# **Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking** This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt. --- ## **Step 1: System Update and Repository Configuration** Start by updating your system and configuring necessary repositories. 1. **Update the system**: ```bash sudo dnf update -y ``` 2. **Enable the CodeReady Builder (CRB) repository**: ```bash sudo dnf config-manager --set-enabled crb ``` 3. **Add the HashiCorp repository for Vagrant**: ```bash sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo ``` 4. **Import the GPG key for security** (optional but recommended): ```bash sudo rpm --import https://rpm.releases.hashicorp.com/gpg ``` 5. **Refresh the package cache**: ```bash sudo dnf makecache ``` --- ## **Step 2: Install Required Tools** Install all necessary packages for virtualization, development, automation, and monitoring tools. ```bash sudo dnf install -y \ qemu-kvm \ libvirt \ libvirt-daemon-driver-qemu \ libvirt-devel \ vagrant \ ruby-devel \ gcc \ ansible \ python3 \ python3-pip \ bridge-utils \ net-tools \ wget \ curl \ vim \ git \ htop \ iotop \ iftop \ firewalld \ unzip \ kernel-devel \ kernel-headers ``` **Optional**: For a full development environment, install the complete "Development Tools" group: ```bash sudo dnf groupinstall -y "Development Tools" ``` --- ## **Step 3: Enable and Start Services** Ensure the essential services for virtualization and security are running, and update your user permissions for VM management. 1. **Enable and start libvirt**: ```bash sudo systemctl enable --now libvirtd ``` 2. **Enable and start firewalld**: ```bash sudo systemctl enable --now firewalld ``` 3. **Add your user to the `libvirt` group**: ```bash sudo usermod -aG libvirt $USER ``` 4. **Log out and log back in** or run the following command to apply group membership: ```bash newgrp libvirt ``` --- ## **Step 4: Install Vagrant Plugins and Python Setup** Install the **vagrant-libvirt** plugin and ensure **Python** is fully set up. 1. **Install the vagrant-libvirt plugin**: ```bash vagrant plugin install vagrant-libvirt ``` 2. **Ensure pip is upgraded**: ```bash python3 -m pip install --upgrade pip ``` 3. **Optional**: Use Python virtual environments to avoid affecting system-wide packages: ```bash python3 -m venv ~/venv source ~/venv/bin/activate ``` --- ## **Step 5: Create and Run Virtual Machines** Now that everything is installed, set up and run multiple virtual machines using Vagrant. 1. **Create a Vagrant project directory and initialize**: ```bash mkdir ~/vagrant-lab cd ~/vagrant-lab vagrant init generic/rocky9 ``` 2. **Modify the Vagrantfile** for a multi-VM setup (web and database servers): ```ruby Vagrant.configure("2") do |config| config.vm.box = "generic/rocky9" # Web server VM config.vm.define "web" do |web| web.vm.provider "libvirt" do |libvirt| libvirt.memory = 2048 libvirt.cpus = 2 end web.vm.network "private_network", ip: "192.168.56.10" web.vm.hostname = "webserver" end # Database server VM config.vm.define "db" do |db| db.vm.provider "libvirt" do |libvirt| libvirt.memory = 4096 libvirt.cpus = 2 end db.vm.network "private_network", ip: "192.168.56.11" db.vm.hostname = "dbserver" end end ``` 3. **Bring up the VMs**: ```bash vagrant up --provider=libvirt ``` 4. **SSH into the VMs**: ```bash vagrant ssh web vagrant ssh db ``` --- ## **Step 6: Verify Virtualization and Networking** Ensure the virtual machines are running correctly and networked. 1. **List running virtual machines**: ```bash sudo virsh list --all ``` 2. **Check network interfaces**: ```bash ip a ``` 3. **Verify that the `virbr0` bridge is active**: ```bash ip link show virbr0 ``` --- ## **Step 7: Test Ansible and Python Setup** Verify that Ansible and Python are ready for automation tasks. 1. **Check Ansible version**: ```bash ansible --version ``` 2. **Test Python and pip**: ```bash python3 --version pip3 --version ``` 3. **Create an Ansible inventory file for the VMs**: ```ini [webservers] webserver ansible_host=192.168.56.10 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/web/libvirt/private_key [dbservers] dbserver ansible_host=192.168.56.11 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/db/libvirt/private_key ``` --- ## **Step 8: Configure Security** Set up firewalld and SELinux to secure your environment. 1. **Allow web traffic on firewalld**: ```bash sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload ``` 2. **Enable SELinux for web services**: ```bash sudo setsebool -P httpd_can_network_connect on ``` --- ## **Additional Suggestions** - **Automate VM Provisioning**: Use Ansible playbooks to install services on the VMs. For example: ```yaml --- - hosts: webservers tasks: - name: Install Apache yum: name: httpd state: present - name: Start Apache service: name: httpd state: started enabled: true ``` - **Configure Static IPs**: This is useful for consistent VM addresses. - **Resource Monitoring**: Use `htop`, `iotop`, and `iftop` inside the VMs for CPU, disk, and network monitoring. --- ## **Summary of Key Commands** ```bash # System update and repository configuration sudo dnf update -y sudo dnf config-manager --set-enabled crb sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo sudo rpm --import https://rpm.releases.hashicorp.com/gpg sudo dnf makecache # Install necessary packages sudo dnf install -y qemu-kvm libvirt libvirt-daemon-driver-qemu libvirt-devel vagrant ansible python3 python3-pip \ bridge-utils net-tools wget curl vim git htop iotop iftop firewalld unzip kernel-devel kernel-headers # Enable and start services sudo systemctl enable --now libvirtd sudo systemctl enable --now firewalld sudo usermod -aG libvirt $USER # Log out and log back in or use `newgrp libvirt` # Install vagrant-libvirt plugin vagrant plugin install vagrant-libvirt # Test Python and Ansible python3 --version pip3 --version ansible --version ```