1 Host System Administration
2 ==========================
3 include::attributes.txt[]
5 {pve} is based on the famous https://www.debian.org/[Debian] Linux
6 distribution. That means that you have access to the whole world of
7 Debian packages, and the base system is well documented. The
8 https://debian-handbook.info/download/stable/debian-handbook.pdf[Debian
9 Administrator\'s Handbook] is available online, and provides a
10 comprehensive introduction to the Debian operating system (see
13 A standard {pve} installation uses the default repositories from
14 Debian, so you get bug fixes and security updates through that
15 channel. In addition, we provide our own package repository to roll
16 out all {pve} related packages. This includes updates to some
17 Debian packages when necessary.
19 We also deliver a specially optimized Linux kernel, where we enable all
20 required virtualization and container features. That kernel includes
21 drivers for http://zfsonlinux.org/[ZFS], and several hardware drivers.
22 For example, we ship Intel network card drivers to support their
25 The following sections will concentrate on virtualization related
26 topics. They either explains things which are different on {pve}, or
27 tasks which are commonly used on {pve}. For other topics, please refer
28 to the standard Debian documentation.
33 For production servers, high quality server equipment is needed. Keep
34 in mind, if you run 10 Virtual Servers on one machine and you then
35 experience a hardware failure, 10 services are lost. {pve}
36 supports clustering, this means that multiple {pve} installations
37 can be centrally managed thanks to the included cluster functionality.
39 {pve} can use local storage (DAS), SAN, NAS and also distributed
40 storage (Ceph RBD). For details see xref:chapter-storage[chapter storage].
42 Minimum requirements, for evaluation
43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
45 * CPU: 64bit (Intel EMT64 or AMD64)
53 Recommended system requirements
54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
56 * CPU: 64bit (Intel EMT64 or AMD64), Multi core CPU recommended
58 * RAM: 8 GB is good, more is better
60 * Hardware RAID with batteries protected write cache (BBU) or flash
63 * Fast hard drives, best results with 15k rpm SAS, Raid10
65 * At least two NIC´s, depending on the used storage technology you need more
68 include::getting-help.adoc[]
70 include::pve-package-repos.adoc[]
72 include::pve-installation.adoc[]
74 include::system-software-updates.adoc[]
80 {pve} uses a bridged networking model. Each host can have up to 4094
81 bridges. Bridges are like physical network switches implemented in
82 software. All VMs can share a single bridge, as if
83 virtual network cables from each guest were all plugged into the same
84 switch. But you can also create multiple bridges to separate network
87 For connecting VMs to the outside world, bridges are attached to
88 physical network cards. For further flexibility, you can configure
89 VLANs (IEEE 802.1q) and network bonding, also known as "link
90 aggregation". That way it is possible to build complex and flexible
93 Debian traditionally uses the 'ifup' and 'ifdown' commands to
94 configure the network. The file '/etc/network/interfaces' contains the
95 whole network setup. Please refer to to manual page ('man interfaces')
96 for a complete format description.
98 NOTE: {pve} does not write changes directly to
99 '/etc/network/interfaces'. Instead, we write into a temporary file
100 called '/etc/network/interfaces.new', and commit those changes when
103 It is worth mentioning that you can directly edit the configuration
104 file. All {pve} tools tries hard to keep such direct user
105 modifications. Using the GUI is still preferable, because it
106 protect you from errors.
111 We currently use the following naming conventions for device names:
113 * Ethernet devices: eth[N], where 0 ≤ N (`eth0`, `eth1`, ...)
115 * Bridge names: vmbr[N], where 0 ≤ N ≤ 4094 (`vmbr0` - `vmbr4094`)
117 * Bonds: bond[N], where 0 ≤ N (`bond0`, `bond1`, ...)
119 * VLANs: Simply add the VLAN number to the device name,
120 separated by a period (`eth0.50`, `bond1.30`)
122 This makes it easier to debug networks problems, because the device
123 names implies the device type.
125 Default Configuration using a Bridge
126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
128 The installation program creates a single bridge named `vmbr0`, which
129 is connected to the first ethernet card `eth0`. The corresponding
130 configuration in '/etc/network/interfaces' looks like this:
134 iface lo inet loopback
136 iface eth0 inet manual
139 iface vmbr0 inet static
141 netmask 255.255.255.0
148 Virtual machines behave as if they were directly connected to the
149 physical network. The network, in turn, sees each virtual machine as
150 having its own MAC, even though there is only one network cable
151 connecting all of these VMs to the network.
157 Most hosting providers do not support the above setup. For security
158 reasons, they disable networking as soon as they detect multiple MAC
159 addresses on a single interface.
161 TIP: Some providers allows you to register additional MACs on there
162 management interface. This avoids the problem, but is clumsy to
163 configure because you need to register a MAC for each of your VMs.
165 You can avoid the problem by "routing" all traffic via a single
166 interface. This makes sure that all network packets use the same MAC
169 A common scenario is that you have a public IP (assume 192.168.10.2
170 for this example), and an additional IP block for your VMs
171 (10.10.10.1/255.255.255.0). We recommend the following setup for such
176 iface lo inet loopback
179 iface eth0 inet static
181 netmask 255.255.255.0
183 post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
187 iface vmbr0 inet static
189 netmask 255.255.255.0
196 Masquerading (NAT) with iptables
197 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
199 In some cases you may want to use private IPs behind your Proxmox
200 host's true IP, and masquerade the traffic using NAT:
204 iface lo inet loopback
208 iface eth0 inet static
210 netmask 255.255.255.0
215 iface vmbr0 inet static
217 netmask 255.255.255.0
222 post-up echo 1 > /proc/sys/net/ipv4/ip_forward
223 post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
224 post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
228 TODO: explain IPv6 support?
239 Logical Volume Manager (LVM)
240 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
242 TODO: info about LVM.
248 TODO: info about ZFS.
251 Working with 'systemd'
252 ----------------------
257 TODO: explain persistent journal...