Nutanix_Home_Lab_Mentor_6 - itnett/FTD02H-N GitHub Wiki
Complete Setup Documentation and Scripts for VLAN 100 (Management) with Nutanix Prism and Management VMs
This guide will provide the necessary scripts and documentation to set up the Management VLAN (VLAN 100) with the IP range 10.0.10.0/24. The setup includes configuring Nutanix Prism and creating management VMs.
- Nutanix Community Edition (CE) Installed: Ensure Nutanix CE is installed on your hardware.
- Networking Hardware: Managed switch that supports VLAN tagging.
- SSH Access: Ensure SSH access to the Nutanix AHV host and CVM.
- Terraform and Ansible Installed: For automation scripts.
Step 1: Create VLAN 100 in Nutanix Prism
# Connect to the Nutanix CVM via SSH
ssh nutanix@<CVM_IP>
# Use the nCLI to create VLAN 100
ncli vlan create name=Management vlan-id=100 ip-gateway=10.0.10.1 ip-prefix=10.0.10.0/24
Step 2: Configure Networking for VLAN 100
- Access the network configuration in Nutanix Prism.
- Assign VLAN 100 to the NICs connected to your management VMs.
- Ensure the gateway for VLAN 100 is set to 10.0.10.1.
Step 1: Write Terraform Script to Create Management VMs
Create a file named main.tf
:
provider "nutanix" {
username = "admin"
password = "your_password"
prism_element_ip = "10.0.10.10" # Prism Element IP
}
resource "nutanix_virtual_machine" "management_vm" {
name = "Management-VM"
description = "Management VM for VLAN 100"
num_vcpus_per_socket = 2
num_sockets = 1
memory_size_mib = 4096
power_state = "ON"
nic_list {
vlan = 100
ip_list {
ip = "10.0.10.20"
}
}
guest_os {
vm_guest_os = "CentOS_7"
}
disk_list {
device_properties {
disk_address {
device_bus = "SCSI"
device_index = 0
}
}
vm_disk_clone {
disk_address {
vmdisk_uuid = "your_disk_image_uuid" # Replace with your image UUID
}
}
vm_disk_create {
storage_container_uuid = "your_storage_container_uuid" # Replace with your storage container UUID
size = "20GiB"
}
}
}
Step 2: Initialize and Apply the Terraform Configuration
# Initialize Terraform
terraform init
# Apply the configuration
terraform apply
This script will create a VM named Management-VM
on VLAN 100 with a static IP of 10.0.10.20.
Step 1: Write the Ansible Playbook
Create a file named management_vm_setup.yml
:
---
- name: Configure Management VM
hosts: management
become: yes
vars:
admin_user: "admin"
admin_password: "your_admin_password"
tasks:
- name: Update and upgrade the system
apt:
update_cache: yes
upgrade: dist
- name: Install basic management tools
apt:
name:
- curl
- vim
- net-tools
state: present
- name: Set hostname
hostname:
name: management-vm
- name: Configure static IP
template:
src: /templates/ifcfg-template.j2
dest: /etc/sysconfig/network-scripts/ifcfg-eth0
mode: 0644
- name: Restart networking
service:
name: network
state: restarted
Step 2: Create the Network Configuration Template
Create a template file named ifcfg-template.j2
:
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.10.20
NETMASK=255.255.255.0
GATEWAY=10.0.10.1
DNS1=8.8.8.8
DNS2=8.8.4.4
Step 3: Run the Ansible Playbook
# Run the playbook
ansible-playbook -i inventory management_vm_setup.yml
Ensure that your inventory
file contains the management VM’s IP:
[management]
10.0.10.20 ansible_user=admin ansible_password=your_password
Step 1: Access Nutanix Prism
- Open a web browser and go to
https://10.0.10.10:9440
. - Login using your admin credentials.
Step 2: Configure Nutanix Prism
- Set up cluster management, add nodes if necessary, and ensure all network settings are correctly applied to VLAN 100.
Step 3: Assign IP Addresses to VMs
- For each management VM, assign a static IP in the 10.0.10.0/24 range.
- Firewall Rules: Configure pfSense to manage traffic to and from VLAN 100.
- Monitoring: Integrate with Zabbix for monitoring Prism services and VM performance.
- Backup: Set up regular backups of Prism configurations and management VMs using TrueNAS.
This guide has provided detailed steps and scripts for setting up the Management VLAN (VLAN 100) using Nutanix Prism and management VMs. The use of Terraform and Ansible ensures that the process is automated and repeatable, allowing for efficient management of your Nutanix CE environment.
Objective: Configure pfSense to manage traffic for VLAN 100, allowing essential traffic while restricting unauthorized access.
Step 1: Set Up pfSense for VLAN 100
-
Log into pfSense:
- Access the web interface:
https://<pfSense_IP>
- Login using your admin credentials.
- Access the web interface:
-
Create a VLAN for Management:
- Navigate to Interfaces > Assignments.
- Click on VLANs tab and add a new VLAN.
- Parent Interface: Choose the interface connected to your switch.
-
VLAN Tag:
100
-
Description:
Management VLAN 100
- Click Save.
-
Assign the VLAN Interface:
- Go back to the Interfaces > Assignments.
- Add a new interface using the created VLAN.
- Name the interface as
VLAN100
. - Enable the interface and assign the following settings:
-
Static IP:
10.0.10.1
-
Subnet Mask:
255.255.255.0
-
Static IP:
- Click Save and Apply Changes.
Step 2: Create Firewall Rules for VLAN 100
Outbound Rules:
-
Allow Management Traffic:
- Navigate to Firewall > Rules.
- Select
VLAN100
and add a new rule. - Action: Pass
- Protocol: TCP/UDP
-
Source:
VLAN100 net
- Destination: Any (or specify specific IPs if needed)
- Description: Allow management traffic from VLAN 100.
- Click Save and Apply Changes.
Inbound Rules:
-
Allow SSH and HTTPS:
- Navigate to Firewall > Rules under
VLAN100
. - Add new rules for SSH and HTTPS.
- Action: Pass
- Protocol: TCP
- Source: Any (or specify IP ranges)
- Destination: This firewall (for HTTPS) or specific IPs.
- Port: 22 for SSH, 443 for HTTPS
- Description: Allow SSH and HTTPS access.
- Click Save and Apply Changes.
- Navigate to Firewall > Rules under
Step 3: Automate pfSense Configuration Using Ansible
Create an Ansible playbook named pfsense_vlans_firewall.yml
:
---
- name: Configure pfSense VLAN and Firewall Rules
hosts: pfsense
become: yes
tasks:
- name: Create VLAN 100
uri:
url: "https://{{ pfsense_host }}/api/v1/interface/vlan"
method: POST
body_format: json
headers:
Content-Type: "application/json"
body:
parent_interface: "em0" # Adjust according to your setup
vlan_tag: 100
description: "Management VLAN 100"
status_code: 201
validate_certs: no
force_basic_auth: yes
user: "{{ pfsense_user }}"
password: "{{ pfsense_password }}"
- name: Assign VLAN Interface
uri:
url: "https://{{ pfsense_host }}/api/v1/interface/assign"
method: POST
body_format: json
headers:
Content-Type: "application/json"
body:
interface: "vlan100"
enable: true
ipaddr: "10.0.10.1"
subnet: "24"
status_code: 201
validate_certs: no
force_basic_auth: yes
user: "{{ pfsense_user }}"
password: "{{ pfsense_password }}"
- name: Create Firewall Rules
uri:
url: "https://{{ pfsense_host }}/api/v1/firewall/rule"
method: POST
body_format: json
headers:
Content-Type: "application/json"
body:
interface: "vlan100"
action: "pass"
protocol: "tcp/udp"
source: "10.0.10.0/24"
destination: "any"
description: "Allow management traffic"
status_code: 201
validate_certs: no
force_basic_auth: yes
user: "{{ pfsense_user }}"
password: "{{ pfsense_password }}"
Run the Playbook:
ansible-playbook -i inventory pfsense_vlans_firewall.yml
Objective: Deploy Zabbix in the Monitoring VLAN to monitor Nutanix Prism services and VM performance.
Step 1: Deploy Zabbix Server
Ansible Playbook:
Create zabbix_server_setup.yml
:
---
- name: Set up Zabbix Server
hosts: monitoring
become: yes
vars:
zabbix_db_password: "your_db_password"
tasks:
- name: Install required packages
apt:
name:
- zabbix-server-mysql
- zabbix-frontend-php
- zabbix-agent
- apache2
- mysql-server
state: present
- name: Start and enable Apache and MySQL
service:
name: "{{ item }}"
state: started
enabled: true
loop:
- apache2
- mysql
- name: Create Zabbix database
mysql_db:
name: zabbix
state: present
- name: Create Zabbix database user
mysql_user:
name: zabbix
password: "{{ zabbix_db_password }}"
priv: 'zabbix.*:ALL'
state: present
- name: Configure Zabbix Server
template:
src: templates/zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
- name: Start and enable Zabbix server
service:
name: zabbix-server
state: started
enabled: true
Configuration Template for Zabbix (zabbix_server.conf.j2
):
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword={{ zabbix_db_password }}
Step 2: Configure Zabbix for Nutanix Prism Monitoring
-
Add Nutanix Prism as a Host:
- Access the Zabbix web interface:
http://<zabbix_ip>/zabbix
. - Login with the default credentials (
Admin/zabbix
). - Navigate to Configuration > Hosts.
- Click Create Host and enter details for Nutanix Prism.
- Assign the host to an appropriate group (e.g.,
Management
). - Add items to monitor specific services like CPU, memory, and network usage.
- Access the Zabbix web interface:
-
Create Triggers and Actions:
- Set up triggers for critical thresholds (e.g., CPU usage > 80%).
- Configure actions to notify admins via email or SMS.
Objective: Automate the backup of Nutanix Prism configurations and management VMs using TrueNAS.
Step 1: Set Up TrueNAS for Backup
-
Create a New Dataset:
- Access TrueNAS web interface:
http://<truenas_ip>
. - Navigate to Storage > Pools and create a new dataset for backups.
- Access TrueNAS web interface:
-
Create an NFS Share:
- Go to Sharing > Unix (NFS) Shares.
- Create a new share pointing to the dataset created for backups.
- Configure network access and permissions to allow Nutanix CE access.
Step 2: Automate Backups Using Ansible
Ansible Playbook: truenas_backup_setup.yml
---
- name: Set up NFS Mount for Backups
hosts: management
become: yes
tasks:
- name: Install NFS client
apt:
name: nfs-common
state: present
- name: Create mount directory
file:
path: /mnt/nutanix_backups
state: directory
- name: Mount NFS Share
mount:
path: /mnt/nutanix_backups
src: "<truenas_ip>:/mnt/pool/backups"
fstype: nfs
opts: defaults
state: mounted
- name: Add mount to /etc/fstab
lineinfile:
path: /etc/fstab
line: "<truenas_ip>:/mnt/pool/backups /mnt/nutanix_backups nfs defaults 0 0"
- name: Backup Nutanix Prism Config
command: >
tar -czvf /mnt/nutanix_backups/prism_backup_$(date +%F).tar.gz /home/nutanix/prism
cron:
name: "Prism Backup"
minute: 0
hour:
3
user: root
job: "tar -czvf /mnt/nutanix_backups/prism_backup_$(date +%F).tar.gz /home/nutanix/prism"
- name: Backup Management VMs
command: >
virsh dumpxml Management-VM > /mnt/nutanix_backups/Management-VM_$(date +%F).xml
cron:
name: "VM Backup"
minute: 30
hour: 3
user: root
job: "virsh dumpxml Management-VM > /mnt/nutanix_backups/Management-VM_$(date +%F).xml"
Step 3: Schedule Backups
The Ansible playbook configures cron jobs for daily backups of Nutanix Prism configurations and management VMs at 3:00 AM.
Run the Playbook:
ansible-playbook -i inventory truenas_backup_setup.yml
This comprehensive guide has automated the configuration of firewall rules with pfSense, set up Zabbix monitoring for Nutanix Prism, and established regular backups of your critical management infrastructure using TrueNAS. By using Terraform, Ansible, and well-organized network architecture, you can manage and secure your Nutanix environment efficiently.
To set up Nutanix Community Edition (CE) on your rig and configure essential services like pfSense and others, we'll follow a phased approach. The initial steps will involve setting up Nutanix CE, creating the necessary VLANs, and deploying initial virtual machines (VMs) and services, including pfSense. Once pfSense is up and running, we'll then configure the firewall, monitoring, and backup solutions as previously described.
Step 1: Install Nutanix CE
- Download Nutanix CE: Obtain the latest Nutanix CE ISO from the Nutanix website.
- Create a Bootable USB: Use tools like Rufus or Balena Etcher to create a bootable USB from the Nutanix CE ISO.
-
Install Nutanix CE:
- Boot your rig from the USB drive.
- Follow the installation prompts to install Nutanix CE on your
Samsung 850 EVO 500GB
SSD. - Configure the network settings during installation (use a temporary IP like
192.168.1.10
for initial setup).
Step 2: Initial Configuration of Nutanix CE
-
Access Nutanix Prism:
- Once installed, access Nutanix Prism by visiting
https://<temporary_IP>:9440
in your browser. - Login with the default credentials (
admin/admin
). - Change the default password.
- Once installed, access Nutanix Prism by visiting
-
Configure Storage:
- Create a storage pool and a container using the available SSD and NVMe drives.
-
Enable and Set Up AHV:
- Enable AHV as the hypervisor.
- Configure your network to use a temporary management VLAN until pfSense is up.
Step 1: Create Initial VLANs in Nutanix Prism
-
Create VLAN 100 (Management):
- Navigate to Network > VLANs in Prism.
- Create a new VLAN named
Management
, assign VLAN ID100
, and configure it with IP range10.0.10.0/24
.
-
Create Additional VLANs: Repeat the process for other VLANs like
VLAN 110 (Monitoring)
,VLAN 120 (Production)
, etc., as needed.
Step 2: Deploy Initial VMs
-
Deploy pfSense VM:
-
Create a VM: Name it
pfSense-VM
. -
Resources:
- CPUs: 2 vCPUs
- Memory: 2 GB
- Disk: 20 GB from the storage container
-
Networking: Attach the VM to
VLAN 100
. -
Install pfSense:
- Attach the pfSense ISO as the boot disk.
- Follow the prompts to install pfSense on the VM.
- Assign
10.0.10.1
as the management IP for pfSense onVLAN 100
.
-
Create a VM: Name it
-
Deploy Additional VMs (Optional):
- Deploy other critical management VMs if required, like a Zabbix server, using similar steps.
Step 1: Basic Configuration of pfSense
-
Access pfSense Web Interface:
- Visit
https://10.0.10.1
in your browser to access pfSense. - Login with default credentials and change the password.
- Visit
-
Configure Interfaces:
- Verify that the interfaces are correctly assigned to
VLAN 100
for management.
- Verify that the interfaces are correctly assigned to
-
Enable DHCP on VLAN 100 (Optional):
- Go to Services > DHCP Server.
- Enable DHCP for VLAN 100 and configure an appropriate IP range.
Step 2: Configure Firewall Rules
-
Allow Traffic on VLAN 100:
- Configure rules to allow necessary management traffic on VLAN 100.
-
Set Up NAT (if required):
- Set up outbound NAT to manage internet access for your management VMs.
Once pfSense is up, you can proceed to deploy and configure monitoring and backup services as follows:
Step 1: Deploy Zabbix for Monitoring
-
Deploy Zabbix Server on VLAN 110:
- Create a new VM, attach it to
VLAN 110
, and install Zabbix using the Ansible playbook provided earlier.
- Create a new VM, attach it to
Step 2: Set Up TrueNAS for Backups
-
Deploy TrueNAS VM on VLAN 150:
- Deploy TrueNAS on a new VM attached to
VLAN 150
. - Configure NFS shares and set up the backup automation using the provided Ansible playbook.
- Deploy TrueNAS on a new VM attached to
Step 3: Automate the Configuration of Firewall Rules, Monitoring, and Backup
-
Run Ansible Playbooks:
- Use the playbooks provided in the previous sections to automate the configuration of pfSense, Zabbix, and TrueNAS.
After setting up Nutanix CE, pfSense, and the critical services, ensure the network is segmented correctly and all traffic routed through pfSense. You can deploy additional services and VMs within your Nutanix environment as needed.
This phased approach ensures that your core infrastructure is operational before moving on to more complex configurations and deployments.
Installing Nutanix Community Edition (CE) on the Kingston NV2 NVMe SSD 1TB is actually a good idea for several reasons:
-
Higher Performance: The NVMe SSD will offer much faster read and write speeds compared to the SATA SSD, which can significantly improve the performance of your Nutanix environment, especially when it comes to I/O-intensive operations like running virtual machines, handling storage operations, and overall system responsiveness.
-
Efficient Use of Resources: By installing Nutanix CE on the NVMe SSD, you can reserve the SATA SSD (Samsung 850 EVO 500GB) and other drives for additional storage pools, caching, or other specialized tasks within your Nutanix environment. This allows for more efficient use of the available hardware resources.
-
Future-Proofing: NVMe drives are more aligned with modern infrastructure setups. Using the NVMe SSD for the primary installation ensures that your setup is future-proof and can handle newer, more demanding workloads as your needs grow.
-
Download Nutanix CE ISO: Obtain the Nutanix CE ISO from the official Nutanix website.
-
Create a Bootable USB: Use a tool like Rufus to create a bootable USB drive with the Nutanix CE ISO.
-
Backup Data: If there is any existing data on the Kingston NVMe SSD, back it up before proceeding with the installation, as this process will wipe the drive.
-
Boot from USB:
- Insert the bootable USB into your rig.
- Boot the system from the USB drive. You may need to enter the BIOS/UEFI to change the boot order.
-
Start Installation:
- When the Nutanix CE installer loads, select the Kingston NV2 NVMe SSD 1TB as the target drive for the installation.
-
Network Configuration:
- During installation, you will be prompted to configure the network settings.
- Assign a temporary IP address for initial access (e.g.,
192.168.1.10
).
-
Complete the Installation:
- Follow the on-screen prompts to complete the installation.
- After installation, the system will reboot, and Nutanix CE will boot from the NVMe SSD.
-
Access Nutanix Prism:
- Use a browser to access the Nutanix Prism interface at
https://192.168.1.10:9440
. - Log in with the default credentials (
admin/admin
). - Change the default password and configure the basic settings.
- Use a browser to access the Nutanix Prism interface at
-
Configure Storage Pool:
- Create a storage pool using the remaining drives, including the Samsung 850 EVO SSD and the 4TB SATA HDD.
- Configure storage containers as needed for your virtual machines and applications.
-
Create VLANs:
- In Nutanix Prism, navigate to the network section and create the necessary VLANs for your environment, starting with VLAN 100 for management.
-
Deploy pfSense on VLAN 100:
- Create a VM for pfSense on VLAN 100, assign appropriate resources, and install pfSense.
- Configure pfSense with the IP
10.0.10.1
and set up basic firewall rules.
After pfSense is operational, you can go ahead and deploy additional services such as Zabbix for monitoring and TrueNAS for backup, as outlined in the previous steps.
Installing Nutanix CE on the Kingston NV2 NVMe SSD 1TB leverages the high performance of NVMe storage, optimizing your setup for current and future workloads. This approach ensures that your Nutanix environment is fast, efficient, and capable of handling intensive operations while making the best use of your hardware resources.