moe

author: Paul Buetow <paul@buetow.org> 2025-01-20 23:49:34 +0200
committer: Paul Buetow <paul@buetow.org> 2025-01-20 23:49:34 +0200
commit: 1a2d979f7d9f303d739c9669af7fd824a63527a4 (patch)
tree: edbb60d6fbd25740949653a7e8b052c1b42bfc4f /gemfeed
parent: 5782f1e9d3d6c18fa3c9b4e5b39dea04c444ad9b (diff)
1 files changed, 62 insertions, 17 deletions
diff --git a/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-bhyve.gmi.tpl b/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-bhyve.gmi.tpl
index ee58115b..651b3b38 100644
--- a/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-bhyve.gmi.tpl
+++ b/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-bhyve.gmi.tpl
@@ -88,9 +88,9 @@ network0_mac="58:9c:fc:0d:13:3f"
 
 Whereas the `uuid` and the `network0_mac` differ on each of the 3 hosts.
 
-but in order to make Rocky Linux boot it (plus some other adjustments, e.g. as I am intending to run the majority of the workload in the k3s cluster running on those linux VMs, I give them beefy specs like 4 CPU cores and 14GB RAM), I modified it to:
+but in order to make Rocky Linux boot it (plus some other adjustments, e.g. as I am intending to run the majority of the workload in the k3s cluster running on those linux VMs, I give them beefy specs like 4 CPU cores and 14GB RAM), I run `doas vm configure rocky` and modified it to:
 
-```sh
+```
 guest="linux"
 loader="uefi"
 uefi_vars="yes"
@@ -108,6 +108,8 @@ network0_mac="58:9c:fc:0d:13:3f"
 
 ### VM installation
 
+To start the installer from the downloaded ISO, I run:
+
 ```sh
 paul@f0:~ % doas vm install rocky Rocky-9.5-x86_64-minimal.iso
 Starting rocky
@@ -122,7 +124,7 @@ paul@f0:/bhyve/rocky % doas sockstat -4 | grep 5900
 root     bhyve       6079 8   tcp4   *:5900                *:*
 ```
 
-Port 5900 is now also open for VNC connections, so we connect to it with a VNC client and run through the installation dialogs. I'm sure this could be done unattended or more automated, but we have only 3 VMs to install, and the automation doesn't seem worth it as we are doing it only once.
+Port 5900 now also opened for VNC connections, so I connected to it with a VNC client and run through the installation dialogs. I'm sure this could be done unattended or more automated, there are only 3 VMs to install, and the automation doesn't seem worth it as we are doing it only once in a year or less often.
 
 ### Increase of the disk image
 
@@ -136,15 +138,35 @@ paul@f0:/bhyve/rocky % doas vm install rocky Rocky-9.5-x86_64-minimal.iso
 
 ### Connect to VPN
 
-For the installation, I opened the VPN client on my Fedora laptop (GNOME comes with a simple VPN client) and ran through the base installation for each of the VMs manually. I am sure this could have been automated a bit more, but there were just 3 VMs, and it wasn't worth the effort. The three VNC addresses of the VMs were: `vnc://f0:5900`, `vnc://f1:5900`, and `vnc://f0:5900`.
+For the installation, I opened the VPN client on my Fedora laptop (GNOME comes with a simple VPN client) and ran through the base installation for each of the VMs manually. Again, I am sure this could have been automated a bit more, but there were just 3 VMs, and it wasn't worth the effort. The three VNC addresses of the VMs were: `vnc://f0:5900`, `vnc://f1:5900`, and `vnc://f0:5900`.
 
 I mostly selected the default settings (auto partitioning on the 100GB drive and a root user password). After the installation, the VMs were rebooted.
 
 ## After install
 
-After that, I changed the network configuration to be static here as well.
+I performed the following steps for all 3 VMs. In the following, the examples are all executed on `f0` (bzw the VM `r0` running on `f0`):
 
-As per previous post of this series, the 3 FreeBSD hosts were already in my `/etc/hosts` file:
+### VM auto-start after host reboot
+
+To automatically start the VM on the servers I added the following to the `rc.conf` on the FreeBSD hosts:
+
+```sh
+paul@f0:/bhyve/rocky % doas cat <<END >>/etc/rc.conf
+vm_list="rocky"
+vm_delay="5"
+```
+
+The `vm_delay` isn't really required. It is used to wait 5 seconds before starting each VM, but as of now, there is only one VM per host. Maybe later, when there are more, this will be useful to have. After adding, there's now a `Yes` indicator in the `AUTO` column.
+
+```sh
+paul@f0:~ % doas vm list
+NAME   DATASTORE  LOADER  CPU  MEMORY  VNC           AUTO     STATE
+rocky  default    uefi    4    14G     0.0.0.0:5900  Yes [1]  Running (2063)
+```
+
+### Static IP configuration
+
+After that, I changed the network configuration of the VMs to be static (from DHCP) here as well. As per previous post of this series, the 3 FreeBSD hosts were already in my `/etc/hosts` file:
 
 ```
 192.168.1.130 f0 f0.lan f0.lan.buetow.org
@@ -152,7 +174,7 @@ As per previous post of this series, the 3 FreeBSD hosts were already in my `/et
 192.168.1.132 f2 f2.lan f2.lan.buetow.org
 ```
 
-For the Rocky VMs I added those:
+For the Rocky VMs I added those to the FreeBSD hosts systems as well:
 
 ```sh
 paul@f0:/bhyve/rocky % doas cat <<END >>/etc/hosts
@@ -161,25 +183,48 @@ paul@f0:/bhyve/rocky % doas cat <<END >>/etc/hosts
 192.168.1.122 r2 r2.lan r2.lan.buetow.org
 END
 ```
-and configured the IPs accordingly on the VMs themselves.
 
-### Auto-start
+and configured the IPs accordingly on the VMs themselves by opening a root shell via RDP to the VMs and entering the following commands on each of the VMs:
+
+```sh
+[root@r0 ~]# dnmcli connection modify enp0s5 ipv4.address 192.168.1.120/24
+[root@r0 ~]# dnmcli connection modify enp0s5 ipv4.gateway 192.168.1.1
+[root@r0 ~]# dnmcli connection modify enp0s5 ipv4.dns 192.168.1.1
+[root@r0 ~]# dnmcli connection modify enp0s5 ipv4.method manual
+[root@r0 ~]# dnmcli connection down enp0s5
+[root@r0 ~]# dnmcli connection up enp0s5
+[root@r0 ~]# hostnamectl set-hostname r0.lan.buetow.org
+[root@r0 ~]# cat <<END >>/etc/hosts
+192.168.1.120 r0 r0.lan r0.lan.buetow.org
+192.168.1.121 r1 r1.lan r1.lan.buetow.org
+192.168.1.122 r2 r2.lan r2.lan.buetow.org
+END
+````
+
+Whereas:
+
+* `192.168.1.120` is the IP of the VM itself (here: `r0.lan.buetow.org`)
+* `192.168.1.1` is the address of my home router, which also does DNS.
 
-To automatically start the VM on the servers I added the following to the `rc.conf`:
+### Permitting root login
+
+As these VMs arent directly reachable via SSH from the internet, I enabled `root` login by adding a line with `PermitRootLogin yes` to `/etc/sshd/sshd_config`.
+
+Once done, I rebooted the VM by running `reboot` inside of the vm to test whether everything was configured and persisted correctly.
+
+After reboot, I copied my public key from my Laptop to the 3 VMs:
 
 ```sh
-paul@f0:/bhyve/rocky % doas cat <<END >>/etc/rc.conf
-vm_list="rocky"
-vm_delay="5"
+% for i in 0 1 2; do ssh-copy-id root@r$i.lan.buetow.org; done
 ```
 
-The `vm_delay` isn't really required. It is used to wait 5 seconds before starting each VM, but as of now, there is only one VM per host. Maybe later, when there are more, this will be useful to have. After adding, there's now a `Yes` indicator in the `AUTO` column.
+And then I edited the `/etc/ssh/sshd_config` file again on all 3 VMs and configured `PasswordAuthentication no`, to only allow SSH key authentication from now on.
 
+### Install latest updates
 
 ```sh
-paul@f1:~ % doas vm list
-NAME   DATASTORE  LOADER  CPU  MEMORY  VNC           AUTO     STATE
-rocky  default    uefi    4    14G     0.0.0.0:5900  Yes [1]  Running (2063)
+[root@r0 ~]# dnf update
+[root@r0 ~]# dreboot
 ```
 
 Other *BSD-related posts:
author	Paul Buetow <paul@buetow.org>	2025-01-20 23:49:34 +0200
committer	Paul Buetow <paul@buetow.org>	2025-01-20 23:49:34 +0200
commit	1a2d979f7d9f303d739c9669af7fd824a63527a4 (patch)
tree	edbb60d6fbd25740949653a7e8b052c1b42bfc4f /gemfeed
parent	5782f1e9d3d6c18fa3c9b4e5b39dea04c444ad9b (diff)