tengel/papyri
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

adding proxmox doodads

tengel 2024-03-20 11:55:03 -05:00
parent e8627903a2
commit 3f4b7f2ab0
1 changed files with 130 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

130
Proxmox-Doodads.md Normal file

@ -0,0 +1,130 @@
# Proxmox Doodads
Last updated April 2019, whatever version that was. 5.x?
## Host Tweaks
Things to quickly do to the host:
1. Disable the nagging "subscription" popup that shows up all over the GUI and quickly gets annoying:
```
# sed -i.bak "s/data.status !== 'Active'/false/g" \
/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && \
systemctl restart pveproxy.service
```
2. Disconnect the non-functional Enterprise (requires subscription) APT repo and plug in the regular one:
```
# cat /etc/apt/sources.list.d/pve-enterprise.list
#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
```
Run a standard apt-get dist-upgrade at this point and reboot. Host Networking bridges could also be configured before rebooting, doesn't matter though since we can manipulate the VM bridge without reboots or network restarts (just run the commands by hand).
## Host Storage
The installer defaults creates a LVM thin pool "data" out of the OS disks - this gets deleted, and a new one created over on the secondary RAID-10 at /dev/sdb:
```
# vi /etc/pve/storage.cfg
Delete the stanza referring to the default "lvmthin" data LV
# lvremove /dev/pve/data
# lvresize -L +50G /dev/pve/root
# resize2fs /dev/pve/root
# apt-get update && apt-get install parted
# parted /dev/sdb mktable gpt
# parted /dev/sdb mkpart primary 0% 100%
# parted /dev/sdb set 1 lvm on
# pvcreate --metadatasize 250k -y -ff /dev/sdb1
# vgcreate vgr10 /dev/sdb1
# lvcreate -l 80%FREE -T -n vmdata vgr10
# vi /etc/pve/storage.cfg
Add this new stanza:
====
lvmthin: vmdata
thinpool vmdata
vgname vgr10
content rootdir,images
====
# pvesm scan lvmthin vgr10
```
The new LVM-thin data space should now show up in the GUI, ready to use.
## Host ISOs
The ISO files live here: `/var/lib/vz/template/iso/`
It's quicker to just scp the ISO files manually to that directory instead of using the GUI to upload them, the GUI is slow and doesn't handle large files very well. They will automatically refresh in the GUI for use on VMs.
## Host Networking
If the environment only has one single public IP for the server, NAT (masquerading) must be used on the host. The primary bridge is the normal IP interface to the firewall (192.168.100.x), the secondary bridge is a NAT of 172.16.100.x/24 over to the VMs.
This example shows about 8 VMs with a PAT for each to allow SSH access inwards. Logically:
- public IP port 22101 ->
- internal NAT IP 192.168.100.22 port 22101 ->
- VM IP 172.16.100.101 port 22
```
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.100.22
netmask 255.255.255.0
gateway 192.168.100.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 172.16.100.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '172.16.100.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.100.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.100.100:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 172.16.100.100:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 172.16.100.101:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 172.16.100.101:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 172.16.100.102:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 172.16.100.102:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 172.16.100.103:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 172.16.100.103:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 172.16.100.104:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 172.16.100.104:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22105 -j DNAT --to 172.16.100.105:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22105 -j DNAT --to 172.16.100.105:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22106 -j DNAT --to 172.16.100.106:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22106 -j DNAT --to 172.16.100.106:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22107 -j DNAT --to 172.16.100.107:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22107 -j DNAT --to 172.16.100.107:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22108 -j DNAT --to 172.16.100.108:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22108 -j DNAT --to 172.16.100.108:22
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
```