How to create a new VM
The goal of this document is to explain how to create a new VM on our proxmox clusters.
To create a new VM, you can use the command line (you can use the qemu tools) or the web interface. The access to the web interface is limited to the IP of the clusters, so to use the web interface you should use SSH forwarding or SSH tunnelling.
Use the following command to bind the remote port to a local one:
ssh -L 8006:localhost:8006 <a host withing the proxmox cluster: platinum, iridium, osmium, krypton>
Now you can browse https://localhost:8006 and that will take you to the web interface.
We have two clusters:
- In Düsseldorf, Germany, with 3 physical servers
- 'krypton' in Vienna, Austria, with 1 physical server. In this datacenter it is not possible to do reverse DNS.
If the VM needs to be part of a High Availability group, or need to query the LDAP database without certificates it will need to be in Düsseldorf.
Container or VM?
There are two options for new virtual hosts: container or virtual machine.
- VM: Provides more flexibility and configurability. Migrations to other Proxmox hosts are very fast
- Container: More lightweight and restricts some potentially unpleasant activities
Recently, we rather prefer Virtual Machines.
Create the VM
Click on "Create new VM" and go through the wizard. In most cases, the defaults are fine:
Name: Please check our Naming Schemes. You can re-use names used in the past.
- QEMU: activate (but make sure to install qemu later)
- Hard disk:
- Use VirtIO as device
- Type: host
- disable ballooning
- disable firewall
The virtual machine can be HA managed by the cluster. That means the cluster will ensure that the VM is always up. We only have one HA group, so if you need HA please include the VM to this group (hag0). You can increase the restart to 10.
Go to the console where the ISO should always have been booted. Here're some general hints:
- Use expert install (under advanced)
- Install "network-console" component (you can then connect via SSH to the installation a few steps later)
- Reuse an IP and perhaps also name of an unused old host
- Set the correct netmask (in DUS: .192, Anexia: .240)
- Use the default gateway
- Set IPs of both DNS servers
- Clock: UTC
- Partition: Use full disk, guided install, with LVM
- Install only targeted drivers
- Software selection: only SSH server
- In shell: add own key to authorized_keys
Remove the install ISO from the Proxmox hardware interface.
Connect via SSH and configure the network in /etc/network/interfaces:
- Change allow-hotplug to auto
- Add IPv6, e.g.:
iface ens18 inet6 static address 2001:aa8:ffed:f5f3::140/64 netmask 56 gateway 2001:aa8:ffed:f5f3::1
Install the package qemu-guest-agent if you activated QEMU in the creation process.
In the FSFE's DNS settings, add the new host for the domain zone (usually db.fsfeurope.org) and the PTRs in the IPv4 and IPv6 zones.
Remember documenting the new machine! Setting up a Docker container or VM is just the technical part but in order to make the FSFE's technical infrastructure clear and maintainable, we need proper communication and documentation.
Add the VM to vm-overview.txt in the documentation repository
Please make sure to follow the process for new services.
After creating the new VM, please directly set up proper backups!
Also run the monitoring playbook against the new host to make it being checked by Icinga.
Make sure to configure unattended-upgrades for the new VM.