Proxmox
=======

Purpose
-------

We use `Proxmox VE <https://www.proxmox.com/en/>`_ for the virtualization of all of our Linux servers.

Hosts
-----

The Proxmox node in the office is called ``proxmox1`` and is reachable via `SSH to proxmox1 <ssh://proxmox1.pvt.confirm.ch>`_ and the `proxmox1 WebUI <https://proxmox1.pvt.confirm.ch:8006>`_.
Please have a look at the :ref:`Office Proxmox` topic for more informations about the setup in the office.

The Proxmox node in the datacenter is called ``proxmox2`` and is reachable via `SSH to proxmox2 <ssh://proxmox2.pvt.confirm.ch>`_ and the `proxmox2 WebUI <https://proxmox2.pvt.confirm.ch:8006>`_.
Please have a look at the :ref:`Datacenter infrastructure` topic for more informations about the setup in the datacenter.

Fresh install
-------------

Setup
~~~~~

To install a new Proxmox server, the most straight-forward way in the past was:

- Install Debian via ``Expert Install``
- Use the mountoptions ``discard`` and ``relatime``
- Install the ``targeted initrd``, which is smaller and only includes the modules needed
- Install the ``openssh-server``
- Ensure SSH connectivity as `root` works (i.e. ``PermitRootLogin yes`` in ``/etc/ssh/sshd_config``)
- Install the Master Boot Record on both disks (i.e. ``sda`` and ``sdb``)
- `Force grub-efi installation to the removable media path <https://wiki.debian.org/UEFI#Force_grub-efi_installation_to_the_removable_media_path>`_

Run Ansible
~~~~~~~~~~~

Then update the Ansible host vars so you can install the new Proxmox server without any dependencies, such as:

.. code-block:: yaml

    # DNS can't lookup the new/correct IP address yet, so let us work with the IP address.
    network_public_ip: <new IP address>
    ansible_host: <new IP address>

    # The default DNS servers are on a private IP address, so use public DNS server until Proxmox reaches private DNS server.
    resolv_nameservers:
      - 1.1.1.1

When the correct host vars are in place, Ansible can be run like this:

.. code-block:: bash

    ansible -m ping -u root -k <proxmox hostname>
    ansible-playbook playbooks/config_all.yml -l '<proxmox hostname>' -u root -k --ask-v

.. hint::

    This should make the first plays (up to the user configuration & ssh changes) running smoothly. After that, Ansible will fail, because authentication fails mid-term (SSH config changes). Just run the playbook again, but remove the ``-u root -k`` flags, as your user & authorised SSH key should now be in place.

Networking
~~~~~~~~~~

Unlike all other Linux servers in our environment, the network interfaces of Proxmox are not configured via Ansible. You've to configure them manually in the `Proxmox Web UI <https://pve.proxmox.com/wiki/Network_Configuration>`_.

Users & groups
~~~~~~~~~~~~~~

Make sure you create the required users & groups in the Proxmox Web UI. 
The configuration can be found here:

    - Group (i.e. ``Datacenter > Permissions > Groups``)
    - Permission (i.e. ``Datacenter > Permissions``)
    - User (i.e. ``Datacenter > Permissions > Users``)

.. hint:: 

    The LDAP realm is configured via Ansible. Just make sure you add your desired users with the correct permissions to Proxmox.

Hardware clock
~~~~~~~~~~~~~~

After ``ntp`` is installed, make sure the date / time is correct. Then update the hardware clock:

.. code-block:: bash

    hwclock --systohc


Resize VM disk
--------------

See also `Proxmox Wiki <https://pve.proxmox.com/wiki/Resize_disks>`_.

- Resize Disk via Proxmox GUI
- Resize the PV via ``pvresize /dev/vdb``

.. hint::

    In case of resizing the ``rootvg`` Disk, you have to delete and recreate the partition via ``fdisk /dev/vda``. Don't wipe the LVM signature! Reboot the VM and resize the PV.

A safe and easy way to resize the ``rootvg`` is via the ``growpart`` utility. The utility takes up all the space it can.

.. code-block:: bash

    # install growpart
    apt -y install cloud-guest-utils

    # extend partition 2 on /dev/vda
    growpart /dev/vda 2

    # resize PV
    pvresize /dev/vda2