Hetzner - DokuWiki

Proxmox VE/en

Inhaltsverzeichnis

Proxmox VE

Startpage-with-cluster.png

Proxmox VE is an open-source virtualization platform with support for OpenVZ, KVM and starting with version 4.0 (currently in development) also for Linux Containers (LXC). Since Proxmox 4.0 there is also an full support for IPv6. For more detailed changelog please visit the official Roadmap in the Proxmox VE-Wiki.

The installation is generally considered uncomplicated, since OpenVZ already does a lot of prepatory work, and only a few more things need to be configured.

Before the Installation

In advance some questions and advice before starting to setup the new environment:

  • Are only linux machines going to be used? Then under certain circumstances OpenVZ would be sufficient.
  • Should OpenVZ or KVM be used? Both have their advantages as well as disadvantages. A thoughtful decision and good research can provide less work/trouble in the future.
    • OpenVZ has somewhat better performance, but also support for only UNIXes and migration to other formats such as KVM/ESXi is more complex.
    • Although KVM is not as performant as OpenVZ, it provides a complete hardware virtualization and enables the operation of all of the most common operating systems (including Windows). A conversion of the virtual disks in formats such as VMDK is simple.

Installation

1. The Basics

  • Run installimage, select and install the required Debian OS.
    • In order to enable an operation as stable as possible, it is recommended to use the appropriate version of Debian to match the Proxmox version, which is also used in the official pre-installation media:
      • Since Proxmox 2.0: Debian Squeeze 6
      • Since Proxmox 3.0: Debian Wheezy 7
      • Since Proxmox 4.0: Debian Jessie 8
  • Configure the RAID level, partitioning and hostname as required
  • Save the configuration and after completion of the installation perform a restart

2. Adjust the APT sources (/etc/apt/sources.list)

echo "deb http://download.proxmox.com/debian wheezy pve-no-subscription" >> /etc/apt/sources.list

Add the key:

wget -O- "http://download.proxmox.com/debian/key.asc" | apt-key add -

Now update the packages:

apt-get update # Update the packages list
apt-get upgrade # Update all the packages
apt-get dist-upgrade # Update Debian

3. Install Proxmox VE

Install the kernel:

apt-get install pve-firmware pve-kernel-2.6.32-39-pve pve-headers-2.6.32-39-pve

Make sure that the Proxmox kernel gets loaded after a restart, and then restart the server. If the Proxmox kernal was loaded, then you can continue with the Proxmox VE packages:

aptitude install proxmox-ve-2.6.32

4. Load the Kernel module

Check if the module "kvm" has been loaded:

lsmod | grep kvm

If the module has not been loaded, then this will need to be done manually.

For Intel CPUs:

modprobe kvm
modprobe kvm_intel

For AMD CPUs:

modprobe kvm
modprobe kvm_amd

Note: The kernel modules are required for the "KVM hardware virtualization". If these are not present, no KVM guests can be started.

Network configuration

First of all, it is important to decide which virtualization solution (OpenVZ and/or KVM) and which variant (bridged/routed) will be used.

  • OpenVZ
    • Advantages: If venet type interfaces are to be used only, no additional network configuration needs to be done. IP addresses can be assigned directly via vzctl.
    • Disadvantages: The host system kernel is used. Only Linux distributions can be used.
  • KVM/Routed
    • Advantages: Almost any operating system can be installed. Several IP addresses may be used on one VM. The VM requires no modification.
    • Disadvantages: IP configuration cannot be obtained via DHCP. Point-to-point setup is required for IP addresses from different networks.
  • KVM/Bridged
    • Advantages: Please see KVM/Routed. "Easier" configuration for novices.
    • Disadvantages: Additional MAC addresses need to be applied for via the Hetzner Robot. This is only possible for single IPs. Several IP addresses cannot be used in a VM.

With a routed setup the vmbr0 is not connected with the physical interface. IP forwarding needs to be activated. This can be done automatically through /etc/sysctl.conf during a boot. In a Hetzner default installation only the hash sign (#) needs to be removed.

sysctl -w net.ipv4.ip_forward=1

Forwarding for IPv6 needs to be activated as well. This setting is also already in the Hetzner default installation and needs to be changed.

sysctl -w net.ipv6.conf.all.forwarding=1

Network configuration OpenVZ (venet)

# /etc/network/interfaces
### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback
#
# device: eth0
auto  eth0
iface eth0 inet static
       address   <Main IP>
       netmask   255.255.255.255
       pointopoint   <Gateway>
       gateway   <Gateway>
#
iface eth0 inet6 static
       address   <IPv6 subnet>::2 #e.g. 2001:db8::2
       netmask   128
       gateway   fe80::1

Network configuration guest OpenVZ

IPv4 addresses can be configured either using the web interface or the vzctl command line tool.

vzctl set <ctid> --ipadd <additional IP> --save

IPv6 addresses can, in the latest versions, be added using the web interface. Should this not be possible, you can either update your Proxmox VE installation, or add an IPv6 address to an OpenVZ container manually via vzctl:

vzctl set <ctid> --ipadd <IPv6 address> --save
# e.g.: vzctl set 100 --ipadd 2001:db8::2000:80 --save

Hint: Since Proxmox 4.0 there is a full support for IPv6.

Administration

After a successful installation the virtual machines can be administered at https://Server-IP:8006. Templates for OpenVZ can be found for example on the OpenVZ website at wiki.openvz.org/Download/template/precreated

The virtual network "venet" is used for virtual machines and the additional IPs can be added directly.

Network configuration host system KVM/Routed

To be able to use KVM, a route to the virtual machines needs to be added manually. As a host route is set, other IP addresses from other subnets are possible. An example would be:

# /etc/network/interfaces
### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback
#
# device: eth0
auto  eth0
iface eth0 inet static
       address   <Main IP>
       netmask   255.255.255.255
       pointopoint   <Gateway>
       gateway   <Gateway>
#
iface eth0 inet6 static
       address   <Address from the IPv6 Subnet> #z.B. 2001:db8::2
       netmask   128
       gateway   fe80::1
       up sysctl -p
# for single IPs
auto vmbr0
iface vmbr0 inet static
       address   <Main IP>
       netmask   255.255.255.255
       bridge_ports none
       bridge_stp off
       bridge_fd 0
       up ip route add <1st additional IP>/32 dev vmbr0
       up ip route add <2nd additional IP>/32 dev vmbr0
#
iface vmbr0 inet6 static
       address   <Address from the IPv6 Subnet> #z.B. 2001:db8::2
       netmask   64
# for a subnet
auto vmbr1
iface vmbr1 inet static
       address   <A usable IP address from the additional subnet>
       netmask   <Netmask of the additional subnet>
       bridge_ports none
       bridge_stp off
       bridge_fd 0

Network configuration guest system KVM/Routed

The IP of the bridge in the host system is always used as gateway ie. the main IP for single IPs, the IP configured from the subnet in the host system for subnets.

# /etc/network/interfaces
### Example for a single IP from a different subnet
# Loopback device:
auto lo
iface lo inet loopback
#
# device: eth0
auto  eth0
iface eth0 inet static
       address   <Additional IP>
       netmask   255.255.255.255
       pointopoint   <Main IP>
       gateway   <Main IP>
#
iface eth0 inet6 static
       address   <Address from the IPv6 Subnet> #z.B. 2001:db8::f001
       netmask   64
       gateway   <IPv6 Address vmbr0> #z.B. 2001:db8::2
# /etc/network/interfaces
### Example for subnets
# Loopback device:
auto lo
iface lo inet loopback
#
# device: eth0
auto  eth0
iface eth0 inet static
       address   <A usable IP address from the subnet>
       netmask   <Netmask of the subnet>
       gateway   <IP from the subnet configured in the Host system>
#
iface eth0 inet6 static
       address   <Address from the IPv6 Subnet> #z.B. 2001:db8::f001
       netmask   64
       gateway   <IPv6 Address vmbr0> #z.B. 2001:db8::2

Network configuration KVM/Bridged

When using KVM in bridged mode it is ABSOLUTELY necessary to apply for virtual MAC addresses for the single IPs in advance. Subnet configuration is analog.

# /etc/network/interfaces
### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback
#
auto vmbr0
iface vmbr0 inet static
       address   <Main IP>
       netmask   255.255.255.255
       pointopoint   <Gateway>
       gateway   <Gateway>
       bridge_ports eth0
       bridge_stp off
       bridge_fd 1
       bridge_hello 2
       bridge_maxage 12
# for a subnet
auto vmbr1
iface vmbr1 inet static
       address   <A usable IP address from the additional subnet>
       netmask   <Netmask of the additional subnet>
       bridge_ports none
       bridge_stp off
       bridge_fd 0

Network configuration guest system KVM/Bridged

The host system gateway or that of the assigned IP is used as gateway for single IPs. Configuration for subnets is identical to that of KVM in routed setup.

# /etc/network/interfaces
# Loopback device:
auto lo
iface lo inet loopback
#
# device: eth0
auto  eth0
iface eth0 inet static
       address   <Additional IP>
       netmask   <Netmask of the additional IP>
       pointopoint   <Gateway of the additional IP>
       gateway   <Gateway of the additional IP>

Security

The web interface is protected by two different authentication methods: "Proxmox VE standard authentication" (own authentication of Proxmox) and "Linux PAM standard authentication" (authentication accounts of the operating system).

Nevertheless, additional protective measures would be recommended to protect against the exploitation of any vulnerabilities or various other attacks.

There are several options available:

Other

Important Links



© 2016. Hetzner Online GmbH. Alle Rechte vorbehalten.