Provisioning a CentOS 8 machine on TransIP - Unattended

In the upcoming weeks I will create a blog series of how to do unattended installations for my of preferred hosting partner TransIP. This tutorial will leverage the TransIP API for kicking off an unattended installation.

With this script in this blog you can have a working VPS wich can inject your SSH key during the installation.

TransIP API

TransIP has an extensive API which can be used to order or maintain the current products. The complete documentation can be found here: https://api.transip.nl/rest/docs.html.

An Unattended Installation

An unattended installation of CentOS in this case will let you install a clean OS with the packages you wish to install to have complete knowledge and control about how the image is configured. If you look at a provider like VULTR, or DigtalOcean you have less control about the image provisioned that you order in advance to using that machine.

1. Ordering a VPS

An API key can be made within the control panel of TransIP. In the upcoming blog post I will use Laravel to setup a project a spin-up a cluster of servers with a handfull of scripts.

A server can be purchased by triggering a POST to the endpoint of /vpses. The full example and more details about can be found here https://api.transip.nl/rest/docs.html#vps-vps-post.

Basicly your POST a JSON document to the API with an authorization header with the token from the dashboard.

Request PATH

POST /vpss

Request Headers

Content-Type: application/json
Authorization: Bearer [your JSON web token]

Request JSON/Content

{
  "productName": "vps-bladevps-x4",
  "operatingSystem": "centos8",
  "addons": [
    "vpsAddon-1-extra-cpu-core",
    "vpsAddon-1-extra-cpu-core"
  ],
  "hostname": "vps001.domain.com",
  "availabilityZone": "rtm0",
  "description": "vps001.domain.com"
}

With the above content you will order a X4 machine which is a 2 core, 4GB RAM with 150GB SSD machine wit 2 additional cores. The machine will be placed in availabilityzone Delft (rtm0). I prefer using the description and hostname equal to the preferred DNS name. This will make looking up the VPS server in the dashboard and API more easy.

After kicking the tires with above payload an order will be placed in your account. Within a minute you can get the VPS or look the vps up in your account. You will see that it uses the following structure: username-vps1. I assume this will be the first VPS of TransIP in this case.

2. Trigger the Unattended installation

Lets look at the request that needs to be made to trigger an unattended instalaltion for the OS.

Request PATH

POST /vpss/{vpsName}/operating-systems

Request Headers

Content-Type: application/json
Authorization: Bearer [your JSON web token]

Request JSON/Content

{
  "operatingSystemName": "centos8",
  "hostname": "vps001.domain.com",
  "base64InstallText": "<insert-script-here>"
}

Looks like we need three things:

1. vpsName
   This is the vps name that was just ordered and can be retrieved by the API or the control panel. It has the following id: username-vps1.
2. JSON web token
   This is the token generated within the dashboard or by a self-made script.
3. base64InstallText
   This is the full script which can be read by humans. This script must be delivered base64encoded.

The full script in human readable format is the following:

install
text
reboot
url --url=http://mirror.centos.org/centos/8/BaseOS/x86_64/kickstart/
lang en_US.UTF-8
keyboard us
timezone --utc Etc/UTC
rootpw --plaintext SomeDifficultPassword
user --name=root3ws --groups=root3ws --password=SomeUserPassword --plaintext
zerombr
clearpart --all --drives=vda
ignoredisk --only-use=vda
part /boot --fstype ext4 --size=480
part pv.01 --size=1 --grow --ondisk=vda --maxsize=100000000000
volgroup vg00 pv.01
logvol / --vgname=vg00 --fstype=ext4 --percent=100 --name=lv_root
logvol swap --recommended --fstype=swap --name=lv_swap --vgname=vg00

%packages
@core
@^minimal install
which
lvm2
parted
wget
%end

%post
mkdir /root/.ssh && echo ""

echo "ssh-rsa AAAAB3NzaC... email@domain.com" >> /root/.ssh/authorized_keys && echo ""
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys

cat > /etc/sudoers.d/root3ws <<EOF
Defaults:root3ws !requiretty
root3ws ALL=(ALL) NOPASSWD: ALL
EOF
chmod 440 /etc/sudoers.d/root3ws
%end

Make sure you change the root password to some thing generated by a password manager, same for the account of the user. The additional user is optional but can be very handy to add a user with sudo access. As you will likely disable root login on your production servers. Also make sure to change the ssh-rsa key with your own SSH public key which can give you fast access without asking for a password and enable only public key login.

For encoding the script you can use any tool you want, PHP, or the CLI or just some webservice like https://www.freeformatter.com/base64-encoder.html.

After encoding place the script in the base64Installtext variable and fire the request.

Request JSON/Content

{
  "operatingSystemName": "centos8",
  "hostname": "vps001.domain.com",
  "base64InstallText": "aW5zdGFsbA0KdGV4dA0KcmVib290DQp1cmwgLS11cmw9aHR0cDovL21pcnJvci5jZW50b3Mub3JnL2NlbnRvcy84L0Jhc2VPUy94ODZfNjQva2lja3N0YXJ0Lw0KbGFuZyBlbl9VUy5VVEYtOA0Ka2V5Ym9hcmQgdXMNCnRpbWV6b25lIC0tdXRjIEV0Yy9VVEMNCnJvb3RwdyAtLXBsYWludGV4dCBTb21lRGlmZmljdWx0UGFzc3dvcmQNCnVzZXIgLS1uYW1lPXJvb3Qzd3MgLS1ncm91cHM9cm9vdDN3cyAtLXBhc3N3b3JkPVNvbWVVc2VyUGFzc3dvcmQgLS1wbGFpbnRleHQNCnplcm9tYnINCmNsZWFycGFydCAtLWFsbCAtLWRyaXZlcz12ZGENCmlnbm9yZWRpc2sgLS1vbmx5LXVzZT12ZGENCnBhcnQgL2Jvb3QgLS1mc3R5cGUgZXh0NCAtLXNpemU9NDgwDQpwYXJ0IHB2LjAxIC0tc2l6ZT0xIC0tZ3JvdyAtLW9uZGlzaz12ZGEgLS1tYXhzaXplPTEwMDAwMDAwMDAwMA0Kdm9sZ3JvdXAgdmcwMCBwdi4wMQ0KbG9ndm9sIC8gLS12Z25hbWU9dmcwMCAtLWZzdHlwZT1leHQ0IC0tcGVyY2VudD0xMDAgLS1uYW1lPWx2X3Jvb3QNCmxvZ3ZvbCBzd2FwIC0tcmVjb21tZW5kZWQgLS1mc3R5cGU9c3dhcCAtLW5hbWU9bHZfc3dhcCAtLXZnbmFtZT12ZzAwDQoNCiVwYWNrYWdlcw0KQGNvcmUNCkBebWluaW1hbCBpbnN0YWxsDQp3aGljaA0KbHZtMg0KcGFydGVkDQp3Z2V0DQolZW5kDQoNCiVwb3N0DQpta2RpciAvcm9vdC8uc3NoICYmIGVjaG8gIiINCg0KZWNobyAic3NoLXJzYSBBQUFBQjNOemFDLi4uIGVtYWlsQGRvbWFpbi5jb20iID4+IC9yb290Ly5zc2gvYXV0aG9yaXplZF9rZXlzICYmIGVjaG8gIiINCmNobW9kIDcwMCAvcm9vdC8uc3NoDQpjaG1vZCA2MDAgL3Jvb3QvLnNzaC9hdXRob3JpemVkX2tleXMNCg0KY2F0ID4gL2V0Yy9zdWRvZXJzLmQvcm9vdDN3cyA8PEVPRg0KRGVmYXVsdHM6cm9vdDN3cyAhcmVxdWlyZXR0eQ0Kcm9vdDN3cyBBTEw9KEFMTCkgTk9QQVNTV0Q6IEFMTA0KRU9GDQpjaG1vZCA0NDAgL2V0Yy9zdWRvZXJzLmQvcm9vdDN3cw0KJWVuZA=="
}

This may take some minutes to complete. It took my install for around 3-5 minutes. After completion it will reboot and you can login to the machine. This is just a basic script to get you started, you can add some packages or inject custom scripts to setup some software like Elasticsearch (hint for next blog post subject).

Conclusions

With the elements above you can Order a VPS with the API with the script stated above. If you have any questions please contact me through the contact form. This blog is a bit technical, but that is just for reasons at this time and will soon explained more in detail with upcoming blogs.

So where are you waiting for? Just order a VPS server with the following link TransIP VPS servers and spin up your new VPS server.