proxmox 2020 installation

The majority of installation steps is being applied using the current salt states. The current version is proxmox-ve 6.2

required packages

  • open-iscsi
  • postfix
  • proxmox-ve

generate user and groups

  • /usr/sbin/pveum groupadd admin --comment "System Administrators"
  • /usr/sbin/pveum aclmod / -group admin -role Administrator
  • /usr/sbin/pveum useradd fehrmann@pve --password 'somepassword'
  • /usr/sbin/pveum useradd otheruser@pve --password 'otherpassword'
  • /usr/sbin/pveum usermod fehrmann@pve --group admin
  • /usr/sbin/pveum usermod otheruser@pve --group admin


We need to configure bridges. The current ProxMox version is not capable to deal with files in /etc/network/interfaces.d so we need to configure everything in /etc/network/interface. A possible configuration file is (where the nics are connected to bridges):
auto lo
iface lo inet loopback

iface enp3s0f1 inet manual

iface enp3s0f0 inet manual

iface enp3s0f3 inet manual

iface enp3s0f2 inet manual

auto vmbr3
iface vmbr3 inet manual
   bridge-ports enp3s0f1
   bridge-stp off
   bridge-fd 0
#AEI bridge

auto vmbr0
iface vmbr0 inet static
   bridge-ports enp3s0f0
   bridge-stp off
   bridge-fd 0
   post-up ip link set enp3s0f0 mtu 9000
#DATA bridge

auto vmbr2
iface vmbr2 inet manual
   bridge-ports enp3s0f3
   bridge-stp off
   bridge-fd 0
#EXT bridge

auto vmbr1
iface vmbr1 inet static
   bridge-ports enp3s0f2
   bridge-stp off
   bridge-fd 0
#MG bridge

The comments are being used by proxmox to describe the bridges. The bridges need to have increasing numbers. Only internal bridges need to have IP addresses.

The bridges are not visible in the ProxMox user interface perse but they are existing. The next steps are not salted. In order to make them visible
  • generate an additional bridge vmbr4 and destroy it in the userinterface
  • magically all other bridges become visible


Proxmox comes with own firewall configurations and uses outdated iptables. The packages pve-firewall comes automatically as a dependence. One has to take care that the service_pve-firewell_ is never being launched. This service starts to create alternative linking to outdated iptables binaries.

-- HenningFehrmann - 18 Aug 2020
Topic revision: r2 - 25 Aug 2020, HenningFehrmann
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback