2023-07-23 17:26:46 +03:00
|
|
|
# proxmox-utils (EXPERIMENTAL)
|
|
|
|
|
|
|
|
|
|
A set of scripts for automating setup and tasks in proxmox.
|
|
|
|
|
|
2024-01-04 01:47:12 +03:00
|
|
|
## TODO
|
2024-01-04 02:52:44 +03:00
|
|
|
- revise defaults
|
2024-01-11 02:41:00 +03:00
|
|
|
- separate templates/assets into distribution and user directories
|
|
|
|
|
...this is needed to allow the user to change the configs without the
|
|
|
|
|
fear of them being overwritten by git (similar to how config is handlerd)
|
2024-02-22 23:35:33 +03:00
|
|
|
- might be a good idea to export a specific ct script that can be used
|
|
|
|
|
for updates for that ct
|
|
|
|
|
- ct updates
|
2024-01-21 03:54:16 +03:00
|
|
|
- backup/restore
|
|
|
|
|
- mail
|
2023-07-23 17:26:46 +03:00
|
|
|
|
|
|
|
|
|
2024-02-19 22:33:14 +03:00
|
|
|
## Motivation
|
|
|
|
|
|
2024-02-20 23:11:40 +03:00
|
|
|
This was simply faster to implement than learning and writing the same
|
|
|
|
|
functionality in Ansible.
|
2024-02-19 22:33:14 +03:00
|
|
|
|
2024-02-20 23:11:40 +03:00
|
|
|
_NOTE: for a fair assessment of viability of further development an
|
|
|
|
|
Ansible version will be implemented next as a direct comparison._
|
2024-02-19 22:33:14 +03:00
|
|
|
|
|
|
|
|
|
2024-01-14 17:40:13 +03:00
|
|
|
## Architecture
|
|
|
|
|
|
|
|
|
|
XXX service structure
|
|
|
|
|
|
|
|
|
|
XXX network
|
|
|
|
|
|
|
|
|
|
In general `proxmox-utils` splits the configuration into two levels:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### CT level
|
|
|
|
|
|
|
|
|
|
This level is handled by the `Makefile` and is almost completely automated
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Host level
|
|
|
|
|
|
|
|
|
|
This level depends on the host setup and is currently done manually
|
|
|
|
|
depending on existing host configuration.
|
|
|
|
|
|
|
|
|
|
XXX clean setup scripts...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
## Prerequisites
|
|
|
|
|
|
|
|
|
|
### Proxmox
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo apt update && sudo apt upgrade
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo apt install git make
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Network Bridges
|
|
|
|
|
|
|
|
|
|
`proxmox-utils` expects there to be at least three bridges:
|
2024-01-14 17:40:13 +03:00
|
|
|
- `WAN` - connected to the port that faces the external network (either
|
2024-01-13 00:04:09 +03:00
|
|
|
directly of via a router)
|
2024-01-14 17:40:13 +03:00
|
|
|
- `LAN` - a virtual bridge, not connected to any physical interfaces
|
|
|
|
|
- `ADMIN` - connected to a second physical interface used for
|
2024-01-13 00:04:09 +03:00
|
|
|
administrative purposes.
|
|
|
|
|
|
|
|
|
|
Note their numbers (i.e. the number in `vmbr#`), this will be needed for
|
|
|
|
|
setup.
|
|
|
|
|
|
2024-01-17 15:12:04 +03:00
|
|
|
Note, if the device has more that two ports it is recommended to assign
|
|
|
|
|
first/last ports to wan/admin respectively and clearly mark them as such.
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
|
|
|
|
|
### DNS
|
|
|
|
|
|
|
|
|
|
Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1`
|
|
|
|
|
but before whatever external DNS you are using.
|
|
|
|
|
|
|
|
|
|
|
2024-01-14 17:40:13 +03:00
|
|
|
### Firewall
|
|
|
|
|
|
|
|
|
|
Make sure to allow at least `ssh` access to the host node from the `ADMIN`
|
|
|
|
|
interface to allow admin CT's access to the host if needed, this is mostly
|
|
|
|
|
needed to allow VPN/ssh administration from outside.
|
|
|
|
|
|
|
|
|
|
For Proxmox firewall configuration see:
|
|
|
|
|
https://pve.proxmox.com/wiki/Firewall
|
|
|
|
|
|
|
|
|
|
|
2024-01-17 15:12:04 +03:00
|
|
|
### Recovery strategies
|
|
|
|
|
|
2024-02-20 23:11:40 +03:00
|
|
|
XXX ns/gate are separate nodes for redundancy
|
2024-01-17 15:12:04 +03:00
|
|
|
|
2024-02-20 23:11:40 +03:00
|
|
|
XXX ssh facing lan to avoid a single point of failure with gate
|
|
|
|
|
|
2024-02-21 23:55:56 +03:00
|
|
|
XXX emergency access points: ssh and wireguard
|
2024-01-17 15:12:04 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
## Setup
|
|
|
|
|
|
2024-02-08 15:31:22 +03:00
|
|
|
Get the code:
|
2024-02-07 08:55:16 +03:00
|
|
|
```shell
|
|
|
|
|
git clone https://github.com/flynx/proxmox-utils.git
|
|
|
|
|
```
|
|
|
|
|
or:
|
|
|
|
|
```shell
|
|
|
|
|
git clone git@github.com:flynx/proxmox-utils.git
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
2024-02-08 15:31:22 +03:00
|
|
|
For host setup:
|
2024-02-07 08:55:16 +03:00
|
|
|
```shell
|
|
|
|
|
sudo make host
|
|
|
|
|
```
|
|
|
|
|
|
2024-02-08 15:31:22 +03:00
|
|
|
Be carefull as this may overwrite existing configuration.
|
|
|
|
|
|
2024-02-07 08:55:16 +03:00
|
|
|
|
|
|
|
|
Install CT's:
|
2024-01-13 00:04:09 +03:00
|
|
|
```shell
|
|
|
|
|
sudo make all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
2024-02-08 15:31:22 +03:00
|
|
|
Install gitea (optional):
|
|
|
|
|
```shell
|
|
|
|
|
sudo make dev
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
2024-01-20 19:00:22 +03:00
|
|
|
## Post-setup
|
|
|
|
|
|
|
|
|
|
XXX test conections
|
|
|
|
|
XXX change proxmox ip/network
|
2024-02-11 23:42:21 +03:00
|
|
|
XXX firewall
|
2024-01-20 19:00:22 +03:00
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
|
2024-02-15 22:43:34 +03:00
|
|
|
## Extending
|
2023-07-23 17:26:46 +03:00
|
|
|
|
2024-02-15 22:43:34 +03:00
|
|
|
### Directory structure
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
/
|
|
|
|
|
+- <ct-type>/
|
|
|
|
|
| +- templates/
|
|
|
|
|
| +- assets/
|
|
|
|
|
| +- staging/
|
|
|
|
|
| +- make.sh
|
|
|
|
|
| +- config
|
|
|
|
|
| +- config.last-run
|
|
|
|
|
+- ...
|
|
|
|
|
+- Makefile
|
|
|
|
|
+- config.global
|
|
|
|
|
+- config.global.example
|
|
|
|
|
```
|
