====== VM Provisioning with Kickstart and Dynamic Configuration ======
This page describes the full workflow for automated CentOS VM or bare-metal provisioning using Kickstart and JSON configuration files hosted in Gitea.
—
===== Overview =====
The system automatically:
* Installs CentOS from ISO or network.
* Creates users dynamically from a `users.json` file.
* Configures SSH dynamically from a `ssh.json` file (port, authentication, allowed users).
* Clones and executes VM scripts (`buildvm.sh`) from a Gitea repository.
* Supports both test and production deployments.
Configuration files are hosted in:
https://config.tombstones.org.uk:23000/tombstones/vm-scripts/
—
===== Repository Layout =====
vm-scripts/
|
|
|
|
|
—
===== JSON Configuration =====
* users.json* example:
[
{
"username": "vms",
"ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...",
"password": "$6$abcd1234$..."
},
{
"username": "darren",
"ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."
}
]
* ssh.json* example:
{
"port": 22022,
"password_authentication": "no",
"permit_root_login": "no",
"allow_users": ["vms", "darren"]
}
—
===== Workflow Diagram =====
+—————————-+
|Boot VM / Bare-Metal Host |
+————+—————+
| |
|Kickstart ISO / Network Boot |
+————+——————+
| |
|%pre & %packages |
|(curl, jq, git, SSH)|
+————+———+
| |
|%post Section |
+————+———+
| | | |
|Download users.json |—>|Create users dynamically|
+—————————+ +———————–+
| | | |
|Download ssh.json |—>|Configure SSH server |
+—————————+ +———————–+
| |
|Clone VM scripts repo (vms) |
+———————————-+
| |
|Run buildvm.sh |
+————————+
| |
|VM Deployment Complete|
+————————+
| |
|Test SSH login, verify scripts|
|and logs |
+——————————-+
—
===== Preparation Steps =====
1. Log into the VM (or bare-metal host) as root. 2. Create a `prepare-vm.sh` script:
#!/bin/bash
yum update -y
yum install -y curl jq git openssh-server sudo vim
systemctl enable --now sshd
iptables -I INPUT -p tcp --dport 22022 -j ACCEPT
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
if ! id vms &>/dev/null; then
useradd -m -s /bin/bash vms
echo "vms:Password123" | chpasswd
echo "vms ALL=(ALL) NOPASSWD:ALL"> /etc/sudoers.d/vms
chmod 440 /etc/sudoers.d/vms
fi
3. Make it executable and run:
chmod +x /root/prepare-vm.sh
sudo /root/prepare-vm.sh
4. Verify package installation and SSH:
curl --version
jq --version
git --version
sshd -T | grep port
id vms
5. Verify network access to Gitea:
curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/users.json
curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ssh.json
—
===== Kickstart Deployment =====
Boot the VM using the CentOS ISO and pass the Kickstart URL:
linux inst.ks=https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ks.cfg
The Kickstart `%post` section will:
* Download `users.json` and `ssh.json`.
* Create Linux users dynamically.
* Configure SSH server according to JSON settings.
* Clone `buildvm.sh` repo for `vms`.
* Run `buildvm.sh` to complete VM provisioning.
Check logs in `/root/ks-post.log` if needed.
—
===== Post-Deployment =====
1. SSH into the new VM:
ssh -p 22022 vms@2. Verify the `vms` home directory contains the cloned scripts:
ls /home/vms/vm-scripts
3. Confirm users exist and have proper SSH access.
—
===== Notes =====
* JSON-driven configuration allows dynamic management of users and SSH without modifying Kickstart. * Firewall and SELinux adjustments are handled in `prepare-vm.sh`. * Test in a VM before deploying on bare-metal. * Update JSON files in Gitea to manage changes dynamically.
===== JSON Configuration Reference =====
^File^Key^Purpose^Example|
|users.json|username|Linux account to create|"vms"|
|users.json|ssh_key|Public SSH key for user login|"ssh-rsa AAAAB3Nza…"|
|users.json|password|Optional hashed password|"$6$abcd1234$…"|
|ssh.json |port|SSH server listening port|22022|
|ssh.json |password_authentication|Enable/disable password login|"no"|
|ssh.json |permit_root_login|Allow root login via SSH|"no"|
|ssh.json |allow_users|List of users allowed to log in via SSH|["vms","darren"]|