Proxmox VE is an open-source virtualization platform supporting KVM and (as of version 4.0) Linux Containers (LXC). Furthermore, since Proxmox 4.0, there is also full support for IPv6.
First, some instructions and guidance before beginning to set up the new environment:
- Are only Linux machines going to be used? Then under certain circumstances, LXC would be enough.
- Should LXC or KVM be used? Both have their benefits as well as drawbacks. A thoughtful judgment and good research can provide less work/trouble in the future.
- Although KVM is not as performant as LXC, it provides complete hardware virtualization and allows all of the most common operating systems (including Windows). A conversion of the virtual disks in formats such as VMDK is simple.
Basic installation on a Rootadminz server
Boot the server into the Rescue-System. Install image select and the required Debian OS.
It is recommended to use the appropriate version of Debian to match the Proxmox version in the official pre-installation media:
- since Proxmox 4.0: Debian 8 (jessie)
- since Proxmox 5.0: Debian 9 (stretch)
- since Proxmox 6.0: Debian 10 (buster)
Configure the RAID level, partitioning and hostname as required
Save the configuration and after completion of the installation, perform a restart
Step 2 - Adjust the APT sources (/etc/apt/sources.list)
echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
curl -#o /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
Now update the packages:
apt update # Update package lists apt upgrade # Bring all packages up to date apt dist-upgrade # Bring Debian up to date
Step 3 - Install Proxmox VE
Since Proxmox brings its firmware, the existing firmware packages should first be uninstalled:
apt purge firmware-bnx2x firmware-realtek firmware-linux-free
After that, Proxmox can be installed.
apt-get install proxmox-ve
After a restart, the Proxmox kernel should be loaded:
# uname -rv 5.4.103-1-pve #1 SMP PVE 5.4.103-1 (Sun, 07 Mar 2021 15:55:09 +0100)
Step 4 - Load the kernel module
Check if the module kvm has been loaded: lsmod | grep kvm
If the module has not been loaded, then this will need to be done manually:
For Intel CPUs:
modprobe kvm modprobe kvm_intel
For AMD CPUs:
modprobe kvm modprobe kvm_amd
Note: The kernel modules are required for the KVM hardware virtualization. If these are not present, no KVM guests can be started.
First of all, it is essential to decide which virtualization solution (LXCand/or KVM) and which variant (bridged/routed) will be used.
LXC (Linux Containers)
- Advantages: leightweight, fast, lower RAM requirement
- Disadvantages: The kernel of the host system is used. Only Linux distributions can be used.
KVM (Kernel-Based Virtual Machine)
- Advantages: Almost any operating systems can be installed.
- Disadvantages: Higher resource usage, since VMs are using their own kernel.
- Multiple single IP addresses and subnets can be used in one VM.
- A point-to-point setup is required for IP addresses from different networks.
- The host is transparent and not part of the route.
- VMs can directly communicate with the gateway of the assigned IP.
- VMs may only communicate via the MAC address assigned to the respective IP address. The virtual MAC must be requested in the Rootadminz Robot.
- IP addresses from additional subnets can only be used on the host system or a single VM with a single IP (if the subnet is routed to it) (also applies to IPv6)
With a routed setup the vmbr0 is not connected with the physical interface. IP forwarding needs to be activated on the host system. This can be done automatically through /etc/sysctl.conf at boot time. (Please note that forwarding is disabled for the default Rootadminz installation. This setting can be found in either /etc/sysctl.conf or in /etc/sysctl.d/99-Rootadminz.conf)
sysctl -w net.ipv4.ip_forward=1
Forwarding for IPv6 needs to be activated as well. This is also available in the Rootadminz standard installation and only needs to be activated:
sysctl -w net.ipv6.conf.all.forwarding=1
After a successful installation, the virtual machines can be administered at https://server-IP:8006.
Network Configuration Host system Routed
When using a routed setup, it is necessary to add the route to a virtual machine manually. Additionally, existing virtual MAC addresses should be removed from the respective IP addresses. Since a host route is set, IP addresses from other subnets are easily possible. So for example:
# /etc/network/interfaces ### Rootadminz - installimage # Loopback device: auto lo iface lo inet loopback # device: enp1s0 auto enp1s0 iface enp1s0 inet static address netmask 255.255.255.255 pointopoint gateway iface enp1s0 inet6 static address#e.g. 2001:db8::2 netmask 128 gateway fe80::1 up sysctl -p # for single-IPs auto vmbr0 iface vmbr0 inet static address netmask 255.255.255.255 bridge_ports none bridge_stp off bridge_fd 0 up ip route add /32 dev vmbr0 up ip route add /32 dev vmbr0 iface vmbr0 inet6 static address#e.g. 2001:db8::3, should not be the same as on eth0 netmask 64 up ip -6 route add 2001:db8::/64 dev vmbr0 # for a Subnet auto vmbr1 iface vmbr1 inet static address netmask bridge_ports none bridge_stp off bridge_fd 0
Network Configuration Guest Routed
The IP of the bridge in the host system is always used as a gateway, ie. the main IP for single IPs, the IP configured from the subnet in the host system for subnets.
# /etc/network/interfaces ### Example for single IPs from a different subnet # Loopback device: auto lo iface lo inet loopback # device: ens18 auto ens18 iface ens18 inet static address netmask 255.255.255.255 pointopoint gateway iface ens18 inet6 static address# e.g. 2001:db8::f001 netmask 64 gateway # e.g. 2001:db8::3 # /etc/network/interfaces ### Example for a subnet # Loopback device: auto lo iface lo inet loopback # device: ens18 auto ens18 iface ens18 inet static address netmask gateway iface ens18 inet6 static address# e.g. 2001:db8::f001 netmask 64 gateway # e.g. 2001:db8::3
Network Configuration Host Bridged
When using KVM in the bridged mode, it is essential to apply for virtual MAC addresses for the single IPs in advance. The configuration of subnets is analogous.
# /etc/network/interfaces ### Rootadminz - installimage # Loopback device: auto lo iface lo inet loopback auto vmbr0 iface vmbr0 inet static address netmask 255.255.255.255 pointopoint gateway bridge_ports eth0 bridge_stp off bridge_fd 1 bridge_hello 2 bridge_maxage 12 # for a subnet auto vmbr1 iface vmbr1 inet static address netmask bridge_ports none bridge_stp off bridge_fd 0
Network Configuration Guest Bridged
The gateway for single IPs is the gateway of the host system or the assigned IP. For subnets, the configuration is identical to the routed setup.
# /etc/network/interfaces # Loopback device: auto lo iface lo inet loopback # device: ens18 auto ens18 iface ens18 inet static address netmask 255.255.255.255 pointopoint gateway
The web interface is protected by two different authentication methods: Proxmox VE standard authentication (Proxmox proprietary authentication) and Linux PAM standard authentication.
Nevertheless, additional protection measures would be recommended to protect against the exploitation of any security vulnerabilities or various other attacks.
By now, you should have installed and configured Proxmox as a virtualization platform on your server.