]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
4 | {pmg} is based on Debian and comes with an installation CD-ROM | |
5 | which includes a complete Debian ("stretch" for version 5.x) system as | |
6 | well as all necessary {pmg} packages. | |
7 | ||
8 | The installer just asks you a few questions, then partitions the local | |
9 | disk(s), installs all required packages, and configures the system | |
10 | including a basic network setup. You can get a fully functional system | |
11 | within a few minutes. This is the preferred and recommended | |
12 | installation method. | |
13 | ||
14 | Alternatively, {pmg} can be installed on top of an existing Debian | |
15 | system. This option is only recommended for advanced users since | |
16 | it requires more detailed knowledge about {pmg} and Debian. | |
17 | ||
18 | Using the {pmg} Installation CD-ROM | |
19 | ----------------------------------- | |
20 | ||
b2d388d4 DM |
21 | You can download the ISO from http://www.proxmox.com. It includes the |
22 | following: | |
03c03402 DM |
23 | |
24 | * Complete operating system (Debian Linux, 64-bit) | |
25 | ||
b2d388d4 DM |
26 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
27 | ext3, xfs or ZFS and installs the operating system. | |
03c03402 DM |
28 | |
29 | * Linux kernel | |
30 | ||
31 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
32 | ||
33 | * Web based management interface for using the toolset | |
34 | ||
b2d388d4 DM |
35 | Please burn the downloaded ISO image to a CD or create a |
36 | xref:create_bootable_usb[bootable USB stick]. | |
37 | ||
38 | Then insert the installation CD-ROM on the physical host where you want | |
39 | to install {pmg} and boot from that drive. Immediately afterwards you | |
40 | can choose the following menu options: | |
03c03402 DM |
41 | |
42 | image::images/installer/pmg-grub-menu.png[] | |
43 | ||
44 | Install {pmg}:: | |
45 | ||
46 | Start normal installation. | |
47 | ||
48 | Install {pmg} (Debug mode):: | |
49 | ||
50 | Start installation in debug mode. It opens a shell console at several | |
51 | installation steps, so that you can debug things if something goes | |
52 | wrong. Please press `CTRL-D` to exit those debug consoles and continue | |
53 | installation. This option is mostly for developers and not meant for | |
54 | general use. | |
55 | ||
56 | Rescue Boot:: | |
57 | ||
58 | This option allows you to boot an existing installation. It searches | |
59 | all attached hard disks and, if it finds an existing installation, | |
60 | boots directly into that disk using the existing Linux kernel. This | |
61 | can be useful if there are problems with the boot block (grub), or the | |
62 | BIOS is unable to read the boot block from the disk. | |
63 | ||
64 | Test Memory:: | |
65 | ||
66 | Runs `memtest86+`. This is useful to check if your memory is | |
67 | functional and error free. | |
68 | ||
dc69da07 | 69 | You normally select *Install {pmg}* to start the installation. |
03c03402 | 70 | |
dc69da07 | 71 | image::images/installer/pmg-select-target-disk.png[] |
03c03402 | 72 | |
dc69da07 DM |
73 | First step ist to read our EULA (End User License Agreement). After |
74 | that you get prompted to select the target hard disk(s). | |
03c03402 DM |
75 | |
76 | NOTE: By default, the complete server is used and all existing data is | |
77 | removed. | |
78 | ||
03c03402 DM |
79 | The `Options` button lets you select the target file system, which |
80 | defaults to `ext4`. The installer uses LVM if you select `ext3`, | |
81 | `ext4` or `xfs` as file system, and offers additional option to | |
82 | restrict LVM space (see <<advanced_lvm_options,below>>) | |
83 | ||
84 | If you have more than one disk, you can also use ZFS as file system. | |
85 | ZFS supports several software RAID levels, so this is specially useful | |
86 | if you do not have a hardware RAID controller. The `Options` button | |
87 | lets you select the ZFS RAID level, and you can choose disks there. | |
88 | ||
dc69da07 DM |
89 | image::images/installer/pmg-select-location.png[] |
90 | ||
91 | The next page just ask for basic configuration options like your | |
92 | location, the time zone and keyboard layout. The location is used to | |
93 | select a download server near you to speedup updates. The installer is | |
94 | usually able to auto detect those setting, so you only need to change | |
95 | them in rare situations when auto detection fails, or when you want to | |
96 | use some special keyboard layout not commonly used in your country. | |
97 | ||
98 | image::images/installer/pmg-set-password.png[] | |
99 | ||
100 | You then need to specify an email address and the superuser (root) | |
101 | password. The password must have at least 5 characters, but we highly | |
102 | recommend to use stronger passwords - here are some guidelines: | |
103 | ||
104 | - Use a minimum password length of 12 to 14 characters. | |
105 | ||
106 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
107 | ||
60522152 TL |
108 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
109 | number sequences, usernames, relative or pet names, romantic links (current | |
110 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
111 | dates). | |
dc69da07 DM |
112 | |
113 | It is sometimes necessary to send notification to the system | |
114 | administrator, for example: | |
115 | ||
116 | - Information about available package updates. | |
117 | ||
118 | - Error messages from periodic CRON jobs. | |
119 | ||
120 | All those notification mails will be sent to the specified email | |
121 | address. | |
122 | ||
123 | image::images/installer/pmg-setup-network.png[] | |
03c03402 DM |
124 | |
125 | The last step is the network configuration. Please note that you can | |
126 | use either IPv4 or IPv6 here, but not both. If you want to configure a | |
127 | dual stack node, you can easily do that after installation. | |
128 | ||
129 | If you press `Next` now, installation starts to format disks, and | |
dc69da07 DM |
130 | copies packages to the target. |
131 | ||
132 | image::images/installer/pmg-installation.png[] | |
133 | ||
134 | Copying packages usually takes a few minutes. Please wait until that | |
135 | is finished, then reboot the server. | |
03c03402 DM |
136 | |
137 | Further configuration is done via the Proxmox web interface. Just | |
138 | point your browser to the IP address given during installation | |
139 | (https://youripaddress:8006). | |
140 | ||
b5b01ac3 DM |
141 | image::images/screenshot/pmg-gui-login-window.png[] |
142 | ||
b2d388d4 DM |
143 | . Login and upload subscription key. |
144 | + | |
03c03402 DM |
145 | NOTE: Default login is "root" and the root password is |
146 | defined during the installation process. | |
147 | ||
b2d388d4 DM |
148 | . Check the IP configuration and hostname. |
149 | ||
150 | . Check and save the Time Zone. | |
151 | ||
152 | . Check your xref:firewall_settings[Firewall settings]. | |
153 | ||
154 | . Configure {pmg} to forward the incoming SMTP traffic to your Mail | |
155 | server ('Configuration/Mail Proxy/Default Relay') - 'Default | |
156 | Relay' is your e-mail server. | |
157 | ||
158 | . Configure your e-mail server to send all outgoing messages through | |
303ee757 | 159 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
160 | |
161 | For detailed deployment scenarios see chapter | |
162 | xref:chapter_deployment[Planning for Deployment]. | |
163 | ||
164 | If the installation succeeds you have to route all your incoming and | |
165 | outgoing e-mail traffic to the Mail Gateway. For incoming traffic you | |
166 | have to configure your firewall and/or DNS settings. For outgoing | |
167 | traffic you need to change the existing e-mail server configuration. | |
168 | ||
03c03402 DM |
169 | |
170 | [[advanced_lvm_options]] | |
171 | Advanced LVM Configuration Options | |
172 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
173 | ||
174 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
175 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
176 | those volumes can be controlled with: | |
177 | ||
178 | `hdsize`:: | |
179 | ||
180 | Defines the total HD size to be used. This way you can save free | |
181 | space on the HD for further partitioning (i.e. for an additional PV | |
182 | and VG on the same hard disk that can be used for LVM storage). | |
183 | ||
184 | `swapsize`:: | |
185 | ||
186 | Defines the size of the `swap` volume. The default is the size of the | |
187 | installed memory, minimum 4 GB and maximum 8 GB. The resulting value cannot | |
188 | be greater than `hdsize/8`. | |
189 | ||
03c03402 DM |
190 | `minfree`:: |
191 | ||
2729e8b8 | 192 | Defines the amount of free space left in LVM volume group `pmg`. |
03c03402 DM |
193 | With more than 128GB storage available the default is 16GB, else `hdsize/8` |
194 | will be used. | |
195 | + | |
196 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
197 | required for lvmthin snapshots). | |
198 | ||
199 | ||
200 | ZFS Performance Tips | |
201 | ~~~~~~~~~~~~~~~~~~~~ | |
202 | ||
203 | ZFS uses a lot of memory, so it is best to add additional RAM if you | |
204 | want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB | |
205 | RAW disk space. | |
206 | ||
207 | ZFS also provides the feature to use a fast SSD drive as write cache. The | |
208 | write cache is called the ZFS Intent Log (ZIL). You can add that after | |
209 | installation using the following command: | |
210 | ||
211 | zpool add <pool-name> log </dev/path_to_fast_ssd> | |
212 | ||
213 | ||
3372775f DM |
214 | include::pmg-usbstick.adoc[] |
215 | ||
216 | ||
03c03402 DM |
217 | Install {pmg} on Debian |
218 | ----------------------- | |
219 | ||
220 | {pmg} ships as a set of Debian packages, so you can install it | |
221 | on top of a normal Debian installation. After configuring the | |
222 | repositories, you need to run: | |
223 | ||
224 | [source,bash] | |
225 | ---- | |
226 | apt-get update | |
227 | apt-get install proxmox-mailgateway | |
228 | ---- | |
229 | ||
230 | Installing on top of an existing Debian installation looks easy, but | |
231 | it presumes that you have correctly installed the base system, and you | |
232 | know how you want to configure and use the local storage. Network | |
233 | configuration is also completely up to you. | |
234 | ||
235 | NOTE: In general, this is not trivial, especially when you use LVM or | |
236 | ZFS. | |
e3eaa56a DM |
237 | |
238 | ||
c13d3d4f TL |
239 | Install {pmg} as Linux Container Appliance |
240 | ------------------------------------------ | |
241 | ||
242 | The full functionality of {pmg} can also run on top of a Debian-based LXC | |
243 | instance. In order to keep the set of installed software, and thus the | |
244 | necessary updates, minimal you can use the `proxmox-mailgateway-container` | |
245 | meta-package. It does not depend on any Linux Kernel, firmware, or components | |
246 | used for booting from bare-metal, like grub2. | |
17a13972 TL |
247 | |
248 | A ready-to-use appliance template is available through the | |
249 | https://www.proxmox.com/proxmox-ve[Proxmox VE] appliance manager in the `mail` | |
250 | section, so if you already use Proxmox VE you can setup a {pmg} instance in a | |
251 | minute. | |
252 | ||
253 | NOTE: It's recommended to use a static network configuration. If DHCP should be | |
254 | used ensure that the container can always lease the same IP, for example, by | |
255 | reserving one with the containers network MAC address. | |
5991f9eb | 256 | |
c13d3d4f TL |
257 | Additionally you can also install this on top of a normal Debian installation. |
258 | After configuring the repositories, you need to run: | |
5991f9eb SI |
259 | |
260 | [source,bash] | |
261 | ---- | |
262 | apt-get update | |
263 | apt-get install proxmox-mailgateway-container | |
264 | ---- | |
265 | ||
5991f9eb | 266 | |
e3eaa56a DM |
267 | [[pmg_package_repositories]] |
268 | Package Repositories | |
269 | -------------------- | |
270 | ||
271 | All {debian} based systems use | |
272 | http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as package | |
273 | management tool. The list of repositories is defined in | |
274 | `/etc/apt/sources.list` and `.list` files found inside | |
275 | `/etc/apt/sources.d/`. Updates can be installed directly using | |
276 | `apt-get`, or via the GUI. | |
277 | ||
278 | Apt `sources.list` files list one package repository per line, with | |
279 | the most preferred source listed first. Empty lines are ignored, and a | |
280 | `#` character anywhere on a line marks the remainder of that line as a | |
281 | comment. The information available from the configured sources is | |
282 | acquired by `apt-get update`. | |
283 | ||
284 | .File `/etc/apt/sources.list` | |
285 | ---- | |
286 | deb http://ftp.debian.org/debian stretch main contrib | |
287 | ||
aedc8192 SI |
288 | deb http://ftp.debian.org/debian stretch-updates main contrib |
289 | ||
e3eaa56a DM |
290 | # security updates |
291 | deb http://security.debian.org stretch/updates main contrib | |
292 | ---- | |
293 | ||
294 | In addition, {pmg} provides three different package repositories. | |
295 | ||
296 | ||
297 | {pmg} Enterprise Repository | |
298 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
299 | ||
300 | This is the default, stable and recommended repository, available for | |
301 | all {pmg} subscription users. It contains the most stable packages, | |
302 | and is suitable for production use. The `pmg-enterprise` repository is | |
303 | enabled by default: | |
304 | ||
305 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
306 | ---- | |
307 | deb https://enterprise.proxmox.com/debian/pmg stretch pmg-enterprise | |
308 | ---- | |
309 | ||
310 | As soon as updates are available, the `root@pam` user is notified via | |
311 | email about the available new packages. On the GUI, the change-log of | |
312 | each package can be viewed (if available), showing all details of the | |
313 | update. So you will never miss important security fixes. | |
314 | ||
315 | Please note that and you need a valid subscription key to access this | |
316 | repository. We offer different support levels, and you can find further | |
d2ae160b | 317 | details at {pricing-url}. |
e3eaa56a DM |
318 | |
319 | NOTE: You can disable this repository by commenting out the above line | |
320 | using a `#` (at the start of the line). This prevents error messages | |
321 | if you do not have a subscription key. Please configure the | |
322 | `pmg-no-subscription` repository in that case. | |
323 | ||
324 | ||
325 | {pmg} No-Subscription Repository | |
326 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
327 | ||
328 | As the name suggests, you do not need a subscription key to access | |
329 | this repository. It can be used for testing and non-production | |
330 | use. Its not recommended to run on production servers, as these | |
331 | packages are not always heavily tested and validated. | |
332 | ||
333 | We recommend to configure this repository in `/etc/apt/sources.list`. | |
334 | ||
335 | .File `/etc/apt/sources.list` | |
336 | ---- | |
337 | deb http://ftp.debian.org/debian stretch main contrib | |
338 | ||
339 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
340 | # NOT recommended for production use | |
341 | deb http://download.proxmox.com/debian/pmg stretch pmg-no-subscription | |
342 | ||
343 | # security updates | |
344 | deb http://security.debian.org stretch/updates main contrib | |
345 | ---- | |
346 | ||
347 | ||
348 | {pmg} Test Repository | |
349 | ~~~~~~~~~~~~~~~~~~~~~ | |
350 | ||
351 | Finally, there is a repository called `pmgtest`. This one contains the | |
352 | latest packages and is heavily used by developers to test new | |
353 | features. As usual, you can configure this using | |
354 | `/etc/apt/sources.list` by adding the following line: | |
355 | ||
356 | .sources.list entry for `pmgtest` | |
357 | ---- | |
358 | deb http://download.proxmox.com/debian/pmg stretch pmgtest | |
359 | ---- | |
360 | ||
361 | WARNING: the `pmgtest` repository should (as the name implies) only be used | |
362 | for testing new features or bug fixes. | |
363 | ||
364 | ||
365 | SecureApt | |
366 | ~~~~~~~~~ | |
367 | ||
368 | We use GnuPG to sign the `Release` files inside those repositories, | |
369 | and APT uses that signatures to verify that all packages are from a | |
370 | trusted source. | |
371 | ||
372 | The key used for verification is already installed if you install from | |
373 | our installation CD. If you install by other means, you can manually | |
374 | download the key with: | |
375 | ||
376 | # wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg | |
377 | ||
378 | Please verify the checksum afterwards: | |
379 | ||
380 | ---- | |
381 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg | |
382 | ffb95f0f4be68d2e753c8875ea2f8465864a58431d5361e88789568673551501ae574283a4e0492f17d79dc67edfb173a56a6304dea39e01f249ebdabc9f074a /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg | |
383 | ---- | |
384 | ||
385 | or | |
386 | ||
387 | ---- | |
388 | # md5sum /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg | |
389 | 511d36d0f1350c01c42a3dc9f3c27939 /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg | |
390 | ---- | |
391 | ||
392 |