4 noob questions: proxmox on debian buster (debootstrap) & networking issues

V

virtManager

Member
Jun 11, 2020
28
4
8
44
Hi all,

I'm a proxmox noobie, but finally managed to install proxmox on a fully LUKS2-encrypted partition, automatically unlocked from a LUKS1-encrypted boot-partition (if you want to do the same, this is how I did it: http://forums.debian.net/viewtopic.php?f=17&t=147061&sid=a45b8597fca4ed1277c3f1c98a882550). After this, I used the guide at https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster - I just have a few minor issues left:

I installed proxmox via debootstrap and used the "--variant=minbase" due to the phrasing "It is recommended to only install the "standard" package selection, and nothing else, as Proxmox VE brings its own packages for qemu, lxc. A desktop environment is not necessary":
# debootstrap --variant=minbase stable /mnt/rootPartition http://deb.debian.org/debian/

However every time I boot up now, I don't have networking enabled before I do:
Bring up interface: # ifconfig enp4s0 up Get IP-address: # dhclient enp4s0
I think maybe it was a mistake I used the "--variant=minbase" - I even had to "apt-get install iputils-ping" as I couldn't ping... But in any case I have followed the procedure and installed the Proxmox VE packages, added the pve-no-subscription repo, repo key etc and ran "apt install proxmox-ve postfix open-iscsi".

Question 1: How do I install the more basic/standard packages that are normally installed (as I couldn't even ping, I think I'm missing a lot of standard packages and I'm used to Arch linux, not debian and don't want any conflicts of debian vs proxmox packages - furthermore I'm concerned if things aren't completely working when I start using proxmox more)...


Consider these alternative debootstrap installation methods:
Install a specific version: "buster" # debootstrap --arch amd64 buster /mnt/root https://deb.debian.org/debian/ I think this probably just takes the latest and installs that: # debootstrap stable /mnt/root http://deb.debian.org/debian/

Question 2: I'm thinking that for future installations, from scratch, would it be better to just omit the "--variant=minbase" and use one of the alternative debootstrap-methods (would that e.g. give me networking from the start, after bootup?)


I'm feeling a unhappy about having "proxmox" in /etc/hostname and my /etc/hosts looks like this:
127.0.0.1 localhost 192.168.1.50 proxmox proxmox.home pvelocalhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6--allrouters

The reason I'm a bit unhappy about this, is that I have to manually type in a static IP address, in this case 192.168.1.50. But the computer uses DHCP (at the moment "dhclient enp4s0" to obtain an IP address automatically) so I would like prefer DHCP to always be used and not specifically assign a static ip in /etc/hosts... When I tried that, I had several problems (boot-up error messages and other errors, e.g. "/etc/pve/local/pve-ssl.key failed to load local private key") before I ended up googling and following other recommendations and then I assigned a static IP address to /etc/hosts, and the error messages disappared... The problem arises that day where the IP address in /etc/hosts isn't the same as that obtained via DHCP (ip address reservation is used, but anyway - could give a conflict)...

Question 3: is it possible to avoid the static IP address in /etc/hosts and instead use DHCP? If so, how?


About missing networking at boot-up: I also read and directly followed https://www.debian.org/doc/manuals/..._the_modern_network_configuration_without_gui which says that a DHCP client configuration can be set up by creating "/etc/systemd/network/dhcp.network". E.g.:
[Match] Name=en* [Network] DHCP=yes

But that's apparantly not enough... Quite annoying that I don't automatically have network enabled, after boot-up (and at least the first login).

Question 4: What is the correct/best way to fix my networking issue, so that's always enabled after boot-up, preferably before anyone logs in?

I would be grateful for help with these - probably/hopefully minor issues!
 
Why are you using debootstrap? The guide you refer to does not do that and it is _really_ not for "noobs". Use the standard Debian installer!

Full-disk encryption is an option in the regular installer and it will also configure your network correctly and install the standard set of packages like "ping". No desktop is installed unless you select one.

If you insist on doing it the hard way, you will need to manually install the ifupdown or ifupdown2 packages and then your network configuration will be as per Proxmox standards. There's probably a zillion other things that didn't get installed, as you have selected the minimal functioning set of packages.

Really, just download one of the ISO installers and use that.

ETA: https://www.debian.org/CD/netinst/index.en.html
 
Last edited:
BobhWasatch said:
Why are you using debootstrap? The guide you refer to does not do that and it is _really_ not for "noobs". Use the standard Debian installer!
Click to expand...
First: I'm not a linux-noob - have been running with this kind of setup for years on various Arch Linux machines. But I'm a proxmox noob. Things are different on Arch vs Debian, so I wish to ask to make "it right", experience as few problems in the future and fix the last minor issues... Second, to answer the question: Because the guide doesn't work for LUKS2-encrypted LVM/root-partitions with detached header and I prefer it that way... One great thing I like is the concept of deniable encryption, meaning it's (should be as far as I know of) impossible to see that there is other than just random garbage data...

BobhWasatch said:
Full-disk encryption is an option in the regular installer and it will also configure your network correctly and install the standard set of packages like "ping". No desktop is installed unless you select one.
Click to expand...
I disagree: I tried it many times and it was impossible to make the installer understand the LUKS2-encrypted LVM partition... It only understand LUKS1, I think (old header format). Of course I would also prefer if I could do it just as in the guide. But look on the bright side: Now I've almost made a new fully functional "guide" (or not really a "guide", but I think I linked to the debian-forum-thread where I tried hard to describe all relevant), to those who prefer to have a more advanced and (in my opinion) much better encryption scheme. I'm almost there now. The installation seems working, all the hard work is done... What's not to like? If not many people have done this, then I guess it's good for the community to have some people do it, test/try new things, new ways - it gives us users more options...

BobhWasatch said:
If you insist on doing it the hard way, you will need to manually install the ifupdown or ifupdown2 packages and then your network configuration will be as per Proxmox standards. There's probably a zillion other things that didn't get installed, as you have selected the minimal functioning set of packages.
Click to expand...
I'm really confused here. Not sure if I made a mistake... Not sure if I misinterpreted - the words "It is recommended to only install the "standard" package selection, and nothing else, as Proxmox VE brings its own packages for qemu, lxc." and for that reason I chose to use debootstrap --variant=minbase stable /mnt/root http://deb.debian.org/debian/ - but could seem incorrect... Or maybe not - am not sure (it's not that many issues I've had, until now, I think, not too many error messages during boot). Seen from the positive side: All new packages are installed where the system knows of the proxmox-repo.

Anyway - it seemed like ifupdown was installed. But I tried installing ifupdown2 just to see what happened. Still the same problem... After googling and trying different things, I ended up with this solution, for /etc/network/interfaces (the 2 enp4s0 lines looked just like the enp5s0 line, before ending up here):
Code: 
auto lo
iface lo inet loopback
auto enp4s0
iface enp4s0 inet dhcp
iface enp5s0 inet manual
source-directory /etc/network/interfaces.d

I rebooted - networking is up from the start and I can directly login to 192.168.1.50:8006/ using my root password. I also made a normal user, that can login via the bash shell - but the webinterface doesn't know the normal user, apparently I have to login as root and create users from within the webinterface...
BobhWasatch said:
Really, just download one of the ISO installers and use that.

ETA: https://www.debian.org/CD/netinst/index.en.html
Click to expand...
Impossible. Can't do that - tried it too many times - won't work, even via the "Open a shell/terminal"-functionality, that also won't work (often I can't even use the cryptsetup and if/when I can use it, the installer doesn't understand the partition after all, when coming back). I don't know any other way of doing it, as I've described in the debian-forum post(s) and a bit here... Also I think you're being way too pessimistic... I haven't started up any virtual machines yet and yes there are maybe a few problems left to solve - but in general I think this has been a huge success (this can of course change within 1-2 days, I'll probably post a followup-post soon to let you know what happens when I start up VMs, all basic things seems solved now - as I see it)... It's great you took the time to help - thanks a lot for that, I'm grateful your time, help and for all the help I can get as things are normally a bit confusing in the beginning...

A few unaswered minor questions/concerns - hopefully I can still get a few comments in this direction also, before closing the thread:


Question 2: I'm thinking that for future installations, from scratch, would it be better to just omit the "--variant=minbase"? Any opinions? Experience to share? I'm not sure if I did the right decision, there are maybe both pro and cons - otherwise I might test it myself one day...


Question 3: is it possible to avoid the static IP address in /etc/hosts and instead use DHCP given my newly posted /etc/network/interfaces -configuration using DHCP or dynamically assigned IP-address (MAC-address router IP reservation is used, but I'm a bit unhappy about mixing the static IP-config with DHCP)?
 
It isn't "impossible" to do encryption with the standard installer, it just isn't possible to do exactly what you wanted. Not the same thing at all, and given that you're trying to get your feet wet on an entirely new system it seems like maybe not the best way to go about it. You know, start with the basics and work you way up. But you do you.

Glad you got it working, but lots of people do things like that "in the spirit of learning" or whatever and then are on here asking how to set up basic networking. Most of the time such questions are coming from people who have never touched Linux and will be back in a day or two telling us how flaky Proxmox is, stuff doesn't work or they have package conflicts, yada, yada, yada. I'm glad to here that maybe isn't the case this time.

Question 2: The part of the Proxmox guide where it says to do the "standard packages" is referring to the regular installer. I don't think there are debootstrap options that exactly correspond to the standard installation (I could be wrong though, I've only used it to install on "difficult" hardware and to set up chroot jails and the like). The closest thing would probably be to do a minimal install and then use "tasksel" afterward to bring in the remaining items.

Question 3: You are going to need to change your /etc/network/interfaces to create a bridge when you want your VM's to be able to reach the network. That's documented in Proxmox docs. Also, ifupdown vs ifupdown2 has to do with the latter supporting dynamic changes without rebooting and the former mostly not.

As to the actual question, you could make hook scripts in /etc/dhclient/* to update /etc/hosts with the correct IP. I _think_ but am not positive that if your forward and reverse DNS are correct you may not need the server name in /etc/hosts. At least for a non-cluster setup. For sure it isn't needed for plain Debian.
 
Last edited:
I did use proxmox for, I think around maybe 10 days or was it 2 weeks (give or take?) - to get a feeling of it - before starting this journey. I think the description of what I did can be useful for others (at least it confirms it can be done, I didn't see anyone else describe this kind of setup) and I'm happy to receive feedback on the steps/decisions... But first, to reply:

Q2: Yeah, about that debootstrap - I had to install a few basic extra packages - but not that much. I have a text-document where I've written down a lot of notes for myself - one day I might clean it up as it really needs to be condensed and maybe I need to perform a full installation 1-3 times more, before I fully understand and remember all installation steps. But thanks for adding those extra details. Also thanks a lot for mentioning "tasksel", I've installed it and tried running it, but I didn't install anything yet (I will wait because I also don't want to "interfere" with existing packages and learn the limitations for what I've got running now before I proceed with installing too many new packages). I think the "--variant=minbase" is the minimum amount of packages for a "basic system". I'll keep the current setup running for a while, it seems really close to fully running - or maybe even fully running now?

Q3: I couldn't wait although it's late now, gotta sleep after this... But I just tried to install VM from a "FreeNAS" iso - just to see... It did install everything, but I couldn't select any network interfaces. So you're definately right about the missing bridge in my setup. About ifupdown2: Thanks, for that, I've written down to myself that this is the way to do it properly, if I ever need to re-install (and I think I need that). About the hook scripts in /etc/dhclient/* : That sounds really interesting - I'll try looking into it, in the coming days/weekend. Thanks a lot for those hints/tips. About forward and reverse DNS: I don't know much about that - it's just a home network / LAN, all VMs are protected by a router with a firewall in and I'm not opening any ports up for at least some weeks, until I've got more experience.

Testing a VM running FreeNAS:

So... after installing FreeNAS to a VM and began messing with configuring that bridge... Several times, I lost internet connection (couldn't access the webUI), found out I luckily don't have to reboot, I can just issue "service networking restart" and change the config, until it works - saves a lot of time, not having to reboot... I started messing up my "FreeNAS"-VM (everything worked, except networking - apparently)... Initially it came up with displaying a "Console setup"-menu (configure network etc) and the message: "The web user interface is at: http://0.0.0.0" and it also showed "https://0.0.0.0"... Long story short: I screwed up my /etc/network/interfaces several times and finally - after struggling for ~1,5 hour(s) I arrived at this:

Code: 
auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet dhcp

iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.50
    netmask 255.255.255.0
    gateway 192.168.1.1     
    bridge-ports enp4s0
    bridge-stp off
    bridge-fd 0

source-directory /etc/network/interfaces.d

This seems to be working! When FreeNAS is booted fully up, it tells me I can visit the web-UI at https://192.168.1.236/ - I checked in my router's (192.168.1.1) "dnsmasq.leases"-file and it says that IP address was given to host "freenas". I then checked - via another pc on the same 192.168.1.xx-network, that I could access that FreeNAS-webUI - and luckily I could/can! That's a big success - I've also been struggling with this for so many hours now (I mean, the whole installation procedure)...


Conclusion: I think - not 100% sure, but - the debootstrap "minbase"-approach perhaps wasn't too bad - a few packages were missing - but all that seems to be relatively easily dealt with... I think I've got a very nice working proxmox-installation that at least can run FreeNAS - this indicates that it is also capable of running many other types of VMs... This indicates the "experiment" with LUKS2-encryption is successfull, although I couldn't read anywhere exactly how to do this... Hopefully writing about the problems I had and solutions/findings, can help other people too....

I think all the important issues I had left are fixed now... I'll try looking and seeing what I can figure out about avoiding the static IP-stuff incl. the suggested hook scripts in /etc/dhclient/* - also I'm not sure about if I need to be concerned about this "forward and reverse DNS"-stuff, should I worry? But other than that, doesn't it sound like the system is capable of what we expect it should be able to do? Any missing tests I could perform? Otherwise, ofcourse I'll test the system even more by installing even more VMs and different VMs, including a Windows VM, in the coming time/days/weeks and months.... But I'll probably create a new thread, for those specific purposes... Thanks a lot for your help BobhWasatch , feedback/ideas and suggestions, they've been very helpful to me and I'm pretty happy now! :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back