% % Proxmox.tex % % Fork Sand IT Manual % % Copyright (C) 2018, Fork Sand, Inc. % Copyright (C) 2017, Jeff Moe % Copyright (C) 2017 Aleph Objects, Inc. % % This document is licensed under the Creative Commons Attribution 4.0 % International Public License (CC BY-SA 4.0) by Fork Sand, Inc. % % XXX TODO: Proxmox-GUI-login.png \section{Overview} Proxmox is a virtual machine manager. The private cloud deployment will be based on Proxmox version 5.x. %There are only Debian 8 (Jessie, oldstable) releases. %Debian hasn't packaged Proxmox since wheezy. It has it in sid, but even %that is an old version. The only packages available for Debian are the %upstream ones for Jessie made by Proxmox. UPDATE: although Proxmox isn't listed on Debian 9 (Stretch) packages, there is an installation manual for 5.x version, which is great. Documentation: \url{https://pve.proxmox.com/wiki/Documentation} \begin{figure}[h!] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-proxmox.png} \caption{Proxmox Website} \label{fig:www-proxmox} \end{figure} \begin{itemize} \item Website: \\ \url{https://proxmox.com/} \item Debian Stretch Repo: \\ \url{http://downloads.Proxmox.com/repo/5.4/Debian/9/pool/Proxmox/} \end{itemize} The following servers will be deployed to host Proxmox and the KVMs: \begin{itemize} %\item \texttt{waz-kvm-001.forksand.com} %\item \texttt{waz-kvm-002.forksand.com} --- Virtual Machine Server 2 %\item \texttt{waz-kvm-003.forksand.com} --- Virtual Machine Server 3 %\item \texttt{waz-kvm-004.forksand.com} --- Virtual Machine Server 4 %\item \texttt{waz-kvm-005.forksand.com} --- Virtual Machine Server 5 %\item \texttt{waz-sun-001.forksand.com} --- Proxmox Web GUI 1 %\item \texttt{waz-sun-002.forksand.com} --- Proxmox Web GUI 2 \item \texttt{forksand-hk1} --- Virtual Machine Node 1 \item \texttt{forksand-hk2} --- Virtual Machine Node 2 \item \texttt{forksand-hk3} --- Virtual Machine Node 3 \item \texttt{\textcolor[rgb]{0.80,0.00,0.00}{forksand-shark1}} \textcolor[rgb]{0.80,0.00,0.00}{--- Virtual Machine Node ?} \item \texttt{forksand-shark2} --- Virtual Machine Node 4 \item \texttt{forksand-shark3} --- Virtual Machine Node 5 \item \texttt{forksand-shark4} --- Virtual Machine Node 6 \item \texttt{forksand-the} --- Virtual Machine Node 7 \item \texttt{forksand-truck} --- Virtual Machine Node 8 \end{itemize} %\subsection{Virtual Machine Servers} %KVM virtual machine servers. Fast CPU, with lots of RAM. Uses Ceph to store %virtual images. % %\subsection{Proxmox Web GUI Servers} %A Proxmox's Web GUI for administration of the cluster. \subsection{Virtual Machine Nodes} Virtual machine nodes. Fast CPU, with lots of RAM. Uses Ceph to store virtual images. Every node includes a Proxmox's Web GUI for administration of the cluster. \textcolor[rgb]{0.80,0.00,0.00}{Todo clarify} \begin{figure}[h!] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{proxmox-gui.png} \caption{Proxmox Sunstone Web Admin GUI} \label{fig:proxmox-gui} \end{figure} \begin{minted}{sh} echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" \ > /etc/apt/sources.list.d/pve-install-repo.list wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg \ -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg apt-get update apt-get -y dist-upgrade --download-only DEBIAN_FRONTEND=noninteractive apt-get -y \ -o Dpkg::Options::="--force-confdef" \ -o Dpkg::Options::="--force-confnew" dist-upgrade apt-get -y install ksm-control-daemon proxmox-veupdate-grub apt remove os-prober \end{minted} \section{Bugs} Things that are bugs or at least aren't configured correctly. \section{GUI Configuration} At this point, you should have the Proxmox server up and running. \textcolor[rgb]{0.80,0.00,0.00}{ Todo check related, modify/replace unrelated } \begin{minted}{sh} See scripts in \texttt{source/resources/ns24} for automation. \begin{enumerate} \item Set up Linux Bridge (use Sunstone server name for ns24): Code: \\ \texttt{ssh -N -C -L 9869:localhost:9869 ns24} \item In workstation, open browser to url: URL: \\ \url{http://localhost:9869/} Info: \\ This goes through the encrypted SSH tunnel, but doesn't use https. \item Click \texttt{Proxmox} in the upper right to get the full web console. \item Click \texttt{Infrastructure}. \item Click \texttt{Hosts}. \item Click The \texttt{+} plus icon. \item Enter the hostname of the KVM server you want to use, such as the Sunstone server itself. \texttt{Type: KVM} \texttt{Hostname: ns24} \item Click \texttt{Create}. \item Repeatedly hit the reload button that's the two arrows in a circle, as it goes thru stages of setup, starting at \texttt{INIT}. \item Confirm status is \texttt{ON}. \end{enumerate} \end{minted} \section{GUI Deploy Image} \textcolor[rgb]{0.80,0.00,0.00}{Todo check related, modify/replace unrelated} \begin{minted}{sh} This is a quick and dirty way to deploy a first test image. NOTE: It is note privacy aware, as it pulls the image from the Proxmox ``store''. \end{minted} \textcolor[rgb]{0.80,0.00,0.00}{Todo check related, modify/replace unrelated} \begin{minted}{sh} How to deploy an image from the Proxmox App store: \begin{enumerate} \item Click \texttt{Storage}. \item Click \texttt{Apps} \item Click \texttt{Debian 9 - KVM}. \item Click on the icon that is a cloud with an arrow in it. This downloads it to Proxmox. \item Select a datastore by clicking the \texttt{default} line. \item Leave name and all that the same, and click \texttt{Download}. \item Click \texttt{Images} under \texttt{Storage} in the left column. \item Hit the refresh icon repeatedly. \item When \texttt{Status} is \texttt{READY}, it is good to go. \item Click \texttt{Templates} in the left column. \item Click \texttt{VMs}. \item Click \texttt{Debian 9 - KVM}. \item Click \texttt{Instantiate}. \item \texttt{VM Name} enter \texttt{deb9}. \item \texttt{Number of instances} enter \texttt{1}. \item \texttt{Memory} enter \texttt{768}. \item \texttt{CPU} enter \texttt{1}. \item Click the slider to \texttt{Instantiate as persistent}. \item Click \texttt{Instantiate}. \item Click \texttt{Instances} in the left column. \item Click \texttt{VMs}. \item Click the reload icon, repeat. \item It is good when \texttt{Status} is \texttt{RUNNING}. \item Set up an \texttt{ssh} tunnel so VNC can be used: \texttt{ssh -N -C -L 29876:localhost:29876 ns24} \item Click on the little monitor icon to launch VNC. \item Look at booted up screen at \texttt{login:} prompt. \item This means a Debian KVM booted up and the VNC is working. There is no password for the \texttt{root} account, only \texttt{ssh} is available. So without network setup, you can't really do anything with this image. Booted, it just shows it works. \end{enumerate} I think delete this section, it would go before the \texttt{Templates} above.: \begin{enumerate} \item Click \texttt{Debian 9 - KVM}. \item PROBABLY NO: Click \texttt{Clone} to make a local copy. \item PROBABLY NO: It will say \texttt{Copy of Debian 9 - KVM}, leave as-is, click \texttt{Clone}. \item Click on the icon with three dots. \item Click \texttt{Make Persistent}. \item Click on the icon with three dots. \item Click \texttt{Enable}. \end{enumerate} \end{minted} \section{Proxmox Networking} Create --> Linux Bridge: vmbr0 XXX best way for this server? No subnet. \textcolor[rgb]{0.80,0.00,0.00}{taken from forksand-shark4-bootstrap} \begin{minted}{sh} source /etc/network/interfaces.d/* auto enp1s0f1 iface enp1s0f1 inet static address 70.39.103.210/29 gateway 70.39.103.209 dns-nameservers 208.67.222.222 dns-search forksand.com \end{minted} As user \texttt{jebba}, on the server, run this to generate a key. Then paste that key into Sunstone under "SSH Public Key". \begin{minted}{sh} ssh-keygen -t ed25519 \end{minted} \begin{minted}{sh} # XXX test. Use this IP and interface, so no 192.168.0.0 but real IPs. # Comment this out: auto eth0:27 iface eth0:27 inet static address 174.128.229.158 netmask 255.255.255.224 gateway 174.128.229.129 \end{minted} XXX Check if IP forwarding is needed in \texttt{/etc/sysctl.conf}. If things are set up to use a bridge and 192.168.100.100, \texttt{iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE} Will bring things up to NAT. XXX The port forwarding is forwarding all port 53 to guest at the moment.