Creating A Linux VM

{{

 {{#switch:
 {{#if: 
   | 
   | {{#if: 
     | 
       {{#ifeq:|
       | talk
       |  
       }}
     | 
       {{#ifeq:|talk
       | talk
       |  
       }}
     }}
   }}

| main | = ambox | talk = tmbox | user = ombox | project = ombox | file | image = imbox | mediawiki = ombox | template = ombox | help = ombox | category = cmbox | book = ombox | extension = ombox | other | #default = ombox

}} | type = warning | image = | imageright = | class = | style = | textstyle = | text = This page documents a draft procedure for Tech Team, and is not currently normative | small = | smallimage = | smallimageright = | smalltext = | subst = | date = | name = }}

tl;dr

Use Ansible to do most of the setup, in https://github.com/pumpingstationone/gitops. Ask User:Muirrum for assistance. The goal is for this process to be fully automated. The only part that should be manual at this point is domain-joining the box.

Active Directory

Virtual machines should be joined to Active Directory. You will need

• Root access to the VM
• An AD account with permission to domain-join machines

Install these packages on the Debian VM:

sudo apt install realmd packagekit sssd sssd-tools libnss-sss libpam-sss adcli

Then, check for the PS:1 AD domain:

sudo realm discover ad.pumpingstationone.org

Join the realm:

sudo realm join ad.pumpingstationone.org --user <your administrative AD account> 

Ensure that completed successfully. Then, restrict logins with by editing /etc/sssd/sssd.conf. Look for the line that says access_provider=ad, and change it to:

access_provider=simple
simple_allow_groups=<your comma separated list of groups>