Fediversity/deployment
2025-01-27 15:26:38 +01:00
..
hostKeys
proxmox update VPN docs to show WireGuard config on NixOS 2025-01-24 12:27:45 +01:00
flake-part.nix Small clean up around VM ids 2025-01-27 11:57:29 +01:00
makeInstaller.nix
procolixVm.nix Small clean up around VM ids 2025-01-27 11:57:29 +01:00
README.org Clean up section on Fediversity Proxmox 2025-01-27 15:26:38 +01:00

Provisioning VMs via Proxmox

Quick links

Basic terminology

Node
physical host

Fediversity Proxmox

  • It is only accessible via Procolix's VPN:

    • Get credentials for the VPN portal and Proxmox from Kevin.
    • Log in to the VPN portal.

      • Create a New Configuration:
      • Select WireGuard (UDP)
      • Enter some name, e.g. fediversity
      • Click Download
    • Write the WireGuard configuration to a file fediversity-vpn.config next to your NixOS configuration

      • Add that file's path to .git/info/exclude and make sure it doesn't otherwise leak (for example, use Agenix to manage secrets)
    • To your NixOS configuration, add

      networking.wg-quick.interfaces.fediversity.configFile = toString ./fediversity-vpn.config;
  • Select “Promox VE authentication server”.
  • Ignore the “You do not have a valid subscription” message.

Automatically

This directory contains scripts that can automatically provision or remove a Proxmox VM. For now, they are tied to one node in the Fediversity Proxmox, but it would not be difficult to make them more generic. Try:

sh provision.sh --help
sh remove.sh --help

Preparing the machine configuration

  • It is nicer if the machine is a QEMU guest. On NixOS:

    services.qemuGuest.enable = true
  • Choose name for your machine.
  • Choose static IPs for your machine. The IPv4 and IPv6 subnets available for Fediversity testing are:

    • 95.215.187.0/24. Gateway is 95.215.187.1.
    • 2a00:51c0:13:1305::/64. Gateway is 2a00:51c0:13:1305::1.
  • I have been using id XXX (starting from 001), name fediXXX, 95.215.187.XXX and 2a00:51c0:13:1305::XXX.
  • Name servers should be 95.215.185.6 and 95.215.185.7.
  • Check Netbox to see which addresses are free.

Manually via the GUI

Upload your ISO

  • Go to Fediversity proxmox.
  • In the left view, expand under the node that you want and click on “local”.
  • Select “ISO Images”, then click “Upload”.
  • Note: You can also download from URL.
  • Note: You should click on “local” and not “local-zfs”.

Creating the VM

  • Click “Create VM” at the top right corner.

General

Node
which node will host the VM; has to be the same
VM ID
Has to be unique, probably best to use the "xxxx" in "vm0xxxx" (yet to be decided)
Name
Usually "vm" + 5 digits, e.g. "vm02199"
Resource pool
Fediversity

OS

Use CD/DVD disc image file (iso)
Storage
local, means storage of the node.
ISO image
select the image previously uploaded

No need to touch anything else

System

BIOS
OVMF (UEFI)
EFI Storage
linstor_storage; this is a storage shared by all of the Proxmox machines.
Pre-Enroll keys
MUST be unchecked
Qemu Agent
check

Disks

  • Tick “advanced” at the bottom.
  • Disk size (GiB) :: 40 (depending on requirements)
  • SSD emulation :: check (only visible if “Advanced” is checked)
  • Discard :: check, so that blocks of removed data are cleared

CPU

Sockets
1 (depending on requirements)
Cores
2 (depending on requirements)
Enable NUMA
check

Memory

Memory (MiB)
choose what you want
Ballooning Device
leave checked (only visible if “Advanced” is checked)

Network

Bridge
vnet1306. This is the provisioning bridge; we will change it later.
Firewall
uncheck, we will handle the firewall on the VM itself

Confirm

Install and start the VM

  • Start the VM a first time.

    • Select the VM in the left panel. You might have to expand the node on which it is hosted.
    • Select “Console” and start the VM.
  • Install the VM as you would any other machine.
  • /kiara/Fediversity/src/commit/e45441f12a40088011a2dac70435ae679d50c3bf/deployment/Shutdown%20the%20VM.
  • After the VM has been installed:

    • Select the VM again, then go to “Hardware”.
    • Double click on the CD/DVD Drive line. Select “Do not use any media” and press OK.
    • Double click on Network Device, and change the bridge to vnet1305, the public bridge.
  • Start the VM again.

Remove the VM

Move the VM to another node

  • Make sure there is no ISO plugged in.
  • Click on the VM. Click migrate. Choose target node. Go.
  • Since the storage is shared, it should go pretty fast (~1 minute).

Shutdown the VM

  • Find the VM in the left panel.
  • At the top right corner appears a “Shutdown” button with a submenu.
  • Clicking “Shutdown” sends a signal to shutdown the machine. This might not work if the machine is not listening for that signal.
  • Brutal solution: in the submenu, select “Stop”.
  • The checkbox “Overrule active shutdown tasks” means that the machine should be stopped even if a shutdown is currently ongoing. This is particularly important if you have tried to shut the machine down normally just before.