Milestone 7 - Deploying and Post Provisioning of Blue25 Linux Servers

Rocky Base VM

Download the Rocky ISO from the Rocky website and upload to the Host's datastore.

Create a new VM named Rocky.base, which will serve as a base template for a Rocky VM.

Ensure that the VM is thinnly provisioned, as creating many clones of a thick provisioned VM would eat the datastore's space.

Follow through the Rocky Installation process

When at the page shown in the screenshot below, make a deployer account and optionally also disable the root user for security reasons.

Sysprep

Used the following script with the following edits:

• rm -f /etc/NetworkManager/system-connections/*.nmconnection instead of /bin/sed -i '/^\(HWADDR\|UUID\|IPADDR\|NETMASK\|GATEWAY\)=/d' /etc/sysconfig/network-scripts/ifcfg-e* because the network scripts is deprecated on the newer versions of Rocky.

Snapshot

Take a snapshot of the VM while it is shutdown and name it "Base"

Update Routing for Blue25

Create a new Static Route on the FW-480-Eamon router to allow for the Blue25 network to access the internet and forward all traffic to the Blue25 Firewall.

Create DHCP on Blue25

Ansible JSON Inventory File

Create a new Blue25FW YAML file to store the information needed to connect and configure DHCP on the Blue25-FW.

DHCP Playbook

The Blue25-FW Playbook uses the vyos.config module to write the commands necessary to set up DHCP on the router directly to the configuration file and save it.

The screenshot below shows the results of the playbook being run. The "changed" status indicates that the configuration file was successfully edited with the new DHCP configurations.

The screenshot below shows the new DHCP IP addresses from the new Rocky VMs on the Blue25 network. This proves that the DHCP configuration was successful.

Post-Provision Rocky 1-3

The Linux inventory file contains the information and variables needed to run the playbooks against both the newly made Rocky and Ubuntu vms. It creates a Linux group, then subdivides it between ubuntu and rocky, assigning different variables per operating system. Each child group lists the DHCP addresses for the virtual machines, and contains their designated hostnames and new static IP addresses. There are also base variables for the linux group that allows to all child groups, containing basic networking configurations and the public key for ssh.

The Rocky Playbook copies the SSH public key over to authorized_keys (allowing for passwordless ssh), creates a sudoer entry for the ansible user (allowing for passwordless sudo), and configures the network to assign a static IP address to the device.

The screenshot below shows the new static IP addresses for the Rocky machines.

The screenshot below shows the passwordless ssh connection to ubuntu-1 and passwordless use of sudo.

Post-Provision Ubuntu 1-2

Create linked ubuntu clones, add network interfaces to Blue25 network, get DHCP address

Just like the rocky one, the Ubuntu Playbook copies the SSH public key over to authorized_keys (allowing for passwordless ssh), creates a sudoer entry for the ansible user (allowing for passwordless sudo), and configures the network to assign a static IP address to the device.

The screenshot below shows the new static IP addresses for the ubuntu machines.

The screenshot below shows the passwordless ssh connection to ubuntu-1 and passwordless use of sudo.

• IMPORTANT NOTE: Make sure that the device name when configuring the network is "Wired Connection 1", or it will create another ethernet connection and do the configurations there