I had a lot of trouble doing this, but it all seems to be working now, so I'd like to share for the next someone doing a search.
Scenario: corporate environment with a single standalone Proxmox VE (5.3) instance. The host has dual interfaces, which need to be bonded, and there's a dedicated vlan just for Proxmox. The Proxmox host is also going to be providing DHCP for the guests.
VLAN 1066; 10.20.66.0/23
(/23 network means 10.20.66.1 to 10.20.67.254 are available IP addresses, and 10.20.67.255 is broadcast)
Proxmox host: 10.20.66.32
Gateway: 10.20.66.1
DNS: 10.20.11.100, 10.20.11.101
DHCP range: 10.20.67.1 to 10.20.67.254
I arbitrarily decided the upper half should be for DHCP and the lower half for static addresses. For convenience I also put the host in the same vlan that the guests will be using, although the "core services" VLAN could have also fit. For superstitious reasons, I avoid .0 and .255 addresses in the middle of a network. I also earmark .1 to .31 for network equipment.
To get the host online, I have to bond eno1 and eno2, connect the guest's vmbr0 to the bond, create a vlan bond and vlan bridge, and put the host's IP address on that vlan bridge. (Mode "802.3ad" is the same as mode "4" on the Centos systems I'm used to working with. In the mode both interfaces are used at once, and it's fault tolerant of one going away.) Here's /etc/network/interfaces for that:
For guests to use the network, they are placed on vmbr0 with (vlan) tag 1066. Statically assigning IP addresses on the guests is straightforward, they do not need to be vlan aware. Getting DHCP assignments working was another adventure.
I struggled and struggled with isc-dhcp-server and eventually removed it to install dnsmasq. With a bit of experimentation, I got that to work.
(The entirety of the stock /etc/dnsmasq.conf is comments, including an example conf-dir statement just like that one.)
Then I created a /etc/dnsmasq.d/proxmox.conf and eventually got it to work with this:
Followed by a "service dnsmasq start". When that gave errors (for earlier revisions), I found "grep dnsmasq /var/log/daemon.log | tail" more useful than the suggested "journalctl -xel". Proxmox itself is kinda verbose in /var/log/daemon.log hence grep and tail instead of just tail.
The /usr/local/bin/dhcp-logger is a simple script I wrote that records all of it's arguments with a timestamp to a file in /var/log/. The dnsmasq program will call it for adds, deletes, and releases with MAC address, assigned IP address, and the client provided hostname.
Scenario: corporate environment with a single standalone Proxmox VE (5.3) instance. The host has dual interfaces, which need to be bonded, and there's a dedicated vlan just for Proxmox. The Proxmox host is also going to be providing DHCP for the guests.
VLAN 1066; 10.20.66.0/23
(/23 network means 10.20.66.1 to 10.20.67.254 are available IP addresses, and 10.20.67.255 is broadcast)
Proxmox host: 10.20.66.32
Gateway: 10.20.66.1
DNS: 10.20.11.100, 10.20.11.101
DHCP range: 10.20.67.1 to 10.20.67.254
I arbitrarily decided the upper half should be for DHCP and the lower half for static addresses. For convenience I also put the host in the same vlan that the guests will be using, although the "core services" VLAN could have also fit. For superstitious reasons, I avoid .0 and .255 addresses in the middle of a network. I also earmark .1 to .31 for network equipment.
To get the host online, I have to bond eno1 and eno2, connect the guest's vmbr0 to the bond, create a vlan bond and vlan bridge, and put the host's IP address on that vlan bridge. (Mode "802.3ad" is the same as mode "4" on the Centos systems I'm used to working with. In the mode both interfaces are used at once, and it's fault tolerant of one going away.) Here's /etc/network/interfaces for that:
Code:
iface eno1 inet manual
iface eno2 inet manual
auto bond0
iface bond0 inet manual
slaves eno1 eno2
bond_miimon 100
bond_mode 802.3ad
iface bond0.1066 inet manual
auto vmbr0v1066
iface vmbr0v1066 inet static
address 10.20.66.32
netmask 255.255.254.0
gateway 10.20.66.1
bridge_ports bond0.1066
bridge_stp off
bridge_fd 0
auto vmbr0
iface vmbr0 inet manual
bridge_ports bond0
bridge_stp off
bridge_fd 0For guests to use the network, they are placed on vmbr0 with (vlan) tag 1066. Statically assigning IP addresses on the guests is straightforward, they do not need to be vlan aware. Getting DHCP assignments working was another adventure.
I struggled and struggled with isc-dhcp-server and eventually removed it to install dnsmasq. With a bit of experimentation, I got that to work.
Code:
apt install dnsmasq
echo 'conf-dir=/etc/dnsmasq.d/,*.conf' >> /etc/dnsmasq.conf(The entirety of the stock /etc/dnsmasq.conf is comments, including an example conf-dir statement just like that one.)
Then I created a /etc/dnsmasq.d/proxmox.conf and eventually got it to work with this:
Code:
# Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
port=0
interface=vmbr0v1066
dhcp-authoritative
bind-interfaces
domain=example.net
# start ,end ,netmask
dhcp-range=10.20.67.1,10.20.67.254,255.255.254.0,24h
dhcp-option=option:router,10.20.66.1
dhcp-option=option:ntp-server,10.20.11.100,10.20.11.101
dhcp-option=option:dns-server,10.20.11.100,10.20.11.101
# terse log
dhcp-script=/usr/local/bin/dhcp-loggerFollowed by a "service dnsmasq start". When that gave errors (for earlier revisions), I found "grep dnsmasq /var/log/daemon.log | tail" more useful than the suggested "journalctl -xel". Proxmox itself is kinda verbose in /var/log/daemon.log hence grep and tail instead of just tail.
The /usr/local/bin/dhcp-logger is a simple script I wrote that records all of it's arguments with a timestamp to a file in /var/log/. The dnsmasq program will call it for adds, deletes, and releases with MAC address, assigned IP address, and the client provided hostname.
