Howto proxmox

From Vidalinux Wiki
Revision as of 23:34, 20 April 2024 by Mandulete1 (talk | contribs) (→‎download cloudimages)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

install proxmox

download proxmox iso:

https://enterprise.proxmox.com/iso/proxmox-ve_8.1-2.iso

openwrt

download openwrt image:

cd /var/lib/vz/images
wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz

create container in proxmox using pct:

pct create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm

edit container config /etc/pve/lxc/102.conf:

lxc.cgroup2.devices.allow: c10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

configure /etc/config/network:

config interface 'loopback'
   option device 'lo'
   option proto 'static'
   option ipaddr '127.0.0.1'
   option netmask '255.0.0.0'

config globals 'globals'
   option ula_prefix 'fdb5:603d:27d8::/48'

config device 'lan_br'
   option name 'br-lan'
   option type 'bridge'
   list ports 'eth1'

config device 'eth1'
   option name 'eth1'

config interface 'lan'
   option device 'br-lan'
   option proto 'static'
   option ipaddr '192.168.99.254'
   option netmask '255.255.255.0'
   option ip6assign '60'

config interface 'wan'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.44'
   option netmask '255.255.255.0'
   option gateway '192.168.24.254'
   option ip6assign '60'

config interface 'wan1'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.45'
   option netmask '255.255.255.0'

restart network service:

service network restart

configure /etc/config/dhcp:

config dnsmasq
   option domainneeded '1'
   option localise_queries '1'
   option rebind_protection '1'
   option rebind_localhost '1'
   option local '/lan/'
   option domain 'ovoxcloud.com'
   option expandhosts '1'
   option cachesize '1000'
   option authoritative '1'
   option readethers '1'
   option leasefile '/tmp/dhcp.leases'
   option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
   option localservice '1'
   option ednspacket_max '1232'
   list server '4.2.2.1'
   list server '4.2.2.2'
   list interface 'lan'
   list notinterface 'wan'
   option port '53'

config dhcp 'lan'
   option interface 'lan'
   option start '100'
   option limit '150'
   option leasetime '12h'
   option dhcpv4 'server'
   option dhcpv6 'server'
   option ra 'server'
   option ra_slaac '1'
   list ra_flags 'managed-config'
   list ra_flags 'other-config'

config dhcp 'wan'
   option interface 'wan'
   option ignore '1'

config odhcpd 'odhcpd'
   option maindhcp '0'
   option leasefile '/tmp/hosts/odhcpd'
   option leasetrigger '/usr/sbin/odhcpd-update'
   option loglevel '4'

restart dhcp service:

service dnsmasq restart

verify if dnsmasq is running:

ps w|grep dnsmasq

if for some reason the dnsmasq doesn't start:

dnsmasq -C /var/etc/dnsmasq.conf.*

configure /etc/config/firewall:

config defaults
   option syn_flood '1'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'

config zone
   option name 'lan'
   list network 'lan'
   option input 'ACCEPT'
   option output 'ACCEPT'
   option forward 'ACCEPT'

config zone
   option name 'wan'
   list network 'wan'
   list network 'wan6'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'
   option masq '1'
   option mtu_fix '1'

config forwarding
   option src 'lan'
   option dest 'wan'

config rule
   option name 'Allow-DHCP-Renew'
   option src 'wan'
   option proto 'udp'
   option dest_port '68'
   option target 'ACCEPT'
   option family 'ipv4'

config rule
   option name 'Allow-Ping'
   option src 'wan'
   option proto 'icmp'
   option icmp_type 'echo-request'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-IGMP'
   option src 'wan'
   option proto 'igmp'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-SSH-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '22'
   option target 'ACCEPT'

config rule
   option name 'Allow-HTTP-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '443'
   option target 'ACCEPT'

config rule
   option name 'Allow-DHCPv6'
   option src 'wan'
   option proto 'udp'
   option dest_port '546'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-MLD'
   option src 'wan'
   option proto 'icmp'
   option src_ip 'fe80::/10'
   list icmp_type '130/0'
   list icmp_type '131/0'
   list icmp_type '132/0'
   list icmp_type '143/0'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Input'
   option src 'wan'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   list icmp_type 'router-solicitation'
   list icmp_type 'neighbour-solicitation'
   list icmp_type 'router-advertisement'
   list icmp_type 'neighbour-advertisement'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Forward'
   option src 'wan'
   option dest '*'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-IPSec-ESP'
   option src 'wan'
   option dest 'lan'
   option proto 'esp'
   option target 'ACCEPT'

config rule
   option name 'Allow-ISAKMP'
   option src 'wan'
   option dest 'lan'
   option dest_port '500'
   option proto 'udp'
   option target 'ACCEPT'

config redirect
   option src      wan
   option dest     lan
   option src_dip  192.168.24.45
   option dest_ip  192.168.99.208
   option target   DNAT
   option name     DNAT-IP-WAN-LAN
   option enabled  

config redirect
   option src      lan
   option dest     wan
   option src_ip   192.168.99.208
   option src_dip  192.168.24.45
   option target   SNAT
   option name     SNAT-IP-LAN-WAN
   option enabled  1

restart firewall service:

service firewall restart

install luci theme:

opkg update
opkg install luci-compat
opkg install luci-lib-ipkg
wget --no-check-certificate https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk -O luci-theme-argon_2.3.1_all.ipk
opkg install luci-theme-argon_2.3.1_all.ipk

restart http server:

service uhttpd restart

enter web interface:

https://192.168.24.44

download cloudimages

log to promox server console as root and install this packages:

apt-get install guestfs-tools -y

cloudimage available for download:

https://wiki.vidalinux.org/index.php/Linux_cloud_images

download archlinux cloud image:

cd /var/lib/vz/images
wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2

resize image:

cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G

expand image:

virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2

change password:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux

uninstall cloud-init:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"

import image to existing virtual machine:

qm importdisk 100 ./arch-openstack-LATEST-image-bootstrap_100G.qcow2 local-lvm

inside archlinux do the following to be able to install packages:

pacman-key --init && pacman-key --populate

references