Skip to main content

Adding New VMs

This entire guide should be replaced by a cloud-init template and some configuration details, although that'll take more time than it's worth for the moment.

This guide is for when you wish to create additional KVM/QEMU virtual machines via proxy and add them to the network.

As a standard the VMs use Debian 12 Bookworm as the system operating system. While it is possible to use Ubuntu it's really unnecessary as Ubuntu as a server operating system just offers more system bloat. You can still use apt and the like on Debian, and it has just a fruitful database of help should you stumble into any issues.

Creating from Image

  1. In the Proxmox VE Web Interface right click 200 (template) in the left sidebar and select Clone
  2. Set mode to Full Clone
  3. Set name to be the desired hostname
  4. Start the newly created vm
  5. Login as root (password is password by default)
  6. Set root password
passwd root
  1. Change /etc/hostname and /etc/hosts to match desired hostname
  2. Set IP address in /etc/network/interfaces
auto lo
iface lo inet loopback
    dns-nameservers 1.0.0.1
    dns-search 1.1.1.1

auto eth0
iface eth0 inet static
    address 10.0.0.X/24
    gateway 10.0.0.254
  1. Reboot
reboot
  1. Set motd
  2. Set SSH port
vim /etc/ssh/sshd_config

Port 22{vmid}
  1. Open SSH port on host as root. See Opening New Ports
  2. Run deploy users script on VM
  3. Good to go!

Manually creating from ISO (Debian)

If, for whatever reason cloud-init is deemed inappropriate you can build a Debian image connected to the internal network by following this guide:

1. Creating the VM in Proxmox

These steps aren't in the exact order they happen once it gets to the Debian 12 installation guide as they were written from memory, will update it properly once I go back through and do it manually.

  1. In the top right hit "Create VM" Ensure the node is left the default, and that the VM ID is the next in the series (take a note of this ID)

Set a name, this should be the name of the server and (with the addition of .local make the hostname of the machine)

  1. Hit next and select the ISO Image for the OS you want, Debian 12.0.0 Bookworm should be your choice.

  2. Hit next, and then next again. We don't care about anything on the System Page.

  3. Hit next and set the Disk size to be as much disk space as you want the VM to have

  4. Hit next and give the amount of CPU cores you want. If you need the cores to be high performance make sure to set the Type to be host otherwise it uses virtual cores or 'vCores' emulated by kvm64. kvm64 is fine for routine software and allows for better CPU scheduling / sharing across VMs.

  5. Hit next and give it the amount of RAM you think the VM will need. We're not short on RAM so feel free to give it 4000-6000 MiB (4-6GB) If you think you'll need more it's probably a good idea to double check there's enough system memory left on the machine, including leaving 6gb for the host machine to function.

  6. Hit next and make sure the Bridge is set to vmbr1, vmbr0 is the default but vmbr1 is the bridge that represents our local network. Without setting it to vmbr1 the machine will be unable to be given a static IP or connect to the internet.

  7. Hit start the Vm after create and then create the VM.

2. Installing the OS

  1. Click into the console for the VM and go through the Debain 11 installer
  • NB: Use the "Installer" not the Graphical Installer, this is a server we're provisioning not a desktop machine.
  1. Configure the Language Settings
  • Set Language to English
  • Country/Territory/Area to be Ireland
  • Keymap to be American English
  1. Configure the Network Settings DHCP will fail as we do not have a DHCP server. This is fine, wait for it to finish trying and then configure the network manually.
  • Set the IP Address to be 10.0.0.(100-vmid) meaning VMID 100 gets the IP 10.0.0.0 and VMID 110 gets the IP 10.0.0.10
  • Network Mask can be left the default 255.255.255.0 (/24)
  • Gateway is 10.0.0.254 which represents the Host machine's IP address on the local network.
  • Set the DNS Servers to be 1.1.1.1 1.0.0.1. These are cloudflare's DNS servers.
  1. The next steps are done automatically, like setting the system clock. This takes a while.
  2. Configure the Disk
  • Use the Guided - use entire disk and setup LVM partioning method
  • Use the default disk
  • Use the All files in one partition partioning scheme
  • Write the changes (yes)
  • Use the default amount in guided partitioning (continue)
  • Write the changes (yes)

  1. Wait for the base system to install

  2. Don't scan for additional installation media, there is none (no)

  3. Configure the package manager country to be Germany

  4. Select deb.debian.org

  5. Skip configuring a HTTP proxy (continue) If it fails to grab information from the package mirror then there is some form of networking issue which can be debugged after installation.

  6. Install the SSH server as well as the standard system utilities.

  • Use spacebar to unselect Gnome and Debian Desktop Environment. We don't need a GUI on a server.
  1. Install the Grub bootloader (Yes)
  • Choose /dev/sda / whatever the main drive is called, don't enter it manually

3. Documenting the Server

Now is the time to begin writing up the documentation for the server. 13. Add the server to notes/Servers and create a note for it in Servers/{name} 14. Modify notes/Users under the users.json section and add the server's hostname to users you think should have access. Only give people the : sudo permission if they will be performing administrative access on the machine. Default to not giving them access. If they need to access shared services they should su into that services' account on the machine or host it from their own account.

3. Configuring the OS for Production Use

  1. Become root and install/update packages. su -l apt update && apt upgrade apt install sudo curl git whois

  2. Give your user account sudo privilges adduser {username} sudo

Other accounts will be given appropriate permissions based on users.json in the next step. The script will skip over your account because it already exists.

  1. Use the deploy_users.py script to create user accounts Get the users.json from notes/Users that you modified in step 17.

  2. Configure SSHD cd /etc/ssh/ {editor of choice: vi/nano/emacs/...} sshd_config

Port 22{vmid}
PermitRootLogin no
PasswordAuthentication no # Ensure you've added your public key before this
PermitEmptyPasswords no

Now restart sshd systemctl restart sshd

  1. Open the SSH port on the host system sudo bash /home/errityr/open_port.sh {local-ip} {sshd port}

  2. Update documentation as appropriate: open ports, implementation details, etc.

  3. Notify the users by email that the VM has been created State its purpose, link its respective pages in the documentation and give them their newly created account details. The passwords generated by deploy_users expire after first use, so you can reasonably safely send all the details in one large email to everyone rather than using individual emails.

  4. Update /etc/motd

Generate some sweet ascii art for the new machine! https://www.kammerl.de/ascii/AsciiSignature.php

Make sure to add a disclaimer

{asciiart}

Local IP: {local IP}
Administrator: errityr@tcd.ie 

These machines run production services. Please take care when running commands which may disrupt this.

Feel free to replace the administrator contact with your own if you are managing that particular VM.

Useful resource: https://www.youtube.com/watch?v=Q5l7VH6b5r4