4. PVE 8.x - Setup - Habitats Open Tech

## [[webUI]] Setup Using a browser access the [[PVE]] [[webUI]] over the [[LAN]] : e.g. <code class="g-code">https://192.168.0.62:8006</code> Do not be alarmed when you see the message <b style="color:#ff0000; font-size: 18px;">Your connection is not private</span>. This message is related to the self-signed [[PVE]] certificate. Because the certificate is self-signed and not issued by a well known certificate authority, the warning is created to alert you to this fact. Safely ignore this message. <button class="navigate">Advanced</button> ![[pve-setup-0-0.png]] <button class="navigate">Proceed to {ip-address} (unsafe)</button> ![[pve-setup-0-1.png]] ## [[webUI]] Login <span class="fieldname">User Name</span>: <code class="w-code">root</code> <span class="fieldname">Password</span>: the password you provided during [[PVE]] [[3. PVE 7.x - Install#^6588f5|installation]] <span class="fieldname">Realm</span>: <code class="w-code">Linux PAM standard authentication</code> <span class="fieldname">Save User Name</span>: ✔ | ❌ - for extra security ❌ `Save User name` <button class="navigate">Login</button> ![[pve-setup-1-0.png]] If you decide not to buy a subscription the message `No valid subscription` will come up every time you login; click <button class="navigate">OK</button> ![[pve-setup-1-1.png]] ## Setup [[PVE]] Repository By default the ***enterprise*** repository is enabled, which requires a paid subscription. If you want to use [[PVE]] without a subscription, `Disable` the ***enterprise*** and `Enable` the ***no-subscription*** repository. <button class="navigate">Repositories</button> `https://enterprise.proxmox.com/debian/ceph-quincy` <button class="navigate">Disable</button> `https://enterprise.proxmox.com/debian/pve` <button class="navigate">Disable</button> ![[pve-setup-2-0.png]] <button class="navigate">Repositories</button> <button class="navigate">Add</button> <button class="navigate">Repository</button> `No-Subscription` ![[pve-setup-2-1.png]] <button class="navigate">Add</button> ![[pve-setup-2-2.png]] At this stage you should end up with the following configuration. ![[pve-setup-2-3.png]] ## Update [[PVE]] to the latest version <button class="navigate">Updates</button> <button class="navigate">Refresh</button> ![[pve-setup-3-0.png]] Close the modal window when you see `TASK OK` ![[pve-setup-3-1.png]] If there are updates, following <button class="navigate">Refresh</button>, they will be listed and we can upgrade: <button class="navigate">Updates</button> <button class="navigate">>_ Upgrade</button> ![[pve-setup-3-2.png]] Console window will pop up to confirm upgrade; `y` to apply the upgrade. ![[pve-setup-3-3.png]] If upgrade does not include a kernel update then you can close the Console window. ![[pve-setup-3-4.png]] If upgrade includes a kernel update you will be reminded to *reboot*. On the spot you can type `reboot now` in the console to *reboot* the [[PVEn]] , or you can close the console window and *reboot* at a more convenient time. The new kernel will not activate until you *reboot*. ![[pve-setup-3-5.png]] > [!attention] It is tempting to install 3rd party packages in the [[PVE]] host/node as it is Debian based. I strongly suggest you avoid the temptation, if long term system stability is your aim. For most workloads you can instead use a KVM/LXC. [[PVE]] is now setup at a level we can start installing [[KVM]]s and [[LXC]]s. In subsequent articles we will explore more configuration options from the list below. ![[pve-setup-4.png]] [[PVE]] 8 is based on [[Debian]] 12 and ships with [[Linux]] [[kernel]] 6.2+. For a discussion on [[PVE]] [[kernel]] maintenance commands see [[4. PVE 7.x - Setup#Update PVE to the latest kernel version 6.x (optional)|Update PVE to the latest kernel version 6.x (optional)]]. [[PVE]] 8 has three configuration/monitoring tabs for network and storage. [[SDN]] monitoring and network security is now easier using the `localnetwork` tab. Check the official [SDN Reference](https://pve.proxmox.com/pve-docs/chapter-pvesdn.html). ![[pve-setup-5.png]] ## [[NIC]] setup During [[PVE]] installation one [[NIC]] is configured with the sole purpose to allow [[PVE]] remote management using the [[webUI]]. Under the hood the [[NIC]] is associated with a [[Linux]] bridge named `vmbr0`, which also hosts the [[IPv4]] of the [[PVE]] [[NMI]]. In the below example we have two physical [[NIC]]s, `eno1` and `enp2s0`. During [[PVE]] installation we specified the IPv4 for the [[NMI]] and [[Gateway]], which are shown below: <span class="fieldname">Name:</span> <code class="w-code">vmbr0</code> - the default name of this [[Linux]] bridge, given by [[PVE]], which you can change if you wish; this name is used when setting up network interfaces in [[VM]]s <span class="fieldname">IPv4/CIDR:</span> <code class="w-code">10.29.9.60/24</code> - the [[IPv4]] of the [[PVE]] [[NMI]]; this is the [[IPv4]] you will use for the [[webUI]]; this field can be left blank, but then it will not be possible to manage [[PVE]] through the [[webUI]]; if setting up multiple bridges at least one bridge must have this field populated in order for [[PVE]] to be accessible through the [[webUI]] <span class="fieldname">Gateway (IPv4):</span> <code class="w-code">10.29.9.254</code> - the [[IPv4]] of the [[Internet]]/[[NAT]] [[Gateway]]; if setting up multiple bridges only one bridge can have this field populated <span class="fieldname">Autostart:</span> ✔ - start the bridge during [[PVE]] boot time <span class="fieldname">VLAN aware:</span> ❌/✔ enable if you will be using [[VLAN]]s with this bridge <span class="fieldname">Bridge ports:</span> <code class="w-code">eno1</code> - the physical [[NIC]]s (Network Devices) associated with this bridge; can be one of or more [[NIC]]s and/or bonded [[NIC]]s <span class="fieldname">Comment:</span> <code class="w-code">ICT net</code> - this is a comment for your reference, useful when multiple [[NIC]]s or bridges are used <span class="fieldname">MTU:</span> <code class="w-code">1500</code> - this is the size of the [[MTU]], which I suggest you do not change unless you have a really good reason to. Changing this could break things with [[VM]]s and other processes; do not change unless you know how to configure and troubleshoot things. ![[pve-setup-nic-0.png]] Systems with two [[NIC]]s are useful in the following circumstances: - Network redundancy/failover - Network performance, using bonded [[NIC]]s - Virtualised network routing (e.g. [[OPNsense]], [[pfSense]], [[VyOS]]) In our example above we have two Network Devices, but only one associated with a bridge (`eno1`). Let's add `enp2s0` to a new bridge. <button class="navigate">Network</button> <button class="navigate">Create</button> <button class="navigate">Linux Bridge</button> ![[pve-setup-nic-1.png]] <span class="fieldname">Name:</span> <code class="w-code">vmbr1</code> - we use [[PVE]] naming conventions <span class="fieldname">IPv4/CIDR:</span> <code class="w-code">10.0.0.255/16</code> - although we could leave this field blank, we instead provide the ability to be able to use the [[PVE]] [[webUI]] from another network (`10.0.0.0/16`) <span class="fieldname">Gateway (IPv4):</span> - empty as one and only one [[Gateway]] can be specified per [[PVE]] setup <span class="fieldname">Autostart:</span> ✔ - start the bridge during [[PVE]] boot time <span class="fieldname">VLAN aware:</span> ❌/✔ enable if you will be using [[VLAN]]s with this bridge <span class="fieldname">Bridge ports:</span> <code class="w-code">enp2s0</code> <span class="fieldname">Comment:</span> <code class="w-code">IoT net</code> <span class="fieldname">MTU:</span> <code class="w-code">1500</code> - default <button class="navigate">OK</button> ![[pve-setup-nic-2.png]] We now have two bridges setup, which can be used in any scenario where two broadcast domains are required (e.g. `10.29.9.0/24` and `10.0.0.0/16`), without using [[VLAN]]s. The most common use is with virtual routers like [[OPNsense]], [[pfSense]], [[VyOS]], where one bridge is associated with the [[WAN]] interface (e.g. `10.29.9.0/24`) and the other bridge with the [[LAN]] interface (e.g. `10.0.0.0/16`). ![[pve-setup-nic-3.png]] Consult [[4. OPNsense - Setup]] for a use case scenario of two Linux Bridges. # Download [[LXC]] Templates When creating [[LXC]]s we need to select which template we want to associate with the [[LXC]]. The template contains just the [[OS]] (e.g. [[Debian]] 11) or the [[OS]] with applications (e.g. all [[Turnkey]] templates are [[SW]] appliances, containing he [[OS]] plus specific application for different use-case scenarios). To download [[LXC]] templates consult: [[7. PVE 8.x - Create LXC (CT)#Download LXC templates]]. If the template you are after cannot be found, visit http://ftp.cn.debian.org/proxmox/images/system/ or http://download.proxmox.com/images/system/ to download the template you require (`.tar.xz`). Say we want to download `debian-10-standard_10.7-1_amd64.tar.gz`. Right click on the template you want to download and select <span class="fieldname">Copy Link Address</span>. ![[pve-setup-lxc-0.png]] <button class="navigate">Storage</button> <button class="navigate">local (pve)</button> <button class="navigate">CT Templates</button> <button class="navigate">Download from URL</button> ![[pve-setup-lxc-1.png]] Paste the link of the [[URL]] copied earlier (`http://ftp.cn.debian.org/proxmox/images/system/debian-10-standard_10.7-1_amd64.tar.gz`) and click <button class="navigate">Query URL</button> <button class="navigate">Download</button> ![[pve-setup-lxc-2.png]] Download commences and if it succeeds (`TASK OK`) you can close the modal window. ![[pve-setup-lxc-3.png]] This template (`debian-10-standard_10.7-1_amd64.tar.gz`) can now be used to create an [[LXC]]. ![[pve-setup-lxc-4.png]] # Download [[ISO]] Images When creating [[KVM]]s we usually need to select which [[ISO]] image we want to use, which in most instances contains the [[OS]] we want to install (e.g. [[Windows]] 11). The download process is similar to [[LXC]], however, [[Proxmox]] do not supply [[ISO]] images, which have to be downloaded from a vendor's website. You can download the [[ISO]] image directly into [[PVE]] using a [[URL]]: <button class="navigate">Download from URL</button>, or you can download to your desktop and then upload to [[PVE]]: <button class="navigate">Upload</button>. ![[pve-setup-kvm-0.png]] # Follow or Support me -> <a href='https://ko-fi.com/S6S0K9U5Q' target='_blank'><img height='36' style='border:0px;height:36px;float:right; ' src='https://storage.ko-fi.com/cdn/kofi1.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>