Tanked Server Information

User Tools

Site Tools

You are here: start » VM Provisioning with Kickstart and Dynamic Configuration
Trace:
Error loading plugin mermaid
ParseError: syntax error, unexpected '=>' (T_DOUBLE_ARROW)
More info is available in the error log.
start_new_kickstart

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
start_new_kickstart [2025/08/31 14:52] – created Darrenstart_new_kickstart [2025/08/31 15:04] (current) Darren
Line 3: Line 3:
 This page describes the full workflow for automated CentOS VM or bare-metal provisioning using Kickstart and JSON configuration files hosted in Gitea. This page describes the full workflow for automated CentOS VM or bare-metal provisioning using Kickstart and JSON configuration files hosted in Gitea.
  
----+
  
 ===== Overview ===== ===== Overview =====
Line 17: Line 17:
 Configuration files are hosted in: Configuration files are hosted in:
  
-  https://config.tombstones.org.uk:23000/tombstones/vm-scripts/+<code> 
 +https://config.tombstones.org.uk:23000/tombstones/vm-scripts/
  
----+</code> 
 + 
 +
  
 ===== Repository Layout ===== ===== Repository Layout =====
  
-  vm-scripts/ +<code> 
-|-- ks.cfg   # Kickstart file +vm-scripts/
-|-- buildvm.sh      # Script to deploy VMs +
-|-- users.json      # List of users and SSH keys +
-|-- ssh.json        # SSH server configuration +
-|-- other-scripts/  # Optional additional scripts+
  
----+</code>
  
-===== JSON Configuration =====+|
  
-  *users.json* example:+
 +
 +
 +|
  
-    [ +
-      { +
-        "username": "vms", +
-        "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...", +
-        "password": "$6$abcd1234$..." +
-      }, +
-      { +
-        "username": "darren", +
-        "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..." +
-      } +
-    ]+
  
-  *ssh.json* example:+===== JSON Configuration =====
  
 +  * users.json* example:
 +<code>
 +
 +  [
     {     {
-      "port": 22022+      "username": "vms"
-      "password_authentication": "no", +      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...", 
-      "permit_root_login": "no", +      "password": "$6$abcd1234$..." 
-      "allow_users": ["vms", "darren"]+    }, 
 +    { 
 +      "username": "darren", 
 +      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."
     }     }
 +  ]
 +
 +</code>
 +
 +  * ssh.json* example:
 +
 +<code>
 +  {
 +    "port": 22022,
 +    "password_authentication": "no",
 +    "permit_root_login": "no",
 +    "allow_users": ["vms", "darren"]
 +  }
 +
 +</code>
 +
 +
  
---- 
  
 ===== Workflow Diagram ===== ===== Workflow Diagram =====
  
-+----------------------------+ ++—————————-+ 
-| Boot VM / Bare-Metal Host  | + 
-+------------+---------------+|Boot VM / Bare-Metal Host  | 
-| + 
-             v ++————+—————+ 
-+-------------------------------+ + 
-| Kickstart ISO / Network Boot   +| 
-+------------+------------------+|Kickstart ISO / Network Boot  | 
-| + 
-             v ++————+——————+ 
-+----------------------+ + 
-| %pre & %packages     +| 
-| (curl, jq, git, SSH) | +|%pre & %packages  
-+------------+---------+|(curl, jq, git, SSH)| 
-| + 
-             v ++————+———+ 
-+----------------------+ + 
-| %post Section        +| 
-+------------+---------+|%post Section  | 
-| + 
-             v ++————+———+ 
-+---------------------------+      +-----------------------+ + 
-| Download users.json       ---> | Create users dynamically | +| | | 
-+---------------------------     +-----------------------+|Download users.json  |>|Create users dynamically| 
-| + 
-             v ++—————————+ +———————–+ 
-+---------------------------+      +-----------------------+ + 
-| Download ssh.json         ---> | Configure SSH server   +| | | 
-+---------------------------     +-----------------------+|Download ssh.json  |>|Configure SSH server  | 
-                      | + 
-             +-----------------------+ ++—————————+ +———————–+ 
-             v + 
-+----------------------------------+ +  
-| Clone VM scripts repo (vms)      +|Clone VM scripts repo (vms)  | 
-+----------------------------------+ + 
-| ++———————————-+ 
-             v + 
-+------------------------+ +
-| Run buildvm.sh         +|Run buildvm.sh  | 
-+------------------------+ 
-| ++————————
-             v + 
-+------------------------+ +
-| VM Deployment Complete | +|VM Deployment Complete| 
-+------------------------+ 
-| ++————————
-             v + 
-+-------------------------------+ +
-| Test SSH login, verify scripts| +|Test SSH login, verify scripts| 
-| and logs                      +|and logs  | 
-+-------------------------------++ 
 ++——————————-+ 
 + 
 +— 
  
---- 
  
 ===== Preparation Steps ===== ===== Preparation Steps =====
  
-1. Log into the VM (or bare-metal host) as root. +1. Log into the VM (or bare-metal host) as root. 2. Create a `prepare-vm.sh` script: 
-2. Create a `prepare-vm.sh` script:+<code>
  
-    #!/bin/bash +  #!/bin/bash 
-    yum update -y +  yum update -y 
-    yum install -y curl jq git openssh-server sudo vim +  yum install -y curl jq git openssh-server sudo vim 
-    systemctl enable --now sshd +  systemctl enable --now sshd 
-    iptables -I INPUT -p tcp --dport 22022 -j ACCEPT +  iptables -I INPUT -p tcp --dport 22022 -j ACCEPT 
-    setenforce 0 +  setenforce 0 
-    sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config +  sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 
-    if ! id vms &>/dev/null; then +  if ! id vms &>/dev/null; then 
-        useradd -m -s /bin/bash vms +      useradd -m -s /bin/bash vms 
-        echo "vms:Password123" | chpasswd +      echo "vms:Password123" | chpasswd 
-        echo "vms ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vms +      echo "vms ALL=(ALL) NOPASSWD:ALL"> /etc/sudoers.d/vms 
-        chmod 440 /etc/sudoers.d/vms +      chmod 440 /etc/sudoers.d/vms 
-    fi+  fi 
 + 
 +</code>
  
 3. Make it executable and run: 3. Make it executable and run:
 +<code>
  
-    chmod +x /root/prepare-vm.sh +  chmod +x /root/prepare-vm.sh 
-    sudo /root/prepare-vm.sh+  sudo /root/prepare-vm.sh 
 + 
 +</code>
  
 4. Verify package installation and SSH: 4. Verify package installation and SSH:
  
-    curl --version +<code> 
-    jq --version +  curl --version 
-    git --version +  jq --version 
-    sshd -T | grep port +  git --version 
-    id vms+  sshd -T | grep port 
 +  id vms 
 + 
 +</code>
  
 5. Verify network access to Gitea: 5. Verify network access to Gitea:
 +<code>
  
-    curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/users.json +  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/users.json 
-    curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ssh.json+  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ssh.json
  
----+</code> 
 + 
 +
  
 ===== Kickstart Deployment ===== ===== Kickstart Deployment =====
Line 158: Line 187:
 Boot the VM using the CentOS ISO and pass the Kickstart URL: Boot the VM using the CentOS ISO and pass the Kickstart URL:
  
-    linux inst.ks=https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ks.cfg+<code> 
 +  linux inst.ks=https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ks.cfg 
 + 
 +</code>
  
 The Kickstart `%post` section will: The Kickstart `%post` section will:
Line 170: Line 202:
 Check logs in `/root/ks-post.log` if needed. Check logs in `/root/ks-post.log` if needed.
  
----+
  
 ===== Post-Deployment ===== ===== Post-Deployment =====
Line 176: Line 208:
 1. SSH into the new VM: 1. SSH into the new VM:
  
-    ssh -p 22022 vms@2. Verify the `vms` home directory contains the cloned scripts:+<code> 
 +  ssh -p 22022 vms@2. Verify the `vms` home directory contains the cloned scripts: 
 + 
 +</code> 
 + 
 +<code> 
 +  ls /home/vms/vm-scripts
  
-    ls /home/vms/vm-scripts+</code>
  
 3. Confirm users exist and have proper SSH access. 3. Confirm users exist and have proper SSH access.
  
----+
  
 ===== Notes ===== ===== Notes =====
  
-* JSON-driven configuration allows dynamic management of users and SSH without modifying Kickstart. +* JSON-driven configuration allows dynamic management of users and SSH without modifying Kickstart. * Firewall and SELinux adjustments are handled in `prepare-vm.sh`. * Test in a VM before deploying on bare-metal. * Update JSON files in Gitea to manage changes dynamically.
-* Firewall and SELinux adjustments are handled in `prepare-vm.sh`. +
-* Test in a VM before deploying on bare-metal. +
-* Update JSON files in Gitea to manage changes dynamically.+
  
 ===== JSON Configuration Reference ===== ===== JSON Configuration Reference =====
  
-^ File ^ Key ^ Purpose ^ Example ^ +^File^Key^Purpose^Example| 
-| users.json | username | Linux account to create | "vms"+|users.json|username|Linux account to create|"vms"
-| users.json | ssh_key | Public SSH key for user login | "ssh-rsa AAAAB3Nza..." | +|users.json|ssh_key|Public SSH key for user login|"ssh-rsa AAAAB3Nza"| 
-| users.json | password | Optional hashed password | "$6$abcd1234$..." | +|users.json|password|Optional hashed password|"$6$abcd1234$"| 
-| ssh.json   | port | SSH server listening port | 22022 | +|ssh.json  |port|SSH server listening port|22022| 
-| ssh.json   | password_authentication | Enable/disable password login | "no"+|ssh.json  |password_authentication|Enable/disable password login|"no"
-| ssh.json   | permit_root_login | Allow root login via SSH | "no"+|ssh.json  |permit_root_login|Allow root login via SSH|"no"
-| ssh.json   | allow_users | List of users allowed to log in via SSH | ["vms","darren"] |+|ssh.json  |allow_users|List of users allowed to log in via SSH|["vms","darren"]|
  
  
/var/www/wiki.darrenwindle.co.uk/public_html/data/attic/start_new_kickstart.1756648328.txt.gz · Last modified: 2025/08/31 14:52 by Darren
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki