How to create a new VM
The goal of this document is to explain how to create a new VM on our proxmox clusters.
To create a new VM, you can use the command line (you can use the qemu tools) or the web interface. The access to the web interface is limited to the IP of the clusters, so to use the web interface you should use SSH forwarding or SSH tunnelling.
Use the following command to bind the remote port to a local one:
ssh -L 8006:localhost:8006 <a host withing the proxmox cluster: platinum, iridium, osmium, krypton>
Now you can browse https://localhost:8006 and that will take you to the web interface.
We have the following clusters:
- At Plusserver in Düsseldorf, Germany, with 3 physical servers, but quite old and limited hardware
- At PLUTEX in Bremen, Germany, with 3 physical servers. Use this for storage-intensive services.
- At Noris in Nuremberg, Germany, with 3 physical servers. Use this for computing-intensive services.
- 'krypton' in Vienna, Austria, with 1 physical server. In this datacenter it is not possible to do reverse DNS.
If the VM needs to be part of a High Availability group, or need to query the LDAP database without certificates it will need to be in Düsseldorf.
Container or VM?
There are two options for new virtual hosts: container or virtual machine.
- VM: Provides more flexibility and configurability. Migrations to other Proxmox hosts are very fast
- Container: More lightweight and restricts some potentially unpleasant activities
Recently, we rather prefer Virtual Machines.
Create the VM
Click on "Create new VM" and go through the wizard. In most cases, the defaults are fine:
Name: Please check our Naming Schemes. You can re-use names used in the past.
- QEMU: activate (but make sure to install qemu later)
- Hard disk:
- Use VirtIO as device
- Type: host
- disable ballooning
- disable firewall
- At PLUTEX/Noris: Bridge vmbr0 and VLAN tag 11
The virtual machine can be HA managed by the cluster. That means the cluster will ensure that the VM is always up. We only have one HA group, so if you need HA please include the VM to this group (hag0). You can increase the restart to 10. (For the Non-HA Vienna server, make shure to enable autostart in the VM/container settings if it should be running)
Go to the console where the ISO should always have been booted. Here're some general hints:
- Use expert install (under advanced)
- Install "network-console" component (you can then connect via SSH to the installation a few steps later)
- Reuse an IP and perhaps also name of an unused old host
- Set the correct netmask (see below)
- Use the default gateway
- Set IPs of both DNS servers (see below)
- Clock: UTC
- Partition: Use full disk, guided install, with LVM
- Install only targeted drivers
- Software selection: only SSH server
- In shell: add own key to authorized_keys
Host having a dedicated IPv4 can use the following DNS servers (tennant & geoffroy): 220.127.116.11 and 18.104.22.168.
IPv6-only host use 2001:aa8:ffed:f5f3::137 and 2a00:11c0:d:1::115.
Subnets and Gateways
- Duesseldorf Cluster:
IPv4 Network: 22.214.171.124/26, 255.255.255.192
IPv4 Gateway: 126.96.36.199
IPv6 Network: 2001:aa8:ffed:f5f3::/64
IPv6 Gateway: 2001:aa8:ffed:f5f3::1
- Vienna Host:
IPv4 Network: 188.8.131.52/28, 255.255.255.240
IPv4 Gateway: 184.108.40.206
IPv6 Network: 2a00:11c0:d:1::/64
IPv6 Gateway: 2a00:11c0:d:1::1
- Nuremberg Cluster:
IPv4 Network: 220.127.116.11/28, 255.255.255.240
IPv4 Gateway: 18.104.22.168
IPv6 Network: 2001:0780:0215:1::/64
IPv6 Gateway: 2001:0780:0215:1::1
- Bremen Cluster:
IPv4 Network: 22.214.171.124/28, 255.255.255.240
IPv4 Gateway: 126.96.36.199
IPv6 Network: 2a02:16d0:1004:5a00:f5f3::cafe:/64
IPv6 Gateway: 2a02:16d0:1004:5a00:f5f3::1
Remove the install ISO from the Proxmox hardware interface.
Connect via SSH and configure the network in /etc/network/interfaces:
- Change allow-hotplug to auto
- Add IPv6, e.g.:
iface ens18 inet6 static address 2001:aa8:ffed:f5f3::140 netmask 64 gateway 2001:aa8:ffed:f5f3::1
Install the package qemu-guest-agent if you activated QEMU in the creation process.
In the FSFE's DNS settings, add the new host for the domain zone (usually db.fsfeurope.org) and the PTRs in the IPv4 and IPv6 zones.
Remember documenting the new machine! Setting up a Docker container or VM is just the technical part but in order to make the FSFE's technical infrastructure clear and maintainable, we need proper communication and documentation.
Add the VM to vm-overview.txt in the documentation repository
Please make sure to follow the process for new services.
After creating the new VM, please directly set up proper backups!
Also run the monitoring playbook against the new host to make it being checked by Icinga.
Make sure to configure unattended-upgrades for the new VM.