unattended install
- Thread starter Hyien
- Start date
The 'unattended' part is done via Ansible on my end,
This keeps the config of my 4-node cluster in check.
For this i start out with a Debian box to start with, and then ( as the wiki describes ) the move to Proxmox.
Playbooks control what packages are needed, repository setup, specific files/righs, ssh-keys etc.
This keeps the config of my 4-node cluster in check.
For this i start out with a Debian box to start with, and then ( as the wiki describes ) the move to Proxmox.
Playbooks control what packages are needed, repository setup, specific files/righs, ssh-keys etc.
I install manually up untill i have network and can login over SSH , then Ansible takes over and configures the rest of the box.
What i am curious is the following - as information provided is like at an absolute minimum....
- Why do you want to automate a full install of a Proxmox server ?
=> (in my opinion) the times you (re-)install a server is like not a day-2-day task
If you were running a cluster then sometimes add or reinstall of a node can be helpfull, still this again should be not a day-2-day task ?
For maintaining multiple (running) PVE boxes i would opt for automating it, so they are kept in check in regards of version/config.
Again this also means caution, as running ( like me ) a HA-cluster and a separate development-box keeping it in check with Ansible means you cannot simply issue a reboot from the playbook unless you defined parameters to separate the cluster from the dev box.
This in essence means if it is not defined the playbook could down all clusternodes after running it.
Just for info, this is one of the playbooks i have in use :
Disclaimer : i am still working on this playbook - so concider this a work-in-progress.
- Why do you want to automate a full install of a Proxmox server ?
=> (in my opinion) the times you (re-)install a server is like not a day-2-day task
If you were running a cluster then sometimes add or reinstall of a node can be helpfull, still this again should be not a day-2-day task ?
For maintaining multiple (running) PVE boxes i would opt for automating it, so they are kept in check in regards of version/config.
Again this also means caution, as running ( like me ) a HA-cluster and a separate development-box keeping it in check with Ansible means you cannot simply issue a reboot from the playbook unless you defined parameters to separate the cluster from the dev box.
This in essence means if it is not defined the playbook could down all clusternodes after running it.
Just for info, this is one of the playbooks i have in use :
YAML:
---
# ./roles/proxmox/tasks/main.yml
- name: Add HP repository into sources list using specified filename
ansible.builtin.apt_repository:
repo: deb http://downloads.linux.hpe.com/SDR/repo/mcp buster/current non-free
state: present
filename: mcp
- name: Add ProxMox free repository into sources list using specified filename (Debian 10)
ansible.builtin.apt_repository:
repo: deb http://download.proxmox.com/debian buster pve-no-subscription
state: present
filename: pve-install-repo
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- name: Remove ProxMox Enterprise repository from sources list using specified filename (Debian 10)
ansible.builtin.apt_repository:
repo: deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise
state: absent
filename: pve-enterprise
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- name: Add ProxMox free repository into sources list using specified filename (Debian 11)
ansible.builtin.apt_repository:
repo: deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
state: present
filename: pve-install-repo
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: Remove ProxMox Enterprise repository from sources list using specified filename (Debian 11)
ansible.builtin.apt_repository:
repo: deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise
state: absent
filename: pve-enterprise
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
- name: register hostname to later determine if its part of a cluster
ansible.builtin.command: 'hostname --fqdn'
register: nodename
- name: Install additional packages needed for ProxMox Cluster environment
ansible.builtin.apt:
name:
- lvm2-lockd
- dlm-controld
- gfs2-utils
state: present
when: nodename.stdout is regex("^node0?\.*.")
- name: Update apt-get repo and cache
ansible.builtin.apt:
update_cache: yes
force_apt_get: yes
cache_valid_time: 3600
- name: Upgrade all apt packages
ansible.builtin.apt:
upgrade: dist
force_apt_get: yes
- name: Check if a reboot is needed for ProxMox boxes
ansible.builtin.stat:
path: /var/run/reboot-required
register: check_reboot
- name: Print information about reboot
ansible.builtin.debug:
var: check_reboot
- name: Ensure customised dlm.conf is present
ansible.builtin.template:
src: 'dlm.conf.j2'
dest: '/etc/dlm/dlm.conf'
mode: 0600
when: nodename.stdout is regex("^node0?\.*.")
- name: Ensure lvm.conf contains lvmlockd = 1
ansible.builtin.template:
src: 'lvm.conf.j2'
dest: '/etc/lvm/lvm.conf'
mode: 0600
when: nodename.stdout is regex("^node0?\.*.")
- name: Ensure shared volumes and mountpoint definition file is present
ansible.builtin.template:
src: 'lvmshared.conf.j2'
dest: '/etc/lvm/lvmshared.conf'
mode: 0600
when: nodename.stdout is regex("^node0?\.*.")
- name: Ensure the mountscript for shared volume is available
ansible.builtin.template:
src: lvmmount.sh.j2
dest: '/usr/local/share/lvmmount.sh'
mode: 0700
when: nodename.stdout is regex("^node0?\.*.")
- name: Ensure Systemd service for shared volumes is present
ansible.builtin.template:
src: 'lvshared.service.j2'
dest: '/usr/lib/systemd/system/lvshared.service'
mode: 0644
when: nodename.stdout is regex("^node0?\.*.")
- name: Ensure SystemD service pve-guests has a After=lvshared.service entry
ansible.builtin.lineinfile:
path: /usr/lib/systemd/system/pve-guests.service
regexp: '^After=lvshared.service'
insertafter: '^After=pve-ha-crm.service$'
line: After=lvshared.service
mode: 0644
when: nodename.stdout is regex("^node0?\.*.")
- name: Force systemd to reread configs (2.4 and above)
ansible.builtin.systemd:
daemon_reload: yes
- name: check if /etc/ssh/ssh_known_hosts is present
ansible.builtin.stat:
path: /etc/ssh/ssh_known_hosts
get_checksum: no
register: ssh_known_hosts_stat
- name: Delete /etc/ssh/ssh_known_hosts
ansible.builtin.file:
path: /etc/ssh/ssh_known_hosts
state: absent
when: ssh_known_hosts_stat.stat.exists
- name: Symlink /etc/ssh/ssh_known_hosts to /etc/pve/priv/known_hosts
ansible.builtin.file:
src: /etc/pve/priv/known_hosts
dest: /etc/ssh/ssh_known_hosts
owner: root
state: link
- name: Add nodes to known_hosts
ansible.builtin.known_hosts:
path: /etc/pve/priv/known_hosts
name: '{{ item.name }}'
key: '{{ item.name }} {{ item.key }}'
loop: '{{ my_node_keys }}'
no_log: true
when: nodename.stdout is regex("^node0?\.*.")
- name: check if /root/.ssh/ssh_known_hosts is present
ansible.builtin.stat:
path: /root/.ssh/known_hosts
get_checksum: no
register: root_known_hosts_stat
- name: Delete /root/.ssh/known_hosts
ansible.builtin.file:
path: /root/.ssh/known_hosts
state: absent
when: root_known_hosts_stat.stat.exists
- name: Symlink /root/.ssh/known_hosts to /etc/pve/priv/known_hosts
ansible.builtin.file:
src: /etc/pve/priv/known_hosts
dest: /root/.ssh/known_hosts
owner: root
state: link
- name: Set up Node authorized keys
ansible.posix.authorized_key:
manage_dir: no
path: /etc/pve/priv/authorized_keys
user: root
state: present
key: '{{ item.key }}'
loop: '{{ my_node_keys }}'
no_log: true
when: nodename.stdout is regex("^node0?\.*.")Disclaimer : i am still working on this playbook - so concider this a work-in-progress.
i'm trying to automate the entire setup process end to end.
i have already gotten a lot of it automated via my config management system.
the missing piece is the initial setup the install the base server with networking/ssh enabled.
an ideal solution for me would be something like a local seed/config that contains info like IP, gateway, DNS, management NIC that i can copy to the installer and generate a custom self-contained ISO to boot with without requiring external infrastructure like DHCP / Tftp etc.
vmware ESXi supports something like this via kickstart (ks.cfg), does proxmox support something similar?
i have already gotten a lot of it automated via my config management system.
the missing piece is the initial setup the install the base server with networking/ssh enabled.
an ideal solution for me would be something like a local seed/config that contains info like IP, gateway, DNS, management NIC that i can copy to the installer and generate a custom self-contained ISO to boot with without requiring external infrastructure like DHCP / Tftp etc.
vmware ESXi supports something like this via kickstart (ks.cfg), does proxmox support something similar?
I don't think so.
As far as I know only debian.
You can install a normal Debian and install PVE ontop of it. So if Debian 10/11 supports unattended installs you could use that to install debian and install PVE later per script.
Last edited:
Although installing PVE using the PVE ISO is usually preferred. Using a non-preferred installation method just to avoid having to spend a few minutes clicking 'Next' in the PVE installer is probably not a great idea.
no, that's not implemented unfortunately, but with the ISO it takes only a couple of minutes
if you want a fully automated install the best way at the moment is preseeding debian installer and scripting the instructions from [0]
you can also script the upgrade instructions for PVE 7 (bullseye) [1] after PVE install is completed
the preferred method is always with ISO
[0]: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster
[1]: https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0
Or have a look at https://pve.proxmox.com/wiki/Unattended_installation_of_Proxmox
This uses FAI, which also can do installation without NFS and DHCP. The FAIme webservice (fai-project.org/FAIme) creates customized ISO images for you. You can also add your own customization script and a list of packages to be installed.
This uses FAI, which also can do installation without NFS and DHCP. The FAIme webservice (fai-project.org/FAIme) creates customized ISO images for you. You can also add your own customization script and a list of packages to be installed.
Just my two cents:
I've built a lot of install DVD/iso images for RHEL-based systems over the years with kickstart (ks.cfg) and also Debian-based install media with and without livecd, yet I do love to use network, which is MUCH MUCH easier and more dynamic than anything else. The hassle to rebuild an image and test is huge in comparison to any network install test. Both use the same logic (kickstart/preseed), are capable of using own repositories and such, but the network setup does allow very short iteration times.
I've built a lot of install DVD/iso images for RHEL-based systems over the years with kickstart (ks.cfg) and also Debian-based install media with and without livecd, yet I do love to use network, which is MUCH MUCH easier and more dynamic than anything else. The hassle to rebuild an image and test is huge in comparison to any network install test. Both use the same logic (kickstart/preseed), are capable of using own repositories and such, but the network setup does allow very short iteration times.