Tanked Server Information

User Tools

Site Tools

You are here: start » VM Provisioning with Kickstart and Dynamic Configuration
Trace: VM Provisioning with Kickstart and Dynamic Configuration
Error loading plugin mermaid
ParseError: syntax error, unexpected '=>' (T_DOUBLE_ARROW)
More info is available in the error log.
start_new_kickstart

This is an old revision of the document!

Table of Contents

VM Provisioning with Kickstart and Dynamic Configuration

This page describes the full workflow for automated CentOS VM or bare-metal provisioning using Kickstart and JSON configuration files hosted in Gitea.

Overview

The system automatically:

  • Installs CentOS from ISO or network.
  • Creates users dynamically from a `users.json` file.
  • Configures SSH dynamically from a `ssh.json` file (port, authentication, allowed users).
  • Clones and executes VM scripts (`buildvm.sh`) from a Gitea repository.
  • Supports both test and production deployments.

Configuration files are hosted in: 

https://config.tombstones.org.uk:23000/tombstones/vm-scripts/

Repository Layout

vm-scripts/

JSON Configuration

  • users.json* example:
  [
    {
      "username": "vms",
      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...",
      "password": "$6$abcd1234$..."
    },
    {
      "username": "darren",
      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."
    }
  ]
  • ssh.json* example:
  {
    "port": 22022,
    "password_authentication": "no",
    "permit_root_login": "no",
    "allow_users": ["vms", "darren"]
  }

graph TD A[Boot VM / Bare-Metal Host] --> B[Kickstart ISO / Network Boot] B --> C[%pre & %packages] C --> D[%post Section] D --> E[Download users.json from Gitea] D --> F[Download ssh.json from Gitea] E --> G[Create users dynamically] F --> H[Configure SSH server (port, auth, allow_users)] G --> I[Clone VM scripts repo (buildvm.sh) for vms user] H --> I I --> J[Run buildvm.sh] J --> K[VM Deployment Complete] K --> L[Test SSH login, verify scripts, logs]

Workflow Diagram

+—————————-+

Boot VM / Bare-Metal Host

+————+—————+

Kickstart ISO / Network Boot

+————+——————+

%pre & %packages
(curl, jq, git, SSH)

+————+———+

%post Section

+————+———+

Download users.json —>Create users dynamically

+—————————+ +———————–+

Download ssh.json —>Configure SSH server

+—————————+ +———————–+

Clone VM scripts repo (vms)

+———————————-+

Run buildvm.sh

+————————+

VM Deployment Complete

+————————+

Test SSH login, verify scripts
and logs

+——————————-+

Preparation Steps

1. Log into the VM (or bare-metal host) as root. 2. Create a `prepare-vm.sh` script: 

  #!/bin/bash
  yum update -y
  yum install -y curl jq git openssh-server sudo vim
  systemctl enable --now sshd
  iptables -I INPUT -p tcp --dport 22022 -j ACCEPT
  setenforce 0
  sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
  if ! id vms &>/dev/null; then
      useradd -m -s /bin/bash vms
      echo "vms:Password123" | chpasswd
      echo "vms ALL=(ALL) NOPASSWD:ALL"> /etc/sudoers.d/vms
      chmod 440 /etc/sudoers.d/vms
  fi

3. Make it executable and run: 

  chmod +x /root/prepare-vm.sh
  sudo /root/prepare-vm.sh

4. Verify package installation and SSH: 

  curl --version
  jq --version
  git --version
  sshd -T | grep port
  id vms

5. Verify network access to Gitea: 

  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/users.json
  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ssh.json

Kickstart Deployment

Boot the VM using the CentOS ISO and pass the Kickstart URL: 

  linux inst.ks=https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ks.cfg

The Kickstart `%post` section will:

  • Download `users.json` and `ssh.json`.
  • Create Linux users dynamically.
  • Configure SSH server according to JSON settings.
  • Clone `buildvm.sh` repo for `vms`.
  • Run `buildvm.sh` to complete VM provisioning.

Check logs in `/root/ks-post.log` if needed.

Post-Deployment

1. SSH into the new VM: 

  ssh -p 22022 vms@2. Verify the `vms` home directory contains the cloned scripts:

  ls /home/vms/vm-scripts

3. Confirm users exist and have proper SSH access.

Notes

* JSON-driven configuration allows dynamic management of users and SSH without modifying Kickstart. * Firewall and SELinux adjustments are handled in `prepare-vm.sh`. * Test in a VM before deploying on bare-metal. * Update JSON files in Gitea to manage changes dynamically.

JSON Configuration Reference

FileKeyPurposeExample
users.jsonusernameLinux account to create"vms"
users.jsonssh_keyPublic SSH key for user login"ssh-rsa AAAAB3Nza…"
users.jsonpasswordOptional hashed password"$6$abcd1234$…"
ssh.json portSSH server listening port22022
ssh.json password_authenticationEnable/disable password login"no"
ssh.json permit_root_loginAllow root login via SSH"no"
ssh.json allow_usersList of users allowed to log in via SSH["vms","darren"]
/var/www/wiki.darrenwindle.co.uk/public_html/data/attic/start_new_kickstart.1756648849.txt.gz · Last modified: 2025/08/31 15:00 by Darren
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki