===========================================================================

= CLASSROOM SETUP =
= for foundation-based RED HAT ENTERPRISE LINUX 9 =
= Version: 9.x-7 22-Jun-2022 (ChangeLog at end of document.) =
= North American INSTRUCTOR HOTLINE +1 (855) 236-0912 =
= (Check with NIIT for hotline numbers for other regions) =
===========================================================================

These instructions outline the steps you need to take to prepare

a classroom environment for the delivery of a Red Hat class. These
steps should be followed in the order they are given. Do not skip
any steps unless they are marked as "Optional".

Finally, pay close attention to the sections marked as "WARNING".

Ignoring these warnings could result in the loss of your personal
data, possibly force you to start the installation process over,
or, in the worst case, leave you in a situation where you are unable
to install your classroom server.

BEFORE YOU BEGIN

----------------

Complete the steps in ClassPrep.txt before you get to class on Monday.

Note that ClassroomTroubleshooting.txt and ClassroomReset.txt may
provide useful supplemental information to this document.

THE SHORT VERSION

-----------------

If your USB is already prepared and nothing goes wrong, the following
steps configure foundation0.ilt.example.com. If you have issues, read the
text that follows for a longer step-by-step guide.

Install RHEL on instructor system:

1) Place the rhci-foundation CD *and* RHTINST USB device into the
instructor machine and boot (or boot from bootable USB device).
Type "f0 <coursecode>" at the rhci-foundation boot prompt:
boot: f0 rh124
2) Answer dialog on Timezone, then click Begin Installation.
3) Once the system has finished installing, reboot and remove the USB/CD.
(WARNING - Do not remove the USB until install/shutdown is complete!)
Verify RHEL is installed and configured:
4) Log in as kiosk (password: redhat) on foundation0.
5) Correct/verify local time on foundation0.
6) Test that foundation0 services are configured and running:
f0$ rht-verify-f0
(NOTE: See longer version if no course is present)
Install student systems:
7) Kickstart student workstations choosing appropriate "fX" menu item.
8) Once all fX systems have rebooted, push the course variable and images:
f0$ rht-pushcourse all
9) Verify that student VMs were delivered (re-run until all complete):
f0$ rht-showstate all
Launch instructor virtual machine(s):
10) Start VMs on f0 (optionally secure and/or set keyboard):
f0$ rht-f0finish [--keyboard KEYBOARD] [--secure]
11) Verify services on classroom VM, check output from above running
 of rht-verify-classroom inside rht-f0finish
12) (optional) Connect to the outside world.
f0$ rht-external --configure IFACE
Begin class:
13) Access/display slides
Slides are desposited in /content/slides/ on f0 or classroom VM
14) Students automatically log in to their foundationX
15) (optional) Secure (or unsecure) the foundationX systems
f0$ rht-secure-fX all
16) (optional) Class Exercise: Adjust and preserve localization in VMs
fX$ rht-vmsetkeyboard all us

When looking to reboot your classroom (perhaps after having shutdown

the night before), be sure to follow this same basic flow so that needed
services are available.

17) Boot foundation0 first and check that services are running.
f0$ rht-verify-f0
18) Verify services on classroom VM, as instructor (password: Asimov):
f0$ ssh root@classroom.example.com rht-verify-classroom
19) Boot the various student foundationX machines (or let them boot them)
20) Students can then start as needed their VMs

To support operational tasks for commercial deliveries (not used in RHA

deliveries), when you are ready:

A) Distribute roster desktop icon on the first day of class

f0$ rht-pushdesktop -o <id> all roster
B) Once roster has been filled in, remove roster desktop icon
f0$ rht-pushdesktop --remove all roster
C) On the last day of class, distribute the survey desktop icon
f0$ rht-pushdesktop -o <id> all survey
D) Once surveys have been filled in, remove survey desktop icon unless
you are wiping the environment (See ClassroomReset.txt)
f0$ rht-pushdesktop --remove all survey
E) Mark the class complete to trigger course completion certificates
https://rol.redhat.com/rol/rhz/login?offering=<offeringid>

The below chart attempts to identify the relationships between the "short
version steps" above in an attempt to optimize parallelism.

Parallelization Flowchart
=========================
boot: f0 rh124
|
_________________________ f0$ rht-verify-f0
/ / \
/ / \
| f0$ rht-f0finish -------- ------- PXE
| | fX - Install foundationX
| |____________ |
| \ Once all rebooted
| \ f0$ rht-pushcourse all
| \ |
| \ f0$ rht-showstate all
\ \ /
\ \ /
----------------------- Access/display slides
|
 Start teaching students

DETAILED INSTRUCTIONS
---------------------

Install RHEL on instructor system

=================================

1. Kickstart instructor system

The Red Hat Enterprise Linux 9 classroom requires KVM virtualization.

This means that ALL of the machines (instructor and student workstations)
must have virtualization enabled in the BIOS. Ensure that the instructor
machine has virtualization enabled in the BIOS before beginning the
installation.

It has been reported that some systems require a hard power

off followed by a power on after enabling virtualization in the BIOS.
There have also been reports of disabling Trusted Platform (TP) in the
BIOS virtualization section to allow KVM to work correctly.

****************************** WARNING ******************************

* When you install from an external USB device, we do not *
* support installation from a device with more than one *
* partition. *
* ADDENDUM: *
* The code currently in use should avoid deleting other *
* partitions on the USB installation device. However, it may *
* place an entry in /etc/fstab that will prevent proper *
* booting if the USB device is not inserted at boot time. *
*********************************************************************

****************************** WARNING ******************************

* There is a bug in RHEL7 that causes an anaconda panic if *
* there is certain types of content on the hard drive *
* (particularly LVM volumes) - though RHEL7 reinstalls appear *
* to be fine. While we have not seen the same error on RHEL8/9 *
* the below advice is still sound. *
* *
* If you are seeing an anaconda panic on the first graphical *
* installation screen, with question marks on the Timezone, *
* *and Installation Drive*, then reboot and use the "destroy" *
* option on rhci-foundation.iso/USB. If this is foundationX *
* via PXE, try hitting Escape, and typing "destroy" at the *
* resulting boot: prompt. *
* *
* Alternatively there have been reports of leftover hidden data *
* preinstalled on some USB sticks. This data has been known to *
* block anaconda. Make sure the USB stick was completely wiped *
* before populating it according to the directions in *
* ClassPrep.txt. *
*********************************************************************

To build the instructor system from scratch, boot from the

rhci-foundation CD or the constructed USB device. In Legacy mode, you
will be presented with a screen similar to:

THIS DISC IS FOR USE BY AUTHORIZED RED HAT INSTRUCTORS ONLY.

 Version: rhci-foundation-9.0-7.r2022052302

USB installs: Make sure your USB drive is inserted

f0 - Install a new instructor server from scratch (pass the
course code as an argument, e.g. f0 rh124, or
for older version, e.g. f0 rh124-rhel63).
exam - Install a new exam server from scratch.
fX - Install a new student workstation (replace the X with
the student number, e.g. f12).

Network installs: Make sure your foundation0 is accessible

pxe - PXE boot from foundation0 to launch menu (needed when
PXE is unavailable from NIC directly).
DANGEROUS OPTIONS: Make sure your USB drive is inserted
destroy - Removes LVM info across *ALL* attached drives.
Removes partition info on all drives except RHTINST USB.

- Or press the <ENTER> key for a menu of student foundations.

Make sure the USB device is inserted as it is needed for any and all
options.

Type in "f0 rh124" as indicated on the menu (substitute your course code
for rh124). Optionally, you may omit the course code if you want to
parallelize a larger content course. If your USB device was properly
configured, it should automatically find the install source and begin
the installation. If there are multiple technology versions of the same
course on the media, it will install the "newest" by default. If you
want to install an older version, simply specify the technology version
by typing "f0 rh124-rhel63" as indicated on the menu (substitute your
course code and technology for rh124-rhel63).

In UEFI mode, you would be presented with a menu that you can choose
f0, and then course, initially seeing a screen similar to:

f0 - Fresh instructor -->

exam - Exam server installation
fX - Install a new student workstation -->
standalone - Standalone server -->
destroy - Destroy ALL ATTACHED DRIVES (except RHTINST)

Use the <UP> and <DOWN> keys to change the selection.

Press 'e' to edit the selected item, or 'c' for command prompt.

Select f0 by hitting return, then arrow to the COURSE-TECHNOLOGY and

hit return to launch the installation

If the installer asks for the install media, that means that something
has gone wrong. Confirm the USB device has been properly configured. The
install media should be found in ${USB_DEVICE}/rhel9.x/x86_64/isos/.
Recall that there is a usbvalidate option to the rht-usb-* script that
can be used to verify the contents of the USB media (see ClassPrep.txt
for details on verifying the RHCIfoundation manifest).

****************************** NOTE *********************************

* There is an unreferenced argument to "f0" that can be used to *
* confirm what manifests exist on the inserted USB device. *
* *
* boot: f0 lsicmf *
 * *
* which will list the .icmf files on the USB then prompt to *
* reboot after pressing enter. *
*********************************************************************

2. Answer anaconda dialogs (timezone, etc.)

Anaconda will prompt for time zone information so wait until you have
selected that information before you leave the installation to do other
things (like put out the student workbooks). If you would like to alter
the keyboard or language, you can also do that here before clicking on
"Begin Installation" to continue the installation.

****************************** WARNING ******************************

* Your choice for timezone (and possibly keyboard/language) will *
* automatically be used by the later installation of foundationX *
* student systems. So do not select anything that you do not want *
* students to also use. *
*********************************************************************

****************************** WARNING ******************************

* Please avoid the urge to "explore" in the dialog. When prompted *
* for timezone, just click on your area of the map to set the *
* timezone. Clicking anywhere else has seen significant *
* consequences. *
* *
* As mentioned in the above warning, we currently scrape the *
* resulting /root/anaconda-ks.cfg to generate the file *
* /content/ks/rht-locale to propagate these settings to the other *
* foundationX systems. The timezone must look simply like: *
* timezone Americas/New_York --isUtc *
* Exploring the NTP settings will add parameters to this line *
* that will cause the foundationX system installations to fail. *
* *
* If you did not read this warning in time, you can hand edit the *
* /content/ks/rht-locale on foundation0 to make it look correct *
* for the student foundationX installations. *
*********************************************************************

3. Reboot instructor system

Once your installation is complete, reboot the system.

****************************** WARNING ******************************

* Do not remove the USB until the installation AND the shutdown *
* portion of the reboot are complete. Files are copied during the *
* foundation0 kickstart %post and syncing occurs during shutdown. *
*********************************************************************

If you have grub issues, please see the GRUB ISSUES section in the
ClassroomTroubleshooting.txt.

Verify RHEL is installed and configured

=======================================

4. Login as kiosk

A non-privileged user, kiosk, has been created for your use with the
default password of "redhat". The root password on the foundation
 systems, which should not be shared with the students (they have
sufficient sudo), is "Asimov".

The system automatically logs you in as kiosk on every system EXCEPT

foundation0, presenting a graphical desktop. You must manually log in
on foundation0. Note that a later step will give you the option to
change the password of kiosk on foundation0.

5. Correct/verify local time on foundation0

The kickstart has declared that the system is physically configured

for UTC time and the selected timezone. However, if the system was
previously physically configured for local time, the displayed time
will be "off" by the time zone's offset from UTC.

If the time is inaccurate, correct the local time before proceeding,

as root:
f0# systemctl stop chronyd
f0# date MMDDhhmm (MM - month; DD - day; hh - hour; mm - minute)
f0# hwclock --utc --systohc
f0# systemctl start chronyd

****************************** NOTE *********************************

* Time may in fact work itself out. If connected to the *
* Internet, both classroom and foundation0 have chronyd *
* configured to obtain time from a public NTP pool. *
* *
* The remaining foundationX systems point to foundation0 and *
* the other VMs point to the classroom VM with chronyd/ntpd. *
*********************************************************************

6. Test that foundation0 services are configured and running

After you logged in as the non-privileged user, kiosk, open a terminal

and run the verification script:

f0$ rht-verify-f0

Check for any errors or warnings. Do note that it is possible to log

in and get to a terminal prompt before all services have finished
starting. Re-run the verify script until all services are running.
Add the --validate option if you want to additionally verify the
md5sums of the artifacts from the installed manifests:

f0$ rht-verify-f0 --validate

****************************** NOTE *********************************

* In particular, the nfs-server service seems to be the slowest *
* to start. Note that the virbr1 interface will *not* start *
* until nfs-server is up. Failures must be resolved before *
* proceeding, but warnings are there to give you pause about *
* things that may be problematic later. *
*********************************************************************

****************************** NOTE *********************************

* If you decided to omit the course code in the first step (to *
* better parallelize a larger content class), you should instead *
* run (to avoid the course-related warnings): *
* *
 * f0$ rht-verify-f0 --nocourse *
* *
* You will then "re-run" rht-verify-f0 once the course content *
* has been copied. *
*********************************************************************

If you left out the course code in step 1 (or perhaps mistyped it),
you will need to add the course content by hand. To install course
content *after* the installation/reboot of foundation0:

* Mount the USB media, reinserting the RHTINST USB device and wait for
it to automount.
* Begin copying the course files by:

f0$ sudo rht-usb courseusb rh401 (or appropriate course code)

* Set the course variable after the copy finishes):

f0$ rht-setcourse rh401

* Re-run test of the foundation0 system:

f0$ rht-verify-f0

Install Student Systems

=======================

7. Kickstart student machines

The Red Hat Enterprise Linux 9 classroom uses KVM virtualization. This
means that ALL of the machines (instructor and student workstations) must
have virtualization enabled in the BIOS. Ensure that each of the student
machines has virtualization enabled in the BIOS before beginning the
installation. It has been reported that some systems require a hard power
off followed by a power on after enabling virtualization in the BIOS.

Consult the course documentation to determine how participants'

desktops should be configured for the start of class. Some
courses have special configuration needs.

The menu system presents you with a list of possible foundationX

assignments. Unlike previous classrooms, the classroom foundation layer
uses fixed IP address assignments for these stations, so PXE and DHCP
are only used to present the initial menu.

****************************** WARNING ******************************

* If the student system has multiple NICs, be aware that PXE *
* will follow and utilize whichever NIC provides an IP address *
* and access to RHEL content. However, the foundationX kickstart *
* script will *enforce* the use of what the kernel believes is *
* the *first* NIC. *
* *
* The likely symptom you will first notice is the execution of *
* rht-pushcourse being unable to connect to one or more of the *
* foundationX systems that were just installed. A quick swap of *
* the cable from one interface to the other (thus matching the *
* rest of the functioning room) may resolve the issue. *
* *
* Alternatively, look in ClassroomTroubleshooting.txt for docs *
 * on running the utility rht-movebr0 which automates swapping *
* the NIC being used to back br0. *
*********************************************************************

*** PXE Method (Preferred, Supported) ***

All systems must be able to PXE boot in the classroom environment, so

this is now the default method. The PXE configuration boots to the local
disk by default, so the BIOS could be set to boot from the network
first. Alternatively, use whatever keystroke allows you to choose to
boot from the network.

To install the student foundation system, boot the system using PXE
(Intel's Pre-boot eXecution Environment) and choose an appropriate
"fX" that is unique for each physical system.

*** GPXE Method (Supported) ***

If you are in an environment where you are unable to access the PXE
support within the NIC (for example, BIOS boot menu locked), you may
boot the system from an rhci-foundation CD or RHTINST USB and type
"pxe" at the prompt:

boot: pxe

which will load a GPXE kernel from the CD and then load the PXE menu
as above. Choose an appropriate "fX" that is unique for each physical
system.

*** rhci-foundation CD Method (Supported) ***

Alternately, you may install a student system by booting from an

rhci-foundation CD with USB attached and typing:

boot: fX (replacing X with an appropriate unique value, i.e. f12)

Note that this method requires the USB to remain inserted for the
duration of the install (just like the installation of f0).

8. Push the course variable and images

Once all the foundationX systems have finished installing and they
have booted, we can push/update the variables on to these systems from
foundation0.

Verify the RHT_COURSE variable in /etc/rht and /content/ks/rht is correct.

f0$ cat /etc/rht

f0$ cat /content/ks/rht

On foundation0, push the variables to "all" the registered student

foundationX systems.

f0$ rht-pushcourse all

Alternatively, you can push to an individual student station. For

example, to push to foundation12:

f0$ rht-pushcourse 12
9. Verify that student VM images were retrieved

rht-pushcourse will also spawn the retrieval of VM images on each

system with "rht-vmctl get all". You can monitor the progress of
the downloads with:

f0$ rht-showstate all

Two options that may be useful with rht-showstate are --log and
--test.

To display the history/log of all activity with a given foundationX

system:

f0$ rht-showstate --log 12

To run a virtualization enabled test on a particular foundationX or

on all:

f0$ rht-showstate --test 12

f0$ rht-showstate --test all

Launch instructor virtual machine(s)

====================================

10. New utility will start VMs (optionally secure and/or set keyboard)

f0$ rht-f0finish [--keyboard KEYBOARD] [--secure] [--prompt]

This utility should ideally be run only once, so consider which of

the options you want to use. With no options, rht-f0finish simply
starts all the VMs in order.

If you want to both set the keyboard and change the passwords of your
systems, then specify both options at once:

f0$ rht-f0finish --keyboard gb --secure

--secure will prompt you for a password that will be used to change
the password on the physical foundation0 and the installed VMs. This
will change the root and kiosk passwords of foundation0. It will also
change the root and instructor passwords on classroom and "save" the
VM. Lastly, it will change the root and "default user" passwords on
the remaining infrastructure and demonstration VMs and "save" them.
It will also adjust the GRUB password on foundation0.

****************************** NOTE *********************************

* The "Asimov" password should NEVER be shared with students. *
* While it is the root password of the foundationX systems, *
* students should NEVER need it since ALL classroom activities *
* are performed on the virtual machines. In an emergency, they *
* have sufficient sudo access. *
*********************************************************************

If you try to manually secure the VMs, remember that you may be
resetting them throughout the class, undoing your password change.
The above rht-f0finish utility endeavors to "save" the VM as a
checkpoint used by the "reset" verb.
--keyboard will allow you to specify the keyboard to apply to all
the instructor VMs:

f0$ rht-f0finish --keyboard gb

The above will loop through each of the VMs, starting with classroom,
to change the keyboard settings of the virtual console, X11, and Gnome
(provided no one has logged in to Gnome yet). Then it saves the image
overlay so that subsequent reset operations return to the new keyboard.

The above uses the keyboard layout of "Great Britain". To get a list
of valid layouts, use "localectl list-x11-keymap-layouts" on a same
version physical or virtual system.

****************************** NOTE *********************************

* If one or more of the VMs are running RHEL 6.x, then you may *
* see a warning message about an "invalid" keyboard layout if *
* the layout you passed as an argument does not coincidentally *
* also work with system-config-keyboard in RHEL 6. *
* *
* If this happens, simply run the student tool specifying the *
* VMNAME of the RHEL 6 VM that needs a "different" layout: *
* *
* f0$ rht-vmsetkeyboard VMNAME uk *
*********************************************************************

This utility processes all virtual machines, by default. If the course

has a VM that cannot be processed (for example a blank VM that will be
installed as part of the course), use --prompt to selectively choose
the VMs to process/start.

f0$ rht-f0finish --prompt

In some courses, it may also be undesirable to change the keyboard of

all the VMs, perhaps only changing the keyboard of the graphical
workstation VM. In this case, either use the above --prompt or use
rht-vmsetkeyboard to change the keyboard(s) afterwards.

This utility will wait a default number of seconds each time it starts
the classroom VM. If you know you are on particularly slow hardware,
you may want to extend that delay time with the --delay option.

f0$ rht-f0finish --delay 300

Likewise, if you are on very fast hardware, you may want to shrink it.

f0$ rht-f0finish --delay 60

The symptom of guessing wrong (or too short a delay) is that the
settings (password/keyboard) were never updated on the classroom VM.
The other VMs are typically updated just fine. You should manually
update the classroom VM on your own if this happens.

The --delay SECONDS option may be combined with none, one, or more of
the other options: --secure, --keyboard KEYBOARD, and --prompt.

Lastly, to work around an unstable named service the first time the
classroom VM boots, you may want to pass the --named option.
 f0$ rht-f0finish --named

This option will restart the named service on the classroom VM just
before running rht-verify-classroom on that classroom VM.

The --named option may be combined with any number of the other
options.

11. Verify running services on classroom VM

rht-f0finish in the previous step now runs rht-verify-classroom on

the classroom VM automatically.

Alternatively, you can access the console of the classroom VM via

f0$ rht-vmview view classroom

or, you can use ssh to connect

f0$ ssh root@classroom

On the classroom VM (perhaps through the viewer launched above),

login as instructor (password: Asimov), then open a terminal and
run the verification script:

classroom$ rht-verify-classroom

Check for any errors or warnings. Do note that it is possible to log

in and get to a terminal prompt before all services have finished
starting. Re-run the verify script until all services are running.
Failures must be resolved before proceeding, but warnings are there to
give you pause about things that may be problematic later.

If you receive a failure relating to a package being changed, consider

which file it is reporting as changed and if it is something that you
did want changed. For example, adjusting the resolution of classroom
will modify the monitors.xml file that is distributed in the
classroom-config package, so the failure should be ignored.

12. (optional) Connect to the outside world.

To configure foundation to provide a gateway to the outside world using

DHCP for the uplink interface eno1, on foundation0:

f0$ rht-external --configure eno1

To configure statically for an IPv4 address of 10.42.34.15, a prefix of

24 (netmask of 255.255.255.0), and a default gateway of 10.42.34.254:

f0$ rht-external -c eno1/10.42.34.15/24/10.42.34.254

To disconnect if your students are spending more time on the Internet

rather than doing their labs:

f0$ rht-external --reverse

If you are trying to do this with a wireless interface, you may get a
warning about no existing connection profile. Use the nm-applet to
 create a wireless connection profile. Be careful as this will most
likely corrupt the /etc/resolv.conf settings on foundation0. Be sure
to immediately run rht-external to "fix" the DNS settings and enable
NAT forwarding to that now available wireless connection profile.

f0$ rht-external --configure wlp4s0

Alternatively, if the wireless configuration is just a simple SSID

and passphrase, you can pass that information to rht-external.

f0$ rht-external --configure wlp4s0 --wireless myssid/mypassphrase

If you would rather initially configure the wireless interface from

the command line (instead of using nm-applet), use nmcli as follows:

f0# nmcli dev wifi

will produce a list of Access Points and their edvertised SSID, then:

f0# nmcli dev wifi con <SSID> password <KEY> name My_Wifi

to create the profile, and finally:

f0$ rht-external --configure wlp4s0

to correct the automatic configuraiton of the upstream interface.

When configuring the external interface, rht-external will attempt to

remotely configure the classroom VM to provide external access for the
virtual layer. If that process fails, you may need to manually do it
on the classroom VM:

classroom$ rht-config-nat

On later versions of classrooms (built after 19 Dec 2014), you can

turn this on permanently:

classroom$ rht-config-nat --permanent

If you want external access for the physical foundation systems but no
external access for the virtual layer, you can instruct rht-external
to skip configuring the classroom VM by appending --noclassroom.

f0$ rht-external --configure eno1 --noclassroom

Some facilities may block DNS inquiries, so rht-external can be used

to modify the IP address that the foundation0 and classroom resolvers
use.

f0$ rht-external --dns 10.192.206.245

Begin class
===========

13. Prepare for Classroom Presentations

Get X configured on the foundation0 system and test the classroom

projection system. Run "gnome-control-center display" to configure the
resolution.
 There is a kiosk account created on foundation0 for the purpose of
giving your presentation. Do not present as root. When you need to
demonstrate something as root, remember that all your demos should
be done from one of the other VMs.

Slides are distributed in two ways, either as a standalone pdf or as a

directory containing javascript files. In both cases, the slides are
deposited in /content/slides/ accessible from both foundation0 and
classroom VM. You (and students) should access the slides via a web
browser pointed to http://content.example.com/slides/ and select the
slides pdf or directory.

14. Have Students Log In

The foundation systems have been configured to auto-login as kiosk.

Do not share the root password ("Asimov") with the students as they
have sudo access already configured, if needed.

Inform students that the user kiosk password is redhat.

15. (optional) Secure (or unsecure) the foundationX systems

rht-secure-fX will prompt you for a password that will be used to change
the root and GRUB passwords on the physical foundationX.

****************************** NOTE *********************************

* The "Asimov" password should NEVER be shared with students. *
* While it is the root password of the foundationX systems, *
* students should NEVER need it since ALL classroom activities *
* are performed on the virtual machines. In an emergency, they *
* have sufficient sudo access. *
*********************************************************************

However, if you want to unsecure the foundationX systems, instead of

sharing the default password of root and GRUB, use this utility and
enter "redhat" as the password.

On foundation0, to secure "all" the registered student foundationX

systems:

f0$ rht-secure-fX all

Alternatively, you can secure an individual student station. For

example, to secure foundation12:

f0$ rht-secure-fX 12

16. (optional) Class Exercise: Adjust and preserve localization in VMs

****************************** NOTE *********************************

* In some courses, it may be undesirable to change the keyboard *
* of all the VMs, perhaps only changing the keyboard of the *
* graphical workstation VM. In this case, specify the VMNAME *
* rather than all. *
*********************************************************************

OPTION A: Have students do it

A utility called rht-vmsetkeyboard has been placed on the student
systems (similar to rht-f0finish) to loop through the VMs and change
the keyboard (adjust the keyboard layout appropriately):

fX$ rht-vmsetkeyboard all gb

****************************** NOTE *********************************

* If one or more of the VMs are running RHEL 6.x, then you may *
* see a warning message about an "invalid" keyboard layout if *
* the layout you passed as an argument does not coincidentally *
* also work with system-config-keyboard in RHEL 6. *
* *
* Given that you already know which one it is (just like above *
* for foundation0), have the student run the utility twice *
* where VMNAME is running RHEL 6. *
* *
* fX$ rht-vmsetkeyboard all gb *
* fX$ rht-vmsetkeyboard VMNAME uk *
*********************************************************************

Some courses deliver VMs that are not bootable at the beginning of
class. The students can combine "all" with --prompt to allow them to
choose which VMs to process:

fX$ rht-vmsetkeyboard --prompt all gb

In some courses, it may also be undesirable to change the keyboard of

all the VMs, perhaps only changing the keyboard of the graphical
workstation VM. In this case, either use the above --prompt or specify
the VMNAME rather than all.

OPTION B: Do it *for* your students

Alternatively, if you want to set the keyboard to all the virtual
machines for all the students, a loop utility can be used to execute
commands on each student foundationX system (adjust the keyboard
layout to reflect your classroom):

f0$ rht-each --spawn "rht-vmsetkeyboard all gb"

****************************** NOTE *********************************

* If one or more of the VMs are running RHEL 6.x, then you may *
* see a warning message about an "invalid" keyboard layout if *
* the layout you passed as an argument does not coincidentally *
* also work with system-config-keyboard in RHEL 6. *
* *
* Given that you already know which one it is (just like above *
* for foundation0), change the second command to also mention *
* the VMNAME running RHEL 6. *
* *
* f0$ rht-each -s "rht-vmsetkeyboard all gb" *
* f0$ rht-each -s "rht-vmsetkeyboard VMNAME uk" *
*********************************************************************

In some courses, it may also be undesirable to change the keyboard of

all the VMs, perhaps only changing the keyboard of the graphical
workstation VM. In this case, specify the VMNAME rather than all.

On foundation0, check the state of VMs on "all" the registered student

foundationX systems.
 f0$ rht-showstate --vms all

Alternatively, you can check the state of an individual student station.

For example, to check foundation12:

f0$ rht-showstate -v 12

Rebooting the Classroom

=======================

When looking to reboot your environment (perhaps after having shutdown

the night before, be sure to follow this same basic flow so that needed
services are available.

17. Boot foundation0 and test that services are configured and running

After you logged in as the non-privileged user, kiosk, open a terminal

and run the verification script:

f0$ rht-verify-f0

Check for any errors or warnings. Do note that it is possible to log

in and get to a terminal prompt before all services have finished
starting. Re-run the verify script until all services are running.

18. Verify running services on classroom VM

On the classroom VM, login as instructor (password: Asimov), then open

a terminal and run the verification script:

classroom$ rht-verify-classroom

Check for any errors or warnings. Do note that it is possible to log

in and get to a terminal prompt before all services have finished
starting. Re-run the verify script until all services are running.
Failures must be resolved before proceeding, but warnings are there to
give you pause about things that may be problematic later.

19. (optional) Connect to the Outside World.

On foundation0 and/or the classroom VM:

f0$ rht-external --configure eno1

classroom$ rht-config-nat

20. Boot the various student foundationX machines (or let them boot them)

While students may have left their VMs in unusual states, if you would
prefer to launch them all you could use a quick loop as before:

f0$ rht-each "rht-vmctl start all"

Operational Support
===================

To support operational tasks around the collection of both roster and

survey information, it would be more convenient to place a desktop icon
on each student's foundationX. Each of these steps should be performed
 at an appropriate time.

A. Distribute roster desktop icon on the first day of class

To point students to the online roster provided your classroom is

configured for Internet access:

f0$ rht-pushdesktop --offering <offeringid> all roster

The above command will replace the url inside the roster file with one
that includes the offeringid. Students will then be prompted to login
to the online environment and confirm their name, email, and attendance.
At the end of class, a course completion certificate will be generated
and emailed to the student's provided/confirmed email address.

You should have received the Offering ID for the class in a confirmation
email, but can always be looked up by logging into the LMS (log in to
Instructor Central and choose Access LMS).

The instructor can monitor the progress of student enrollments by

navigating to the ILT dashboard and logging in:

https://rol.redhat.com/rol/rhz/login?offering=<offeringid>

If the class does not have Internet access or the students are not
properly enrolled in the LMS (typically onsites) you will need to
have them fill this out from a cellphone or some other online device.

If you need to adjust the default URL that the roster is provided through,
you can either append the replacement URL as an argument to the --url
option or you can manually edit the source file found in
~kiosk/survey/rht-survey-roster.desktop.

f0$ rht-pushdesktop --url http://replacehost/replaceurl all roster

B. Once roster has been filled in, remove the roster desktop icon

f0$ rht-pushdesktop --remove all roster

C. On the last day of class, distribute the survey desktop icon

To point students to the online survey provided your classroom is

configured for Internet access:

f0$ rht-pushdesktop --offering <offeringid> all survey

The above command will replace the url inside the survey file with one
that includes the offeringid to allow online anonymous collection of
the student feedback.

You should have received the Offering ID for the class in a confirmation
email, but can always be looked up by logging into the LMS (log in to
Instructor Central and choose Access LMS).

If the class does not have Internet access or the students are not
properly enrolled in the LMS (typically CTP events) you will need to
have them fill this out from a cellphone or some other online device.

D. Once surveys have been filled in, remove the survey desktop icon unless
 you are wiping the environment (See ClassroomReset.txt)

f0$ rht-pushdesktop --remove all survey

E. Mark the class complete to trigger course completion certificates

If the roster was done online, login to the status page to mark the
class complete triggering the delivery of the course completion
certificates to the emails supplied during roster collection.

https://rol.redhat.com/rol/rhz/login?offering=<offeringid>

Useful Summary Information for RHCE 7 Classes

=============================================

Systems at the physical layer (X=0-instructor, 1-20-students)

1 - foundationX.ilt.example.com, kiosk/redhat, root/Asimov
172.25.254.X/24 tied to br0 (first NIC) (if X=0, use 250)
172.25.X.250/24 also tied to br0 (to be on VMs network)

Systems at the virtual layer (X=0-instructor, 1-20-students)

1 - classroom.example.com, instructor/Asimov, root/Asimov
this is the master router between each /24 network
172.25.0-20,201-2,253-4.254/24
eth1 is linked to foundation0 br1 configured to get external network
2 - desktopX.example.com, student/student, root/redhat
172.25.X.10/24
3 - serverX.example.com, student/student, root/redhat
172.25.X.11/24

ssh keys exist on foundation0 and classroom to let you break in anywhere.

The passwords of "student" and "redhat" are expected to be shared with

students. The password of "Asimov" should *not* be shared.

The DHCP server on classroom serves IP addresses to specific MAC addresses.

The pattern is as follows giving each student their own set of MACs:
52:54:00:00:0xX:0xY -> 172.25.X.Y for Y=10-15 (static)
52:54:00:00:0xX:?? -> 172.25.X.16-100 (pool)
The DHCP server will also offer IPs from 172.25.251/24 for PXE clients
only for anyone in the 52:54:00:??:??:?? not matching the above. It works
for PXE, but there will be no IP address after a reboot.

=============================================================================

CHANGELOG
=========
* Wed Jun 22 2022 Robert Locke <rlocke@redhat.com> - 9.x-7
- clarify non-use of roster/survey by RHA
- add more info on rht-external support of dns and wifi
* Fri May 20 2022 Robert Locke <rlocke@redhat.com> - 9.x-7
- prep for release
* Tue Mar 8 2022 Robert Locke <rlocke@redhat.com> - 8.x-7
- add references to UEFI boot menu and other clean up
* Mon Jul 19 2021 Robert Locke <rlocke@redhat.com> - 8.x-7
- add references to --named option for rht-f0finish
* Mon Aug 19 2019 Robert Locke <rlocke@redhat.com> - 8.x-7
- adjust roster/survey references
* Thu May 30 2019 Robert Locke <rlocke@redhat.com> - 8.x-7
- prep for release
* Mon Apr 1 2019 Robert Locke <rlocke@redhat.com> - 8.x-7
- switch some references to RHEL 8
- add --test and --log references to rht-showstate
* Fri Aug 17 2018 Robert Locke <rlocke@redhat.com> - 7.x-6
- add references to OFFERINGID for online roster
* Wed Mar 9 2018 Robert Locke <rlocke@redhat.com> - 7.x-6
- correct roster and survey desktop filename references
- remove references to second physical system
* Mon Nov 13 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- add wording around setting international keyboards
* Thu Jul 6 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- add reference to rht-movebr0
* Thu Jun 22 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- add rht-external --noclassroom option
* Thu Mar 30 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- change rht-external to use prefix rather than netmask
* Fri Mar 17 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- rht-f0finish securing GRUB and processing galaxy0
- rht-secure-fX - new utility to (un)secure physical student systems
* Tue Mar 7 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- autologin of kiosk on foundation0 disabled
* Fri Mar 3 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- add references to rht-pushdesktop and rht-collectsurvey
* Thu Feb 23 2017 Robert Locke <rlocke@redhat.com> - 7.x-5
- add references to rht-verify-classroom being run by rht-f0finish
* Fri Jun 10 2016 Robert Locke <rlocke@redhat.com> - 7.x-5
- shift uplink references to rht-external
* Wed Apr 6 2016 Robert Locke <rlocke@redhat.com> - 7.x-5
- add references to older technology installation
- add reference to lsicmf kickstart argument
* Mon Feb 22 2016 Robert Locke <rlocke@redhat.com> - 7.x-5
- add step 7a for installing secondary physical system
* Tue Feb 2 2016 Robert Locke <rlocke@redhat.com> - 7.x-5
- change hostX reference to galaxyX
* Thu Dec 3 2015 Robert Locke <rlocke@redhat.com> - 7.x-4
- expand USB removal warning to wait for shutdown also (SETUP-133)
* Tue Nov 3 2015 Robert Locke <rlocke@redhat.com> - 7.x-4
- add --delay option to rht-f0finish
* Fri Oct 23 2015 Robert Locke <rlocke@redhat.com> - 7.x-4
- add references to --prompt in rht-f0finish and rht-vmsetkeyboard
- rework short version to make it easier to follow
- add note about monitors.xml (thanks Phil!)
* Fri Aug 28 2015 Robert Locke <rlocke@redhat.com> 7.1-4
- add step for starting "private" workstation first
* Mon Jul 6 2015 Robert Locke <rlocke@redhat.com> 7.1-4
- add reference to rht-pushcourse spawning rht-vmctl get
* Mon Jun 1 2015 Robert Locke <rlocke@redhat.com> 7.1-3
- add reference to rht-verify-f0 --validate
* Wed May 20 2015 Robert Locke <rlocke@redhat.com> 7.1-3
- bump release
* Mon Apr 27 2015 Robert Locke <rlocke@redhat.com> 7.1-2
- minor versioning fixes
* Wed Mar 18 2015 Robert Locke <rlocke@redhat.com> 7.1-2
- merge rht-secure-f0 and rht-vmctl start all steps
* Thu Mar 5 2015 Robert Locke <rlocke@redhat.com> 7.1-2
- change loops to use rht-each
* Mon Nov 24 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add mention of virbr1 not starting until nfs-server is up.
* Tue Nov 18 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add references to GPXE support
* Fri Oct 31 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add warnings about rebooting needs to re-run verify scripts
* Wed Oct 1 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add rht-secure-f0
* Tue Sep 30 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add rht-setmaxstations
* Mon Sep 29 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add substep to correct local time on foundation0
- remove anaconda timing concern
* Thu Sep 11 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- rht-verify-f0 - clarify Failures vs. Warnings
* Fri Aug 29 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add references to --nocourse for rht-verify-f0
* Thu Aug 14 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- minor cleanups
* Wed Jul 9 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- update rht-vmsetkeyboard instructions to support RHEL 6 VMs
* Thu Jul 3 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add rht-vmsetkeyboard usage instructions
* Mon Jun 30 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add DHCP information to the Summary
* Tue Jun 24 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- split out to ClassroomReset.txt and ClassroomTroubleshooting.txt
* Mon Jun 23 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- fix obsolete reference to gnome-display-properties
* Thu Jun 19 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add references to new rht-showstate
* Mon Jun 16 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- adjust classroom scripts to run as instructor
* Wed Jun 4 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- prep for release
* Tue May 27 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- add Optimal Parallelism section
* Thu May 22 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- incorporate feedback from field instructor tests
* Thu May 1 2014 Robert Locke <rlocke@redhat.com> 7.0-1
- incorporate feedback from pilots
* Fri Dec 9 2013 Robert Locke <rlocke@redhat.com> 7.0-0
- initial release