HAND Series - Article 5 - Development environment

2023-01-02
DevOps Development Learning HomeLab HAND

background

Hello everyone, this is the fifth article of a series of articles describing and showing how to setup and deploy an amazing homelab, meant to satisfy all your needs and make you enjoy the process of creation.

Today's topic will be creating a Development environment in your newly created Proxmox environment.

For this matter, I recommend sticking with Ubuntu, as it is easy to maintain, easy to use, all major software releases are available and work perfectly fine, it can be hardened, and it has a cloud version which will be used as a template for a in-some-way minimal image. Also, having cloud-init eases us with the ability to set initial user and password, ssh-keys and more.

For the purpose and looking into the future, we will install in Proxmox a script, that not only will download and import this cloud image into our available ISOs, but it will keep it updated so we always have the latest image as a template.

The script is simple. Let’s check it out.

# installing libguestfs-tools only required once, prior to first run
apt update -y
apt install libguestfs-tools -y

# remove existing image in case last execution did not complete successfully
rm focal-server-cloudimg-amd64.img

# qm is basically the way to interact with the VMs and all around them in Proxmox
# if you want details you can read the manual https://pve.proxmox.com/pve-docs/qm.1.html

# destroy the template which will have the id 9000
qm destroy 9000

# download from current repo the ubuntu focal image
wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
# we customize the image to have qemu-guest-agent inside
virt-customize -a focal-server-cloudimg-amd64.img --install qemu-guest-agent

# we create the template and set the configuration of it (as if we are creating a VM)
qm create 9000 --name "ubuntu-2004-cloudinit-template" --memory 2048 --cores 2 --net0 virtio,bridge=vmbr0
qm importdisk 9000 focal-server-cloudimg-amd64.img local-lvm
qm set 9000 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-9000-disk-0
qm set 9000 --boot c --bootdisk scsi0
qm set 9000 --ide2 local-lvm:cloudinit
qm set 9000 --serial0 socket --vga serial0
qm set 9000 --agent enabled=1
qm template 9000

# clean up the file after creating the template
rm focal-server-cloudimg-amd64.img

# next up, clone VM, then expand the disk
# you also still need to copy ssh keys to the newly cloned VM

You can have this script in /root/get_newest_ubuntu_cloudimg.sh don’t forget to mark it as executable with chmod +x /root/get_newest_ubuntu_cloudimg.sh

Install this script on crontab so it can be run every monday:

crontab -e
0 0 * * MON     bash /root/get_newest_ubuntu_cloudimg.sh

And you may want to run in an initial time if you don’t want to wait for crontab to run it the first time 🤣

After having our template set, we can create a Development machine, I like to use the concept of Bastion Server.

A Bastion server is a machine which have access to other machines, and whenever you want to access this other machines, you won’t expose them to others but to the Bastion server, this way you can harden the security in the Bastion machine and be sure the machines the Bastion can access won’t be touched from outside this machine.

  • Go ahead and find your template in the GUI below your Proxmox host
  • Right click and Clone it
  • Tweak the parameters of the VM as you like, the amount of RAM and sockets/cores
  • You can resize the Disk by clicking on Hard disk → Disk Action → Resize
  • Go to Cloud Init tab
  • Set a user and password

After having the machine setup, we can start it, wait for it and ssh from anywhere in the network.

For this purpose, I like being from the Windows VM, after installing VSCode, you can connect remotely to the machine from VSCode after installing the extension Remote - SSH , explaining how to install VSCode and extensions in it is beyond the scope of this Article but is fairly easy.

Now it is fair to assume you can access with SSH your Development/Bastion machine. And you can operate in it.

I will show a list of commands that are good to run as first steps.

# this makes sure everything is updated
apt update && apt upgrade -y && apt dist-upgrade -y && apt autoremove -y && apt autoclean -y

# this generates ssh-keys, used later to access other servers, introduce info when asked or just spam enter :D
ssh-keygen

Now we are going to install Terraform, Kubectl, Helm and Ansible.

# Terraform
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt update -y
sudo apt install terraform -y

# Kubectl and Helm
# Some people avoid and hate on snap, I don't
# If you do, you can go ahead and check on github how to install them, usually it would be downloading the binaries and putting them in the path
sudo snap install kubectl
sudo snap install helm

# Ansible
sudo apt-add-repository ppa:ansible/ansible -y
sudo apt update -y
sudo apt install ansible -y

Now you should be all set. It is good to take note of the ssh public key, as we will use it in further steps.

Also, to be able to access the Proxmox host and audit, make some changes we will use a technical user which means we will connect and do things programmatically, so we won’t need to put our password for the root user and so on.

The steps to create the technical user are as follows:

  • Go to Datacenter → Permissions → Users → Click add → Give a name to the user → Click add
  • Click API tokens → Select the user → Give the token an ID → Uncheck privilege separation (which means the token will have the same permissions as the user)
  • Click Add
  • Copy the values of Token ID and Secret in a file

  • Now go to Permissions → Add →

    • Path = ‘/’
    • User = ‘Your_new_user’
    • Role = ‘PVEVMAdmin’

  • Click again on Add →

    • Path = ‘/storage/local(or_whatever_your_storage_is_called)’
    • User = ‘Your_new_user’
    • Role = ‘Administrator'

  • Click again on Add (last time, I swear) →

    • Path = ‘/’
    • User = ‘Your_new_user’
    • Role = ‘PVEAuditor’

At this point we are done with setting up the technical user and its permissions, now we could call Proxmox’s API with this user. But that is work for the next part.

Keep that information organized and reachable, we will need it later, so if you reached this point, Good job, pat yourself on the shoulder!

If you are warmed up and want to keep going, jump into the next article and continue your journey with me towards your dream homelab.

Thank you for being here, be healthy, happy and productive! ✌🏻

Back to Blog