Files

medusa 7f41fdad98 Update tech_docs/lab/rhcsa_lab.md

2024-09-26 03:17:17 +00:00

6.6 KiB

Raw Blame History

Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking

This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt.

Step 1: System Update and Repository Configuration

Start by updating your system and configuring necessary repositories.

Update the system:
```
sudo dnf update -y
```
Enable the CodeReady Builder (CRB) repository:
```
sudo dnf config-manager --set-enabled crb
```

Add the HashiCorp repository for Vagrant:

sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

Import the GPG key for security (optional but recommended):

sudo rpm --import https://rpm.releases.hashicorp.com/gpg

Refresh the package cache:
```
sudo dnf makecache
```

Step 2: Install Required Tools

Install all necessary packages for virtualization, development, automation, and monitoring tools.

sudo dnf install -y \
  qemu-kvm \
  libvirt \
  libvirt-daemon-driver-qemu \
  libvirt-devel \
  vagrant \
  ruby-devel \
  gcc \
  ansible \
  python3 \
  python3-pip \
  bridge-utils \
  net-tools \
  wget \
  curl \
  vim \
  git \
  htop \
  iotop \
  iftop \
  firewalld \
  unzip \
  kernel-devel \
  kernel-headers

Optional: For a full development environment, install the complete "Development Tools" group:

sudo dnf groupinstall -y "Development Tools"

Step 3: Enable and Start Services

Ensure the essential services for virtualization and security are running, and update your user permissions for VM management.

Enable and start libvirt:
```
sudo systemctl enable --now libvirtd
```
Enable and start firewalld:
```
sudo systemctl enable --now firewalld
```
Add your user to the libvirt group:
```
sudo usermod -aG libvirt $USER
```
Log out and log back in or run the following command to apply group membership:
```
newgrp libvirt
```

Step 4: Install Vagrant Plugins and Python Setup

Install the vagrant-libvirt plugin and ensure Python is fully set up.

Install the vagrant-libvirt plugin:
```
vagrant plugin install vagrant-libvirt
```
Ensure pip is upgraded:
```
python3 -m pip install --upgrade pip
```
Optional: Use Python virtual environments to avoid affecting system-wide packages:
```
python3 -m venv ~/venv
source ~/venv/bin/activate
```

Step 5: Create and Run Virtual Machines

Now that everything is installed, set up and run multiple virtual machines using Vagrant.

Create a Vagrant project directory and initialize:

mkdir ~/vagrant-lab
cd ~/vagrant-lab
vagrant init generic/rocky9

Modify the Vagrantfile for a multi-VM setup (web and database servers):

Vagrant.configure("2") do |config|
  config.vm.box = "generic/rocky9"

  # Web server VM
  config.vm.define "web" do |web|
    web.vm.provider "libvirt" do |libvirt|
      libvirt.memory = 2048
      libvirt.cpus = 2
    end
    web.vm.network "private_network", ip: "192.168.56.10"
    web.vm.hostname = "webserver"
  end

  # Database server VM
  config.vm.define "db" do |db|
    db.vm.provider "libvirt" do |libvirt|
      libvirt.memory = 4096
      libvirt.cpus = 2
    end
    db.vm.network "private_network", ip: "192.168.56.11"
    db.vm.hostname = "dbserver"
  end
end

Bring up the VMs:
```
vagrant up --provider=libvirt
```
SSH into the VMs:
```
vagrant ssh web
vagrant ssh db
```

Step 6: Verify Virtualization and Networking

Ensure the virtual machines are running correctly and networked.

List running virtual machines:
```
sudo virsh list --all
```
Check network interfaces:
```
ip a
```
Verify that the virbr0 bridge is active:
```
ip link show virbr0
```

Step 7: Test Ansible and Python Setup

Verify that Ansible and Python are ready for automation tasks.

Check Ansible version:
```
ansible --version
```
Test Python and pip:
```
python3 --version
pip3 --version
```

Create an Ansible inventory file for the VMs:

[webservers]
webserver ansible_host=192.168.56.10 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/web/libvirt/private_key

[dbservers]
dbserver ansible_host=192.168.56.11 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/db/libvirt/private_key

Step 8: Configure Security

Set up firewalld and SELinux to secure your environment.

Allow web traffic on firewalld:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

Enable SELinux for web services:

sudo setsebool -P httpd_can_network_connect on

Additional Suggestions

Automate VM Provisioning: Use Ansible playbooks to install services on the VMs. For example:

---
- hosts: webservers
  tasks:
    - name: Install Apache
      yum:
        name: httpd
        state: present
    - name: Start Apache
      service:
        name: httpd
        state: started
        enabled: true

Configure Static IPs: This is useful for consistent VM addresses.
Resource Monitoring: Use htop, iotop, and iftop inside the VMs for CPU, disk, and network monitoring.

Summary of Key Commands

# System update and repository configuration
sudo dnf update -y
sudo dnf config-manager --set-enabled crb
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo rpm --import https://rpm.releases.hashicorp.com/gpg
sudo dnf makecache

# Install necessary packages
sudo dnf install -y qemu-kvm libvirt libvirt-daemon-driver-qemu libvirt-devel vagrant ansible python3 python3-pip \
bridge-utils net-tools wget curl vim git htop iotop iftop firewalld unzip kernel-devel kernel-headers

# Enable and start services
sudo systemctl enable --now libvirtd
sudo systemctl enable --now firewalld
sudo usermod -aG libvirt $USER
# Log out and log back in or use `newgrp libvirt`

# Install vagrant-libvirt plugin
vagrant plugin install vagrant-libvirt

# Test Python and Ansible
python3 --version
pip3 --version
ansible --version

6.6 KiB Raw Blame History