Chuck Nemeth

User Tools

Site Tools

Trace:
proxmox:kvm:kvm-automated

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
proxmox:kvm:kvm-automated [2020/05/27 21:50] – [CLI] chuckproxmox:kvm:kvm-automated [2021/11/10 06:58] (current) – ↷ Links adapted because of a move operation 173.245.52.212
Line 1: Line 1:
 ======Speedy KVM Creation====== ======Speedy KVM Creation======
-I created a special [[linux:distribution:debian:debian-10-preseed|Debian 10 preseed]] iso just for my Proxmox kvm machines. I can go from zero to ready to rock in under 10 minutes!+I created a special [[linux:distribution:debian:preseed:debian-10-preseed|Debian 10 preseed]] iso just for my Proxmox kvm machines. I can go from zero to ready to rock in under 10 minutes!
  
 ---- ----
Line 7: Line 7:
 The preseeded iso starts automatically, installs a few key packages, sets vim as my default editor and copies my ssh public key to my authorized_keys file so I can run the Ansible playbook right after install. The preseeded iso starts automatically, installs a few key packages, sets vim as my default editor and copies my ssh public key to my authorized_keys file so I can run the Ansible playbook right after install.
  
-  * I created the preseed file then added it to the ISO using my [[:linux:distribution:debian:debian-10-preseed#zero-interaction|Zero Interaction]] method.+  * I created the preseed file then added it to the ISO using my [[linux:distribution:debian:preseed:debian-10-preseed#zero-interaction|Zero Interaction]] method.
   * https://gitlab.com/preseed/preseed-kvm/-/blob/da3402a1f9331fd23816703f62057091b7a36045/preseed.cfg   * https://gitlab.com/preseed/preseed-kvm/-/blob/da3402a1f9331fd23816703f62057091b7a36045/preseed.cfg
  
Line 15: Line 15:
 I created a small playbook to configure the system for me so it's set up the way I like. I created a small playbook to configure the system for me so it's set up the way I like.
  
 +  * https://gitlab.com/ansible9/ansible-kvm/-/blob/master/basic_kvm.yml
   * Run it like so:<code>   * Run it like so:<code>
-ansible-playbook -v -b --ask-become-pass -i xxx.xxx.xxx.xxx, ansible.yml+ansible-playbook -v -b --ask-become-pass -i xxx.xxx.xxx.xxx, basic_kvm.yml
 </code> </code>
-  * The file: <file ansible kvm_init.yml> 
---- 
-- name: Initialize KVM VM 
-  hosts: all 
-  vars: 
-    admin_user: chuck 
-    admin_group: chuck 
-  tasks: 
-    - name: Create ssh-user group 
-      group: 
-        name: ssh-user 
-        gid: 1010 
-        state: present 
  
-    - name: Add {{ admin_user }} to ssh-user group 
-      user: 
-        name: "{{ admin_user }}" 
-        groups: ssh-user 
-        append: yes 
-        
-    - name: Create dotfiles directory 
-      become: yes 
-      become_user: "{{ admin_user }}" 
-      file: 
-        path: "/home/{{ admin_user }}/.dotfiles" 
-        owner: "{{ admin_user }}" 
-        group: "{{ admin_group }}" 
-        state: directory 
-        mode: '0755' 
  
-    name: Delete default dotfiles +----
-      become: yes +
-      become_user: "{{ admin_user }}" +
-      file: +
-        path: "/home/{{ admin_user }}/{{ item }}" +
-        state: absent +
-      with_items: +
-        .bashrc +
-        .bash_profile +
-        .bash_logout+
  
-    - name: Clone dotfiles +=====Configure pfSense===== 
-      become: yes +If it's a VM that I plan on keeping around for a whileI'll give it a static IP address in pfSense before installing DebianThe preseed will use the hostname I assigned it in pfSense as the system hostname when configuring the network via DHCP
-      become_user: "{{ admin_user }}" +
-      git: +
-        repo: "{{ item.repo }}" +
-        dest: "/home/{{ admin_user }}/.dotfiles/{{ item.name }}" +
-      loop: +
-        - { name: 'bash', repo: 'https://gitlab.com/dotfiles1/dotfiles-bash.git' } +
-        - { name: 'screen', repo: 'https://gitlab.com/dotfiles1/dotfiles-screen.git' }  +
-        - { name: 'vim', repo: 'https://gitlab.com/dotfiles1/dotfiles-vim.git'+
-        - { name: 'git', repo: 'https://gitlab.com/dotfiles1/dotfiles-git.git'+
-        - { name: 'motd', repo: 'https://gitlab.com/dotfiles1/dotfiles-motd.git' }+
  
-    - name: Stow dotfiles +Otherwise, the system's hostname will be set as //hostname// and it will be assigned an ip address outside of the 'reservedaddresses for the vlan I added it to.
-      become: yes +
-      become_user: "{{ admin_user }}" +
-      command: stow "{{ item }}" +
-      args: +
-        chdir: "/home/{{ admin_user }}/.dotfiles" +
-      loop:  +
-        - bash +
-        - git +
-        - screen +
-        - vim +
- +
-    - name: Install MOTD +
-      become: yes +
-      copy: +
-        src: "/home/{{ admin_user }}/.dotfiles/motd/{{ item }}" +
-        dest: "/etc/update-motd.d/{{ item }}" +
-        remote_src: yes +
-        owner: root +
-        group: root +
-        mode: 0755 +
-      loop: +
-        - 10-uname +
-        - 20-sysinfo +
-        - 90-fortune +
- +
-    - name: Set PAM motd +
-      become: yes +
-      lineinfile: +
-        backup: yes +
-        path: /etc/pam.d/sshd +
-        regexp: 'noupdate$' +
-        line: '#session    optional      pam_motd.so noupdate' +
- +
-    - name: Disable password ssh +
-      become: yes +
-      lineinfile: +
-        path: /etc/ssh/sshd_config +
-        regexp: "#PasswordAuthenticaiton yes" +
-        line: "PasswordAuthentication no" +
- +
-    - name: Restrict ssh to ssh-user group +
-      become: yes +
-      blockinfile: +
-        path: /etc/ssh/sshd_config +
-        block: "AllowGroups ssh-user" +
- +
-    - name: Add {{ admin_user }} to /etc/security/access.conf +
-      become: yes +
-      blockinfile: +
-        path: /etc/security/access.conf +
-        block: '+:{{ admin_user }}:ALL' +
- +
-    - name: Configure PAM +
-      become: yes +
-      lineinfile: +
-        path: /etc/pam.d/sshd +
-        regexp: 'pam_access.so$' +
-        line: 'account required    pam_access.so' +
-</file>+
  
 ---- ----
- 
 =====Create a VM===== =====Create a VM=====
 ====GUI==== ====GUI====
Line 148: Line 42:
  
 ====CLI==== ====CLI====
-  * ssh into Proxmox +  * ssh into Proxmox:<code> 
-  * The iso's on my system are located at ''%%/media/sas/data/template/iso%%'' so you could scp them there (or wherever they are stored on your system) if you don't want to use the gui.+ssh user@proxmox 
 +</code> 
 +  * The iso's on my system are located at ''%%/media/sas/data/template/iso%%''. Use your favorite file transfer method to get the iso file there (or the iso storage location on your system).
   * List current VMs:<code>   * List current VMs:<code>
 sudo qm list</code> sudo qm list</code>
   * Pick a free vmid and create a new VM with your preferred settings:<code>   * Pick a free vmid and create a new VM with your preferred settings:<code>
 sudo qm create 150 --cdrom sas-storage:iso/preseed-debian-10.4.iso \ sudo qm create 150 --cdrom sas-storage:iso/preseed-debian-10.4.iso \
---name preseed --numa 0 --ostype l26 \ +  --name preseed --numa 0 --ostype l26 \ 
---cpu cputype=host --cores 2 --sockets 2 \ +  --cpu cputype=host --cores 2 --sockets 2 \ 
---memory 4096  \ +  --memory 4096  \ 
---net0 bridge=vmbr90,virtio \ +  --net0 bridge=vmbr90,virtio \ 
---bootdisk scsi0 --scsihw virtio-scsi-pci --scsi0 file=ssd-lvm:32 \ +  --bootdisk scsi0 --scsihw virtio-scsi-pci --scsi0 file=ssd-lvm:32 \ 
---serial0 socket --vga qxl --audio0 device=ich9-intel-hda,driver=spice+  --serial0 socket --vga qxl --audio0 device=ich9-intel-hda,driver=spice 
 + 
 +# I'll add macaddr=XX:XX:XX:XX:XX:XX to the --net0 section if I want to pre-configure the ip in pfSense beforehand.
 </code> </code>
   * Start the vm:<code>   * Start the vm:<code>
Line 165: Line 63:
 </code> </code>
   * Wait for it to complete.   * Wait for it to complete.
 +  * Run the ansible playbook.
 +  * Enjoy!
 +  * See ''%%man qm%%'' for more info
  
 ---- ----
proxmox/kvm/kvm-automated.1590616220.txt.gz · Last modified: by chuck