d-bis/loc_az_hci
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
loc_az_hci/docs/temporary/NEXT_STEPS.md
defiQUG c39465c2bd
Some checks failed
Test / test (push) Has been cancelled
Details
Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore) 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 09:04:46 -08:00

9.5 KiB
Raw Permalink Blame History

Next Steps - Azure Stack HCI Deployment

Completed

  • Environment configuration (.env file setup)
  • Proxmox credential structure (best practices with PVE_ROOT_PASS)
  • Connection testing script created and verified
  • Both Proxmox servers tested and accessible:
    • HPE ML110 Gen9: 192.168.1.206:8006
    • Dell R630: 192.168.1.49:8006
  • Documentation updated with security best practices

🎯 Immediate Next Steps (Priority Order)

1. Complete Environment Configuration

Status: Partially complete - Proxmox configured, Azure/Cloudflare pending

# Edit .env file and configure remaining credentials
nano .env  # or use your preferred editor

Required:

  • AZURE_SUBSCRIPTION_ID - Get from: az account show --query id -o tsv
  • AZURE_TENANT_ID - Get from: az account show --query tenantId -o tsv
  • AZURE_RESOURCE_GROUP - Set to: HC-Stack (or your preferred name)
  • AZURE_LOCATION - Set to: eastus (or your preferred region)
  • CLOUDFLARE_API_TOKEN - Create at: https://dash.cloudflare.com/profile/api-tokens
  • CLOUDFLARE_ACCOUNT_EMAIL - Your Cloudflare account email

Verify configuration:

# Test Proxmox connections (already working)
./scripts/utils/test-proxmox-connection.sh

# Test Azure CLI connection
az account show

# Verify environment variables loaded
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')
echo "Azure Subscription: $AZURE_SUBSCRIPTION_ID"
echo "Azure Tenant: $AZURE_TENANT_ID"

2. Azure Prerequisites Setup

Create Azure Resource Group:

# Load environment variables
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')

# Login to Azure
az login

# Set subscription
az account set --subscription "$AZURE_SUBSCRIPTION_ID"

# Create resource group
az group create \
  --name "$AZURE_RESOURCE_GROUP" \
  --location "$AZURE_LOCATION"

# Verify
az group show --name "$AZURE_RESOURCE_GROUP"

Verify Azure CLI:

# Check prerequisites
./scripts/utils/prerequisites-check.sh

3. Proxmox Cluster Configuration

Current Status: Both servers are accessible but may not be clustered yet.

Option A: If servers are already clustered:

# Verify cluster status (run on one of the Proxmox hosts)
pvecm status
pvecm nodes

Option B: If servers need to be clustered:

On ML110 (192.168.1.206):

# SSH to the server
ssh root@192.168.1.206

# Configure network (if needed)
export NODE_IP=192.168.1.206
export NODE_GATEWAY=192.168.1.254  # Adjust based on your network
export NODE_HOSTNAME=pve-ml110

# Run configuration scripts (if available)
# ./infrastructure/proxmox/network-config.sh
# ./infrastructure/proxmox/cluster-setup.sh

On R630 (192.168.1.49):

# SSH to the server
ssh root@192.168.1.49

# Configure network (if needed)
export NODE_IP=192.168.1.49
export NODE_GATEWAY=192.168.1.254  # Adjust based on your network
export NODE_HOSTNAME=pve-r630
export CLUSTER_NODE_IP=192.168.1.206

# Run configuration scripts (if available)
# ./infrastructure/proxmox/network-config.sh
# export NODE_ROLE=join
# ./infrastructure/proxmox/cluster-setup.sh

Verify cluster:

# From either Proxmox host
pvecm status
pvecm nodes

4. Azure Arc Onboarding

Onboard Proxmox Hosts to Azure Arc:

On ML110:

# SSH to ML110
ssh root@192.168.1.206

# Load environment variables (copy .env or set manually)
export RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-HC-Stack}"
export TENANT_ID="${AZURE_TENANT_ID}"
export SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
export LOCATION="${AZURE_LOCATION:-eastus}"
export TAGS="type=proxmox,host=ml110"

# Run onboarding script
./scripts/azure-arc/onboard-proxmox-hosts.sh

On R630:

# SSH to R630
ssh root@192.168.1.49

# Load environment variables
export RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-HC-Stack}"
export TENANT_ID="${AZURE_TENANT_ID}"
export SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
export LOCATION="${AZURE_LOCATION:-eastus}"
export TAGS="type=proxmox,host=r630"

# Run onboarding script
./scripts/azure-arc/onboard-proxmox-hosts.sh

Verify in Azure Portal:

  • Navigate to: Azure Portal → Azure Arc → Servers
  • Both Proxmox hosts should appear as "Connected"

5. Create Service VMs

Using Terraform (Recommended):

cd terraform/proxmox

# Create terraform.tfvars
cat > terraform.tfvars <<EOF
proxmox_host     = "192.168.1.206"  # or 192.168.1.49
proxmox_username = "root@pam"
proxmox_password = "${PVE_ROOT_PASS}"
proxmox_node     = "pve"  # Adjust based on your node name
EOF

# Initialize and apply
terraform init
terraform plan
terraform apply

Or manually via Proxmox Web UI:

  • Access: https://192.168.1.206:8006 or https://192.168.1.49:8006
  • Create VMs for:
    • Kubernetes (K3s)
    • Cloudflare Tunnel
    • Git Server (Gitea/GitLab)
    • Observability (Prometheus/Grafana)

6. Cloudflare Tunnel Setup

Prerequisites:

  • Cloudflare account with Zero Trust enabled
  • Ubuntu VM deployed in VLAN 99 (or appropriate network)

Setup Tunnel:

# On Ubuntu Tunnel VM
# Install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared
chmod +x /usr/local/bin/cloudflared

# Authenticate
cloudflared tunnel login

# Create tunnel
cloudflared tunnel create azure-stack-hci

# Configure tunnel (see docs/cloudflare-integration.md)

Reference:

7. Kubernetes (K3s) Deployment

On K3s VM:

# Install K3s
./infrastructure/kubernetes/k3s-install.sh

# Onboard to Azure Arc
export RESOURCE_GROUP="${AZURE_RESOURCE_GROUP:-HC-Stack}"
export TENANT_ID="${AZURE_TENANT_ID}"
export SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
export LOCATION="${AZURE_LOCATION:-eastus}"
export CLUSTER_NAME=proxmox-k3s-cluster

./infrastructure/kubernetes/arc-onboard-k8s.sh

8. GitOps Setup

Deploy Git Server:

Option A: Gitea (Recommended for small deployments):

./infrastructure/gitops/gitea-deploy.sh

Option B: GitLab CE:

./infrastructure/gitops/gitlab-deploy.sh

Configure GitOps:

  1. Create Git repository in your Git server
  2. Copy gitops/ directory to repository
  3. Configure GitOps in Azure Portal or using Flux CLI

9. Security Hardening

Create RBAC Accounts for Proxmox:

# Follow the guide
cat docs/security/proxmox-rbac.md

# Create service accounts
# Create operator accounts
# Generate API tokens
# Replace root usage in automation

Reference:

10. Monitoring and Observability

Deploy Monitoring Stack:

# Deploy via GitOps or manually
helm install prometheus ./gitops/apps/prometheus -n monitoring
helm install grafana ./gitops/apps/grafana -n monitoring

Configure Azure Monitor:

  • Enable Log Analytics workspace
  • Configure data collection rules
  • Set up alerting

📋 Detailed Checklists

For comprehensive step-by-step instructions, refer to:

  1. Bring-Up Checklist - Complete day-one installation guide
  2. Deployment Guide - Detailed deployment phases
  3. Azure Arc Onboarding - Azure integration steps
  4. Cloudflare Integration - Secure external access

🔧 Useful Commands

Test Connections:

# Test Proxmox connections
./scripts/utils/test-proxmox-connection.sh

# Check prerequisites
./scripts/utils/prerequisites-check.sh

Verify Configuration:

# Check .env file
cat .env | grep -v "^#" | grep -v "^$"

# Verify Azure connection
az account show

# Check Proxmox cluster (from Proxmox host)
pvecm status

Load Environment Variables:

# Source .env file
source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=')

🚨 Troubleshooting

If Proxmox connection fails:

  • Verify internal IPs are correct in .env
  • Check firewall rules for port 8006
  • Verify Proxmox services are running
  • Test web UI access in browser

If Azure Arc onboarding fails:

  • Verify Azure CLI is authenticated: az login
  • Check network connectivity (outbound HTTPS 443)
  • Verify resource group exists
  • Review agent logs: journalctl -u azcmagent

If scripts fail:

  • Ensure .env file is properly configured
  • Check script permissions: chmod +x scripts/**/*.sh
  • Verify all prerequisites are installed

📚 Documentation Reference

🎯 Success Criteria

You'll know you're ready for the next phase when:

  • Both Proxmox servers are accessible and tested
  • Azure credentials configured and verified
  • Cloudflare credentials configured
  • Azure resource group created
  • Proxmox cluster configured (if applicable)
  • Azure Arc agents installed on Proxmox hosts
  • Service VMs created
  • Cloudflare Tunnel configured
  • Kubernetes cluster deployed
  • GitOps repository configured

Current Status: Environment configuration complete, ready for Azure Arc onboarding and service deployment.

Recommended Next Action: Complete Azure and Cloudflare credential configuration, then proceed with Azure Arc onboarding.

Reference in New Issue View Git Blame Copy Permalink