CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions
ansible-infra/docs/guides/create-a-new-vm-on-chaosknoten.md
lilly dd48a9d519
Some checks failed
/ Ansible Lint (push) Successful in 2m36s
Details
/ build (push) Failing after 2m37s
Details
bring guide about new chaosknoten VMs into doc structure
2026-05-24 00:27:23 +02:00

6.1 KiB
Raw Blame History

title
Create a new VM on Chaosknoten

!!! success "Goal"

Create a new VM on our Chaosknoten Server with DNS Name, Firewalling and network config.

1. Reserve an IP Address

Decide on what kind of network configuration the VM needs. In this guide we assume a public v6 and a non-public v4 in the v4-NAT network. If you have special requirements, refer to TODO for more information on the different kinds of networks available on Chaosknoten.

  1. Allocate a fresh v6 in NetBox in the v4-NAT v6-network.
    • The hostname should be the full FQDN, like: myservice.hosts.hamburg.ccc.de

2. Configure DNS

  1. Add a new AAAA record pointing to the chosen v6 to the hamburg.ccc.de zone.
    It should look something like this:
myservice.hosts IN AAAA 2a00:14b0:42:102::ff
  1. Run the Ansible playbook for the auth-dns host to publish the new DNS entry:
ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l auth-dns -t knot

3. Create A VM in Proxmox

Now that we have a v6, let's create a new VM on Chaosknoten.

  1. Clone the chaos-debian-XX-tmpl-YYYY-MM-DD template with ID 9023.
    • The Name should be the hostname used earlier, e.g. myservice.
    • The Mode should be set to Full Clone and the Target Storage to nvme0.
    • All other settings should be left as is.
  2. Once cloned, edit the VM settings as follows:
    • The network interface for the VM should already be configured to use bridge vmbr0 with VLAN tag 2, which is the correct configuration for the v4-NAT network used in this example.
      For other networks, other bridges or VLANs should be used.
    • If there isn't a good reason to not do so, enable the Proxmox firewall for the VM. Firewall security groups exist for various common use cases to make the firewall configuration fast and easy.
    • In the Cloud-init section, set the chosen static v6 with its gateway. As we're using the v4-NAT network in this example, the gateway would be 2a00:14b0:42:102::1.
      For other networks, different network configuration must be set.
    • In the Options section, set Start at Boot to Yes.
    • Optionally configure other VM parameters.
      Especially the Memory, Processors and Hard Disk options might be of interest.
  3. Next start up the VM.
    • Once it has an IP, you should be able to SSH into it using the hostname used in the DNS entry earlier (e.g. myservice.hosts.hamburg.ccc.de): 
      ssh chaos@myservice.hosts.hamburg.ccc.de
      Or if no v6 connectivity is available: 
      ssh -J chaos@router.hamburg.ccc.de chaos@myservice.hosts.hamburg.ccc.de

4. Enter VM into NetBox

  1. Finally add the VM to NetBox
    1. First add the VM itself.
      • The Name should be the hostname of the VM, so e.g. myservice.
      • Site and Cluster should be set. For Chaosknoten that would be IRZ42 and chaosknoten.
      • The Proxmox VM ID should be set to the ID of the VM in Proxmox.
      • All other options should be left as is.
    2. Then add the interface of the VM to the newly created VM in NetBox by adding a component.
      • The Name should be the name of the interface of the VM. Most likely net0.
      • The Primary MAC Address should be set to the MAC address generated by Proxmox, which can be found in the Network Device configuration in Proxmox.
      • 802.1Q Switching should be set appropriately. As we're using the v4-NAT network in this example, the 802.1Q Mode would be Access with the VLAN group being IRZ42 Intern and the Untagged VLAN being v4-NAT.
      • All other options should be left as is.
    3. Finally assign the IP address created earlier in NetBox to the just created interface by going into the Assignment section of the IP address configuration.
      • Also check Make this the primary IP for the device/VM while doing so.

5. Enroll the VM in ansible

Next up the VM should be added to the Ansible configuration management. While Ansible can and should be used to configure various services and configuration options, this section focuses on the basic setup to be done.

  1. Setup SOPS for the new host.
  2. Add the VM to the inventory (e.g. inventories/chaosknoten/hosts.yaml):
    1. First add basic connection info. For our host in the v4-NAT network, this would look like this: 
      myservice:
  ansible_host: myservice.hosts.hamburg.ccc.de
  ansible_user: chaos
  ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de
      Adding the router as a jump host enables us to run Ansible on a v4-only connection.
    2. Add the host to a base set of inventory groups for a base configuration:
      • base_config_hosts
      • infrastructure_authorized_keys_hosts
      • ansible_pull_hosts
  3. Run a first Ansible playbook against the new host to apply the basic configuration: 
    ansible-playbook -i inventories/chaosknoten playbooks/deploy.yaml -l myservice

Feel free to commit at this point before continuing with further configuration.

6. Configure the VM further for your needs

With the basic configuration now done, the VM can be set up further. Here are some helpful pointers:

  • Inventory variables for the host can be set in its host vars file, e.g. inventories/chaosknoten/host_vars/myservice.yaml.
  • Secrets should be stored using SOPS, see: SOPS: Storing Secrets
  • Guidance on setting up a web service can be found in the Web Service guide.

Afterward you should also take care of setting up monitoring for the newly configured service, see: Monitor a new service with Gatus.

Closing Up

This section is optional but if there's any way for the reader to verify their goal has been achieved, you should mention it here.