# windesheim-iac ### Setup ESXi Hypervisor 1. In Skylab request a new ESXi hypervisor with 4 cores and 16 gb of RAM. ![ESXi Request](images/skylab_ESXi_request.png) 2. Add a new dish with 50 gb of storage. ![New Disk](images/skylab_new_disk.png) >[!NOTE] >The hypervisor does not accept SSH connections yet, or incoming connections from the VPN Network. 3. Connect to the remote console of the ESXi hypervisor. 1. Press F2 to login. 2. Navigate to `Troubleshooting Options` → `Enable SSH`. 3. Restart Management Agents (under "Restart Management Network"). 4. From within a reachable VM on the VPN Network, SSH into the ESXi Hypervisor. (e.g. first SSH into `192.168.1.10`, then from that session SSH into `192.168.1.5`) 1. Enable incoming trafic from the VPN subnet: `esxcli network ip route ipv4 add --gateway=192.168.1.1 --network=10.0.0.0/24` 2. Enable this on startup: 1. `vi /etc/rc.local.d/local.sh` 2. Add just before the final `exit 0` line: `esxcli network ip route ipv4 add --gateway=192.168.1.1 --network=10.0.0.0/24` Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of the hypervisor is). 5. Add a new datastore: ![ESXi Data store](images/esxi_data_store.png) ### Setup Linux Development Environment 1. In Skylab request a new Ubuntu Server 24.04 machine. 2. Enable network access: 1. Gain access to the terminal in the new machine (similar to step 4.0 from the ESXi setup) 2. Edit the `/etc/netplan/99-netcfg-vmware.yaml` file to contain routes and nameservers: ``` network: version: 2 renderer: networkd ethernets: ens192: dhcp4: no dhcp6: no addresses: - 192.168.1.6/24 routes: - to: default via: 192.168.1.1 nameservers: addresses: - 192.168.1.1 ``` 3. `sudo netplan apply` 3. SSH Access: 1. Generate 3 SSH key pairs 1. `ssh-keygen -t ed25519 -f ~/.ssh/devhost` 2. `ssh-keygen -t ed25519 -f ~/.ssh/skylab` 3. `ssh-keygen -t ed25519 -f ~/.ssh/azure` 2. `cat ~/.ssh/devhost.pub >> ~/.ssh/authorized_keys` 3. `chmod 400 authorized_keys` 4. Copy the keys 1. Copy the content of devhost to a file on your local machine: `scp student@192.168.1.6:/home/student/.ssh/devhost D:/School/devhost` 2. Set the permissions of that file with Powershell as admin: 1. `icacls "D:\School\devhost" /inheritance:r` 2. `icacls "D:\School\devhost" /grant:r "$($env:USERNAME):(R)"` 3. Upload the `azure` public key to Azure: ![Upload Azure Public Key](images/azure_upload_ssh_key.png) 5. Now you can access the VM via VSCode: 1. Install the Remote Explorer extension. 2. Add this to your ssh config: ``` Host iac-devhost Hostname 192.168.1.6 User student IdentityFile D:/School/devhost ``` 3. Connect to the machine in VSCode: ![Connecting to ssh](images/vscode_connect_ssh.png) 6. Install deps: `sudo apt install git unzip curl sshpass` 7. Install OVFTool 1. `wget https://github.com/rgl/ovftool-binaries/raw/main/archive/VMware-ovftool-4.6.3-24031167-lin.x86_64.zip` 2. `unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip` 3. `sudo mv ovftool vmware-ovftool` 4. `sudo mv vmware-ovftool /usr/bin/` 5. `sudo chmod +x /usr/bin/vmware-ovftool/ovftool.bin` 6. `sudo chmod +x /usr/bin/vmware-ovftool/ovftool` 7. `sed -i '$ a\PATH=$PATH:/home/student/.local/bin:/usr/bin/vmware-ovftool' ~/.bashrc` 8. Install PIP and Ansible 1. `sudo apt-get update && sudo apt-get install -y gnupg software-properties-common python3-pip pipx` 2. `pipx ensurepath` 3. `pipx install --include-deps ansible` 4. `pipx install ansible-lint` 9. Install Terraform 1. `wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg` 2. `echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list` 3. `sudo apt-get update && sudo apt-get install terraform` 10. Install Azure CLI 1. `curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash` 2. Login with `az login` 3. Choose the `2 - HBO ICT` subscription ### Test Connection Run the following command and enter the password of the `root` user on the ESXi Hypervisor: `ansible -i '192.168.1.5,' -m ping all -u root -k` This will return a success message: ![Ansible ping success message](images/ansible_ping_success.png)