How to setup Proxmox VE 2.x on Hetzner EX4 server

In this article I document how I installed Proxmox VE on Hetzners root server. Proxmox Virtualisation Environment is an free, open source virtualization platform, supporting OpenVZ and KVM, high availability clusters, storage and networking model, web interface for management, and has a fine graded user authentication system.

I used an EX4 root server, and one additional public IP. I wanted to have KVM virtualization, for hosting my Drupal based sites.

Debian install

As a first step, I install Debian Squeeze, 64 bit minimal. Before, I ordered my EX4 server at Hetzner, it was few hours and I had the IP address and root password. So, login to Hetzner Robot, activate the rescue system, write down the temporary root password (!), and reboot.

Than login again via SSH, now as root, with the temporary password, and start the installimage script. Select Debian 6.0 64 bit minimal in Linux, in the config file change the hostname, and configure the partitions. I'm using 500 MB for the /boot, and the 2x1 TB is divided into 3 volume groups. As logical volumes, I setup:

  • 32G for swap
  • 100G for /root
  • 100G for /home
  • the rest for /var

Save the config file, and wait for the partitioner. Or correct the syntax errors :)

When finished, login again via SSH with temporary root password. Now there is a minimal Debian server up and running. The software raid is now synchronizing the disks, so no performance test right now. Instead, change the temporary root password with passwd to something more private!

First config on the hosts

To get rid of some warnings, reconfigure system locales with:

dpkg-reconfigure locales  

Select the local language, as a second language, next to the English, but set English for the system language.

Timezone should be also checked with:

dpkg-reconfigure tzdata  

Add the first user with sudo rights, and reconfigure the SSH configs, to get basic security in place. But be careful with these steps, you can lock out yourself, and have to go back to the very first steps!

Install sudo to allow normal users to execute root commands:

apt-get install sudo  

Then add a personal user:

adduser wepoca  
adduser wepoca sudo  

I used to copy my public key to the server, with these commands on my client PC.

ssh-copy-id [email protected]  
ssh-copy-id [email protected]  

If you do not have an SSH key, generate one on your PC! Now test the SSH login and make sure it works because we're going to disable any other login method. Make sure your user can use sudo too.

When this works, disable root login through SSH and disable login with normal passwords, so change as follows it in /etc/ssh/sshd_config:

PermitRootLogin no  
PasswordAuthentication no  

or permit only key authentication for root login, not via password

PermitRootLogin without-password  

Than restart the SSH demon:

/etc/init.d/ssh restart

Now we are going to setup some new directories for Proxmox storage and backup. Become root via sudo, and:

mkdir -p /data/  

Pick up one empty volume group, and check the exact number of the free PE extents via:

vgdisplay vg3  

Replace vg3 with your choice! Once we have it, create the logical volume, and format it:

lvcreate -l <free PE extent> vg3 -n data  
mkfs.ext4 /dev/vg3/data -L data  

Add this line to /etc/fstab, re-mount, and check the result:

/dev/vg3/data /data ext4 defaults 0 0
mount -a  
df -h  

If everything is fine, create the two directories, we'll need them later in Proxmox admin interface:

mkdir -p /data/iso/template/iso  
mkdir -p /data/backup  

Proxmox VE 2.x install

First, become root via sudo su, and add the following lines to /etc/apt/sources.list:

###########################################################################
# PVE packages provided by proxmox.com
deb http://download.proxmox.com/debian squeeze pve  

Add the Proxmox VE repository key:

wget -O- "http://download.proxmox.com/debian/key.asc" | apt-key add -  

Update your repository and system by running:

aptitude update  
aptitude full-upgrade  

And now install Proxmox VE Kernel. The exact kernel might differ in the future, as of the time being it is as follows, but always check it at Proxmox:

aptitude install pve-kernel-2.6.32-12-pve  

Than reboot, become root, and make sure Proxmox VE Kernel is selected on boot by uname -a.

The result should be something like:

Linux wepoca 2.6.32-12-pve #1 SMP Tue May 15 06:02:20 CEST 2012 x86_64 GNU/Linux  

Now install the Proxmox VE packages:

aptitude install proxmox-ve-2.6.32  

There will be two decisions during the install, accept defaults, but read what you are doing!

The first one:

The following packages have unmet dependencies:  
pve-firmware: Conflicts: firmware-linux-nonfree but 0.28+squeeze1 is installed.  
              Conflicts: firmware-realtek but 0.28+squeeze1 is installed.
The following actions will resolve these dependencies:

Remove the following packages:  
   1)     firmware-linux-nonfree
   2)     firmware-realtek
Accept this solution? [Y/n/q/?]  

And the other one:

Listening address or citadel server  
    a. 0.0.0.0 (default)
    b. internal authentication (Citadel will use its own internal user accounts database)

Configure pve-redirect, and restart apache2:

a2ensite pve-redirect.conf  
/etc/init.d/apache2 restart

Install the rest of needed packages:

aptitude install ntp ssh lvm2 postfix ksm-control-daemon vzprocps mtr-tiny mc  

One decision (accept defaults, but read it!):

    The following NEW packages will be installed:
      ksm-control-daemon postfix{b} ssh vzprocps
    0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
    Need to get 1526 kB of archives. After unpacking 3883 kB will be used.
    The following packages have unmet dependencies:
      postfix: Conflicts: mail-transport-agent which is a virtual package.
      citadel-mta: Conflicts: mail-transport-agent which is a virtual package.
    The following actions will resolve these dependencies:

    Remove the following packages:
      1)     citadel-mta

    Accept this solution? [Y/n/q/?]

Accept the suggestion to remove Exim and configure postfix according to your network as an “Internet site”, host: wepoca.net.

Now check the setup with

    pveversion -v

Resulting in:

    pve-manager: 2.1-1 (pve-manager/2.1/f9b0f63a)
    running kernel: 2.6.32-12-pve
    proxmox-ve-2.6.32: 2.1-68
    pve-kernel-2.6.32-12-pve: 2.6.32-68
    lvm2: 2.02.95-1pve2
    clvm: 2.02.95-1pve2
    corosync-pve: 1.4.3-1
    openais-pve: 1.1.4-2
    libqb: 0.10.1-2
    redhat-cluster-pve: 3.1.8-3
    resource-agents-pve: 3.9.2-3
    fence-agents-pve: 3.1.7-2
    pve-cluster: 1.0-26
    qemu-server: 2.0-39
    pve-firmware: 1.0-16
    libpve-common-perl: 1.0-27
    libpve-access-control: 1.0-21
    libpve-storage-perl: 2.0-18
    vncterm: 1.0-2
    vzctl: 3.0.30-2pve5
    vzprocps: 2.0.11-2
    vzquota: 3.0.12-3
    pve-qemu-kvm: 1.0-9
    ksm-control-daemon: 1.1-1

Create user for Proxmox web interface

Login to the host, become root. First create the admin group, with all (!) admin rights to PVE

    pveum groupadd admin -comment "System Administrators"
    pveum aclmod / -group admin -role Administrator

Next, create the user (same as the first user - after root - in Debian), and add it to the admin group

pveum useradd wepoca@pam -comment 'Wepoca'  

Optionally, change password or leave the same as the linux user:

pveum passwd wepoca@pam  

Finally, add user to the admin group:

pveum usermod wepoca@pam -group admin  

Than log in as wepoca@pam to the Proxmox web interface, using the IP of your EX4 host from Hetzner https://<your-IP>:8006/

As a first config over the web, you can set the keyboard locale at Datacenter --> Options --> keyboard, according to your client.

Set also the storage for Proxmox over Datacenter --> Storage, as defined above, for ISO and for backup files.

Do not forget to add the Proxmox user(wepoca in this excersice) in Datacenter --> Users.

But do not touch the network setup now, we'll do it over terminal!

So now we have now an up-and-running Proxmox VE at Hetzner datacenter. In order to get the KVM functioning, we sill have to setup networking, as well as to deal with more advanced security, like firewall.

I'll continue with this in next article.