Milestone 7 ‐ Deploying & Post Provisioning of BlueX Linux Servers - tmansfield42/Tech-Journal GitHub Wiki

Deploying & Post Provisioning of BlueX Linux Servers

Summary

In this milestone we deployed 5 Linux servers (3 Rocky, 2 Ubuntu) to the Blue network, configured DHCP on fw-blue1 via Ansible, and post-provisioned all machines with static IPs, SSH keys, sudoers, and hostnames.

7.1 Rocky Linux Base VM

Created a Rocky 9.1 base VM, thin provisioned. Used the rhel-sealer.sh script to sysprep the machine before snapshotting.

7.2 DHCP on fw-blue1 and Static Route on 480-fw

Static Route on 480-fw

SSHed into 480-fw and added a static route so traffic destined for the Blue network gets forwarded to fw-blue1's eth0:

set protocols static route 10.0.5.0/24 next-hop <fw-blue1-eth0-ip>

Ansible DHCP Playbook for fw-blue1

Used the vyos_config module to push DHCP configuration to fw-blue1. Also used vyos_command to verify the VyOS version before making changes.

vyos-blue.yml

Linked Clones

Used 480-utils to deploy 3 Rocky linked clones onto the Blue network. All three picked up DHCP addresses from the pool (10.0.5.75–10.0.5.125). Used Get-IP to confirm addresses on all three machines.

7.3 Post Provisioning Rocky 1-3

The rocky-config.yml playbook handles the following for each machine:

  • Creates .ssh/ directory and authorized_keys file for the deployer user
  • Appends the public key via blockinfile
  • Creates /etc/sudoers.d/480 with passwordless sudo for deployer
  • Sets the hostname and adds it to /etc/hosts
  • Uses nmcli to set a static IP, gateway, and DNS
  • Bounces the box with sleep 5 && shutdown

We assigned rocky VMs 1,2 & 3 the IPs 10.0.5.10, 10.0.5.11, 10.0.5.12 respectfully.

rocky-config.yml

7.4 Post Provisioning Ubuntu 1-2

The ubuntu-config.yml playbook mirrors the Rocky playbook for the SSH key, sudoers, and hostname tasks. The key difference is network configuration — Ubuntu uses netplan instead of nmcli.

The playbook writes directly to /etc/netplan/00-installer-config.yaml using copy with inline content:, then runs netplan apply. The file is set to mode 0600 since Ubuntu will reject world-readable netplan configs. The reboot uses shutdown -r now rather than just shutdown to ensure an actual restart.

We assigned ubuntu servers 1 and 2 the IPs 10.0.5.30, 10.0.5.31 respectfully.

ubuntu-config.yml

Troubleshooting

vyos-blue.yml DHCP commit failing

When first running the DHCP playbook, VyOS kept throwing Configuration file errors encountered. After looking, the issue was the lan variable in the inventory was set to 10.0.5.0/24. When that gets inserted into a VyOS set command path, the /24 breaks the config parser entirely. The fix was separating the subnet (10.0.5.0/24) and keeping the CIDR in the command itself rather than inside a variable that gets embedded mid-path.

linux.yaml inventory structure

The .yml inventory wasn't being recognized by Ansible because hosts: and children: were incorrectly nested as siblings under linux:. The correct structure has children: directly under the top-level group and hosts: nested under each child group (rocky:, ubuntu:). IP addresses also need to be quoted in YAML inventory files or the parser misreads them.