Milestone 7 ‐ Deploying and Post Provisioning of BlueX Linux Servers - seabar24/SYS-480 GitHub Wiki

Rocky Linux Configuration

Here are step-by-step screenshots of configuring a Rocky Linux VM:

First is to Create a New Virtual Machine within your vcenter and place it within the BASEVM folder for later use.

image

Select your largest storage type (Mines was datastore2-super1):

image

Choose ESXi 8.0 or later for compatibility:

image

For Guest OS select Linux and Red Hat Enterprise Linux 9 (64-bit) or 10:

image

Then customize your hardware similar to below:

image

image

  • Thin Provision on Hard Disk
  • Network Adapter: 480-WAN
  • Datastore ISO File: Rocky-9.3-x86_64-minimal.iso

Power On the VM and pick the following options for installing Rocky:

image

Select English and continue:

image

First, we are going to select Installation Destination and make sure our VMware Virtual Disk is selected:

image

image

Next, we are going to create our deployer user and set a password for them. As well as checking Make this user administrator.

image

After both of those are done, we can click Begin Installation and start installing Rocky:

image

image

The installation will take a little while, but once it's complete we can switch the CD/DVD from Datastore ISO File to Client Device:

image

Go back into the Rocky box and sign-in. Then use the following command to run a script to cleanup and prep our Rocky box for cloning:

curl -O https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/rhel-sealer.sh
sudo bash rhel-sealer.sh

Once the script is done running, Power down your Rocky box and create a screenshot called Base and then you're complete:

image

Ansible DHCP w/ Blue1

Static Route

Before we can start with Ansible DHCP Services, we must set a Static Route for our fw-blue1.

This is the process for setting it up within pfsense. First we will be going to our pfsense site in our xubuntu-wan box and clicking on System > Routing

image

From here, we will be adding a gateway for our Firewall to use for setting the Static Route. Click Add under Gateways and add the following gateway:

image

image

Once it's saved, we will be going over to the Static Route tab and clicking Add. Then add the following Static Route:

image

Once we save that, fw-blue1 should now have a static route to it!

image

Yaml files

To add DHCP Services using Ansible, we will need to create a new inventories file for our fw-blue1 to have a variables.

fw-blue1-vars.yaml

image

Then, create the Ansible Playbook that will run to make the DHCP Services available on fw-blue1.

vyos-blue1-config.yaml

image

Then run the following command to run the playbook:

ansible-playbook -i inventories/fw-blue1-vars.yaml --user vyos --ask-pass vyos-blue1-config.yaml

image

Using our updated 480-utils.psm, we can create 3 Rocky VM clones and set them to BLUE-LAN. Then using the Get-IP Function to see their newly given DHCP Addresses.

image

Rocky and Ubuntu Ansible

For this Ansible Playbook, we will be setting up a vars yaml for linux boxes. This will be useful as we can run playbooks for both Rocky and Ubuntu simultaneously!

First, I ran the 480-utils.psm1 and 480driver.ps1 scripts to create 2 ubuntu clones based off my ubuntu-22.04-live BaseVM.

Then I created the vars.yaml file called linux.yaml

image

For IP Addresses, those can be switched around to the DHCP Address given (if like me you had to delete and recreate clones multiple times this will occur!)

And for the public_key you can either create one, or if you're like me and have your github repo cloned and added with SSH to your xubuntu-wan box. You can instead copy your public key within you ~/.ssh/authorized_keys and paste it into the public_key under vars.

Rocky

For Rocky, I created the following .yaml file called rocky-playbook.yaml

image

Then I ran the following command to run the playbook:

ansible-playbook -i inventories/linux.yaml --ask-pass rocky-playbook.yaml -K

image

Using Get-IP we can see that the IP Addresses have changed:

image

Ubuntu

For Ubuntu, I created the following .yaml file called ubuntu-playbook.yaml. This is similar to the rocky-playbook.yaml with the only difference really being in Setup Netplan instead of Nmcli.

image

I also made a netplan file called netplan.yaml.j2 within files/vyos for it to pull from when creating the netplan.

Then I ran the following command to run the playbook:

ansible-playbook -i inventories/linux.yaml --ask-pass ubuntu-playbook.yaml -K

image

Using Get-IP we can see that the IP Addresses have changed:

image

Recordings

Trouble with the Lab

My biggest issue with the lab was that when cloning my ubuntu servers, I realized that the ISO I had was for ubuntu-22.04-desktop.iso. This caused the DHCP Services to not work and I had to make a new Base VM with an ubuntu-22.04-live.iso instead. But then I ran into issues with that as it's a common problem with trying to update/install a full Ubuntu server on that. The workaround was setting my Hard Disk from the default 25 GB to 30 GB, and when given the option for Ubuntu Server or Ubuntu (minimal) I went with minimal. Then when installing and given the chance to reboot/cancel update I went with that.

But then that caused further issues with SSH for Ansible and I ended up downloading ubuntu-22.04.4-live.iso and created a new BaseVM. Then I repeated the process like before, but didn't choose minimal install and the mirrors seemed to work for this version. I was able to successfully install it.