Developer VM Creation

Introduction

This document outlines the process for creating a developer virtual machine (VM), installing the necessary tech stack, configuring the environment, and preparing the VM for deployment. The guide is tailored for the creation of a Dev Template VM with specific configurations and is applicable to the Elitical project.

1. Creating the Dev Template VM

To create the Dev Template VM, use the following command:

sudo virt-install \
    --name elitical-dev-tmpl \
    --os-variant ubuntu22.04 \
    --vcpus 2 \
    --memory 6144 \
    --location /data1/os-iso/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
    --network bridge=virbr20,model=virtio,mac=0a:01:e9:20:de:03 \
    --network network=virho10,model=virtio,mac=0a:01:e9:10:de:03 \
    --disk size=30,pool=adm-images \
    --uuid=00000000-0000-0000-0000-0a01e920de03 \
    --graphics none \
    --extra-args='console=ttyS0' \
    --debug

VM Specifications:

  • Name: elitical-dev-tmpl
  • OS Variant: Ubuntu 22.04
  • vCPUs: 2
  • Memory: 6 GB
  • Disk Size: 30 GB
  • Networks:
    • Bridge: virbr20
    • Network: virho10
  • UUID: 00000000-0000-0000-0000-0a01e920de03
  • Graphics: None (console via ttyS0)

Partition Details:

  • /: 9.5 GB
  • /boot: 500 MB
  • /home: 2 GB
  • SWAP: 2 GB
  • /var: 8 GB
  • /data: 8 GB

User Setup:

  • Full Name: <project> Developer Server
  • Server Name: eev-in-dev1a-node01, elitical-dev1a-node01
  • User: devopsadmin
  • Password: 1!Devops@dmin

Note:

  • Install SSH Server: Select the SSH server option during the installation process.
  • Add User to Sudoers: Use visudo to add the following line at the end of the file: 
    devopsadmin ALL=(ALL) NOPASSWD: ALL

2. Installing the Tech Stack

Once the VM is created, clone the Devops Automation scripts repository into the VM.

Navigate to the cloned directory and run the following command to install the tech stack:

python3 TechStackInstallation.py <project_name> java maven haproxy tomcat git scylla redpanda mysql

Example:

python3 TechStackInstallation.py eliticalDev java maven haproxy tomcat git scylla redpanda mysql
  • Project Name: Specifies the directory in the Devops Automation scripts folder which provides the necessary inputs for the TechStackInstallation.py script.

The directory also contains configuration and database files. Any modifications required should be updated in this directory, which will reflect in the installation and configuration.

3. Configuring the Installed Tech Stack

To configure the installed tech stack, run the following command:

python3 ConfigureScript.py <projectname> configuration

Example:

python3 ConfigureScript.py eliticalDev configuration

4. Loading Base Data

Load the base data into the VM by running:

python3 ConfigureScript.py <projectname> databases.conf

Example:

python3 ConfigureScript.py eliticalDev databases.conf

5. Verifying Services

Check that all services are running correctly by using:

systemctl status <service_name>

Ensure that services that need to be disabled.

6. Creating a Service to Start Services

To ensure that all necessary services start sequentially on system startup, create a custom service by adding the following configuration:

Service Unit File:

Create a service unit file at /etc/systemd/system/start-services.service with the following content:

[Unit]
Description=Start services sequentially on system startup
After=network.target

[Service]
Type=oneshot
ExecStart=/bin/bash /home/devopsadmin/.scripts/start-services.sh
User=devopsadmin
Group=devopsadmin

[Install]
WantedBy=multi-user.target

Start Services Script:

Create the script /home/devopsadmin/.scripts/start-services.sh with the following content:

#!/bin/bash

service_running() {
    systemctl is-active "$1" >/dev/null 2>&1
}

SERVICES=("apache2" "scylla-jmx" "scylla-server" "redpanda" "mysql@bootstrap" "tomcat-elitical" "haproxy")

for service in "${SERVICES[@]}"; do
    echo "Starting $service..."
    sudo systemctl start "$service"

    while true; do
        if service_running "$service"; then
            echo "$service started successfully."
            break
        else
            echo "$service failed to start. Retrying in 10 seconds..."
            sleep 10
        fi
    done
done

echo "All services started successfully."

Enabling the Service:

Enable the service to ensure it runs on system startup:

sudo systemctl enable start-services.service

Verify the service by rebooting the VM or manually starting the service:

sudo systemctl start start-services.service

7. Hardening the VM

To harden the VM, navigate to the Hardening directory and run:

cd Hardening
bash ubuntu.sh

Verify Hardening Score:

bash checkScore.sh

8. Post-Hardening Changes

  • SSH Port Change: The SSH port was changed from the default port to 39195.
  • User Creation: A devbox user was created with the password Dev$@YukthbOx and added to the sudoers group. 
    sudo adduser devbox
    • The system prompts for a password. Enter a secure password, then retype it to confirm.
    • The system asks for additional information about the user, including name, phone numbers, etc. These fields are optional and can be skipped by pressing Enter.
    • Type y to confirm the information and complete the settings for the new user.
    • To grant users sudo permission without editing the sudoers file, add them to the sudo group with the usermod command: 
      sudo usermod -aG sudo devbox

9. Jenkins Pipeline Scripts for Deployment

After the VM is created and hardened, Jenkins pipeline scripts are utilized to automate the deployment process of the project. This involves:

  • Project Deployment: A Jenkins pipeline script is responsible for deploying the project, ensuring that the application is built, tested, and deployed consistently and successfully.

  • Database Reset: An additional Jenkins pipeline script handles the resetting of the database, maintaining a clean and consistent state for development and testing purposes.

These pipeline scripts streamline the deployment workflow, reduce manual intervention, and enhance the reliability and efficiency of the deployment process.

10. Verifying the Website Deployment

After the successful execution of the Jenkins pipeline, verify that the website is properly deployed:

  • Web Application: Visit http://{vm_ip} to check if the web application is accessible.
  • Web Server: Visit http://{vm_ip}/apu/home to check if the web server is working correctly.

Troubleshooting:

If any issues are encountered, check the following configuration files:

  • HAProxy Configuration: /etc/haproxy/haproxy.cfg
  • Apache2 Configuration: /etc/apache2/apache2.conf

Once all the steps are completed and verified, the dev template VM is ready for cloning. This template can now be used to create additional developer VMs as needed.