Config Manager1 Install Instructions
RED interface - Network interface to the wider network/internet GREEN interface - Network interface to the internal, private network.
Install ubuntu 22.04LTS and perform base configuration. You should know what interface will be RED and GREEN, the IP address for the GREEN network (the appliance performs DHCP on the GREEN interface network), the GREEN network DHCP information(Start IP, End IP, CIDR netmask, lease length) Then as an administrator run:
wget -O - https://raw.githubusercontent.com/mieweb/GeniSys/main/create_config_manager.sh | bash
Starting from Ubuntu 22.04 LTS install necessary tools:
`sudo apt update && sudo apt upgrade`
`sudo apt-get install dnsmasq`
`sudo apt-get install iptables`
`sudo apt-get install iptables-persistent`
`sudo apt-get install vsftpd`
Modify/copy the dnsmasq.conf and vsftpd.conf to match the files provided here. We also need to copy over the dhclient_enx.service file that will run the dhcclient service for the "external" interface. Be sure to modify these configs with the correct interface names. In the sample configs provided here the interfaces are:
Internal:eno1
External:enx00e04c3613f7
Modify /etc/sysctl.conf by adding/uncommenting net.ipv4.ip_forward=1. This tells Ubuntu to forward packets not meant for us instead of discarding them.
sudo sysctl -p to reload the config.
You will also need to modify the netplan configuration for the interface that will be "internal" the name of the interfaces will vary. This will be specific to your install and should be partially generated by the install process. The important thing is to turn off DHCP and set a static IP.
network:
ethernets:
eno1:
dhcp4: false
addresses: [192.168.2.1/24]
enx00e04c3613f7:
dhcp4: true
version: 2
Rules:
# Set Up SNAT (Source NAT)
sudo iptables -t nat -A POSTROUTING -o enx00e04c3613f7 -s 192.168.2.0/24 -j MASQUERADE
# Allow Forwarded Traffic and Add Routes
sudo iptables -P FORWARD ACCEPT
sudo iptables -A FORWARD -i eno1 -o enx00e04c3613f7 -j ACCEPT
sudo iptables -A FORWARD -i enx00e04c3613f7 -o eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT
This makes the rules persistent and reloads the saved rules.
sudo netfilter-persistent save
sudo netfilter-persistent reload
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo systemctl enable dhclient_enx.service
sudo systemctl start dhclient_enx.service
sudo systemctl start dnsmasq
sudo systemctl enable iptables
sudo systemctl start iptables
create directory to hold the necessary files for PXE booting (sudo mkdir /var/ftpd). Copy over the contents of the vsftpd folder to the file you created. Links needs to be created in /var/ftpd:
-
sudo ln -s /var/ftpd/debian-installer/amd64/pxelinux.0 /var/ftpd/pxelinux.0 -
sudo ln -s /var/ftpd/debian-installer/amd64/pxelinux.0 /var/ftpd/pxelinux.cfg -
sudo ln -s debian-installer/amd64/grubx64.efi . -
sudo ln -s debian-installer/amd64/grub .
The perms need to be set to correctly allow the PXE client to read/execute files: chmod 755 -R /var/ftpd.
rebooting the system should start all the correct services you can check necessary services are running with:
sudo systemctl status vsftpd
sudo systemctl status dnsmasq
sudo systemctl status iptables
sudo systemctl status dhclient_enx
To observe the PXE process:
-
set client up for Legacy PXE booting(iPXE/UEFI PXE is unreliable)
-
attach client to "internal" interface and boot
-
on appliance run
journalctl -xef | grep dnsmasqto observe the boot process.
Once the client begins the PXE process it will automatically configure itself to install Proxmox ontop of Debian, then join or create a Proxmox cluster on the network.
Footnotes
-
Gozer AKA Gozer The Gozerian AKA Gozer the Destructor AKA Gozer the Traveler AKA Volguus Zildrohar AKA Lord of the Sebouillia ↩