11 KiB
Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking
This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt.
Step 1: System Update and Repository Configuration
Start by updating your system and configuring necessary repositories.
-
Update the system:
sudo dnf update -y -
Enable the CodeReady Builder (CRB) repository:
sudo dnf config-manager --set-enabled crb -
Add the HashiCorp repository for Vagrant:
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo -
Import the GPG key for security (optional but recommended):
sudo rpm --import https://rpm.releases.hashicorp.com/gpg -
Refresh the package cache:
sudo dnf makecache
Step 2: Install Required Tools
Install all necessary packages for virtualization, development, automation, and monitoring tools.
sudo dnf install -y \
qemu-kvm \
libvirt \
libvirt-daemon-driver-qemu \
libvirt-devel \
vagrant \
ruby-devel \
gcc \
ansible \
python3 \
python3-pip \
bridge-utils \
net-tools \
wget \
curl \
vim \
git \
htop \
iotop \
iftop \
firewalld \
unzip \
kernel-devel \
kernel-headers
Optional: For a full development environment, install the complete "Development Tools" group:
sudo dnf groupinstall -y "Development Tools"
Step 3: Enable and Start Services
Ensure the essential services for virtualization and security are running, and update your user permissions for VM management.
-
Enable and start libvirt:
sudo systemctl enable --now libvirtd -
Enable and start firewalld:
sudo systemctl enable --now firewalld -
Add your user to the
libvirtgroup:sudo usermod -aG libvirt $USER -
Log out and log back in or run the following command to apply group membership:
newgrp libvirt
Step 4: Install Vagrant Plugins and Python Setup
Install the vagrant-libvirt plugin and ensure Python is fully set up.
-
Install the vagrant-libvirt plugin:
vagrant plugin install vagrant-libvirt -
Ensure pip is upgraded:
python3 -m pip install --upgrade pip -
Optional: Use Python virtual environments to avoid affecting system-wide packages:
python3 -m venv ~/venv source ~/venv/bin/activate
Step 5: Create and Run Virtual Machines
Now that everything is installed, set up and run multiple virtual machines using Vagrant.
-
Create a Vagrant project directory and initialize:
mkdir ~/vagrant-lab cd ~/vagrant-lab vagrant init generic/rocky9 -
Modify the Vagrantfile for a multi-VM setup (web and database servers):
Vagrant.configure("2") do |config| config.vm.box = "generic/rocky9" # Web server VM config.vm.define "web" do |web| web.vm.provider "libvirt" do |libvirt| libvirt.memory = 2048 libvirt.cpus = 2 end web.vm.network "private_network", ip: "192.168.56.10" web.vm.hostname = "webserver" end # Database server VM config.vm.define "db" do |db| db.vm.provider "libvirt" do |libvirt| libvirt.memory = 4096 libvirt.cpus = 2 end db.vm.network "private_network", ip: "192.168.56.11" db.vm.hostname = "dbserver" end end -
Bring up the VMs:
vagrant up --provider=libvirt -
SSH into the VMs:
vagrant ssh web vagrant ssh db
Step 6: Verify Virtualization and Networking
Ensure the virtual machines are running correctly and networked.
-
List running virtual machines:
sudo virsh list --all -
Check network interfaces:
ip a -
Verify that the
virbr0bridge is active:ip link show virbr0
Step 7: Test Ansible and Python Setup
Verify that Ansible and Python are ready for automation tasks.
-
Check Ansible version:
ansible --version -
Test Python and pip:
python3 --version pip3 --version -
Create an Ansible inventory file for the VMs:
[webservers] webserver ansible_host=192.168.56.10 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/web/libvirt/private_key [dbservers] dbserver ansible_host=192.168.56.11 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/db/libvirt/private_key
Step 8: Configure Security
Set up firewalld and SELinux to secure your environment.
-
Allow web traffic on firewalld:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload -
Enable SELinux for web services:
sudo setsebool -P httpd_can_network_connect on
Additional Suggestions
-
Automate VM Provisioning: Use Ansible playbooks to install services on the VMs. For example:
--- - hosts: webservers tasks: - name: Install Apache yum: name: httpd state: present - name: Start Apache service: name: httpd state: started enabled: true -
Configure Static IPs: This is useful for consistent VM addresses.
-
Resource Monitoring: Use
htop,iotop, andiftopinside the VMs for CPU, disk, and network monitoring.
Summary of Key Commands
# System update and repository configuration
sudo dnf update -y
sudo dnf config-manager --set-enabled crb
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo rpm --import https://rpm.releases.hashicorp.com/gpg
sudo dnf makecache
# Install necessary packages
sudo dnf install -y qemu-kvm libvirt libvirt-daemon-driver-qemu libvirt-devel vagrant ansible python3 python3-pip \
bridge-utils net-tools wget curl vim git htop iotop iftop firewalld unzip kernel-devel kernel-headers
# Enable and start services
sudo systemctl enable --now libvirtd
sudo systemctl enable --now firewalld
sudo usermod -aG libvirt $USER
# Log out and log back in or use `newgrp libvirt`
# Install vagrant-libvirt plugin
vagrant plugin install vagrant-libvirt
# Test Python and Ansible
python3 --version
pip3 --version
ansible --version
To focus solely on automating the base system setup for your Rocky Linux lab, we can use Ansible to ensure that all necessary tools, services, and configurations are applied efficiently. This setup will automate installing dependencies, enabling services, configuring the network, and preparing the system for future use.
Here’s how you can automate the entire base system setup using Ansible:
Automating the Base System Setup with Ansible
Step 1: Create an Ansible Playbook for Base System Setup
The following playbook will handle:
- System updates.
- Enabling repositories.
- Installing required packages for virtualization, development tools, and networking.
- Enabling services like libvirt and firewalld.
- Adding the user to the libvirt group.
Base System Setup Playbook (setup-host.yml)
---
- hosts: localhost
become: yes
tasks:
# Update all packages and refresh cache
- name: Update the system
dnf:
name: "*"
state: latest
update_cache: yes
# Enable CodeReady Builder (CRB) repository
- name: Enable CodeReady Builder repository
command: dnf config-manager --set-enabled crb
# Add HashiCorp repository for Vagrant
- name: Add HashiCorp repository for Vagrant
command: dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
# Refresh dnf cache
- name: Refresh dnf cache
command: dnf makecache
# Install necessary packages for virtualization, development, networking, and monitoring
- name: Install required packages
dnf:
name:
- qemu-kvm
- libvirt
- libvirt-daemon-driver-qemu
- libvirt-devel
- vagrant
- ruby-devel
- gcc
- ansible
- python3
- python3-pip
- bridge-utils
- net-tools
- wget
- curl
- vim
- git
- htop
- iotop
- iftop
- firewalld
- unzip
- kernel-devel
- kernel-headers
state: present
# Enable and start libvirt service
- name: Enable and start libvirt service
systemd:
name: libvirtd
enabled: yes
state: started
# Enable and start firewalld service
- name: Enable and start firewalld service
systemd:
name: firewalld
enabled: yes
state: started
# Add the user to the libvirt group to allow non-root VM management
- name: Add user to libvirt group
user:
name: "{{ ansible_user }}"
groups: libvirt
append: yes
Step 2: Run the Ansible Playbook
-
Save the playbook to a file called
setup-host.yml. -
Run the Ansible playbook to automate the entire base system setup:
ansible-playbook setup-host.yml
Step 3: Post-Setup Instructions
-
Reboot the System: After running the playbook, it’s recommended to reboot the system to ensure all services start properly and the group changes take effect:
sudo reboot -
Verify Installation: Once the system is back online, verify that all services are enabled and working:
-
Check if
libvirtis running:systemctl status libvirtd -
Check if
firewalldis running:systemctl status firewalld -
Ensure the user is added to the
libvirtgroup:groups $USER
-
What This Playbook Does
- System Updates: It ensures your system is up to date and refreshes the DNF cache.
- Enabling Repositories: The playbook enables the CodeReady Builder (CRB) repository for development tools and adds the HashiCorp repository for Vagrant.
- Installing Required Packages: Installs all necessary tools for virtualization (KVM, libvirt), development (GCC, Ruby), and system monitoring (htop, iotop, iftop).
- Enabling Services: Automatically enables and starts key services like
libvirtd(for VM management) andfirewalld(for security). - User Management: Adds your user to the
libvirtgroup, allowing you to manage VMs without needing root privileges.
Conclusion
This automated base system setup ensures that your Rocky Linux environment is fully prepared for future lab deployments and VM management without manual intervention. Once the playbook is run, your system will be ready with all necessary tools and services enabled.
Let me know if you want to add any more specific features or adjustments!