June
b91bc38d7b
- Split out the general information on how to set up a new VM on Chaosknoten to have it be more generally useful. - Also split out the section on monitoring to not have it intermingled with the other information. - Rework the guides to include more information and be more streamlined. Also remove duplicate information along the way.
5.9 KiB
5.9 KiB
| title | summary |
|---|---|
| New Chaosknoten VM | How to Create a New VM on Chaosknoten |
New Chaosknoten VM
This guide outlines the steps to take for creating a new VM (myservice) on Chaosknoten. It might also act as a useful reference for other environments however.
IP and DNS
Decide on what kind of network configuration the VM needs. In this guide we assume a public v6 and a non-public v4 in the v4-NAT network. If you have special requirements, refer to TODO for more information on the different kinds of networks available on Chaosknoten.
- Allocate a fresh v6 in NetBox in the v4-NAT v6-network.
- The hostname should be the full FQDN, like:
myservice.hosts.hamburg.ccc.de
- The hostname should be the full FQDN, like:
- Add a new
AAAArecord pointing to the chosen v6 to thehamburg.ccc.dezone.
It should look something like this:
myservice.hosts IN AAAA 2a00:14b0:42:102::ff
- Run the Ansible playbook for the
auth-dnshost to publish the new DNS entry:
ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l auth-dns -t knot
VM Creation
Now that we have a v6, let's create a new VM on Chaosknoten.
- Clone the
chaos-debian-XX-tmpl-YYYY-MM-DDtemplate with ID9023.- The Name should be the hostname used earlier, e.g.
myservice. - The Mode should be set to Full Clone and the Target Storage to nvme0.
- All other settings should be left as is.
- The Name should be the hostname used earlier, e.g.
- Once cloned, edit the VM settings as follows:
- The network interface for the VM should already be configured to use bridge vmbr0 with VLAN tag 2, which is the correct configuration for the v4-NAT network used in this example.
For other networks, other bridges or VLANs should be used. - If there isn't a good reason to not do so, enable the Proxmox firewall for the VM. Firewall security groups exist for various common use cases to make the firewall configuration fast and easy.
- In the Cloud-init section, set the chosen static v6 with its gateway. As we're using the v4-NAT network in this example, the gateway would be
2a00:14b0:42:102::1.
For other networks, different network configuration must be set. - In the Options section, set Start at Boot to Yes.
- Optionally configure other VM parameters.
Especially the Memory, Processors and Hard Disk options might be of interest.
- The network interface for the VM should already be configured to use bridge vmbr0 with VLAN tag 2, which is the correct configuration for the v4-NAT network used in this example.
- Next start up the VM.
- Once it has an IP, you should be able to SSH into it using the hostname used in the DNS entry earlier (e.g.
myservice.hosts.hamburg.ccc.de):
Or if no v6 connectivity is available:ssh chaos@myservice.hosts.hamburg.ccc.dessh -J chaos@router.hamburg.ccc.de chaos@myservice.hosts.hamburg.ccc.de
- Once it has an IP, you should be able to SSH into it using the hostname used in the DNS entry earlier (e.g.
- Finally add the VM to NetBox
- First add the VM itself.
- The Name should be the hostname of the VM, so e.g.
myservice. - Site and Cluster should be set. For Chaosknoten that would be IRZ42 and chaosknoten.
- The Proxmox VM ID should be set to the ID of the VM in Proxmox.
- All other options should be left as is.
- The Name should be the hostname of the VM, so e.g.
- Then add the interface of the VM to the newly created VM in NetBox by adding a component.
- The Name should be the name of the interface of the VM. Most likely net0.
- The Primary MAC Address should be set to the MAC address generated by Proxmox, which can be found in the Network Device configuration in Proxmox.
- 802.1Q Switching should be set appropriately. As we're using the v4-NAT network in this example, the 802.1Q Mode would be Access with the VLAN group being IRZ42 Intern and the Untagged VLAN being v4-NAT.
- All other options should be left as is.
- Finally assign the IP address created earlier in NetBox to the just created interface by going into the Assignment section of the IP address configuration.
- Also check Make this the primary IP for the device/VM while doing so.
- First add the VM itself.
Ansible
Next up the VM should be added to the Ansible configuration management. While Ansible can and should be used to configure various services and configuration options, this section focuses on the basic setup to be done.
- Setup SOPS for the new host.
- Add the VM to the inventory (e.g.
inventories/chaosknoten/hosts.yaml):- First add basic connection info. For our host in the v4-NAT network, this would look like this:
Adding the router as a jump host enables us to run Ansible on a v4-only connection.myservice: ansible_host: myservice.hosts.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de - Add the host to a base set of inventory groups for a base configuration:
base_config_hostsinfrastructure_authorized_keys_hostsansible_pull_hosts
- First add basic connection info. For our host in the v4-NAT network, this would look like this:
- Run a first Ansible playbook against the new host to apply the basic configuration:
ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l myservice
Feel free to commit at this point before continuing with further configuration.
Further Setup
With the basic configuration now done, the VM can be set up further. Here are some helpful pointers:
- Inventory variables for the host can be set in its host vars file, e.g.
inventories/chaosknoten/host_vars/myservice.yaml. - Secrets should be stored using SOPS, see: SOPS: Storing Secrets
- Guidance on setting up a web service can be found in the Web Service guide.
Afterward you should also take care of setting up monitoring for the newly configured service, see: Monitoring: Gatus