Howto proxmox: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 7: Line 7:
  wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz
  wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz
create container in proxmox using pct:
create container in proxmox using pct:
  ptc create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm
  pct create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm
edit container config /etc/pve/lxc/102.conf:
edit container config /etc/pve/lxc/102.conf:
  lxc.cgroup2.devices.allow: c10:200 rwm
  lxc.cgroup2.devices.allow: c10:200 rwm
  lxc.mount.entry: /dev/net dev/net none bind,create=dir
  lxc.mount.entry: /dev/net dev/net none bind,create=dir
configure network:
configure /etc/config/network:
  config interface 'loopback'
  config interface 'loopback'
option device 'lo'
    option device 'lo'
option proto 'static'
    option proto 'static'
option ipaddr '127.0.0.1'
    option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
    option netmask '255.0.0.0'
   
   
  config globals 'globals'
  config globals 'globals'
option ula_prefix 'fdb5:603d:27d8::/48'
    option ula_prefix 'fdb5:603d:27d8::/48'
   
   
  config device 'lan_br'
  config device 'lan_br'
option name 'br-lan'
    option name 'br-lan'
option type 'bridge'
    option type 'bridge'
list ports 'eth1'
    list ports 'eth1'
   
   
  config device 'eth1'
  config device 'eth1'
        option name 'eth1'
    option name 'eth1'
   
   
  config interface 'lan'
  config interface 'lan'
option device 'br-lan'
    option device 'br-lan'
option proto 'static'
    option proto 'static'
option ipaddr '192.168.99.254'
    option ipaddr '192.168.99.254'
option netmask '255.255.255.0'
    option netmask '255.255.255.0'
option ip6assign '60'
    option ip6assign '60'
   
   
  config interface 'wan'
  config interface 'wan'
option device 'eth0'
    option device 'eth0'
option proto 'static'
    option proto 'static'
        option ipaddr '192.168.24.44'
    option ipaddr '192.168.24.44'
        option netmask '255.255.255.0'
    option netmask '255.255.255.0'
        option gateway '192.168.24.254'
    option gateway '192.168.24.254'
        option ip6assign '60'
    option ip6assign '60'
   
   
  config interface 'wan1'
  config interface 'wan1'
option device 'eth0'
    option device 'eth0'
option proto 'static'
    option proto 'static'
option ipaddr '192.168.24.45'
    option ipaddr '192.168.24.45'
        option netmask '255.255.255.0'
    option netmask '255.255.255.0'
restart network service:
service network restart
configure /etc/config/dhcp:
config dnsmasq
    option domainneeded '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'ovoxcloud.com'
    option expandhosts '1'
    option cachesize '1000'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option localservice '1'
    option ednspacket_max '1232'
    list server '4.2.2.1'
    list server '4.2.2.2'
    list interface 'lan'
    list notinterface 'wan'
    option port '53'
config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option dhcpv4 'server'
    option dhcpv6 'server'
    option ra 'server'
    option ra_slaac '1'
    list ra_flags 'managed-config'
    list ra_flags 'other-config'
config dhcp 'wan'
    option interface 'wan'
    option ignore '1'
config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'
    option loglevel '4'
restart dhcp service:
service dnsmasq restart
verify if dnsmasq is running:
ps w|grep dnsmasq
if for some reason the dnsmasq doesn't start:
dnsmasq -C /var/etc/dnsmasq.conf.*
configure /etc/config/firewall:
config defaults
    option syn_flood '1'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
config zone
    option name 'lan'
    list network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
config zone
    option name 'wan'
    list network 'wan'
    list network 'wan6'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
config forwarding
    option src 'lan'
    option dest 'wan'
config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'
config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'
config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'
config rule
    option name 'Allow-SSH-WAN'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'
config rule
    option name 'Allow-HTTP-WAN'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'
config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'
config rule
    option name 'Allow-MLD'
    option src 'wan'
    option proto 'icmp'
    option src_ip 'fe80::/10'
    list icmp_type '130/0'
    list icmp_type '131/0'
    list icmp_type '132/0'
    list icmp_type '143/0'
    option family 'ipv6'
    option target 'ACCEPT'
config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'
config rule
    option name 'Allow-IPSec-ESP'
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'
config rule
    option name 'Allow-ISAKMP'
    option src 'wan'
    option dest 'lan'
    option dest_port '500'
    option proto 'udp'
    option target 'ACCEPT'
config redirect
    option src      wan
    option dest    lan
    option src_dip  192.168.24.45
    option dest_ip  192.168.99.208
    option target  DNAT
    option name    DNAT-IP-WAN-LAN
    option enabled 
config redirect
    option src      lan
    option dest    wan
    option src_ip  192.168.99.208
    option src_dip  192.168.24.45
    option target  SNAT
    option name    SNAT-IP-LAN-WAN
    option enabled  1
restart firewall service:
service firewall restart
install luci theme:
opkg update
opkg install luci-compat
opkg install luci-lib-ipkg
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk
opkg install luci-theme-argon_2.3.1_all.ipk
restart http server:
service uhttpd restart
enter web interface:
https://192.168.24.44


= download cloudimages =
= download cloudimages =
log to promox server console as root and install this packages:
apt-get install guestfs-tools -y
cloudimage available for download:
https://wiki.vidalinux.org/index.php/Linux_cloud_images
download archlinux cloud image:
cd /var/lib/vz/images
wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2
resize image:
cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G
expand image:
virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
change password:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux
uninstall cloud-init:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"
import image to existing virtual machine:
qm importdisk 100 ./arch-openstack-LATEST-image-bootstrap_100G.qcow2 local-lvm
inside archlinux do the following to be able to install packages:
pacman-key --init && pacman-key --populate
= references =
= references =
* https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/
* https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/

Latest revision as of 23:34, 20 April 2024

install proxmox

download proxmox iso:

https://enterprise.proxmox.com/iso/proxmox-ve_8.1-2.iso

openwrt

download openwrt image:

cd /var/lib/vz/images
wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz

create container in proxmox using pct:

pct create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm

edit container config /etc/pve/lxc/102.conf:

lxc.cgroup2.devices.allow: c10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

configure /etc/config/network:

config interface 'loopback'
   option device 'lo'
   option proto 'static'
   option ipaddr '127.0.0.1'
   option netmask '255.0.0.0'

config globals 'globals'
   option ula_prefix 'fdb5:603d:27d8::/48'

config device 'lan_br'
   option name 'br-lan'
   option type 'bridge'
   list ports 'eth1'

config device 'eth1'
   option name 'eth1'

config interface 'lan'
   option device 'br-lan'
   option proto 'static'
   option ipaddr '192.168.99.254'
   option netmask '255.255.255.0'
   option ip6assign '60'

config interface 'wan'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.44'
   option netmask '255.255.255.0'
   option gateway '192.168.24.254'
   option ip6assign '60'

config interface 'wan1'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.45'
   option netmask '255.255.255.0'

restart network service:

service network restart

configure /etc/config/dhcp:

config dnsmasq
   option domainneeded '1'
   option localise_queries '1'
   option rebind_protection '1'
   option rebind_localhost '1'
   option local '/lan/'
   option domain 'ovoxcloud.com'
   option expandhosts '1'
   option cachesize '1000'
   option authoritative '1'
   option readethers '1'
   option leasefile '/tmp/dhcp.leases'
   option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
   option localservice '1'
   option ednspacket_max '1232'
   list server '4.2.2.1'
   list server '4.2.2.2'
   list interface 'lan'
   list notinterface 'wan'
   option port '53'

config dhcp 'lan'
   option interface 'lan'
   option start '100'
   option limit '150'
   option leasetime '12h'
   option dhcpv4 'server'
   option dhcpv6 'server'
   option ra 'server'
   option ra_slaac '1'
   list ra_flags 'managed-config'
   list ra_flags 'other-config'

config dhcp 'wan'
   option interface 'wan'
   option ignore '1'

config odhcpd 'odhcpd'
   option maindhcp '0'
   option leasefile '/tmp/hosts/odhcpd'
   option leasetrigger '/usr/sbin/odhcpd-update'
   option loglevel '4'

restart dhcp service:

service dnsmasq restart

verify if dnsmasq is running:

ps w|grep dnsmasq

if for some reason the dnsmasq doesn't start:

dnsmasq -C /var/etc/dnsmasq.conf.*

configure /etc/config/firewall:

config defaults
   option syn_flood '1'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'

config zone
   option name 'lan'
   list network 'lan'
   option input 'ACCEPT'
   option output 'ACCEPT'
   option forward 'ACCEPT'

config zone
   option name 'wan'
   list network 'wan'
   list network 'wan6'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'
   option masq '1'
   option mtu_fix '1'

config forwarding
   option src 'lan'
   option dest 'wan'

config rule
   option name 'Allow-DHCP-Renew'
   option src 'wan'
   option proto 'udp'
   option dest_port '68'
   option target 'ACCEPT'
   option family 'ipv4'

config rule
   option name 'Allow-Ping'
   option src 'wan'
   option proto 'icmp'
   option icmp_type 'echo-request'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-IGMP'
   option src 'wan'
   option proto 'igmp'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-SSH-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '22'
   option target 'ACCEPT'

config rule
   option name 'Allow-HTTP-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '443'
   option target 'ACCEPT'

config rule
   option name 'Allow-DHCPv6'
   option src 'wan'
   option proto 'udp'
   option dest_port '546'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-MLD'
   option src 'wan'
   option proto 'icmp'
   option src_ip 'fe80::/10'
   list icmp_type '130/0'
   list icmp_type '131/0'
   list icmp_type '132/0'
   list icmp_type '143/0'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Input'
   option src 'wan'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   list icmp_type 'router-solicitation'
   list icmp_type 'neighbour-solicitation'
   list icmp_type 'router-advertisement'
   list icmp_type 'neighbour-advertisement'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Forward'
   option src 'wan'
   option dest '*'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-IPSec-ESP'
   option src 'wan'
   option dest 'lan'
   option proto 'esp'
   option target 'ACCEPT'

config rule
   option name 'Allow-ISAKMP'
   option src 'wan'
   option dest 'lan'
   option dest_port '500'
   option proto 'udp'
   option target 'ACCEPT'

config redirect
   option src      wan
   option dest     lan
   option src_dip  192.168.24.45
   option dest_ip  192.168.99.208
   option target   DNAT
   option name     DNAT-IP-WAN-LAN
   option enabled  

config redirect
   option src      lan
   option dest     wan
   option src_ip   192.168.99.208
   option src_dip  192.168.24.45
   option target   SNAT
   option name     SNAT-IP-LAN-WAN
   option enabled  1

restart firewall service:

service firewall restart

install luci theme:

opkg update
opkg install luci-compat
opkg install luci-lib-ipkg
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk
opkg install luci-theme-argon_2.3.1_all.ipk

restart http server:

service uhttpd restart

enter web interface:

https://192.168.24.44

download cloudimages

log to promox server console as root and install this packages:

apt-get install guestfs-tools -y

cloudimage available for download:

https://wiki.vidalinux.org/index.php/Linux_cloud_images

download archlinux cloud image:

cd /var/lib/vz/images
wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2

resize image:

cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G

expand image:

virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2

change password:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux

uninstall cloud-init:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"

import image to existing virtual machine:

qm importdisk 100 ./arch-openstack-LATEST-image-bootstrap_100G.qcow2 local-lvm

inside archlinux do the following to be able to install packages:

pacman-key --init && pacman-key --populate

references