Virtualize Kickstart Server - virtual-machine

I have a cluster of computers and I am using one of them as a kickstart server.
I configured DHCP/TFTP/FTP on it and it worked fine. When you boot any box in the cluster and choose to boot from network, it will reach out to that kickstart server, lease an IP, install OS..etc. However, using one box dedicated for kickstart is such a waste of resource and I am wondering is it possible to use some level of virtualization to achieve that, so you end up with a image that is a fully functional ks server and can be running on any box with the virtuallization tool set up?
I have used VirtualBox, Vagrant and Docker before but I am not sure will these tools be powerful enought to do it? Can anyone give some directional guidance or resource to help me get started.

Just virtualize the kickstart server;
Use the virtual environment DHCP Server facility and set the Kickstart Server DHCP module as "proxyDHCP"
When a PXE client boots up will get its IP from the virtual environment DHCP Server and the PXE booting information from the instance of the kickstart proxyDHCP server.
Next the PXE client will know where the TFTP and the rest of the kickstart facilities are located and will continue the boot/install.

Yep I always run kickstart on a VM, A good way to do things is have a bunch of VM's and share them across hosts. Pretty much every site I build out I have the following VM's
Build: running Kickstart/Cobbler, DHCP, TFTP
Provision: running Puppet or Chef
Monitoring: Zenoss or Nagios
The VM's disks all live on iscsi and create the VM's with libvirt KVM. Everything can easily live on one server. I usually have a second server that is prepared for the VM's and if there is ever an outage I just bring them up on the second server.

Related

Setting up ubuntu VM on Azure with apache

In Azure, I created a virtual network and then associated an Ubuntu Server virtual machine, created with Azure Resource Manager Deployment method, with the network. I then updated the associated Network Security Group and added an inbound security rule for port 80 (Source:Any, Destination:Any, Service:TCP/80). After installing Apache on the VM, I tried to access the server from my browser, but have run into a wall. I can SSH into the VM just fine, but web is a no-go, and I cannot figure out why. Any help would be appreciated.
It sometimes happen to me too because I forgot to RESTART the VM, yes just restart it. At least this works for me. and also dont forget to add outbound rule too
It worked for me with this inbound rule.
Note that when a VM is created from the portal (in ARM model), it gets automatically associated to a virtual network (vnet), a specific subnet within the vnet and a network security group.
When creating the inbound security rule, make sure to:
identify the correct network security group associated to the VM
use a priority number lower than 65500
set the source port range as *
You also need open port 80 on the VM to allow web access.
I dont think that creating your Network Security Group opens the desired port on the VM automatically.
By default in Azure Resource Manager (ARM), all ports are open; there is no need to make Network Security Groups (NSGs) to open ports, only to close them. Here is an example of an ARM template that deploys an ubuntu VM with apache:
https://github.com/Azure/azure-quickstart-templates/tree/master/apache2-on-ubuntu-vm
Alternatively, if you want an auto-scaling LAP stack using VM Scale Sets (in public preview), you can find the ARM template for that here:
https://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-lapstack-autoscale
Hope this helps! :)

Start ipython cluster using ssh on windows machine

I have a problem setting up a ipython cluster on a Windows server and connecting to this ipcluster using a ssh connection. I tried following the tutorial on https://ipython.org/ipython/doc/dev/parallel/parallel_process.html#ssh, but I have problems to understand what the options mean exactly and what parameters are to use exactly...
Could anyone help a total noob to set up an ipcluster? (Let's say the remote machine has ip 192.168.0.1 and the local machine has 192.168.0.2)
If you scroll roughly to the middle of the page https://ipython.org/ipython-doc/dev/parallel/parallel_process.html#ssh you will find this:
Current limitations of the SSH mode of ipcluster are:
Untested and unsupported on Windows. Would require a working ssh on Windows. Also, we are using shell scripts to setup and execute
commands on remote hosts.
That means, there is no easy way to build an ipcluster with ssh connection on windows (if it works at all).
Do you really need to connect the machines with an ssh connection? I guess it's possible with a ssh client on each windows machine, but if you are in a trusted local network you can also decide not to use the loopback interface and just expose the ports...
Sure you can start controller and engine separately! For further examples about ports (if you have problems with firewalls) see also How to setup ssh tunnel for ipython cluster (ipcluster)

Managing Multiple Reverse SSH Tunnels

I want to install a number of raspberry pis at remote locations and be able to log in to them remotely. (Will begin with 30-40 boxes and hopefully grow to 1000 individual raspberry pis soon.)
I need to be able to remotely manage these boxes. Going the easier route, forwarding a port on the router and setting a DHCP reservation, requires either IT support from the company we'll be doing the install for (many of which don't have IT), or it will require one of our IT people physically installing each box.
My tentative solution is to have each box create a reverse SSH tunnel to our server. My question is: How feasible would this be? How easy would it be to manage that many connections? Would it be an issue for a small local server to have 1000+ concurrent SSH connections? Is there an easier solution to this problem?
My end goal is to be able to ship someone a box, have them plug it in, and be able to access it.
Thanks,
w
An alternate solution would be to:
Install OpenVPN server on your server machine. How to install OpenVPN Server on the PI. Additionally, add firewall rules that block everything but traffic directed for the client's ssh and other services ports (if desired), from administrating machine(s).
Run OpenVPN clients on your Raspberry PI client machines. They will connect back to your VPN server. On a side note, the VPN server and administrating machine(s) need not be the same machine if resources are limited on the VPN server. How to install OpenVPN on the client Raspberry PIs.
SSH from administrating machine(s) to each client machine. Optionally, you could use RSA authentication to simplify authentication.
Benefits include encryption for the tunnel including ssh encryption for administrating, as well as being able to monitor other services on their respective ports.
I made a WebApp to manage this exact same setting in about 60 minutes with my java web template. All I can share are some scripts that I use to list the connection and info about them. You can use those to build your own app, it is really simple to display this in some fancy way in a fast web.
Take a look at my scripts: https://unix.stackexchange.com/a/625771/332669
Those will allow you to get the listening port, as well as the public IPs they're binded from. With that you can easilly plan a system where everything is easilly identificable with a simple BBDD.
You might find this docker container useful https://hub.docker.com/r/logicethos/revssh/

SSH over VPN connection

We have an AWS EC2 server that we've configured to be only accessible (via SSH) from within our office network. Obviously this isn't ideal for remote arrangements where someone has to connect to the EC2 instance and is working remotely outside the office such as during a business trip.
I've managed to set-up a VPN through PPTP and can connect to the office network (I have two local IP's one from wlan0 and one from ppp0) regardless of anywhere I am. However, when I SSH to the EC2 instance, it's still rejecting me most likely because it sees that I'm still trying to ssh from outside the network.
I think I'm missing something very important. What do you think, what am I missing to to get the ssh to use the vpn connection rather than one in wlan/eth?
I'm starting to think this isn't possible so kindly let me know. My other option is to ssh to a machine within the office network and then use that machine to ssh to the EC2 instance but I've been hesistant to do that as it seems excessive.
Find your gateway through which you want to connect to your ec2-instance.
For Linux systems, route -n will show you the routing table. Now add the route
sudo route add -host gw
Just having a VPN to your office does not mean all traffic from your machine will go through the VPN - that depends on how you configure the VPN.
You can SSH from your machine to an office machine, and from there ssh to EC2 - that should work.
Alternatively, configure your system to route traffic for the ec2 instance through the VPN connection - doing this depends on your specific VPN configuration.

How can I get winexe to attach to a non-standard port?

I'm using winexe to communicate with Windows running inside a virtual machine on my Linux system, to perform various test scenarios. I really don't want to have to be root to start the VMs.
When I start my Linux virtual machines, which I control with SSH, I simply map the SSH port (22) to a different, non-reserved port (>1024; say 19000). So I can start the VM without requiring root privileges. Then I use ssh -p 19000 ... when I want to ssh to the VM, and it works great.
But I cannot find a way to have winexe choose a different port than the default (I'm not sure what the default port is, actually; does it use 445 like SMB?). Is there a way to do it?
Note I cannot run an SSH server on Windows; because of my test environment requirements I can't add an SSH server to the virtual machines. Plus even if I were allowed I've had nothing but pain trying to get an SSH server to work reliably on Windows.
Winexe source code shows that the client-server communications happen over SMB in named pipes. As if you would write into unix pipes over nfs.
This results that it is very unlikely, that you can change the port. Maybe you can do that on the Linux side, but you have probably no way to do that in your Windows VM.