% % Proxmox.tex % % Fork Sand IT Manual % % Copyright (C) 2018, Fork Sand, Inc. % Copyright (C) 2017, Jeff Moe % Copyright (C) 2017 Aleph Objects, Inc. % % This document is licensed under the Creative Commons Attribution 4.0 % International Public License (CC BY-SA 4.0) by Fork Sand, Inc. % % XXX TODO: Proxmox-GUI-login.png \section{Overview} Proxmox is a virtual machine manager. The private cloud deployment will be based on Proxmox version 5.x. Documentation: \url{https://pve.proxmox.com/wiki/Documentation} \begin{figure}[!htb] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-proxmox.png} \caption{Proxmox Website} \label{fig:www-proxmox} \end{figure} \begin{itemize} \item Website: \\ \url{https://proxmox.com/} \item Debian Stretch ISO (XXX check version): \\ \url{http://download.proxmox.com/iso/proxmox-ve_5.1-3.iso} \item Complete operating system (Debian Linux, 64-bit) \item The Proxmox VE installer, which partitions the hard drive(s) with ext4, ext3, xfs or ZFS and installs the operating system. \item Proxmox VE kernel (Linux) with LXC and \gls{kvm} support Proxmox VE Administration Guide 9/309 \item Complete toolset for administering virtual machines, containers and all necessary resources \item Web based management interface for using the toolset \item Debian Stretch admin guide: \\ \url{https://pve.proxmox.com/pve-docs/pve-admin-guide.pdf} \end{itemize} The following servers will be deployed to host Proxmox and the \glspl{kvm}: \begin{itemize} \item \texttt{sf-001} --- Virtual Machine Node 1 \item \texttt{sf-002} --- Virtual Machine Node 2 \item \texttt{sf-003} --- Virtual Machine Node 3 \item \texttt{sf-004} --- Virtual Machine Node 4 \end{itemize} %\subsection{Virtual Machine Servers} %\Gls{kvm} virtual machine servers. Fast CPU, with lots of RAM. Uses \gls{ceph} to store %virtual images. % %\subsection{Proxmox Web GUI Servers} %A Proxmox's Web GUI for administration of the \gls{cluster}. \subsection{Virtual Machine Nodes} Virtual machine nodes. Fast CPU, with lots of RAM. Uses \gls{ceph} to store virtual images. Every node includes a Proxmox's Web GUI service for administration of the \gls{cluster}. Any nodes included into the \gls{cluster} may be configured by requesting to any node's GUI. \begin{figure}[!htb] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{proxmox-gui.png} \caption{Proxmox Sunstone Web Admin GUI} \label{fig:proxmox-gui} \end{figure} \begin{minted}{sh} echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" \ > /etc/apt/sources.list.d/pve-install-repo.list wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg \ -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg apt-get update apt-get -y dist-upgrade --download-only DEBIAN_FRONTEND=noninteractive apt-get -y \ -o Dpkg::Options::="--force-confdef" \ -o Dpkg::Options::="--force-confnew" dist-upgrade apt-get -y install ksm-control-daemon proxmox-veupdate-grub apt remove os-prober \end{minted} \section{Bugs} Things that are bugs or at least aren't configured correctly. \section{GUI Configuration} At this point, you should have the Proxmox server up and running. \textcolor[rgb]{0.80,0.00,0.00}{ Todo check related, modify/replace unrelated } %See scripts in \texttt{source/resources/ns24} for automation. \begin{enumerate} \item Set up Linux Bridge (see fig. \ref{fig:sf-002linuxbridge} p.\pageref{fig:sf-002linuxbridge}): %Code: \\ \texttt{ssh -N -C -L 9869:localhost:9869 ns24} \item In workstation, open browser to urls: \\ URL: \url{http://localhost:8001/}, for sf-001 \\ URL: \url{http://localhost:8002/}, for sf-002 \\ URL: \url{http://localhost:8003/}, for sf-003 \\ URL: \url{http://localhost:8004/}, for sf-004 \\ See example at fig. \ref{fig:proxmox-gui-port}: \begin{figure}[!htb] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{shark2/23.png} \label{fig:proxmox-gui-port} \caption{Browse sf-002 node, visible port No.} \end{figure} Info: This goes through https with self-signed certificate. \item \texttt{Hostname} Changing the hostname and IP is not possible after \gls{cluster} creation. Unlike OpenNebula. %\item Click \texttt{Infrastructure}. %\item Click \texttt{Hosts}. %\item Click The \texttt{+} plus icon. %\item Enter the hostname of the \gls{kvm} server you want to use, such as the Sunstone server itself. % \texttt{Type: \gls{kvm}} % \texttt{Hostname: ns24} %\item Click \texttt{Create}. %\item Repeatedly hit the reload button that's the two arrows in a circle, as it goes thru % stages of setup, starting at \texttt{INIT}. \item Confirm status is \texttt{ON}. \end{enumerate} \section{GUI Deploy Image} \textcolor[rgb]{0.80,0.00,0.00}{Todo check related, modify/replace unrelated} \begin{minted}{sh} This is a quick and dirty way to deploy a first test image. NOTE: It is note privacy aware, as it pulls the image from the Proxmox ``store''. \end{minted} \textcolor[rgb]{0.80,0.00,0.00}{Todo check related, modify/replace unrelated} \begin{minted}{sh} How to deploy an image from the Proxmox App store: \begin{enumerate} \item Click \texttt{Storage}. \item Click \texttt{Apps} \item Click \texttt{Debian 9 - \gls{kvm}}. \item Click on the icon that is a cloud with an arrow in it. This downloads it to Proxmox. \item Select a datastore by clicking the \texttt{default} line. \item Leave name and all that the same, and click \texttt{Download}. \item Click \texttt{Images} under \texttt{Storage} in the left column. \item Hit the refresh icon repeatedly. \item When \texttt{Status} is \texttt{READY}, it is good to go. \item Click \texttt{Templates} in the left column. \item Click \texttt{VMs}. \item Click \texttt{Debian 9 - \gls{kvm}}. \item Click \texttt{Instantiate}. \item \texttt{VM Name} enter \texttt{deb9}. \item \texttt{Number of instances} enter \texttt{1}. \item \texttt{Memory} enter \texttt{768}. \item \texttt{CPU} enter \texttt{1}. \item Click the slider to \texttt{Instantiate as persistent}. \item Click \texttt{Instantiate}. \item Click \texttt{Instances} in the left column. \item Click \texttt{VMs}. \item Click the reload icon, repeat. \item It is good when \texttt{Status} is \texttt{RUNNING}. \item Set up an \texttt{ssh} tunnel so VNC can be used: \texttt{ssh -N -C -L 29876:localhost:29876 ns24} \item Click on the little monitor icon to launch VNC. \item Look at booted up screen at \texttt{login:} prompt. \item This means a Debian \gls{kvm} booted up and the VNC is working. There is no password for the \texttt{root} account, only \texttt{ssh} is available. So without network setup, you can't really do anything with this image. Booted, it just shows it works. \end{enumerate} I think delete this section, it would go before the \texttt{Templates} above.: \begin{enumerate} \item Click \texttt{Debian 9 - \gls{kvm}}. \item PROBABLY NO: Click \texttt{Clone} to make a local copy. \item PROBABLY NO: It will say \texttt{Copy of Debian 9 - \gls{kvm}}, leave as-is, click \texttt{Clone}. \item Click on the icon with three dots. \item Click \texttt{Make Persistent}. \item Click on the icon with three dots. \item Click \texttt{Enable}. \end{enumerate} \end{minted} \section{Proxmox Networking} Create --> Linux Bridge: vmbr0 XXX best way for this server? No subnet. \textcolor[rgb]{0.80,0.00,0.00}{taken from sf-004-bootstrap} \begin{minted}{sh} source /etc/network/interfaces.d/* auto enp1s0f1 iface enp1s0f1 inet static address 70.39.103.210/29 gateway 70.39.103.209 dns-nameservers 208.67.222.222 dns-search forksand.com \end{minted} As user \texttt{jebba}, on the server, run this to generate a key. Then paste that key into Sunstone under "SSH Public Key". \begin{minted}{sh} ssh-keygen -t ed25519 \end{minted} \begin{minted}{sh} # XXX test. Use this IP and interface, so no 192.168.0.0 but real IPs. # Comment this out: auto eth0:27 iface eth0:27 inet static address 174.128.229.158 netmask 255.255.255.224 gateway 174.128.229.129 \end{minted} XXX Check if IP forwarding is needed in \texttt{/etc/sysctl.conf}. If things are set up to use a bridge and 192.168.100.100, \texttt{iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE} Will bring things up to NAT. XXX The port forwarding is forwarding all port 53 to guest at the moment.