Code Monkey home page Code Monkey logo

bigrig-scripts's Introduction

bigrig-scripts

A series of BASH scripts for setting up a bare-metal device as a "large scale hypervisor" with Proxmox

Purpose

The task is to use Proxmox on a UM790 Pro with 96GiB of Ram, 1.82 TiB SSD, and a USB bay of five 3.64 TiB SATA drives. The end result will have scripts to manage the finalized installation of the OS (Proxmox is Debian based) and the hardware suitable to providing services with the simulated failure of one SATA drive to be reconstructed after notification, then register the reconstruction is complete.

Milestones

  1. Install PVE (the Proxmox Virtual Environment)

  2. Install DNS (the DNS Server Appliance)

  3. With reference to this howto, invoke the following:

    pveum user add <user>@pam
pveum user list
pveum acl modify / --roles PVEAdmin --users <user>@pam

  4. Lock down the server with the firewall1. This is through the PVE Web, Datacenter:firewall/options, select "Firewall" on the right-side panel and the "edit" button above that. Select the "Firewall" checkbox on the pop-up and "ok."

  5. Prepare for on-going maintenance

    1. Repositories need to be set for "no subscription" according to the relevant howto. Both GUI and CLI options are provided on the page.
    2. The system will need an sudo apt update -y && sudo apt upgrade -y command, of course.
    3. Install git with sudo apt install git -y
    4. Check the howto for information on setting up your git account on your server, if you need.
    5. gpg is already installed, you must to add your private key and configure according to another howto on the <adminuser> account2.
    6. A local <adminuser> "git" repository needs made for this documentation as well as the scripts for performing further setup to simplify fresh installations[^6]. Create the directory for this and other git "projects," clone the script site, and change to that directory. Keep in mind, if you are not using SSH Key forwarding (such as when using the built-in shell window of the web GUI), it won't work. SSH into this with key forwarding! 
      mkdir -p ~/projects && cd ~/projects && git clone [email protected]:Romaq/bigrig-scripts.git
cd ~/projects/bigrig-scripts/bigrig-scripts

  6. Set domain name using https://www.dynu.com (optional if fixed IP)

    1. Run sudo ./DynuSetup.sh
      Answer the following questions for Dynu:
      1. Dynamic DNS service provider: other
      2. Dynamic DNS update protocol: dyndns2
      3. Dynamic DNS server: api.dynu.com
      4. Username: <your-dynu-user-name>
      5. Password: <your-dynu-password>
      6. Re-enter password: <your-dynu-password>
      7. IP address discovery method: Web-based IP discovery service3
      8. Hosts to update: < example.com, www.example.com >
    2. When the script completes, verify an update to the Dynu Control Panel, then confirm the update on the Proxmox host using sudo journalctl -u ddclient

  7. Set up email notifications per the howto.

  8. Prepare the zfs storage tank.

    1. Within the GUI, use Datacenter/<host>:Disks/ZFS and click the "Create: ZFS" button.
    2. Use "tank" for the name, "Add Storage: [X]", RAID Level: RAIDZ, Compression: on, ashift 12, select all 5 SATA drives, then the "Create" button. This "tank" is already mounted as /tank at the root.
    3. Install Ceph through the PVE (Note: be sure to select the "No Subscription" repository!)

  9. Download .iso files to the storage tank.

Footnotes

Footnotes

  1. The PVE Firewall has a hard-coded exceptions: "WebGUI(8006) and ssh(22) from your local network."

  2. While a GPG key isn't necessary, strictly speaking, it is a good practice and assumed as part of these instructions for the consistency of PVE rebuild events. If you have a GPG key within Github, it will be required here.

  3. This selection avoids confusing your internal network interface from the external interface presented to the world.

bigrig-scripts's People

Contributors

romaq avatar djv22 avatar

Watchers

avatar avatar

bigrig-scripts's Issues

SMTP localnet accept on PVE is not IPv6 compliant

On PVE, /etc/postfix/main.cf has the following line (network obscured):

mynetworks = 127.0.0.0/8 192.168.4.45/22 [fe80::5a47:caff:fe74:8c3c]/64

'ss -lnt' shows what I believe to be the correct line:
[::]:25

As a "guess", postfix's SMTP is listening correctly, but I am not competent to open up the IPv6 firewall correctly.

I'm going to move along at this point until I develop the competence to resolve this later.

Notifications: PVE will not accept SMTP notices from the local network.

SMTP Email notification is an issue. PVE.md does get to the point of self-sending email notifications, but at the time of testing, it would not receive .local network email for outbound relay.

The primary issue is "notification". A secondary issue is "mail notice non-local recipients," such as for password resets or other specific interaction with an outbound facing server.

I'm going to spend limited time on the "notification" side, then consider using Gotify. It appears a client for this is built into Proxmox. It only needs a server which can be built into the DNS.md instructions.

The DNS host is not a single "Turnkey Linux (TKL)" united, it has to be built. Since it must be built, and to some extent monitored and maintained, it is logical to use this host to carry critical services.

IF I can have SMTP behave on Proxmox to send/ receive email notices, I will consider the "gotify" option later. If I can't have PVE accept localnet email and properly forward... I can't get lost with moving things forward, and gotify will become a requirement.

USB drives could be a problem

... and a USB bay of five 3.64 TiB SATA drives.

Is there any way of connecting the drives other than USB?

USB storage has a terrible reputation for randomly dropping drives out of an array when they're used in anger (aka passing a lot of storage traffic), especially when they get hot. 😟

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.