Proxmox VE is an open-source virtualization platform supporting KVM and (as of version 4.0) Linux Containers (LXC). Furthermore, since Proxmox 4.0, there is also full support for IPv6.

 

First, some instructions and guidance before beginning to set up the new environment:

  • Are only Linux machines going to be used? Then under certain circumstances, LXC would be enough.
  • Should LXC or KVM be used? Both have their benefits as well as drawbacks. A thoughtful judgment and good research can provide less work/trouble in the future.
  • Although KVM is not as performant as LXC, it provides complete hardware virtualization and allows all of the most common operating systems (including Windows). A conversion of the virtual disks in formats such as VMDK is simple.

 

Basic installation on a Rootadminz server

 

Step 1:

Boot the server into the Rescue-System. Install image select and the required Debian OS.

It is recommended to use the appropriate version of Debian to match the Proxmox version in the official pre-installation media:

  • since Proxmox 4.0: Debian 8 (jessie)
  • since Proxmox 5.0: Debian 9 (stretch)
  • since Proxmox 6.0: Debian 10 (buster)

 

Configure the RAID level, partitioning and hostname as required

 

Save the configuration and after completion of the installation, perform a restart

 

Step 2 - Adjust the APT sources (/etc/apt/sources.list)

echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list curl -#o /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg

 

Now update the packages:

apt update          # Update package lists
apt upgrade         # Bring all packages up to date
apt dist-upgrade    # Bring Debian up to date

 

Step 3 - Install Proxmox VE

Since Proxmox brings its firmware, the existing firmware packages should first be uninstalled:

apt purge firmware-bnx2x firmware-realtek firmware-linux-free

 

After that, Proxmox can be installed.

apt-get install proxmox-ve

 

After a restart, the Proxmox kernel should be loaded:

# uname -rv
5.4.103-1-pve #1 SMP PVE 5.4.103-1 (Sun, 07 Mar 2021 15:55:09 +0100)

 

Step 4 - Load the kernel module

 

Check if the module kvm has been loaded: lsmod | grep kvm

If the module has not been loaded, then this will need to be done manually:

 

For Intel CPUs:

modprobe kvm
modprobe kvm_intel

 

For AMD CPUs:

modprobe kvm
modprobe kvm_amd

 

Note: The kernel modules are required for the KVM hardware virtualization. If these are not present, no KVM guests can be started.

 

Network Configuration

First of all, it is essential to decide which virtualization solution (LXCand/or KVM) and which variant (bridged/routed) will be used.

LXC (Linux Containers)
  • Advantages: leightweight, fast, lower RAM requirement
  • Disadvantages: The kernel of the host system is used. Only Linux distributions can be used.
KVM (Kernel-Based Virtual Machine)
  • Advantages: Almost any operating systems can be installed.
  • Disadvantages: Higher resource usage, since VMs are using their own kernel.

 

Routed

Advantages:
  • Multiple single IP addresses and subnets can be used in one VM.
Disadvantages:
  • A point-to-point setup is required for IP addresses from different networks.

 

Bridged

Advantages:
  • The host is transparent and not part of the route.
  • VMs can directly communicate with the gateway of the assigned IP.
Disadvantages:
  • VMs may only communicate via the MAC address assigned to the respective IP address. The virtual MAC must be requested in the Rootadminz Robot.
  • IP addresses from additional subnets can only be used on the host system or a single VM with a single IP (if the subnet is routed to it) (also applies to IPv6)

 

With a routed setup the vmbr0 is not connected with the physical interface. IP forwarding needs to be activated on the host system. This can be done automatically through /etc/sysctl.conf at boot time. (Please note that forwarding is disabled for the default Rootadminz installation. This setting can be found in either /etc/sysctl.conf or in /etc/sysctl.d/99-Rootadminz.conf)

sysctl -w net.ipv4.ip_forward=1

Forwarding for IPv6 needs to be activated as well. This is also available in the Rootadminz standard installation and only needs to be activated:

sysctl -w net.ipv6.conf.all.forwarding=1

 

After a successful installation, the virtual machines can be administered at https://server-IP:8006.

 

Network Configuration Host system Routed

When using a routed setup, it is necessary to add the route to a virtual machine manually. Additionally, existing virtual MAC addresses should be removed from the respective IP addresses. Since a host route is set, IP addresses from other subnets are easily possible. So for example:

# /etc/network/interfaces
### Rootadminz  - installimage
# Loopback device:
auto lo
iface lo inet loopback

# device: enp1s0
auto enp1s0
iface enp1s0 inet static
  address 
  netmask 255.255.255.255
  pointopoint 
  gateway 

iface enp1s0 inet6 static
  address
#e.g. 2001:db8::2 netmask 128 gateway fe80::1 up sysctl -p # for single-IPs auto vmbr0 iface vmbr0 inet static address netmask 255.255.255.255 bridge_ports none bridge_stp off bridge_fd 0 up ip route add /32 dev vmbr0 up ip route add /32 dev vmbr0 iface vmbr0 inet6 static address
#e.g. 2001:db8::3, should not be the same as on eth0 netmask 64 up ip -6 route add 2001:db8::/64 dev vmbr0 # for a Subnet auto vmbr1 iface vmbr1 inet static address netmask bridge_ports none bridge_stp off bridge_fd 0

 

Network Configuration Guest Routed

The IP of the bridge in the host system is always used as a gateway, ie. the main IP for single IPs, the IP configured from the subnet in the host system for subnets.

# /etc/network/interfaces
### Example for single IPs from a different subnet
# Loopback device:
auto lo
iface lo inet loopback

# device: ens18
auto ens18
iface ens18 inet static
  address 
  netmask 255.255.255.255
  pointopoint 
  gateway 

iface ens18 inet6 static
  address
# e.g. 2001:db8::f001 netmask 64 gateway # e.g. 2001:db8::3 # /etc/network/interfaces ### Example for a subnet # Loopback device: auto lo iface lo inet loopback # device: ens18 auto ens18 iface ens18 inet static address netmask gateway iface ens18 inet6 static address
# e.g. 2001:db8::f001 netmask 64 gateway # e.g. 2001:db8::3

 

Network Configuration Host Bridged

When using KVM in the bridged mode, it is essential to apply for virtual MAC addresses for the single IPs in advance. The configuration of subnets is analogous.

# /etc/network/interfaces
### Rootadminz  - installimage
# Loopback device:
auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
  address 
  netmask 255.255.255.255
  pointopoint 
  gateway 
  bridge_ports eth0
  bridge_stp off
  bridge_fd 1
  bridge_hello 2
  bridge_maxage 12

# for a subnet
auto vmbr1
iface vmbr1 inet static
  address 
  netmask 
  bridge_ports none
  bridge_stp off
  bridge_fd 0

 

Network Configuration Guest Bridged

The gateway for single IPs is the gateway of the host system or the assigned IP. For subnets, the configuration is identical to the routed setup.

# /etc/network/interfaces
# Loopback device:
auto lo
iface lo inet loopback

# device: ens18
auto ens18
iface ens18 inet static
  address 
  netmask 255.255.255.255
  pointopoint 
  gateway 

 

Security

The web interface is protected by two different authentication methods: Proxmox VE standard authentication (Proxmox proprietary authentication) and Linux PAM standard authentication.

Nevertheless, additional protection measures would be recommended to protect against the exploitation of any security vulnerabilities or various other attacks.

 

Conclusion

By now, you should have installed and configured Proxmox as a virtualization platform on your server.

 

 

Kas see vastus oli kasulik? 0 Kasutajad peavad seda kasulikuks (0 Hääled)