114 lines
4.5 KiB
Markdown
114 lines
4.5 KiB
Markdown
# windesheim-iac
|
|
|
|
### Setup ESXi Hypervisor
|
|
|
|
1. In Skylab request a new ESXi hypervisor with 4 cores and 16 gb of RAM.
|
|
|
|

|
|
|
|
2. Add a new dish with 50 gb of storage.
|
|
|
|

|
|
|
|
>[!NOTE]
|
|
>The hypervisor does not accept SSH connections yet, or incoming connections from the VPN Network.
|
|
|
|
3. Connect to the remote console of the ESXi hypervisor.
|
|
1. Press F2 to login.
|
|
2. Navigate to `Troubleshooting Options` → `Enable SSH`.
|
|
3. Restart Management Agents (under "Restart Management Network").
|
|
4. From within a reachable VM on the VPN Network, SSH into the ESXi Hypervisor. (e.g. first SSH into `192.168.1.10`, then from that session SSH into `192.168.1.5`)
|
|
1. Enable incoming trafic from the VPN subnet: `esxcli network ip route ipv4 add --gateway=192.168.1.1 --network=10.0.0.0/24`
|
|
2. Enable this on startup:
|
|
1. `vi /etc/rc.local.d/local.sh`
|
|
2. Add just before the final `exit 0` line: `esxcli network ip route ipv4 add --gateway=192.168.1.1 --network=10.0.0.0/24`
|
|
|
|
Now you can access the ESXi dashboard on `192.168.1.5` (or whatever the ip of the hypervisor is).
|
|
|
|
5. Add a new datastore: 
|
|
|
|
### Setup Linux Development Environment
|
|
|
|
1. In Skylab request a new Ubuntu Server 24.04 machine.
|
|
2. Enable network access:
|
|
1. Gain access to the terminal in the new machine (similar to step 4.0 from the ESXi setup)
|
|
2. Edit the `/etc/netplan/99-netcfg-vmware.yaml` file to contain routes and nameservers:
|
|
```
|
|
network:
|
|
version: 2
|
|
renderer: networkd
|
|
ethernets:
|
|
ens192:
|
|
dhcp4: no
|
|
dhcp6: no
|
|
addresses:
|
|
- 192.168.1.6/24
|
|
routes:
|
|
- to: default
|
|
via: 192.168.1.1
|
|
nameservers:
|
|
addresses:
|
|
- 192.168.1.1
|
|
```
|
|
3. `sudo netplan apply`
|
|
|
|
3. SSH Access:
|
|
1. Generate 3 SSH key pairs
|
|
1. `ssh-keygen -t ed25519 -f ~/.ssh/devhost`
|
|
2. `ssh-keygen -t ed25519 -f ~/.ssh/skylab`
|
|
3. `ssh-keygen -t ed25519 -f ~/.ssh/azure`
|
|
2. `cat ~/.ssh/devhost.pub >> ~/.ssh/authorized_keys`
|
|
3. `chmod 400 authorized_keys`
|
|
|
|
4. Copy the keys
|
|
1. Copy the content of devhost to a file on your local machine: `scp student@192.168.1.6:/home/student/.ssh/devhost D:/School/devhost`
|
|
2. Set the permissions of that file with Powershell as admin:
|
|
1. `icacls "D:\School\devhost" /inheritance:r`
|
|
2. `icacls "D:\School\devhost" /grant:r "$($env:USERNAME):(R)"`
|
|
3. Upload the `azure` public key to Azure: 
|
|
|
|
5. Now you can access the VM via VSCode:
|
|
1. Install the Remote Explorer extension.
|
|
2. Add this to your ssh config:
|
|
```
|
|
Host iac-devhost
|
|
Hostname 192.168.1.6
|
|
User student
|
|
IdentityFile D:/School/devhost
|
|
```
|
|
3. Connect to the machine in VSCode: 
|
|
|
|
6. Install deps: `sudo apt install git unzip curl sshpass`
|
|
|
|
7. Install OVFTool
|
|
1. `wget https://github.com/rgl/ovftool-binaries/raw/main/archive/VMware-ovftool-4.6.3-24031167-lin.x86_64.zip`
|
|
2. `unzip VMware-ovftool-4.6.3-24031167-lin.x86_64.zip`
|
|
3. `sudo mv ovftool vmware-ovftool`
|
|
4. `sudo mv vmware-ovftool /usr/bin/`
|
|
5. `sudo chmod +x /usr/bin/vmware-ovftool/ovftool.bin`
|
|
6. `sudo chmod +x /usr/bin/vmware-ovftool/ovftool`
|
|
7. `sed -i '$ a\PATH=$PATH:/home/student/.local/bin:/usr/bin/vmware-ovftool' ~/.bashrc`
|
|
|
|
8. Install PIP and Ansible
|
|
1. `sudo apt-get update && sudo apt-get install -y gnupg software-properties-common python3-pip pipx`
|
|
2. `pipx ensurepath`
|
|
3. `pipx install --include-deps ansible`
|
|
4. `pipx install ansible-lint`
|
|
|
|
9. Install Terraform
|
|
1. `wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg`
|
|
2. `echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list`
|
|
3. `sudo apt-get update && sudo apt-get install terraform`
|
|
|
|
10. Install Azure CLI
|
|
1. `curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash`
|
|
2. Login with `az login`
|
|
3. Choose the `2 - HBO ICT` subscription
|
|
|
|
### Test Connection
|
|
|
|
Run the following command and enter the password of the `root` user on the ESXi Hypervisor: `ansible -i '192.168.1.5,' -m ping all -u root -k`
|
|
|
|
This will return a success message:
|
|
|
|
 |