Experiment with creating and configuring cloud dev VM

dto-btn / todo

Catch-all for issues that aren't related to a specific project.

0 stars 0 forks source link

Experiment with creating and configuring cloud dev VM #6

Closed patheard closed 5 years ago

patheard commented 5 years ago

Use Azure/AzureStack
All configuration-as-code (ideally one-action create and ready to use).

patheard commented 5 years ago

Observations about AzureStack VM (Windows Server 2016 Datacenter):

IE was set to restrict file download, running active scripts.
Needed to change this with a custom security level in Internet Options > Security > Internet Zone.
Performance is quite good. ~500-1000ms on input lag.
Internet transfer speed very good ~10MB/s.

patheard commented 5 years ago

Possible fix for exposing CPU virtualization to guest OS:

Set-VMProcessor -VMName <Target VM's Name> -ExposeVirtualizationExtensions $true

patheard commented 5 years ago

Linux VM is now also up and running and can communicate with Windows VM.

Tested with following Docker container:

docker run --name test-nginx -p 80:80 -d nginx

And then connecting to http://<linux-vm-host> in a browser on the Windows VM.

patheard commented 5 years ago

Confirmed linux/windows VM can communicate over 443. This should let me test with Ansible with a linux control node and windows host.

patheard commented 5 years ago

Steps to setup:

# Linux control node
sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

# Windows host
choco install python

patheard commented 5 years ago

Created local Ansible playbook based on esdc-devx/dev-laptop.

dtf-ein/dev-laptop#1

patheard commented 5 years ago

Localhost provision worked nicely at Linux VM.
Next test is to see if it can provistion Windows VM.

patheard commented 5 years ago

Commands to share windows folder on linux:

# windows
New-SMBShare –Name "Development" –Path "C:\path\to\folder" –FullAccess domain\username

# linux
sudo apt-get install cifs-utils
sudo mount.cifs //WindowsPC/path ~/path/to/mount -o user=username

patheard commented 5 years ago

Setting up windows host with SSH:

Linux control node:

# Create ssh keys
ssh-keygen -t rsa -b 4096

# Grant ownership to the default `local_tmp` and `remote_tmp` in ansible.cfg
# Alternative: change these directories
chown -R username:usergroup ~/.ansible

Windows host:

# Install and start server
choco install openssh --package-parameters='"/SSHServerFeature"'

# Copy control node `id_rsa.pub` contents into %userprofile%\.ssh\authorized_keys

# Update %programdata%\ssh\sshd_config:
PubkeyAuthentication yes
# Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

# Restart sshd service
Restart-Service -Name sshd -Force

# Set default SSH shell to powershell (optional)
Set-Itemproperty -path 'HKLM:\SOFTWARE\OpenSSH' -Name 'DefaultShell' -value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'

Debug public key authentication not working:

ssh -vvv windows-host

patheard commented 5 years ago

Test command with plaintext auth and public key auth from linux control node:

# plaintext
# can alternatively set `ansible_user` and `ansible_password` in encryped ansible.cfg file
ansible windows -m win_whoami -u username --ask-pass

Test command with pubkey authentication:

# pubkey
ansible windows -m win_whoami

patheard commented 5 years ago

Commands for installing Ubuntu desktop on a UbuntuServer image and enablding RDP from Windows:

sudo apt install ubuntu-desktop
sudo apt install xrdp
sudo systemctl enable xrdp

patheard commented 5 years ago

Allow xrdp to listen on 443:

sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/xrdp
sudo vi /etc/xrdp/xrdp.ini # change port=443