Page:
Proxmox Doodads
Pages
APT WhatProvides
Apache wpadmin
Arch Default Kernel
Arch Kernel Order
Bash Add fd
Bash Dump History
Bash Trim Whitespace
CPU Stats
CSS Reset
DB2 Info
Debian Upgrade
Dell OpenManage
Diff Lines
Favicon Things
Find Examples
Forgejo Syntax Highlight
Git Combine Repos
Git Multi SSH
Git Quickstart
Git Rewrite User
GitLab Anchors
Gitea Mirror
Glibc IPv4
GnuPG Things
Home
IMAP Sync
IPv4 Default Gateway
IPv4 Default IP
KRB5 Empty Keytab
Kernel Boot Debug
Kernel Decompress
LICENSE
LUKS Encrypted Partitions
Linux Valid Usernames
Loopback FS
MP3 Get Tags
MX Tarpit
Makefile Template
Markdown Samples
Mount OVA
Mount qcow2
MySQL Connections
NFS 10G Tuning
Netcat Replacements
PAM Namespace
Postfix Headers
Proxmox Doodads
RPM Info
Radeon Temperature
Recover Deleted ext3
Recursive Unzip
Roku Info
SSH RSA Support
SSL Certgen
Samba OSX
Server Notes
Smem Datamash
Split Disk
TCP Kill
Thunderbird LDAP AD
Weechat Quickstart
YTM to Textbox
YUM Disablerepos
systemd PID1
uBlock Filters
udev Hide Partitions
No results
2
Proxmox Doodads
tengel edited this page 2024-09-05 08:27:27 -05:00
Table of Contents
Proxmox Doodads
Last updated April 2019, whatever version that was. 5.x?
Host Tweaks
Things to quickly do to the host:
- Disable the nagging "subscription" popup that shows up all over the GUI and quickly gets annoying:
# sed -i.bak "s/data.status !== 'Active'/false/g" \
/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && \
systemctl restart pveproxy.service
- Disconnect the non-functional Enterprise (requires subscription) APT repo and plug in the regular one:
# cat /etc/apt/sources.list.d/pve-enterprise.list
#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
Run a standard apt-get dist-upgrade at this point and reboot. Host Networking bridges could also be configured before rebooting, doesn't matter though since we can manipulate the VM bridge without reboots or network restarts (just run the commands by hand).
Host Storage
The installer defaults creates a LVM thin pool "data" out of the OS disks - this gets deleted, and a new one created over on the secondary RAID-10 at /dev/sdb:
# vi /etc/pve/storage.cfg
Delete the stanza referring to the default "lvmthin" data LV
# lvremove /dev/pve/data
# lvresize -L +50G /dev/pve/root
# resize2fs /dev/pve/root
# apt-get update && apt-get install parted
# parted /dev/sdb mktable gpt
# parted /dev/sdb mkpart primary 0% 100%
# parted /dev/sdb set 1 lvm on
# pvcreate --metadatasize 250k -y -ff /dev/sdb1
# vgcreate vgr10 /dev/sdb1
# lvcreate -l 80%FREE -T -n vmdata vgr10
# vi /etc/pve/storage.cfg
Add this new stanza:
====
lvmthin: vmdata
thinpool vmdata
vgname vgr10
content rootdir,images
====
# pvesm scan lvmthin vgr10
The new LVM-thin data space should now show up in the GUI, ready to use.
Host ISOs
The ISO files live here: /var/lib/vz/template/iso/
It's quicker to just scp the ISO files manually to that directory instead of using the GUI to upload them, the GUI is slow and doesn't handle large files very well. They will automatically refresh in the GUI for use on VMs.
Host Networking
If the environment only has one single public IP for the server, NAT (masquerading) must be used on the host. The primary bridge is the normal IP interface to the firewall (192.168.100.x), the secondary bridge is a NAT of 172.16.100.x/24 over to the VMs.
This example shows about 8 VMs with a PAT for each to allow SSH access inwards. Logically:
- public IP port 22101 ->
- internal NAT IP 192.168.100.22 port 22101 ->
- VM IP 172.16.100.101 port 22
- internal NAT IP 192.168.100.22 port 22101 ->
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.100.22
netmask 255.255.255.0
gateway 192.168.100.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 172.16.100.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.16.100.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.100.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.100.100:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.100.100:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 172.16.100.101:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 172.16.100.101:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 172.16.100.102:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 172.16.100.102:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 172.16.100.103:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 172.16.100.103:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 172.16.100.104:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 172.16.100.104:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22105 -j DNAT --to 172.16.100.105:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22105 -j DNAT --to 172.16.100.105:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22106 -j DNAT --to 172.16.100.106:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22106 -j DNAT --to 172.16.100.106:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22107 -j DNAT --to 172.16.100.107:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22107 -j DNAT --to 172.16.100.107:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22108 -j DNAT --to 172.16.100.108:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22108 -j DNAT --to 172.16.100.108:22
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
Index
- APT WhatProvides
- Apache wpadmin
- Arch Default Kernel
- Arch Kernel Order
- Bash Add fd
- Bash Dump History
- Bash Trim Whitespace
- CPU Stats
- CSS Reset
- DB2 Info
- Debian Upgrade
- Dell OpenManage
- Diff Lines
- Favicon Things
- Find Examples
- Forgejo Syntax Highlight
- Git Combine Repos
- Git Multi SSH
- Git Quickstart
- Git Rewrite User
- Gitea Mirror
- GitLab Anchors
- Glibc IPv4
- GnuPG Things
- IMAP Sync
- IPv4 Default Gateway
- IPv4 Default IP
- KRB5 Empty Keytab
- Kernel Boot Debug
- Kernel Decompress
- LUKS Encrypted Partitions
- Linux Valid Usernames
- Loopback FS
- MP3 Get Tags
- MX Tarpit
- Makefile Template
- Markdown Samples
- Mount OVA
- Mount qcow2
- MySQL Connections
- NFS 10G Tuning
- Netcat Replacements
- PAM Namespace
- Postfix Headers
- Proxmox Doodads
- RPM Info
- Radeon Temperature
- Recover Deleted ext3
- Recursive Unzip
- Roku Info
- SSH RSA Support
- SSL Certgen
- Samba OSX
- Server Notes
- Smem Datamash
- Split Disk
- systemd PID1
- TCP Kill
- Thunderbird LDAP AD
- uBlock Filters
- udev Hide Partitions
- Weechat Quickstart
- YTM to Textbox
- YUM Disablerepos
- SPDX-License-Identifier: CC-BY-SA-4.0
- SPDX-License-Identifier: MIT