial console, power on diff --git a/modules/ROOT/pages/_partials/2delete-ref_help-mkpart.adoc b/modules/ROOT/pages/_partials/2delete-ref_help-mkpart.adoc deleted file mode 100644 index 64d9631..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_help-mkpart.adoc +++ /dev/null @@ -1,37 +0,0 @@ -// Module included in the following assemblies: -// -// - -// Base the file name and the ID on the module title. For example: -// * file name: help-mkpart.adoc -// * ID: [id='help-mkpart'] - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='help-mkpart_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Help command for creating a new partition - -To get help on how to make a new partition, type: `help mkpart`. - ----- -(parted) help mkpart - mkpart PART-TYPE [FS-TYPE] START END make a partition - - PART-TYPE is one of: primary, logical, extended - FS-TYPE is one of: udf, btrfs, nilfs2, ext4, ext3, ext2, fat32, fat16, hfsx, hfs+, hfs, jfs, swsusp, - linux-swap(v1), linux-swap(v0), ntfs, reiserfs, hp-ufs, sun-ufs, xfs, apfs2, apfs1, asfs, amufs5, - amufs4, amufs3, amufs2, amufs1, amufs0, amufs, affs7, affs6, affs5, affs4, affs3, affs2, affs1, - affs0, linux-swap, linux-swap(new), linux-swap(old) - START and END are disk locations, such as 4GB or 10%. Negative values count from the end of the - disk. For example, -1s specifies exactly the last sector. - - 'mkpart' makes a partition without creating a new file system on the partition. FS-TYPE may be - specified to set an appropriate partition ID. ----- - -[NOTE] -==== -* Setting filesystem type (`FS-TYPE`) will not create an ext4 filesystem on /dev/vdc1. You still have to create the ext4 filesystem with `mkfs.ext4`. -* A DOS partition table's partition types are primary, logical, and extended. -* Providing a partition name under GPT is a must. In a GPT partition table, the partition type is used as the partition name. -==== diff --git a/modules/ROOT/pages/_partials/2delete-ref_jdk-tools.adoc b/modules/ROOT/pages/_partials/2delete-ref_jdk-tools.adoc deleted file mode 100644 index 4143e0d..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_jdk-tools.adoc +++ /dev/null @@ -1,58 +0,0 @@ -[i='jdk-reference'] -= JDK reference - -See the following list of Java-related acronyms for reference: - -JRE:: Java Runtime Environment; required to run Java code and applications -JVM:: Java Virtual Machine; main component of the JRE -JDK:: Java Development Kit; required only for development, coding -SDK:: Software Development Kit; see JDK -JavaWS:: link:https://en.wikipedia.org/wiki/Java_Web_Start[Java Web Start] is a framework to start application from the Internet -JavaFX:: link:https://en.wikipedia.org/wiki/JavaFX[JavaFX] is a platform to create and deliver desktop and Rich Internet Apps -OpenJFX:: is the JavaFX Open Source implementation -OpenJDK:: Open Source project behind the Java Platform link:https://openjdk.java.net/[openjdk.java.net]. -IcedTea:: is a support project for OpenJDK (concern only developers) link:http://icedtea.classpath.org/[icedtea.classpath.org] -IcedTea-Web:: is the Java Web Start package (contains only JavaWS, no applets anymore); install to run *JNPL* files -applets:: are obsolete technology; Not implemented in any recent package -JSE, J2SE, JEE, ...:: obsolete acronyms for Java Standard & Enterprise Edition; JavaSE is like JRE - - -[discrete] -[id='jdk-components'] -== JDK components - -The JDK has as its primary components a collection of programming tools, including: - -`appletviewer`:: this tool can be used to run and debug Java applets without a web browser -`apt`:: the annotation-processing tool -`extcheck`:: a utility which can detect JAR-file conflicts -`idlj`:: the IDL-to-Java compiler. This utility generates Java bindings from a given Java IDL file. -`jabswitch`:: the Java Access Bridge. Exposes assistive technologies on Microsoft Windows systems. -`java`:: the loader for Java applications. This tool is an interpreter and can interpret the class files generated by the javac compiler. Now a single launcher is used for both development and deployment. The old deployment launcher, jre, no longer comes with Sun JDK, and instead it has been replaced by this new java loader. -`javac`:: the Java compiler, which converts source code into Java bytecode -`javadoc`:: the documentation generator, which automatically generates documentation from source code comments -`jar`:: the archiver, which packages related class libraries into a single JAR file. This tool also helps manage JAR files. -`javafxpackager`:: tool to package and sign JavaFX applications -`jarsigner`:: the jar signing and verification tool -`javah`:: the C header and stub generator, used to write native methods -`javap`:: the class file disassembler -`javaws`:: the Java Web Start launcher for JNLP applications -`JConsole`:: Java Monitoring and Management Console -`jdb`:: the debugger -`jhat`:: Java Heap Analysis Tool (experimental) -`jinfo`:: This utility gets configuration information from a running Java process or crash dump. (experimental) -`jmap`:: This utility outputs the memory map for Java and can print shared object memory maps or heap memory details of a given process or core dump. (experimental) -`jmc`:: Java Mission Control -`jps`:: Java Virtual Machine Process Status Tool lists the instrumented HotSpot Java Virtual Machines (JVMs) on the target system. (experimental) -`jrunscript`:: Java command-line script shell. -`jstack`:: utility which prints Java stack traces of Java threads (experimental) -`jstat`:: Java Virtual Machine statistics monitoring tool (experimental) -`jstatd`:: jstat daemon (experimental) -`keytool`:: tool for manipulating the keystore -`pack200`:: JAR compression tool -`policytool`:: the policy creation and management tool, which can determine policy for a Java runtime, specifying which permissions are available for code from various sources -`VisualVM`:: visual tool integrating several command-line JDK tools and lightweight clarification needed] performance and memory profiling capabilities -`wsimport`:: generates portable JAX-WS artifacts for invoking a web service. -`xjc`:: Part of the Java API for XML Binding (JAXB) API. It accepts an XML schema and generates Java classes. - -The JDK also comes with a complete Java Runtime Environment, usually called a private runtime, due to the fact that it is separated from the "regular" JRE and has extra contents. It consists of a Java Virtual Machine and all of the class libraries present in the production environment, as well as additional libraries only useful to developers, such as the internationalization libraries and the IDL libraries. diff --git a/modules/ROOT/pages/_partials/2delete-ref_managing-virtual-machines.adoc b/modules/ROOT/pages/_partials/2delete-ref_managing-virtual-machines.adoc deleted file mode 100644 index ddd2e8b..0000000 --- a/modules/ROOT/pages/_partials/2delete-ref_managing-virtual-machines.adoc +++ /dev/null @@ -1,103 +0,0 @@ -[id='ref_managing-virtual-machines'] -= Managing virtual machines - -When the installation of the guest operating system is complete, it can be managed using the `virt-manager` program or via command line using `virsh`. - - -[[managing-guests-with-virt-manager]] -== Managing guests with virt-manager - -. Start the Virtual Machine Manager by navigating to menu:[Applications]System Tools, or run: -+ ----- -# virt-manager ----- -+ -If you are not root, you will be prompted to enter the root password. -. Choose the host you wish to manage and click *Connect* in the *Open Connection* dialog window. -. The list of virtual machines is displayed in the main window. Guests that are running will display a ">" icon. Guests that are not running will be greyed out. -. To manage a particular guest, double click on it, or right click and select *Open*. -. A new window for the guest will open that will allow you to use its console, see information about its virtual hardware and start, stop, and pause it. - -For further information about `virt-manager`, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-creating_guests_with_virt_manager[RedHat virt-manager guide]. - -Bugs in the `virt-manager` tool should be reported in https://bugzilla.redhat.com[Bugzilla] against the `virt-manager` -component. - - -[[managing-guests-with-virsh]] -== Managing guests with virsh - -The `virsh` command-line utility allows you to manage virtual machines on the command line. The `virsh` utility is built around the libvirt management API: - -* `virsh` has a stable set of commands whose syntax and semantics are preserved across updates to the underlying virtualization platform. -* `virsh` can be used as an unprivileged user for read-only operations (e.g. listing domains, listing domain statistics). -* `virsh` can manage domains running under Xen, QEMU/KVM, ESX, or other back-ends with no perceptible difference to the user. - -To start a virtual machine: - ----- -# virsh create ----- - -To list the virtual machines currently running: - ----- -# virsh list ----- - -To list all virtual machines, running or not: - ----- -# virsh list --all ----- - -To gracefully power off a guest: - ----- -# virsh shutdown ----- - -To non gracefully power off a guest: - ----- -# virsh destroy ----- - -To save a snapshot of the machine to a file: - ----- -# virsh save ----- - -To restore a previously saved snapshot: - ----- -# virsh restore ----- - -To export the configuration file of a virtual machine: - ----- -# virsh dumpxml - -// Base the file name and the ID on the module title. For example: -// * file name: doing-procedure-a.adoc -// * ID: [id='doing-procedure-a'] -// * Title: = Doing procedure A - -// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -[id='booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}'] -// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. -= Booting Fedora on a Raspberry Pi for the first time - -include::{partialsdir}/attributes.adoc[] -// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. - -Follow these steps to boot Fedora ARM on your Raspberry Pi. If your MicroSD card does not have enough room, you need to resize the main partition after the initial setup. See <>. - -._Prerequisites_ - -* Raspberry Pi Model B, version 2 or 3. -* A power supply (link:https://www.raspberrypi.org/help/faqs/#power[details here]). -** Minimum 2 Amps for Raspberry Pi Model B, version 2. -** Minimum 2.5 Amps for the Raspberry Pi Model B, version 3. -* HDMI-compatible Monitor or TV. -* A USB keyboard and USB mouse. - - -._Procedure_ - -. Insert the SD card into the Raspberry Pi. -. Connect a keyboard, mouse, network cable, and monitor. -. Plug the Raspberry Pi into the power source. The "Initial setup wizard" should appear after Fedora loads. -. Follow the wizard to set your language, timezone and to create users. - -The system displays a login prompt or getting started guide (depending on your Desktop/SPIN). - -[id='resizing-the-main-partition-of-the-microsd-card-after-setup_{context}'] -._Resizing the main partition of the microSD card after setup (if required)_ - -Follow these steps to resize the partitions for Fedora ARM on Raspberry Pi: - -. Enlarge the 4th partition (this example uses mmcblk0). -+ ----- -$ growpart /dev/mmcblk0p4 ----- -+ -. Resize root partition for the server image (which uses xfs). -+ ----- -$ xfs_growfs -d / ----- - -._Additional Resources_ - -* For information on configuring Fedora, including installing programs and updates, see: xref:f{MAJOROSVER}@fedora:system-administrators-guide:index.adoc[Fedora Docs: System Administrator’s Guide] -* For assistance or support, see: -** link:https://ask.fedoraproject.org/[Ask Fedora] -** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] -** irc://irc.freenode.net/#fedora-arm[IRC via the #fedora-arm channel on Freenode] diff --git a/modules/ROOT/pages/_partials/proc_cha2delete-ng-to-permissive-mode.adoc b/modules/ROOT/pages/_partials/proc_cha2delete-ng-to-permissive-mode.adoc deleted file mode 100644 index 38fef92..0000000 --- a/modules/ROOT/pages/_partials/proc_cha2delete-ng-to-permissive-mode.adoc +++ /dev/null @@ -1,43 +0,0 @@ -// Module included in the following assemblies: -// -// assembly_changing-selinux-states-and-modes.adoc - -[#{context}-changing-to-permissive-mode] -= Changing to permissive mode - -Use the following procedure to permanently change SELinux mode to permissive. When SELinux is running in permissive mode, SELinux policy is not enforced. The system remains operational and SELinux does not deny any operations but only logs AVC messages, which can be then used for troubleshooting, debugging, and SELinux policy improvements. Each AVC is logged only once in this case. - -.Prerequisites - -* The `selinux-policy-targeted`, `libselinux-utils`, and `policycoreutils` packages are installed on your system. -* The `selinux=0` or `enforcing=0` kernel parameters are not used. - -.Procedure - -. Open the `/etc/selinux/config` file in a text editor of your choice, for example: - ----- -# vi /etc/selinux/config ----- - -. Configure the `SELINUX=permissive` option: -[subs="quotes"] ----- -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=*permissive* -# SELINUXTYPE= can take one of these two values: -# targeted - Targeted processes are protected, -# mls - Multi Level Security protection. -SELINUXTYPE=targeted ----- - -. Restart the system: -+ -[subs="quotes"] ----- -# *reboot* ----- diff --git a/modules/ROOT/pages/_partials/ref_Configuring-networking-with-nmcli.adoc b/modules/ROOT/pages/_partials/ref_Configuring-networking-with-nmcli.adoc deleted file mode 100644 index 01f6c10..0000000 --- a/modules/ROOT/pages/_partials/ref_Configuring-networking-with-nmcli.adoc +++ /dev/null @@ -1,214 +0,0 @@ -[id='Configuring-networking-with-nmcli'] -= Configuring networking with nmcli - quick reference - -[[networkmanager-status]] -== NetworkManager status - -Display overall status of NetworkManager: ----- -$ nmcli general status ----- - -Display active connections: ----- -$ nmcli connection show --active ----- - -Display all configured connections: ----- -$ nmcli connection show configured ----- - -[[connectdisconnect-to-an-already-configured-connection]] -== Connect/disconnect to an already configured connection - -Connect to a configured connection by name: ----- -$ nmcli connection up id ----- - -Disconnection by name: ----- -$ nmcli connection down id ----- - -[[wi-fi]] -== Wi-Fi - -Get Wi-Fi status: ----- -$ nmcli radio wifi ----- - -Turn Wi-Fi on or off: ----- -$ nmcli radio wifi _on|off_ ----- - -List available access points (AP) to connect to: ----- -$ nmcli device wifi list ----- - -Refresh the previous list: ----- -$ nmcli device wifi rescan ----- - -Create a new connection to an open AP: ----- -$ nmcli device wifi connect ----- - -Create a new connection to a password protected AP: ----- -$ nmcli device wifi connect password ----- - - -== Network interfaces - -List available devices and their status: ----- -$ nmcli device status ----- - -Disconnect an interface: ----- -$ nmcli device disconnect iface ----- - -[[create-or-modify-a-connection]] -== Create or modify a connection - -To create a new connection using an interactive editor ----- -$ nmcli connection edit con-name ----- - -To edit an already existing connection using an interactive editor: ----- -$ nmcli connection edit ----- - -[[exampletutorial]] -=== Example/Tutorial - -Create a new connection: ----- -$ nmcli connection edit con-name _name of new connection_ ----- - -It asks us to define a connection type: ----- -Valid connection types: 802-3-ethernet (ethernet), 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave -Enter connection type: ----- - -In this example, we use ethernet: ----- -Enter connection type: ethernet ----- - -The following message appears, note that `nmcli>` is a prompt and that it lists the main settings available: ----- -===| nmcli interactive connection editor |=== - -Adding a new '802-3-ethernet' connection - -Type 'help' or '?' for available commands. -Type 'describe [.]' for detailed property description. - -You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6 -nmcli> ----- - -Edit the setting `ipv4`: ----- -nmcli> goto ipv4 ----- - -Note that after this our prompt has changed to indicate that we are currently editing the `ipv4` setting: ----- -nmcli ipv4> ----- - -List available properties under the `ipv4` setting and describe the `method` property: ----- -nmcli ipv4> describe - -Available properties: method, dns, dns-search, addresses, routes, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-send-hostname, dhcp-hostname, never-default, may-fail -Property name? - -Property name? method ----- - -Set property `method` to `auto`: ----- -nmcli ipv4> set method auto ----- - -The `ipv4` setting is now finished. Go back to the main level. Enter the following command until the prompt looks like `nmcli>`: ----- -nmcli ipv4> back ----- - -To list the main settings again, use the `goto` command without any arguments. After that, press `Enter` and ignore the error. ----- -nmcli> goto - -Available settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6 -Setting name? ----- - -It is possible to set a value for a property directly from the main level: ----- -nmcli> set __setting__.__property__ _value_ ----- - -For example: ----- -nmcli> set connection.autoconnect TRUE - -nmcli> set connection.interface-name _interface name this connection is bound to_ - -nmcli> set ethernet.cloned-mac-address _Spoofed MAC address_ ----- - -Finally, check the connection details, save and exit: ----- -nmcli> print - -nmcli> save - -nmcli> quit ----- - -[[manually-editing]] -=== Manually editing - -To manually edit an `ifcfg` connection configuration, open or create with a text editor the configuration file of the connection located in `/etc/sysconfig/network-scripts/ifcfg-`. - -A description of most common configuration options is available in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-networkscripts-interfaces[RHEL6 Deployment Guide]. - -To modify a connection password, open with a text editor and edit the file `keys-` located in `/etc/sysconfig/network-scripts/`. The password is stored in plain text. For example: ----- -$ cat /etc/sysconfig/network-scripts/keys-__connection name__ -WPA_PSK='password' ----- - -Or, if using keyfile, simply edit the connection file located inside `/etc/NetworkManager/system-connections/` - -Finally, save the files and to apply changes to an already active connection execute. ----- -nmcli connection up id _connection name_ ----- - -[[delete-a-connection-configuration]] -== Delete a connection configuration - -Delete the connection: ----- -nmcli connection delete id ----- -Please note that this also deactivates the connection. diff --git a/modules/ROOT/pages/_partials/ref_the-most-useful-dnf-commands.adoc b/modules/ROOT/pages/_partials/ref_the-most-useful-dnf-commands.adoc deleted file mode 100644 index 0591439..0000000 --- a/modules/ROOT/pages/_partials/ref_the-most-useful-dnf-commands.adoc +++ /dev/null @@ -1,218 +0,0 @@ -[id='the-most-useful-dnf-commands'] -= The most useful DNF commands - -This sections lists the most useful commands provided by the *dnf* utility. For a complete list of commands, options, and their syntax, see the *dnf*(8) man page. - -*dnf help _command_*:: Displays detailed information about a command. -+ -[literal,subs="+quotes,attributes"] ----- -$ *dnf help _upgrade_* -upgrade [PACKAGE...] - -upgrade a package or packages on your system -alias: update ----- - -*dnf upgrade*:: Upgrades all packages on the system to the latest version available. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf upgrade* -Last metadata expiration check: 1:09:32 ago on Thu Dec 14 09:20:48 2017. -Dependencies resolved. -Nothing to do. -Complete! ----- - -*dnf upgrade _package_name_*:: Upgrades a package to the latest version available. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf upgrade _dia_* -Last metadata expiration check: 1:11:26 ago on Thu Dec 14 09:20:48 2017. -Dependencies resolved. -Nothing to do. -Complete! ----- - -*dnf install _package_name_*:: Installs a package. - -[literal,subs="+quotes,attributes"] ----- -# *dnf install _dia_* -Last metadata expiration check: 1:07:19 ago on Thu Dec 14 09:20:48 2017. -Dependencies resolved. -============================================================================= - Package Arch Version Repository Size -============================================================================= -Installing: - dia x86_64 1:0.97.3-5.fc24 fedora 4.2 M - libart_lgpl x86_64 2.3.21-15.fc25 fedora 71 k - -Transaction Summary -============================================================================= -Install 2 Packages - -Total download size: 4.2 M -Installed size: 18 M -Is this ok [y/N]: *y* -[... output truncated ...] -Installed: - dia.x86_64 1:0.97.3-5.fc24 libart_lgpl.x86_64 2.3.21-15.fc25 - -Complete! ----- - -*dnf remove _package_name_*:: Uninstalls a package. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf remove _dia_* -Dependencies resolved. -============================================================================= - Package Arch Version Repository Size -============================================================================= -Removing: - dia x86_64 1:0.97.3-5.fc24 @fedora 18 M - libart_lgpl x86_64 2.3.21-15.fc25 @fedora 126 k - -Transaction Summary -============================================================================= -Remove 2 Packages - -Installed size: 18 M -Is this ok [y/N]: *y* -[... output truncated ...] -Removed: - dia.x86_64 1:0.97.3-5.fc24 libart_lgpl.x86_64 2.3.21-15.fc25 - -Complete! ----- - -*dnf check-update*:: Checks if any updates are available for all packages in the enabled repositories. -+ -[literal,subs="+quotes,attributes"] ----- -389-ds-base.x86_64 1.3.7.5-11.el7 @updates -389-ds-base-libs.x86_64 1.3.7.5-11.el7 @updates -NetworkManager.x86_64 1:1.10.2-3.el7 @updates -NetworkManager-config-server.noarch 1:1.10.2-3.el7 @updates -[... output truncated ...] ----- - -*dnf search _keyword_*:: Search package metadata in the enabled repositories for the specified keyword. By default, the commands searches only in package names and summaries. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf search _freeipa_* -Last metadata expiration check: 1:12:31 ago on Thu Dec 14 09:20:48 2017. -======================================================================== -freeipa-client.x86_64 : IPA authentication for use on clients -freeipa-common.noarch : Common files used by IPA -freeipa-server.x86_64 : The IPA authentication server -freeipa-server-dns.noarch : IPA integrated DNS server with support for automatic DNSSEC signing -freeipa-client-common.noarch : Common files used by IPA client -freeipa-python-compat.noarch : Compatiblity package for Python libraries used by IPA -freeipa-server-common.noarch : Common files used by IPA server -freeipa-server-trust-ad.x86_64 : Virtual package to install packages required for Active Directory trusts -libsss_idmap.x86_64 : FreeIPA Idmap library -[... output truncated ...] ----- - -*dnf info _package_name_*:: Shows details for a package. -+ -[literal,subs="+quotes,attributes"] ----- -[root@localhost ~]# *dnf info _freeipa-server_* -Last metadata expiration check: 1:13:14 ago on Thu Dec 14 09:20:48 2017. -Available Packages -Name : freeipa-server -Arch : x86_64 -Epoch : 0 -Version : 4.4.4 -Release : 1.fc25 -Size : 380 k -Repo : updates -Summary : The IPA authentication server -URL : https://www.freeipa.org/ -License : GPLv3+ -Description : IPA is an integrated solution to provide centrally managed Identity (users, - : hosts, services), Authentication (SSO, 2FA), and Authorization - : (host access control, SELinux user roles, services). The solution provides - : features for further integration with Linux based clients (SUDO, automount) - : and integration with Active Directory based infrastructures (Trusts). - : If you are installing an IPA server, you need to install this package. ----- - - -*dnf provides _command_or_file_*:: Shows which package provides the specified command or file. -+ -To specify a command: -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf provides */_ipa-server-install_* -Last metadata expiration check: 1:14:12 ago on Thu Dec 14 09:20:48 2017. -freeipa-server-4.4.1-1.fc25.x86_64 : The IPA authentication server -Repo : fedora - -freeipa-server-4.4.4-1.fc25.x86_64 : The IPA authentication server -Repo : updates ----- -+ -To specify a file: -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf provides _/etc/sssd/sssd.conf_* -Last metadata expiration check: 1:14:58 ago on Thu Dec 14 09:20:48 2017. -sssd-common-1.16.0-4.fc25.x86_64 : Common files for the SSSD -Repo : @System - -sssd-common-1.16.0-4.fc25.x86_64 : Common files for the SSSD -Repo : updates - -sssd-common-1.14.2-1.fc25.i686 : Common files for the SSSD -Repo : fedora - -sssd-common-1.14.2-1.fc25.x86_64 : Common files for the SSSD -Repo : fedora ----- - -*dnf history*:: Displays a report of the past transactions. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf history* -ID | Command line | Date and time | Action(s) | Altered - ------------------------------------------------------------------------------- - 9 | update -y | 2017-10-17 12:35 | I, U | 17 EE - 8 | install midori | 2017-10-13 10:44 | Install | 3 > - 7 | update -y | 2017-10-12 15:59 | Update | 7 - 6 | install keepass | 2017-10-11 13:40 | Install | 13 < - 5 | install thunderbird | 2017-10-10 16:33 | Install | 1 > - 4 | install sssd krb5-workst | 2017-10-10 15:30 | Install | 3 > - 3 | install xchat | 2017-10-10 15:19 | Install | 4 - 2 | update | 2017-10-10 13:44 | I, O, U | 752 EE - 1 | | 2017-10-10 13:34 | Install | 1373 EE ----- - -*dnf list installed*:: Lists all packages installed on the system. -+ -[literal,subs="+quotes,attributes"] ----- -# *dnf list installed* -Last metadata expiration check: 1:17:33 ago on Thu Dec 14 09:20:48 2017. -Installed Packages -GConf2.x86_64 3.2.6-16.fc24 @anaconda -GeoIP.x86_64 1.6.11-1.fc25 @updates -GeoIP-GeoLite-data.noarch 2017.10-1.fc25 @updates -ImageMagick.x86_64 6.9.9.19-1.fc25 @updates -ImageMagick-libs.x86_64 6.9.9.19-1.fc25 @updates -LibRaw.x86_64 0.17.2-2.fc25 @updates -ModemManager.x86_64 1.6.4-1.fc25 @updates -ModemManager-glib.x86_64 1.6.4-1.fc25 @updates -NetworkManager.x86_64 1:1.4.6-1.fc25 @updates -[... output truncated ...] ----- diff --git a/modules/ROOT/pages/_partials/unreviewed-message.adoc b/modules/ROOT/pages/_partials/unreviewed-message.adoc deleted file mode 100644 index 0ec276a..0000000 --- a/modules/ROOT/pages/_partials/unreviewed-message.adoc +++ /dev/null @@ -1,17 +0,0 @@ -//// - -This message needs to be included on any document that has been converted from the Wiki but not reviewed for technical accuracy. -Add the following line verbatim to the top of any such document - below the top level heading: - -include::{partialsdir}/unreviewed-message.adoc[] - -Please do not change this message without consultation. Thanks! - -//// - -[CAUTION] -==== -This page has been converted from the Fedora Project Wiki and cleaned up for publishing here on the Fedora Docs Portal, but it has not yet been reviewed for technical accuracy. -This means any information on this page may be outdated or inaccurate. -Reviews for technical accuracy are greatly appreciated. If you want to help, see the link:https://pagure.io/fedora-docs/quick-docs/blob/master/f/README.md[README] file in the source repository for instructions. -==== diff --git a/modules/ROOT/partials/3rdparty-message.adoc b/modules/ROOT/partials/3rdparty-message.adoc new file mode 100644 index 0000000..6f3f502 --- /dev/null +++ b/modules/ROOT/partials/3rdparty-message.adoc @@ -0,0 +1,17 @@ +//// + +This message needs to be included on any document referencing third party software +repositories. Add the following line verbatim to the top of any such document: + +include::{partialsdir}/3rdparty-message.adoc[] + +Please do not change this message without consultation. Thanks! + +//// + +[CAUTION] +==== +This page discusses third-party software sources not officially affiliated with or endorsed by the Fedora Project. +Use them at your own discretion. +Fedora recommends the use of free and open source software and avoidance of software encumbered by patents. +==== diff --git a/modules/ROOT/partials/attributes.adoc b/modules/ROOT/partials/attributes.adoc new file mode 100644 index 0000000..699c77b --- /dev/null +++ b/modules/ROOT/partials/attributes.adoc @@ -0,0 +1,5 @@ +:PREVPREVVER: 36 +:PREVVER: 37 +:MAJOROSVER: 38 +:NEXTVER: 39 +:NEXTNEXTVER: 40 diff --git a/modules/ROOT/partials/unreviewed-message.adoc b/modules/ROOT/partials/unreviewed-message.adoc new file mode 100644 index 0000000..0ec276a --- /dev/null +++ b/modules/ROOT/partials/unreviewed-message.adoc @@ -0,0 +1,17 @@ +//// + +This message needs to be included on any document that has been converted from the Wiki but not reviewed for technical accuracy. +Add the following line verbatim to the top of any such document - below the top level heading: + +include::{partialsdir}/unreviewed-message.adoc[] + +Please do not change this message without consultation. Thanks! + +//// + +[CAUTION] +==== +This page has been converted from the Fedora Project Wiki and cleaned up for publishing here on the Fedora Docs Portal, but it has not yet been reviewed for technical accuracy. +This means any information on this page may be outdated or inaccurate. +Reviews for technical accuracy are greatly appreciated. If you want to help, see the link:https://pagure.io/fedora-docs/quick-docs/blob/master/f/README.md[README] file in the source repository for instructions. +==== diff --git a/modules/ROOT/partialsdelete/2delete-con_Getting-started-with-nmcli.adoc b/modules/ROOT/partialsdelete/2delete-con_Getting-started-with-nmcli.adoc new file mode 100644 index 0000000..c5ce689 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_Getting-started-with-nmcli.adoc @@ -0,0 +1,120 @@ +// Module included in the following assemblies: +// +// assembly_Configuring-networking-with-nmcli.adoc + +[id='Getting-started-with-nmcli'] += Getting started with nmcli + +The [application]*nmcli* (NetworkManager Command Line Interface) command-line utility is used for controlling NetworkManager and reporting network status. It can be utilized as a replacement for [application]*nm-applet* or other graphical clients. [application]*nmcli* is used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status. + +The [application]*nmcli* utility can be used by both users and scripts for controlling [application]*NetworkManager*: + +* For servers, headless machines, and terminals, [application]*nmcli* can be used to control [application]*NetworkManager* directly, without GUI, including creating, editing, starting and stopping network connections and viewing network status. + +* For scripts, [application]*nmcli* supports a terse output format which is better suited for script processing. It is a way to integrate network configuration instead of managing network connections manually. + +The basic format of a [application]*nmcli* command is as follows: + +[literal,subs="+quotes,verbatim"] +.... +nmcli [OPTIONS] OBJECT { COMMAND | help } +.... + +where OBJECT can be one of the following options: `general`, `networking`, `radio`, `connection`, `device`, `agent`, and `monitor`. You can use any prefix of these options in your commands. For example, [command]`nmcli con help`, [command]`nmcli c help`, [command]`nmcli connection help` generate the same output. + +Some of useful optional OPTIONS to get started are: + +-t, terse:: ++ +This mode can be used for computer script processing as you can see a terse output displaying only the values. ++ +[[ex-Viewing_a_terse_output_for_scripts]] +.Viewing a terse output +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli -t device` +ens3:ethernet:connected:Profile 1 +lo:loopback:unmanaged: + +.... + +==== + +-f, field:: ++ +This option specifies what fields can be displayed in output. For example, NAME,UUID,TYPE,AUTOCONNECT,ACTIVE,DEVICE,STATE. You can use one or more fields. If you want to use more, do not use space after comma to separate the fields. ++ +[[ex-Specifying_Fields_in_the_output]] +.Specifying Fields in the output +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli -f DEVICE,TYPE device` +DEVICE TYPE +ens3 ethernet +lo loopback +.... + +or even better for scripting: + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli -t -f DEVICE,TYPE device` +ens3:ethernet +lo:loopback + +.... + +==== + +-p, pretty:: ++ +This option causes [application]*nmcli* to produce human-readable output. For example, values are aligned and headers are printed. ++ +[[ex-Viewing_an_output_in_pretty_Mode]] +.Viewing an output in pretty mode +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli -p device` +===================== + Status of devices +===================== +DEVICE TYPE STATE CONNECTION +-------------------------------------------------------------- +ens3 ethernet connected Profile 1 +lo loopback unmanaged -- + +.... + +==== + +-h, help:: ++ +Prints help information. + +The [application]*nmcli* tool has some built-in context-sensitive help. To list the available options and object names: +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ [command]`nmcli help` +.... + +To list available actions related to a specified object: +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ [command]`nmcli _object_ help` +.... + +For example, +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ [command]`nmcli c help` +.... + +[discrete] +== Additional resources +* link:++https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/getting_started_with_networkmanager++[Getting Started With NetworkManager] diff --git a/modules/ROOT/partialsdelete/2delete-con_Understanding-the-nmcli-options.adoc b/modules/ROOT/partialsdelete/2delete-con_Understanding-the-nmcli-options.adoc new file mode 100644 index 0000000..0fbd953 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_Understanding-the-nmcli-options.adoc @@ -0,0 +1,65 @@ +// Module included in the following assemblies: +// +// assembly_Configuring-networking-with-nmcli.adoc + +[id='Understanding-the-nmcli-options'] += The nmcli options + +Following are some of the important [application]*nmcli* property options: + + +[option]`connection.type`:: ++ +A connection type. Allowed values are: adsl, bond, bond-slave, bridge, bridge-slave, bluetooth, cdma, ethernet, gsm, infiniband, olpc-mesh, team, team-slave, vlan, wifi, wimax. Each connection type has type-specific command options. For example: ++ +** A `gsm` connection requires the access point name specified in an [option]`apn`. ++ +[literal,subs="+quotes,verbatim,macros"] +.... +nmcli c add connection.type gsm apn pass:quotes[_access_point_name_] +.... ++ +** A `wifi` device requires the service set identifier specified in a [option]`ssid`. ++ +[literal,subs="+quotes,verbatim,macros"] +.... +nmcli c add connection.type wifi ssid +_My identifier_ +.... + +You can see the `TYPE_SPECIFIC_OPTIONS` list in the [citetitle]_pass:attributes[{blank}]*nmcli*(1)_ man page. + +[option]`connection.interface-name`:: ++ +A device name relevant for the connection. ++ +[literal,subs="+quotes,verbatim,macros"] +.... +nmcli con add connection.interface-name _eth0_ type _ethernet_ +.... + +[option]`connection.id`:: ++ +A name used for the connection profile. If you do not specify a connection name, one will be generated as follows: ++ +[literal,subs="+quotes,verbatim,macros"] +.... +_connection.type -connection.interface-name_ +.... ++ +The [option]`connection.id` is the name of a _connection profile_ and should not be confused with the interface name which denotes a device (`wlan0`, `ens3`, `em1`). However, users can name the connections after interfaces, but they are not the same thing. There can be multiple connection profiles available for a device. This is particularly useful for mobile devices or when switching a network cable back and forth between different devices. Rather than edit the configuration, create different profiles and apply them to the interface as needed. The [option]`id` option also refers to the connection profile name. + +The most important options for [application]*nmcli* commands such as `show`, `up`, `down` are: + +[option]`id`:: ++ +An identification string assigned by the user to a connection profile. Id can be used in nmcli connection commands to identify a connection. The NAME field in the command output always denotes the connection id. It refers to the same connection profile name that the con-name does. + +[option]`uuid`:: ++ +A unique identification string assigned by the system to a connection profile. The `uuid` can be used in [command]`nmcli connection` commands to identify a connection. + +[discrete] +== Additional resources + +* See the comprehensive list in the [citetitle]_pass:attributes[{blank}]*nmcli*(1)_ man page. diff --git a/modules/ROOT/partialsdelete/2delete-con_benefits-of-selinux.adoc b/modules/ROOT/partialsdelete/2delete-con_benefits-of-selinux.adoc new file mode 100644 index 0000000..4f32531 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_benefits-of-selinux.adoc @@ -0,0 +1,29 @@ +// Module included in the following assemblies: +// +// getting-started-with-selinux.adoc +:experimental: + +[#{context}-benefits-of-selinux] += Benefits of running SELinux + +SELinux provides the following benefits: + +* All processes and files are labeled. SELinux policy rules define how processes interact with files, as well as how processes interact with each other. Access is only allowed if an SELinux policy rule exists that specifically allows it. + +* Fine-grained access control. Stepping beyond traditional UNIX permissions that are controlled at user discretion and based on Linux user and group IDs, SELinux access decisions are based on all available information, such as an SELinux user, role, type, and, optionally, a security level. + +* SELinux policy is administratively-defined and enforced system-wide. + +* Improved mitigation for privilege escalation attacks. Processes run in domains, and are therefore separated from each other. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker only has access to the normal functions of that process, and to files the process has been configured to have access to. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories, unless a specific SELinux policy rule was added or configured to allow such access. + +* SELinux can be used to enforce data confidentiality and integrity, as well as protecting processes from untrusted inputs. + +However, SELinux is not: + +* antivirus software, + +* replacement for passwords, firewalls, and other security systems, + +* all-in-one security solution. + +SELinux is designed to enhance existing security solutions, not replace them. Even when running SELinux, it is important to continue to follow good security practices, such as keeping software up-to-date, using hard-to-guess passwords, or firewalls. diff --git a/modules/ROOT/partialsdelete/2delete-con_controlling_ports_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-con_controlling_ports_firewalld.adoc new file mode 100644 index 0000000..9d9c009 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_controlling_ports_firewalld.adoc @@ -0,0 +1,13 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + + +[id='controlling-ports-firewalld-fedora'] + += Controlling ports using firewalld + +== What are ports? +Ports are logical devices that enable an operating system to receive and distinguish network traffic and forward it accordingly to system services. These are usually represented by a daemon that listens on the port, that is it waits for any traffic coming to this port. + +Normally, system services listen on standard ports that are reserved for them. The httpd daemon, for example, listens on port 80. However, system administrators may configure daemons to listen on different ports to enhance security. diff --git a/modules/ROOT/partialsdelete/2delete-con_cups-known-issues.adoc b/modules/ROOT/partialsdelete/2delete-con_cups-known-issues.adoc new file mode 100644 index 0000000..9cbbfa5 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_cups-known-issues.adoc @@ -0,0 +1,231 @@ +[id='con_cups-known-issues'] += Known issues + +Here are several known issues, which arise with certain circumstances, and there isn't general solution or upstream didn't want to add the solution to its project: + +== cups-browsed + +=== Cannot print due 'No destination hostname provided by cups-browsed, is it running?' + + +cups-browsed sometimes loses connection to print server (usually with old ones, like cups-1.4.2) when laptop changes network connection (change of WiFi network or after hibernate/suspend). You can make printing working again with cancelling your jobs and restarting cups-browsed by + +---- +$ cancel -a +$ sudo systemctl restart cups-browsed +---- + +=== cups-browsed consumes large amount of CPU + +Creating local printer queues takes long time for some printers with larger PPD file, so timeout of http connection will time out and it creates infinite loop of creating local printer queues. To solve this issue, please add + +---- +HttpLocalTimeout N +HttpRemoteTimeout N +---- + +into [filename]`/etc/cups/cups-browsed.conf`, where `N` is number of seconds after which connection is timed out. Then restart cups-browsed service. This option is currently in Fedora 27 and above. + +=== [SINCE FEDORA 27] cups-browsed creates different printer queue names than before + +This issue is connected to remote cups queues, which are advertised by older CUPS version (usually below cups-1.5, e.g. RHEL 6). Cups-browsed creates local print queues named by printer's DNS-SD ID by default and naming by remote cups queue is enabled again by adding: + +---- +LocalQueueNamingRemoteCUPS RemoteName +---- + +into [filename]`/etc/cups/cups-browsed.conf` and restart cups-browsed service. + +== cups-filters + +=== Printing takes a long time or doesn't print at all + +When your printer needs a lot of time to do printing (from your POV) or doesn't print at all (some Xerox printers have such problems with gs renderer, so they are working again only with pdftops renderer), you can try to change the default postscript renderer. The default renderer in Fedora for most printers is gs filter from Ghostscript, but we have pdftops filter from Poppler for Brother, Minolta and Konica Minolta printers - this setup is called hybrid. + +Other available renderer setups are gs (from Ghostscript), pdftops and pdftocairo (from Poppler), mupdf (from mupdf) and acroread (from adobe reader, not in Fedora official repositories), then you can set different default renderer for your print queue like this: + +---- +# lpadmin -p -o pdftops-renderer-default=gs/pdftops/pdftocairo/mudpf/acroread/hybrid +---- + +*BEWARE:* Most 'slow' printing issues are caused by PDF creating applications, which generates bad PDF file - and that bad generated PDF file is mostly the core of problem. To sum it up, slow printing issue can rise again with different PDF file, then it is on user's decision: if he wants to print fast and probably sometimes change the default renderer, or slow printing is not such critical issue. + +== CUPS + +=== [Fixed in F33 and later] Firefox, Evince (PDF viewer), GVim, Gedit, Gnome Control Center show a 'dummy'/duplicate print queue, which doesn't work + +This bug is connected to every application which uses GTK print dialog. GTK dialog decided to take information about available from two sources - mDNS messages from Avahi and CUPS - this dummy/duplicate print queue is a print queue GTK created in its dialog based on Avahi messages, but it doesn't exist in CUPS, because no one created it, and later GTK behaves like it exists in CUPS. So every time an user wants to print, GTK sends a request to CUPS for this queue, but it gets dropped by CUPS because the queue doesn't exist. + +The feature which GTK is trying to do here is called CUPS temporary queues - GTK developers is currently working on a immediate fix in this https://bugzilla.redhat.com/show_bug.cgi?id=1784449[bugzilla]. The future plan is to use https://github.com/OpenPrinting/cpdb-backend-cups[cpdb-backend-cups] backend in GTK, but right now we are focusing on the intermediate fix. + +=== CUPS doesn't take nicely some kinds of FQDN + +CUPS sometimes has problems with some kinds of FQDN - that means when you use FQDN in [option]`BrowsePoll` directive in [filename]`/etc/cups/cups-browsed.conf`, CUPS doesn't recognize it as valid hostname - it is solved by adding: + +---- +ServerAlias your.own.fully.qualified.hostname.com +---- + +into [filename]`/etc/cups/client.conf` and restarting cups service. + +=== There are less options available if the device is used as driverless than with a classic driver + +The similar situation can happen with *sane-airscan* supported scanners. Some devices declare less options via protocols - f.e. IPP 2.0+, WSD, eSCL - which support driverless solutions than via classic drivers. Usually it is an issue with device's firmware, which can be verify by checking the output of the following command: + +---- +$ ipptool -tv get-printer-attributes.test +---- + +The commands does the same IPP request which is done when a temporary queue appears in the print dialog or when you install the queue permanently. The printer options are set from the IPP response for this request, so if the option is missing in the response, CUPS cannot generate such a printer option. The solution is to try to update the device firmware, report the issue to the device manufacturer and at https://bugzilla.redhat.com[bugzilla] with logs. + +=== [F33+] Printing via IPPS doesn't work + +Fedora 33 came up with a raised bar regarding crypto-policies, so SSL and older TLS protocols are disabled on system level. The change breaks printing via IPPS to devices which don't support newer protocols. You can set back legacy crypto support in crypto-policies via: + +---- +$ sudo update-crypto-policies --set DEFAULT:FEDORA32 +---- + +The policy change transitionally has an impact on devices found by cups-browsed, because the daemon prefers IPPS uris if they are reported as available by printer/server. + +== HPLIP + +First I would like to mention that we are not responsible for support HPLIP, which is downloaded and installed from HP website. Please install hplip rpms from official Fedora repositories at most cases. + +=== Hp-plugin: file does not match its checksum. File may have been corrupted or altered + +This common error is mostly caused by external causes (server outage, network outage), when wget tries to download plugin, but it returns only error message. It is connected with message: + +---- +Plugin download failed with error code = N +---- + +where `N` is return value of [command]`wget` ([command]`man wget`), which is used for downloading proprietary plugin. Solutions for this issue may vary - you can wait until servers go up again or try to install plugin, which you download manually from http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/ (select "Select and install an existing local copy of the plug-in file" during [command]`hp-setup` or [command]`hp-plugin`). + +=== Unable to load cupsext + +This error can occur when hplip is installed from HP website, or its dependencies are mixed python2 and python3 packages or installed by pip. This is solved by removing all hplip packages (hplip, hplip-gui, hplip-libs, hplip-common, libsane-hpiao) and installing them again all from repositories. + +=== Missing hplip-gui + +GUI tools and GUI parts of HP commands are moved to hplip-gui subpackage, because the main package can work without GUI, so the main package is smaller. The outcome of this decision is HP commands need to be run with `-i` option for interactive mode, or hplip-gui subpackage needs to be installed. + +Tools, which need to be run with `-i` option for CLI or need to have hplip-gui installed for GUI: + +---- +hp-align +hp-clean +hp-colorcal +hp-diagnose_queues +hp-fab +hp-firmware +hp-info +hp-plugin +hp-sendfax +hp-setup +hp-testpage +hp-unload +---- + +Tools, which are in hplip-gui: + +---- +hp-check +hp-print +hp-systray +hp-toolbox +hp-devicesettings +hp-faxsetup +hp-linefeedcal +hp-makecopies +hp-printsettings +hp-wificonfig +---- + +=== HP printer isn't discovered, doesn't print or doesn't print well + +Some HP printers don't work well with URIs provided by CUPS (dnssd, usb, ipp) or they need proprietary plugin from HP, which cannot be in Fedora because of licensing issues. For such printers please try to run: + +---- +hp-setup -i -g +---- + +for interactive mode, or: + +---- +hp-setup -g +---- + +for graphic mode. This command installs HP printers and HP scanners. If you have issue about HP printer/HP scanner, which isn't discovered, doesn't print or doesn't print well, please try to install it by [command]`hp-setup`, if it helps. If it doesn't help, please file a bugzilla, attach output of hp-setup and mention that you tried [command]`hp-setup`. + +=== Device which needs plugin does not work after HPLIP update + +Devices which need plugin can stop to work after update to newer HPLIP version - it is due the check for plugin version in the code. The check is necessary to prevent inconsitencies when new features in open sourced HPLIP need new proprietary libraries from plugin. To make your printer work again, just download and install plugin again with: + +---- +$ hp-plugin -i +---- + +=== Devices which require a binary plugin stopped to work on Fedora Silverblue/CoreOS + +Devices which require a HP close source binary plugin need to have plugin installed every time you start/restart your PC by default. HP closed source script installs the plugins into a readonly directories, so the plugins are removed once you start/restart Fedora. The workaround is to try if your device supports driverless printing and scanning, try hplip-plugin package from RPMFusion or keep installing the plugin everytime you want to print. + +== golang-github-openprinting-ipp-usb + +=== USB printer/scanner doesn't work due a conflict on USB port + +*ipp-usb* daemon keeps the USB port of IPP-over-USB device opened for any possible IPP communication in the future, which blocks the port for other drivers (f.e. HPLIP, gutenprint, sane-backends...). + +For printers the solution is to _uninstall the queue with the driver_ by: + +---- +$ lpadmin -x +---- + +and start using the one from *ipp-usb* (as a xref:cups-terminology.adoc#_temporary_print_queues[CUPS temporary queue] or install a permanent one - the default device uri is `ipp://localhost:60000/ipp/print`). + +In case of scanners *sane-airscan* automatically picks up the virtual device from *ipp-usb* if the device is capable of using WSD or eSCL protocols. However, if the scanner had been supported by classic scanner driver such as hplip or sane-backends and is now claimed by *ipp-usb* because it supports *IPP-over-USB* driverless standard, the old scanner is still shown, but it won't work for scanning due USB conflict. It happens because classic backends just list any device which they can find on USB interfaces and matches the description the backend supports, but backends don't check whether they actually can communicate with the device until they try to open the USB port for scanning process itself. This becomes a problem for scanning applications, which automatically choose the previous scanner as a default choice for scanning (such as _Simple Scan_) - users have to pick a driverless scanner from the list of available scanners before they scan. + +The scanner device discovered by classic SANE backends can be disabled from showing it among available scanners by commenting out its entry in backend's configuration file located in [filename]`/etc/sane.d` or the whole backend name in [filename]`/etc/sane.d/dll.conf`/[filename]`/etc/sane.d/dll.d`, f.e. Canon MF440 Series is reported by `pixma` and `airscan` backends, but only `airscan` works because it is a backend based on network protocol and USB interface is claimed by `ipp-usb`, so we will disable the `pixma` backend by commenting its line in [filename]`/etc/sane.d/dll.conf`: + +---- +$ cat /etc/sane.d/dll.conf +... +pint +#pixma +plustek +... +---- + +If *ipp-usb* created device doesn't match your use case (the options you use are missing, the device doesn't work even if it is IPP-over-USB supported), please report the issue together with logs from [filename]`/var/log/ipp-usb/` directory at https://bugzilla.redhat.com[bugzilla]. *ipp-usb* itself supports quirks, which allows you to set the daemon to ignore your device and you can switch back to a classic driver. The steps are following: + +- get the device model name f.e. Canon MF440 Series: + +---- +$ sudo ipp-usb check +Configuration files: OK +IPP over USB devices: + Num Device Vndr:Prod Model + 1. Bus 001 Device 005 04a9:2823 "Canon MF440 Series" +---- + +- create a quirk file in [filename]`/etc/ipp-usb/quirks` directory in the format below: + +---- +$ cat /etc/ipp-usb/quirks/canon.conf +[Canon MF440 Series] + blacklist = true +---- + +- restart the `ipp-usb` service: + +---- +$ sudo systemctl restart ipp-usb +---- + + +== sane-airscan + +=== There are less options available if the device is discovered by sane-airscan than with a classic driver + +The similar situation can happen with `everywhere` or `driverless` printer models. Some devices declare less options via protocols - f.e. IPP 2.0+, WSD, eSCL - which support driverless solutions than via classic drivers. Usually it is an issue with device's firmware, which can be verify in sane-airscan debug logs and network traffic. The solution is to try to update the device firmware, report the issue to the device manufacturer and at https://bugzilla.redhat.com[bugzilla] with logs. diff --git a/modules/ROOT/partialsdelete/2delete-con_cups-terminology-for-printing-and-scanning.adoc b/modules/ROOT/partialsdelete/2delete-con_cups-terminology-for-printing-and-scanning.adoc new file mode 100644 index 0000000..823e581 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_cups-terminology-for-printing-and-scanning.adoc @@ -0,0 +1,91 @@ +[id='con_cups-terminology-for-printing-and-scanning'] += Terminology for printing and scanning + +== Printing + +=== Print queue + +Abstraction unit in CUPS for a printer - it has a device uri, which represents connection to the device, and can exist with classic driver (PPD file from different package) or without (driverless printing). The entries you see in print dialogs and settings are those _print queues_. They can be _permanent or temporary_. + +=== Permanent print queues + +The queues with classic driver or driverless print queue which need to be shared further down the network. + +=== Temporary print queues + +The queue which don't need to be installed at all - they show up during print dialog and they disappear once the printing is done successfully. They rely on _driverless printing_. + +=== Remote CUPS queue + +The queue on the different machine, where other cupsd process is running, than on the local machine. They are usually found in enterprise solutions, where printers aren't in the same network as users or if admin wants a centralized monitoring above all printers. In such solutions, users set up _cups-browsed_ to install remote CUPS queue as local queues via _BrowsePoll_ directive, or install a specific queue via GNOME. There can be a solution how to redirect mDNS messages which CUPS server advertises to the networks with users, but I haven't been to setup this correctly yet. + +=== Classic drivers + +Those are the binaries and PPD files, which need to be installed for the device to work. This is older way of supporting devices, which will go away in the future. + +=== Driverless printing (wireless/ethernet) + +Most of modern devices (2010+) complies to AirPrint, Mopria or IPP Everywhere standard, which means they don't need a classic driver for being able to print. Those devices have IPP (Internet Printing Protocol) 2.0+ implemented within, are capable to 'advertise' themselves via mDNS and they support document formats like PDF, PCLm, JPEG, Apple Raster or PWG Raster. + +There are several prerequitises which need to fulfill in OS to have an access to the driverless feature: + +* avahi-daemon must run +* there needs to be a '.local' address resolver active - systemd-resolved or nss-mdns +* the device itself must have IPP port (631) and Bonjour/MDNS enabled +* IPP and MDNS need to be enabled in firewall + +How does the driverless printing work under the roof (put it simply): + +* CUPS sees the printer in mDNS messages via Avahi +* CUPS will find out the printer capabilities via IPP +* if there is a print job, CUPS will set up the filter chain to convert the incoming file into document format which printer understands (Apple Raster, PDF, PWG Raster, PCLm, JPEG) + +In case it is needed, PPD file is generated by PPD generator in CUPS or by _driverless_ binary. + +One of the features which use driverless printing is _CUPS temporary queues_. + +See xref:cups-useful-tricks.adoc#_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing[manual] how to check if your printer is capable of driverless printing. + +=== Printing using a driver + +This printing is similar to driverless printing in matter of setting up a filter chain, but: + +* it can use limited mDNS and IPP functionality or it doesn't use them at all +* all information about device capabilities is taken from PPD (Postscript Printer Description) file +* can use a specialized filters and specialized communication with the device (depends on driver) + +The downsides of this approach is to rely on 3rd party drivers, you need to always install a permanent queue for it and it will go away in the future. + +=== Raw queue + +No filters are started by CUPS if you print to such a queue, the data are sent as they are to the target, no options are applied by CUPS - all regardless of incoming document format. It is required the application you use for printing sends a printer-ready data (in the correct format, with all chosen options applied) or the destination is set to the desired settings (f.e. printer/print server is set to do two-sided-long-edge duplex with grayscale settings, so every document printed will have this settings and user won't be able to change it in an application). + +This approach is usually set for printing to older label printers via a specific application, or, in the past, for printing to remote CUPS queue. Because CUPS has no way how to provide common user experience (finding out printer properties, converting various document formats into a document format the printer accepts, setting printing options) for such queues, their usage is deprecated and it will be removed in the future (in CUPS 3.X). + +=== Raw printing + +Raw printing happens if CUPS receives a file in document format which printer accepts directly and CUPS recognizes the format based on rules from its MIME database. CUPS daemon doesn't start any filters for such a job (it might encapsulate options into IPP packet, if the connection with the printer is over IPP) with exception for PDFs, where the _pdftopdf_ filter is started to apply generic settings like scaling, rotation etc. Raw printing itself happens on print queues with classic driver and driverless print queues. This functionality stays with CUPS 3.X. + +The difference between raw printing and raw queue is the raw printing is a situation which happens if CUPS daemon gets a file in format which printer accepts, so the daemon does not spawn additional filters for such job (with PDF being an exception), and spawns filters for document formats, which are not acceptable by the printer directly, whereas the raw queue is a queue, which CUPS daemon does not spawn any filters in any circumstances, and behaves like a Unix pipeline. + +=== Printer applications + +The binaries which provide support for older devices which aren't capable of complying to driverless standards. The core idea is they will be capable of accepting the old driver and then advertise itself as a device capable of driverless printing. Then the new CUPS will be able to see them and user will be able to print via them as if they were temporary queues. The currently available printer applications in Fedora are _ippeveprinter_ (a part of CUPS - see cups-printerapp package) and _lprint_ (provides support for devices which requires raw printing - mostly label printers). Other printer applications like https://github.com/OpenPrinting/ps-printer-app[ps-printer-app], https://github.com/OpenPrinting/ghostscript-printer-app[ghostscript-printer-app], https://github.com/OpenPrinting/hplip-printer-app[hplip-printer-app] and https://github.com/OpenPrinting/gutenprint-printer-app[gutenprint-printer-app] are currently available as SNAPs until cups-filters 2.0 is released and packaged. Printer applications are, except for _ippeveprinter_, written using _PAPPL_ library, so such printer application provides CLI interface and Web Interface for users to interact with. + +=== Driverless printing (USB) + +Driverless printing has its variant for devices which are connected via USB - it is covered by 'IPP over USB' standard. For make it work, you need 'ipp-usb' package, which will register the device with Avahi on localhost - then USB device will look as a wireless/ethernet device. The discovery/printing looks the same as with a wireless/ethernet device with driverless support. + +See xref:cups-useful-tricks.adoc#_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing[manual] how to check for IPP-over-USB. + +== Scanning + +=== Classic scanning (via hplip and sane-backends) + +The classic scanning works via backends, which are binaries for communication with device. There are several backends, usually created by reverse engineering communication between scanner and MS Windows driver. None of classic backends implements a protocol, which is compatible with most devices available. + +=== Driverless scanning + +The driverless scanning uses sane-escl (not built in Fedora) and sane-airscan backends for communicating with newer devices. Those newer devices usually support eSCL (based on AirScan protocol by Apple) or WSD (Web Services for Devices by Microsoft), which _sane-airscan_ is able to use. + +Regarding USB scanning, it has the same requirement as printing. The device must support IPP over USB driverless standard and _ipp-usb_ package must be installed to get driverless scanning via USB - the package is required because it creates a driverless interface over USB interface which _sane-airscan_ uses for driverless communication with device. diff --git a/modules/ROOT/partialsdelete/2delete-con_cups-useful-tricks.adoc b/modules/ROOT/partialsdelete/2delete-con_cups-useful-tricks.adoc new file mode 100644 index 0000000..12b3be6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_cups-useful-tricks.adoc @@ -0,0 +1,399 @@ +[id='con_cups-useful-tricks'] += Useful tricks + +== How to install a print queue + +The fact whether you have to install a printer or not depends on several things: + +* what is the device you want to install - a printer from remote CUPS server (called remote print queue) or a printer, +* where is the device you want to install - connected by USB to your PC, in your local network, in a different network or installed on a remote server, +* how old is the device you want to install: +** standalone printers - most SOHO (Small Office, Home Office) and office printers made after 2010 have at least one way of supporting driverless printing, older devices depend on drivers - classic or printer applications, +** remote print queues on a server - any OS with CUPS 2.2.8 and newer or OS where IPP Everywhere support was backported (f.e. RHEL 8) are capable of supporting IPP Everywhere, otherwise a combination of driver and raw queue is needed in client-server communication, +* what is the purpose of the device where you install the printer - endpoint device, which is used by user as a desktop, or a server, which shares the installed printers further, +* what are your personal preferences - using or not using IPP protocol, using or not using mDNS for autoinstallation if possible from network layout. + +So there are several user stories based on those dependencies, which are described further down. + +=== Common user stories + +==== I have a printer made after 2015, I'm at home and want to print from my PC + +* the most common setup on desktop +* the printer is new enough to support driverless standards via USB and network, so driverless support doesn't depend on your connection +* the PC is an endpoint device, I don't want to share the printer +* I don't mind using mDNS and IPP, mDNS is enabled in my firewall, IPP and mDNS (or similar settings) are enabled on the printer, and mDNS resolution works (checked by pinging .local hostname) + +CUPS temporary queues for xref:_how_to_setup_cups_temporary_queues_with_usb_printer[USB] or xref:_how_to_setup_cups_temporary_queues_with_network_printer[network] are ideal for this use case. + +==== I have an older printer, I'm at home and want to print from my PC + +* the printer doesn't have a driverless support - check via xref:_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing?[ipptool] for network printers (if the printer has IPP support and you enable the port) and via xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[lsusb] for USB printers, +* my PC is an endpoint device + +Currently there are two options - install the printer in xref:_how_to_install_a_printer_via_printer_application_in_snap_and_making_it_available_for_cups[printer application] and CUPS will automatically see it, or install it with classic driver xref:_how_to_install_a_permanent_print_queue[permanently]. Installation with classic driver is deprecated and will be removed in CUPS 3.0. + +==== I'm in a company which has a print server where office printers are installed, I want to print to the print server - no mDNS, but with driverless + +* the print server supports IPP Everywhere and is in a different network or doesn't register on mDNS, or I don't want to use mDNS +* remote print queue has the URI ipp://:631/printers/, where is the hostname of print server and is a name of a print queue I want to connect to +* xref:_how_to_find_out_whether_my_printer_is_capable_of_driverless_printing?[ipptool] command passes if the URI is used + +Such printers has to be installed xref:_how_to_install_a_permanent_print_queue[permanently] with IPP Everywhere driver. + +==== I'm in a company which has a printer server where office printers are installed, I want to print to the print server - with working mDNS in local network + +Such remote printers are discovered automatically via mDNS and used as xref:_how_to_setup_cups_temporary_queues_with_network_printer[CUPS temporary queues] on network - they are seen on mDNS and automatically picked up by dialogs. + +==== I want to print, but I don't want to or can't use mDNS, regardless whether my printer supports driverless printing + +Every printer which can't be discovered by mDNS has to be installed xref:_how_to_install_a_permanent_print_queue[permanently] in CUPS or, in CUPS 3.0, by printer profile. + +. Driverless printers: +* all of them supported by *IPP Everywhere* model under Manufacturer entry in CUPS Web UI and as *everywhere* in CLI +* types based on origin: +** Network: +*** URI: ipp://:631/ipp/print , where is hostname or IP address of the printer +** IPP-over-USB printers via ipp-usb: +*** URI: ipp://localhost:60000/ipp/print +** Printers installed via printer application: +*** URI: ipp://localhost:8000/ipp/print/ , where is the printer name chosen in printer application + +. Remote print queues on a print server: +* URI: ipp://:631/printers/ , where is server's IP address or hostname and is a name of the print queue installed on the server +* it depends on CUPS on the server whether a local printer which points to a printer on the server can be installed as IPP Everywhere model - usually CUPS 2.2.8 and newer support driverless and some distributions such as CentOS 8 backported the functionality as well +* otherwise it depends on printer's driver on the old server - the key is to prevent applying the options multiple times (so one of the connections has to be raw and loses some of the functionality) + +. Legacy or specialized printers +* (deprecated, to be removed in CUPS 3.0) can be discovered by CUPS and installed with classic drivers +* can be installed in printer application and then installed in CUPS as a permanent queue (see driverless printers - printers installed via printer application above) + +==== Driverless options don't do the trick for me on my driverless printer, I want to use features from the driver + +The current recommended action is to install the printer via xref:_how_to_install_a_printer_via_printer_application_in_snap_and_making_it_available_for_cups[printer application], which contains the classic driver, because installation the printer permanently in CUPS with classic driver is deprecated and it will be removed in CUPS 3.0. Then mDNS can be used to catch it by CUPS or the printer from printer application has to be installed permanently in CUPS as a IPP Everywhere printer. + +In case of IPP-over-USB printers, a reject rule has to be added as described in xref:cups-known-issues.adoc#_usb_printerscanner_doesnt_work_due_a_conflict_on_usb_port[known issues]. + +==== I install the printer on a server, which will share the printer further + +Printers on the server have to be installed xref:_how_to_install_a_permanent_print_queue[permanently] to be shared. IPP Everywhere model (directly to the printer or via printer application) is the ideal, but a classic driver with standardized PPD options on a server capable of using driverless is fine as well - clients can use IPP Everywhere model when pointing to the server and options are translated properly. Otherwise there is a possibility that some options aren't applied or applied twice. Don't forget about enabling IPP in firewall, setting ACLs to the server via [filename]`/etc/cups/cupsd.conf` and attaching the daemon to port 631 instead of localhost. + +==== I'm in a company with old print server incapable of driverless, I want to print + +The important thing is to prevent applying options multiple times in this scenario. There are several ways how to do it: + +* ask your IT support for the driver (print queue on the server has to be raw) +* use *ServerName* directive in [filename]`/etc/cups/client.conf` or *CUPS_SERVER* environment variable to connect to the server directly - you won't be able to do admin tasks, but capable of printing. + +=== How to find out whether my printer is capable of driverless printing? + +Network printers have the prerequisites - enablement of IPP port on the printer is the minimum, mDNS is required for automatic printer discovery by `libcups`. + +* [command]`ipptool` command which sends IPP Get-Printer-Attributes request to the network printer passes: + +---- +$ ipptool -tv ipp://printer.example.com:631/ipp/print get-printer-attributes.test +"/usr/share/cups/ipptool/get-printer-attributes.test": + Get-Printer-Attributes: + attributes-charset (charset) = utf-8 + attributes-natural-language (naturalLanguage) = en + printer-uri (uri) = ipp://printer.example.com:631/ipp/print + requested-attributes (1setOf keyword) = all,media-col-database + Get printer attributes using get-printer-attributes [PASS] +... +---- + +, where `printer.example.com` is the hostname or IP of your network printer, + +* look for AirPrint among device specification, +* https://www.pwg.org/printers/[Officially certified printers for IPP Everywhere], +* check xref:_how_to_setup_cups_temporary_queues_with_network_printer[manual] for enabling CUPS temporary queues - if your printer is seen in the end in CUPS commands that way, your printer is capable of driverless printing, +* [USB devices only] check for IPP over USB (xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[manual] here). + +=== How to find out if my USB device supports IPP over USB + +Check whether your USB device has a following text in [command]`lsusb -v` output: + +---- +... + bInterfaceClass 7 Printer + bInterfaceSubClass 1 Printer + bInterfaceProtocol 4 + iInterface 0 +... +---- + +If the device has the _bInterfaceClass 7_, _bInterfaceSubClass 1_ and _bInterfaceProtocol 4_ in the sequence, it supports IPP over USB which is critical for USB device driverless printing and scanning. + +=== How to setup CUPS temporary queues + +To setup the temporary queues correctly, there are several prerequisities: + +* printer/remote print queue has a driverless support and has it enabled, +* your PC has avahi-daemon service or avahi-daemon socket running, +* your PC has cups socket or service running, +* mDNS hostnames are resolvable - test by pinging a .local hostname + +==== How to setup CUPS temporary queues with network printer + +* additional requirement: +** enable MDNS in your firewall settings + +After this the temporary queue will appear in the print dialog and you don't need to install a specific print queue unless you have a reason for it. + +You can check if your printer is seen in mDNS messages by (*avahi-tools* must be installed): + +---- +$ avahi-browse -avrt +... += enp0s25 IPv4 HP LaserJet M1536dnf MFP (42307C) _ipp._tcp local + hostname = [NPI42307C.local] + address = [192.168.1.10] + port = [631] + txt = ["UUID=434e4239-4243-4a42-5859-3c4a9242307c" "Scan=T" "Duplex=T" "Color=F" "note=" "adminurl=http://NPI42307C.local." "priority=10" "product=(HP LaserJet M1536dnf MFP)" "ty=HP LaserJet M1536dnf MFP" "URF=CP99,W8,OB10,PQ3-4-5,DM1,IS1-4,MT1-2-3-5,MT1-2-3-5,RS600" "rp=ipp/printer" "pdl=application/postscript,application/vnd.hp-PCL,application/vnd.hp-PCLXL,application/pdf,image/urf" "qtotal=1" "txtvers=1"] +... +---- + +and if CUPS or its backends see the printer by commands: + +(lists all existing print queues - permanent or temporary) + +---- +$ lpstat -e +HP_LaserJet_M1536dnf_MFP_42307C_ +---- + +or + +(lists all devices, which CUPS sees in the local network or USB) + +---- +$ lpinfo -l -v +... +Device: uri = ipp://HP%20LaserJet%20M1536dnf%20MFP%20(42307C)._ipp._tcp.local/ + class = network + info = HP LaserJet M1536dnf MFP (driverless) + make-and-model = HP LaserJet M1536dnf MFP + device-id = MFG:HP;MDL:LaserJet M1536dnf MFP;CMD:PDF,PS,PCL,AppleRaster,URF; + location = +... +---- + +==== How to setup CUPS temporary queues with USB printer + +* additional requirements: +** install *ipp-usb*, which will transform IPP over USB devices to network printer on localhost: + +---- +$ sudo dnf -y install ipp-usb +---- + +Then you can follow the steps in xref:_how_to_setup_cups_temporary_queues_with_network_printer[manual] for network printers. + +=== How to install a permanent print queue + +Prerequisties for permanent driverless printers: enable IPP in your firewall, enable IPP on your printer if possible. + +==== Installation via CUPS web UI ==== + +* start cups.service + +---- +$ sudo systemctl start cups +---- + +* go to *http://localhost:631* in your browser +* go to *Administration* tab +* click on *Add printer* +* enter your credentials +* choose the found device or the connection you prefer - for driverless permanent queue choose *Internet Printing Protocol (ipp)* +* in case you didn't choose a found device, enter the device uri at the next page - for driverless printers they usually are: + +---- +Network printers: +ipp://:631/ipp/print + +USB printers via ipp-usb: +ipp://localhost:60000/ipp/print + +Non-driverless printers via printer application: +ipp://localhost:8000/ipp/print/ + +Printers pointing to a remote CUPS server: +ipp://:631/printers/ +---- + +* choose device manufacturer and model (*IPP Everywhere* for driverless printers) +* set a different default options if needed and finish + +*Notes:* + +Adding a permanent queue for driverless USB printers or non-driverless printers installed in a printer application is usually unnecessary, because they are shared by mDNS on localhost, so any application using CUPS 2.0+ API functions (cupsGetDests(), cupsGetNamedDest(), cupsCopyDestInfo()) should be able to pick them automatically (for network printer it depends whether the device is in the same subnet as your machine). Installling them permanently should be necessary only if an application doesn't use the recent API or to work around a bug which happens when using them as temporary queues. + +If there are more devices via *ipp-usb* or printer applications, they listen on different ports - devices via ipp-usb start on port 60000, separate printer applications start on port 8000. + + +==== Installation via CLI commands ==== + +* you will need a device uri - ``, which you can find by `lpinfo -v`: + +---- +$ lpinfo -v +direct usb://HP/Officejet%20Pro%208500%20A909a?serial=NNNNNNNNN&interface=1 + ==================================================================== +network dnssd://Officejet%20Pro%208500%20A909a%20%5B43FD8E%5D._pdl-datastream._tcp.local/ + ================================================================================= +---- + +or construct it manually - f.e. for IPP printers: + +---- +ipp://:631/ipp/print +---- + +and a driver name - ``, f.e.: + +---- +$ lpinfo -m +.... +everywhere IPP Everywhere +========== +... +---- + +---- +$ lpadmin -p -v -m -E +---- + +where `` and `` are underscored strings from previous commands and `` is a print queue name, which is chosen by you. + +== How to install a printer via printer application in SNAP and making it available for CUPS + +Currently printer applications are available in SNAPs on Fedora. I'm planning to release them as RPMs, but the code base will be the same, so its testing can happen even with SNAPs. + +* install snapd, + +First we have to install snapd for testing purposes: + +---- +$ sudo dnf -y install snapd +$ sudo ln -s /var/lib/snapd/snap /snap +$ snap version +---- + +If the installation had been successful, the last command will show snapd's version. + +* install and run printer application, + +First the SNAP with printer application has to be installed and started by the commands below. All printer applications are available in SNAP Store under the same names as they are at https://github.com/orgs/OpenPrinting/repositories[OpenPrinting repositories]. We will use [filename]`ps-printer-app` printer application in the next steps. + +---- +$ sudo snapd install --edge ps-printer-app +$ sudo snapd run ps-printer-app +---- + +* go to http://localhost:8000, + +After starting the printer application its web interface becomes available at http://localhost:8000 - if user installs and runs another printer application, it will become available at localhost on the next port (8001). The printer application can contain several printers (as [filename]`cupsd` does). + +* click on `Add Printer` on the main page, +* choose the printer's name, +* select the found device or choose `Network printer` from `Device` scroll menu and provide hostname or IP of the device, +* choose to auto-detect driver or select the driver by yourself, +* click on `Add Printer`, +* now the printer should be available at least on localhost via mDNS (if [filename]`avahi-daemon` is running and `nss-mdns` is installed)- check it by [filename]`avahi-browse`(`avahi-tools` has to be installed): + +---- +$ avahi-browse -avrt +... += lo IPv4 HP Laserjet M1536 _ipp._tcp local + hostname = [fedora-2.local] + address = [127.0.0.1] + port = [8000] + txt = ["Scan=F" "PaperMax=legal-A4" "Fax=F" "product=(HP LaserJet M1536dnf MFP Postscript (recommended))" "mopria-certified=1.3" "priority=0" "qtotal=1" "txtvers=1" "Duplex=T" "Color=F" "TLS=1.2" "URF=V1.5,W8,PQ3-4-5,DM1,FN3,IS0-20,MT1-5-6-3,OB10,RS300-600" "UUID=24837a30-5f87-3ac9-6d85-086d486092dd" "pdl=image/pwg-raster,image/urf,application/vnd.printer-specific,application/pdf,application/postscript,image/jpeg,image/png" "note=" "adminurl=http://fedora-2.local:8000/HP_Laserjet_M1536/" "ty=HP LaserJet M1536dnf MFP Postscript (recommended)" "rp=ipp/print/HP_Laserjet_M1536"] +... +---- + +* and by `lpstat -e`: + +---- +$ lpstat -e +... +HP_Laserjet_M1536 +... +---- + +The available printing options for the printer installed via printer application can be checked with [filename]`lpoptions` command: + +---- +$ lpoptions -p HP_Laserjet_M1536 -l +PageSize/Media Size: 184.15x260mm 195.09x269.88mm A4 A5 B5 DoublePostcardRotated Env10 EnvC5 EnvDL EnvMonarch Executive FanFoldGermanLegal ISOB5 Legal *Letter Postcard roc16k Custom.WIDTHxHEIGHT +InputSlot/Media Source: *Auto Tray1 Auto +MediaType/Media Type: *Unspecified Stationery Light6074 MidWeight96110 Heavy111130 ExtraHeavy131175 MonochromeLaserTransparency Labels StationeryLetterhead Envelope StationeryPreprinted Prepunched Colored Bond StationeryRecycled Rough Vellum +cupsPrintQuality/cupsPrintQuality: Draft *Normal High +ColorModel/Output Mode: *Gray +Duplex/Duplex: *None DuplexNoTumble DuplexTumble +OutputBin/OutputBin: *FaceDown +---- + +== How to install a scanner + +Scanners in Linux don't have to be installed the same way as printers are if they are in the same network or connected via USB - you just need *sane-backends* to be installed and any scanning application will communicate with scanner/multifunction device via the backend which supports the scanner. + +However, the older HP scanners and multifunction devices require an additional package - *hplip* - and its binary plugins downloaded via [command]`hp-plugin -i` if they aren't supported by sane-backends already. + +=== How to find out my multifunction device or standalone scanner is capable of driverless scanning? + +* check the device specification and look for eSCL/AirScan/WSD - if any of these are mentioned, the device is capable of driverless scanning +* most devices which advertise they can do AirPrint are capable of AirScan too +* [USB devices only] check for IPP over USB (xref:_how_to_find_out_if_my_usb_device_supports_ipp_over_usb[manual] here). + +=== How to make driverless scanning work + +For LAN located and USB devices: + +* have *avahi-daemon* enabled and running + +---- +$ sudo systemctl enable avahi-daemon +$ sudo systemctl start avahi-daemon +---- + +* enable MDNS in firewall +* [USB devices only] install *ipp-usb* + +For network scanners in a different network: + +* set the scanner device uri in [filename]`/etc/sane.d/airscan.conf` - see: + +---- +man sane-airscan +---- + +== How to setup mDNS with systemd-resolved + +systemd-resolved is enabled and running by default since F33 and can be setup to work with Avahi on mDNS support which CUPS needs - Avahi does the advertising, registering and sharing devices, and resolved will handle '.local' address resolution. It will work with following steps: + +* put [option]`MulticastDNS=resolve` into [filename]`/etc/systemd/resolved.conf` + +---- +$ sudo systemctl restart systemd-resolved +$ sudo nmcli connection modify connection.mdns yes connection.llmnr yes +$ sudo systemctl restart NetworkManager +---- + +== How to compress files + +Example: + +---- +$ tar -czvf cups-information.tar.gz /etc/cups cups.logs troubleshoot.txt lpinfo.log +---- + +== Restarting cups service + +You restart cups service with: + +---- +su -c 'systemctl restart cups.service' +---- diff --git a/modules/ROOT/partialsdelete/2delete-con_cups-user-stories.adoc b/modules/ROOT/partialsdelete/2delete-con_cups-user-stories.adoc new file mode 100644 index 0000000..67c8049 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_cups-user-stories.adoc @@ -0,0 +1,114 @@ +[id='proc_cups-user-stories'] += User stories + +There are several common user stories when it comes to debugging printing issues. I'll mention some of them with steps how to get necessary information. + +== I have HP printer and have a problem with HPLIP script + +Please follow the steps in the following sections: + +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_journal_logging[start to capture journal logs] +* xref:how-to-debug-printing-problems.adoc#_hplip_scripts_debug_logging[run the script with enabled debugging] +* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_journal_logging[get the journal logs] +* attach the files to the bugzilla ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] +* provide printer model name and printer PPD file from `/etc/cups/ppd/` + +== I have HP printer, installed it with HPLIP and have a problem with it + +HPLIP installed print queue has a device uri starting with hp://. + +Please follow the steps in the following sections: + +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_journal_logging[start to capture journal logs] +* trigger your issue +* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_journal_logging[get the journal logs] +* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB +* attach the files to the bugzilla ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] +* provide printer model name and printer PPD file from `/etc/cups/ppd/` + +== My printer doesn't print correctly or at all, but I can see the printer in print dialog + +Please follow the steps in the following sections: + +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture logs] +* trigger your issue - print the specific document to the specific print queue you have problem with +* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[get the logs] +* attach the created files to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] +* attach your printer PPD file from `/etc/cups/ppd/` if available +* attach the file you wanted to print +* tell what application you printed from +* mention your xref:how-to-debug-printing-problems.adoc#_which_driver_am_i_using[printer model] +* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB + +== CUPS generic issue + +For generic issues - printer wasn't found, segfault - please follow the steps in the following sections (`avahi-daemon` must run): + +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture logs] +* trigger the issue - e.g. try to find printers via [command]`sudo lpinfo -l -v`, do some action in web ui - depends on your problem +* xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[get the logs] +* attach created files to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] +* put the output of xref:how-to-debug-printing-problems.adoc#_what_make_and_model_is_my_printer[lpinfo] into a file and attach it +* put the output of xref:how-to-debug-printing-problems.adoc#_which_print_queues_are_available_for_me[both lpstat commands] into a file and attach it +* attach files with output of [command]`lsusb -v` and from `/var/log/ipp-usb` if the device is connected by USB + +== My printer doesn't print correctly - I use 'everywhere' model + +Please follow the steps in the following sections: + +* xref:how-to-debug-printing-problems.adoc#_cups_everywhere_model[get data from get-printer-attributes request] +* xref:how-to-debug-printing-problems.adoc#_my_printer_doesnt_print_correctly_or_at_all_but_i_can_see_the_printer_in_print_dialog[follow the steps with CUPS job log user story] + +== I have a generic problem with cups-browsed + +Please follow the steps in the following sections: + +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[enable cups-browsed logging], but don't restart cups-browsed yet. +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture cupsd logs] +* start cups-browsed via `systemctl` and start to capture its logs: + +---- +$ journalctl -u cups-browsed -f > cups_browsed_log +---- + +* trigger the issue or wait until cups-browsed triggers the issue itself +* cancel cups-browsed and xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[cupsd log] captures +* attach created files [filename]`cups_whole_log` and [filename]`cups_browsed_log` to the ticket and xref:how-to-debug-printing-problems.adoc#_turning_off_debug_logging[turn off debug logging] + +== Printer found by cups-browsed doesn't print or print badly + +The most difficult user story - we need to know how the print queue was created and how it behaves during printing. The print queue found by cups-browsed has a device uri starting with `implicitclass://`. + +Please follow the steps: + +* xref:how-to-debug-printing-problems.adoc#_cups_filters_driverless_driver[get printer info from get-printer-attributes and PPD file] +* xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[enable CUPS debug logging] +* xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[enable cups-browsed logging], but don't restart cups-browsed yet. +* xref:how-to-debug-printing-problems.adoc#_how_to_start_to_capture_incident_bound_cupsd_logging[start to capture cupsd logs] +* start cups-browsed via `systemctl` and start to capture its logs: + +---- +$ journalctl -u cups-browsed -f > cups_browsed_queue_creation +---- + +* give cups-browsed some time to process found devices (depends on how many devices you have in the local network or how many print queues are stored in the location you set with [option]`BrowsePoll` directive) +* cancel cups-browsed and xref:how-to-debug-printing-problems.adoc#_how_to_get_incident_bound_cupsd_logging[cupsd log] captures - save the files as `cups_queue_creation` and `cups_browsed_queue_creation` + +Now we need to capture the logs during printing: + +* xref:how-to-debug-printing-problems.adoc#_prepare_cups_for_job_logging[prepare CUPS for job logging] +* xref:cups-useful-tricks.adoc#_restarting_cups_service[restart CUPS service] +* start to capture cups_browsed logs again: + +---- +$ journalctl -u cups-browsed -f > cups_browsed_printing +---- + +* trigger your issue - print the specific document to the specific print queue you have problem with +* xref:how-to-debug-printing-problems.adoc#_get_a_job_log_for_a_specific_job_id[get the job log for the job you have just triggered] and cancel the capture of cups-browsed logging +* attach all gathered log files diff --git a/modules/ROOT/partialsdelete/2delete-con_disk-partition-linux.adoc b/modules/ROOT/partialsdelete/2delete-con_disk-partition-linux.adoc new file mode 100644 index 0000000..dedd8c6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_disk-partition-linux.adoc @@ -0,0 +1,9 @@ +// Module included in the following assemblies: +// +// creating-a-disk-partition-in-linux-using-the-parted-command.adoc +:experimental: + +[#{context}-disk-partition-linux] += Disk Partitioning in Linux + +Creating and deleting partitions in Linux is a regular practice because storage devices (such as hard drives and USB drives) must be structured in some way before they can be used. In most cases, large storage devices are divided into separate sections called partitions. Partitioning also allows you to divide your hard drive into isolated sections, where each section behaves as its own hard drive. Partitioning is particularly useful if you run multiple operating systems. diff --git a/modules/ROOT/partialsdelete/2delete-con_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-con_firewalld.adoc new file mode 100644 index 0000000..43faa31 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_firewalld.adoc @@ -0,0 +1,22 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +[id='concept-firewalld-fedora'] += Using firewalld + +== What is firewalld? + +A _firewall_ is a way to protect machines from any unwanted traffic from outside. It enables users to control incoming network traffic on host machines by defining a set of _firewall rules_. These rules are used to sort the incoming traffic and either block it or allow through. + +`firewalld` is a firewall service daemon that provides a dynamic customizable host-based firewall with a `D-Bus` interface. Being dynamic, it enables creating, changing, and deleting the rules without the necessity to restart the firewall daemon each time the rules are changed. + +`firewalld` uses the concepts of _zones_ and _services_, that simplify the traffic management. + +`_Zones_` are predefined sets of rules. Network interfaces and sources can be assigned to a zone. The traffic allowed depends on the network your computer is connected to and the security level this network is assigned. Firewall services are predefined rules that cover all necessary settings to allow incoming traffic for a specific service and they apply within a zone. + +`_Services_` use one or more ports or addresses for network communication. Firewalls filter communication based on ports. To allow network traffic for a service, its ports must be open. `firewalld` blocks all traffic on ports that are not explicitly set as open. Some zones, such as trusted, allow all traffic by default. + +.Additional resources + +For more information about using firewalld and configuring zones and services, see link:https://firewalld.org/documentation/[firewalld documentation] or link:https://fedoraproject.org/wiki/Firewalld[Fedora wiki:firewalld] diff --git a/modules/ROOT/partialsdelete/2delete-con_introduction-to-selinux.adoc b/modules/ROOT/partialsdelete/2delete-con_introduction-to-selinux.adoc new file mode 100644 index 0000000..29a262a --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_introduction-to-selinux.adoc @@ -0,0 +1,39 @@ +// Module included in the following assemblies: +// +// getting-started-with-selinux.adoc + +[#{context}-introduction-to-selinux] += Introduction to SELinux + +Security Enhanced Linux (SELinux) provides an additional layer of system security. SELinux fundamentally answers the question: _May do to ?_, for example: _May a web server access files in users' home directories?_ + +The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files. + +SELinux implements Mandatory Access Control (MAC). Every process and system resource has a special security label called a _SELinux context_. A SELinux context, sometimes referred to as a _SELinux label_, is an identifier which abstracts away the system-level details and focuses on the security properties of the entity. Not only does this provide a consistent way of referencing objects in the SELinux policy, but it also removes any ambiguity that can be found in other identification methods; for example, a file can have multiple valid path names on a system that makes use of bind mounts. + +The SELinux policy uses these contexts in a series of rules which define how processes can interact with each other and the various system resources. By default, the policy does not allow any interaction unless a rule explicitly grants access. + +[NOTE] +==== +It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first, which means that no SELinux denial is logged if the traditional DAC rules prevent the access. +==== + +SELinux contexts have several fields: user, role, type, and security level. The SELinux type information is perhaps the most important when it comes to the SELinux policy, as the most common policy rule which defines the allowed interactions between processes and system resources uses SELinux types and not the full SELinux context. SELinux types usually end with `_t`. For example, the type name for the web server is `httpd_t`. The type context for files and directories normally found in `/var/www/html/` is `httpd_sys_content_t`. The type contexts for files and directories normally found in `/tmp` and `/var/tmp/` is `tmp_t`. The type context for web server ports is `http_port_t`. + +For example, there is a policy rule that permits Apache (the web server process running as `httpd_t`) to access files and directories with a context normally found in `/var/www/html/` and other web server directories (`httpd_sys_content_t`). There is no allow rule in the policy for files normally found in `/tmp` and `/var/tmp/`, so access is not permitted. With SELinux, even if Apache is compromised, and a malicious script gains access, it is still not able to access the `/tmp` directory. + +[#fig-intro-httpd-mysqld] +.SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t. +image::selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example] + +[discrete] +== Additional resources +To better understand SELinux basic concepts, see the following documentation: + +* link:++https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf++[The SELinux Coloring Book] + +* link:++https://people.redhat.com/tcameron/Summit2012/SELinux/cameron_w_120_selinux_for_mere_mortals.pdf++[SELinux for Mere Mortals] + +* link:++http://selinuxproject.org/page/FAQ++[SELinux Wiki FAQ] + +* link:++http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf++[The SELinux Notebook] diff --git a/modules/ROOT/partialsdelete/2delete-con_logging-sudo-commands.adoc b/modules/ROOT/partialsdelete/2delete-con_logging-sudo-commands.adoc new file mode 100644 index 0000000..6872e01 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_logging-sudo-commands.adoc @@ -0,0 +1,21 @@ +[id="concept-logging-sudo-commands"] += Logging sudo commands + +Each successful authentication using the [command]`sudo` command is logged to the [filename]`/var/log/messages` file. For each authentication, the [filename]`/var/log/secure` file lists the user name and the command that was executed. + +For additional logging, use the `pam_tty_audit` module to enable TTY auditing for specific users. TTY auditing prints the file name of the terminal connected to the standard I/O. To enable TTY auditing, add the following line to your [filename]`/etc/pam.d/system-auth` file: + +[subs=quotes] +---- +session required pam_tty_audit.so disable=pattern enable=_PATTERN_ +---- + +Replace `_PATTERN_` with a comma-separated list of users (and globs, if needed). + +For example, the following command enables TTY auditing for the root user and disables it for all other users: + +---- +session required pam_tty_audit.so disable=* enable=root +---- + +Using the `pam_tty_audit` PAM module for auditing only records TTY input. As a result, when the audited user logs in, `pam_tty_audit` records the user’s exact keystrokes and saves them in [filename]`/var/log/audit/audit.log`. For more information, see the *pam_tty_audit(8)* manual page. diff --git a/modules/ROOT/partialsdelete/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc b/modules/ROOT/partialsdelete/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc new file mode 100644 index 0000000..816b40b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_permanent-changes-in-selinux-states-and-modes.adoc @@ -0,0 +1,34 @@ +// Module included in the following assemblies: +// +// changing-selinux-states-and-modes.adoc + +[#{context}-changing-selinux-modes] += Permanent changes in SELinux states and modes + +As discussed in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-introduction[Introduction to SELinux], SELinux can be enabled or disabled. When enabled, SELinux has two modes: enforcing and permissive. + +Use the [command]`getenforce` or [command]`sestatus` commands to check in which mode SELinux is running. The [command]`getenforce` command returns `Enforcing`, `Permissive`, or `Disabled`. + +The [command]`sestatus` command returns the SELinux status and the SELinux policy being used: + +[source,bash] +---- +~]$ sestatus +SELinux status: enabled +SELinuxfs mount: /sys/fs/selinux +SELinux root directory: /etc/selinux +Loaded policy name: targeted +Current mode: enforcing +Mode from config file: enforcing +Policy MLS status: enabled +Policy deny_unknown status: allowed +Memory protection checking: actual (secure) +Max kernel policy version: 31 +---- + +[NOTE] +==== +When systems run SELinux in permissive mode, users and processes can label various file-system objects incorrectly. File-system objects created while SELinux is disabled are not labeled at all. This behavior causes problems when changing to enforcing mode because SELinux relies on correct labels of file-system objects. + +To prevent incorrectly labeled and unlabeled files from causing problems, file systems are automatically relabeled when changing from the disabled state to permissive or enforcing mode. In permissive mode, use the [command]`fixfiles -F onboot` command as root to create `/.autorelabel` file containing the `-F` option to ensure that files are relabeled upon next reboot. +==== diff --git a/modules/ROOT/partialsdelete/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc b/modules/ROOT/partialsdelete/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc new file mode 100644 index 0000000..6ad8ca2 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_relation-between-fedora-and-red-hat-enterprise-linux.adoc @@ -0,0 +1,72 @@ +[id='relationship-between-fedora-and-red-hat-enterprise-linux'] += Relationship between Fedora and RHEL + +Red Hat Enterprise Linux (RHEL) and Fedora both are open source operating systems. They are related projects, with Fedora being "upstream" of Red Hat Enterprise Linux. Whereas Fedora is a community-supported project suitable for different kinds of users, Red Hat Enterprise Linux is enterprise business-oriented software supported via commercial subscription options. + +== Red Hat Enterprise Linux + +Red Hat Enterprise Linux is an enterprise Linux operating system. It is oriented toward enterprise and commercial users, is certified for many hardware and cloud platforms, and is supported by Red Hat via various subscription options. Compared to Fedora, Red Hat Enterprise Linux emphasizes stability and enterprise-readiness over the latest technologies or rapid releases. More information about Red Hat offerings can be found at https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux[Red Hat's web site]. + +Individual software developers can access a free-of-charge subscription as part of the https://developers.redhat.com/about[Red Hat Developer Program]. Developers can use Red Hat Enterprise Linux on up to 16 physical or virtual systems for development, quality assurance, demos, or small production uses. See the Frequently Asked Questions for the https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux[No-cost Red Hat Enterprise Linux Individual Developer Subscription]. + +== Fedora + +Fedora is developed by the Fedora Project and sponsored by Red Hat. It follows its own release schedule, with a new version approximately every six months. Fedora provides a modern Linux operating system utilizing many of the latest technologies. It is free for all users and supported via the Fedora community. + +To create Red Hat Enterprise Linux, some version of Fedora is forked and enters an extensive development, testing and certification process to become a new version of Red Hat Enterprise Linux. + +== History of Red Hat Enterprise Linux and Fedora + +Red Hat first offered an enterprise Linux support subscription for Red Hat Linux 6.1. It was not a separate product, but the subscription offering was branded as Red Hat 6.2E. Subsequently, Red Hat started creating a separate product with commercial service level agreements and longer lifecyle based on Red Hat Linux, and later on Fedora. + +.Red Hat Enterprise Linux and Fedora Lineage +[options="header"] +|=== +|Release |Codename |Release Date |Based on +|Red Hat Linux 6.2E |Zoot |2000-03-27 |Red Hat Linux 6.2 + +|Red Hat Enterprise Linux 2.1 |Pensacola (AS)/ Panama (ES) |2002-03-26 +(AS) |Red Hat Linux 7.2 + +|Red Hat Enterprise Linux 3 |Taroon |2003-10-22 |Red Hat Linux 9 + +|Red Hat Enterprise Linux 4 |Nahant |2005-02-15 |Fedora Core 3 + +|Red Hat Enterprise Linux 5 |Tikanga |2007-03-14 |Fedora Core 6 + +|Red Hat Enterprise Linux 6 |Santiago |2010-11-10 |Mix of Fedora 12 +Fedora 13 and several modifications + +|Red Hat Enterprise Linux 7 |Maipo |2014-06-10 |Primarily Fedora 19 with +several changes from 20 and later + +|Red Hat Enterprise Linux 8|Ootpa |2019-05-07 |Fedora 28 + +|Red Hat Enterprise Linux 9|Plow |2022-05-17 |Fedora 34 +|=== + +== Difference between Red Hat Enterprise Linux and Fedora + +.Difference between Red Hat Enterprise Linux and Fedora +[cols="1,3,3",options="header"] +|=== +| +|Red Hat Enterprise Linux +|Fedora + +|support +|Red Hat Enterprise Linux is a commercially supported product by Red Hat and provides service level agreements that is important for enterprise customers. This support involves product assistance as well as prioritization of bug fixes, feature requests, certified hardware and software. +|Fedora is supported by a wide community of developers and users but it is not commercially supported by Red Hat. Red Hat does http://fedoraproject.org/sponsors[sponsor] the Fedora Project. + +|releases +|A new version of Red Hat Enterprise Linux comes out every few years and is supported for up to 10 years. +|New Fedora releases are available about every six months and every release gets updates for about 13 months. + +|available software +|Software in Red Hat Enterprise Linux is a subset of that available in Fedora. These are the packages enterprise customers need and are supported by Red Hat. +|Fedora offers a wide range of software, with many thousands of packages available in the repository. + +|update policy +|Red Hat Enterprise Linux updates are more conservative and generally focus on security and bug fixes. +|Fedora's Updates Policy is more liberal compared to Red Hat Enterprise Linux. +|=== diff --git a/modules/ROOT/partialsdelete/2delete-con_runtime_and_permanent_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-con_runtime_and_permanent_firewalld.adoc new file mode 100644 index 0000000..8862a6c --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_runtime_and_permanent_firewalld.adoc @@ -0,0 +1,15 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +[id='concept-runtime-and-permanent-firewalld-fedora'] + += Runtime and permanent settings + +Any changes made while firewalld is running will be lost when firewalld is restarted. When firewalld is restarted, the settings revert to their permanent values. + +These changes are said to be made in _runtime mode_. + +To make the changes persistent across reboots, apply them again using the `--permanent` option. Alternatively, to make changes persistent while firewalld is running, use the `--runtime-to-permanent _firewall-cmd_` option. + +If you make changes while firewalld is running using only the `--permanent` option, they do not become effective until firewalld is restarted. However, restarting firewalld briefly stops the networking traffic, causing disruption to your system. diff --git a/modules/ROOT/partialsdelete/2delete-con_selinux-architecture.adoc b/modules/ROOT/partialsdelete/2delete-con_selinux-architecture.adoc new file mode 100644 index 0000000..f636ef8 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_selinux-architecture.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies: +// +// getting-started-with-selinux.adoc +:experimental: + +[#{context}-selinux-architecture] += SELinux architecture + +SELinux is a Linux Security Module (LSM) that is built into the Linux kernel. The SELinux subsystem in the kernel is driven by a security policy which is controlled by the administrator and loaded at boot. All security-relevant, kernel-level access operations on the system are intercepted by SELinux and examined in the context of the loaded security policy. If the loaded policy allows the operation, it continues. Otherwise, the operation is blocked and the process receives an error. + +SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). When using these cached decisions, SELinux policy rules need to be checked less, which increases performance. Remember that SELinux policy rules have no effect if DAC rules deny access first. diff --git a/modules/ROOT/partialsdelete/2delete-con_selinux-examples.adoc b/modules/ROOT/partialsdelete/2delete-con_selinux-examples.adoc new file mode 100644 index 0000000..f5d5c42 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_selinux-examples.adoc @@ -0,0 +1,19 @@ +// Module included in the following assemblies: +// +// getting-started-with-selinux.adoc +:experimental: + +[#{context}-selinux-examples] += SELinux examples + +The following examples demonstrate how SELinux increases security: + +* The default action is deny. If an SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied. + +* SELinux can confine Linux users. A number of confined SELinux users exist in SELinux policy. Linux users can be mapped to confined SELinux users to take advantage of the security rules and mechanisms applied to them. For example, mapping a Linux user to the SELinux `user_u` user, results in a Linux user that is not able to run (unless configured otherwise) set user ID (setuid) applications, such as [command]`sudo` and [command]`su`, as well as preventing them from executing files and applications in their home directory. If configured, this prevents users from executing malicious files from their home directories. + +* Increased process and data separation. Processes run in their own domains, preventing processes from accessing files used by other processes, as well as preventing processes from accessing other processes. For example, when running SELinux, unless otherwise configured, an attacker cannot compromise a Samba server, and then use that Samba server as an attack vector to read and write to files used by other processes, such as MariaDB databases. + +* SELinux helps mitigate the damage made by configuration mistakes. Domain Name System (DNS) servers often replicate information between each other in what is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the Berkeley Internet Name Domain (BIND) as a DNS server in Fedora, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files footnote:[Text files that include information, such as host name to IP address mappings, that are used by DNS servers.] from being updated using zone transfers, by the BIND `named` daemon itself, and by other processes. + +* See the link:++https://www.networkworld.com++[NetworkWorld.com] article, link:++https://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[A seatbelt for server software: SELinux blocks real-world exploits]footnote:[Marti, Don. "A seatbelt for server software: SELinux blocks real-world exploits". Published 24 February 2008. Accessed 27 August 2009: link:++https://www.networkworld.com/article/2283723/lan-wan/a-seatbelt-for-server-software--selinux-blocks-real-world-exploits.html++[].], for background information about SELinux, and information about various exploits that SELinux has prevented. diff --git a/modules/ROOT/partialsdelete/2delete-con_selinux-states-and-modes.adoc b/modules/ROOT/partialsdelete/2delete-con_selinux-states-and-modes.adoc new file mode 100644 index 0000000..b83bc04 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_selinux-states-and-modes.adoc @@ -0,0 +1,47 @@ +// Module included in the following assemblies: +// +// getting-started-with-selinux.adoc +:experimental: + +[#{context}-selinux-states-and-modes] += SELinux states and modes + +SELinux can run in one of three modes: disabled, permissive, or enforcing. + +Disabled mode is strongly discouraged; not only does the system avoid enforcing the SELinux policy, it also avoids labeling any persistent objects such as files, making it difficult to enable SELinux in the future. + +In permissive mode, the system acts as if SELinux is enforcing the loaded security policy, including labeling objects and emitting access denial entries in the logs, but it does not actually deny any operations. While not recommended for production systems, permissive mode can be helpful for SELinux policy development. + +Enforcing mode is the default, and recommended, mode of operation; in enforcing mode SELinux operates normally, enforcing the loaded security policy on the entire system. + +Use the [command]`setenforce` utility to change between enforcing and permissive mode. Changes made with [command]`setenforce` do not persist across reboots. To change to enforcing mode, enter the [command]`setenforce 1` command as the Linux root user. To change to permissive mode, enter the [command]`setenforce 0` command. Use the [command]`getenforce` utility to view the current SELinux mode: + +---- +~]# getenforce +Enforcing +---- + +---- +~]# setenforce 0 +~]# getenforce +Permissive +---- + +---- +~]# setenforce 1 +~]# getenforce +Enforcing +---- + +In Fedora, you can set individual domains to permissive mode while the system runs in enforcing mode. For example, to make the `httpd_t` domain permissive: + +---- +~]# semanage permissive -a httpd_t +---- + +// See <> for more information. + +// [NOTE] +// ==== +// Persistent states and modes changes are covered in <>. +// ==== diff --git a/modules/ROOT/partialsdelete/2delete-con_sudo-timeout.adoc b/modules/ROOT/partialsdelete/2delete-con_sudo-timeout.adoc new file mode 100644 index 0000000..3b34ded --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_sudo-timeout.adoc @@ -0,0 +1,15 @@ +[[concept-sudo-timeout]] += sudo timeout + +By default, [command]`sudo` stores the password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt you for a password. This could be exploited by an attacker if you leave your workstation unattended and unlocked while still being logged in. You can change this behavior by adding the following line to the `/etc/sudoers` configuration file: + +[subs=quotes] +------------ +Defaults timestamp_timeout=_VALUE_ +------------ + +Here, `_VALUE_` is the desired timeout length in minutes. Setting the value to 0 causes [command]`sudo` to require a password every time. + +If an account is compromised, an attacker can use [command]`sudo` to open a new shell with administrative privileges. + +Opening a new shell as a root user in this way allows an attacker administrative access for a theoretically unlimited period of time and bypasses the timeout period specified in the `/etc/sudoers` file. Using this method, the attacker *does not* need to provide a password for [command]`sudo` again until the session ends. diff --git a/modules/ROOT/partialsdelete/2delete-con_the-purpose-of-rpm-fusion.adoc b/modules/ROOT/partialsdelete/2delete-con_the-purpose-of-rpm-fusion.adoc new file mode 100644 index 0000000..48d5a31 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_the-purpose-of-rpm-fusion.adoc @@ -0,0 +1,37 @@ +// Module included in the following assemblies: +// +// + +// This module can be included from assemblies using the following include statement: +// include::modules//con_the-purpose-of-rpm-fusion.adoc[leveloffset=+1] + +// The file name and the ID are based on the module title. For example: +// * file name: con_my-concept-module-a.adoc +// * ID: [id='con_my-concept-module-a_{context}'] +// * Title: = My concept module A +// +// The ID is used as an anchor for linking to the module. Avoid changing +// it after the module has been published to ensure existing links are not +// broken. +// +// The `context` attribute enables module reuse. Every module's ID includes +// {context}, which ensures that the module has a unique ID even if it is +// reused multiple times in a guide. +// +// In the title, include nouns that are used in the body text. This helps +// readers and search engines find information quickly. +// Do not start the title with a verb. See also _Wording of headings_ +// in _The IBM Style Guide_. +[id="con_the-purpose-of-rpm-fusion_{context}"] += The purpose of RPM Fusion + +The RPM Fusion project is a community-maintained software repository providing additional packages that are not distributed by Fedora. + + +[discrete] +== Additional resources + +* RPM Fusion home page: link:https://rpmfusion.org/[] +* For more information on what packages are allowed to be distributed with Fedora, see the following wiki page: link:https://fedoraproject.org/wiki/Forbidden_items[] +* You can buy multimedia codecs from Fluendo. This is a legal solution for users from countries where software patents apply. For more information, see: link:https://fluendo.com/en/products/enterprise/fluendo-codec-pack/[]. + diff --git a/modules/ROOT/partialsdelete/2delete-con_understanding-systemd.adoc b/modules/ROOT/partialsdelete/2delete-con_understanding-systemd.adoc new file mode 100644 index 0000000..784d3c0 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_understanding-systemd.adoc @@ -0,0 +1,51 @@ +[id='understanding-systemd'] += Understanding systemd + +_Systemd_ is a system and service manager for Linux, compatible with SysV and LSB init scripts. _Systemd_ provides: + +* Aggressive parallelization capabilities +* Uses socket and D-Bus activation for starting services +* Offers on-demand starting of daemons, keeps track of processes using Linux cgroups +* Supports snapshotting and restoring of the system state +* Maintains mount and automount points +* Implements an elaborate transactional dependency-based service control logic. + +The `systemctl` command is the primary tool to manage _systemd_. It combines the functionality of SysVinit's `service` and `chkconfig` commands into a single tool you can use to enable and disable services permanently or only for the current session. + +_Systemd_ manages so-called *_units_*, which are representations of system resources and services. This following list shows the unit types that _systemd_ can manage: + +service:: + A service on the system, including instructions for starting, restarting, and stopping the service. + +socket:: + A network socket associated with a service. + +device:: + A device specifically managed with _systemd_. + +mount:: + A mountpoint managed with _systemd_. + +automount:: + A mountpoint automatically mounted on boot. + +swap:: + Swap space on the system. + +target:: + A synchronization point for other units. Usually used to start enabled services on boot. + +path:: + A path for path-based activation. For example, you can start services based on the state of a certain path, such as whether it exists or not. + +timer:: + A timer to schedule activation of another unit. + +snapshot:: + A snapshot of the current _systemd_ state. Usually used to rollback after making temporary changes to _systemd_. + +slice:: + Restriction of resources through Linux Control Group nodes (cgroups). + +scope:: + Information from _systemd_ bus interfaces. Usually used to manage external system processes. diff --git a/modules/ROOT/partialsdelete/2delete-con_using-sudo-access-docker.adoc b/modules/ROOT/partialsdelete/2delete-con_using-sudo-access-docker.adoc new file mode 100644 index 0000000..1c789cc --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_using-sudo-access-docker.adoc @@ -0,0 +1,8 @@ +[id="concept-using-sudo-access-docker"] += Using sudo to access Docker + +Docker has the ability to change the group ownership of the Docker socket to allow users added to the Docker group to be able to run Docker containers without having to execute the [command]`sudo` or [command]`su` command to become root. + +Enabling access to the Docker daemon from non-root users is a problem from a security perspective. It is a security issue for Fedora, because if a user can talk to the Docker socket they can execute a command which gives them full root access to the host system. Docker has no auditing or logging built in, while [command]`sudo` does. + +It is recommended that sudo rules are implemented to permit access to the Docker daemon. This allows [command]`sudo` to provide logging and audit functionality. diff --git a/modules/ROOT/partialsdelete/2delete-con_using-sudo-assign-admin-privileges.adoc b/modules/ROOT/partialsdelete/2delete-con_using-sudo-assign-admin-privileges.adoc new file mode 100644 index 0000000..bdee72e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_using-sudo-assign-admin-privileges.adoc @@ -0,0 +1,26 @@ +[id="con_using-sudo-assign-admin-privileges"] += Using sudo to assign administrator privileges + +Add users to the [directory]`/etc/sudoers` configuration file to allow them to use the [command]`sudo` command. For these users, the [command]`sudo` command is run in the user’s shell instead of in a root shell. As a result, the root shell can be disabled for increased security. + +The administrator can also allow different users access to specific commands using the sudo configuration. Administrators must use the [command]`visudo` command to edit the [directory]`/etc/sudoers` configuration file. + +To assign full administrative privileges to a user, type [command]`visudo` and add the following line to the user privilege section after replacing `_USERNAME_` with the target user name: + +[subs=quotes] +---- +_USERNAME_ ALL=(ALL) ALL +---- + +This line allows the specified user to use [command]`sudo` from any host and execute any command. + +To allow a user access to specific commands, use the following example after replacing `_USERS_` with a target system group: + +[subs=quotes] +---- +_%USERS_ localhost=/usr/sbin/shutdown -h now +---- + +This command allows all members of the `_USERS_` system group to issue the [command]`/sbin/shutdown -h` as long as the command is issued from the console. + +The man page for [command]`sudoers` has a detailed listing of options for this file. diff --git a/modules/ROOT/partialsdelete/2delete-con_using-sudo-without-password.adoc b/modules/ROOT/partialsdelete/2delete-con_using-sudo-without-password.adoc new file mode 100644 index 0000000..4129b8b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_using-sudo-without-password.adoc @@ -0,0 +1,13 @@ +[[concept-using-sudo-without-password]] += Using sudo without a password + +You can enable `root` access without a password specified, allowing any process on your system to become `root`. Add the following line to your `/etc/sudoers` file: + +[subs=quotes] +------------ +_user_ ALL=(ALL) NOPASSWD: /usr/bin/docker +------------ + +This will allow `_user_` to access docker without a password. + +IMPORTANT: For security reasons, it is recommended that you always use [command]`sudo` with a password. diff --git a/modules/ROOT/partialsdelete/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc new file mode 100644 index 0000000..c8b5bc1 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_using-the-system-wide-trust-store.adoc.delete.adoc @@ -0,0 +1,18 @@ +[[using-the-system-wide-trust-store]] += Using the System-wide Trust Store + +In Fedora, the consolidated system-wide trust store is located in the `/etc/pki/ca-trust/` and `/usr/share/pki/ca-trust-source/` directories. The trust settings in `/usr/share/pki/ca-trust-source/` are processed with lower priority than settings in `/etc/pki/ca-trust/`. + +Certificate files are treated depending on the subdirectory they are installed to the following directories: + +* for trust anchors +** `/usr/share/pki/ca-trust-source/anchors/` or +** `/etc/pki/ca-trust/source/anchors/` +* for distrusted certificates +** `/usr/share/pki/ca-trust-source/blocklist/` or +** `/etc/pki/ca-trust/source/blocklist/` +* for certificates in the extended BEGIN TRUSTED file format +** `/usr/share/pki/ca-trust-source/` or +** `/etc/pki/ca-trust/source/` + +NOTE: In a hierarchical cryptographic system, a trust anchor is an authoritative entity which is assumed to be trustworthy. For example, in X.509 architecture, a root certificate is a trust anchor from which a chain of trust is derived. The trust anchor must be put in the possession of the trusting party beforehand to make path validation possible. diff --git a/modules/ROOT/partialsdelete/2delete-con_viewing-logs.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-con_viewing-logs.adoc.delete.adoc new file mode 100644 index 0000000..1fa9702 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_viewing-logs.adoc.delete.adoc @@ -0,0 +1,12 @@ +[id='viewing-logs in Fedora'] + +Log files contain messages about the system, including the kernel, services, and applications running on it. +These contain information that helps troubleshoot issues, or simply monitor system functions. +Fedora uses the https://freedesktop.org/wiki/Software/systemd/[systemd] system and service manager. +With systemd, messages for most services are now stored in the systemd journal which is a binary file that must be accessed usinng the `journalctl` command. + +System tools that do not use systemd for their logs continue to place them as plain text files in the `/var/log/` directory. +In Fedora, there are two ways of accessing system logs: + +* The command line +* A GUI applications diff --git a/modules/ROOT/partialsdelete/2delete-con_what-is-sudo.adoc b/modules/ROOT/partialsdelete/2delete-con_what-is-sudo.adoc new file mode 100644 index 0000000..b310538 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_what-is-sudo.adoc @@ -0,0 +1,15 @@ +[id='con_what-is-sudo'] += What is sudo? + +The [command]`sudo` command allows users to gain administrative or root access. When trusted users precede an administrative command with [command]`sudo`, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user. + +Only users listed in the [filename]`/etc/sudoers` configuration file are allowed to use the [command]`sudo` command. The command is executed in the user's shell, not a root shell. + +The syntax for the sudo command is as follows: + +[subs=quotes] +---- +sudo _COMMAND_ +---- + +Replace `_COMMAND_` with the command to run as the root user. diff --git a/modules/ROOT/partialsdelete/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc b/modules/ROOT/partialsdelete/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc new file mode 100644 index 0000000..c4e2db3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_why-it-is-important-keeping-your-system-up-to-date.adoc @@ -0,0 +1,8 @@ +[id='why-it-is-important-to-keep-your-system-up-to-date'] += Why it is important to keep your system up-to-date + +// Bara: This section is based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-keeping_your_system_up-to-date + +This section briefly explains the importance of updating your system on a regular basis. + +All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Packages that have not been updated are a common cause of computer intrusions. Implement a plan for installing security patches in a timely manner to quickly eliminate discovered vulnerabilities, so they cannot be exploited. diff --git a/modules/ROOT/partialsdelete/2delete-con_xorg-conf.adoc b/modules/ROOT/partialsdelete/2delete-con_xorg-conf.adoc new file mode 100644 index 0000000..eacd418 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-con_xorg-conf.adoc @@ -0,0 +1,6 @@ +[id='con_about-xorg-conf'] += About xorg.conf + +Traditionally, the xorg.conf file is used to configure an Xorg display server. In Fedora (where an Xorg display server is configured instead of the default Wayland) the X configuration is determined automatically each time X is started. As a result, no xorg.conf file is created. In most cases, this works well and there is no need to manually specify X configuration. + +If you need to make manual changes to your X configuration for any reason, you will first need to create an `xorg.conf` file. diff --git a/modules/ROOT/partialsdelete/2delete-concept_chromium-web-browser.adoc b/modules/ROOT/partialsdelete/2delete-concept_chromium-web-browser.adoc new file mode 100644 index 0000000..5dad452 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-concept_chromium-web-browser.adoc @@ -0,0 +1,16 @@ +[id='chromium-and-google-chrome'] += Chromium and Google Chrome web browsers + +Fedora Workstation, in its out of the box configuration, only includes free and open source software. **Mozilla Firefox** is the browser included in Fedora Workstation by default. However, it easy to install either **Google Chrome** or **Chromium**, if preferred. + +[id='chromium'] +== Chromium + +Chromium is the upstream project for Google Chrome. Chromium is included in the Fedora Repositories. Fedora's Chromium package only contains free and open source software, so does not include several features of Google Chrome that rely on proprietary software. + +[id='google-chrome'] +== Google Chrome + +Google Chrome is a popular web browser developed by Google. Chrome is built on top of the open-source browser project, Chromium. Chrome includes additional features such as support for proprietary media files (such as H.264 or AAC) and playback of rights-protected media (Netflix, etc.) Chrome also includes support for other Google services such as browser sync and location services, which are not supported by Chromium. + +Google Chrome is available in Fedora Workstation via a curated third-party repository. Once this repository is enabled, Chrome can be installed via Software or the command line. diff --git a/modules/ROOT/partialsdelete/2delete-concept_third-party-repositories.adoc b/modules/ROOT/partialsdelete/2delete-concept_third-party-repositories.adoc new file mode 100644 index 0000000..9a6b2ae --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-concept_third-party-repositories.adoc @@ -0,0 +1,13 @@ +[id='third-party-repositories'] += Third party repositories + +There are a number of third-party software repositories for Fedora. They have more liberal licensing policies and provide software packages that Fedora excludes for various reasons. These software repositories are not officially affiliated or endorsed by the Fedora Project. Use them at your own discretion. For complete list, see https://rpmfusion.org/FedoraThirdPartyRepos[FedoraThirdPartyRepos] +The following repositories are commonly used by end users and do not conflict with each other: + +* https://rpmfusion.org + +* rpm.livna.org (Obsoleted! Replaced by RPM Fusion free tainted) + +== Mixing third party software repositories + +Mixing a lot of third party repositories is not recommended since they might conflict with each other causing instability and hard to debug issues. If you are not a technical user, one way is to not enable the third-party repo by default and instead use the *--enablerepo* switch for dnf, or a similar method configurable in the graphical package manager. diff --git a/modules/ROOT/partialsdelete/2delete-proc_Brief-selection-of-nmcli-examples.adoc b/modules/ROOT/partialsdelete/2delete-proc_Brief-selection-of-nmcli-examples.adoc new file mode 100644 index 0000000..2ee76d6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_Brief-selection-of-nmcli-examples.adoc @@ -0,0 +1,108 @@ +// Module included in the following assemblies: +// +// assembly_Configuring-networking-with-nmcli.adoc + +[id='Brief-selection-of-nmcli-examples'] += Brief Selection of nmcli Examples + +This section provides a brief selection of [application]*nmcli* examples. + +[discrete] +== Prerequisites +<> + + +.Checking the overall status of NetworkManager +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli general status` +STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN +connected full enabled enabled enabled enabled +.... + +In terse mode: + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli -t -f STATE general` +connected +.... + +==== + +.Viewing NetworkManager logging status +==== + +[literal,subs="+quotes,verbatim"] +.... +~]$ [command]`nmcli general logging` + LEVEL DOMAINS + INFO PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,WIFI_SCAN,IP4,IP6,A +UTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC, +WIMAX,INFINIBAND,FIREWALL,ADSL,BOND,VLAN,BRIDGE,DBUS_PROPS,TEAM,CONCHECK,DC +B,DISPATCH +.... + +==== + +.Viewing all connections +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli connection show` + NAME UUID TYPE DEVICE +Profile 1 db1060e9-c164-476f-b2b5-caec62dc1b05 ethernet ens3 +ens3 aaf6eb56-73e5-4746-9037-eed42caa8a65 ethernet -- +.... + +==== + +.Viewing only currently active connections +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli connection show --active` + NAME UUID TYPE DEVICE +Profile 1 db1060e9-c164-476f-b2b5-caec62dc1b05 ethernet ens3 +.... + +==== + +.Viewing only devices recognized by [application]*NetworkManager* and their state +==== + +[literal,subs="+quotes,verbatim,macros"] +.... +~]$ pass:attributes[{blank}][command]`nmcli device status` +DEVICE TYPE STATE CONNECTION +ens3 ethernet connected Profile 1 +lo loopback unmanaged -- +.... + +==== + +You can also use the following abbreviations of the [application]*nmcli* commands: + +[[tabl-nmcli_examples]] +.Abbreviations of some nmcli commands + +[options="header"] +|=== +|nmcli command|abbreviation +|nmcli general status|nmcli g +|nmcli general logging|nmcli g log +|nmcli connection show|nmcli con show +|nmcli connection show --active|nmcli con show -a +|nmcli device status|nmcli dev +|=== + +[discrete] +== Additional resources + +* For more examples, see the + [citetitle]_pass:attributes[{blank}]*nmcli-examples*(5)_ + man page. diff --git a/modules/ROOT/partialsdelete/2delete-proc_adding-new-certificates.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_adding-new-certificates.adoc.delete.adoc new file mode 100644 index 0000000..bc760b9 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_adding-new-certificates.adoc.delete.adoc @@ -0,0 +1,27 @@ +[id='proc_adding-new-certificates'] += Adding New Certificates + +Often, system administrators want to install a certificate into the trust store. This can be done with the [command]`trust anchor` sub-command of the [command]`trust` command, as described in xref:managing-trusted-system-certificates[Managing Trusted System Certificates]. + +Alternatively, you can simply copy the certificate file in the PEM or DER file format to the `/etc/pki/ca-trust/source/anchors/` directory, followed by running the [command]`update-ca-trust` command, for example: + +[subs="+quotes,macros"] +---- +# cp _~/certificate-trust-examples/Cert-trust-test-ca.pem_ _/etc/pki/ca-trust/source/anchors/_ +---- + +---- +# update-ca-trust +---- + +The [command]`update-ca-trust` command ensures that the certificate bundles in application-specific formats, such as Java keystore, are regenerated. + +[NOTE] +==== +The certificates installed in the above steps cannot be removed with the [command]`trust anchor --remove`. +==== + +[NOTE] +==== +While the Firefox browser is able to use an added certificate without executing [command]`update-ca-trust`, it is recommended to run [command]`update-ca-trust` after a CA change. Also note that browsers, such as Firefox, Epiphany, or Chromium, cache files, and you might need to clear the browser's cache or restart your browser to load the current system certificates configuration. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_adding-other-operating-systems-grub2.adoc b/modules/ROOT/partialsdelete/2delete-proc_adding-other-operating-systems-grub2.adoc new file mode 100644 index 0000000..fa89f95 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_adding-other-operating-systems-grub2.adoc @@ -0,0 +1,37 @@ +[[adding-other-operating-systems-grub2]] += Adding other operating systems to the GRUB2 menu + +Normally, *GRUB2* is preset to boot multiple operating systems during the Fedora installation process. If you can, it is advisable to install non-Linux operating systems first. Then, during the installation process, all those operating systems and their locations will be discovered and properly set. + +Adding other records into the *GRUB2* menu only means to run `grub2-mkconfig` command to regenerate the configuration files. During this process, all operating systems known to the system will be added into the configuration. By reinstalling *GRUB2*, this configuration will be used for further boots. + +.Before you start + +* Make sure that the operating systems are on disks, connected to the system. +* You have the `os-prober` package installed. + +.Procedure + +. Recreate the *GRUB2* configuration file. ++ +---- +# grub2-mkconfig -o /boot/grub2/grub.cfg +---- + +. Install *GRUB2*. +* On UEFI systems. ++ +---- +# dnf reinstall shim-* grub2-efi-* grub2-common +---- +* On BIOS systems, specify the disk where the bootloader should be installed. ++ +---- +# grub2-install /dev/sda +---- + +.More information + +* The `grub2-mkconfig` command will add entries for all operating systems it can find. +* When problems appear, see the link:https://www.gnu.org/software/grub/manual/grub/grub.html#Multi_002dboot-manual-config[GRUB manual] to solve issues with booting secondary operating systems. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_adding-repositories.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_adding-repositories.adoc.delete.adoc new file mode 100644 index 0000000..cae1546 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_adding-repositories.adoc.delete.adoc @@ -0,0 +1,23 @@ +[id='adding-repositories'] += Adding repositories + +include::{partialsdir}/attributes.adoc[] + +This section describes how to add software repositories with the `dnf config-manager` command. + +* To add a new repository, do the following as `*root*`. + +. Define a new repository by adding a new file with the `.repo` suffix to the [filename]`/etc/yum.repos.d/` directory. For details about various options to use in the `.repo` file, see the xref:f{MAJOROSVER}@fedora:system-administrators-guide:package-management/DNF.adoc#sec-Setting_repository_Options[Setting [repository\] Options] section in the System Administrator's Guide + +. Add the newly created repository. ++ +[literal,subs="+quotes,attributes"] +---- +dnf config-manager --add-repo `*_repository_*` +---- ++ +Where *_repository_* is the path to the created `.repo` file, for example: ++ +---- +dnf config-manager --add-repo /etc/yum.repos.d/fedora_extras.repo +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_adding-shortcut-custom-app-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_adding-shortcut-custom-app-gnome.adoc new file mode 100644 index 0000000..1bc2564 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_adding-shortcut-custom-app-gnome.adoc @@ -0,0 +1,56 @@ +[id='adding-shortcut-custom-app-gnome'] += Adding keyboard shortcuts for custom applications in GNOME + +This section describes how to add a keyboard shortcut for starting a custom application in GNOME. + +[discrete] +== Procedure + +. Open *Settings* and choose the *Devices* entry from the list: ++ +image::shortcuts-settings-devices.png[] ++ +NOTE: Earlier Fedora versions might not need this step. + +. Choose the *Keyboard Shortcuts* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: ++ +image::shortcuts-keyboard-scroll.png[] + +. Click the *+* button at the bottom of the list. ++ +A window for entering the details appears: ++ +image::shortcuts-add-empty.png[] + +. Fill in details for the application. ++ +image::shortcuts-add-filled.png[] ++ +Replace _My Application_ with the name of the application and _myapp --special options_ with the command to run this application, including any options. + +. Click the *Set shortcut...* button. ++ +A window for entering the keyboard shortcut appears: ++ +image::shortcuts-add-enter.png[] + +. Press the key combination that should become the shortcut for starting the application. ++ +As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortcut: ++ +image::shortcuts-add-shortcut.png[] + +. Click the *Add* button. ++ +Your application shortcut now appears in the list under _Custom Shortcuts_: ++ +image::shortcuts-added.png[] + +// o ptional - close settings? + +//// +info sources: + +http://ask.fedoraproject.org/en/question/9623/how-can-i-set-a-key-shortcut-to-launch-terminal-under-gnome/ +https://help.gnome.org/users/gnome-help/stable/keyboard-shortcuts-set.html.en +//// diff --git a/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-cli.adoc b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-cli.adoc new file mode 100644 index 0000000..c4f7add --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-cli.adoc @@ -0,0 +1,12 @@ +[[backup-gpg-keys-cli]] += Making a Key Backup Using the Command Line + +Use the following command to make the backup, which you can then copy to a destination of your choice: + +---- +gpg --export-secret-keys --armor johndoe@example.com > johndoe-privkey.asc +---- + +Store the copy in a secure place, such as a locked container. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-gnome.adoc new file mode 100644 index 0000000..986437c --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-gnome.adoc @@ -0,0 +1,12 @@ +[[backup-gpg-keys-gnome]] += Making a Key Backup Using the GNOME Desktop + +. Right-click your key and select _Properties_. + +. Select the _Details_ tab, and select menu:Export to file[Export secret key]. + +. Select a destination filename and click btn:[Export]. + +Store the copy in a secure place, such as a locked container. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-kde.adoc b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-kde.adoc new file mode 100644 index 0000000..436f4da --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_backup-gpg-keys-kde.adoc @@ -0,0 +1,14 @@ +[[backup-gpg-keys-kde]] += Making a Key Backup Using the KDE Desktop + +. Right-click your key and select _Export Secret Key_. + +. Click btn:[Continue] to continue at the confirmation dialog. + +. Select a destination filename. + +. Click btn:[Save]. + +Store the copy in a secure place, such as a locked container. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc new file mode 100644 index 0000000..85d9e8f --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_booting-from-usb-sticks.adoc.delete.adoc @@ -0,0 +1,49 @@ +[id='booting_from_USB_sticks'] += Booting from USB sticks + +:toc: + +Almost all modern PCs can boot from USB sticks. However, how you tell the system to boot from a USB stick varies substantially from system to system. Initially, you can try this: + +. Power off the computer. +. Plug the USB drive into a USB port. +. Remove all other portable media, such as CDs, DVDs, floppy disks or other USB sticks. +. Power on the computer. +. If the computer is configured to automatically boot from the USB drive, you will see a screen that says "Automatic boot in 10 seconds..." with a countdown. ++ +If you do a native UEFI boot, where you will see a rather more minimal boot menu. + +If the computer starts to boot off the hard drive as normal, you'll need to manually configure it to boot off the USB drive. Usually, that should work like this: + +. Wait for a safe point to reboot. +. As the machine starts to reboot, watch carefully for instructions on which key to press. Usually a function key, `Escape`, `Tab`, `F11`, `F12` or `Delete` is to be pressed to enter the boot device selection menu, `BIOS setup`, `firmware`, or `UEFI`. Press and hold that key. If you miss the window of opportunity, often only a few seconds, then reboot and try again. (If this does not work, consult the manual of your computer) +. Use the firmware, `BIOS`, interface or the boot device menu to put your USB drive first in the boot sequence. It might be listed as a hard drive rather than a removable drive. Each hardware manufacturer has a slightly different method for doing so. ++ +IMPORTANT: Your computer could become unbootable or lose functionality if you change any other settings. Though these settings can be reverted, you'll need to remember what you changed in order to do so. +. Save the changes, exit, and the computer should boot from the USB drive. + +If your system has a UEFI firmware, it will usually allow you to boot the stick in UEFI native mode or BIOS compatibility mode. If you boot in UEFI native mode and perform a Fedora installation, you will get a UEFI native Fedora installation. If you boot in BIOS compatibility mode and perform a Fedora installation, you will get a BIOS compatibility mode Fedora installation. + +For more information on all this, see the https://fedoraproject.org/wiki/Unified_Extensible_Firmware_Interface[UEFI page]. USB sticks written from x86_64 images with xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer], xref:creating-and-using-a-live-installation-image.adoc#gnome-disk-utility[GNOME Disk Utility], `dd`, other dd-style utilities should be UEFI native bootable. Sticks written with other utilities may not be UEFI native bootable, and sticks written from i686 images will never be UEFI bootable. + + +[id='identifying_stick'] +== Identifying a stick on Linux + +Most of the writing methods will require you to know the `/dev` name for your USB stick, e.g. `/dev/sdc`, when using them on Linux. You do not need to know this in order to use Fedora Media Writer. To find this out: + +. Insert the USB stick into a USB port. +. Open a terminal and run `dmesg`. +. Near the end of the output, you will see something like: ++ +[options="nowrap"] +---- +[32656.573467] sd 8:0:0:0: [sdX] Attached SCSI removable disk +---- ++ +`sdX` will be `sdb`, `sdc`, `sdd`, etc. + +[NOTE] +==== +This is the name of the disk you will use. We'll call it `sdX` from now on. If you have connected more than one USB stick to the system, be careful that you identify the correct one, often you will see a manufacturer name or capacity in the output which you can use to make sure you identified the correct stick. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_booting-specific-kernel-default.adoc b/modules/ROOT/partialsdelete/2delete-proc_booting-specific-kernel-default.adoc new file mode 100644 index 0000000..6985fa0 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_booting-specific-kernel-default.adoc @@ -0,0 +1,44 @@ +[[booting_specific_kernel_default]] +== Setting an installed kernel to boot by default + +To set a specific installed kernel to boot by default, first check the kernels installed on the system. + +---- +sudo ls /boot | grep vmlinuz +---- + +Identify the kernel to be set to boot by default. + +Use the following command to set the default kernel to boot: + +---- +sudo grubby --set-default /boot/vmlinuz-.. +---- + +Here is a sample output (on an `x84_64` architecture system): + +---- +sudo ls /boot | grep vmlinuz + +vmlinuz-0-rescue-c722f5f7d614446b99c39b846c2bb76c +vmlinuz-5.12.18-200.fc33.x86_64 +vmlinuz-5.8.15-301.fc33.x86_64 +---- + +If `vmlinuz-..` is chosen to be set as the default, we issue the following command: + +---- +sudo grubby --set-default /boot/vmlinuz-.. +---- + +For the above scenario, the command will look like so + +---- +sudo grubby --set-default /boot/vmlinuz-5.12.18-200.fc33.x86_64 +---- + + +[[sect-references]] +=== References: + +* https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader/[Fedora Rawhide Docs :: Working with the GRUB 2 Boot Loader] diff --git a/modules/ROOT/partialsdelete/2delete-proc_booting-with-configfile-on-different-partition.adoc b/modules/ROOT/partialsdelete/2delete-proc_booting-with-configfile-on-different-partition.adoc new file mode 100644 index 0000000..238535d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_booting-with-configfile-on-different-partition.adoc @@ -0,0 +1,40 @@ +[[booting-with-configfile-on-different-partition]] += Booting the system using a configuration file on a different partition. + +If you end up in *GRUB2* boot prompt, it is also possible to boot using a _configfile_ that's located on another +partition, as is often the case with multi-boot systems containing Ubuntu and Fedora. Follow the below procedure +if you need to boot from a configuration file on a different partition. + +.Procedure + +. Load the necessary modules to read your system's partitions (you will also need to load `part_msdos` or `part_gpt`, depending on your partition table). ++ +* For BTRFS filesystems. ++ +---- +grub> insmod btrfs +---- ++ +* For LVM filesystems. ++ +---- +grub> insmod xfs +grub> insmod lvm +---- + +. Set *GRUB2* root to your `/boot` partition. On UEFI systems, you should set *GRUB2* root to the EFI system partition. ++ +---- +grub> set root=(hd0,msdos1) +---- + +. Set the path to the configuration file. ++ +---- +grub> configfile /grub2/grub.cfg +---- + +.More information + +* The *hd0,msdos1* line shows the pertinent `/boot` partition, which holds the `grub.cfg` file. The setting may be different on your system. See also xref:_using_the_grub2_boot_prompt[Using the GRUB2 boot prompt] for more information. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_chang-to-permissive-mode.adoc b/modules/ROOT/partialsdelete/2delete-proc_chang-to-permissive-mode.adoc new file mode 100644 index 0000000..38fef92 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_chang-to-permissive-mode.adoc @@ -0,0 +1,43 @@ +// Module included in the following assemblies: +// +// assembly_changing-selinux-states-and-modes.adoc + +[#{context}-changing-to-permissive-mode] += Changing to permissive mode + +Use the following procedure to permanently change SELinux mode to permissive. When SELinux is running in permissive mode, SELinux policy is not enforced. The system remains operational and SELinux does not deny any operations but only logs AVC messages, which can be then used for troubleshooting, debugging, and SELinux policy improvements. Each AVC is logged only once in this case. + +.Prerequisites + +* The `selinux-policy-targeted`, `libselinux-utils`, and `policycoreutils` packages are installed on your system. +* The `selinux=0` or `enforcing=0` kernel parameters are not used. + +.Procedure + +. Open the `/etc/selinux/config` file in a text editor of your choice, for example: + +---- +# vi /etc/selinux/config +---- + +. Configure the `SELINUX=permissive` option: +[subs="quotes"] +---- +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=*permissive* +# SELINUXTYPE= can take one of these two values: +# targeted - Targeted processes are protected, +# mls - Multi Level Security protection. +SELINUXTYPE=targeted +---- + +. Restart the system: ++ +[subs="quotes"] +---- +# *reboot* +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_changing-the-hostname.adoc b/modules/ROOT/partialsdelete/2delete-proc_changing-the-hostname.adoc new file mode 100644 index 0000000..ba6ac03 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_changing-the-hostname.adoc @@ -0,0 +1,40 @@ +// Module included in the following assemblies: +// +// changing-hostname.adoc + +[id='changing-the-hostname'] + +== Changing the hostname + +For Fedora Workstation, using the default GNOME desktop, open the Settings application and choose About. + +image::changing-hostname-1.png[GNOME Settings - About] + +You can replace the value in the Device name field with the name of your choosing. The effect of this field is as follows: + +* If you use a name that is shorter, contains only lowercase letters, numbers and/or dashes ("-"), this will set the host's static name, and the pretty name will be left blank. +* If you enter a name that is more descriptive, contains mixed-case and other types of characters, this will set the pretty name, and a static name will be derived from that automatically. + +You can see the effect of the change by using the `hostnamectl` command again: + +.... + Static hostname: emilys-2nd-dev-laptop + Pretty hostname: Emily's 2nd dev laptop + Icon name: computer-laptop + Chassis: laptop + Machine ID: 15fc9e69d007013025f31bc5272c4ed1 + Boot ID: 41ac938872bae052294bcb277241ac93 + Operating System: Fedora 33 (Workstation Edition) + CPE OS Name: cpe:/o:fedoraproject:fedora:33 + Kernel: Linux 5.10.10-200.fc33.x86_64 + Architecture: x86-64 +.... + +In the previous example, "Emily's 2nd dev laptop" was entered via the Settings app, and the static hostname "emilys-2nd-dev-laptop" was set automatically. + +Hostnames can also be set at the command line with the `hostnamectl set-hostname` command. For example: + +.... +sudo hostnamectl set-hostname --pretty "Emily's 2nd dev laptop" +sudo hostnamectl set-hostname --static emily-dev-2 +.... diff --git a/modules/ROOT/partialsdelete/2delete-proc_changing-to-enforcing-mode.adoc b/modules/ROOT/partialsdelete/2delete-proc_changing-to-enforcing-mode.adoc new file mode 100644 index 0000000..3635af6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_changing-to-enforcing-mode.adoc @@ -0,0 +1,79 @@ +// Module included in the following assemblies: +// +// changing-selinux-states-and-modes.adoc + +[#{context}-changing-to-enforcing-mode] += Changing to enforcing mode + +Use the following procedure to switch SELinux to enforcing mode. When SELinux is running in enforcing mode, it enforces the SELinux policy and denies access based on SELinux policy rules. In Fedora, enforcing mode is enabled by default when the system was initially installed with SELinux. + +.Prerequisites + +* The `selinux-policy-targeted`, `libselinux-utils`, and `policycoreutils` packages are installed on your system. + +* The `selinux=0` or `enforcing=0` kernel parameters are not used. + +.Procedure + +. Open the `/etc/selinux/config` file in a text editor of your choice, for example: + +---- +# vi /etc/selinux/config +---- + +. Configure the `SELINUX=enforcing` option: + +[subs="quotes"] +---- +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=*enforcing* +# SELINUXTYPE= can take one of these two values: +# targeted - Targeted processes are protected, +# mls - Multi Level Security protection. +SELINUXTYPE=targeted +---- + +. Save the change, and restart the system: ++ +[subs="quotes"] +---- +# reboot +---- ++ +On the next boot, SELinux relabels all the files and directories within the system and adds SELinux context for files and directories that were created when SELinux was disabled. + +.Verification + +. After the system restarts, confirm that the `getenforce` command returns `Enforcing`: + +---- +$ getenforce +Enforcing +---- + +[NOTE] +==== +After changing to enforcing mode, SELinux may deny some actions because of incorrect or missing SELinux policy rules. To view what actions SELinux denies, enter the following command as root: +[subs="quotes"] +---- +# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today +---- +Alternatively, with the [package]`setroubleshoot-server` package installed, enter: +[subs="quotes"] +---- +# grep "SELinux is preventing" /var/log/messages +---- + +Standard users can use the GUI `setroubleshoot` to file bugs directly to Bugzilla. + +If SELinux is active and the Audit daemon (auditd) is not running on your system, then search for certain SELinux messages in the output of the dmesg command: +---- +# dmesg | grep -i -e type=1300 -e type=1400 +---- + +If SELinux denies some actions, see the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux[Troubleshooting problems related to SELinux] chapter in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/index[RHEL 8 Using SELinux] document for information about troubleshooting. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_changing_runtime_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_changing_runtime_firewalld.adoc new file mode 100644 index 0000000..52eb6b5 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_changing_runtime_firewalld.adoc @@ -0,0 +1,50 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +[id='changing_runtime_firewalld_fedora'] + += Changing settings in runtime and permanent configuration using CLI + +Using the CLI, you can only modify either runtime or permanent mode. To modify the firewall settings in permanent mode, use the `--permanent` option with the `firewall-cmd` command. + +---- +$ sudo firewall-cmd --permanent +---- + +Without this option, the command modifies runtime mode. +To change settings in both modes, you can use two methods: + +* Change runtime settings and then make them permanent as follows: + +. Change the runtime settings: ++ +`firewall-cmd ` ++ +. Use `--runtime-to-permanent` to make the changes permanent. ++ +`firewall-cmd --runtime-to-permanent` + +* Set permanent settings and reload the settings into runtime mode: + +. Make the changes in permanent mode: ++ +`firewall-cmd --permanent ` ++ +. Reload the settings: ++ +`firewall-cmd --reload` + +The first method allows you to test the settings before you apply them to permanent mode. + +[NOTE] +==== +It is possible that an incorrect setting will result in a user locking themselves out of a machine. To prevent this, use the `--timeout` option. Using this option means that after a specified amount of time, any change reverts to its previous state. +You can not use the `--permanent` option with the `--timeout` option. + +For example, to add the SSH service for 15 minutes use this command: +---- +$ sudo firewall-cmd --add-service=ssh --timeout 15m +---- +The SSH service will be available until access is removed after 15 minutes. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_checking_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_checking_firewalld.adoc new file mode 100644 index 0000000..a31d331 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_checking_firewalld.adoc @@ -0,0 +1,130 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=checking-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Checking the firewalld status + +== Viewing the current status of `firewalld` + +The firewall service, `firewalld`, is installed on the system by default. Use the `firewalld` CLI interface to check that the service is running. + +To see the status of the service: + +---- +$ sudo firewall-cmd --state +---- + +For more information about the service status, use the [command]`systemctl status` sub-command: + +---- +$ sudo systemctl status firewalld +firewalld.service - firewalld - dynamic firewall daemon + Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor pr + Active: active (running) since Mon 2017-12-18 16:05:15 CET; 50min ago + Docs: man:firewalld(1) + Main PID: 705 (firewalld) + Tasks: 2 (limit: 4915) + CGroup: /system.slice/firewalld.service + └─705 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid +---- + +Furthermore, it is important to know how `firewalld` is set up and which rules are in force before you try to edit the settings. To display the firewall settings, see <> + +[[sec-Viewing_Current_firewalld_Settings]] +== Viewing current firewalld settings + +[[sec-Viewing_Allowed_Services_Using_GUI]] +=== Viewing allowed services using GUI + +To view the list of services using the graphical [application]*firewall-config* tool, press the kbd:[Super] key to enter the Activities Overview, type [command]`firewall`, and press kbd:[Enter]. The [application]*firewall-config* tool appears. You can now view the list of services under the `Services` tab. + +Alternatively, to start the graphical firewall configuration tool using the command-line, enter the following command: + +[subs="quotes, macros"] +---- +$ [command]`firewall-config` +---- + +The `Firewall Configuration` window opens. Note that this command can be run as a normal user, but you are prompted for an administrator password occasionally. +//// +[[exam-firewall_config_services]] +.The Services tab in firewall-config + +image::images/firewall-config-services.png[A screenshot of the firewall configuration tool - the Services tab] +//// +[[sec-Viewing_firewalld_Settings_Using_CLI]] +=== Viewing firewalld settings using CLI + +With the CLI client, it is possible to get different views of the current firewall settings. The [option]`--list-all` option shows a complete overview of the `firewalld` settings. + +`firewalld` uses zones to manage the traffic. If a zone is not specified by the [option]`--zone` option, the command is effective in the default zone assigned to the active network interface and connection. + +To list all the relevant information for the default zone: + +---- +$ firewall-cmd --list-all +public + target: default + icmp-block-inversion: no + interfaces: + sources: + services: ssh dhcpv6-client + ports: + protocols: + masquerade: no + forward-ports: + source-ports: + icmp-blocks: + rich rules: +---- + +[NOTE] +==== +To specify the zone for which to display the settings, add the [option]`--zone=pass:attributes[{blank}]_zone-name_pass:attributes[{blank}]` argument to the [command]`firewall-cmd --list-all` command, for example: +---- +~]# firewall-cmd --list-all --zone=home +home + target: default + icmp-block-inversion: no + interfaces: + sources: + services: ssh mdns samba-client dhcpv6-client +... [output truncated] + +---- +==== + +To see the settings for particular information, such as services or ports, use a specific option. See the `firewalld` manual pages or get a list of the options using the command help: + +---- +$ firewall-cmd --help + +Usage: firewall-cmd [OPTIONS...] + +General Options + -h, --help Prints a short help text and exists + -V, --version Print the version string of firewalld + -q, --quiet Do not print status messages + +Status Options + --state Return and print firewalld state + --reload Reload firewall and keep state information +... [output truncated] +---- + +For example, to see which services are allowed in the current zone: + +---- +$ firewall-cmd --list-services +samba-client ssh dhcpv6-client +---- + +Listing the settings for a certain subpart using the CLI tool can sometimes be difficult to interpret. For example, you allow the `SSH` service and `firewalld` opens the necessary port (22) for the service. Later, if you list the allowed services, the list shows the `SSH` service, but if you list open ports, it does not show any. Therefore, it is recommended to use the [option]`--list-all` option to make sure you receive a complete information. diff --git a/modules/ROOT/partialsdelete/2delete-proc_closing_ports_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_closing_ports_firewalld.adoc new file mode 100644 index 0000000..6953b95 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_closing_ports_firewalld.adoc @@ -0,0 +1,42 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=closing-ports-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Closing a port + +When an open port is no longer needed, close that port in firewalld. It is highly recommended to close all unnecessary ports as soon as they are not used because leaving a port open represents a security risk. + +.Closing a port using the command line + +To close a port, remove it from the list of allowed ports: + +. List all allowed ports: ++ +---- +$ firewall-cmd --list-ports +---- ++ +[WARNING] +==== +This command will only give you a list of ports that have been opened as ports. You will not be able to see any open ports that have been opened as a service. Therefore, you should consider using the --list-all option instead of --list-ports. +==== ++ +. Remove the port from the allowed ports to close it for the incoming traffic: ++ +---- +$ sudo firewall-cmd --remove-port=port-number/port-type +---- ++ +. Make the new settings persistent: ++ +---- +$ sudo firewall-cmd --runtime-to-permanent +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_configuring-apache-httpd.adoc b/modules/ROOT/partialsdelete/2delete-proc_configuring-apache-httpd.adoc new file mode 100644 index 0000000..3c9572d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_configuring-apache-httpd.adoc @@ -0,0 +1,145 @@ +[id='configuring-apache-httpd'] += Configuring Apache HTTPD + +`/etc/httpd/conf/httpd.conf` is the main Apache configuration file. Custom confirguration files are specified under `/etc/httpd/conf.d/*.conf`. If the same settings are specified in both `/etc/httpd/conf/httpd.conf` and a `.conf` file in `/etc/httpd/conf.d/`, the setting from the `/etc/httpd/conf.d/` file will be used. + +Files in `/etc/httpd/conf.d/` are read in alphabetical order: a setting from `/etc/httpd/conf.d/z-foo.conf` will be used over a setting from `/etc/httpd/conf.d/foo.conf`. Similarly, a setting from `/etc/httpd/conf.d/99-foo.conf`, will be used over a setting from `/etc/httpd/conf.d/00-foo.conf`. + +As a best practice, do not modify `/etc/httpd/conf/httpd.conf` or any of the `/etc/httpd/conf.d` files shipped by Fedora packages directly. If you make any local changes to these files, then any changes to them in newer package versions will not be directly applied. Instead, a `.rpmnew` file will be created, and you will have to merge the changes manually. + +It is recommended to create a new file in `/etc/httpd/conf.d/` which will take precedence over the file you wish to modify, and edit the required settings. For instance, to change a setting specified in `/etc/httpd/conf.d/foo.conf` you could create the file `/etc/httpd/conf.d/z-foo-local.conf`, and place your setting in that file. + +[NOTE] +==== +After making any changes to your server configuration, execute the following command: + +---- +sudo systemctl reload httpd.service +---- + +Certain changes may require Apache to be fully restarted. To fully restart Apache, execute the following command: + +---- +sudo systemctl restart httpd.service +---- +==== + +[id='enabling-access-to-web-applications'] +== Enabling access to web applications + +By default Fedora-packaged web applications are usually configured such that, access is allowed only from the localhost. This is defined by the file `/etc/httpd/conf.d/webapp.conf` which contains the following settings: + +---- + + + # Apache 2.4 + Require local + + + # Apache 2.2 + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + Allow from ::1 + + +---- + +Before allowing general access to the webapp, ensure to do the following: + +* [*] Webapp has been configured correctly +* [*] Administration interface and other sensitive areas are not accessible without appropriate authentication +* [*] Database configuration is secure, if the application uses a database + +To broaden access to the application, create a file `/etc/httpd/conf.d/z-webapp-allow.conf`. To allow access to all systems on a typical local network, add the following lines into the file: + +---- + + + # Apache 2.4 + Require local + Require ip 192.168.1 + + + # Apache 2.2 + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + Allow from ::1 + Allow from 192.168.1 + + +---- + +Once the application is correctly configured, add the following configuration to allow access from any host: + +---- + + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order Deny,Allow + Allow from all + + +---- + +[id='opening-firewall-ports'] +== Opening firewall ports + +IMPORTANT: This exposes your computer to the Internet and potential attackers. Secure your system and your Apache installation properly before exposing your server to the Internet. + +Apache uses port 80 for plain http connections and port 443 for TLS/SSL connections by default. To make this service available from other computers or the Internet, allow Apache through the firewall using any one the following commands: + +To allow Apache through the firewall at each boot: + +* For plain HTTP connections: ++ +---- +sudo firewall-cmd --permanent --add-service=http +---- + +* For TLS/SSL connections: ++ +---- +sudo firewall-cmd --permanent --add-service=https +---- + +To allow Apache through the firewall instantly: + +* For plain HTTP connections: ++ +---- +sudo firewall-cmd --add-service=http +---- + +* For TLS/SSL connections: ++ +---- +sudo firewall-cmd --add-service=https +---- + +NOTE: If your server is running in a network with a NAT router, you will also need to configure your router to forward the HTTP and HTTPS ports to your server, if you wish to allow access from outside your local network. + + +[id='disabling-test-page'] +== Disabling Test Page + +To disable the test page, comment out all the lines in the file `/etc/httpd/conf.d/welcome.conf` using `pass:[#]` as follows: + +---- +# +# Options -Indexes +# ErrorDocument 403 /.noindex.html +# + +# +# AllowOverride None +# Require all granted +# + +# Alias /.noindex.html /usr/share/httpd/noindex/index.html +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc b/modules/ROOT/partialsdelete/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc new file mode 100644 index 0000000..7416fde --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_configuring-nested-virtualization-in-virt-manager.adoc @@ -0,0 +1,13 @@ +[[proc_configuring-nested-virtualization-in-virt-manager]] += Configuring nested virtualization in virt-manager + +Configure your VM to use nested virtualization: + +. Open virt-manager, double-click the VM in which you wish to enable nested virtualization, and click the *Show virtual hardware details* icon. + +. Click *CPUs* in the side menu. In the *Configuration* section, there are two options - either type `host-passthrough` in the *Model:* field, or select the *Copy host CPU configuration* check box (that fills the `host-model` value in the *Model* field). ++ +NOTE: Using host-passthrough is not recommended for general usage. It should only be used for nested virtualization purposes. ++ +. Click *Apply*. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_configuring-xorg-as-default-gnome-session.adoc b/modules/ROOT/partialsdelete/2delete-proc_configuring-xorg-as-default-gnome-session.adoc new file mode 100644 index 0000000..a62df82 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_configuring-xorg-as-default-gnome-session.adoc @@ -0,0 +1,33 @@ +[id='proc-configuring-xorg-as-default-gnome-session'] += Configuring GNOME to use Xorg + +At the login screen, select the "gear" icon and select *GNOME on Xorg*. + +image::configuring-xorg-as-default-gnome-session_2.png[Login screen - select GNOME on Xorg] + +Once login is completed the X11 windowing system will be in use, as can be seen by returning to *Settings* > *About*. This change will persist unless changed back at the login screen. + + +image::configuring-xorg-as-default-gnome-session_3.png[Settings - About] + +[discrete] +== Changing the default GNOME session via configuration file + +As an alternative, this change can be made by editing a configuration file `/etc/gdm/custom.conf`. + +. Open `/etc/gdm/custom.conf` and uncomment the line: + + WaylandEnable=false + +. Add the following line to the `[daemon]` section: + + DefaultSession=gnome-xorg.desktop + +. Save the `custom.conf` file. + +. Logout or reboot to enter the new session. + +[NOTE] +==== +With the above changes applied, the option to set the GNOME session to use Wayland will actually be removed from the "gear icon" menu on the login screen. +==== \ No newline at end of file diff --git a/modules/ROOT/partialsdelete/2delete-proc_configuring_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_configuring_firewalld.adoc new file mode 100644 index 0000000..ceec17d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_configuring_firewalld.adoc @@ -0,0 +1,43 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +[id='configuring_firewalld_fedora'] + += Modifying Settings in runtime and permanent configuration using CLI + +Using the CLI, you do not modify the firewall settings in both modes at the same time. You only modify either runtime or permanent mode. To modify the firewall settings in the permanent mode, use the --permanent option with the firewall-cmd command. + +---- +$ sudo firewall-cmd --permanent +---- + +Without this option, the command modifies runtime mode. +To change settings in both modes, you can use two methods: + +Change runtime settings and then make them permanent as follows: +---- +$ sudo firewall-cmd +$ sudo firewall-cmd --runtime-to-permanent +---- + +Set permanent settings and reload the settings into runtime mode: + +---- +$ sudo firewall-cmd --permanent +$ sudo firewall-cmd --reload +---- + +The first method allows you to test the settings before you apply them to the permanent mode. + +[Note] +==== + +It is possible, especially on remote systems, that an incorrect setting results in a user locking themselves out of a machine. To prevent such situations, use the `--timeout` option. After a specified amount of time, any change reverts to its previous state. Using this options excludes the --permanent option. +For example, to add the SSH service for 15 minutes: + +---- +$ sudo firewall-cmd --add-service=ssh --timeout 15m +---- + +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_converting-sysvinit-services.adoc b/modules/ROOT/partialsdelete/2delete-proc_converting-sysvinit-services.adoc new file mode 100644 index 0000000..ec9ef1c --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_converting-sysvinit-services.adoc @@ -0,0 +1,99 @@ +[#converting-sysvinit-services] += Converting SysVinit services to systemd + +Older versions of Fedora use SysVinit scripts to manage services. This section provides some guidelines on how to convert a SysVinit script to a _systemd_ equivalent. + +[discrete] +== Prerequisites + +* You are logged in as a user with administrator-level permissions. + +* You have a custom SysVinit script to convert to a _systemd_ configuration. + +[discrete] +== Procedure + +. Identify the runlevels in your SysVinit script. This is usually defined with `chkconfig` directive in the commented section at the beginning of the script. For example, the following indicates the service is using runlevels 3, 4, and 5: ++ +---- +# chkconfig: 235 20 80 +---- ++ +systemd uses targets instead of runlevels. Use the table in <<#converting-sysvinit-services>> to map the runlevels to targets. In this example, runlevels 2, 3, and 5 are all multi-user runlevels, so the _systemd_ service can use the following: ++ +---- +[Install] +WantedBy=multi-user.target +---- ++ +If you enable the custom _systemd_ service to start at boot (`systemctl enable foo.service`), _systemd_ loads the service when loading the `multi-user.target` at boot time. + +. Identify the dependent services and targets. For example, if the custom service requires network connectivity, specify the `network.target` as a dependency: ++ +---- +[Unit] +Description=My custom service +After=network.target +---- + +. Identify the command used to start the service in the SysVinit script and convert this to the _systemd_ equivalent. For example, the script might contain a `start` function in the following format: ++ +[source,bash] +---- +start() { + echo "Starting My Custom Service..." + /usr/bin/myservice -D +} +---- ++ +In this example, the `/usr/bin/myservice` command is the custom service command set to daemonize with the `-D` option. Set the `ExecStart` parameter to use this command: ++ +---- +[Service] +ExecStart=/usr/bin/myservice -D +---- + +. Check the SysVinit script to see if the service uses a special command to restart the service. For example, the script might contain a `reboot` function that reloads the service: ++ +[source,bash] +---- +reboot() { + echo "Reloading My Custom Service..." + /usr/bin/myservice reload +} +---- ++ +In this example, the `/usr/bin/myservice` command is the custom service command and reloads the service using the `reload` subcommand. Set the `ExecReload` parameter to use this command: ++ +---- +[Service] +ExecReload=/usr/bin/myservice reload +---- ++ +Alternatively, you can omit `ExecReload` and use the default behavior, which kills the service and starts it again. + +. Check the SysVinit script to see if the service uses a special command to stop the service. For example, the script might contain a `stop` function that reloads the service: ++ +[source,bash] +---- +reboot() { + echo "Stopping My Custom Service..." + /usr/bin/myservice shutdown +} +---- ++ +In this example, the `/usr/bin/myservice` command is the custom service command and stop the service gracefully using the `shutdown` subcommand. Set the `ExecStop` parameter to use this command: ++ +---- +[Service] +ExecStop=/usr/bin/myservice shutdown +---- ++ +Alternatively, you can omit `ExecStop` and use the default behavior, which kills the service. + +. Review the SysVinit script and identify any additional parameters or functions. Use _systemd_ parameters to replicate any identified SysVinit functions that might be relevant to your service. + +[discrete] +== Related Information + +* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/partialsdelete/2delete-proc_copying-public-gpg-keys-manually.adoc b/modules/ROOT/partialsdelete/2delete-proc_copying-public-gpg-keys-manually.adoc new file mode 100644 index 0000000..3046835 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_copying-public-gpg-keys-manually.adoc @@ -0,0 +1,10 @@ +[[copying-public-gpg-keys-manually]] += Copying a Public Key Manually + +If you want to give or send a file copy of your key to someone, use this command to write it to an ASCII text file: + +---- +gpg --export --armor johndoe@example.com > johndoe-pubkey.asc +---- + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-a-disk-partition-in-linux.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-a-disk-partition-in-linux.adoc new file mode 100644 index 0000000..c518b61 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-a-disk-partition-in-linux.adoc @@ -0,0 +1,103 @@ +// Module included in the following assemblies: +// +// + +// Base the file name and the ID on the module title. For example: +// * file name: proc_creating-a-disk-partition-in-linux.adoc +// * ID: [id='creating-a-disk-partition-in-linux'] + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='creating-a-disk-partition-in-linux_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Creating a Disk Partition in Linux +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +This procedure describes how to partition a storage disk in Linux using the `parted` command. + +== Procedure + +. List the partitions using the `parted -l` command to identify the storage device you want to partition. Typically, the first hard disk (`/dev/sda` or `/dev/vda`) will contain the operating system, so look for another disk to find the one you want. For example: ++ +---- +sudo parted -l +Model: ATA RevuAhn_850X1TU5 (scsi) +Disk /dev/vdc: 512GB +Sector size (logical/physical): 512B/512B +Partition Table: msdos +Disk Flags: + +Number Start End Size Type File system Flags + 1 1049kB 525MB 524MB primary ext4 boot + 2 525MB 512GB 512GB primary lvm +---- ++ +. Open the storage device. Use the `parted` command to begin working with the selected storage device. For example: ++ +---- +sudo parted /dev/vdc +GNU Parted 3.3 +Using /dev/vdc +Welcome to GNU Parted! Type 'help' to view a list of commands. +(parted) +---- ++ +[IMPORTANT] +==== +Be sure to indicate the specific device you want to partition. If you just enter `parted` without a device name, it will randomly select a storage device to modify. +==== ++ +. Set the partition table type to `gpt`, then enter `Yes` to accept it. ++ +---- +(parted) mklabel gpt +Warning: the existing disk label on /dev/vdc will be destroyed +and all data on this disk will be lost. Do you want to continue? +Yes/No? Yes +---- ++ +[NOTE] +==== +The `mklabel` and `mktable` commands are both used for making a partition table on a storage device. At the time of writing, the supported partition tables are: `aix`, `amiga`, `bsd`, `dvh`, `gpt`, `mac`, `ms-dos`, `pc98`, `sun`, `atari`, and `loop`. Use `help mklabel` to get a list of supported partition tables. Remember `mklabel` will not make a partition, rather it will make a partition table. +==== +. Review the partition table of the storage device. ++ +---- +(parted) print +Model: Virtio Block Device (virtblk) +Disk /dev/vdc: 1396MB +Sector size (logical/physical): 512B/512B +Partition Table: gpt +Disk Flags: +Number Start End Size File system Name Flags +---- ++ +. Create a new partition using the following command. For example, 1396 MB on partition 0: ++ +---- +(parted) mkpart primary 0 1396MB + +Warning: The resulting partition is not properly aligned for best performance +Ignore/Cancel? I + +(parted) print +Model: Virtio Block Device (virtblk) +Disk /dev/vdc: 1396MB +Sector size (logical/physical): 512B/512B +Partition Table: gpt +Disk Flags: +Number Start End Size File system Name Flags + 1 17.4kB 1396MB 1396MB primary +---- ++ +[NOTE] +==== +Providing a partition name under GPT is a must; in the above example, primary is the name, not the partition type. In a GPT partition table, the partition type is used as partition name. +==== ++ +. Quit using the `quit` command. Changes are automatically saved when you quit `parted`. ++ +---- +(parted) quit +Information: You may need to update /etc/fstab. +---- ++ diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc new file mode 100644 index 0000000..21fdc68 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-cd.adoc.delete.adoc @@ -0,0 +1,139 @@ +[id='proc_creating-and-using-live-cd'] += Creating and using live CD + +[[getting-started]] +== Getting started + +To create a live image, the `livecd-creator` tool is used. For this, super user privileges are needed. + +The `livecd-creator` tool is part of the _livecd-tools_package. If it is not installed on your system, add it with DNF: + +[options="nowrap"] +---- +# dnf install livecd-tools spin-kickstarts +---- + +If you are interested in localized (i.e. translated into other languages) live CD files, install also _l10n-kickstarts_. + + +[id='configuring-the-image'] +== Configuring the image + +The configuration of the live image is defined by a file called _kickstart_. It can include some basic system configuration items, the package manifest, and a script to be run at the end of the build process. + +For the Fedora project, the most important live image configurations files are: + +* https://pagure.io/fedora-kickstarts/blob/main/f/fedora-live-base.ks[fedora-live-base.ks] + : The base live image system, included in the _livecd-tools_ package. +* For _Fedora 21 and later_: https://pagure.io/fedora-kickstarts/blob/main/f/fedora-live-workstation.ks[fedora-live-workstation.ks]. This is the Workstation product configuration. + +_kickstart_ files for other spins, e.g. Fedora Electronics Lab, can be found in `/usr/share/spin-kickstarts/` after installing the `spin-kickstarts` package. These pre-made configuration files can be a great place to start, as they already have some useful pre and post-installation scripts. + +image:system-config-kickstart.png[system-config-kickstart,title="fig:system-config-kickstart"] + +You can create a customized _kickstart_ file by running `system-config-kickstart`. + +[NOTE] +==== +You might have to install the package first with `dnf install system-config-kickstart`.\ +This tool is mainly intended for generating kickstart files for automated installs, not live images, so the output will probably not be usable without editing, but it may help you to generate particular kickstart directives. Remember to add the line `%include /usr/share/spin-kickstarts/fedora-live-base.ks` at the beginning of your _kickstart_ file to include the base live configuration. +==== + +[id='making-the-image'] +== Making the image + +To make the image, simply issue the following command: + +[options="nowrap"] +---- +ksflatten -c /usr/share/spin-kickstarts/fedora-live-workstation.ks \ +-o fedora-live-workstation-flat.ks +livecd-creator --verbose \ +--config=fedora-live-workstation-flat.ks \ +--fslabel=Fedora-LiveCD \ +--cache =/var/cache/live +---- + +The name given by `--fs-label` is used: + +* As a file system label on the ext3 and iso9660 file systems. As such, it's visible on the desktop as the CD name. +* In the _isolinux_ boot loader. + +If you have the repositories available locally and don't want to wait for the download of packages, just substitute the URLs listed in the configuration file to point to your local repositories. + +[NOTE] +==== +If you have an x86_64 machine you're building on but you want a 32-bit happy iso image, add the following before your livecd-creator command: + +[options="nowrap"] +---- +setarch i686 livecd-creator [...] +---- +==== + + +[id='examples'] +== Examples + + +[id='spinning-the-fedora-desktop'] +=== Spinning the Fedora desktop + +The following command: + +[options="nowrap"] +---- +ksflatten -c /usr/share/spin-kickstarts/fedora-live-workstation.ks \ +-o fedora-live-workstation-flat.ks +livecd-creator --verbose \ +--config=fedora-live-workstation-flat.ks \ +--fslabel=Fedora-LiveCD \ +--cache=/var/cache/live +---- + +This will create a live CD called *Fedora-LiveCD* using the `fedora-live-workstation.ks` configuration file. + + +[id='a-barebones-live-cd'] +=== A Barebones live CD + +The following command: + +[options="nowrap"] +---- +livecd-creator --verbose \ +--config=/usr/share/doc/livecd-tools-$(rpm -q livecd-tools --qf "%{VERSION}")/livecd-fedora-minimal.ks \ +--cache=/var/cache/live +---- + +This will create a live CD that will boot to a login prompt. + + +[id='testing-your-live-cd-using-kvm-or-qemu'] +== Testing your live CD using KVM or qemu + +image:qemu_gtk3.png[QEMU running Fedora 17,title="QEMU running Fedora 17"] + +As root: + +[options="nowrap"] +---- +# qemu-kvm -m 2048 -vga qxl -cdrom filename.iso +---- + +[NOTE] +==== +If you do not have https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine[KVM] support, you have to use qemu instead. + +[options="nowrap"] +---- +# qemu-system-x86_64 -m 2048 -vga qxl -cdrom filename.iso +---- +==== + +Replace `_filename.iso_` with the name of your created Live CD image and `_qemu-system-x86_64_` with an appropriate qemu binary for the target system, e.g. `qemu-system-i386`. + +[id='live-image-media-verification'] +== Live image media verification + +The live image can incorporate functionality to verify itself. To do so, you need to have _isomd5sum_ installed both on the system used for creating the image and installed into the image. This is so that the `implantisomd5` and `checkisomd5` utilities can be used. These utilities take advantage of embedding an _md5sum_ into the application area of the iso9660 image. This then gets verified before mounting the real root filesystem. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc new file mode 100644 index 0000000..ede4b7b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-and-using-live-usb.adoc.delete.adoc @@ -0,0 +1,178 @@ +:experimental: +include::{partialsdir}/attributes.adoc[] + +[id='proc_creating-and-using-live-usb'] += Creating and using live USB + +You can write all Fedora ISO images to a USB stick, making this a convenient way on any USB-bootable computer to either install Fedora or try a *live* Fedora environment without writing to the computer's hard disk. You will need a USB stick at least as large as the image you wish to write. + +[id='using-fedora-media-writer'] +== Using Fedora Media Writer + +The official and supported tool to create a Fedora USB stick is the *Fedora Media Writer* utility, which was formerly known as *LiveUSB Creator*. + + +[IMPORTANT] +==== +*Fedora Media Writer* destroys all data on the USB stick. If you need a non-destructive write method (to preserve existing data on your USB stick) or support for 'data persistence', you can use the xref:creating-and-using-a-live-installation-image.adoc#using-the-livecd-iso-to-disk-tool[livecd-iso-to-disk] utility on Fedora. +==== + +[id='gnome-disk-utility'] +== Using GNOME Disk Utility + +IMPORTANT: This method will destroy all data on the USB stick. If you need a non-destructive write method (to preserve existing data on your USB stick) and/or support for 'data persistence', you can use the `livecd-iso-to-disk` utility on Fedora. + +[WARNING] +==== +This method is considered unsupported. You can use it on your own risk. +==== + +This method is for people running Linux, or another unix with GNOME, Nautilus and the GNOME Disk Utility installed. Particularly, if you are using a distribution other than Fedora which does not support Flatpak, this may be the easiest available method. A standard installation of Fedora, or a standard GNOME installation of many other distributions, should be able to use this method. On Fedora, ensure the packages _nautilus_ and _gnome-disk-utility_ are installed. Similar graphical direct-write tools may be available for other desktops, or you may use the command-line _direct write_ method. + +. Download a Fedora image, choose a USB stick that does not contain any data you need, and connect it. +. Run Nautilus (Files), open the *Overview* by pressing the *Start/Super* key, type Files, and hit kbd:[Enter]. +. Find the downloaded image, right-click on it, go to *Open With*, and click *Disk Image Writer*. +. Select your USB stick as the *Destination*, and click *Start Restoring*. + + +[id='command-line-method'] +== Command line methods + +[WARNING] +==== +These methods are considered unsupported. You can use them on your own risk. +==== + +[id='using-the-livecd-iso-to-disk-tool'] +=== Using the livecd-iso-to-disk tool + +IMPORTANT: This method will destroy all data on the USB stick _if the `--format` parameter is passed_. + +The `livecd-iso-to-disk` method is slightly less reliable than Fedora Media Writer and can be used reliably only from within Fedora: it does not work in Windows or macOS, and is not supported (and will usually fail) in non-Fedora distributions. However, it supports three advanced features which FMW does not include: + +. You may use a _non-destructive_ method to create the stick, meaning existing files on the stick will not be destroyed. This is less reliable than the _destructive_ write methods, and should be used only if you have no stick you can afford to wipe. +. On live images, you can include a feature called a _persistent overlay_, which allows changes made to persist across reboots. You can perform updates just like a regular installation to your hard disk, except that kernel updates require manual intervention and overlay space may be insufficient. Without a _persistent overlay_, the stick will return to a fresh state each time it is booted. +. On live images, you can also have a separate area to store user account information and data such as documents and downloaded files, with optional encryption for security and peace of mind. + +By combining these features, you can carry your computer with you in your pocket, booting it on nearly any system you find yourself using. + +It is not a good idea to try and write a new Fedora release using the version of `livecd-iso-to-disk` in a much older Fedora release: it is best to only use a release a maximum of two versions older than the release you are trying to write. + +Ensure the https://packages.fedoraproject.org/pkgs/livecd-tools/livecd-tools/[livecd-tools] package is installed: `dnf install livecd-tools`. + +[NOTE] +==== +Remember to identify your USB stick's device name first. In all cases, you can add the parameter `--efi` to render the stick bootable in native UEFI mode. Detailed usage information is available by running: `livecd-iso-to-disk --help` or `man livecd-iso-to-disk`. + +To make an existing USB stick bootable as a Fedora image, without deleting any of the data on it, make sure that the USB drive is not mounted before executing the following, and give the root password when prompted: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX +---- + +In case it is not possible to boot from a disk created with the method shown above, before re-partitioning and re-formatting, often resetting the master boot record will enable booting: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk --reset-mbr Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX +---- +==== + +IMPORTANT: Using the `--format` option in the following command will erase all data on the USB drive. + +If necessary, you can have `livecd-iso-to-disk` re-partition and re-format the target stick: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk --format --reset-mbr Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX +---- + +To include a persistent filesystem for `/home`, use the `--home-size-mb` parameter. For example: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk --home-size-mb 2048 Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX +---- + +This will create a 2 GiB filesystem that will be mounted as `/home` each time the stick is booted, allowing you to preserve data in `/home` across boots. + +To enable 'data persistence' support - so changes you make to the entire live environment will persist across boots - add the `--overlay-size-mb` parameter to add a persistent data storage area to the target stick. For example: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk --overlay-size-mb 2048 Fedora-Workstation-Live-x86_64-{MAJOROSVER}-1.1.iso /dev/sdX +---- + +Here, `_2048_` is the desired size (in megabytes) of the overlay. The `livecd-iso-to-disk` tool will not accept an overlay size value greater than _4095_ for VFAT, but for ext[234] filesystems it is only limited by the available space. + +[NOTE] +==== +Due to the way it's currently implemented, every single change to this form of overlay, writes AND deletes, subtracts from its free space so it will eventually be "used up" and your USB stick will no longer boot. You can use `dmsetup` status `live-rw` to see how much space remains in the overlay. + +The output will contain something like snapshot `42296/204800`, indicating that 4229 of 204800 512-byte sectors are allocated. Because of these limitations, it is advisable to use the `system-level` persistence sparingly, for configuration changes and important security updates only. Or, if you have sufficient disk space available, changes to the `LiveOS` root filesystem snapshot can be merged into a new copy of the root filesystem. +==== + +You can combine `--home-size-mb` and `--overlay-size-mb`, in which case data written to `/home` will not exhaust the persistent overlay. + + +=== Using a direct write method + + +[IMPORTANT] +==== +This method will destroy all data on the USB stick. If you need a non-destructive write method, to preserve existing data on your USB stick, and/or support for `data persistence`, you can use the `livecd-iso-to-disk` utility on Fedora. +==== + +This method directly writes the image to the USB stick much like xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer] or GNOME Disk Utility, but uses a command line utility named `dd`. Like the other _direct write_ methods, it will destroy all data on the stick and does not support any of the advanced features like data persistence, but it is a very reliable method. The `dd` tool is available on most Unix-like operating systems, including Linux distributions and macOS, and a Windows port is available. This may be your best method if you cannot use xref:creating-and-using-a-live-installation-image.adoc#using-fedora-media-writer[Fedora Media Writer] or GNOME Disk Utility, or just if you prefer command line utilities and want a simple, quick way to write a stick. + +. Identify the name of the USB drive partition. If using this method on Windows, with the port linked above, the `dd --list` command should provide you with the correct name. +. *Unmount all mounted partition from that device*. This is very important, otherwise the written image might get corrupted. You can umount all mounted partitions from the device with `umount /dev/sdX*`, where `_X_` is the appropriate letter, e.g. `umount /dev/sdc*`. +. Write the ISO file to the device: ++ +[source,shell,subs="attributes"] +---- +# dd if=/path/to/image.iso of=/dev/sdX bs=8M status=progress oflag=direct +---- +. Wait until the command completes. ++ +NOTE: If you see `dd: invalid status flag: 'progress'`, your dd version doesn't support the `status=progress` option and you'll need to remove it. In this case, you won't see writing progress. + + +[id='unetbootin'] +== Using UNetbootin for Windows, macOS, and Linux + +[WARNING] +==== +This method is considered unsupported. You can use it on your own risk. +==== + +[NOTE] +==== +UNetbootin may work in some cases but not others - for instance, it will likely create a stick that is bootable in BIOS mode, but not UEFI mode. Fedora cannot guarantee support for UNetbootin-written images. + +While your results may vary, it is usually the case that the Fedora Media Writer, `livecd-iso-to-disk`, GNOME, and `dd` methods give better results than UNetbootin. If you encounter problems with UNetbootin, please contact the UNetbootin developers, not the Fedora developers. +==== + +https://unetbootin.github.io/[UNetbootin] is a graphical, bootable USB image creator. Using it will allow you to preserve any data you have in the USB drive. If you have trouble booting, however, you may wish to try with a blank, cleanly FAT32-formatted drive. + +NOTE: If you are running a 64-bit Linux distribution, UNetbootin may fail to run until you install the 32-bit versions of quite a lot of system libraries. + +. Download the latest UNetbootin version from the https://unetbootin.github.io/[official site] and install it. On Linux, the download is an executable file: save it somewhere, change it to be executable using `chmod ugo+x` filename or a file manager, and then run it. +. Launch UNetbootin. On Linux, you might have to type the root password. +. Click on `Diskimage` and search for the ISO file you downloaded. +. Select Type: USB drive and choose the correct device for your stick. +. Click OK. + +NOTE: If you do not see _sdX_ listed, you might have to reformat the drive. You can do this from most file manager or disk utility tools, e.g. the GNOME disk utility ("Disks") on Fedora. The FAT32 format is most likely to result in a bootable stick. This will cause you to lose all data on the drive. + + +[id='creating_usb_stick_from_a_running_live_environment'] +== Creating a USB stick from a running live environment + +If you are already running a live CD, DVD, or USB and want to convert that into a bootable USB stick, run the following command: + +[source,shell,subs="attributes"] +---- +# livecd-iso-to-disk /run/initramfs/livedev /dev/sdX" +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-cli.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-cli.adoc new file mode 100644 index 0000000..f2dc10e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-cli.adoc @@ -0,0 +1,130 @@ +[[creating-gpg-keys-cli]] += Creating GPG Keys Using the Command Line + +. Use the following shell command: ++ +---- +gpg --full-generate-key +---- ++ +This command generates a key pair that consists of a public and a private key. +Other people use your public key to authenticate and/or decrypt your communications. +Distribute your *public* key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. + +. Press the kbd:[Enter] key to assign a default value if desired. + The first prompt asks you to select what kind of key you prefer: ++ +---- +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (14) Existing key from card +Your selection? +---- ++ +In almost all cases, the default is the correct choice. +A RSA/RSA key allows you not only to sign communications, but also to encrypt files. + +. Choose the key size: ++ +---- +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) +---- ++ +Again, the default is sufficient for almost all users, and represents an _extremely_ strong level of security. + +. Choose when the key will expire. + It is a good idea to choose an expiration date instead of using the default, which is _none._ + If, for example, the email address on the key becomes invalid, an expiration date will remind others to stop using that public key. ++ +---- +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +---- ++ +Entering a value of `1y`, for example, makes the key valid for one year. +(You may change this expiration date after the key is generated, if you change your mind.) +Before the `gpg` program asks for signature information, the following prompt appears: ++ +---- +Is this correct (y/N)? +---- ++ +. Enter `y` to finish the process. + +. Enter your name and email address. + _Remember this process is about authenticating you as a real individual._ + For this reason, include your _real name_. + Do not use aliases or handles, since these disguise or obfuscate your identity. + +. Enter your real email address for your GPG key. + If you choose a bogus email address, it will be more difficult for others to find your public key. + This makes authenticating your communications difficult. + If you are using this GPG key for https://fedoraproject.org/wiki/Introduce_yourself_to_the_Docs_Project[self-introduction] on a mailing list, for example, enter the email address you use on that list. + +. Use the comment field to include aliases or other information. + (Some people use different keys for different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.") + +. Enter the letter `O` at the confirmation prompt to continue if all entries are correct, or use the other options to fix any problems. + +. Enter a passphrase for your secret key. + The `gpg` program asks you to enter your passphrase twice to ensure you made no typing errors. + +Finally, `gpg` generates random data to make your key as unique as possible. +Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. +Once this step is finished, your keys are complete and ready to use: + +---- +pub rsa3072 2021-02-09 [SC] [expires: 2022-02-09] + 3782CBB60147010B330523DD26FBCC7836BF353A +uid John Doe (Fedora Docs) +sub rsa3072 2021-02-09 [E] [expires: 2022-02-09] +---- + +The key fingerprint is a shorthand signature for your key. +It allows you to confirm to others that they have received your actual public key without any tampering. +You do not need to write this fingerprint down. +To display the fingerprint at any time, use this command, substituting your email address: + +---- +gpg --fingerprint johndoe@example.com +---- + +Your key fingerprint is actually a 160 bit SHA-1 hash of the key, represented as a 40 character string of hexadecimal digits. +Though shorter than the public key itself, it's still a bit unwieldy, so people tend to use a shorter _GPG key ID_ to refer to a key when, for example, looking up a key in a keyserver. +The GPG key ID is a small number of hex digits drawn from the characters representing the lower-order bits of the fingerprint. +The "short" GPG key ID consists of the final 8 characters of the hexadecimal fingerprint, that is, the last 32 bits of the fingerprint. +Short keys are unsafe and no longer recommended because it's possible to create collisions so that an attacker's forged key has the same short ID as your key. +Thus if you give someone the short GPG key ID of your key, they may retrieve the attacker's key from a keyserver instead. + +For this reason, it's preferred to use the "long" GPG key ID, which consists of the final 16 characters of your key's hexadecimal fingerprint. +This represents the 64 lower-order bits of your fingerprint, which is sufficient to be collision-resistant. +The `gpg` program makes it easy for you to find your key's long GPG key ID: + +---- +gpg --list-keys --fingerprint --key-id-format 0xlong johndoe@example.com +---- + +The `0xlong` format prepends "0x" to the key ID to make it clear that this is a series of hexadecimal digits; it is considered good practice to do this. +The output from the above command looks like this: + +---- +pub rsa3072/0x26FBCC7836BF353A 2021-02-09 [SC] [expires: 2022-02-09] + Key fingerprint = 3782 CBB6 0147 010B 3305 23DD 26FB CC78 36BF 353A +uid John Doe (Fedora Docs) +sub rsa3072/0xF834D62672E88A6F 2021-02-09 [E] [expires: 2022-02-09] +---- + +The first line (beginning with "pub") tells you what kind the key is (that is, 3072 bit RSA) and what the long key ID is (that is, `0x26FBCC7836BF353A`). +You can see that this corresponds to the last 16 characters of the Key fingerprint in the output. + +Now see <>. +Make sure to back up your revocation keys for all active keys as this allows to revoke keys in the event of lost passphrase of key compromise. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-gnome.adoc new file mode 100644 index 0000000..7425cda --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-gnome.adoc @@ -0,0 +1,27 @@ +[[creating-gpg-keys-gnome]] += Creating GPG Keys Using the GNOME Desktop + +Install the Seahorse utility, which makes GPG key management easier. + +. Select menu:Activities[Software]. + +. Click the _Search_ button and enter the name 'Seahorse'. + +. Click the Seahorse package and click btn:[Install] to add the software. + You can also install Seahorse using the command line with the command `sudo dnf install seahorse`. + +To create a key: + +. Select menu:Activities[Passwords and Encryption Keys], which starts the application Seahorse. + +. At the top left hand corner, click the menu:Plus Button[GPG Key]. + +. Type your full name, email address, and an optional comment describing who you are (e.g.: John C. Smith, jsmith@example.com, The Man). + +. Click btn:[Create]. + +. Choose a passphrase that is strong but also easy to remember in the dialog that is displayed. + +. Click btn:[OK] and the key is created. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-kde.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-kde.adoc new file mode 100644 index 0000000..7da4eb1 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-gpg-keys-kde.adoc @@ -0,0 +1,16 @@ +[[creating-gpg-keys-kde]] += Creating GPG Keys Using the KDE Desktop + +. Start the KGpg program from the main menu by selecting menu:Applications[Utilities > KGpg]. + If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. + +. Enter your name, email address, and an optional comment in the dialog box that appears prompting you to create a new key pair. + You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. + +. Enter your passphrase in the next dialog box. + At this point, your key appears in the main KGpg window. + +To find your GPG key ID, look in the _ID_ column next to the newly created key. +In most cases, if you are asked for the key ID, you should prepend `0x` to the last 8 characters of the key ID, as in `0x6789ABCD`. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-new-systemd-services.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-new-systemd-services.adoc new file mode 100644 index 0000000..2100fb3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-new-systemd-services.adoc @@ -0,0 +1,107 @@ +[#creating-new-systemd-services] += Creating new systemd services + +This example shows how to create a unit file for a custom service. Custom unit files are located in `/etc/systemd/system/` and have a `.service` extension. For example, a custom `foo` service uses `/etc/systemd/system/foo.service` unit file. + +[discrete] +== Prerequisites + +* You are logged in as a user with administrator-level permissions. + +[discrete] +== Procedure + +This procedure creates a basic configuration file to control the `foo` service. + +. Create and edit the new configuration file: ++ +---- +# nano /etc/systemd/system/foo.service +---- + +. The next few steps describe each section its parameters to add to the file: + +.. The `[Unit]` section provides basic information about the service. The `foo` service uses the following parameters: ++ +`Description`:: + A string describing the unit. _Systemd_ displays this description next to the unit name in the user interface. +`After`:: + Defines a relationship with a second unit. If you activate the unit, _systemd_ activates it only after the second one. For example, the `foo` service might require network connectivity, which means the `foo` services specifies `network.target` as an `After=` condition. ++ +The resulting `[Unit]` section looks like this: ++ +---- +[Unit] +Description=My custom service +After=network.target +---- + +.. The `[Service]` section provides instructions on how to control the service. The `foo` service uses the following parameters: ++ +`Type`:: + Defines the type of _systemd_ service. In this example, the `foo` service is a `simple` service, which starts the service without any special consideration. +`ExecStart`:: + The command to run to start the service. This includes the full path to the command and arguments to modify the service. ++ +The resulting `[Service]` section looks like this: ++ +---- +[Service] +Type=simple +ExecStart=/usr/bin/sleep infinity +---- + +.. The `[Install]` section provides instructions on how _systemd_ installs the service. The `foo` service uses the following parameters: ++ +`WantedBy`:: + Defines which service triggers the custom service if enabled with `systemctl enable`. This is mostly used for starting the custom service on boot. In this example, `foo.service` uses `multi-user.target`, which starts `foo.service` when _systemd_ loads `multi-user.target` on boot. + +. The full `foo.service` file contains the following contents: ++ +---- +[Unit] +Description=My custom service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/sleep infinity + +[Install] +WantedBy=multi-user.target +---- ++ +Save the file. + +. To make _systemd_ aware of the new service, reload its service files ++ +---- +# systemctl daemon-reload +---- + + +. Start the custom `foo` service: ++ +---- +# systemctl start foo +---- + +. Check the status of the service to ensure the service is running: ++ +---- +$ systemctl status foo +● foo.service - My custom service + Loaded: loaded (/etc/systemd/system/foo.service; static; vendor preset: disabled) + Active: active (running) since Thu 2017-12-14 14:09:12 AEST; 6s ago + Main PID: 31837 (sleep) + Tasks: 1 (limit: 4915) + CGroup: /system.slice/foo.service + └─31837 /usr/bin/sleep infinity + +Dec 14 14:09:12 dansmachine systemd[1]: Started My custom service. +---- + +[discrete] +== Related Information + +* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating-virtual-machines.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating-virtual-machines.adoc new file mode 100644 index 0000000..8bfe32e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating-virtual-machines.adoc @@ -0,0 +1,128 @@ +[[creating-virtual-machines]] += Creating virtual machines +include::{partialsdir}/attributes.adoc[] +:experimental: + +The installation of Fedora guests using Anaconda is supported. The installation can be started on the command-line using the `virt-install` program or in the user interface program `virt-manager`. + +[[creating-a-guest-with-virt-install]] +== Creating a guest with virt-install + +`virt-install` is a command-line based tool for creating virtualized guests. Execute `virt-install --help` for command line help, or you can find the manual page at `man 1 virt-install`. + +To use the virt-install command, you should first download an ISO of the Fedora version you wish to install. You can find the latest Fedora images at https://getfedora.org. This ISO is only needed during Fedora installation, and can be deleted to free up storage space afterwards if desired. More information about Fedora installation can be found in the xref:f{MAJOROSVER}@fedora:install-guide:index.adoc[Installation Guide]. In this example we'll use Fedora Workstation. + +=== Planning VM Resources +Adjust the ram, vcpus, and disk size parameters according to the resources you have available. + +* Storage: An easy way to check your disk size from a bash shell is using the `df(1)`` utility from the shell: + +[source,shell,subs="attributes"] +---- +# df -h +---- +* Memory: You can check your available memory from the shell using free(1): + +[source,shell,subs="attributes"] +---- +# free -m +---- +* VCPU: You can check your processor information using `lscpu(1)`: + +[source,shell,subs="attributes"] +---- +# lscpu +---- + +When allocating resources to your VM, keep in mind the minimum system requirements for the version of Fedora you are installing as well as your use case requirements. For Fedora {MAJOROSVER}, you can find this in the xref:f{MAJOROSVER}@fedora:release-notes:welcome/Hardware_Overview.adoc[Release Notes]. + +==== Create Storage for the VM + +The libvirt default storage pool is located at ``/var/lib/libvirt/images` - which is the parent file path we use in this example. For individuals who are lacking enough storage in that path, you can simply mount a new disk or partition to that directory path (from the BASH shell, type `man 1 mount`) or select a new path. In the example `virt-install` command below, the disk did not exist prior to running virt-install. When the specified disk is not pre-existing, you must specify the size so virt-install can create a disk for you. If your disk already exists, you can safely remove the `,size=20` parameter from the disk argument. + +You have several disk storage options for your VM. While it's outside the scope of this article to discuss these in detail, the following are a few common options. These examples use 20G as the upper limit for disk size, but you can adjust this size to fit your needs. + +[NOTE] +==== +Again, you do not need to manually allocate storage using the example options shown below if you specify the size parameter in the virt-install example shown below. +==== + +===== Raw File (Non-Sparse) + +To create a fully allocated (non-sparse) raw file: + +[source,shell,subs="attributes"] +---- +# sudo dd if=/dev/zero of=/var/lib/libvirt/images/guest.img bs=1M count=20480 +---- + +you can also use fallocate(1): + +[source,shell,subs="attributes"] +---- +# sudo fallocate -l 20480M /var/lib/libvirt/images/guest.img +---- + +===== Raw File (Sparse) + +To create a dynamically allocated (sparse) raw file: + +[source,shell,subs="attributes"] +---- +# sudo rm -f /var/lib/libvirt/images/guest.img +# sudo truncate --size=20480M /var/lib/libvirt/images/guest.img +---- + + +===== QCOW2 +To create a new qcow2-formatted disk separately, you can use qemu-img (the example below specifies a disk size of 20G): + +[source,shell,subs="attributes"] +---- +# sudo qemu-img create -f qcow2 /var/lib/libvirt/images/guest.qcow2 20480 +---- + +More information about libvirt storage options can be found at https://libvirt.org/storage.html. + +Finally, run the virt-install command using the following format (adjusting parameters as needed): + +[source,shell,subs="attributes"] +---- +# sudo virt-install --name Fedora{MAJOROSVER} \ +--description 'Fedora {MAJOROSVER} Workstation' \ +--ram 4096 \ +--vcpus 2 \ +--disk path=/var/lib/libvirt/images/Fedora-Workstation-{MAJOROSVER}/Fedora-Workstation-{MAJOROSVER}-20180518.0.x86_64.qcow2,size=20 \ +--os-type linux \ +--os-variant fedora{MAJOROSVER} \ +--network bridge=virbr0 \ +--graphics vnc,listen=127.0.0.1,port=5901 \ +--cdrom /var/lib/libvirt/images/Fedora-Workstation-{MAJOROSVER}/Fedora-Workstation-Live-x86-64-{MAJOROSVER}-1.1.iso \ +--noautoconsole +---- + +[NOTE] +==== +Note: For the graphics parameter, we're setting the vnc listener to localhost because it's more secure to tunnel your VNC connection through SSH so that you don't expose VNC to everyone with access to the network. +==== + +`virt-install` can use kickstart files, for example, `virt-install -x ks=kickstart-file-name.ks`. + +If graphics were enabled, a VNC window will open and present the graphical installer. If graphics were not enabled, a text installer will appear. Proceed with the Fedora installation. + +[[creating-a-guest-with-virt-manager]] +== Creating a guest with virt-manager + +. Start Virtual Machine Manager by navigating to menu:Applications[System Tools], or by running the following command: ++ +[source,shell,subs="attributes"] +---- +# sudo virt-manager +---- ++ +. Open a connection to a hypervisor by navigating to menu:File[Add connection]. +. Choose *qemu* for KVM, or *Xen* for Xen. +. Choose *local* or select a method to connect to a remote hypervisor. +. After a connection is opened, click the new icon next to the hypervisor, or right-click on the active hypervisor and select *New*. +. Configure the virtual machine following the steps in the *New VM* wizard. +. Click *Finish* at the end of the wizard to provision the guest operating system. After a few moments a VNC window will appear. Proceed with the Fedora installation. diff --git a/modules/ROOT/partialsdelete/2delete-proc_creating_xorg_conf.adoc b/modules/ROOT/partialsdelete/2delete-proc_creating_xorg_conf.adoc new file mode 100644 index 0000000..5507a81 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_creating_xorg_conf.adoc @@ -0,0 +1,18 @@ +[[creating-an-xorg-conf-file]] += Creating an xorg.conf file + +You can create a basic file using the `X` executable. It will contain sections and entries that you can edit to suit your needs. To create the file, enter this command as *root*: + +---- +# Xorg :1 -configure +---- + +Next, copy the file to the correct location: + +---- +# cp /root/xorg.conf.new /etc/X11/xorg.conf +---- + +Now you may edit the file according to your needs. + +See the `xorg.conf(5)` man page for more information. diff --git a/modules/ROOT/partialsdelete/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc new file mode 100644 index 0000000..5941575 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_cups-filing-a-bug-report.adoc.delete.adoc @@ -0,0 +1,74 @@ +[id='proc_cups-filing-a-bug-report'] += Filing a bug report + +:experimental: +include::{partialsdir}/attributes.adoc[] + +== Deciding which component + +Problems involving printing may relate to several components. + +The configuration GUI (See above) is either https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=control-center[GNOME 3 System Settings application] or https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=system-config-printer[system-config-printer]. These packages also provide the printer applet, handle automatic queue creation, and disable/enable queues when USB printers are disconnected and reconnected. + +Most GTK+ applications use the GTK+ print dialog. If the problem occurs when using GTK+ applications but not when printing from the command line or from another non-GTK+ application, the problem should probably be reported against the GTK+ version which the application uses. You can find out the version by the following query (*thunderbird* is used as an example of RPM package): + +---- +$ rpm -q thunderbird | grep gtk +libgtk-3.so.0 +---- + +From the output you can see *thunderbird* uses GTK+ version 3. + +If the problem occurs with only one GTK+ application, and other GTK+ applications print fine, the bug should be filed against that particular application. + +If the problem only happens with PDF files, the bug may well be in https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=poppler[poppler] (the CUPS *pdftops* filter is a wrapper around one of the poppler utility programs). + +Report bugs only seen using the *smb* backend against https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=samba[samba]. + +For bugs only seen when using the *hp* backend, or the hpijs or hpcups drivers, select https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=hplip[hplip] for the component. + +For bugs for cups-browsed daemon and its printer discovery, please select https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=cups-filters[cups-filters] + +Other possibilities, depending on the problem, include: + +* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=foomatic[foomatic] (the Foomatic CUPS filter and driver) +* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=foomatic-db[foomatic-db] (the actual printer database used by Foomatic) +* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=ghostscript[ghostscript] (which converts PostScript to other formats) +* https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=gutenprint[gutenprint] (a driver that supports very many printers) + +For anything else, or if you are not sure, choose https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=cups[cups] or use your best guess. + +== Other information to include + +Be prepared to include some information about your system as well. + +=== Before gathering of information + +* Please change your OS locale to English. +* Please attach gathered information as archive (example is xref:cups-useful-tricks.adoc#_how_to_compress_files[here], you may need root permissions) to the bugzilla issue. +* Please do not forget to trigger your issue after debug enabling and restarting cups and before information gathering. + +=== Information to gather + +* the PPD file for the print queue (from the `/etc/cups/ppd` directory) +* the document you are attempting to print -- if the document is large, please try to see if the problem also occurs with a smaller document +* cupsd journal logs when debug level 2 is turned on. See the xref:how-to-debug-printing-problems.adoc#_enable_cups_debug_logging[how-to for turning debug2 on and for getting logs from systemd-journald]. +* if the issue is connected to a print job, attach journal logs for this specific job too. How-to get logs xref:how-to-debug-printing-problems.adoc#_get_a_job_log_for_a_specific_job_id[here], example with JID. You can find out JID value by command: + +---- +$ lpstat -W all +---- + +Find your job there and JID is a number after '-'. + +* If the issue is about f.e. 'printing from evince prints garbage, but printing from libreoffice works', then attach two separate files - first will contain logs when you print from evince, latter logs when you print from libreoffice. +* [filename]`troubleshoot.txt` from system-config-printer (BEWARE: it doesn't contain journal logs - don't forget to attach them too). +* xref:how-to-debug-printing-problems.adoc#_what_make_and_model_is_my_printer[make and model] of printer +* config files - [filename]`/etc/cups/client.conf` (if it contains any changes from default), [filename]`/etc/cups/cupsd.conf` +* if the issue is with cups-browsed and printer's discovery, attach [filename]`/etc/cups/cups-browsed.conf` and cups-browsed logs gained by xref:how-to-debug-printing-problems.adoc#_cups_browsed_logging[this how-to]. + +Some example documents can be found in the https://fedoraproject.org/wiki/Category:Printing_Test_Cases[Printing Test Cases category]. + +== Further reading + +The https://fedoraproject.org/wiki/Printing[main printing page] and the xref:cups-terminology.adoc#_printing[printing terminology page] have more information about how printing works in Fedora. diff --git a/modules/ROOT/partialsdelete/2delete-proc_cups-how-to-debug-scanning-issues.adoc b/modules/ROOT/partialsdelete/2delete-proc_cups-how-to-debug-scanning-issues.adoc new file mode 100644 index 0000000..3313a05 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_cups-how-to-debug-scanning-issues.adoc @@ -0,0 +1,115 @@ +[id='proc_cups-how-to-debug-scanning-issues'] += How to debug scanning issues + +SANE library, communication libraries and backends can turn on and off debug logging via `SANE_DEBUG_*` environment variables. + +The common environment variables: + +* `SANE_DEBUG_DLL` - enables debugging SANE library +* `SANE_DEBUG_SANEI_USB` - enables debugging communication library for USB - add the environment variable if your device is connected via USB cable +* `SANE_DEBUG_SANEI_TCP` - enables debugging communication library for wireless/ethernet - add the environment variable if your device is connected by Wifi or Ethernet + +Environment variables for enabling debugging a specific backends have a structure - `SANE_DEBUG_`, so the environment variable for f.e. *HPAIO* backend is `SANE_DEBUG_HPAIO*`. + +You can find which SANE backend supports your device http://www.sane-project.org/sane-mfgs.html[here]. If your device is HP and it isn't supported by *airscan* backend or any other SANE backend, it can be supported by *hpaio* backend from *hplip* package, see the list of supported devices https://developers.hp.com/hp-linux-imaging-and-printing/supported_devices/index[here]. + +== Debugging scanner discovery + +If you don't see your scanner in scanning application, then debugging of discovery process is in order. I prefer using [command]`scanimage` in the examples, but the similar steps can be applied for every scanning application like [command]`xsane`, [command]`scanadf`, [command]`simple-scan` etc. + +You will need to use environment variables when you start a scanning application ([command]`scanimage` in this case). The environment variables used with [command]`scanimage` command depends on how your scanner is connected and which backend suppose to support it. So for getting debug logs for HP LaserJet device, *connected via Ethernet/Wifi and supported by HPAIO backend*, use command: + +---- +$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 scanimage -L &> discovery_output +---- + +or, f.e. if you have CanoScan 8600F, connected by USB and supported by genesys backend, use command: + +---- +$ SANE_DEBUG_DLL=255 SANE_DEBUG_GENESYS=255 SANE_DEBUG_SANEI_USB=255 scanimage -L &> discovery_output +---- + +Please attach the created [filename]`discovery_output` file as an attachment to the bugzilla ticket. + +== Debugging scanning process + +If the scanner is found, but an issue happens during scanning itself, we need to debug scanning process itself - which means debugging communication between backend and scanner when you start scanning a document. + +The debugging scanning itself looks similar as discovery - setup the environment variables before running the command/scanning application and catch logs into a file. The possible command can be (f.e. if you have *network scanner supported by HPAIO backend*): + +---- +$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 xsane &> debug_log +---- + +or (once you find out device uri from [command]`scanimage -L` - see the xref:_getting_a_scanner_device_uri[next section]): + +---- +$ SANE_DEBUG_DLL=255 SANE_DEBUG_HPAIO=255 SANE_DEBUG_SANEI_TCP=255 scanimage -d > out.pnm 2> debug_log +---- + +, where you substitute `` for the actual device uri, f.e. 'hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112'. + +Please attach the created file - [filename]`debug_log` - as an attachment to the bugzilla ticket. + +== Getting a scanner device uri + +This point is basically a manual how to get a scanner uri for debugging scanning itself via [command]`scanimage`. You don't need to provide a scanner uri in GUI applications like [command]`xsane` or [command]`simple-scan`, because the application will do it for you or you can choose the scanner by a mouse click. + +The [command]`scanimage -L` command returns an output where device uri of the device is shown, f.e.: + +---- +$ scanimage -L +device `v4l:/dev/video0' is a Noname Integrated Camera: Integrated C virtual device +device `hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112&queue=false' is a Hewlett-Packard laserjet_m1536dnf_mfp all-in-one +---- + +F.e.the string 'hpaio:/net/laserjet_m1536dnf_mfp?ip=192.168.1.112&queue=false' is a device uri for for Hewlett-Packard laserjet_m1536dnf_mfp all-in-one scanner. + +== Debugging HP scanner if it is supported by HPLIP + +The hplip package doesn't have unified logging, so some logs come out of HPAIO backend to standard output and HP internal utilities logs come to journal. So we need to capture both to get the understanding of situation. + +It can be done this way: + +* start capturing journal logs at background: + +---- +$ journalctl -f > journal_logs & +---- + +* trigger an action (xref:_debugging_scanner_discovery[discovery] or xref:_debugging_scanning_process[scanning]) +* kill the journalctl process, f.e. this way (if there is only one journactl process) + +---- +$ kill `pidof journalctl` +---- + +then attach the created file - [filename]`journal_logs` - as an attachment to the bugzilla ticket. Please do only one action per capture - that means if you are asked to attach log files for HP scanner discovery and scanning supported by hplip, you will attach as an attachment four files - [filename]`discovery_output`, [filename]`journal_logs` for discovery output, [filename]`debug_logs` and [filename]`journal_logs` for debug_logs. + +== Debugging sane-airscan + +If your device supports eSCL or WSD (you can find it out from device specification - look for the mentioned protocols or AirScan), then its scanning functionality is supported by *sane-airscan*. Regarding debugging, on the top of usual logging sane-airscan gathers a communication dump and output image, which is helpful during investigation. + +sane-airscan debugging can be enabled in [filename]`/etc/sane.d/airscan.conf` by setting: + +---- +[debug] +trace = /path/to/dir/where/debugfiles/will/be/saved +enable = true +---- + +Then do trigger your issue (xref:_debugging_scanner_discovery[discovery] or xref:_debugging_scanning_process[scanning]), go to the dir you defined in [filename]`/etc/sane.d/airscan.conf`, take all files from there and attach them to the bug ticket. + +== How to divide logs + +In case your debug log is too big for bugzilla to attach (because your issue doesn't happen with the lowest settings or logs are big even with the lowest settings), do divide the logs to three files like this: + +---- +$ grep dll debug_log > debug_log_dll +$ grep debug_log > debug_log_connection +$ grep debug_log > debug_log_backend +---- + + is the name of backend which supports your scanner (pixma, genesys, plustek, hpaio, airscan etc.), is the type of connection you use for the device (tcp, usb). + +The division makes the investigation more difficult (the person needs to have three opened files at the same time), so do divide the logs only if log file is too big. diff --git a/modules/ROOT/partialsdelete/2delete-proc_cups-identifying-your-problem-area.adoc b/modules/ROOT/partialsdelete/2delete-proc_cups-identifying-your-problem-area.adoc new file mode 100644 index 0000000..ce34651 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_cups-identifying-your-problem-area.adoc @@ -0,0 +1,422 @@ +[id='proc_cups-identifying-your-problem-area'] += Identifying your problem area + +Printing issues can be fairly complex and active cooperation or lots of data can be requested from reporter by maintainer to helping maintainer to at least understand and (if it is not hardware specific issue) reproduce the issue, so please have a patience and try to narrow the problem as much you are able to for maintainers. + +There can be: + +* issues with seeing or connecting to the printer (it can be cups backend issues, avahi issues, libusb issues, cups-browsed issues), +* accessibility issues (correct/wrong setup in cupsd.conf or its bad interpretation by cupsd daemon, bad cooperation with NIS, SSSD...), +* printing with help of samba (issues with smb backend, which is part of samba) or with samba authenticated through Kerberos (samba_krb5_printing), +* issues with filters used during filtering the document into document format supported by printer, which influence how or if the document will be printed (issue with filters - pdftops, pdftopdf, pstops, bannertopdf etc. - or issues with binaries or libraries which filters uses - libgs, qpdf, poppler...), +* issues with Postscript Printer Description files, which are old way of defining printers capabilities like supported page sizes, borders etc... + +Not mentioning possible limitations or issues in firmware or hardware of printer itself, so any kind of data or narrowing the issue is welcomed. + +The best start is to attach files with logs described further down. + +== CUPS logging + +All CUPS logging is redirected to journal by default since Fedora 28 (there was a redirecting of error_log to journal by default before Fedora 28). + +We need to define two different ways of capturing incident-bound CUPS whole logs - the one if the broken print queue isn't provided by HPLIP and the other if it is. They differs in the filter option of journald - if you use non-HPLIP queue for debugging, it is okay to gather the logs from cups systemd unit (by '-u cups'), because all error messages are correctly redirected to cups systemd unit logging and they are accessible in the output after unit filtering. HPLIP libraries are not implemented to do the same (upstream is unresponsive to accept a potencial fix into the project and the issue is not critical enough to drag a downstream patch forever), so their messages aren't marked for cups systemd unit and they're filtered out after calling journald with '-u cups'. For such queues journald log without filtering is required. + +[NOTE] +=============================== +Incident-bound journald log without filtering is required only for HPLIP print queues (their device uri starts with hp://) and it is unwanted for other queues, because it can be hard to read in larger cases. Please attach incident-bound journald log only when it is necessary. +=============================== + +=== Location of CUPS logging + +CUPS logging is located in the system journal by default, but the logging into a file can be set in [filename]`/etc/cups/cups-files.conf` with directive [option]`ErrorLog`. If you want to change the default settings, then the name of the logging file is irrelevant, but it is recommended to put the file into path `/var/log/cups`, otherwise SELinux will block cupsd from accessing it. + +Setting the logging to a file has following cons (without further operations): + +* unable to get only logs connected to a job without chaining more commands +* unable to get logs for specified time frame without chaining more commands + +For capturing a incident-bound logs `tail -f` can be used e.g.: + +---- +tail -f /var/log/cups/error_log +---- + +=== Enable CUPS debug logging + +Enable full debugging information with: + +---- +$ cupsctl LogLevel=debug2 +---- + +=== CUPS job log + +[IMPORTANT] +=============================== +If the problem appears when you sent document to print or if you are trying to, capture logs for this job. If the job log is available, its attaching is *REQUIRED*. +=============================== + +==== Prepare CUPS for job logging + +For being able to see specific job log, please turn on: + +---- +PreserveJobFiles Yes +---- + +in your [filename]`/etc/cups/cupsd.conf` file and restart cup service. Do not forget to remove the line after you are done with debugging. [command]`lpstat -W all` seems to be empty after printing if you do not enable the directive. + +==== Get a job log for a specific job ID + +To capture job log you need to know Job ID (JID) of the job - it is the number after dash in a request ID: + +Request ID looks like this: + +---- +- +---- + +and can be seen in terminal if you send a document to print by [command]`lp` command: + +---- +$ lp -d ... +request id is - (N file(s)) +---- + +Or when you list jobs (see [command]`man lpstat`) - the latest job is at the end: + +---- +$ lpstat -W all +... +- 1024 Wed 11 Jan 2017 05:52:19 PM CET +---- + +You can get the latest job logs automatically (if you have [command]`awk` installed and [command]`lpstat -W` all returns jobs) by: + +---- +$ journalctl -u cups JID=`lpstat -W all | awk '{print $1}' | awk -F '-' '{print $NF}' | tail -n 1` > cups_job_log +---- + +Or manually, if you found JID by yourself: + +---- +journalctl -u cups JID= > cups_job_log +---- + +=== Incident-bound cupsd log (broken print queue isn't HPLIP supported) + +Sometimes we cannot bind the error with a specific print job, so the job log is uneffective. Incident-bound cupsd log is needed. + +==== How to start to capture incident-bound cupsd logging + +In new terminal/terminal tab, please issue: + +---- +journalctl -f -u cups > cups_whole_log +---- + +==== How to get incident-bound cupsd logging + +After you trigger the error condition you are trying to diagnose e.g. printing something, try to find a printer via [command]`lpinfo` etc., you terminate capturing incident-bound cupsd log from xref:_how_to_start_to_capture_incident_bound_cupsd_logging[step above] by `+`. + +=== Incident-bound cupsd log (broken print queue is HPLIP supported) + +Unfortunately, HPLIP libraries don't log into CUPS unit in journal, so if your print queue is installed with HPLIP driver (its device uri starts with `hp://`), we need incident-bound journal log. + +==== How to start to capture incident-bound journal logging + +In new terminal/terminal tab, please issue: + +---- +journalctl -f > journal_whole_log +---- + +==== How to get incident-bound journal logging + +After you trigger the error condition you are trying to diagnose e.g. printing something, running HP script etc., you terminate capturing incident-bound journal log from xref:_how_to_start_to_capture_incident_bound_journal_logging[step above] by `+`. + +=== Turning off debug logging + +Please attach [filename]`cups_job_log` for the problematic job, [filename]`cups_whole_log` or [filename]`journal_log` if you caught whole cupsd log during the problematic event to bug report as an attachment. + +Then to turn off debugging information, do this: + +---- +$ sudo sed -i 's,LogLevel debug2,LogLevel warn,' /etc/cups/cupsd.conf +$ sudo systemctl restart cups +---- + +=== More commands for working with systemd-journald + +View the log messages with: + +---- +journalctl -u cups -e +---- + +or: + +---- +journalctl -u cups --since=... +---- + +To filter out messages relating to a specific job ID, use: + +---- +journalctl -u cups JID=... +---- + +(tab completion will show you which job IDs have log messages) + +== cups-browsed logging + +cups-browsed daemon was introduced in Fedora around cups-1.5 version. It can browse Bonjour broadcasts, CUPS broadcasts (deprecated) and LDAP servers for printers and create or remove local queues pointing to those printers. It can creates broadcasts of local CUPS queues, but it is marked as deprecated. + +For setting debug logging on you need to add: + +---- +DebugLogging stderr +---- + +to [filename]`/etc/cups/cups-browsed.conf`. + +The logs will be available in system journal after cups-browsed restart. + +== HPLIP scripts debug logging + +Python scripts from HPLIP (e.g. [command]`hp-setup`, [command]`hp-clean`, [command]`hp-scan`) have debug logging redirected to the standard error file descriptor, so they are not logged in journal. For getting their debug logging, run the script with `-ldebug` parameter e.g.: + +---- +$ hp-setup -ldebug -i +---- + +and reproduce the issue. Then copy the messages from terminal into [filename]`hp_script_log`. Please attach the file to the bugzilla ticket too. + +== What make and model is my printer? + +Each different printer has a model-specific Device ID. You can find out with the [command]`lpinfo` command: + +---- +su -c "lpinfo -l -v" +---- + +This command runs each of the backends in discovery mode, to get them to report devices they can automatically detect. This will output a series of blocks of lines, each one like this: + +---- +Device: uri = usb://HP/DESKJET%20990C?serial=U123456789AB + class = direct + info = HP DESKJET 990C + make-and-model = HP DESKJET 990C + device-id = MFG:HEWLETT-PACKARD;MDL:DESKJET 990C;CMD:MLC,PCL,PML;CLS:PRI +NTER;DES:Hewlett-Packard DeskJet 990C;SN:U123456789AB;S:00808880800010032C100000 +0C2000000;P:0800,FL,B0;J: ; + location = +---- + +The line which identifies this particular model type is the long one that starts "device-id =" (shown here wrapping over three lines). + +Note that if your printer cannot be automatically detected, you may still be able to find out the Device ID by running the appropriate backend with the printer hostname as the argument. The *usb*, *parallel*, *snmp*, and *dnssd* backends all try to report the actual Device ID given by the printer. + +---- +$ /usr/lib/cups/backend/snmp 10.34.18.3 + +network socket://10.34.18.3 "HP Color LaserJet CP2025dn" "HP Color LaserJet CP2025dn" +"MFG:Hewlett-Packard;CMD:PJL,PML,PCLXL,POSTSCRIPT,PCL;MDL:HP Color LaserJet CP2025dn; +CLS:PRINTER;DES:Hewlett-Packard Color LaserJet CP2025dn;MEM:MEM=55MB;COMMENT:RES=600x8;" "HP Color LaserJet CP2025dn" +---- + +Device ID is in this case (see http://www.cups.org/documentation.php/doc-1.5/man-backend.html[backend(7)]) the last but one field. + +== Which print queues are available for me? + +The queues on your machine can be permanent ones or temporary. CUPS is capable to list all available print queues on the local network (permanent and temporary queues) by: + +---- +$ lpstat -e +---- + +For permanent queues you are able to get more info with: + +---- +$ lpstat -t +---- + +== Which driver am I using? + +The PPD file for the printer queue can tell you which driver is in use. You can use this command to find out which driver is being used: + +---- +grep -H '^*NickName:' /etc/cups/ppd/*.ppd +---- + +You can also find this out using the [command]`system-config-printer` application. Double-click on the icon for the queue and look at the Make and Model field. + +To see the available drivers, click on the _Change..._ button next to that field. You might find it useful to try another driver to see if that shows the same problem. + +=== Driverless models + +Most printers released since 2010 are capable of AirPrint or IPP Everywhere, which means they don't need to be installed to work - the device is found by Avahi and the print capabilities are communicated via IPP protocol - they are basically driverless devices. There are two solutions in Fedora which implement IPP everywhere: + +- CUPS 'everywhere' model +- cups-filters 'driverless' driver + +==== CUPS 'everywhere' model + +It is CUPS implementation of IPP everywhere standard, available as a special printer model. The model is used when you use CUPS temporary queue for your device or if you install your device with as IPP Everywhere model in CUPS web ui or via lpadmin (using `-m everywhere`). + +Because the created PPD file depends on IPP communication with printer, we need info which is gathered from the device. You can use [command]`ipptool` for that: + +---- +$ ipptool --ippserver ipptool.attr get-printer-attributes.test +---- + +Attach the created [filename]`ipptool.attr` to the bugzilla ticket if needed. + +==== cups-filters 'driverless' driver + +Cups-filters special driver which is used for generating PPD according IPP Everywhere standard. The driver is used if you choose *driverless* model during printer installation. + +We need get-printer-attributes request output too: + +---- +$ ipptool --ippserver ipptool.attr get-printer-attributes.test +---- + +and debug logs from the driver itself when it generates PPD for your device: + +---- +$ driverless -d cat 2> driverless_debug > created_ppd +---- + +Attach all created files to the bugzilla ticket if needed. + +== Finding where the problem lies + +When a print job is processed it is sent through a chain of _filters_ to convert the file into a format the printer can understand, and then finally sent to a _backend_, a program which can transport the data to the printer. By slightly changing how you print you can try a different printing path to see if that changes anything. If it works around the problem, you know which area the problem was in -- include that information in a bug report so that we can fix it. + +=== Application + +Try printing from a different application to see if the problem goes away or if it occurs regardless of how a file is printed. Try printing the document from the command line using the [command]`lp` command. + +=== Document format + +If you are having problems printing PDF files, try printing other types of file to see if the problem is with printing anything or if it is specific to printing PDF files. Try converting the file to a different format and printing that. + +If the problem relates to printing text files, try removing/installing the paps package. This package provides an alternative text-to-PostScript filter to the one that comes with CUPS. + +To inspect the document that was submitted to CUPS for printing, enable the [option]`PreserveJobFiles` option like this: + +---- +cupsctl PreserveJobFiles=yes +---- + +Submitted job documents will remain in `/var/spool/cups`. There are files with two types of names - [filename]`dXXXXX-YYY` and [filename]`cXXXXX`. [filename]`dXXXXX-YYY` is file which goes to CUPS system, unfiltered file - `XXXXX` is job ID, which is filled with zeros to be 5 characters long, and `YYY` is sequence number of file in the job. [filename]`cXXXXX` is file which contains printing options for a job specified by job ID in `XXXXX`. Please attach [filename]`dXXXXX-YYY` to the bug for a job when you experience the issue + +==== Running filters by hand + +More advanced users may like to try running the CUPS filters by hand and examining the data file at each step as it is converted between different formats. Here is an example of doing this for a gutenprint queue named pqueue with the CUPS test page which is its own special MIME type, `application/vnd.cups-banner`: + +First you need to know the filter pipeline for `application/vnd.cups-banner` -> `printer/pqueue` (output MIME type). You can either xref:_enable_cups_debug_logging[enable debugging], print a test page, get xref:_cups_job_log[CUPS job log] and in cups_job_log you'll find something similar to: + +---- +envp[29]="FINAL_CONTENT_TYPE=printer/pqueue" +Started filter /usr/lib/cups/filter/bannertopdf (PID 1111) +Started filter /usr/lib/cups/filter/pdftopdf (PID 1112) +Started filter /usr/lib/cups/filter/gstoraster (PID 1113) +Started filter /usr/lib/cups/filter/rastertogutenprint.5.2 (PID 1114) +---- + +or run + +---- +/usr/lib/cups/filter/bannertopdf 1 me '' 1 '' bannertopdf.pdf +cupsfilter -e -m printer/pqueue -p /etc/cups/ppd/pqueue.ppd bannertopdf.pdf > /dev/null +---- + +and you'll see: + +---- +INFO: pdftopdf (PID 1111) started. +INFO: gstoraster (PID 1112) started. +INFO: rastertogutenprint.5.2 (PID 1113) started. +---- + + +[NOTE] +=============================== +This filter pipeline is from cups-1.6. With cups < 1.6 you can see bannertops -> pstops -> pstoraster instead. +=============================== + +Now you can run filters by hand: + +---- +export PPD=/etc/cups/ppd/pqueue.ppd +/usr/lib/cups/filter/bannertopdf 1 me '' 1 '' bannertopdf.pdf +/usr/lib/cups/filter/pdftopdf 1 me '' 1 '' pdftopdf.pdf +/usr/lib/cups/filter/pdftoraster 1 me '' 1 ''out.ras +/usr/lib/cups/filter/rastertogutenprint.5.2 1 me '' 1 ''out.prn +---- + +Here, [command]`evince` or [command]`okular` can be used to examine the output after the first two filters, [command]`rasterview` can be used to examine the output of the third filter, and the last filter's output must be inspected by hand or sent directly ([command]`lpr -oraw out.prn`) to the printer. + +=== Driver + +If you have access to a different make/model of printer it might be worth trying to see if the problem occurs on both of them or just one. This can give an indication about whether it is a problem with a particular driver, or if it is a more general problem. + +Even if you only have access to the one printer there is often a choice of drivers to use for a given printer model, and trying each one in turn can be useful in narrowing down the problem. See xref:_which_driver_am_i_using[above] for how to do that. + +==== Foomatic + +For Foomatic drivers you can try enabling Foomatic debugging by editing the file [filename]`/etc/foomatic/filter.conf` and adding a line: + +---- +debug: 1 +---- + +Next time you print a job to a queue using foomatic the debugging will be put in [filename]`/tmp/foomatic-rip.log`, and the input file as received by foomatic-rip will be in [filename]`/tmp/foomatic-rip.ps`. + +=== Backend (job transport) + +It may be possible for you to try a different backend. Using [command]`system-config-printer`, double-click on the printer queue icon and click the _Change..._ button next to the _Device URI_ field. You may see a _Connection_ expander arrow near the bottom right hand corner of the window -- click that to see which backends are available. For USB-connected HP printers, typically either of the *hp* and *usb* backends can be used. + +For capturing USB communication: + +* find out the bus number where USB device is connected, f.e.: + +---- +$ lsusb +Bus 002 Device 010: ID 03f0:012a HP, Inc HP LaserJet M1536dnf MFP + + = +---- + +* start USB packet capture: + +---- +$ sudo tcpdump -i usbmonN -s0 -w usb.pcap +---- + +where N is the bus number. + +For network printers you may have different protocols you can try. + +* *socket* is for HP JetDirect (usually port 9100) +* *lpd* is for older style UNIX print shares +* *smb* is for CIFS shares from Windows systems +* *ipp* is for Internet Printing Protocol-enabled devices and also for other CUPS servers +-- You can capture the IPP traffic with [command]`tcpdump` like this (the interface name may differ from *p4p1*): + +---- + tcpdump -n -i p4p1 -U -s0 -w ipp.pcap port ipp +---- + +* *bjnp* is for Canon's proprietary bjnp network protocol (usually port 8611) + +=== Configuration tool + +If your problem relates to configuring print queues, try using one of the other methods of doing so. There are four available: + +* The GNOME 3 System Settings application (*control-center*), _System Settings_ > _Printers_ from the GNOME Shell +* [command]`system-config-printer`, _System_ > _Administration_ > _Printing_ from the GNOME menu +* the CUPS web interface, http://localhost:631/ +* the command line tools [command]`lpadmin`, [command]`lpoptions`, [command]`cupsctl`, [command]`cupsaccept`, [command]`cupsenable` etc. diff --git a/modules/ROOT/partialsdelete/2delete-proc_disabling-gnome-screenlock.adoc b/modules/ROOT/partialsdelete/2delete-proc_disabling-gnome-screenlock.adoc new file mode 100644 index 0000000..725ec0d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_disabling-gnome-screenlock.adoc @@ -0,0 +1,24 @@ += Disabling the GNOME Automatic Screen Lock + +In the interest of safety and privacy, the GNOME automatic screen lock is enabled by default. + +When the screen locks after a period of inactivity, you must enter your password to unlock the screen. + +You can disable this feature at any time. + +To disable the GNOME automatic screen lock, complete the following steps. + +For Fedora 31 (GNOME 3.34): + +. On the desktop, navigate to the upper-right corner of the screen, click the arrow icon to expand the desktop options and then click the *Settings* icon. +. From the the *Settings* menu, select *Privacy*. +. On the *Privacy* page, select *Screen Lock*, and toggle the *Automatic Screen Lock* switch from *On* to *Off*. +. Close the window and verify that in the *Privacy* page, the *Screen Lock* is *Off*. + +For Fedora 32 (GNOME 3.36): + +. On the desktop, navigate to the upper-right corner of the screen, click the arrow icon to expand the desktop options and then click *Settings*. +. From the *Settings* menu, select *Privacy*, and then select *Screen Lock*. +. On the *Screen Lock* page, toggle the *Automatic Screen Lock* switch from *On* to *Off* + +To enable the automatic screen lock, repeat this process and toggle the switch from *Off* to *On*. diff --git a/modules/ROOT/partialsdelete/2delete-proc_disabling-repositories.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_disabling-repositories.adoc.delete.adoc new file mode 100644 index 0000000..52e7769 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_disabling-repositories.adoc.delete.adoc @@ -0,0 +1,17 @@ +[id='disabling-repositories'] += Disabling repositories + +This section shows how to disable a particular software repository by using the `dnf config-manager` command. + +* To disable a particular repository, run the following command as `*root*`. ++ +[literal,subs="+quotes,attributes"] +---- +dnf config-manager --set-disabled *_repository_* +---- ++ +Where *_repository_* is the unique repository ID, for example: ++ +---- +dnf config-manager --set-disabled fedora-extras +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_disabling-selinux.adoc b/modules/ROOT/partialsdelete/2delete-proc_disabling-selinux.adoc new file mode 100644 index 0000000..6fb62c9 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_disabling-selinux.adoc @@ -0,0 +1,70 @@ +// Module included in the following assemblies: +// +// changing-selinux-states-and-modes.adoc + +[#{context}-disabling-selinux] += Disabling SELinux + +Use the following procedure to permanently disable SELinux. + +[IMPORTANT] +==== +When SELinux is disabled, SELinux policy is not loaded at all; it is not enforced and AVC messages are not logged. Therefore, all benefits of running SELinux listed in xref:{context}-benefits-of-selinux[Benefits of SELinux] are lost. + +It is recommended to use permissive mode instead of permanently disabling SELinux. See xref:{context}-changing-to-permissive-mode[] for more information about permissive mode. +==== + +[Warning] +==== +Disabling SELinux using the SELINUX=disabled option in the /etc/selinux/config results in a process in which the kernel boots with SELinux enabled and switches to disabled mode later in the boot process. Because memory leaks and race conditions causing kernel panics can occur, prefer disabling SELinux by adding the selinux=0 parameter to the kernel command line as described in Changing SELinux modes at boot time if your scenario really requires to completely disable SELinux. +==== + +.Prerequisites + +* The [package]`grubby` package is installed: ++ +[subs="quotes"] +---- +$ *rpm -q grubby* +grubby-_version_ +---- + +.Procedure + +. Open the `/etc/selinux/config` file in a text editor of your choice, for example: ++ +[subs="quotes"] +---- +# vi /etc/selinux/config +---- + +. Configure the SELINUX=disabled option: ++ +[subs="quotes"] +---- +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=disabled +# SELINUXTYPE= can take one of these two values: +# targeted - Targeted processes are protected, +# mls - Multi Level Security protection. +SELINUXTYPE=targeted +---- + +. Save the change, and restart your system: +---- +# reboot +---- + +.Verification + +* After reboot, confirm that the [command]`getenforce` command returns `Disabled`: ++ +[subs="quotes"] +---- +$ *getenforce* +Disabled +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_disabling-shortcut-custom-app-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_disabling-shortcut-custom-app-gnome.adoc new file mode 100644 index 0000000..3874f61 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_disabling-shortcut-custom-app-gnome.adoc @@ -0,0 +1,36 @@ +[id='disabling-shortcut-custom-app-gnome'] += Disabling keyboard shortcuts for custom applications in GNOME + +This section describes how to disable a keyboard shortcut for starting a custom application in GNOME. + +[discrete] +== Procedure + +. Open *Settings* and choose the *Devices* entry from the list: ++ +image::shortcuts-settings-devices.png[] ++ +NOTE: Earlier Fedora versions might not need this step. + +. Choose the *Keyboard Shortcuts* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: ++ +image::shortcuts-keyboard-scroll.png[] + +. Scroll down in the list of shortcuts and applications until you locate the application that you want to disable: ++ +image::shortcuts-added.png[] + +. Click on the entry. ++ +A window for editing the shortcut appears: ++ +image::shortcuts-edit.png[] + +. Click the small *x* button to the right of the displayed shortcut. ++ +The keyboard shortcut is removed from this shortcut and the shortcut list now displays _Disabled_ instead of the key combination: ++ +image::shortcuts-disabled.png[] + +. Close the shortcut editing window. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_discovering-the-firmware-type.adoc b/modules/ROOT/partialsdelete/2delete-proc_discovering-the-firmware-type.adoc new file mode 100644 index 0000000..ab8277c --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_discovering-the-firmware-type.adoc @@ -0,0 +1,11 @@ +[[discovering-the-firmware-type]] += Discovering the firmware type + +To discover what firmware your machine uses, run the following command: + +[source,bash] +---- +$ [ -d /sys/firmware/efi ] && echo UEFI || echo BIOS +---- + +The output returns only UEFI or BIOS, depending on the firmware your machine runs. diff --git a/modules/ROOT/partialsdelete/2delete-proc_displaying-current-hostname.adoc b/modules/ROOT/partialsdelete/2delete-proc_displaying-current-hostname.adoc new file mode 100644 index 0000000..3d5e931 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_displaying-current-hostname.adoc @@ -0,0 +1,34 @@ +// Module included in the following assemblies: +// +// changing-hostname.adoc + +[id='displaying-current-hostname'] + +== Displaying your current hostname + +For Fedora Workstation, using the default GNOME desktop, open the Settings application and choose About. + +image::displaying-current-hostname-1.png[GNOME Settings - About] + +To see the hostname from the command line, use the command `hostnamectl` with no options. The example output below shows the static and transient hostnames. Your output may be slightly different depending on which hostname types have been set. + +.... + Static hostname: localhost.localdomain +Transient hostname: fedora + Icon name: computer-laptop + Chassis: laptop + Machine ID: 15fc9e69d007013025f31bc5272c4ed1 + Boot ID: 41ac938872bae052294bcb277241ac93 + Operating System: Fedora 33 (Workstation Edition) + CPE OS Name: cpe:/o:fedoraproject:fedora:33 + Kernel: Linux 5.10.10-200.fc33.x86_64 + Architecture: x86-64 +.... + +To see the current static, transient or pretty hostname, you can use the `hostnamectl` command with options, such as: + +.... +hostnamectl --static +hostnamectl --transient +hostnamectl --pretty +.... diff --git a/modules/ROOT/partialsdelete/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc new file mode 100644 index 0000000..49fe560 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_displaying_user_prompt_on_gnome_login_screen.adoc.delete.adoc @@ -0,0 +1,70 @@ +[id=displaying-user-prompt-instead-of-list-of-users-on-GNOME-login-screen] += Displaying a user prompt instead of a list of users on the GNOME login screen + +To show a user prompt on the GNOME login screen, open a terminal and perform the following steps: + +. Create a file for the GNOME Display Manager (GDM) configuration. ++ +---- +$ sudo mkdir /etc/dconf/db/gdm.d +---- ++ +---- +$ sudo vim /etc/dconf/db/gdm.d/01-hide-users +---- + +. In a text editor of your choice, `vim` in this example, insert the following content to the `/etc/dconf/db/gdm.d/01-hide-users` file: ++ +---- +[org/gnome/login-screen] +banner-message-enable=true +banner-message-text='ENTER ANY MESSAGE YOU WANT HERE. FOR A NEW LINE USE \n.' +disable-restart-buttons=true +disable-user-list=true +---- ++ +[NOTE] +-- +To not display the banner message, do not include the first and second line. To enable the `Restart` button, do not include the fourth line. +-- ++ +Save the file and return to the terminal. + +. Create another file for GDM configuration. ++ +---- +$ sudo vim /etc/dconf/profile/gdm +---- ++ +Insert the following content in the `/etc/dconf/profile/gdm` file: ++ +---- +user-db:user +system-db:gdm +---- ++ +Save the file. + +. Enter the following command: ++ +---- +$ sudo dconf update +---- + +. Check if the command was executed correctly: ++ +---- +$ ls /etc/dconf/db +---- ++ +The output should contain the following: ++ +---- +gdm gdm.d ... [output truncated] +---- + +. Restart GDM for the changes to take effect. ++ +---- +$ sudo systemctl restart gdm +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_downloading-fedora.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_downloading-fedora.adoc.delete.adoc new file mode 100644 index 0000000..71c72a4 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_downloading-fedora.adoc.delete.adoc @@ -0,0 +1,14 @@ +[id='downloading-fedora'] += Downloading Fedora +include::{partialsdir}/attributes.adoc[] + +You can download Fedora from https://getfedora.org/. + +There are multiple desktops available for use with Fedora. Each has a slightly different look and feel and offers varying levels of customization. You can use the link:https://getfedora.org/en/workstation/[Fedora Workstation] image, which comes with the GNOME desktop by default, and then change your environment afterwards by installing additional packages, or you can download a spin image which will give you a different environment out of the box. Visit link:https://spins.fedoraproject.org/[Fedora Spins] for more information. + +You can also take advantage of Fedora Labs. Fedora Labs is a selection of curated bundles of purpose-driven software and content as curated and maintained by members of the Fedora Community. These may be installed as standalone full versions of Fedora or as add-ons to existing Fedora installations. Visit link:https://labs.fedoraproject.org/[Fedora Labs] for details. + +[NOTE] +==== +Please refer to xref:f{MAJOROSVER}@fedora:install-guide:index.adoc[Fedora Installation Guide] for getting help on the process of installing Fedora. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-hardware-virtualization-support.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-hardware-virtualization-support.adoc new file mode 100644 index 0000000..c72a417 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-hardware-virtualization-support.adoc @@ -0,0 +1,22 @@ +[[enabling-hardware-virtualization-support]] += Enabling hardware virtualization support + +This section covers setting up `libvirt` on your system. After setting up `libvirt`, you can create virtualized guest operating systems, also known as virtual machines. + + +[[system-requirements]] +== System requirements + +To run virtualization on Fedora, you need: + +* At least 600MB of hard disk storage per guest. A minimal command-line Fedora system requires 600MB of storage. Standard Fedora desktop guests require at least 3GB of space. + +* At least 256MB of RAM per guest, plus 256MB for the base operating system. At least 756MB is recommended for each guest of a modern operating system. A good way to estimate this is to think about how much memory is required for the operating system normally, and allocate that amount to the virtualized guest. + +KVM requires a CPU with virtualization extensions, found on most consumer CPUs. These extensions are called Intel VT or AMD-V. To check whether you have CPU support, run the following command: + +---- +$ egrep '^flags.*(vmx|svm)' /proc/cpuinfo +---- + +If this command results in nothing printed, your system does not support the relevant virtualization extensions. You can still use QEMU/KVM, but the emulator will fall back to software virtualization, which is much slower. diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-repositories.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-repositories.adoc.delete.adoc new file mode 100644 index 0000000..cbfec9a --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-repositories.adoc.delete.adoc @@ -0,0 +1,17 @@ +[id='enabling-repositories'] += Enabling repositories + +This section shows how to enable a particular software repository by using the `dnf config-manager` command. + +* To enable a particular repository, run the following command as `*root*`. ++ +[literal,subs="+quotes,attributes"] +---- +dnf config-manager --set-enabled *_repository_* +---- ++ +Where *_repository_* is the unique repository ID, for example: ++ +---- +dnf config-manager --set-enabled fedora-extras +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-selinux.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-selinux.adoc new file mode 100644 index 0000000..892b9a4 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-selinux.adoc @@ -0,0 +1,72 @@ +// Module included in the following assemblies: +// +// changing-selinux-states-and-modes.adoc + +[#{context}-enabling-selinux] += Enabling SELinux + +When enabled, SELinux can run in one of two modes: enforcing or permissive. The following sections show how to permanently change into these modes. + +While enabling SELinux on systems that previously had it disabled, to avoid problems, such as systems unable to boot or process failures, follow this procedure. + +.Prerequisites + +* The [package]`selinux-policy-targeted`, [package]`selinux-policy`, [package]`libselinux-utils`, and [package]`grubby` packages are installed. To check that a particular package is installed: ++ +[subs="quotes"] +---- +$ *rpm -q _package_name_* +---- + +.Procedure + +. If your system has SELinux disabled at the kernel level (this is the recommended way, see xref:{context}-disabling-selinux[]), change this first. Check if you have the `selinux=0` option in your kernel command line: ++ +[subs="quotes"] +---- +$ *cat /proc/cmdline* +BOOT_IMAGE=... ... selinux=0 +---- + +.. Remove the `selinux=0` option from the bootloader configuration using [command]`grubby`: ++ +[subs="quotes"] +---- +$ *sudo grubby --update-kernel ALL --remove-args selinux* +---- + +.. The change applies after you restart the system in one of the following steps. + +. Ensure the file system is relabeled on the next boot: ++ +[subs="quotes"] +---- +$ *sudo fixfiles onboot* +---- + +. Enable SELinux in permissive mode. For more information, see xref:{context}-changing-to-permissive-mode[]. + +. Restart your system: ++ +[subs="quotes"] +---- +$ *reboot* +---- + +. Check for SELinux denial messages. ++ +[subs="quotes"] +---- +$ *sudo ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent* +---- + +. If there are no denials, switch to enforcing mode. For more information, see xref:{context}-changing-to-enforcing-mode[]. + +To run custom applications with SELinux in enforcing mode, choose one of the following scenarios: + +* Run your application in the `unconfined_service_t` domain. +// See <> for more information. + +* Write a new policy for your application. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux[Writing a custom SELinux policy] chapter in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/index[RHEL 8 Using SELinux] document for more information. + +// Temporary changes in modes are covered in <<{context}-selinux-states-and-modes>>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-serial-console-grub.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-serial-console-grub.adoc new file mode 100644 index 0000000..521708e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-serial-console-grub.adoc @@ -0,0 +1,18 @@ +[[enabling-serial-console-grub]] += Enabling Serial Console in GRUB2 + +To enable Serial console in grub: + +.Procedure + +. Edit the `/etc/default/grub` file. + +. Adjust `baudrate`, `parity`, `bits`, and `flow` controls to fit your environment and cables, see the example. ++ +---- +GRUB_CMDLINE_LINUX='console=tty0 console=ttyS0,115200n8' +GRUB_TERMINAL=serial +GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" +---- + +. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-shortcut-custom-app-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-shortcut-custom-app-gnome.adoc new file mode 100644 index 0000000..701f2a5 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-shortcut-custom-app-gnome.adoc @@ -0,0 +1,39 @@ +[id='enabling-shortcut-custom-app-gnome'] += Enabling keyboard shortcuts for custom applications in GNOME + +This section describes how to enable a keyboard shortcut for starting a custom application in GNOME. + +. Open *Settings* and choose the *Devices* entry from the list: ++ +image::shortcuts-settings-devices.png[] ++ +NOTE: Earlier Fedora versions might not need this step. + +. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: ++ +image::shortcuts-keyboard-scroll.png[] + +. Scroll down in the list of shortcuts and applications until you locate the application that you want to enable: ++ +image::shortcuts-list-disabled.png[] + +. Click on the entry. ++ +A window for editing the shortcut appears: ++ +image::shortcuts-disabled.png[] + +. Click the *Set shortcut...* button. ++ +A window for entering the keyboard shortcut appears: ++ +image::shortcuts-enabling-entering.png[] + +. Press the key combination that should become the shortcut for starting the application. ++ +As soon as you release the key combination, the window for entering the shortcut closes. The window for application name and command now displays the entered shortctut: ++ +image::shortcuts-enabling-entered.png[] + +. Close the shortcut editing window. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc new file mode 100644 index 0000000..1729684 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-appstream-data.adoc @@ -0,0 +1,19 @@ +[id="proc_enabling-the-rpmfusion-repositories-appstream-data_{context}"] += Enabling Appstream data from the RPM Fusion repositories + +This procedure describes how to install the Appstream data provided by the RPM Fusion software repositories. + +[discrete] +== Prerequisites + +* You have internet access. +* You are using the Gnome desktop environment. +* You have the RPMFusion repositories installed + +[discrete] +== Procedure + +[subs=+quotes] +---- +$ sudo dnf group update core +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc new file mode 100644 index 0000000..e326f39 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc @@ -0,0 +1,65 @@ +// Module included in the following assemblies: +// +// + +// This module can be included from assemblies using the following include statement: +// include::modules/proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems.adoc[leveloffset=+1] + +// The file name and the ID are based on the module title. For example: +// * file name: proc_doing-procedure-a.adoc +// * ID: [id='proc_doing-procedure-a_{context}'] +// * Title: = Doing procedure A +// +// The ID is used as an anchor for linking to the module. Avoid changing +// it after the module has been published to ensure existing links are not +// broken. +// +// The `context` attribute enables module reuse. Every module's ID includes +// {context}, which ensures that the module has a unique ID even if it is +// reused multiple times in a guide. +// +// Start the title with a verb, such as Creating or Create. See also +// _Wording of headings_ in _The IBM Style Guide_. +[id="proc_enabling-the-rpmfusion-repositories-for-ostree-based-systems_{context}"] += Enabling the RPM Fusion repositories for ostree-based systems + +This procedure describes how to enable the RPM Fusion software repositories for systems based on ostree (i.e. Silverblue, Kinoite, Fedora IoT). + +This is a two-stage process where you have to install versioned RPM Fusion repos and then you are able to replace them with unversioned RPM Fusion repos. + +[NOTE] +==== +For more information about this process and the problem it solves, please refer to the relevant https://discussion.fedoraproject.org/t/simplifying-updates-for-rpm-fusion-packages-and-other-packages-shipping-their-own-rpm-repos/30364[thread on the Fedora Discourse site]. +==== + +[discrete] +== Prerequisites + +* You are using an ostree-based system such as Silverblue, Kinoite, or Fedora IoT. +* You have internet access. + +[discrete] +== Procedure + +. To install the versioned _Free_ and _Nonfree_ RPM Fusion repos: ++ +[subs=+quotes] +---- +$ sudo rpm-ostree install \ + https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ + https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm +$ reboot +---- + +. To replace the versioned RPM Fusion repos that were previously installed with the unversioned repos: ++ +[subs=+quotes] +---- +$ sudo rpm-ostree update \ + --uninstall rpmfusion-free-release \ + --uninstall rpmfusion-nonfree-release \ + --install rpmfusion-free-release \ + --install rpmfusion-nonfree-release +$ reboot +---- + diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc new file mode 100644 index 0000000..c26933f --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc @@ -0,0 +1,53 @@ +// Module included in the following assemblies: +// +// + +// This module can be included from assemblies using the following include statement: +// include::modules/proc_enabling-the-rpmfusion-repositories-using-command-line-utilities.adoc[leveloffset=+1] + +// The file name and the ID are based on the module title. For example: +// * file name: proc_doing-procedure-a.adoc +// * ID: [id='proc_doing-procedure-a_{context}'] +// * Title: = Doing procedure A +// +// The ID is used as an anchor for linking to the module. Avoid changing +// it after the module has been published to ensure existing links are not +// broken. +// +// The `context` attribute enables module reuse. Every module's ID includes +// {context}, which ensures that the module has a unique ID even if it is +// reused multiple times in a guide. +// +// Start the title with a verb, such as Creating or Create. See also +// _Wording of headings_ in _The IBM Style Guide_. +[id="proc_enabling-the-rpmfusion-repositories-using-command-line-utilities_{context}"] += Enabling the RPM Fusion repositories using command-line utilities + +This procedure describes how to enable the RPM Fusion software repositories without using any graphical applications. + +[discrete] +== Prerequisites + +* You have internet access. + +[discrete] +== Procedure + +. To enable the _Free_ repository, use: ++ +[subs=+quotes] +---- +$ sudo dnf install \ + https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm +---- + +. Optionally, enable the _Nonfree_ repository: ++ +[subs=+quotes] +---- +$ sudo dnf install \ + https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm +---- + +. The first time you attempt to install packages from these repositories, the `dnf` utility prompts you to confirm the signature of the repositories. Confirm it. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc new file mode 100644 index 0000000..93eeae5 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc @@ -0,0 +1,47 @@ +// Module included in the following assemblies: +// +// + +// This module can be included from assemblies using the following include statement: +// include::modules/proc_enabling-the-rpmfusion-repositories-using-graphical-applications.adoc[leveloffset=+1] + +// The file name and the ID are based on the module title. For example: +// * file name: proc_doing-procedure-a.adoc +// * ID: [id='proc_doing-procedure-a_{context}'] +// * Title: = Doing procedure A +// +// The ID is used as an anchor for linking to the module. Avoid changing +// it after the module has been published to ensure existing links are not +// broken. +// +// The `context` attribute enables module reuse. Every module's ID includes +// {context}, which ensures that the module has a unique ID even if it is +// reused multiple times in a guide. +// +// Start the title with a verb, such as Creating or Create. See also +// _Wording of headings_ in _The IBM Style Guide_. +[id="proc_enabling-the-rpmfusion-repositories-using-graphical-applications_{context}"] += Enabling the RPM Fusion repositories using graphical applications + +This procedure describes how to enable the RPM Fusion software repositories without using any command-line utilities. + +[discrete] +== Prerequisites + +* You have internet access. +* You are using the Gnome desktop environment. + +[discrete] +== Procedure + +. In your web browser, open the following page: link:https://rpmfusion.org/Configuration[]. + +. To enable the _Free_ repository, click the *RPM Fusion free for Fedora _version_* link on the page, where _version_ is the Fedora release you are using. This prompts you to save or open the repo file. + +. Open the file using the *Software Install* application. + +. The *Software* application opens. Click the blue *Install* button. + +. Optionally, enable the _Nonfree_ repository: click the *RPM Fusion nonfree for Fedora _version_* link on the page, where _version_ is the Fedora release you are using. + +. Save and install the file with the *Software* application again. diff --git a/modules/ROOT/partialsdelete/2delete-proc_enabling_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_enabling_firewalld.adoc new file mode 100644 index 0000000..1f8c56a --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_enabling_firewalld.adoc @@ -0,0 +1,81 @@ +// Module included in the following assemblies: +// +// + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='doing-one-procedure_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Doing one procedure +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +This paragraph is the procedure module introduction: a short description of the procedure. + +.Prerequisites + +* A bulleted list of conditions that must be satisfied before the user starts following this assembly. +* You can also link to other modules or assemblies the user must follow before starting this assembly. +* Delete the section title and bullets if the assembly has no prerequisites. + +.Procedure + +. Start each step with an active verb. + +. Include one command or action per step. + +. Use an unnumbered bullet (*) if the procedure includes only one step. + +.Additional resources + +* A bulleted list of links to other material closely related to the contents of the procedure module. +* For more details on writing procedure modules, see the link:https://github.com/redhat-documentation/modular-docs#modular-documentation-reference-guide[Modular Documentation Reference Guide]. +* Use a consistent system for file names, IDs, and titles. For tips, see _Anchor Names and File Names_ in link:https://github.com/redhat-documentation/modular-docs#modular-documentation-reference-guide[Modular Documentation Reference Guide]. + + +== Do I have FirewallD on my system? + +FirewallD is the default firewall service for current releases of Fedora and is enabled by default. +If you are not sure whether FirewallD is on your Fedora installation use the following commands to check. + + +. Check if your system has FirewallD enabled. + Enter the folowing on the command line: + +[source,bash] + +---- + +sudo firewall-cmd --state + +---- + +You will see `running` if FirewallD is on your system. + +If you see `not running`, then FirewallD is not on your system. Use these commands to install it: + + +. Install FirewallD: + +[source,bash] + +---- + +sudo dnf install firewalld + +---- + +. Install the FirewallD graphical-user-interface application and open it from the command-line, type: + +[source,bash] + +---- + +sudo dnf install firewall-config + +sudo firewall-config + +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-cli.adoc b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-cli.adoc new file mode 100644 index 0000000..bd9dd51 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-cli.adoc @@ -0,0 +1,19 @@ +[[exporting-gpg-keys-cli]] += Exporting a GPG Key Using the Command Line + +Use the following command to send your key to a public keyserver: + +---- +gpg --send-key KEYNAME +---- + +For `KEYNAME`, substitute the key ID or fingerprint of your primary keypair. +This will send your key to the gnupg default key server. If you prefer another one use: + +---- +gpg --keyserver hkp://pgp.mit.edu --send-key KEYNAME +---- + +Replacing `pgp.mit.edu` with your server of choice. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-gnome.adoc new file mode 100644 index 0000000..0422f28 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-gnome.adoc @@ -0,0 +1,14 @@ +[[exporting-gpg-keys-gnome]] += Exporting a GPG Key Using the GNOME Desktop + +. Click the menu:Menu Button[Sync and Publish Keys...] + +. Click btn:[Key Servers]. + +. Select _ldap://keyserver.pgp.com_ in the _Publish Keys To_ combobox. + +. Click btn:[Close]. + +. Click btn:[Sync]. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-kde.adoc b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-kde.adoc new file mode 100644 index 0000000..a78e9fd --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_exporting-gpg-keys-kde.adoc @@ -0,0 +1,14 @@ +[[exporting-gpg-keys-kde]] += Exporting a GPG Key Using the KDE Desktop + +After your key has been generated, you can export the key to a public keyserver + +. Right-click on the key in the main window. + +. Select _Export Public Keys._ + +. From there you can export your public key to the clipboard, an ASCII file, to an email, or directly to a key server. + +. Export your public key to the default key server. + +Now see <>. diff --git a/modules/ROOT/partialsdelete/2delete-proc_expose-outside-mysql.adoc b/modules/ROOT/partialsdelete/2delete-proc_expose-outside-mysql.adoc new file mode 100644 index 0000000..7ad3c36 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_expose-outside-mysql.adoc @@ -0,0 +1,79 @@ += How To Allow Remote Access MySQL/MariaDB/MYSQL Community + +== Add New Rule to Firewalld + +Open SQL port (3306) on FireWalld: + +---- +sudo firewall-cmd --permanent --zone=public --add-service=mysql +---- + +## OR ## + +---- +sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp +---- + +== Restart firewalld.service + +---- +systemctl restart firewalld.service +---- + +== Editing Conf. Files: + +Configuration files: + +* MySQL -> `/etc/my.cnf/` +* MySQL Community -> `/etc/my.cnf.d/community-mysql-server.cnf` +* MariaDB -> `/etc/my.conf` + +NOTE: you can ensure that with the following command `rpm -qc [package]`. + +Navigate to the line that begins with the bind-address directive. It will look like this: +you could set this directive to a wildcard IP address, either *, ::, or 0.0.0.0: + +---- +bind-address = 0.0.0.0 +---- + +After changing this line, save and close the file and then restart the MySQL service: + +---- +sudo systemctl restart {mysqld|mariadb} +---- + +== Creating a USER + +---- +CREATE USER 'your_username'@'host_ip_addr' IDENTIFIED BY 'your_password'; +---- + +NOTE: Replace your_username and your_password depending on what you want the username and password to be. Here, host_ip_addr is the hostname or IP address of the computer from where you want to connect to the MySQL/MariaDB server. You can also use % as host_ip_addr if you want to connect from any computer. It can also be something like 192.168.2.% if you want to connect from computers from the IP range 192.168.2.1 – 192.168.2.254. + +== Allow Access + +---- +GRANT ALL PRIVILEGES ON *.* TO 'your_username'@'%'; + IDENTIFIED BY 'my-new-password' WITH GRANT OPTION; +---- + +#OR + +It is common for people to want to create a "root" user that can connect from anywhere, so as an example, we'll do just that, but to improve on it we'll create +a root user that can connect from anywhere on the local area network (LAN) + +---- +GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%' + IDENTIFIED BY 'my-new-password' WITH GRANT OPTION; +---- + +---- +FLUSH PRIVILEGES; +---- + +== Connecting + +---- +mysql -u [USER] -h [IP] -p +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_install-predefined-systems.adoc b/modules/ROOT/partialsdelete/2delete-proc_install-predefined-systems.adoc new file mode 100644 index 0000000..5b3befa --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_install-predefined-systems.adoc @@ -0,0 +1,40 @@ +// Module included in the following assemblies: +// +// installing-virtual-systems-with-gnome-boxes.adoc + +[#{context}-installing-virtual-os-predefined] += Installing a virtual operating system from the list of predefined systems + +To install a virtual operating system: + +. Run *GNOME Boxes* using the *Super* key and type `Boxes`. In GNOME Boxes, click the *+* button and then *Create a Virtual Machine*. ++ +image::Boxes_new_machine.png[New machine] + +. Download an operating system. ++ +image::Download_os.png[Download your system] + ++ +Choose one of the predefined systems from the list. ++ +image::Select_virtual_machine.png[Select machine] +Alternatively, download an ISO image from the relevant website and select the file as shown in the screen below: ++ +image::Select_from_file.png[Select from file] ++ +. Review your installation. ++ +image::Installation_review.png[Installation review] ++ +To modify resources of the installed virtual operating system, such as RAM or disk size, click the *Customize* button. ++ +image::Customize_resources.png[Customize resources] ++ +. To start the installation of the virtual operating system, click the *Create* button. ++ +The actual installation process may differ based on the selected operating system. ++ +Installed systems are available to run in the main menu of *GNOME Boxes*. ++ +image::Select_from_boxes_menu.png[Select operating system] diff --git a/modules/ROOT/partialsdelete/2delete-proc_install_firewalld_gui.adoc b/modules/ROOT/partialsdelete/2delete-proc_install_firewalld_gui.adoc new file mode 100644 index 0000000..97f93f6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_install_firewalld_gui.adoc @@ -0,0 +1,18 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + + +[id=installing-firewalld-gui-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Installing the [application]*firewall-config* GUI configuration tool + +To use the [application]*firewall-config* GUI configuration tool, install the [package]*firewall-config* package as `root`: + +---- +$ sudo dnf install firewall-config +---- + +Alternatively, in [application]*GNOME*, use the kbd:[Super] key and type `Software` to launch the [application]*Software Sources* application. Type `firewall` to the search box, which appears after selecting the search button in the top-right corner. Select the `Firewall` item from the search results, and click on the btn:[Install] button. + +To run [application]*firewall-config*, use either the [command]`firewall-config` command or press the kbd:[Super] key to enter the `Activities Overview`, type `firewall`, and press kbd:[Enter]. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-chromium-web-browser.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-chromium-web-browser.adoc new file mode 100644 index 0000000..a2c18f5 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-chromium-web-browser.adoc @@ -0,0 +1,95 @@ +[id='installing'] += Installing the browsers + +Both Chromium and Google Chrome can be installed on Fedora. + + +[id='installing-chromium'] +== Installing Chromium + +Chromium can be installed using the Software application and via command line. + +=== Installing Chromium using Software (GUI) + +. Click on Software tool in Fedora. + +. Search for Chromium Web Browser. + +. Click on Install. + +=== Installing Chromium using Terminal + +. To install Chromium Web Browser, use the command: ++ +---- +# dnf install chromium +---- ++ +. To upgrade Chromium, use the command: ++ +---- +# dnf upgrade chromium +---- + +[TIP] +==== +If you require support for non-free multimedia formats like H.264 or AAC, or the ability to play DRM-protected media such as Netflix, Spotify, etc. it may be preferable to install the *chromium-freeworld* package from the https://docs.fedoraproject.org/en-US/quick-docs/setup_rpmfusion/[RPM Fusion] repositories, as the necessary plug-ins are already built-in. +==== + +[id='installing-chrome'] +== Installing Chrome + +Chrome can be installed using Software or a terminal, once the repository is enabled. + +=== Installing Chrome using Software (GUI) + +. Open the *Software* application. + +. Click on the menu at the top right and select *Software Repositories*. + +. Make sure Third Party Repositories is enabled. If the button label is *Install*, then click that button to install the third party repositiories. If the button reads *Remove All* then the third party repositories are already installed. ++ +image:installing-chromium-or-google-chrome-browsers-0.png[] ++ +. Scroll down to find the repository called *google-chrome*. Click on it and choose *Enable*. ++ +image:installing-chromium-or-google-chrome-browsers-1.png[] + +You can now search for *Google Chrome* in Software, and install it. + +=== Installing Chrome using Terminal + +The additional repositories can also be managed using a terminal and DNF. + +. Install Third Party Repositories ++ +---- +$ sudo dnf install fedora-workstation-repositories +---- ++ +. Enable the Google Chrome repo: ++ +---- +$ sudo dnf config-manager --set-enabled google-chrome +---- ++ +. Finally, install Chrome: ++ +---- +$ sudo dnf install google-chrome-stable +---- + +[NOTE] +==== +If you want to install the Chrome Dev Channel version, use the following command: + +---- +$ sudo dnf install google-chrome-unstable +---- + +If you want to install Chrome Beta use the following: + +---- +$ sudo dnf install google-chrome-beta +---- +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc new file mode 100644 index 0000000..0ab47f2 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-linux-users.adoc.delete.adoc @@ -0,0 +1,91 @@ + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='installing-fedora-on-a-raspberry-pi-for-linux-users_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Installing Fedora on a Raspberry Pi for Linux users +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +This procedure shows Linux users how to add Fedora ARM to a microSD for use with a Raspberry Pi. + +._Prerequisites_ + +* A supported Raspberry Pi +* A microSD Card (16 GB or larger). +* A computer running Linux. +* Root user access (via `su` or `sudo`). +* SD card reader. +* A Fedora ARM aarch64 Workstation or server image from: link:https://fedoraproject.org/[]. + +._Procedure_ + +. Download a Fedora ARM image from the link:https://fedoraproject.org/[Fedora website]. ++ +. Run the following command to extract the `.raw` image and write the image to your microSD card: ++ +[NOTE] +The location of your microSD card will be /dev/sdX or /dev/mmcblkX depending on your computer hardware. ++ +[subs="quotes"] +---- +$ xzcat *Fedora-IMAGE-NAME.raw.xz* | sudo dd status=progress bs=4M of=*/dev/XXX* +---- ++ +. To resize the main partition, run `parted` and select the device. ++ +---- +(parted) select /dev/sdX +---- ++ +. Inspect the amount of unallocated space at the end and resize the root partition. ++ +---- +(parted) print free +(parted) resizepart +---- ++ +. Resize the LVM physical volume so it takes up all the available space. For this to work you must deactivate any logical volumes within. ++ +---- +# pvresize /dev/sdaX +---- ++ +. Then extend the logical volume that corresponds to the root directory (`/dev/fedora_fedora/root` in this example). ++ +---- +# lvextend -l +100%FREE /dev/fedora_fedora/root +---- ++ +. Finally, resize the XFS filesystem in the logical volume (`/dev/mapper/fedora_fedora-root` in this example). ++ +---- +# xfs_growfs -d /dev/mapper/fedora_fedora-root +---- ++ +. Alternatively, you can use gparted to resize the Root Partition on the microSD: ++ +---- +$ gparted /dev/XXX +---- ++ +For information on using gparted resize a partition, see: https://gparted.org/display-doc.php?name=help-manual#gparted-resize-partition[GNOME Partition Editor: GParted Manual - Resizing a Partition]. ++ +[NOTE] +The root partition is shrunk to the smallest size possible to ensure a small download. +You currently need to resize it manually. +Ideally we would like this to happen automatically (great community project idea!). + +Your microSD card is ready to be used with your Raspberry Pi. + +ifeval::["{context}" == "rpi"] +.Next Steps + +For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. +endif::[] + +.Additional Resources + +* For information on using `gparted`, see: link:https://gparted.org/display-doc.php?name=help-manual[GNOME Partition Editor: GParted Manual]. +* For assistance or support, see: +** link:https://ask.fedoraproject.org/[Ask Fedora] +** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] +** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc new file mode 100644 index 0000000..21d30e3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-for-macos-users.adoc.delete.adoc @@ -0,0 +1,50 @@ +== Installing Fedora on a Raspberry Pi for macOS users +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +include::{partialsdir}/attributes.adoc[] + +This procedure shows macOS users how to add Fedora ARM to a microSD for use with a Raspberry Pi. + +._Prerequisites_ + +* A supported Raspberry Pi +* A microSD Card (16 GB or larger). +* A computer running macOS. +* SD card reader. +* A Fedora ARM image from: link:https://arm.fedoraproject.org/[]. +* File-decompression software (such as link:https://theunarchiver.com/[The Unarchiver desktop application] or link:https://theunarchiver.com/command-line[The Unarchiver command-line tools]). + +._Procedure_ + +. Download a Fedora ARM image from the link:https://arm.fedoraproject.org/[Fedora ARM website]. ++ +. Extract the `.raw` file from the Fedora ARM image using file-decompression software (such as link:https://theunarchiver.com/[The Unarchiver]) ++ +For example: ++ +[source,shell,subs="attributes"] +---- +$ unar Fedora-Server-armhfp-{MAJOROSVER}-1.1-sda.raw.xz +---- + +. Follow the instructions provided by the Raspberry Pi foundation for writing an image to a microSD card from macOS: link:https://www.raspberrypi.org/documentation/installation/installing-images/mac.md[Raspberry Pi Foundation: Installing operating system images on Mac OS]. ++ +[NOTE] +==== +The `.img` and `.raw` extensions are used interchangeably for RAW file. Where the instructions indicate an input file with the `.img` extension, use the Fedora ARM image '.raw'. +==== + +Your microSD card is ready to be used with your Raspberry Pi. + +ifeval::["{context}" == "rpi"] +._Next Steps_ + +For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. +endif::[] + +._Additional Resources_ + +* For assistance or support, see: +** link:https://ask.fedoraproject.org/[Ask Fedora] +** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] +** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc new file mode 100644 index 0000000..856a627 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-fedora-on-a-raspberry-pi-using-the-fedora-arm-installer.adoc.delete.adoc @@ -0,0 +1,75 @@ +== Installing Fedora on a Raspberry Pi using the Fedora ARM installer +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +:experimental: +include::{partialsdir}/attributes.adoc[] + +This procedure shows Fedora users how to add Fedora ARM to a microSD for use with a Raspberry Pi using the Fedora ARM installer. + +._Prerequisites_ + +* A supported Rasbperry Pi +* A microSD Card (16 GB or larger). +* A computer running Fedora 28 or newer. +* SD card reader. +* A Fedora ARM aarch64 Workstation or server image from: link:https://fedoraproject.org/[] + +._Procedure_ + +. Download a Fedora ARM image from the link:https://fedoraproject.org/[Fedora website] ++ +. Install the `arm-image-installer`: ++ +[source,shell,subs="attributes"] +---- +$ dnf install -y arm-image-installer +---- ++ +. As the root user, write the Fedora ARM image to the microSD card: ++ +[source,shell,subs="quotes,attributes"] +---- +# arm-image-installer --image=__</path/to/fedora_image>__ --target=__<RPi_Version>__ --media=/dev/__<sd_card_device>__ --resizefs +---- ++ +Where: ++ +* The `__</path/to/fedora_image>__` has the format `Fedora-__<spin>__-armhfp-__<fedora_version>__-sda.raw.xz`. +** For example: `/home/user/Downloads/Fedora-Server-armhfp-{MAJOROSVER}-1.1-sda.raw.xz`. +* `__<RPi_Version>__` is: +** `rpi2` for a Raspberry Pi 2. +** `rpi3` for a Raspberry Pi 3. +* `/dev/__<sd_card_device>__` is the microSD card 'device' on your system, such as `/dev/sdX` or `/dev/mmcblkX`. The `lsblk` command may help you identify your micro-SD card. ++ +[NOTE] +==== +* To see usage options for the `arm-image-installer`, run: ++ +[source,shell,subs="attributes"] +---- +$ arm-image-installer --help +---- + +* For list of supported boards please check SUPPORTED-BOARDS file. ++ +[source,shell,subs="attributes"] +---- +$ cat /usr/share/doc/arm-image-installer/SUPPORTED-BOARDS +---- +==== + +Your microSD card is ready to be used with your Raspberry Pi. + +ifeval::["{context}" == "rpi"] +._Next Steps_ + +For information on starting and configuring Fedora on Raspberry Pi, see: xref:booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}[]. +endif::[] + +._Additional Resources_ + +* For information on using the Fedora ARM Installer, see: link:https://fedoraproject.org/wiki/Architectures/ARM/Installation[Fedora Wiki: Installing Fedora on your ARM device]. +* For assistance or support, see: +** link:https://ask.fedoraproject.org/[Ask Fedora] +** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] +** link:https://web.libera.chat/?channels=#fedora-arm[IRC via the #fedora-arm channel on Libera.Chat] diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-bios-system.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-bios-system.adoc new file mode 100644 index 0000000..b9cc4e3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-bios-system.adoc @@ -0,0 +1,48 @@ +[[installing-grub-2-on-a-bios-system]] += Installing GRUB2 on a BIOS system + +Normally, *GRUB2* will be installed and set up by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, especially if you need to repair the existing *GRUB2* installation or you want to change its configuration. + +This procedure shows the steps to install *GRUB2* on your _Master Boot Record_ (MBR) of your primary hard disk. + +.Before you start + +* Make sure you have the the *GRUB2* packages and the _os-prober_ package installed in your system. ++ +---- +$ dnf list installed | grep grub +---- + +* To automatically collect information about your disks and operating systems installed on them, the `os-prober` package needs to be installed on your system. + +.Procedure + +. List block devices available on the system. ++ +---- +$ lsblk +---- + +. Identify the primary hard disk. Usually, it is the `sda` device. + +. Install *GRUB2* in the MBR of the primary hard disk. ++ +---- +# grub2-install /dev/sda +---- + +. Create a configuration file for *GRUB2*. ++ +---- +# grub2-mkconfig -o /boot/grub2/grub.cfg +---- + +. Reboot your computer to boot with the newly installed bootloader. + +.More information + +* The `grub2-mkconfig` command creates a new configuration based on the currently running system. It collects information from the `/boot` partition (or directory), from the `/etc/default/grub` file, and the customizable scripts in `/etc/grub.d/`. + +* The configuration format is changing with time, and a new configuration file can become slightly incompatible with the older versions of the bootloader. Always run `grub2-install` before you create the configuration file with `grub2-mkconfig`. + +* In Fedora, it is generally safe to edit `/boot/grub2/grub.cfg` manually. *Grubby* in Fedora patches the configuration when a kernel update is performed and will try to not make any other changes than what is necessary. Manual changes can be overwritten with `grub2-mkconfig` when the system gets upgraded with *Anaconda*. Customizations placed in `/etc/grub.d/40_custom` or `/boot/grub2/custom.cfg` files will survive running the `grub2-mkconfig` command. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-efi-system.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-efi-system.adoc new file mode 100644 index 0000000..ac0afb6 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-grub2-on-efi-system.adoc @@ -0,0 +1,122 @@ +[[installing-grub-2-configuration-on-uefi-system]] += Installing GRUB2 on a UEFI system + +Normally, *GRUB2* will be installed and set up by the installer, *Anaconda*, during the installation process. You will probably never have to deal with manual installation of *GRUB2*. However, in certain situations , you will want to install *GRUB2* manually, especially if you need to repair the existing *GRUB2* installation or you want to change its configuration. + +This procedure shows the steps to install *GRUB2* on a UEFI system on Fedora 18 or newer. The procedure consists of four parts. + +[[create-an-esp]] +== Creating an EFI System Partition + +The UEFI firmware requires to boot from an _EFI System Partition_ on +a disk with a GPT label. To create such a partition: + +. List available block devices to find a place to create your ESP. ++ +---- +$ lsblk +---- + +. Create at least a 128 MiB disk partition using a GPT label on the primary hard disk. ++ +---- +# gdisk /dev/sda +---- ++ +For the sake of this procedure, we assume that the created partition is recognized as `/dev/sda1`. + +. Format the partition with the _FAT32_ file system. ++ +---- +# mkfs.vfat /dev/sda1 +---- + +. Create the `/boot/efi` directory as a mount point for the new partition. ++ +---- +# mkdir /boot/efi +---- + +. Mount the partition to the `/boot/efi` mount point. ++ +---- +# mount /dev/sda1 /boot/efi +---- + +. Proceed to the next part. + + +[[install-the-bootloader-files]] +== Install the bootloader files + +In order to use *GRUB2* with on the UEFI systems, you need to install or re-install appropriate packages: + + +. Re-install the necessary packages. ++ +---- +# dnf reinstall grub2-efi grub2-efi-modules shim +---- + +. If the above command ends with an error, install the packages. ++ +---- +# dnf install grub2-efi grub2-efi-modules shim +---- + +.More information + +* This installs the signed *shim* and the *GRUB2* binary. + + +[[create-a-grub-2-configuration]] +== Create a GRUB2 configuration + + +If you already have a working *GRUB2* EFI configuration file, you do not need to do anything else. + +Otherwise, create the configuration file using the `grub2-mkconfig` command. + +---- +# grub2-mkconfig -o /boot/grub2/grub.cfg +---- + +.More information + +* Under EFI, *GRUB2* looks for its configuration in `/boot/efi/EFI/fedora/grub.cfg`, however the postinstall script of `grub2-common` installs a small shim which chains to the standard configuration at `/boot/grub2/grub.cfg` which is generated above. To reset this shim to defaults, delete the existing `/boot/efi/EFI/fedora/grub.cfg` and then `dnf reinstall grub2-common`. +* For newly installed kernels to work, `grubby` expects `/etc/grub2-efi.cfg` to be a symlink to the real `grub.cfg` (for example `/boot/grub2/grub.cfg`). + + +[[solving-problems-with-uefi-bootloader]] +== Solving problems with UEFI bootloader + +When you power on your system, your firmware will look for EFI variables that tell it how to boot. On running systems, which have booted into the EFI mode and their EFI runtime services are working correctly, you can configure your boot menu with `efibootmgr`. + +If not, `shim` can help you bootstrap. The EFI program `/boot/efi/EFI/BOOT/fallback.efi` will look for files called `BOOT.CSV` in your ESP and will add boot entries corresponding to them. The `shim` command provides its own `BOOT.CSV` file that will add an entry for `grub2-efi`. + +During the boot process, you can use the *EFI Shell* to invoke the `fallback.efi` profile to boot the system: + +. Enter the boot partition. ++ +---- +> fs0: +---- + +. Navigate into the `EFI\BOOT` directory. ++ +---- +> cd EFI\BOOT +---- + +. Invoke the `fallback.efi` profile. ++ +---- +> fallback.efi +---- + +.More information + +* If you have no boot entries at all, then just booting off your disk in UEFI mode should automatically invoke `/boot/efi/EFI/BOOT/BOOTX64.EFI`, which will, in turn, invoke `fallback.efi`. + +* If you already have incorrect boot entries, you'll either need to delete them or to modify `BOOT.CSV` to create new entries with different names. + diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-httpd.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-httpd.adoc new file mode 100644 index 0000000..376c737 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-httpd.adoc @@ -0,0 +1,27 @@ +[id='installing-httpd'] += Installing HTTPD + +This procedure describes the steps to install Apache *HTTPD* on Fedora. + +. Install *HTTPD* packages. ++ +---- +sudo dnf install httpd -y +---- + +. Start the *HTTPD* service. ++ +---- +sudo systemctl start httpd.service +---- + +[NOTE] +==== +To enable auto start of *HTTPD* service at boot, execute the following command: + +---- +sudo systemctl enable httpd.service +---- +==== + +Navigate to link:http://localhost[http://localhost] to access the Apache test page. You may not be able to access the server from any other host. To access the server from other hosts, see link:#opening-firewall-ports[Opening firewall ports]. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-container.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-container.adoc new file mode 100644 index 0000000..8b719ff --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-container.adoc @@ -0,0 +1,76 @@ +[id='install-from-container'] += Install from Podman + +== Downloading a SQL Server Docker Image + +---- +podman pull {mysql/mysql-server|mariadb/server} +---- + +== See Logs + +---- +podman logs {mysql|mariadb} +---- + +== Starting a MySQL Server Instance + +The command's below contain the random password generated for the root user; + +---- +podman logs mysql 2>&1 | grep GENERATED +---- + +---- +podman -d -e MYSQL_ROOT_PASSWORD=mypassword mysql/mysql-Server +---- + +== Starting a MariaDB Server Instance + +---- +podman run -d --name=mariadb -ed MYSQL_ROOT_PASSWORD=mypassword -d mariadb/server +---- + +WARNING: Password blank default for MariaDB + +NOTE: The -d option used for _BOTH_ in the podman run command above makes the container run in the background. Use this command to monitor the output from the container: + +== Connecting to MySQL Server from within the Container + +---- +podman exec -it mysql mysql -uroot -p +---- + +you must reset the server root password by issuing this statement: + +---- +mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password'; +---- + +== Connecting to MariaDB Server from within the Container + +---- +podman exec -it mariadb bash +---- + +== Reseting SQL_ROOT_PASSWORD + +you must reset the server root password by issuing this statement: + +---- +mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password'; +---- + +== Stopping and Deleting a SQL Container + +---- +podman {start|stop|restart} {mysql|mariadb} +---- + +== Deleting a SQL Container + +---- +podman rm {mysql|mariadb} +---- + +WARNING: you can do the same with _docker_ just change _podman_ with _docker_. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-fedora-repo.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-fedora-repo.adoc new file mode 100644 index 0000000..177ce50 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-fedora-repo.adoc @@ -0,0 +1,74 @@ +[id='install-from-fedora-main-repo'] += Install from Fedora Main Repo + +The community provide a MySQL package in the main repo. + +---- +sudo dnf install {community-mysql-server|mariadb-server} +---- + +== Configuring MySQL/MariaDB + +Enable the service at boot and start: + +---- +sudo systemctl enable {mysqld|mariadb} +sudo systemctl start {mysqld|mariadb} +---- + +== Installing MariaDB server from the Fedora Modular repository + +To list the available versions (_streams_ in modularity terminology) of MariaDB: + +---- +dnf module list mariadb +---- + +To enable the version of MariaDB you want to use and make the stream RPMs available in the package set: + +---- +sudo dnf module enable mariadb:10.4 +---- + +At this point you can verify that the available RPM provides the 10.4 verison of MariaDB server: + +---- +dnf list mariadb-server +---- + +To install MariaDB server: + +---- +sudo dnf module install mariadb/server +---- + +With modules, you could also install a specific profile: like client, devel or galera (the multi-master replica). +For instance, if you don't want to install the server stuff, but only the client packages: + +---- +sudo dnf module install mariadb:10.4/client +---- + +* MariaDB default root password is empty. + +== Configuring SQL before the first use + +---- +sudo mysql_secure_installation +---- + +Some questions will be asked: answer to them as you prefer; answering _yes_ to all of them is perfectly fine. + +== Using SQL + +---- +sudo mysql -u root -p +---- + +== Removing SQL + +I suggest to remove in the following way: + +---- +sudo dnf remove {community-mysql-server|mariadb-server} +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-oracle.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-oracle.adoc new file mode 100644 index 0000000..87f34df --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-mysql-from-oracle.adoc @@ -0,0 +1,58 @@ +[id='install-from-oracle-mysql'] += Install from Oracle MySQL + +include::{partialsdir}/3rdparty-message.adoc[] + +== Adding the MySQL repository to Fedora + +Please download the release package provided by Oracle from: https://dev.mysql.com/downloads/repo/yum/ +Once downloaded, please install it using dnf: + +---- +sudo dnf install +---- + +Please note that this repository is provided by Oracle +so any issues/bugs encountered will need to be reported to them +via their communication channels: https://www.mysql.com/about/faq/ + +== Installing MySQL on Fedora + +---- +sudo dnf install mysql-community-server +---- + +== Start MySQL Service and Enable at Loggin: + +---- +sudo systemctl start mysqld +sudo systemctl enable mysqld +---- + +find Default Password, For security reasons, MySQL generates a temporary root key. Please note that MySQL has even stricter security policies than MariaDB. + +---- +sudo grep 'temporary password' /var/log/mysqld.log +---- + +== Configuring MySQL before the first use + +---- +sudo mysql_secure_installation +---- + +Then, answer the security questions as you prefer. or just say **yes** to all of them. + +== Using MySQL + +---- +sudo mysql -u root -p +---- + +== Removing MySQL + +I suggest to remove in the following way, the most appropriate and safe way without removing many dependencies is: + +---- +sudo rpm -e --nodeps mysql-community-libs mysql-community-common mysql-community-server +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-openjdk.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-openjdk.adoc new file mode 100644 index 0000000..4a5e2e3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-openjdk.adoc @@ -0,0 +1,57 @@ +[id='installing-openjdk'] += Installing OpenJDK + +To install OpenJDK from the Fedora repository: + +* Run the following command to list available versions: + +---- +dnf search openjdk +---- + +* Copy the version of OpenJDK you want to install. + +[NOTE] +Various flavors of OpenJDK are available. For information about these options, search the link:https://openjdk.java.net/[OpenJDK web site]. + +* Run the following command to install OpenJDK: + +---- +sudo dnf install +---- + +Examples: + +---- +sudo dnf install java-1.8.0-openjdk.x86_64 +---- + +---- +sudo dnf install java-11-openjdk.x86_64 +---- + +---- +sudo dnf install java-latest-openjdk.x86_64 +---- + +== Installing OpenJDK for development + +In order to install the Java Development Kit, runtime environment and associated development tools. + +---- +sudo dnf install -devel +---- + +Examples: + +---- +sudo dnf install java-1.8.0-openjdk-devel.x86_64 +---- + +---- +sudo dnf install java-11-openjdk-devel.x86_64 +---- + +---- +sudo dnf install java-latest-openjdk-devel.x86_64 +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-oracle-java.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-oracle-java.adoc new file mode 100644 index 0000000..f9fb061 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-oracle-java.adoc @@ -0,0 +1,19 @@ +[id='installing-oracle-java-se'] += Installing Oracle Java SE + +include::{partialsdir}/3rdparty-message.adoc[] + +To install Oracle Java SE: + +. Navigate to link:https://www.oracle.com/java/technologies/javase-downloads.html[Oracle Java SE downloads page], and choose the version of Java you wish to use. + +. Accept the license agreement and download the appropriate tar.gz file for your systems architecture. + +. Unpack the tar.gz file somewhere. +For example, to extract it to the _/opt_ directory: +`sudo tar xf Downloads/jdk-18_linux-x64_bin.tar.gz -C /opt` + +. Set the _JAVA_HOME_ environment variable to that directory. +For example: `export JAVA_HOME=/opt/jdk-18.0.1.1` + +Note: Always make sure to download latest version available. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-virtualization-software.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-virtualization-software.adoc new file mode 100644 index 0000000..9fd9b6e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-virtualization-software.adoc @@ -0,0 +1,76 @@ +[[installing-virtualization-software]] += Installing virtualization software +include::{partialsdir}/attributes.adoc[] +:experimental: + +When installing Fedora, you can install the virtualization packages by +selecting *Virtualization* in the *Base Group* in the installer. See xref:f{MAJOROSVER}@fedora:install-guide:install/Installing_Using_Anaconda.adoc[Installing Using Anaconda]. + +For existing Fedora installations, you can install the virtualization tools via the command line using the Virtualization Package Group. To view the packages, run: + +[source,shell,subs="attributes"] +---- +$ dnf groupinfo virtualization + +Group: Virtualization + Description: These packages provide a graphical virtualization environment. + Mandatory Packages: + virt-install + Default Packages: + libvirt-daemon-config-network + libvirt-daemon-kvm + qemu-kvm + virt-manager + virt-viewer + Optional Packages: + libguestfs-tools + python3-libguestfs + virt-top +---- + +. Run the following command to install the mandatory and default packages in the virtualization group: ++ +[source,shell,subs="attributes"] +---- +# sudo dnf install @virtualization +---- ++ +Alternatively, to install the mandatory, default, and optional packages, run: ++ +[source,shell,subs="attributes"] +---- +# sudo dnf group install --with-optional virtualization +---- ++ +. After the packages install, start the `libvirtd` service: ++ +[source,shell,subs="attributes"] +---- +# sudo systemctl start libvirtd +---- ++ +To start the service on boot, run: ++ +[source,shell,subs="attributes"] +---- +# sudo systemctl enable libvirtd +---- ++ +. To verify that the KVM kernel modules are properly loaded: ++ +[source,shell,subs="attributes"] +---- +$ lsmod | grep kvm +kvm_amd 114688 0 +kvm 831488 1 kvm_amd +---- ++ +If this command lists `kvm_intel` or `kvm_amd`, KVM is properly configured. + + +[[networking-support]] +== Networking Support + +By default, libvirt will create a private network for your guests on the host machine. This private network will use a 192.168.x.x subnet and not be reachable directly from the network the host machine is on. However, virtual guests can use the host machine as a gateway and can connect out via it. If you need to provide services on your guests that are reachable via other machines on your host network you can use iptables DNAT rules to forward in specific ports, or you can set up a bridged environment. + +See the https://wiki.libvirt.org/page/Networking[libvirt networking setup page] for more information on how to setup a bridged network. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing-webapps.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing-webapps.adoc new file mode 100644 index 0000000..04ded0f --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing-webapps.adoc @@ -0,0 +1,24 @@ +[id='installing-webapps'] += Installing webapps + +You probably want to run something on your web server. Many of the most popular web applications are packaged for Fedora. Using the packaged versions of web applications is recommended. These packages will be configured following the distribution's best practices which help to ensure the security of the installation. + +For instance, by installing static files to locations the web server does not have the ability to write to, and doing access control with configuration files rather than `.htaccess` files, which are slightly more vulnerable to attack. + +Packaged web applications will also be configured to work with SELinux, which provides significant security benefits. + +You will also receive updates through the usual Fedora update process, making it easier to keep your installation up to date. + +They will also often have the default configuration tweaked according to Fedora's conventions, meaning you have to do less work to get the application up and running. + +Most web applications are simply packaged according to their name. For instance, you can install Wordpress by executing the following command: + +---- +sudo dnf install wordpress +---- + +Packaged web applications will usually provide Fedora-specific instructions in a documentation file. For instance, Wordpress provides the files `/usr/share/doc/wordpress/README.fedora` and `/usr/share/doc/wordpress/README.fedora-multiuser`. + +Packaged web applications usually restrict access by default so you can access them only from the server host itself, to ensure you can run all initial configuration safely and things like administration interfaces are not left accessible to the public. For information on how to broaden access, see xref:getting-started-with-apache-http-server.adoc#enabling-access-to-web-applications[Enabling access to web applications]. + +Web applications commonly require the use of a database server. This wiki contains information on installing and configuring https://fedoraproject.org/wiki/PostgreSQL[PostgreSQL] and https://fedoraproject.org/wiki/MariaDB[MariaDB] on Fedora. diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing_firewalld.adoc new file mode 100644 index 0000000..10ae46d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing_firewalld.adoc @@ -0,0 +1,25 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=installing-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Installing firewalld + +.Install firewalld: + +. Run this command on the command line: + +[source,bash] + +---- + +sudo dnf install firewalld + +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_installing_vlc.adoc b/modules/ROOT/partialsdelete/2delete-proc_installing_vlc.adoc new file mode 100644 index 0000000..e018adb --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_installing_vlc.adoc @@ -0,0 +1,10 @@ +[[installing-vlc]] += Installing VLC + + +* Install VLC: ++ +---- +$ sudo dnf install vlc +---- + diff --git a/modules/ROOT/partialsdelete/2delete-proc_log-files-GUI.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_log-files-GUI.adoc.delete.adoc new file mode 100644 index 0000000..30b047b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_log-files-GUI.adoc.delete.adoc @@ -0,0 +1,27 @@ +[id='using-gnome-logs-to-view-log-files'] += Using Gnome Logs to view log files + +The `GNOME Logs` application provides a convenient GUI tool to view the systemd journal. +`GNOME Logs` is not currently installed by default on Fedora systems. + +* You can install `Gnome Logs` using the default software installation application on your system. + On a Fedora Workstation install running the GNOME desktop: + +** Press the `Super` key +** Type `Software` +** In the `Search` field type `Logs` and choose the `GNOME Logs` item from the list of results +** Install the application + +* You can also install `GNOME Logs` using the command line with `dnf`: + +---- +$ sudo dnf install gnome-logs +---- + +In `GNOME Logs`, you can filter for time periods, search within logs, and display categories. + +* To select a log file type, from the side bar of GNOME Logs, select the type to view. +* To select a time period, from the menu bar, click `Log`, and select a time period. +* To search within logs, select a log file from the results pane. +. Click the search icon. +. Enter one or more search criterion in the search field. diff --git a/modules/ROOT/partialsdelete/2delete-proc_log-files-command-line.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_log-files-command-line.adoc.delete.adoc new file mode 100644 index 0000000..39f9737 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_log-files-command-line.adoc.delete.adoc @@ -0,0 +1,89 @@ +[id='using-the-command-line-to-view-log-files] += Using the command line to view log files + +The `journalctl` command can be used to view messages in the system journal on the command line. +For plain text log files, generic tools may be used: + +* `cat`, `more`, `less`, `tail`, or `head`. +* the `grep` command to search for specific information. +* any text editor of your choosing (nano/pico/vim/emacs) + +Please note that you may require `sudo` access to view these files. + +[id='using-journalctl-to-view-system-information'] +== Using journalctl to view system information + +* To view all collected journal entries, simply use: +---- +$ journalctl +---- + +* To view a logs related to a specific file, you can provide the `journalctl` command with a filepath. + The example shown below shows all logs of the kernel device node `/dev/sda`: +---- +$ journalctl /dev/sda +---- + +* To view log for the current boot use the `-b` option : +---- +$ journalctl -b +---- + +* To view kernel logs for the current boot, you can add the `-k` option: +---- +$ journalctl -k -b -1 +---- + + +[id='using-journalctl-to-view-log-information-for-a-specific-service'] +== Using journalctl to view log information for a specific service + +* To filter logs to only see ones matching the "foo" systemd service: +---- +$ journalctl -b _SYSTEMD_UNIT=foo +---- + +* Matches can be combined. + For example, to view logs for systemd-units that match `foo`, and the PID `number`: +---- +$ journalctl -b _SYSTEMD_UNIT=foo _PID=number +---- + +* If the separator "+" is used, two expressions may be combined in a logical OR. + For example, to view all messages from the `foo` service process with the `PID` plus all messages from the `foo1` service (from any of its processes): +---- +$ journalctl -b _SYSTEMD_UNIT=foo _PID=number + _SYSTEMD_UNIT=foo1 +---- + +* If two matches refer to the same field, all entries matching either expression are shown. + For example, this command will show logs matching a systemd-unit `foo` or a systemd-unit `foo1`: +---- +$ journalctl -b _SYSTEMD_UNIT=foo _SYSTEMD_UNIT=foo1 +---- + + +NOTE: The files for service modification are stored in a directory within `*/etc/systemd/system*`, to know more about systemd, please refer to <> + +[id='Using-journalctl-to-view-older-logs'] +== Using journalctl to view older logs + +* To view older logs use the `--list-boots` option : + +This will show a tabular list of boot numbers, their IDs, and the timestamps of the first and last message pertaining to the boot: + +---- +$ journalctl --list-boots +-8 42cdeac65d494e938b9cb92f315b08a4 Mon 2018-11-12 10:36:42 CET—Mon 2018-11-12 20:08:24 CET +-7 c110d2b8705345b786fe310de628bfc7 Tue 2018-11-13 10:29:27 CET—Tue 2018-11-13 10:04:00 CET +---- + +with this ID you can use `journalctl` as usual : + +---- +$ journalctl --boot=ID _SYSTEMD_UNIT=foo +---- + +* To know more about `journalctl`, read the man page: +---- +$ man journalctl +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-cli.adoc b/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-cli.adoc new file mode 100644 index 0000000..d4b9837 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-cli.adoc @@ -0,0 +1,23 @@ +[id='manual-updating-using-cli'] += Manual updating using CLI + +This section describes how to manually download and install new updates by using the DNF +package manager. + + +[discrete] +== Procedure + +* Upgrade the system: ++ +---- +sudo dnf upgrade +---- ++ +Confirm to download the available packages. + + +[discrete] +== Additional Resources + +* The `dnf(8)` manual page diff --git a/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-gui.adoc b/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-gui.adoc new file mode 100644 index 0000000..483be59 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_manual-updating-using-gui.adoc @@ -0,0 +1,17 @@ +[id='manual-updating-using-gui'] += Manual updating using GUI + +This section describes how to manually download and install new updates by using GUI. + +[discrete] +== Procedure + +. Hover the cursor over the upper-left corner of the screen and type "Software" and select the Software application to open it. + +. Click the btn:[Updates] button to view the available updates. + +. Click the btn:[Download] button to download new updates. + +. After the updates are downloaded click the btn:[Restart & Update] button. Your system will restart to perform the upgrade. + +image::software-updates.png[Updating by using the Software application] diff --git a/modules/ROOT/partialsdelete/2delete-proc_modifying-existing-systemd-services.adoc b/modules/ROOT/partialsdelete/2delete-proc_modifying-existing-systemd-services.adoc new file mode 100644 index 0000000..8f90e4e --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_modifying-existing-systemd-services.adoc @@ -0,0 +1,53 @@ +[#modifying-existing-systemd-services] += Modifying existing systemd services + +This example shows how to modify an existing service. Service modification are stored within `/etc/systemd/system`, in a single file or in a subdirectory named after the service. For example, this procedure modifies the `httpd` service. + +[discrete] +== Prerequisites + +* You are logged in as a user with administrator-level permissions. + +* You have a configured `httpd` server running through _systemd_. + +[discrete] +== Procedure + +. _Systemd_ services can be modified using the `systemctl edit` command. ++ +---- +# systemctl edit httpd.service +---- ++ +This creates an override file `/etc/systemd/system/httpd.service.d/override.conf` and opens it in your text editor. Anything you put into this file will be *added* to the existing service file. + +. Add your custom configuration. For example: ++ +---- +[Service] +Restart=always +RestartSec=30 +---- ++ +To replace an option that can be set multiple times, it must cleared first, otherwise the override file will add the option a second time. ++ +---- +[Service] +ExecStart= +ExecStart= +---- + +. Save the file. _Systemd_ automatically loads the new service configuration. + +. Restart the `httpd` service: ++ +---- +# systemctl restart httpd +---- + +To completely replace (instead of just add to/modify) an existing service file, use `systemctl edit --full`, e.g. `systemctl edit --full httpd.service`. This will create `/etc/systemctl/system/httpd.service`, which will be used instead of the existing service file. + +[discrete] +== Related Information + +* See link:#common-service-parameters[Common service parameters] for more information about the parameters used in this procedure. diff --git a/modules/ROOT/partialsdelete/2delete-proc_opening_ports_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_opening_ports_firewalld.adoc new file mode 100644 index 0000000..c30743a --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_opening_ports_firewalld.adoc @@ -0,0 +1,37 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=opening-ports-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Opening a port + +Through open ports, the system is accessible from the outside, which represents a security risk. Generally, keep ports closed and only open them if they are required for certain services. + +.Opening a port using the command line + +. Get a list of allowed ports in the current zone: ++ +---- +$ firewall-cmd --list-ports +---- ++ +. Add a port to the allowed ports to open it for incoming traffic: ++ +---- +$ sudo firewall-cmd --add-port=port-number/port-type +---- ++ +. Make the new settings persistent: ++ +---- +$ sudo firewall-cmd --runtime-to-permanent +---- + +The port types are either tcp, udp, sctp, or dccp. The type must match the type of network communication. diff --git a/modules/ROOT/partialsdelete/2delete-proc_removing-repositories.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_removing-repositories.adoc.delete.adoc new file mode 100644 index 0000000..d4a2d2d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_removing-repositories.adoc.delete.adoc @@ -0,0 +1,21 @@ +[id='removing-repositories'] += Removing repositories + +This section shows how to remove a Yum repository (or `.repo` file). + +[NOTE] +==== +If you know the ID of a repository, but you're not sure what `.repo` it belongs to, +you can run the following command [red]#`pass:[grep -E "^\[.*\]" /etc/yum.repos.d/*]`#. +This will print a list of the repository IDs that are associated with each Yum repository. +==== + +* To remove a Yum repository, run the following command as `*root*`. ++ +[literal,subs="+quotes,attributes"] +---- +rm /etc/yum.repos.d/*_file_name_*.repo +---- ++ +Where *_file_name_* is the name of the `.repo` file. ++ \ No newline at end of file diff --git a/modules/ROOT/partialsdelete/2delete-proc_removing-shortcut-custom-app-gnome.adoc b/modules/ROOT/partialsdelete/2delete-proc_removing-shortcut-custom-app-gnome.adoc new file mode 100644 index 0000000..c1a070b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_removing-shortcut-custom-app-gnome.adoc @@ -0,0 +1,31 @@ +[id='removing-shortcut-custom-app-gnome'] += Removing keyboard shortcuts for custom applications in GNOME + +This section describes how to remove a keyboard shortcut for starting a custom application in GNOME. + +[discrete] +== Procedure + +. Open *Settings* and choose the *Devices* entry from the list: ++ +image::shortcuts-settings-devices.png[] ++ +NOTE: Earlier Fedora versions might not need this step. + +. Choose the *Keyboard* entry from the list and scroll down to the bottom of the list of keyboard shortcuts: ++ +image::shortcuts-keyboard-scroll.png[] + +. Scroll down in the list of shortcuts and applications until you locate the application that you want to remove: ++ +image::shortcuts-added.png[] + +. Click on the entry. ++ +A window for editing the shortcut appears: ++ +image::shortcuts-edit.png[] + +. Click the red *Remove* button. ++ +The shortcut is removed. diff --git a/modules/ROOT/partialsdelete/2delete-proc_restoring-bootloader-using-live-disk.adoc b/modules/ROOT/partialsdelete/2delete-proc_restoring-bootloader-using-live-disk.adoc new file mode 100644 index 0000000..c875a28 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_restoring-bootloader-using-live-disk.adoc @@ -0,0 +1,221 @@ +[[restoring-bootloader-using-live-disk]] += Restoring the bootloader using the Live disk. + +Sometimes, especially after a secondary operating systems has been installed, +the master boot record gets damaged which then prevents the original Linux system +from booting. + +If this happens, it is necessary to reinstall *GRUB2* to recreate the original +settings. The process not only discovers all installed operating systems, but +usually adds them to the *GRUB2* configuration files, so they will all become +bootable by *GRUB2*. + +.Before you start + +* Get the Fedora Live ISO from link:https://download.fedoraproject.org/pub/fedora/linux/releases/[getfedora.org]. + +* Prepare a bootable device using the downloaded ISO, either a CD or a USB. + +.Procedure + +. Boot the Fedora live system from the bootable device you have created. + +. Open the terminal. + +. Examine the partition layout and identify the `/boot` and the `/root` partition. ++ +---- +# fdisk -l +---- + +. Follow the <> (Fedora 33 or newer) or <> (older than Fedora 33) to recover your system. + +[[btrfs-steps]] +== BTRFS steps + +. If your `/root` partition is encrypted by LUKS, it must be decrypted. + +.. Make sure the crypt module is in use. ++ +---- +# modprobe dm-crypt +---- + +.. Decrypt the `/root` partition (e.g. `/dev/sda3`). ++ +---- +# cryptsetup luksOpen /dev/sda3 myvolume +---- ++ +The decrypted device (i.e. `myvolume`) will be accessible under `/dev/mapper/`. + +. Mount the `/root` partition. + +* For LUKS. ++ +---- +# mount /dev/mapper/myvolume /mnt -o subvol=root +---- +* For non-LUKS. ++ +---- +# mount /dev/sda3 /mnt -o subvol=root +---- ++ + +. Mount the `/boot` partition (e.g. `/dev/sda2)`. ++ +---- +# mount /dev/sda2 /mnt/boot +---- ++ + +. Mount system processes and devices into the `/root` filesystem. ++ +---- +# mount -o bind /dev /mnt/dev +# mount -o bind /proc /mnt/proc +# mount -o bind /sys /mnt/sys +# mount -o bind /run /mnt/run +---- ++ +. On UEFI systems, bind the `efivars` directory and mount the EFI system partition (e.g. `/dev/sda1`). ++ +---- +# mount -o bind /sys/firmware/efi/efivars /mnt/sys/firmware/efi/efivars +# mount /dev/sda1 /mnt/boot/efi +---- ++ +. Change your filesystem to the one mounted under `/mnt/`. ++ +---- +# chroot /mnt/ +---- ++ +. Re-install *GRUB2*. + +* On UEFI systems, several packages are required. ++ +---- +/]# dnf reinstall shim-* grub2-efi-* grub2-common + +---- +* On BIOS systems, specify the disk (e.g. `/dev/sda`) where *GRUB2* should be installed. ++ +---- +/]# grub2-install /dev/sda +---- ++ +. Re-generate the *GRUB2* configuration file. ++ +---- +/]# grub2-mkconfig -o /boot/grub2/grub.cfg +---- ++ +. Sync and exit the chroot. ++ +---- +/]# sync && exit +---- ++ +. Reboot the system. + +[[lvm-steps]] +== LVM steps + +. If your `/root` partition is encrypted by LUKS, it must be decrypted. + +.. Make sure the crypt module is in use. ++ +---- +# modprobe dm-crypt +---- + +.. Decrypt the `/root` partition (e.g. `/dev/sda3`). ++ +---- +# cryptsetup luksOpen /dev/sda3 myvolume +---- + +.. Scan the LVM volumes for the volume group corresponding to the `/root` partition. ++ +---- +# vgscan +---- + +.. Activate the volume group (e.g. `fedora_localhost-live`). ++ +---- +# vgchange -ay fedora_localhost-live +---- + +.. Find the logical volume corresponding to `/root`. ++ +---- +# lvs +---- ++ +The logical volume will be accessible under `/dev/mapper/`. + +. Create a `root` directory under `/mnt`. ++ +---- +# mkdir -p /mnt/root +---- ++ +. Mount the logical volume (e.g. `/dev/mapper/fedora_localhost--live-root`) corresponding to the `/root` partition. ++ +---- +# mount /dev/mapper/fedora_localhost--live-root /mnt/root +---- ++ +. Mount the `/boot` partition (e.g. `/dev/sda2`). ++ +---- +# mount /dev/sda2 /mnt/root/boot +---- ++ +. Mount system processes and devices into the `/root` filesystem. ++ +---- +# mount -o bind /dev /mnt/root/dev +# mount -o bind /proc /mnt/root/proc +# mount -o bind /sys /mnt/root/sys +# mount -o bind /run /mnt/root/run +---- ++ +. On UEFI systems, bind the `efivars` directory and mount the EFI system partition (e.g. `/dev/sda1`). ++ +---- +# mount -o bind /sys/firmware/efi/efivars /mnt/root/sys/firmware/efi/efivars +# mount /dev/sda1 /mnt/root/boot/efi +---- ++ +. Change your filesystem to the one mounted under `/mnt/root`. ++ +---- +# chroot /mnt/root/ +---- ++ +. Re-install *GRUB2* and re-generate the *GRUB2* configuration file. + +* On UEFI systems, several packages are required. ++ +---- +/]# dnf reinstall shim-* grub2-efi-* grub2-common +/]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg +---- +* On BIOS systems, specify the disk (e.g. `/dev/sda`) where *GRUB2* should be installed. ++ +---- +/]# grub2-install /dev/sda +/]# grub2-mkconfig -o /boot/grub2/grub.cfg +---- ++ +. Sync and exit the chroot. ++ +---- +/]# sync && exit +---- ++ +. Reboot the system. \ No newline at end of file diff --git a/modules/ROOT/partialsdelete/2delete-proc_revoking-gpg-keys.adoc b/modules/ROOT/partialsdelete/2delete-proc_revoking-gpg-keys.adoc new file mode 100644 index 0000000..c98d6dd --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_revoking-gpg-keys.adoc @@ -0,0 +1,45 @@ +[[revoking-gpg-keys]] += GPG Key Revocation + +When you revoke a key, you withdraw it from public use. +_You should only have to do this if it is compromised or lost, or you forget the passphrase._ + +[[generating-a-revocation-certificate]] +== Generating a Revocation Certificate + +When you create the key pair you should also create a key revocation certificate. +If you later issue the revocation certificate, it notifies others that the public key is not to be used. +Users may still use a revoked public key to verify old signatures, but not encrypt messages. +As long as you still have access to the private key, messages received previously may still be decrypted. +If you forget the passphrase, you will not be able to decrypt messages encrypted to that key. + +---- +gpg --output revoke.asc --gen-revoke KEYNAME +---- + +If you do not use the `--output` flag, the certificate will print to standard output. + +For `KEYNAME`, substitute either the key ID of your primary keypair or any part of a user ID that identifies your keypair. +Once you create the certificate (the `revoke.asc` file), you should protect it. +If it is published by accident or through the malicious actions of others, the public key will become unusable. +It is a good idea to write the revocation certificate to secure removable media or print out a hard copy for secure storage to maintain secrecy. + +[[revoking-a-key]] +== Revoking a key + +. Revoke the key locally: ++ +---- +gpg --import revoke.asc +---- ++ +Once you locally revoke the key, you must send the revoked certificate to a keyserver, regardless of whether the key was originally issued in this way. +Distribution through a server helps other users to quickly become aware the key has been compromised. + +. Export to a keyserver with the following command: ++ +---- +gpg --keyserver hkp://pgp.mit.edu --send-keys KEYNAME +---- ++ +For `KEYNAME`, substitute either the key ID of your primary keypair or any part of a user ID that identifies your keypair. diff --git a/modules/ROOT/partialsdelete/2delete-proc_run-docker-using-sudo.adoc b/modules/ROOT/partialsdelete/2delete-proc_run-docker-using-sudo.adoc new file mode 100644 index 0000000..69a2e7d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_run-docker-using-sudo.adoc @@ -0,0 +1,11 @@ +[[procedure-run-docker-using-sudo]] += Run Docker using sudo + +. Set up [command]`sudo` as shown in xref:performing-administration-tasks-using-sudo.adoc.adoc#con_using-sudo-assign-admin-privileges[Using sudo to assign administrator privileges]. +. Create an alias for running the docker command by adding the following line to your `~/.bashrc` file: ++ +---- +alias docker="sudo /usr/bin/docker" +---- ++ +When the user executes the docker command as non-root, sudo will be used to manage access and provide logging. diff --git a/modules/ROOT/partialsdelete/2delete-proc_running_vlc.adoc b/modules/ROOT/partialsdelete/2delete-proc_running_vlc.adoc new file mode 100644 index 0000000..3272b74 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_running_vlc.adoc @@ -0,0 +1,20 @@ +[[running-vlc]] += Running VLC + +* To run the VLC media player using GUI: ++ +-- +. Open the launcher by pressing the _Super_ key. +. Type _vlc_. +. Press _Enter_. +-- + + +* To run VLC from the command line: ++ +[subs="quotes"] +---- +$ vlc _source_ +---- ++ +Replace _source_ with path to the file to be played, URL, or other data source. For more details, see link:https://wiki.videolan.org/Documentation:Command_line/#Opening_streams[Opening streams] on VideoLAN wiki. diff --git a/modules/ROOT/partialsdelete/2delete-proc_securing-apache-httpd.adoc b/modules/ROOT/partialsdelete/2delete-proc_securing-apache-httpd.adoc new file mode 100644 index 0000000..3d23b73 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_securing-apache-httpd.adoc @@ -0,0 +1,121 @@ +[id='securing-apache-httpd'] += Securing Apache HTTPD + +To enable TLS/SSL support, download and install one of the following packages: + +* https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl], based on https://www.openssl.org[OpenSSL] +* https://packages.fedoraproject.org/pkgs/mod_gnutls/mod_gnutls/[mod_gnutls], based on https://www.gnutls.org/[GnuTLS] +* https://packages.fedoraproject.org/pkgs/mod_nss/mod_nss/[mod_nss], based on https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS[NSS] + + +[id='using-mod-ssl'] +== Using mod_ssl + + +[id='installing-mod-ssl'] +=== Installing mod_ssl + +The https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl] package will be automatically enabled post installation. Install the https://packages.fedoraproject.org/pkgs/httpd/mod_ssl/[mod_ssl] package using the following command: + +---- +sudo dnf install mod_ssl -y +---- + + +[id='generating-new-certificate'] +=== Generating a new certificate + +To generate a new certificate, refer to https://fedoraproject.org/wiki/Https#openssl[Create a certificate using OpenSSL]. +// The topic ID can be used here instead of the absolute link. Have used absolute link as the destination content in question is in a topic that may not be a part of this activity. + + +[id='installing-existing-certificate'] +=== Installing an existing certificate + +If you already have a certificate generated on another computer, do the following: + +. Move the certificate and the key file to the correct folder ++ +---- +sudo mv key_file.key /etc/pki/tls/private/myhost.com.key +sudo mv certificate.crt /etc/pki/tls/certs/myhost.com.crt +---- ++ +. Ensure that the following parameters are correct: ++ +.. SELinux contexts ++ +---- +restorecon /etc/pki/tls/private/myhost.com.key +restorecon /etc/pki/tls/certs/myhost.com.crt +---- ++ +.. Ownership ++ +---- +sudo chown root.root /etc/pki/tls/private/myhost.com.key +sudo chown root.root /etc/pki/tls/certs/myhost.com.crt +---- ++ +.. Permissions ++ +---- +sudo chmod 0600 /etc/pki/tls/private/myhost.com.key +sudo chmod 0600 /etc/pki/tls/certs/myhost.com.crt +---- + +After installing the existing certificate, set up the certificate using <>. + + +[id='mod-ssl-configuration'] +=== mod_ssl configuration + +The default TLS/SSL configuration is contained in the file `/etc/httpd/conf.d/ssl.conf`. In the `ssl.conf` file, following are the directives that specify where the TLS/SSL certificate and key are located: + +---- +SSLCertificateFile /etc/pki/tls/certs/localhost.crt +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +---- + +These directives are enclosed in a block defining a https://httpd.apache.org/docs/current/vhosts/[virtual host]: + +---- + +... +SSLCertificateFile /etc/pki/tls/certs/localhost.crt +... +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +... + +---- + +To define a different location for these files, do the following: + +. Create a copy of the `/etc/httpd/conf.d/ssl.conf` file and renew the file to `z-ssl-local.conf`. ++ +. Edit the following lines in the `z-ssl-local.conf` file: + +---- + +SSLCertificateFile /etc/pki/tls/certs/www.myhost.org.crt +SSLCertificateKeyFile /etc/pki/tls/private/www.myhost.org.key + +---- + +This file will override the two settings for the `pass:[_default_]:443` virtual host; all other settings from `ssl.conf` will be retained. + + +[id='settings-individual-virtual-hosts'] +=== Settings for individual virtual hosts + +To use SSL/TLS for a specific virtual host with a different certificate as default, do the following: + +. Open that virtual host's configuration file `/etc/httpd/conf.d/hostname.conf`. ++ +. Insert these lines between `` and ``: ++ +---- +SSLEngine on +SSLCertificateFile /etc/pki/tls/certs/hostname.crt +SSLCertificateKeyFile /etc/pki/tls/private/hostname.key +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_setting-automatic-updates.adoc b/modules/ROOT/partialsdelete/2delete-proc_setting-automatic-updates.adoc new file mode 100644 index 0000000..b17c682 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_setting-automatic-updates.adoc @@ -0,0 +1,66 @@ +[id='setting-automatic-updates'] += Setting automatic updates + +This section describes how to use the DNF Automatic application to automatically: + +* Download and install any new updates +* Only download the updates +* Get notified about the updates + +[discrete] +== Procedure + +. Install the [package]_dnf-automatic_ package: ++ +---- +sudo dnf install dnf-automatic +---- + +. Edit the [filename]`/etc/dnf/automatic.conf` configuration file as needed. See the https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation for details. + +. Enable and start the `systemd` timer: ++ +[literal,subs="+quotes,attributes"] +---- +sudo systemctl enable --now _timer_ +---- ++ +Replace `_timer_` with one of following ones depending on what action you want to do: ++ +-- +* `dnf-automatic-install.timer` to download and install packages +* `dnf-automatic-download.timer` to only download packages +* `dnf-automatic-notifyonly.timer` to only get a notification using configured emitters in the [filename]`/etc/dnf/automatic.conf` file. +-- ++ +For example: ++ +---- +sudo systemctl enable --now dnf-automatic-install.timer +Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-install.timer → /usr/lib/systemd/system/dnf-automatic-install.timer. +---- + +. Ensure that the timer has been successfully enabled and started: ++ +[literal,subs="+quotes,attributes"] +---- +sudo systemctl status _timer_ +---- ++ +Replace `_timer_` with the timer from the previous step, for example: ++ +---- +sudo systemctl status dnf-automatic-install.timer +● dnf-automatic-install.timer - dnf-automatic-install timer + Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.timer; enabled; vendor preset: disabled) + Active: active (waiting) since Fri 2021-01-29 14:50:22 +08; 1s ago + Trigger: Sat 2021-01-30 06:05:57 +08; 15h left + Triggers: ● dnf-automatic-install.service + +Jan 29 14:50:22 localhost.localdomain systemd[1]: Started dnf-automatic-install timer. +---- + +[discrete] +== Additional Resources + +* The https://dnf.readthedocs.io/en/latest/automatic.html[DNF Automatic] documentation diff --git a/modules/ROOT/partialsdelete/2delete-proc_setting-default-entry-for-grub2.adoc b/modules/ROOT/partialsdelete/2delete-proc_setting-default-entry-for-grub2.adoc new file mode 100644 index 0000000..e793b59 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_setting-default-entry-for-grub2.adoc @@ -0,0 +1,56 @@ +[[setting-default-entry]] += Setting default entry for GRUB2 + +Since `grub2-mkconfig` (and *os-prober*) cannot estimate which operating system, of those it finds, is to be marked as default, we usually are unable to predict the order of the entries in `/boot/grub2/grub.cfg`. To change the default layout, we need to set the default based on the `name` or `title`. + +.Before you start + +. Open `/etc/default/grub` and make sure these lines exist in the file. ++ +---- +GRUB_DEFAULT=saved +GRUB_SAVEDEFAULT=false +---- + +. If you needed to change the content of the `/etc/default/grub`, apply the changes to `grub.cfg`. ++ +---- +# grub2-mkconfig -o /boot/grub2/grub.cfg +---- + +.Procedure + +. List all possible menu entries. ++ +---- +# grep -P "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2 +---- + +. Select one of the displayed options and use it as an argument to set the default menu entry. ++ +---- +# grub2-set-default +---- + +. Verify the default menu entry ++ +---- +# grub2-editenv list +---- + +. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in link:#adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. + + +.More information + +If you understand the risks involved, you can manually modify the `/boot/grub2/grub.cfg` file. In that case, set the number of the default operating system using the `set default` variable. + +For example: +---- +set default="5" +---- + +[NOTE] +==== +If you edit the configuration file manually, the settings will be overwritten each time the `grub2-mkconfig` command runs. +==== diff --git a/modules/ROOT/partialsdelete/2delete-proc_setting-password-for-interactive-edit-mode.adoc b/modules/ROOT/partialsdelete/2delete-proc_setting-password-for-interactive-edit-mode.adoc new file mode 100644 index 0000000..49ce063 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_setting-password-for-interactive-edit-mode.adoc @@ -0,0 +1,33 @@ +[[setting-password-for-interactive-edit-mode]] += Setting a password for interactive edit mode + +If you wish to protect the *GRUB2* interactive edit mode with a password, but allow ordinary users to boot the computer, you have to create a definition file where you set up this functionality: + +.Procedure + +. Create the `/etc/grub.d/01_users` file and write the following lines into the file. ++ +---- +set superusers="root" +export superusers +password root +---- + +. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. + + +.More information + +You can encrypt the password by using *pbkdf2*. Use `grub2-mkpasswd-pbkdf2` to encrypt the password, then replace the password line with: + +---- +password_pbkdf2 root grub.pbkdf2.sha512.10000.1B4BD9B60DE889A4C50AA9458C4044CBE129C9607B6231783F7E4E7191D8254C0732F4255178E2677BBE27D03186E44815EEFBAD82737D81C87F5D24313DDDE7.E9AEB53A46A16F30735E2558100D8340049A719474AEEE7E3F44C9C5201E2CA82221DCF2A12C39112A701292BF4AA071EB13E5EC8C8C84CC4B1A83304EA10F74 +---- + +More details can be found at https://help.ubuntu.com/community/Grub2/Passwords[Ubuntu Help: GRUB2 Passwords]. + +[NOTE] +==== +Starting from Fedora 21, the `--md5pass` kickstart option must be used when using the `grub2-mkpasswd-pbkdf2` command. +==== + diff --git a/modules/ROOT/partialsdelete/2delete-proc_solving-absent-floppy.adoc b/modules/ROOT/partialsdelete/2delete-proc_solving-absent-floppy.adoc new file mode 100644 index 0000000..e7a74f3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_solving-absent-floppy.adoc @@ -0,0 +1,11 @@ +[[solving-absent-floppy]] += Dealing with the "Absent Floppy Disk" Error + +It has been reported by some users that *GRUB2* may fail to install on a partition's boot sector if the computer's floppy controller is activated in BIOS without an actual floppy disk drive being present. Such situations resulted in an _Absent Floppy Disk_ error. + +To workaround this issue, go into the rescue mode and follow the procedure in link:#installing-grub-2-on-a-bios-system[Installing GRUB2 on a BIOS system] *GRUB2*, but use the `--no-floppy` option with the `grub2-install` command. + +---- +# grub2-install --no-floppy +---- + diff --git a/modules/ROOT/partialsdelete/2delete-proc_starting-stopping-and-querying-systemd-services.adoc b/modules/ROOT/partialsdelete/2delete-proc_starting-stopping-and-querying-systemd-services.adoc new file mode 100644 index 0000000..932a254 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_starting-stopping-and-querying-systemd-services.adoc @@ -0,0 +1,67 @@ +[#starting-stopping-and-querying-systemd-services] += Starting, stopping, and querying systemd services + +You can perform various management tasks to control _systemd_ services using the `systemctl` command. The following is a set of example commands to demonstrate how to use `systemctl` to manage _systemd_ services. + +[discrete] +== Prerequisites + +You are logged in as a user with administrator-level permissions. + +[discrete] +== Procedure + +The following commands control the `foo` service: + +* Activate a service immediately: ++ +---- +# systemctl start foo +---- + +* Deactivate a service immediately: ++ +---- +# systemctl stop foo +---- + +* Restart a service: ++ +---- +# systemctl restart foo +---- + +* Show the status of a service including, whether it is running or not: ++ +---- +# systemctl status foo +---- + +* Enable a service to be started on boot: ++ +---- +# systemctl enable foo +---- + +* Disable a service to not start during boot: ++ +---- +# systemctl disable foo +---- + +* Prevent a service from starting dynamically or even manually unless unmasked: ++ +---- +# systemctl mask foo +---- + +* Check if a service is enabled or not: ++ +---- +# systemctl is-enabled foo +---- + +[discrete] +== Related Information + +* Run `man systemctl` for more details. diff --git a/modules/ROOT/partialsdelete/2delete-proc_starting_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_starting_firewalld.adoc new file mode 100644 index 0000000..47b13b2 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_starting_firewalld.adoc @@ -0,0 +1,22 @@ +// Module included in the following assemblies: +// +// firewalld.adoc + + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=starting-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Starting firewalld + +Start firewalld, by entering the following commands: + +---- +$ sudo systemctl unmask firewalld +$ sudo systemctl start firewalld +---- + +To make firewalld start automatically at system start: + +---- +$ sudo systemctl enable firewalld +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_stopping_firewalld.adoc b/modules/ROOT/partialsdelete/2delete-proc_stopping_firewalld.adoc new file mode 100644 index 0000000..a8993b9 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_stopping_firewalld.adoc @@ -0,0 +1,29 @@ +// Module included in the following assemblies: +// +//firewalld.adoc + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id=stopping-firewalld-fedora] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Stopping firewalld + + +To stop firewalld, enter the following command as root: +---- +$ sudo systemctl stop firewalld +---- + +Prevent firewalld from starting automatically at system start, enter the following command as root: +---- +$ sudo systemctl disable firewalld +---- + +Make sure firewalld is not started by accessing the firewalld D-Bus interface and also if other services require firewalld, enter the following command as root: +---- +$ sudo systemctl mask firewalld +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_switching-between-java-versions.adoc b/modules/ROOT/partialsdelete/2delete-proc_switching-between-java-versions.adoc new file mode 100644 index 0000000..57cdc21 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_switching-between-java-versions.adoc @@ -0,0 +1,17 @@ += Switching between Java Versions + +You might have installed several versions of Java on your system, you can switch from one. + +After running this command, you will see a list of all installed Java versions, select: + +---- +sudo alternatives --config java +---- + +Simply enter a selection number to choose which java executable should be used by default. + +* verify: + +---- +java -version +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc new file mode 100644 index 0000000..d99baf3 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-live-usb.adoc.delete.adoc @@ -0,0 +1,60 @@ +[id='troubleshooting_live_USB'] += Troubleshooting a live USB + + +== livecd-iso-to-disk problems + +Partition isn't marked bootable:: If you get the message `Partition isn't marked bootable!`, you need to mark the partition bootable. To do this, run `parted /dev/sdX`, and use the `toggle N` boot command, where `_X_` is the appropriate letter, and `_N_` is the partition number. For example: ++ +[source,shell,subs="attributes"] +---- +$ parted /dev/sdb +GNU Parted 1.8.6 +Using /dev/sdb +Welcome to GNU Parted! Type 'help' to view a list of commands. +(parted) print +Model: Imation Flash Drive (scsi) +Disk /dev/sdX: 1062MB +Sector size (logical/physical): 512B/512B +Partition Table: msdos + +Number Start End Size Type File system Flags + 1 32.3kB 1062MB 1062MB primary fat16 + +(parted) toggle 1 boot +(parted) print +Model: Imation Flash Drive (scsi) +Disk /dev/sdX: 1062MB +Sector size (logical/physical): 512B/512B +Partition Table: msdos + +Number Start End Size Type File system Flags + 1 32.3kB 1062MB 1062MB primary fat16 boot + +(parted) quit +Information: Don't forget to update /etc/fstab, if necessary. +---- + +Partitions need a filesystem label:: If you get the message `Need to have a filesystem label` or `UUID` for your USB device, you need to label the partition: `dosfslabel /dev/sdX LIVE`. + +Partition has different physical/logical endings:: If you get this message from fdisk, you may need to reformat the flash drive when writing the image, by passing `--format` when writing the stick. + +MBR appears to be blank:: If your test boot reports a corrupted boot sector, or you get the message `MBR appears to be blank.`, you need to install or reset the master boot record (MBR), by passing `--reset-mbr` when writing the stick. + +livecd-iso-to-disk on other Linux distributions:: `livecd-iso-to-disk` is not meant to be run from a non-Fedora system. Even if it happens to run and write a stick apparently successfully from some other distribution, the stick may well fail to boot. Use of `livecd-iso-to-disk` on any distribution other than Fedora is unsupported and not expected to work: please use an alternative method, such as link:#using-fedora-media-writer[Fedora Media Writer]. + + +== Testing a USB stick using qemu + +You can test your stick using QEMU. + +[options="nowrap"] +---- +# umount /dev/sdX1 +$ qemu -hda /dev/sdX -m 1024 -vga std +---- + + +== Mounting a Live USB filesystem + +You can use the https://github.com/livecd-tools/livecd-tools/blob/master/tools/liveimage-mount[liveimage-mount] script in the https://packages.fedoraproject.org/pkgs/livecd-tools/livecd-tools/[livecd-tools] package to mount an attached Live USB device or other LiveOS image, such as an ISO or Live CD. This is convenient when you want to copy in or out some file from the LiveOS filesystem on a Live USB, or just examine the files in a Live ISO or Live CD. diff --git a/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-mysql.adoc b/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-mysql.adoc new file mode 100644 index 0000000..21a8b4d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_troubleshooting-mysql.adoc @@ -0,0 +1,96 @@ +[id='how-to-troubleshoot-issues-in-sql'] += How To Troubleshoot Issues in SQL + +Version: + +---- +dnf list installed | grep -i -e maria -e mysql -e galera +---- + +Check parameters in configuration file: + +* MySQL: + +---- +mysqld --print-defaults +---- + +* MariaDB/MySQL Comunnity: + +---- +/usr/libexec/mysqld --print-defaults +---- + +WARNING: Compatiblity between different version are not allowed Just install one of them. + +== How to Access SQL Error Logs + +Oftentimes, the root cause of slowdowns, crashes, or other unexpected behavior in SQL can +In many cases, the error logs are most easily read with the less program, a command line u + +if SQL isn’t behaving as expected, you can obtain more information about the source of the + +* **systemctl status mysqld.service** doesn't start well, This information doesn’t explain + well what is happening?, after this command you should type `journalctl -xe -u mariadb -u mysqld`. +* Look at Log files, can be located in `/var/log/mysql/mysqld.log` for MySQL, and `/var/log/mariabd` for MariaDB. + +== How To Troubleshoot Socket Errors in SQL + +SQL manages connections to the database server through the use of a socket file, a special kind of file that facilitates communications between different processes. The MySQL server’s socket file is named mysqld.sock and on Ubuntu systems it’s usually stored in the /var/run/mysqld/ directory. This file is created by the MySQL service automatically. + +Sometimes, changes to your system or your SQL configuration can result in SQL being unable to read the socket file, preventing you from gaining access to your databases. The most common socket error looks like this: + +---- +ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) +---- + +There are a few reasons why this error may occur, and a few potential ways to resolve it. +One common cause of this error is that the SQL service is stopped or did not start to begin with, meaning that it was unable to create the socket file in the first place. To find out if this is the reason you’re seeing this error, try starting the service with _systemctl_: + +---- +sudo systemctl start {mysqld|mariadb} +---- + +Then try accessing the MySQL prompt again. If you still receive the socket error, double check the location where your MySQL installation is looking for the socket file. This information can be found in the `mysqld.cnf` file: + +look for the socket parameter in the [mysqld] section of this file. It will look like this: + +---- +[mysqld] +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +---- + +Close this file, then ensure that the mysqld.sock file exists by running an ls command on the directory where SQL expects to find it: + +---- +ls -a /var/run/mysqld/ +---- + +If the socket file exists, you will see it in this command’s output: + +---- +mysqld.pid mysqld.sock mysqld.sock.lock +---- + +if the file does not exist, the reason may be that MySQL is trying to create it, but does not have adequate permissions to do so. You can ensure that the correct permissions are in place by changing the directory’s ownership to the mysql user and group: + +---- +sudo chown mysql:mysql /var/run/mysqld/ +---- + +Then ensure that the mysql user has the appropriate permissions over the directory. Setting these to 775 will work in most cases: + +---- +sudo chmod -R 755 /var/run/mysqld/ +---- + +Finally, restart the MySQL service so it can attempt to create the socket file again: + +---- +sudo systemctl restart {mysqld|mariadb} +---- + +Then try accessing the MySQL prompt once again. If you still encounter the socket error, there’s likely a deeper issue with your MySQL instance, in which case you should review the error log to see if it can provide any clues. diff --git a/modules/ROOT/partialsdelete/2delete-proc_using-grub2-prompt.adoc b/modules/ROOT/partialsdelete/2delete-proc_using-grub2-prompt.adoc new file mode 100644 index 0000000..d9552f7 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_using-grub2-prompt.adoc @@ -0,0 +1,147 @@ += Using the GRUB2 boot prompt +[[using-the-grub-2-boot-prompt]] + +If improperly configured, *GRUB2* may fail to load and subsequently drop +to a boot prompt. To boot into the system, follow the steps below. + +.Procedure + +. Load the necessary modules to read your system's partitions (you will also need to load `part_msdos` or `part_gpt`, depending on your partition table). ++ +* For BTRFS filesystems (Fedora 33 or newer). ++ +---- +grub> insmod btrfs +---- ++ +* For LVM filesystems (older than Fedora 33). ++ +---- +grub> insmod xfs +grub> insmod lvm +---- + +. List the drives which *GRUB2* sees. ++ +---- +grub> ls +---- + +. Examine the output to understand the partition table of the `/dev/sda` device. The following example shows a DOS partition table with three partitions. ++ +---- +(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1) +---- ++ +A GPT partition table of the `/dev/sda` device with four partitions could look like this. ++ +---- +(hd0) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) +---- + +. Probe each partition of the drive and locate your `vmlinuz` and `initramfs` files. ++ +---- +grub> ls (hd0,1)/ +---- ++ +The outcome of the previous command will list the files on `/dev/sda1`. The partition that contains the `/boot` directory is the correct one. There you will search for the full names of the `vmlinuz` and `initramfs` files. + +. Follow the <> or the <> to recover your system. + +. After the pre-boot setup, boot the system. ++ +---- +grub> boot +---- + +. To restore the bootloader's functionality, regenerate the *GRUB2* configuration file and reinstall the bootloader, as described in xref:adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. + +[[btrfs-boot-setup]] +== Pre-boot setup for BTRFS filesystems. + +* On BIOS systems. + +. Set *GRUB2* root to your `/boot` partition. If your `/boot` partition is `(hd0,msdos1)`, the command will be. ++ +---- +grub> set root=(hd0,msdos1) +---- ++ + +. Next, select the desired kernel. Set the `/root` partition (e.g. `/dev/sda2`). ++ +---- +grub> linux /vmlinuz-5.14.10-300.fc35.x86_64 root=/dev/sda2 ro rootflags=subvol=root +---- ++ + +* On UEFI systems. + +. Set *GRUB2* root to your EFI system partition. If your EFI system partition is `(hd0,gpt1)`, use this command. ++ +---- +grub> set root=(hd0,gpt1) +---- ++ + +. Next, select the desired kernel. Find the path to `vmlinuz` and set the `/root` partition (e.g. `/dev/sda3`). ++ +---- +grub> linux (hd0,gpt2)/vmlinuz-5.14.10-300.fc35.x86_64 root=/dev/sda3 ro rootflags=subvol=root +---- ++ + +. Select the RAM filesystem that will be loaded. ++ +---- +grub> initrd (hd0,gpt2)/initramfs-5.14.10-300.fc35.x86_64.img +---- + +[[lvm-boot-setup]] +== Pre-boot setup for LVM filesystems. + +* On BIOS systems. + +. Set *GRUB2* root to your `/boot` partition. If your `/boot` partition is `(hd0,msdos1)`, use this command. ++ +---- +grub> set root=(hd0,msdos1) +---- ++ + +. Next, select the desired kernel. Set `root` to the logical volume that corresponds to the `/root` directory. ++ +---- +grub> linux /vmlinuz-3.0.0-1.fc16.i686 root=/dev/mapper/fedora_localhost--live-root +---- ++ + +. Select the RAM filesystem that will be loaded. ++ +---- +grub> initrd /initramfs-3.0.0-1.fc16.i686.img +---- ++ + +* On UEFI systems. + +. Set *GRUB2* root to your EFI system partition. If your EFI system partition is `(hd0,gpt1)`, use this command. ++ +---- +set root=(hd0,gpt1) +---- ++ + +. Next, select the desired kernel. Find the path to `vmlinuz` and set `root` to the logical volume that corresponds to the `/root` directory. ++ +---- +linux (hd0,gpt2)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/mapper/fedora_localhost--live-root +---- ++ + +. Select the RAM filesystem that will be loaded. ++ +---- +initrd (hd0,gpt2)/initramfs-3.0.0-1.fc16.i686.img +---- diff --git a/modules/ROOT/partialsdelete/2delete-proc_using-mysql-mariadb.adoc b/modules/ROOT/partialsdelete/2delete-proc_using-mysql-mariadb.adoc new file mode 100644 index 0000000..372a42d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_using-mysql-mariadb.adoc @@ -0,0 +1,37 @@ += Using the RDBMS + +Connect to the MySQL/MariaDB shell using the `mysql` command. + +For both of them, the command is `mysql`. The syntax an the options are generally the same. + +---- +$ mysql -u root -p +---- + +Once gained access to the shell you can get the running version of the software: + +---- +mysql> SELECT version(); +---- + +You can create a database: + +---- +mysql> create schema test; +---- + +Create a user: + +---- +mysql> GRANT ALL PRIVILEGES ON test.* TO 'my_user'@'localhost' IDENTIFIED BY 'PaSsWoRd'; +---- + +List the available databases: + +---- +mysql> show schemas; +---- + +== Files location + +The database disk storage is located in `/var/lib/mysql`. diff --git a/modules/ROOT/partialsdelete/2delete-proc_using-old-graphics-modes.adoc b/modules/ROOT/partialsdelete/2delete-proc_using-old-graphics-modes.adoc new file mode 100644 index 0000000..96883a7 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_using-old-graphics-modes.adoc @@ -0,0 +1,18 @@ +[[using-old-graphics-modes]] += Using old graphics modes in bootloader + +The terminal device is chosen with GRUB_TERMINAL. For more information, see the link:https://www.gnu.org/software/grub/manual/grub/grub.html#Simple-configuration[Grub manual]. + +Valid terminal output names depend on the platform, but may include `console` (PC BIOS and EFI consoles), `serial` (serial terminal), `gfxterm` (graphics-mode output), `ofconsole` (Open Firmware console), or `vga_text` (VGA text output, mainly useful with Coreboot). + +The default is to use the platform's native terminal output. + +In Fedora, `gfxterm` is the default options. To get the legacy graphics modes: + +.Procedure + +. Edit the `/etc/default/grub` file. + +. Set the `GRUB_TERMINAL` variable to one of the above mentioned options. + +. Regenerate the *GRUB2* configuration file and reinstall the bootloader into the MBR, as described in link:#adding-other-operating-systems-grub2[Adding other operating systems to the *GRUB2* menu]. diff --git a/modules/ROOT/partialsdelete/2delete-proc_using-same-password-for-root-as-user.adoc b/modules/ROOT/partialsdelete/2delete-proc_using-same-password-for-root-as-user.adoc new file mode 100644 index 0000000..0932808 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-proc_using-same-password-for-root-as-user.adoc @@ -0,0 +1,25 @@ +[id='proc_using-same-password-for-root-as-user'] += Using the same password for root as the user account + +If you use a single user desktop, you might find it convenient to configure [command]`sudo`, so you can use the same password to access *root* as you use for your regular account. To do this, select to be added to the Administration group during installation. To do it at later stage, or to add a different user, use the following procedure: + +. Become the *root* user: ++ +---- +$ su - +---- ++ +. Enter the password for the root account when prompted. + +. To use your regular password for the root access, run: ++ +[subs=quotes] +---- +# usermod _USERNAME_ -a -G groupname +---- ++ +Replace `_USERNAME_` with your account name + +. Log off and back on in order to have access to the group. + +NOTE: When [command]`sudo` prompts you for a password, it expects your user password, not the `root` password. diff --git a/modules/ROOT/partialsdelete/2delete-ref_Configuring-networking-with-nmcli.adoc b/modules/ROOT/partialsdelete/2delete-ref_Configuring-networking-with-nmcli.adoc new file mode 100644 index 0000000..01f6c10 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_Configuring-networking-with-nmcli.adoc @@ -0,0 +1,214 @@ +[id='Configuring-networking-with-nmcli'] += Configuring networking with nmcli - quick reference + +[[networkmanager-status]] +== NetworkManager status + +Display overall status of NetworkManager: +---- +$ nmcli general status +---- + +Display active connections: +---- +$ nmcli connection show --active +---- + +Display all configured connections: +---- +$ nmcli connection show configured +---- + +[[connectdisconnect-to-an-already-configured-connection]] +== Connect/disconnect to an already configured connection + +Connect to a configured connection by name: +---- +$ nmcli connection up id +---- + +Disconnection by name: +---- +$ nmcli connection down id +---- + +[[wi-fi]] +== Wi-Fi + +Get Wi-Fi status: +---- +$ nmcli radio wifi +---- + +Turn Wi-Fi on or off: +---- +$ nmcli radio wifi _on|off_ +---- + +List available access points (AP) to connect to: +---- +$ nmcli device wifi list +---- + +Refresh the previous list: +---- +$ nmcli device wifi rescan +---- + +Create a new connection to an open AP: +---- +$ nmcli device wifi connect +---- + +Create a new connection to a password protected AP: +---- +$ nmcli device wifi connect password +---- + + +== Network interfaces + +List available devices and their status: +---- +$ nmcli device status +---- + +Disconnect an interface: +---- +$ nmcli device disconnect iface +---- + +[[create-or-modify-a-connection]] +== Create or modify a connection + +To create a new connection using an interactive editor +---- +$ nmcli connection edit con-name +---- + +To edit an already existing connection using an interactive editor: +---- +$ nmcli connection edit +---- + +[[exampletutorial]] +=== Example/Tutorial + +Create a new connection: +---- +$ nmcli connection edit con-name _name of new connection_ +---- + +It asks us to define a connection type: +---- +Valid connection types: 802-3-ethernet (ethernet), 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave +Enter connection type: +---- + +In this example, we use ethernet: +---- +Enter connection type: ethernet +---- + +The following message appears, note that `nmcli>` is a prompt and that it lists the main settings available: +---- +===| nmcli interactive connection editor |=== + +Adding a new '802-3-ethernet' connection + +Type 'help' or '?' for available commands. +Type 'describe [.]' for detailed property description. + +You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6 +nmcli> +---- + +Edit the setting `ipv4`: +---- +nmcli> goto ipv4 +---- + +Note that after this our prompt has changed to indicate that we are currently editing the `ipv4` setting: +---- +nmcli ipv4> +---- + +List available properties under the `ipv4` setting and describe the `method` property: +---- +nmcli ipv4> describe + +Available properties: method, dns, dns-search, addresses, routes, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-send-hostname, dhcp-hostname, never-default, may-fail +Property name? + +Property name? method +---- + +Set property `method` to `auto`: +---- +nmcli ipv4> set method auto +---- + +The `ipv4` setting is now finished. Go back to the main level. Enter the following command until the prompt looks like `nmcli>`: +---- +nmcli ipv4> back +---- + +To list the main settings again, use the `goto` command without any arguments. After that, press `Enter` and ignore the error. +---- +nmcli> goto + +Available settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6 +Setting name? +---- + +It is possible to set a value for a property directly from the main level: +---- +nmcli> set __setting__.__property__ _value_ +---- + +For example: +---- +nmcli> set connection.autoconnect TRUE + +nmcli> set connection.interface-name _interface name this connection is bound to_ + +nmcli> set ethernet.cloned-mac-address _Spoofed MAC address_ +---- + +Finally, check the connection details, save and exit: +---- +nmcli> print + +nmcli> save + +nmcli> quit +---- + +[[manually-editing]] +=== Manually editing + +To manually edit an `ifcfg` connection configuration, open or create with a text editor the configuration file of the connection located in `/etc/sysconfig/network-scripts/ifcfg-`. + +A description of most common configuration options is available in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-networkscripts-interfaces[RHEL6 Deployment Guide]. + +To modify a connection password, open with a text editor and edit the file `keys-` located in `/etc/sysconfig/network-scripts/`. The password is stored in plain text. For example: +---- +$ cat /etc/sysconfig/network-scripts/keys-__connection name__ +WPA_PSK='password' +---- + +Or, if using keyfile, simply edit the connection file located inside `/etc/NetworkManager/system-connections/` + +Finally, save the files and to apply changes to an already active connection execute. +---- +nmcli connection up id _connection name_ +---- + +[[delete-a-connection-configuration]] +== Delete a connection configuration + +Delete the connection: +---- +nmcli connection delete id +---- +Please note that this also deactivates the connection. diff --git a/modules/ROOT/partialsdelete/2delete-ref_changing-selinux-modes-at-boot-time.adoc b/modules/ROOT/partialsdelete/2delete-ref_changing-selinux-modes-at-boot-time.adoc new file mode 100644 index 0000000..34e660b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_changing-selinux-modes-at-boot-time.adoc @@ -0,0 +1,33 @@ +// Module included in the following assemblies: +// +// assembly_changing-selinux-states-and-modes.adoc + +[#{context}-Enabling_and_Disabling_SELinux-Dracut-parameters] += Changing SELinux Modes at Boot Time + +On boot, you can set several kernel parameters to change the way SELinux runs: + +enforcing=0:: Setting this parameter causes the system to start in permissive mode, which is useful when troubleshooting issues. Using permissive mode might be the only option to detect a problem if your file system is too corrupted. Moreover, in permissive mode, the system continues to create the labels correctly. The AVC messages that are created in this mode can be different than in enforcing mode. ++ +In permissive mode, only the first denial from a series of the same denials is reported. However, in enforcing mode, you might get a denial related to reading a directory, and an application stops. In permissive mode, you get the same AVC message, but the application continues reading files in the directory and you get an AVC for each denial in addition. + +selinux=0:: This parameter causes the kernel to not load any part of the SELinux infrastructure. The init scripts notice that the system booted with the [option]`selinux=0` parameter and touch the `/.autorelabel` file. This causes the system to automatically relabel the next time you boot with SELinux enabled. ++ +[IMPORTANT] +==== +Using the [option]`selinux=0` parameter is not recommended. To debug your system, prefer using permissive mode. +==== + +autorelabel=1:: This parameter forces the system to relabel similarly to the following commands: ++ +---- +# touch /.autorelabel +# reboot +---- ++ +If a file system contains a large amount of mislabeled objects, start the system in permissive mode to make the autorelabel process successful. + +For additional SELinux-related kernel boot parameters, such as [option]`checkreqprot`, see the `kernel-parameters.txt` file. This file is available in the source package of your Linux kernel (.src.rpm). To download the source package containing the currently used kernel: +---- +~]# dnf download --source kernel +---- diff --git a/modules/ROOT/partialsdelete/2delete-ref_common-service-parameters.adoc b/modules/ROOT/partialsdelete/2delete-ref_common-service-parameters.adoc new file mode 100644 index 0000000..7b40f46 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_common-service-parameters.adoc @@ -0,0 +1,118 @@ +[#common-service-parameters] += Common service parameters + +== Unit Parameters + +This section contains parameters you can use in the `[Unit]` section of a service. These parameters are common to other _systemd_ units. + +This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. + +Description:: + A free-form string describing the service. + +Documentation:: + A space-separated list of URIs referencing documentation for this service or its configuration. Accepted are only URIs of the following types: `http://`, `https://`, `file:`, `info:`, `man:`. + +Requires:: + Configures requirement dependencies on other services. If this service gets activated, the units listed here are activated too. If one of the dependent services fails to activate, _systemd_ does not start this service. This option may be specified more than once or you can specify multiple space-separated units. + +Wants:: + Similar to `Requires`, except failed units do not have any effect on the service. + +BindsTo:: + Similar to `Requires`, except stopping the dependent units also stops the service. + +PartOf:: + Similar to `Requires`, except the stopping and restarting dependent units also stop and restart the service. + +Conflicts:: + A space-separated list of unit names that, if running, cause the service not to run. + +Before, After:: + A space-separated list of unit names that configures the ordering of dependencies between services. + +OnFailure:: + A space-separated list of unit names that are activated when this service enters a failed state. + +== Install Parameters + +This section contains parameters you can use in the `[Install]` section of a service. These parameters are common to other _systemd_ units. + +This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. + +Alias:: + A space-separated list of additional names this service shall be installed under. The names listed here must have the same suffix (i.e. type) as the service filename. + +RequiredBy, WantedBy:: + Defines the service as dependent of another service. This usually define the target to trigger an enabled service to run. These options are analogous to the `Requires` and `Wants` in the `[Units]` section. + +Also:: + Additional units to install or uninstall when this service is installed or uninstalled. + +== Service Parameters + +This section contains parameters you can use in the `[Service]` section of a service unit. These parameters are specific only to _systemd_ service units. + +This list is a summarized version. For a full list of these parameters and their descriptions, run `man systemd.unit`. + +Type:: + Configures the process start-up type for this service service: ++ +* `simple` - The service starts as the main process. This is the default. +* `forking` - The service calls forked processes and run as part of the main daemon. +* `oneshot` - Similar to `simple`, except the process must exit before _systemd_ starts follow-up services. +* `dbus` - Similar to `simple`, except the daemon acquires a name of the D-Bus bus. +* `notify` - Similar to `simple`, except the daemon sends a notification message using `sd_notify` or an equivalent call after starting up. +* `idle` - Similar to `simple`, except the execution of the service is delayed until all active jobs are dispatched. + +RemainAfterExit:: + A boolean value that specifies whether the service shall be considered active even if all its processes exited. Defaults to no. + +GuessMainPID:: + A boolean value that specifies whether _systemd_ should guess the main PID of a service if it cannot be determined reliably. This option is ignored unless `Type=forking` is set and `PIDFile` is not set. Defaults to yes. + +PIDFile:: + An absolute filename pointing to the PID file of this daemon. Use of this option is recommended for services where `Type=forking`. _Systemd_ reads the PID of the main process of the daemon after start-up of the service. _Systemd_ does not write to the file configured here, although it removes the file after the service has shut down. + +BusName:: + A D-Bus bus name to reach this service. This option is mandatory for services where `Type=dbus`. + +ExecStart:: + The commands and arguments executed when the service starts. + +ExecStartPre, ExecStartPost:: + Additional commands that are executed before or after the command in `ExecStart`. + +ExecReload:: + The commands and arguments to execute when the service reloads. + +ExecStop:: + The commands and arguments to execute when the service stops. + +ExecStopPost:: + Additional commands to execute after the service stops. + +RestartSec:: + The time in seconds to sleep before restarting a service. + +TimeoutStartSec:: + The time in seconds to wait for the service to start. + +TimeoutStopSec:: + The time in seconds to wait for the service to stop. + +TimeoutSec:: + A shorthand for configuring both `TimeoutStartSec` and `TimeoutStopSec` simultaneously. + +RuntimeMaxSec:: + A maximum time in seconds for the service to run. Pass `infinity` (the default) to configure no runtime limit. + +Restart:: + Configures whether to restart the service when the service's process exits, is killed, or reaches a timeout: ++ +* `no` - The service will not be restarted. This is the default. +* `on-success` - Restart only when the service process exits cleanly (exit code 0). +* `on-failure` - Restart only when the service process does not exit cleanly (node-zero exit code). +* `on-abnormal` - Restart if the process terminates with a signal or when a timeout occurs. +* `on-abort` - Restart if the process exits due to an uncaught signal not specified as a clean exit status. +* `always` - Always restart. diff --git a/modules/ROOT/partialsdelete/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc b/modules/ROOT/partialsdelete/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc new file mode 100644 index 0000000..0084833 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_frequently-asked-questions_-installing-fedora-on-a-raspberry-pi.adoc.delete.adoc @@ -0,0 +1,203 @@ +// Module included in the following assemblies: +// +// + +// Base the file name and the ID on the module title. For example: +// * file name: my-reference-a.adoc +// * ID: [id='my-reference-a'] +// * Title: = My reference A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='reference-material_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. +[[sect-frequently-asked-questions]] += Fedora on Raspberry Pi: Frequently Asked Questions +//In the title of a reference module, include nouns that are used in the body text. For example, "Keyboard shortcuts for ___" or "Command options for ___." This helps readers and search engines find the information quickly. + +Frequently asked questions regarding what is supported. + +== Why do I get a rainbow display when I try and power on my Raspberry Pi? + +Common causes of the rainbow display include: + +* Insufficient power supply. See the xref:raspberry-pi-prerequisites[Prerequisites] section at the beginning of this document. + +* There's no operating system installed. Check that an operating system was installed and the microSD card was properly inserted into the Raspberry Pi. + For instructions about Fedora ARM on Raspberry Pi: +** For Fedora users, see: <>. +** For users of other Linux distributions, see: <>. +** For Microsoft Windows users, see: <>. +** For macOS users, see: <>. + +* If you try to use Fedora on a Raspberry Pi 1, Raspberry Pi Zero, or a Raspberry Pi model A, you will receive the rainbow display. This occurs because your Raspberry Pi is not supported (ARMv6 SoCs architectures are not supported). + +== What desktop environments are supported? + +All desktops as shipped in Fedora should work and both 2D and 3D graphics work out of the box. +There is an open source fully accelerated driver for the Video Core IV GPU. + +== Will there be more enhancements to the hardware support? + +Yes. +New enhancements will be delivered by the standard Fedora updates mechanism. +New, significant features will be announced by the link:https://fedoramagazine.org/[Fedora Magazine] or the link:http://fedoraplanet.org/[Fedora Planet]. + +== What about support for the Raspberry Pi Models A/A+, B/B+ (generation 1), Zero/ZeroW and Compute Module? + +These Raspberry Pi models are not supported. + +Fedora is not supported on ARMv6 processors. +There's been a number of attempts to support these over the years. +The current best effort is Pignus based on Fedora 23. +More information can be found at link:https://pignus.computer[the Pignus site]. + +NOTE: Fedora DOES support the Compute Module 3 based on the same SoC as the Raspberry Pi 3, but *as the previous generation Compute Modules are based on ARMv6 architecture, they are [#.underline]#not supported#*. + +== What USB devices are supported on the Raspberry Pi? + +Most USB-2 compatible devices that are supported in Fedora on other devices. +There are some limitations to the USB bus of the Raspberry Pi hardware as link:https://www.raspberrypi.org/documentation/hardware/raspberrypi/usb/README.md[documented here]. + +== Is the onboard Wi-Fi supported on the Raspberry Pi 3? + +Wifi on the Raspberry Pi 3-series devices works out of the box with Fedora 29. + +*Using Wi-Fi on CLI* + +To use Wi-Fi on minimal and server images you can configure the device using command line: + +* To list available networks: ++ +---- +$ nmcli device wifi list +---- + +* To connect to a network: ++ +[subs="quotes"] +---- +nmcli device wifi connect __$SSID__ --ask +---- ++ +Where: `_$SSID_` is the network identifier (or name). + +== Is the onboard Bluetooth supported on the Raspberry Pi 3? + +Bluetooth works and is stable. The device sometimes has a generic bluetooth address but should work without any configuration. + +== Does sound work? + +HDMI audio output is included with Fedora, however, the analog port is not yet supported. +Audio output using a USB audio interface should work. + +== Does the add-on camera work? + +Not at this time. +There is still ongoing work to support this upstream and to add the appropriated media acceleration support. + +== Does accelerated media decode work? + +No. +The upstream kernel does not support the kernel subsystems required for accelerated media decoding. + +== Does HDMI-CEC work? + +Yes. +Yes. It's supported using the new upstream CEC support. There's a `/dev/cec0` character device, it can be accessed using any application that supports the IR remote using the `rc-cec` keymap in the `v4l-utils` package, there's also a `cec-ctl` utility for use on the command line. + +== Is the Raspberry Pi Touch Display supported? + +Work on the official Raspberry Pi Touch Display is ongoing upstream and initial support is provided in the 4.10 kernel, see: link:https://github.com/anholt/linux/issues/8[GitHub: raspberrypi/linux issues - 7" LCD touchscreen not supported]. +Fedora will review any missing pieces for support soon. +The touchscreen driver isn't yet released upstream. +Support for other displays is not currently planned. + +== Is the composite TV out supported? + +The composite TV out is not currently supported in a stable Fedora release but the core support is in the 4.10 kernel. +There is some missing enabling patches which will be added to the Fedora kernel soon. + +== Are the expansion HATs supported? + +The the expansion HATs are not currently supported. + +The long answer is a lot more complex. Most of the hardware interfaces that are exposed by the 40 pin HAT connector are supported with drivers shipped with Fedora. + +Drivers for the hardware contained on a lot of the common HATs are also enabled and supported in Fedora. The core means of supporting the HAT add-on boards require the use of device tree overlays. The kernel and the u-boot 2016.09 boot-loader supports the loading over overlays manually. Currently there is no upstream consensus on the means of autoloading these overlays by means of an "overlay manager" (also known as Cape Manager and by numerous other names) by reading the EEPROM ID and loading the appropriate overlay automatically. + +There's also no consensus on the extensions to the dtc (Device Tree Compiler) to build the binary blob overlays, and no consensus of the exact format of the overlay file. There is now a group of people working to resolve this issue which enable Fedora to better support HATs (Raspberry Pi), Capes (BeagleBone), DIPs (C.H.I.P) and Mezzanine (96boards) before long. + +The first focus HAT to support will be the official Raspberry Pi Sense HAT. This will be documented using the manual process to build and load the overlay to provide access to the onboard devices as a means of demonstrating how this process works for those wishing to use this manual method in the interim. The link to this documentation will be added here once that is complete. + +== The use of config.txt + +The `config.txt` is only used for basic configuration at the moment. Because of the use of the opensource vc4 GPU driver, most of the video configuration is done by Linux. + +The configuration of HATs using `config.txt` is unsupported but is being actively developed. + +== Are Device Tree Overlays supported? + +There's basic support for overlays in u-boot and the Linux kernel but an overlay manager is not supported upstream. + +== Is GPIO supported? + +GPIO is supported with the use of libgpiod and associated bindings and utilities. + +RPI.GPIO is not currently supported. + +== Is SPI supported? + +Yes, basic SPI is supported. + +== Is I2C supported? + +Yes, basic I2C is supported. + +== Is there Raspberry Pi 3 aarch64 support? + +Yes! You can download the aarch64 disk images for the Raspberry Pi 3 link:https://archive.fedoraproject.org/pub/fedora-secondary/releases/[here.] + +== How do I use a serial console? + +The serial console is disabled by default on the Raspberry Pi 2 and 3 because it requires the device to run at significantly slower speeds. + +To wire up the USB to TTL adapter follow link:https://learn.adafruit.com/adafruits-raspberry-pi-lesson-5-using-a-console-cable/connect-the-lead[this guide from Adafruit]. +You'll need a 3.3 volt USB to TTL Serial Cable like link:https://www.adafruit.com/product/954[this one from Adafruit]. + +To enable the serial console follow the specific steps for the Raspberry Pi 2 or 3 as they both differ slightly: + +*Raspberry Pi 2:* + +. Insert the microSD card into a PC +. On the VFAT partition edit the `config.txt` file and uncomment the `enable_uart` line: ++ +---- +$ enable_uart=1 +---- ++ +. On the boot partition edit the `extlinux/extlinux.conf` file adding `console=tty0 console=ttyAMA0,115200` to the end of the append line so it looks similar to: ++ +---- +$ append ro root=UUID="LARGE UUID STRING OF TEXT" console=tty0 console=ttyAMA0,115200 +---- ++ +. Safely unmount the microSD card +. Insert microSD into Raspberry Pi, connect serial console, power on + +*Raspberry Pi 3:* + +. Insert the microSD card into a PC +. On the VFAT partition edit the `config.txt` file and uncomment the `enable_uart` line: ++ +---- +$ enable_uart=1 +---- ++ +. On the boot partition edit the `extlinux/extlinux.conf` file adding: `console=tty0 console=ttyS0,115200` to the end of the append line so it looks similar to: ++ +---- +$ append ro root=UUID="LARGE UUID STRING OF TEXT" console=tty0 console=ttyS0,115200 +---- ++ +. Safely unmount the microSD card +. Insert microSD into Raspberry Pi, connect serial console, power on diff --git a/modules/ROOT/partialsdelete/2delete-ref_help-mkpart.adoc b/modules/ROOT/partialsdelete/2delete-ref_help-mkpart.adoc new file mode 100644 index 0000000..64d9631 --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_help-mkpart.adoc @@ -0,0 +1,37 @@ +// Module included in the following assemblies: +// +// + +// Base the file name and the ID on the module title. For example: +// * file name: help-mkpart.adoc +// * ID: [id='help-mkpart'] + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='help-mkpart_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Help command for creating a new partition + +To get help on how to make a new partition, type: `help mkpart`. + +---- +(parted) help mkpart + mkpart PART-TYPE [FS-TYPE] START END make a partition + + PART-TYPE is one of: primary, logical, extended + FS-TYPE is one of: udf, btrfs, nilfs2, ext4, ext3, ext2, fat32, fat16, hfsx, hfs+, hfs, jfs, swsusp, + linux-swap(v1), linux-swap(v0), ntfs, reiserfs, hp-ufs, sun-ufs, xfs, apfs2, apfs1, asfs, amufs5, + amufs4, amufs3, amufs2, amufs1, amufs0, amufs, affs7, affs6, affs5, affs4, affs3, affs2, affs1, + affs0, linux-swap, linux-swap(new), linux-swap(old) + START and END are disk locations, such as 4GB or 10%. Negative values count from the end of the + disk. For example, -1s specifies exactly the last sector. + + 'mkpart' makes a partition without creating a new file system on the partition. FS-TYPE may be + specified to set an appropriate partition ID. +---- + +[NOTE] +==== +* Setting filesystem type (`FS-TYPE`) will not create an ext4 filesystem on /dev/vdc1. You still have to create the ext4 filesystem with `mkfs.ext4`. +* A DOS partition table's partition types are primary, logical, and extended. +* Providing a partition name under GPT is a must. In a GPT partition table, the partition type is used as the partition name. +==== diff --git a/modules/ROOT/partialsdelete/2delete-ref_jdk-tools.adoc b/modules/ROOT/partialsdelete/2delete-ref_jdk-tools.adoc new file mode 100644 index 0000000..4143e0d --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_jdk-tools.adoc @@ -0,0 +1,58 @@ +[i='jdk-reference'] += JDK reference + +See the following list of Java-related acronyms for reference: + +JRE:: Java Runtime Environment; required to run Java code and applications +JVM:: Java Virtual Machine; main component of the JRE +JDK:: Java Development Kit; required only for development, coding +SDK:: Software Development Kit; see JDK +JavaWS:: link:https://en.wikipedia.org/wiki/Java_Web_Start[Java Web Start] is a framework to start application from the Internet +JavaFX:: link:https://en.wikipedia.org/wiki/JavaFX[JavaFX] is a platform to create and deliver desktop and Rich Internet Apps +OpenJFX:: is the JavaFX Open Source implementation +OpenJDK:: Open Source project behind the Java Platform link:https://openjdk.java.net/[openjdk.java.net]. +IcedTea:: is a support project for OpenJDK (concern only developers) link:http://icedtea.classpath.org/[icedtea.classpath.org] +IcedTea-Web:: is the Java Web Start package (contains only JavaWS, no applets anymore); install to run *JNPL* files +applets:: are obsolete technology; Not implemented in any recent package +JSE, J2SE, JEE, ...:: obsolete acronyms for Java Standard & Enterprise Edition; JavaSE is like JRE + + +[discrete] +[id='jdk-components'] +== JDK components + +The JDK has as its primary components a collection of programming tools, including: + +`appletviewer`:: this tool can be used to run and debug Java applets without a web browser +`apt`:: the annotation-processing tool +`extcheck`:: a utility which can detect JAR-file conflicts +`idlj`:: the IDL-to-Java compiler. This utility generates Java bindings from a given Java IDL file. +`jabswitch`:: the Java Access Bridge. Exposes assistive technologies on Microsoft Windows systems. +`java`:: the loader for Java applications. This tool is an interpreter and can interpret the class files generated by the javac compiler. Now a single launcher is used for both development and deployment. The old deployment launcher, jre, no longer comes with Sun JDK, and instead it has been replaced by this new java loader. +`javac`:: the Java compiler, which converts source code into Java bytecode +`javadoc`:: the documentation generator, which automatically generates documentation from source code comments +`jar`:: the archiver, which packages related class libraries into a single JAR file. This tool also helps manage JAR files. +`javafxpackager`:: tool to package and sign JavaFX applications +`jarsigner`:: the jar signing and verification tool +`javah`:: the C header and stub generator, used to write native methods +`javap`:: the class file disassembler +`javaws`:: the Java Web Start launcher for JNLP applications +`JConsole`:: Java Monitoring and Management Console +`jdb`:: the debugger +`jhat`:: Java Heap Analysis Tool (experimental) +`jinfo`:: This utility gets configuration information from a running Java process or crash dump. (experimental) +`jmap`:: This utility outputs the memory map for Java and can print shared object memory maps or heap memory details of a given process or core dump. (experimental) +`jmc`:: Java Mission Control +`jps`:: Java Virtual Machine Process Status Tool lists the instrumented HotSpot Java Virtual Machines (JVMs) on the target system. (experimental) +`jrunscript`:: Java command-line script shell. +`jstack`:: utility which prints Java stack traces of Java threads (experimental) +`jstat`:: Java Virtual Machine statistics monitoring tool (experimental) +`jstatd`:: jstat daemon (experimental) +`keytool`:: tool for manipulating the keystore +`pack200`:: JAR compression tool +`policytool`:: the policy creation and management tool, which can determine policy for a Java runtime, specifying which permissions are available for code from various sources +`VisualVM`:: visual tool integrating several command-line JDK tools and lightweight clarification needed] performance and memory profiling capabilities +`wsimport`:: generates portable JAX-WS artifacts for invoking a web service. +`xjc`:: Part of the Java API for XML Binding (JAXB) API. It accepts an XML schema and generates Java classes. + +The JDK also comes with a complete Java Runtime Environment, usually called a private runtime, due to the fact that it is separated from the "regular" JRE and has extra contents. It consists of a Java Virtual Machine and all of the class libraries present in the production environment, as well as additional libraries only useful to developers, such as the internationalization libraries and the IDL libraries. diff --git a/modules/ROOT/partialsdelete/2delete-ref_managing-virtual-machines.adoc b/modules/ROOT/partialsdelete/2delete-ref_managing-virtual-machines.adoc new file mode 100644 index 0000000..ddd2e8b --- /dev/null +++ b/modules/ROOT/partialsdelete/2delete-ref_managing-virtual-machines.adoc @@ -0,0 +1,103 @@ +[id='ref_managing-virtual-machines'] += Managing virtual machines + +When the installation of the guest operating system is complete, it can be managed using the `virt-manager` program or via command line using `virsh`. + + +[[managing-guests-with-virt-manager]] +== Managing guests with virt-manager + +. Start the Virtual Machine Manager by navigating to menu:[Applications]System Tools, or run: ++ +---- +# virt-manager +---- ++ +If you are not root, you will be prompted to enter the root password. +. Choose the host you wish to manage and click *Connect* in the *Open Connection* dialog window. +. The list of virtual machines is displayed in the main window. Guests that are running will display a ">" icon. Guests that are not running will be greyed out. +. To manage a particular guest, double click on it, or right click and select *Open*. +. A new window for the guest will open that will allow you to use its console, see information about its virtual hardware and start, stop, and pause it. + +For further information about `virt-manager`, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-creating_guests_with_virt_manager[RedHat virt-manager guide]. + +Bugs in the `virt-manager` tool should be reported in https://bugzilla.redhat.com[Bugzilla] against the `virt-manager` +component. + + +[[managing-guests-with-virsh]] +== Managing guests with virsh + +The `virsh` command-line utility allows you to manage virtual machines on the command line. The `virsh` utility is built around the libvirt management API: + +* `virsh` has a stable set of commands whose syntax and semantics are preserved across updates to the underlying virtualization platform. +* `virsh` can be used as an unprivileged user for read-only operations (e.g. listing domains, listing domain statistics). +* `virsh` can manage domains running under Xen, QEMU/KVM, ESX, or other back-ends with no perceptible difference to the user. + +To start a virtual machine: + +---- +# virsh create +---- + +To list the virtual machines currently running: + +---- +# virsh list +---- + +To list all virtual machines, running or not: + +---- +# virsh list --all +---- + +To gracefully power off a guest: + +---- +# virsh shutdown +---- + +To non gracefully power off a guest: + +---- +# virsh destroy +---- + +To save a snapshot of the machine to a file: + +---- +# virsh save +---- + +To restore a previously saved snapshot: + +---- +# virsh restore +---- + +To export the configuration file of a virtual machine: + +---- +# virsh dumpxml + 7 | update -y | 2017-10-12 15:59 | Update | 7 + 6 | install keepass | 2017-10-11 13:40 | Install | 13 < + 5 | install thunderbird | 2017-10-10 16:33 | Install | 1 > + 4 | install sssd krb5-workst | 2017-10-10 15:30 | Install | 3 > + 3 | install xchat | 2017-10-10 15:19 | Install | 4 + 2 | update | 2017-10-10 13:44 | I, O, U | 752 EE + 1 | | 2017-10-10 13:34 | Install | 1373 EE +---- + +*dnf list installed*:: Lists all packages installed on the system. ++ +[literal,subs="+quotes,attributes"] +---- +# *dnf list installed* +Last metadata expiration check: 1:17:33 ago on Thu Dec 14 09:20:48 2017. +Installed Packages +GConf2.x86_64 3.2.6-16.fc24 @anaconda +GeoIP.x86_64 1.6.11-1.fc25 @updates +GeoIP-GeoLite-data.noarch 2017.10-1.fc25 @updates +ImageMagick.x86_64 6.9.9.19-1.fc25 @updates +ImageMagick-libs.x86_64 6.9.9.19-1.fc25 @updates +LibRaw.x86_64 0.17.2-2.fc25 @updates +ModemManager.x86_64 1.6.4-1.fc25 @updates +ModemManager-glib.x86_64 1.6.4-1.fc25 @updates +NetworkManager.x86_64 1:1.4.6-1.fc25 @updates +[... output truncated ...] +---- diff --git a/modules/ROOT/partialsdelete/proc_booting-fedora-on-a-raspberry-pi-for-the-first-time.adoc b/modules/ROOT/partialsdelete/proc_booting-fedora-on-a-raspberry-pi-for-the-first-time.adoc new file mode 100644 index 0000000..4e494a9 --- /dev/null +++ b/modules/ROOT/partialsdelete/proc_booting-fedora-on-a-raspberry-pi-for-the-first-time.adoc @@ -0,0 +1,62 @@ +// Module included in the following assemblies: +// +// + +// Base the file name and the ID on the module title. For example: +// * file name: doing-procedure-a.adoc +// * ID: [id='doing-procedure-a'] +// * Title: = Doing procedure A + +// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken. +[id='booting-fedora-on-a-raspberry-pi-for-the-first-time_{context}'] +// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide. += Booting Fedora on a Raspberry Pi for the first time + +include::{partialsdir}/attributes.adoc[] +// Start the title of a procedure module with a verb, such as Creating or Create. See also _Wording of headings_ in _The IBM Style Guide_. + +Follow these steps to boot Fedora ARM on your Raspberry Pi. If your MicroSD card does not have enough room, you need to resize the main partition after the initial setup. See <>. + +._Prerequisites_ + +* Raspberry Pi Model B, version 2 or 3. +* A power supply (link:https://www.raspberrypi.org/help/faqs/#power[details here]). +** Minimum 2 Amps for Raspberry Pi Model B, version 2. +** Minimum 2.5 Amps for the Raspberry Pi Model B, version 3. +* HDMI-compatible Monitor or TV. +* A USB keyboard and USB mouse. + + +._Procedure_ + +. Insert the SD card into the Raspberry Pi. +. Connect a keyboard, mouse, network cable, and monitor. +. Plug the Raspberry Pi into the power source. The "Initial setup wizard" should appear after Fedora loads. +. Follow the wizard to set your language, timezone and to create users. + +The system displays a login prompt or getting started guide (depending on your Desktop/SPIN). + +[id='resizing-the-main-partition-of-the-microsd-card-after-setup_{context}'] +._Resizing the main partition of the microSD card after setup (if required)_ + +Follow these steps to resize the partitions for Fedora ARM on Raspberry Pi: + +. Enlarge the 4th partition (this example uses mmcblk0). ++ +---- +$ growpart /dev/mmcblk0p4 +---- ++ +. Resize root partition for the server image (which uses xfs). ++ +---- +$ xfs_growfs -d / +---- + +._Additional Resources_ + +* For information on configuring Fedora, including installing programs and updates, see: xref:f{MAJOROSVER}@fedora:system-administrators-guide:index.adoc[Fedora Docs: System Administrator’s Guide] +* For assistance or support, see: +** link:https://ask.fedoraproject.org/[Ask Fedora] +** link:https://lists.fedoraproject.org/admin/lists/arm%40lists.fedoraproject.org/[Fedora ARM mailing list] +** irc://irc.freenode.net/#fedora-arm[IRC via the #fedora-arm channel on Freenode]