I used an EX4 root server, and one additional public IP. I wanted to have KVM virtualization, for hosting my Drupal based sites.
Debian install
As a first step, I install Debian Squeeze, 64 bit minimal. Before, I ordered my EX4 server at Hetzner, it was few hours and I had the IP address and root password. So, login to Hetzner Robot, activate the rescue system, write down the temporary root password (!), and reboot.
Than login again via SSH, now as root, with the temporary password, and start the installimage script. Select Debian 6.0 64 bit minimal in Linux, in the config file change the hostname, and configure the partitions. I'm using 500 MB for the /boot, and the 2x1 TB is divided into 3 volume groups. As logical volumes, I setup:
- 32G for
swap - 100G for
/root - 100G for
/home - the rest for
/var
Save the config file, and wait for the partitioner. Or correct the syntax errors :)
When finished, login again via SSH with temporary root password. Now there is a minimal Debian server up and running. The software raid is now synchronizing the disks, so no performance test right now. Instead, change the temporary root password with passwd to something more private!
First config on the hosts
To get rid of some warnings, reconfigure system locales with:
dpkg-reconfigure locales
Select the local language, as a second language, next to the English, but set English for the system language.
Timezone should be also checked with:
dpkg-reconfigure tzdata
Add the first user with sudo rights, and reconfigure the SSH configs, to get basic security in place. But be careful with these steps, you can lock out yourself, and have to go back to the very first steps!
Install sudo to allow normal users to execute root commands:
apt-get install sudo
Then add a personal user:
adduser wepoca
adduser wepoca sudo
I used to copy my public key to the server, with these commands on my client PC.
ssh-copy-id [email protected]
ssh-copy-id [email protected]
If you do not have an SSH key, generate one on your PC! Now test the SSH login and make sure it works because we're going to disable any other login method. Make sure your user can use sudo too.
When this works, disable root login through SSH and disable login with normal passwords, so change as follows it in /etc/ssh/sshd_config:
PermitRootLogin no
PasswordAuthentication no
or permit only key authentication for root login, not via password
PermitRootLogin without-password
Than restart the SSH demon:
/etc/init.d/ssh restart
Now we are going to setup some new directories for Proxmox storage and backup. Become root via sudo, and:
mkdir -p /data/
Pick up one empty volume group, and check the exact number of the free PE extents via:
vgdisplay vg3
Replace vg3 with your choice! Once we have it, create the logical volume, and format it:
lvcreate -l <free PE extent> vg3 -n data
mkfs.ext4 /dev/vg3/data -L data
Add this line to /etc/fstab, re-mount, and check the result:
/dev/vg3/data /data ext4 defaults 0 0
mount -a
df -h
If everything is fine, create the two directories, we'll need them later in Proxmox admin interface:
mkdir -p /data/iso/template/iso
mkdir -p /data/backup
Proxmox VE 2.x install
First, become root via sudo su, and add the following lines to /etc/apt/sources.list:
###########################################################################
# PVE packages provided by proxmox.com
deb http://download.proxmox.com/debian squeeze pve
Add the Proxmox VE repository key:
wget -O- "http://download.proxmox.com/debian/key.asc" | apt-key add -
Update your repository and system by running:
aptitude update
aptitude full-upgrade
And now install Proxmox VE Kernel. The exact kernel might differ in the future, as of the time being it is as follows, but always check it at Proxmox:
aptitude install pve-kernel-2.6.32-12-pve
Than reboot, become root, and make sure Proxmox VE Kernel is selected on boot by uname -a.
The result should be something like:
Linux wepoca 2.6.32-12-pve #1 SMP Tue May 15 06:02:20 CEST 2012 x86_64 GNU/Linux
Now install the Proxmox VE packages:
aptitude install proxmox-ve-2.6.32
There will be two decisions during the install, accept defaults, but read what you are doing!
The first one:
The following packages have unmet dependencies:
pve-firmware: Conflicts: firmware-linux-nonfree but 0.28+squeeze1 is installed.
Conflicts: firmware-realtek but 0.28+squeeze1 is installed.
The following actions will resolve these dependencies:
Remove the following packages:
1) firmware-linux-nonfree
2) firmware-realtek
Accept this solution? [Y/n/q/?]
And the other one:
Listening address or citadel server
a. 0.0.0.0 (default)
b. internal authentication (Citadel will use its own internal user accounts database)
Configure pve-redirect, and restart apache2:
a2ensite pve-redirect.conf
/etc/init.d/apache2 restart
Install the rest of needed packages:
aptitude install ntp ssh lvm2 postfix ksm-control-daemon vzprocps mtr-tiny mc
One decision (accept defaults, but read it!):
The following NEW packages will be installed:
ksm-control-daemon postfix{b} ssh vzprocps
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 1526 kB of archives. After unpacking 3883 kB will be used.
The following packages have unmet dependencies:
postfix: Conflicts: mail-transport-agent which is a virtual package.
citadel-mta: Conflicts: mail-transport-agent which is a virtual package.
The following actions will resolve these dependencies:
Remove the following packages:
1) citadel-mta
Accept this solution? [Y/n/q/?]
Accept the suggestion to remove Exim and configure postfix according to your network as an “Internet site”, host: wepoca.net.
Now check the setup with
pveversion -v
Resulting in:
pve-manager: 2.1-1 (pve-manager/2.1/f9b0f63a)
running kernel: 2.6.32-12-pve
proxmox-ve-2.6.32: 2.1-68
pve-kernel-2.6.32-12-pve: 2.6.32-68
lvm2: 2.02.95-1pve2
clvm: 2.02.95-1pve2
corosync-pve: 1.4.3-1
openais-pve: 1.1.4-2
libqb: 0.10.1-2
redhat-cluster-pve: 3.1.8-3
resource-agents-pve: 3.9.2-3
fence-agents-pve: 3.1.7-2
pve-cluster: 1.0-26
qemu-server: 2.0-39
pve-firmware: 1.0-16
libpve-common-perl: 1.0-27
libpve-access-control: 1.0-21
libpve-storage-perl: 2.0-18
vncterm: 1.0-2
vzctl: 3.0.30-2pve5
vzprocps: 2.0.11-2
vzquota: 3.0.12-3
pve-qemu-kvm: 1.0-9
ksm-control-daemon: 1.1-1
Create user for Proxmox web interface
Login to the host, become root. First create the admin group, with all (!) admin rights to PVE
pveum groupadd admin -comment "System Administrators"
pveum aclmod / -group admin -role Administrator
Next, create the user (same as the first user - after root - in Debian), and add it to the admin group
pveum useradd wepoca@pam -comment 'Wepoca'
Optionally, change password or leave the same as the linux user:
pveum passwd wepoca@pam
Finally, add user to the admin group:
pveum usermod wepoca@pam -group admin
Than log in as wepoca@pam to the Proxmox web interface, using the IP of your EX4 host from Hetzner https://<your-IP>:8006/
As a first config over the web, you can set the keyboard locale at Datacenter --> Options --> keyboard, according to your client.
Set also the storage for Proxmox over Datacenter --> Storage, as defined above, for ISO and for backup files.
Do not forget to add the Proxmox user(wepoca in this excersice) in Datacenter --> Users.
But do not touch the network setup now, we'll do it over terminal!
So now we have now an up-and-running Proxmox VE at Hetzner datacenter. In order to get the KVM functioning, we sill have to setup networking, as well as to deal with more advanced security, like firewall.
I'll continue with this in next article.