[Oracle Linux 10] Enabling cockpit on Oracle linux 10

In the first tow parts (available here), we saw how to create a VM in ESXi and how to perform the basic installation of the operating system and we have installed and enabled the virtualization modules in an Oracle Linux environment.

I'm wondering, is it possible to create VMs graphically on Oracle Linux 10?
Absolutely! While the command line (via tools like virsh) is extremely powerful, we're not obligated to use it to create and manage our virtual machines on Oracle Linux 10.

Depending on the complexity of your environment, you have three excellent graphics (GUI) options available:

1. Cockpit Web Console (The modern, recommended choice and focus of this post)
   Cockpit is the current de facto standard for Linux server management. It's a lightweight, web-based interface integrated directly into the operating system.
   
   How it works: By installing the cockpit-machines add-on module, Cockpit interfaces directly with libvirt and KVM. Simply open a browser from computer, point to server's IP address (typically port 9090), and log in.
   
   What we can do: Create VMs, assign CPU and RAM, manage virtual disks, configure virtual networks, and access the VM's video console directly from browser.
   
   The big advantage: It doesn't require installing a desktop environment (like GNOME or KDE) on the server, saving precious resources (RAM and CPU) that can dedicate to our VMs.
   
   
2. Virtual Machine Manager (virt-manager) (The Classic)
   If we're a longtime Linux user, we're probably already familiar with virt-manager. It's a traditional desktop application.
   How it works: It's a fully-fledged graphical interface that requires a graphical server (X11 or Wayland).
   
   When to use it: It's perfect if we have a desktop environment installed on our Oracle Linux server (for example, if we use it as a workstation). Alternatively, we can install virt-manager on our personal computer (if we use Linux) and connect to the Oracle Linux server remotely via SSH.
   
   The big advantage: It offers an incredibly granular level of detail. We can tweak virtually every single parameter of the simulated virtual hardware.
   
   
3. Oracle Linux Virtualization Manager - OLVM (For business scenarios and topics of future posts)
   If our goal is to create a virtualization cluster with multiple physical servers, the two previous tools will be limited (will be covered in a future post).
   
   How it works: OLVM (based on the open source oVirt project) is Oracle's alternative to solutions like VMware vCenter. It is a centralized management platform with a rich web interface.
   
   When to use it: When you need to manage dozens or hundreds of VMs, hot-migrate them from one server to another, manage complex storage pools (NFS, iSCSI, Fibre Channel), and configure High Availability (HA), and so on.

Once logged in via ssh to the oracle instance, as anticipated by the title, we will see here the steps to enable Cockpit on Oracle Linux 10:

1. Install Cockpit:
Run the following command to install the Cockpit package:

sudo dnf install cockpit

NOTE: If Cockpit is already installed but the Virtual Machine creation module is missing on the UI, proceed to install the following too:

sudo dnf install cockpit-machines

2. Enable and Start Socket:
Enable the systemd socket service to start immediately and on boot:

sudo systemctl enable --now cockpit.socket

3. Configure Firewall (if active):
If firewalld is running, permit access to the port:

sudo firewall-cmd --permanent --add-service=cockpit
sudo firewall-cmd --reload

4. Access the Console:
Open a web browser and enter the address, replacing with your server's IP (192.168.1.231 is mine here):

https://<ip_address>:9090

5. Log In:
Use your system user credentials to log in. We can use "ol10user" user created during installation.
We can click "Turn on administrative access" within the dashboard to perform administrative tasks.

That's it.

[Oracle Linux 10] OS basic installation and virtualization modules enablement - Part 2

In the first part (available here), we saw how to create a VM in ESXi and how to perform the basic installation of the operating system.
In this part, we'll see how to enable virtualization modules in an Oracle Linux environment.

First, we log in to the Oracle Linux server via SSH as shown below and check which x86-64 microarchitecture feature levels your CPU supports, according to the GNU C Library (glibc) dynamic linker, by running the following command:

ol10user@olvm1:~$ sudo /lib64/ld-linux-x86-64.so.2 --help | grep x86-64-v

What to Expect in the Output
When you run this command on a modern Linux system, you will see output that looks something like this:

x86-64-v4 (searched)
x86-64-v3 (supported, searched)
x86-64-v2 (supported, searched)

The output shows the different microarchitecture levels glibc knows about.
● (supported, searched): Your CPU supports the instruction sets required for this level. The dynamic linker will look for and use libraries optimized for this level if they exist.
● (searched): Your CPU does not support this level. The linker knows about it, but will safely ignore any libraries optimized for it.

What version level means?

Level	Era / Architecture	Key Instructions Required
x86-64-v1	Baseline (2003)	CMOV, CX8, FPU, FXSR, MMX, OSFXSR, SCE, SSE, SSE2
x86-64-v2	Nehalem / Silvermont (2008)	CMPXCHG16B, LAHF-SAHF, POPCNT, SSE3, SSE4.1, SSE4.2, SSSE3
x86-64-v3	Haswell / Excavator (2013)	AVX, AVX2, BMI1, BMI2, F16C, FMA, LZCNT, MOVBE, OSXSAVE
x86-64-v4	Skylake-X / Zen 4 (2017+)	AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512VL

1. Update packages

Post-installation, before proceeding with any software/package installation, we perform a check to verify if there are packages to update with the following command:

ol10user@olvm1:~$ sudo dnf update -y

2. Install open-vm-tools (optional)

Once the package update is complete, we proceed with installing the VM tools.
If we have installed Oracle Linux in bare metal mode (on physical hardware), next three steps (until reboot of the OS) can be absolutely skipped.

a. Install open-vm-tools

ol10user@olvm1:~$ sudo dnf install open-vm-tools

b. Install open-vm-tools-desktop (only for versions with a graphical interface)

ol10user@olvm1:~$ sudo dnf install open-vm-tools-desktop

c. Restart the virtual machine

ol10user@olvm1:~$ sudo reboot

3. Installing virtualization modules

Let's proceed with installing the packages, however instead of using the `dnf module install virt` command, use the following commands to install the virtualization packages.

a. Install the Virtualization Host Group:

ol10user@olvm1:~$ sudo dnf groupinstall "Virtualization Host"

b. Install Necessary Virtualization Tools:

ol10user@olvm1:~$ sudo dnf install qemu-kvm libvirt virt-install virt-viewer

4. Enable and Start Services

After installation, you need to enable and start the virtualization services.
Start the libvirtd service with full virtualization:

ol10user@olvm1:~$ for drv in qemu network nodedev nwfilter secret storage interface; do
    sudo systemctl enable virt${drv}d.service
    sudo systemctl enable virt${drv}d{,-ro,-admin}.socket
    sudo systemctl start virt${drv}d{,-ro,-admin}.socket
done

5. Validate Setup and Troubleshooting QEMU

Validate setup ...

ol10user@olvm1:~$ sudo virt-host-validate qemu

We're in a virtualized environment, so we're aware of this "Checking Secure Guest Support" warning. This warning shouldn't be present in the physical environment.

6. Enables, starts, and verifies the libvirtd daemon.

We run the following commands to enable, start, and verify the libvirtd daemon, which is the main service used in Linux systems for managing virtual machines (usually KVM/QEMU-based).

ol10user@olvm1:~$ sudo systemctl enable --now libvirtd.service
ol10user@olvm1:~$ sudo systemctl status libvirtd.service  

Check libvirtd service status:

ol10user@olvm1:~$ sudo systemctl list-units --type=socket virt* 

This concludes the second part; where we saw the installation and enabling of the main modules for virtualization in an Oracle Linux environment (KVM/QEMU, libvirt).

Useful links:

– Installing Oracle Linux:
https://docs.oracle.com/en/operating-systems/oracle-linux/10/install/install-PreparingToInstall.html

– Create VMs with KVM on Oracle Linux:
https://docs.oracle.com/en/learn/ol-kvm/index.html#introduction

– KVM Nested Virtualization in Oracle Cloud Infrastructure: A Hands-on Guide with Virtual Machines and Oracle Linux 9.5:
https://blogs.oracle.com/linux/kvm-nested-virtualization-in-oci

That's it.

[Oracle Linux 10] OS basic installation and virtualization modules enablement - Part 1

Oracle Linux Virtualization

Setting up a virtualization host from scratch is always a great learning experience. Recently decided to test Oracle Linux 10 and its native KVM modules by running the entire setup inside my existing ESXi environment. It's a solid approach to see how it handles before considering a physical deployment. Let's walk through the process of getting Oracle Linux 10 installed and ready for virtualization in a nested scenario.

Before we dive into the setup, let's quickly cover what actually powers virtualization on Oracle Linux 10. Under the hood, it relies on a rock-solid, open-source stack. At its core is KVM (Kernel-based Virtual Machine), which essentially turns the Linux kernel itself into a hypervisor. This is paired with QEMU for hardware emulation, and everything is managed by libvirt, the API and toolkit that lets you interact with your VMs using familiar tools like virsh or Virt-Manager.

Before proceeding with the step-by-step guide, let's see how we created the virtual machine structure.

Let's give a name to the VM for instance "olvm1" (1) and set the following parameters as below (2) and click NEXT (3).

Compatibility	ESXi 9.0 virtual machine
Guest OS family	Linux
Guest OS version	Oracle Linux 10 (64-bit)

We set the CPUs (in my case as in the figure below #2 Socket with #4 cores) (4), and enable the two options "Expose IOMMU to the Guest OS" (5) and the hardware virtualization option "Expose hardware assisted virtualization to the guest OS" (5) (as shown in the image below). This step is very important to enable virtualization features in the guest vm...

... so we configure 32 GB of RAM (6) and 16 GB of disk in Thin Provisioning mode (7)(to save space in the LAB)...

... we just add #4 NICs for future scopes.
The important thing here regarding network settings (which I haven't been able to resolve yet) is the type of adapter to use. I tried VMXNET3 and the vmtools installed in Oracle Linux 10, but I can't get above 10Mb/s. So I decided to set it to E1000e so we can reach 1Gb/s. This will be the subject of future investigations.

Selected the Networks, according to our needs; selected the ISO to install; after a careful review we can conlude the creation of the VM structure pressing the FINISH (8) button.

Let's start here with a quick guide on how to install Oracle Linux 10 and enable the core virtualization modules, powering ON the VM.

We select "Install Oracle Linux 10.1.0" and we hit Enter (9).

We select the installation language (English US is ok) and click on Continue (10).

At the installation summary we start hitting at the localization the Keyboard (11) button...

... press the "+" (12) button and select our keyboard type (Italian in my case) (13) and then Add (14)...

Let's remove the one we don't need, "English US", and click Done (15).

In the installation summary, click "TIME & DATE" (16) to set the correct Time zone.

Once set properly, in our case, Region is Europe and City is Rome (17), click Done (18) to return to the previous menu.

From the main manu, let's select now "Installation Destination" (19).

We select the hard disk (in our case it is the only selectable 16GB one) (20)...

... in some cases, we may need to reclaim disk space, selecting the actual disk (21) and deleting all (22) partitions. Then click Done (23).

We change now the USER SETTINGS by first setting a new root password by clicking on "Root Account" (24) and then creating a new user by clicking on "User Creation" (25) ...

We "Enable root account" (26), we enter a new root password (26) and enable "Allow root SSH login with password" (26). Click Done (27).

Let's create a new user (in our case ol10user) and provide new password.
In our LAB case, we also enable the flag "Add administrative privileges to this user account (wheel group membership)" and "Require a password to use this account", then click Done (28).

It's time to configure our network settings, clicking on "Network & Host Name" (29).

In our case we only need to configure the ethernet ens34 (and leave the others unconfigured for now) to allow the server to be reachable.
We select Ethernet(ens34) (30) > Configure ... (31) ...

... IPv4 Settings (32) > Method Manual (33) > Add (34) a new Address.
In our case the address is 192.168.1.231/24 the gateway 192.168.1.1 (35) as well as for the DNS server 192.168.1.1.(36)
Once everything is set as desired, click Save (37).

We set the new Host Name by typing olvm1 (38)(in our case) Apply (39) and Done (40).

We are now ready to "Begin Installation" (41).

When intallation is Complete, we Reboot System (42).

We log in with the user ol10user ...

This concludes the first part.

That's it.

[VCF 9.0] Configure Single Sign-On in embedded mode

VCF Single Sign-On

In a previous post we went through the steps on how to configure an LDAP directory to be used as a Identity Source in VCF 9.0.

Today we’re going to be going through the steps of configuring SSO, using the previous configuration as identity source.

When you configure VCF Single Sign-On you can either implement it in embedded mode within the management domain vCenter or deploy it in appliance mode.

Use the embedded deployment mode if you want to use VCF Identity Broker that is embedded in the management domain vCenter and do not want to deploy a VCF Identity Broker appliance for VCF Single Sign-On configuration. You use the embedded deployment mode typically within a single VCF Instance. In the embedded deployment mode, the VCF Identity Broker is configured in the management domain vCenter of the VCF Instance. Embedded Deployment Mode The following diagram shows the embedded deployment mode where the VCF Identity Broker is configured in the management domain vCenter.
Further informations on which Identity Broker to configure are available on the official Broadcom website at this link.

Let's see how to set up the Identity Broker (embedded), below...

First, log into VCF Operations and browse to Fleet Management (1) > Identity & Access (2)...

...so if it's your first time, scroll down and accept all the Prerequisites checks (3) and CONTINUE(4)

Select a VCF instance, in my case "instance-a" (6)

We begin with step 1 by choosing the deployment mode by pressing START (7).

Check Identity broker (embedded) (8) and then NEXT (9)...

... EDIT (10) ...

... in my case as directory-base identity provider we choose Open LDAP (11) and hit NEXT (12).

In step 2, we CONFIGURE (13) now the identity provider.

At this stage, we need to configure Identity Broker to integrate with the identity provider selected for user authentication. As our identity provider, in our case, we'll use the one configured in the previous post.

We fill it in as follows (14):

Directory name: vcf-lab
Primary domain controller: ldap://192.168.1.246       389
Directory search attribute: Custom Attribute
Custom directory search attribute for Users: cn
Custom directory search attribute for Groups: cn
Base DN: dc=vcf,dc=lab
Bind user name: cn=admin,dc=vcf,dc=lab
Bind user password: VMware123!VMware123!

NEXT (15)

Leave LDAP Configuration (16) as default (shown in the picture) and press NEXT (17)...

... review and FINISH (18).

Step 3, to CONFIGURE (19) user and group provisioning

Review Directory Information, hit NEXT (20).

Leave the "Attribute Mappings" as default (shown in the picture) and press NEXT (21).

We should now search for group names and select the LDAP Directory group Distinguished Names (DNs) that we want to sync.

Specify the base group DN: ou=Groups,dc=vcf,dc=lab (22)

We click on "SELECT BASE GROUP DN" (23) button and we select the groups we would like so sync (in our case "Administrators" "Users" (24)) then NEXT (25).

Based on how our LDAP directory, we need to search the users we want to use...
We fill in the "Specify the base user DN" field with the following values: ou=Users,de=vcf,dc=lab (26) and we hit "SELECT BASE USER DN" (27) button.
We search for the user name we want to sync (28) (for instance "lorenzo", "admin.vcf" ecc. ) and then we select it (29).
When we are satisfied with the selected users we proceed by pressing NEXT (or SAVE) (30).

We review the identity provider configuration and, if it is correct, we confirm by pressing FINISH (31)...

... DONE (32) ...

... we finalize by pressing FINISH SETUP (33)...

... and confirming the end of the configuration with CONTINUE (34).

If the Identity Source has been configured correctly, you should see what's shown in the image below...

and in the Component Configuration section...

Everything seems to be properly configured, let's do a double check by connecting directly to vCenter.

We log in as administrator@vsphere.local and we click on the hamburger menu > Administration > Single Sign On> Configuration. We should see (as shown in the picture below) that VCF SSO is configured through the VCF Identity Broker.....

Under Administration > Single Sign On > Users and Groups ... we should see in Domain list the new Identity Source "vcf.lab".

For testing, we add the following users of the new "vcf.lab" domain with their respective roles:
User/Group: admin.vcf           Role: Administrator
User/Group: lorenzo               Role: Read-only

Let's test vCenter access using VCF SSO (38) login method; LOG IN (39).

we type the username "admin.vcf@vcf.lab" the password (in our case "VMware123!VMware123!") and hit LOG IN (41) button.

Bhoomm!! It works!!

That's it.