RMU Build: Proxmox Setup

This page covers section II of the Gen-1 to Gen-1.5 RMU build runbook. Complete the prerequisites before starting.

Once Proxmox is installed and reachable (step A. Install Proxmox), the rest of the steps below can be completed remotely.

A. Install Proxmox

A short instructional video↗ based on these steps is also available.

1. Insert the Proxmox USB drive you prepared earlier into the RMU.

2. Ensure the RMU is powered off.

3. Plug the USB into the RMU.

4. Start the server and press F11 repeatedly to reach the boot menu.

5. Select the flash drive and press Enter (the screen may differ between systems).

6. Select Install Proxmox VE (Terminal UI) and press Enter.

7. Select I agree to the EULA and press Enter.

8. Select Advanced options and press Enter.

9. Change the filesystem from ext4. For SuperMicros with two internal drives, select ZFS (RAID 1). For SuperMicros with one drive, select ZFS (RAID 0).

10. Select OK and press Enter.

11. Select Next and press Enter.

12. Select your country, timezone (UTC recommended), and keyboard layout. Select Next.

13. Enter a strong password↗ and store it in your password manager.

14. Enter an email address to receive alerts. Select Next.

15. These instructions assume you followed the RMU cabling reference. Set the Management Interface to eno1 and press Enter.

16. For Hostname (FQDN), enter <dc>-rmu.<domain> (if supporting multiple sites). This is the fully qualified domain name added in DNS during the prerequisites.

17. For IP address (CIDR), enter the External IP and Netmask determined in the prerequisites.

18. For Gateway address, enter the public Gateway from the prerequisites.

    [!NOTE] If you are unsure of the IP address, netmask, or gateway, contact your ISP.

19. For DNS Server address, enter 1.1.1.1.

20. Select Next and press Enter.

21. Verify all values are correct.

22. Select Install and press Enter. Make sure the option to reboot after installation is checked.

    [!TIP] If you set the boot order to boot off the USB, remove the USB stick before the reboot.

23. After reboot you will see the login screen. Log in as root with the password you set, and take note of the IP address and port shown on the screen.

B. Update Proxmox

1. Browse to the public IP address of Proxmox (the one set during installation). Once Proxmox is installed and reachable, the rest of the build can be done remotely.

2. Sign in with username root and the password you set during the Proxmox install.

3. If you do not have a Proxmox subscription, disable the enterprise repositories and add the No-Subscription repository.

4. Select your RMU device on the left panel.

5. Expand Updates and select Repositories.

6. Select the enterprise.proxmox.com/debian/pve repo and click Disable.

7. Disable the enterprise.proxmox.com/debian/ceph-quincy repo.

8. Click Add, choose the No-Subscription option from the Repository drop-down, and confirm.

9. On the Updates tab, click Refresh and dismiss the "no license" dialog if it appears. Close the dialog window when the refresh completes.

10. Click Upgrade and enter Y in the resulting terminal window to apply system updates.

11. When the update completes, reboot the node:

    shutdown -r now
    

12. Wait a few minutes for the machine to come back online before proceeding.

C. Download CT templates

1. In the Proxmox WebUI, expand the RMU in the left panel, select local (rmu), then CT Templates.
2. Click Templates. In the dialog, select ubuntu-22.04-standard and click Download.
3. Close the window when the download completes.

D. Download ISO images

1. In the Proxmox WebUI, expand the RMU in the left panel, select local (rmu), then ISO Images.

2. Click Download from URL and enter:

   https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
   

   Click Query URL. The filename should auto-populate. Click Download. Close the dialog when complete.

   [!NOTE] If you encounter a "connection error timeout", paste the URL into your browser to download the image manually, then upload it via the Proxmox UI. This takes longer but works around network issues.

E. Add LAN network device

1. Select RMU > Network.

2. Select Create > Linux Bridge.

3. Configure the first bridge:

   • Name: vmbr1
   • IP: 10.10.100.1/24 (CIDR is required)
   • Bridge port: eno2
   • Comment: LAN

4. Create another bridge:

   • Name: vmbr2
   • IP: empty
   • Bridge port: eno5
   • Comment: WAN

5. Click Apply Configuration.

6. Select your RMU device on the left side. (The remaining steps are not needed when creating the vmbr2 bridge.)

7. Click Shell.

8. Open /etc/network/interfaces with your editor of choice (vi, nano, emacs, etc.).

9. Add the following lines at the end of the vmbr1 section, before the LAN comment. Make sure the indentation is correct:

   post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
   post-up   iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.100.22:443
   post-up   iptables -t nat -A POSTROUTING -s '10.10.100.0/24' -o vmbr0 -j MASQUERADE
   post-down iptables -t nat -A POSTROUTING -s '10.10.100.0/24' -o vmbr0 -j MASQUERADE
   

10. Save and quit the file.

11. In the shell, verify and apply:

    cat /proc/sys/net/ipv4/ip_forward
    # Result should be: 0
    
    ifup vmbr1
    cat /proc/sys/net/ipv4/ip_forward
    # Result should be: 1
    

Continue

Proceed to Create Teleport CT.

Related

• RMU build — Gen-1.5 — the parent runbook index.
• RMU Build: Prerequisites — what to gather before starting.
• RMU Build: Teleport Setup — the next section.