bring guide about new chaosknoten VMs into doc structure
This commit is contained in:
parent
0842a51ae0
commit
dd48a9d519
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 22 additions and 10 deletions
111
docs/guides/create-a-new-vm-on-chaosknoten.md
Normal file
111
docs/guides/create-a-new-vm-on-chaosknoten.md
Normal file
|
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
title: Create a new VM on Chaosknoten
|
||||
---
|
||||
|
||||
!!! success "Goal"
|
||||
|
||||
Create a new VM on our Chaosknoten Server with DNS Name, Firewalling and network config.
|
||||
|
||||
## 1. Reserve an IP Address
|
||||
|
||||
Decide on what kind of network configuration the VM needs.
|
||||
In this guide we assume a public v6 and a non-public v4 in the v4-NAT network.
|
||||
If you have special requirements, refer to TODO for more information on the different kinds of networks available on Chaosknoten.
|
||||
|
||||
1. Allocate a fresh [v6 in NetBox in the v4-NAT v6-network](https://netbox.hamburg.ccc.de/ipam/prefixes/47/ip-addresses/).
|
||||
- The _hostname_ should be the full FQDN, like: `myservice.hosts.hamburg.ccc.de`
|
||||
|
||||
## 2. Configure DNS
|
||||
|
||||
2. Add a new `AAAA` record pointing to the chosen v6 to the [`hamburg.ccc.de` zone](https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/branch/main/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone).
|
||||
It should look something like this:
|
||||
```
|
||||
myservice.hosts IN AAAA 2a00:14b0:42:102::ff
|
||||
```
|
||||
3. Run the Ansible playbook for the `auth-dns` host to publish the new DNS entry:
|
||||
```
|
||||
ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l auth-dns -t knot
|
||||
```
|
||||
|
||||
## 3. Create A VM in Proxmox
|
||||
|
||||
Now that we have a v6, let's create a new VM on Chaosknoten.
|
||||
|
||||
1. Clone the `chaos-debian-XX-tmpl-YYYY-MM-DD` template with ID `9023`.
|
||||
- The _Name_ should be the hostname used earlier, e.g. `myservice`.
|
||||
- The _Mode_ should be set to _Full Clone_ and the _Target Storage_ to _nvme0_.
|
||||
- All other settings should be left as is.
|
||||
2. Once cloned, edit the VM settings as follows:
|
||||
- The network interface for the VM should already be configured to use bridge _vmbr0_ with VLAN tag _2_, which is the correct configuration for the v4-NAT network used in this example.
|
||||
For other networks, other bridges or VLANs should be used.
|
||||
- If there isn't a good reason to not do so, enable the Proxmox firewall for the VM. Firewall security groups exist for various common use cases to make the firewall configuration fast and easy.
|
||||
- In the _Cloud-init_ section, set the chosen static v6 with its gateway. As we're using the v4-NAT network in this example, the gateway would be `2a00:14b0:42:102::1`.
|
||||
For other networks, different network configuration must be set.
|
||||
- In the _Options_ section, set _Start at Boot_ to _Yes_.
|
||||
- Optionally configure other VM parameters.
|
||||
Especially the _Memory_, _Processors_ and _Hard Disk_ options might be of interest.
|
||||
3. Next start up the VM.
|
||||
- Once it has an IP, you should be able to SSH into it using the hostname used in the DNS entry earlier (e.g. `myservice.hosts.hamburg.ccc.de`):
|
||||
```
|
||||
ssh chaos@myservice.hosts.hamburg.ccc.de
|
||||
```
|
||||
Or if no v6 connectivity is available:
|
||||
```
|
||||
ssh -J chaos@router.hamburg.ccc.de chaos@myservice.hosts.hamburg.ccc.de
|
||||
```
|
||||
|
||||
## 4. Enter VM into NetBox
|
||||
|
||||
4. Finally add the VM to NetBox
|
||||
1. First [add the VM itself](https://netbox.hamburg.ccc.de/virtualization/virtual-machines/).
|
||||
- The _Name_ should be the hostname of the VM, so e.g. `myservice`.
|
||||
- _Site_ and _Cluster_ should be set. For Chaosknoten that would be _IRZ42_ and _chaosknoten_.
|
||||
- The _Proxmox VM ID_ should be set to the ID of the VM in Proxmox.
|
||||
- All other options should be left as is.
|
||||
2. Then add the interface of the VM to the newly created VM in NetBox by adding a component.
|
||||
- The _Name_ should be the name of the interface of the VM. Most likely _net0_.
|
||||
- The _Primary MAC Address_ should be set to the MAC address generated by Proxmox, which can be found in the _Network Device_ configuration in Proxmox.
|
||||
- _802.1Q Switching_ should be set appropriately. As we're using the v4-NAT network in this example, the _802.1Q Mode_ would be _Access_ with the _VLAN group_ being _IRZ42 Intern_ and the _Untagged VLAN_ being _v4-NAT_.
|
||||
- All other options should be left as is.
|
||||
4. Finally assign the IP address created earlier in NetBox to the just created interface by going into the _Assignment_ section of the IP address configuration.
|
||||
- Also check _Make this the primary IP for the device/VM_ while doing so.
|
||||
|
||||
## 5. Enroll the VM in ansible
|
||||
|
||||
Next up the VM should be added to the Ansible configuration management. While Ansible can and should be used to configure various services and configuration options, this section focuses on the basic setup to be done.
|
||||
|
||||
1. [Setup SOPS for the new host](./sops-new-host.md).
|
||||
2. Add the VM to the inventory (e.g. `inventories/chaosknoten/hosts.yaml`):
|
||||
1. First add basic connection info. For our host in the v4-NAT network, this would look like this:
|
||||
```yaml
|
||||
myservice:
|
||||
ansible_host: myservice.hosts.hamburg.ccc.de
|
||||
ansible_user: chaos
|
||||
ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de
|
||||
```
|
||||
Adding the router as a jump host enables us to run Ansible on a v4-only connection.
|
||||
2. Add the host to a base set of inventory groups for a base configuration:
|
||||
- `base_config_hosts`
|
||||
- `infrastructure_authorized_keys_hosts`
|
||||
- `ansible_pull_hosts`
|
||||
3. Run a first Ansible playbook against the new host to apply the basic configuration:
|
||||
```
|
||||
ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l myservice
|
||||
```
|
||||
|
||||
Feel free to commit at this point before continuing with further configuration.
|
||||
|
||||
## 6. Configure the VM further for your needs
|
||||
|
||||
With the basic configuration now done, the VM can be set up further. Here are some helpful pointers:
|
||||
|
||||
- Inventory variables for the host can be set in its host vars file, e.g. `inventories/chaosknoten/host_vars/myservice.yaml`.
|
||||
- Secrets should be stored using SOPS, see: [SOPS: Storing Secrets](./sops-storing-secrets.md)
|
||||
- Guidance on setting up a web service can be found in the [Web Service](./web-service.md) guide.
|
||||
|
||||
Afterward you should also take care of setting up monitoring for the newly configured service, see: [Monitor a new service with Gatus](./monitor-a-new-service-with-gatus.md).
|
||||
|
||||
## Closing Up
|
||||
|
||||
This section is optional but if there's any way for the reader to verify their goal has been achieved, you should mention it here.
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue