proxmox 2020 installation
The majority of installation steps is being applied using the current salt states. The current version is
proxmox-ve 6.2
required packages
- open-iscsi
- postfix
- proxmox-ve
generate user and groups
- /usr/sbin/pveum groupadd admin --comment "System Administrators"
- /usr/sbin/pveum aclmod / -group admin -role Administrator
- /usr/sbin/pveum useradd fehrmann@pve --password 'somepassword'
- /usr/sbin/pveum useradd otheruser@pve --password 'otherpassword'
- /usr/sbin/pveum usermod fehrmann@pve --group admin
- /usr/sbin/pveum usermod otheruser@pve --group admin
network
We need to configure bridges. The current
ProxMox version is not capable to deal with files in
/etc/network/interfaces.d so we need to configure everything in
/etc/network/interface.
A possible configuration file is (where the nics are connected to bridges):
auto lo
iface lo inet loopback
iface enp3s0f1 inet manual
iface enp3s0f0 inet manual
iface enp3s0f3 inet manual
iface enp3s0f2 inet manual
auto vmbr3
iface vmbr3 inet manual
bridge-ports enp3s0f1
bridge-stp off
bridge-fd 0
#AEI bridge
auto vmbr0
iface vmbr0 inet static
address 10.20.50.12
netmask 255.128.0.0
gateway 10.20.30.100
bridge-ports enp3s0f0
bridge-stp off
bridge-fd 0
post-up ip link set enp3s0f0 mtu 9000
#DATA bridge
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp3s0f3
bridge-stp off
bridge-fd 0
#EXT bridge
auto vmbr1
iface vmbr1 inet static
address 172.28.22.12
netmask 255.240.0.0
bridge-ports enp3s0f2
bridge-stp off
bridge-fd 0
#MG bridge
The comments are being used by proxmox to describe the bridges. The bridges need to have increasing numbers.
Only internal bridges need to have IP addresses.
The bridges are not visible in the
ProxMox user interface perse but they are existing.
The next steps are not salted. In order to make them visible
- generate an additional bridge vmbr4 and destroy it in the userinterface
- magically all other bridges become visible
firewall
Proxmox comes with own firewall configurations and uses outdated iptables.
The packages
pve-firewall comes automatically as a dependence. One has to take care that the service_pve-firewell_ is never being launched. This service starts to create alternative linking to outdated iptables binaries.
--
HenningFehrmann - 18 Aug 2020