VM Provisioning with Kickstart and Dynamic Configuration

This page describes the full workflow for automated CentOS VM or bare-metal provisioning using Kickstart and JSON configuration files hosted in Gitea.

—

Overview

The system automatically:

Installs CentOS from ISO or network.
Creates users dynamically from a `users.json` file.
Configures SSH dynamically from a `ssh.json` file (port, authentication, allowed users).
Clones and executes VM scripts (`buildvm.sh`) from a Gitea repository.
Supports both test and production deployments.

Configuration files are hosted in:

https://config.tombstones.org.uk:23000/tombstones/vm-scripts/

—

Repository Layout

vm-scripts/

—

JSON Configuration

users.json* example:

  [
    {
      "username": "vms",
      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...",
      "password": "$6$abcd1234$..."
    },
    {
      "username": "darren",
      "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."
    }
  ]

ssh.json* example:

  {
    "port": 22022,
    "password_authentication": "no",
    "permit_root_login": "no",
    "allow_users": ["vms", "darren"]
  }

—

Workflow Diagram

+—————————-+

Boot VM / Bare-Metal Host

+————+—————+

Kickstart ISO / Network Boot

+————+——————+

%pre & %packages

(curl, jq, git, SSH)

+————+———+

%post Section

+————+———+


Download users.json	—>	Create users dynamically

+—————————+ +———————–+


Download ssh.json	—>	Configure SSH server

+—————————+ +———————–+

Clone VM scripts repo (vms)

+———————————-+

Run buildvm.sh

+————————+

VM Deployment Complete

+————————+

Test SSH login, verify scripts

and logs

+——————————-+

—

Preparation Steps

1. Log into the VM (or bare-metal host) as root. 2. Create a `prepare-vm.sh` script:

  #!/bin/bash
  yum update -y
  yum install -y curl jq git openssh-server sudo vim
  systemctl enable --now sshd
  iptables -I INPUT -p tcp --dport 22022 -j ACCEPT
  setenforce 0
  sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
  if ! id vms &>/dev/null; then
      useradd -m -s /bin/bash vms
      echo "vms:Password123" | chpasswd
      echo "vms ALL=(ALL) NOPASSWD:ALL"> /etc/sudoers.d/vms
      chmod 440 /etc/sudoers.d/vms
  fi

3. Make it executable and run:

  chmod +x /root/prepare-vm.sh
  sudo /root/prepare-vm.sh

4. Verify package installation and SSH:

  curl --version
  jq --version
  git --version
  sshd -T | grep port
  id vms

5. Verify network access to Gitea:

  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/users.json
  curl -I https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ssh.json

—

Kickstart Deployment

Boot the VM using the CentOS ISO and pass the Kickstart URL:

  linux inst.ks=https://config.tombstones.org.uk:23000/tombstones/vm-scripts/ks.cfg

The Kickstart `%post` section will:

Download `users.json` and `ssh.json`.
Create Linux users dynamically.
Configure SSH server according to JSON settings.
Clone `buildvm.sh` repo for `vms`.
Run `buildvm.sh` to complete VM provisioning.

Check logs in `/root/ks-post.log` if needed.

—

Post-Deployment

1. SSH into the new VM:

  ssh -p 22022 vms@2. Verify the `vms` home directory contains the cloned scripts:

  ls /home/vms/vm-scripts

3. Confirm users exist and have proper SSH access.

—

Notes

* JSON-driven configuration allows dynamic management of users and SSH without modifying Kickstart. * Firewall and SELinux adjustments are handled in `prepare-vm.sh`. * Test in a VM before deploying on bare-metal. * Update JSON files in Gitea to manage changes dynamically.

JSON Configuration Reference

File	Key	Purpose	Example
users.json	username	Linux account to create	"vms"
users.json	ssh_key	Public SSH key for user login	"ssh-rsa AAAAB3Nza…"
users.json	password	Optional hashed password	"$6$abcd1234$…"
ssh.json	port	SSH server listening port	22022
ssh.json	password_authentication	Enable/disable password login	"no"
ssh.json	permit_root_login	Allow root login via SSH	"no"
ssh.json	allow_users	List of users allowed to log in via SSH	["vms","darren"]

Tanked Server Information

Table of Contents