Howto proxmox: Difference between revisions
Jump to navigation
Jump to search
Mandulete1 (talk | contribs) No edit summary |
Mandulete1 (talk | contribs) |
||
(15 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz | wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz | ||
create container in proxmox using pct: | create container in proxmox using pct: | ||
pct create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm | |||
edit container config /etc/pve/lxc/102.conf: | edit container config /etc/pve/lxc/102.conf: | ||
lxc.cgroup2.devices.allow: c10:200 rwm | lxc.cgroup2.devices.allow: c10:200 rwm | ||
lxc.mount.entry: /dev/net dev/net none bind,create=dir | lxc.mount.entry: /dev/net dev/net none bind,create=dir | ||
configure /etc/config/network: | |||
config interface 'loopback' | |||
option device 'lo' | |||
option proto 'static' | |||
option ipaddr '127.0.0.1' | |||
option netmask '255.0.0.0' | |||
config globals 'globals' | |||
option ula_prefix 'fdb5:603d:27d8::/48' | |||
config device 'lan_br' | |||
option name 'br-lan' | |||
option type 'bridge' | |||
list ports 'eth1' | |||
config device 'eth1' | |||
option name 'eth1' | |||
config interface 'lan' | |||
option device 'br-lan' | |||
option proto 'static' | |||
option ipaddr '192.168.99.254' | |||
option netmask '255.255.255.0' | |||
option ip6assign '60' | |||
config interface 'wan' | |||
option device 'eth0' | |||
option proto 'static' | |||
option ipaddr '192.168.24.44' | |||
option netmask '255.255.255.0' | |||
option gateway '192.168.24.254' | |||
option ip6assign '60' | |||
config interface 'wan1' | |||
option device 'eth0' | |||
option proto 'static' | |||
option ipaddr '192.168.24.45' | |||
option netmask '255.255.255.0' | |||
restart network service: | |||
service network restart | |||
configure /etc/config/dhcp: | |||
config dnsmasq | |||
option domainneeded '1' | |||
option localise_queries '1' | |||
option rebind_protection '1' | |||
option rebind_localhost '1' | |||
option local '/lan/' | |||
option domain 'ovoxcloud.com' | |||
option expandhosts '1' | |||
option cachesize '1000' | |||
option authoritative '1' | |||
option readethers '1' | |||
option leasefile '/tmp/dhcp.leases' | |||
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' | |||
option localservice '1' | |||
option ednspacket_max '1232' | |||
list server '4.2.2.1' | |||
list server '4.2.2.2' | |||
list interface 'lan' | |||
list notinterface 'wan' | |||
option port '53' | |||
config dhcp 'lan' | |||
option interface 'lan' | |||
option start '100' | |||
option limit '150' | |||
option leasetime '12h' | |||
option dhcpv4 'server' | |||
option dhcpv6 'server' | |||
option ra 'server' | |||
option ra_slaac '1' | |||
list ra_flags 'managed-config' | |||
list ra_flags 'other-config' | |||
config dhcp 'wan' | |||
option interface 'wan' | |||
option ignore '1' | |||
config odhcpd 'odhcpd' | |||
option maindhcp '0' | |||
option leasefile '/tmp/hosts/odhcpd' | |||
option leasetrigger '/usr/sbin/odhcpd-update' | |||
option loglevel '4' | |||
restart dhcp service: | |||
service dnsmasq restart | |||
verify if dnsmasq is running: | |||
ps w|grep dnsmasq | |||
if for some reason the dnsmasq doesn't start: | |||
dnsmasq -C /var/etc/dnsmasq.conf.* | |||
configure /etc/config/firewall: | |||
config defaults | |||
option syn_flood '1' | |||
option input 'REJECT' | |||
option output 'ACCEPT' | |||
option forward 'REJECT' | |||
config zone | |||
option name 'lan' | |||
list network 'lan' | |||
option input 'ACCEPT' | |||
option output 'ACCEPT' | |||
option forward 'ACCEPT' | |||
config zone | |||
option name 'wan' | |||
list network 'wan' | |||
list network 'wan6' | |||
option input 'REJECT' | |||
option output 'ACCEPT' | |||
option forward 'REJECT' | |||
option masq '1' | |||
option mtu_fix '1' | |||
config forwarding | |||
option src 'lan' | |||
option dest 'wan' | |||
config rule | |||
option name 'Allow-DHCP-Renew' | |||
option src 'wan' | |||
option proto 'udp' | |||
option dest_port '68' | |||
option target 'ACCEPT' | |||
option family 'ipv4' | |||
config rule | |||
option name 'Allow-Ping' | |||
option src 'wan' | |||
option proto 'icmp' | |||
option icmp_type 'echo-request' | |||
option family 'ipv4' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-IGMP' | |||
option src 'wan' | |||
option proto 'igmp' | |||
option family 'ipv4' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-SSH-WAN' | |||
option src 'wan' | |||
option proto 'tcp' | |||
option dest_port '22' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-HTTP-WAN' | |||
option src 'wan' | |||
option proto 'tcp' | |||
option dest_port '443' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-DHCPv6' | |||
option src 'wan' | |||
option proto 'udp' | |||
option dest_port '546' | |||
option family 'ipv6' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-MLD' | |||
option src 'wan' | |||
option proto 'icmp' | |||
option src_ip 'fe80::/10' | |||
list icmp_type '130/0' | |||
list icmp_type '131/0' | |||
list icmp_type '132/0' | |||
list icmp_type '143/0' | |||
option family 'ipv6' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-ICMPv6-Input' | |||
option src 'wan' | |||
option proto 'icmp' | |||
list icmp_type 'echo-request' | |||
list icmp_type 'echo-reply' | |||
list icmp_type 'destination-unreachable' | |||
list icmp_type 'packet-too-big' | |||
list icmp_type 'time-exceeded' | |||
list icmp_type 'bad-header' | |||
list icmp_type 'unknown-header-type' | |||
list icmp_type 'router-solicitation' | |||
list icmp_type 'neighbour-solicitation' | |||
list icmp_type 'router-advertisement' | |||
list icmp_type 'neighbour-advertisement' | |||
option limit '1000/sec' | |||
option family 'ipv6' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-ICMPv6-Forward' | |||
option src 'wan' | |||
option dest '*' | |||
option proto 'icmp' | |||
list icmp_type 'echo-request' | |||
list icmp_type 'echo-reply' | |||
list icmp_type 'destination-unreachable' | |||
list icmp_type 'packet-too-big' | |||
list icmp_type 'time-exceeded' | |||
list icmp_type 'bad-header' | |||
list icmp_type 'unknown-header-type' | |||
option limit '1000/sec' | |||
option family 'ipv6' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-IPSec-ESP' | |||
option src 'wan' | |||
option dest 'lan' | |||
option proto 'esp' | |||
option target 'ACCEPT' | |||
config rule | |||
option name 'Allow-ISAKMP' | |||
option src 'wan' | |||
option dest 'lan' | |||
option dest_port '500' | |||
option proto 'udp' | |||
option target 'ACCEPT' | |||
config redirect | |||
option src wan | |||
option dest lan | |||
option src_dip 192.168.24.45 | |||
option dest_ip 192.168.99.208 | |||
option target DNAT | |||
option name DNAT-IP-WAN-LAN | |||
option enabled | |||
config redirect | |||
option src lan | |||
option dest wan | |||
option src_ip 192.168.99.208 | |||
option src_dip 192.168.24.45 | |||
option target SNAT | |||
option name SNAT-IP-LAN-WAN | |||
option enabled 1 | |||
restart firewall service: | |||
service firewall restart | |||
install luci theme: | |||
opkg update | |||
opkg install luci-compat | |||
opkg install luci-lib-ipkg | |||
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk | |||
opkg install luci-theme-argon_2.3.1_all.ipk | |||
restart http server: | |||
service uhttpd restart | |||
enter web interface: | |||
https://192.168.24.44 | |||
= download cloudimages = | = download cloudimages = | ||
log to promox server console as root and install this packages: | |||
apt-get install guestfs-tools -y | |||
cloudimage available for download: | |||
https://wiki.vidalinux.org/index.php/Linux_cloud_images | |||
download archlinux cloud image: | |||
cd /var/lib/vz/images | |||
wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2 | |||
resize image: | |||
cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2 | |||
qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G | |||
expand image: | |||
virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2 | |||
change password: | |||
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux | |||
uninstall cloud-init: | |||
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm" | |||
import image to existing virtual machine: | |||
qm importdisk 100 ./arch-openstack-LATEST-image-bootstrap_100G.qcow2 local-lvm | |||
inside archlinux do the following to be able to install packages: | |||
pacman-key --init && pacman-key --populate | |||
= references = | = references = | ||
* https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/ | * https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/ |
Latest revision as of 23:34, 20 April 2024
install proxmox
download proxmox iso:
https://enterprise.proxmox.com/iso/proxmox-ve_8.1-2.iso
openwrt
download openwrt image:
cd /var/lib/vz/images wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz
create container in proxmox using pct:
pct create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm
edit container config /etc/pve/lxc/102.conf:
lxc.cgroup2.devices.allow: c10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir
configure /etc/config/network:
config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fdb5:603d:27d8::/48' config device 'lan_br' option name 'br-lan' option type 'bridge' list ports 'eth1' config device 'eth1' option name 'eth1' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.99.254' option netmask '255.255.255.0' option ip6assign '60' config interface 'wan' option device 'eth0' option proto 'static' option ipaddr '192.168.24.44' option netmask '255.255.255.0' option gateway '192.168.24.254' option ip6assign '60' config interface 'wan1' option device 'eth0' option proto 'static' option ipaddr '192.168.24.45' option netmask '255.255.255.0'
restart network service:
service network restart
configure /etc/config/dhcp:
config dnsmasq option domainneeded '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'ovoxcloud.com' option expandhosts '1' option cachesize '1000' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' option localservice '1' option ednspacket_max '1232' list server '4.2.2.1' list server '4.2.2.2' list interface 'lan' list notinterface 'wan' option port '53' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv4 'server' option dhcpv6 'server' option ra 'server' option ra_slaac '1' list ra_flags 'managed-config' list ra_flags 'other-config' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4'
restart dhcp service:
service dnsmasq restart
verify if dnsmasq is running:
ps w|grep dnsmasq
if for some reason the dnsmasq doesn't start:
dnsmasq -C /var/etc/dnsmasq.conf.*
configure /etc/config/firewall:
config defaults option syn_flood '1' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' list network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'wan' list network 'wan' list network 'wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-SSH-WAN' option src 'wan' option proto 'tcp' option dest_port '22' option target 'ACCEPT' config rule option name 'Allow-HTTP-WAN' option src 'wan' option proto 'tcp' option dest_port '443' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config redirect option src wan option dest lan option src_dip 192.168.24.45 option dest_ip 192.168.99.208 option target DNAT option name DNAT-IP-WAN-LAN option enabled config redirect option src lan option dest wan option src_ip 192.168.99.208 option src_dip 192.168.24.45 option target SNAT option name SNAT-IP-LAN-WAN option enabled 1
restart firewall service:
service firewall restart
install luci theme:
opkg update opkg install luci-compat opkg install luci-lib-ipkg wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk opkg install luci-theme-argon_2.3.1_all.ipk
restart http server:
service uhttpd restart
enter web interface:
https://192.168.24.44
download cloudimages
log to promox server console as root and install this packages:
apt-get install guestfs-tools -y
cloudimage available for download:
https://wiki.vidalinux.org/index.php/Linux_cloud_images
download archlinux cloud image:
cd /var/lib/vz/images wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2
resize image:
cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2 qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G
expand image:
virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
change password:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux
uninstall cloud-init:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"
import image to existing virtual machine:
qm importdisk 100 ./arch-openstack-LATEST-image-bootstrap_100G.qcow2 local-lvm
inside archlinux do the following to be able to install packages:
pacman-key --init && pacman-key --populate