cal/claude-home
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
bdd500bcdf
claude-home/vm-management/scripts/README.md
Cal Corum 4b7eca8a46
All checks were successful
Reindex Knowledge Base / reindex (push) Successful in 3s
Details
docs: add YAML frontmatter to all 151 markdown files 
Adds title, description, type, domain, and tags frontmatter to every
doc for improved KB semantic search. The description field is prepended
to every search chunk, and domain/type/tags enable filtered queries.

Type values: context, guide, runbook, reference, troubleshooting
Domain values match directory structure (networking, docker, etc.)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 09:00:44 -05:00

166 lines
5.0 KiB
Markdown
Raw Blame History

---
title: "VM Provisioning Scripts"
description: "Usage guide for vm-post-install.sh and cloud-init-user-data.yaml. Covers automated VM provisioning with SSH key deployment, Docker installation, security hardening, and post-provisioning verification."
type: reference
domain: vm-management
tags: [proxmox, scripts, provisioning, cloud-init, docker, ssh]
---
# VM Management and Provisioning
Automated VM provisioning scripts for Proxmox environments with SSH key deployment, system updates, and Docker installation.
## Files
### `vm-post-install.sh`
Post-installation provisioning script for existing VMs.
**Usage:**
```bash
./vm-post-install.sh <vm-ip> [ssh-user]
```
**Example:**
```bash
./vm-post-install.sh 10.10.0.100 cal
```
**Features:**
- ✅ System updates and essential packages
- ✅ SSH key deployment (primary + emergency keys)
- ✅ SSH security hardening (disable password auth)
- ✅ Docker and Docker Compose installation
- ✅ User environment setup with aliases
- ✅ Automatic security updates configuration
**Requirements:**
- Target VM must have SSH access enabled initially
- Homelab SSH keys must exist: `~/.ssh/homelab_rsa` and `~/.ssh/emergency_homelab_rsa`
- Initial connection may require password authentication
### `cloud-init-user-data.yaml`
Cloud-init configuration for fully automated VM provisioning in Proxmox.
**Usage:**
1. Copy contents of this file
2. In Proxmox, create VM with cloud-init support
3. Paste the YAML content into the "User Data" field
4. Start the VM
**Features:**
- ✅ User creation with sudo privileges
- ✅ SSH keys pre-installed (no password auth needed)
- ✅ Automatic package updates
- ✅ Docker and Docker Compose installation
- ✅ Security hardening from first boot
- ✅ Useful bash aliases and environment setup
- ✅ Welcome message with system status
## Quick Start
### Option 1: Post-Installation Script (Existing VMs)
```bash
# Make script executable
chmod +x scripts/vm-management/vm-post-install.sh
# Provision an existing VM
./scripts/vm-management/vm-post-install.sh 10.10.0.100 cal
```
### Option 2: Cloud-Init (New VMs in Proxmox)
1. Create new VM in Proxmox with cloud-init support
2. Go to Cloud-Init tab
3. Copy contents of `cloud-init-user-data.yaml`
4. Paste into "User Data" field
5. Start VM - it will be fully provisioned automatically
## SSH Key Management Integration
Both provisioning methods integrate with the existing homelab SSH key management:
- **Primary Key**: `~/.ssh/homelab_rsa` - Daily use authentication
- **Emergency Key**: `~/.ssh/emergency_homelab_rsa` - Backup access
- **Security**: Password authentication disabled after key deployment
- **Backup**: Keys are managed by existing SSH backup system
## Post-Provisioning Verification
After provisioning, verify the setup:
```bash
# Test SSH access with key
ssh cal@<vm-ip>
# Verify Docker installation
docker --version
docker compose version
docker run --rm hello-world
# Check user groups
groups cal
# Should include: cal sudo docker
# Verify SSH security
sudo sshd -T | grep -E "(passwordauth|pubkeyauth|permitroot)"
# Should show:
# passwordauthentication no
# pubkeyauthentication yes
# permitrootlogin no
```
## Customization
### Modifying SSH Keys
Edit the SSH public keys in `cloud-init-user-data.yaml` or ensure your local SSH keys match the expected paths for the post-install script.
### Changing Default User
Update the username in both scripts (default: `cal`):
- In `vm-post-install.sh`: Change `SSH_USER="${2:-cal}"`
- In `cloud-init-user-data.yaml`: Change the user configuration section
### Additional Packages
Add packages to:
- **Post-install script**: Add to the `apt install` command
- **Cloud-init**: Add to the `packages:` section
### Custom Aliases
Modify bash aliases in:
- **Post-install script**: Update the aliases added to `~/.bashrc`
- **Cloud-init**: Edit the `.bash_aliases` file content
## Troubleshooting
### Script Fails to Connect
- Verify VM is accessible: `ping <vm-ip>`
- Check SSH service: `nc -z <vm-ip> 22`
- Ensure initial password/key authentication works
### Docker Installation Issues
- Check internet connectivity on VM
- Verify Docker GPG key download succeeded
- Review Docker service status: `systemctl status docker`
### SSH Key Authentication Problems
- Verify key file permissions (600 for private, 644 for public)
- Check authorized_keys file on target VM
- Test manual key-based connection
### Cloud-Init Not Working
- Check Proxmox cloud-init support is enabled for VM
- Verify YAML syntax is valid
- Review cloud-init logs: `sudo cloud-init status --long`
## Security Notes
- Password authentication is completely disabled after provisioning
- Only key-based SSH access allowed
- Emergency keys provide backup access
- Automatic security updates enabled
- User has sudo privileges but requires proper SSH key authentication
- Docker group membership allows container management without sudo
## Related Documentation
- SSH Key Management: `patterns/networking/ssh-key-management.md`
- SSH Setup Examples: `examples/networking/ssh-homelab-setup.md`
- Docker Patterns: `patterns/docker/`
Reference in New Issue View Git Blame Copy Permalink