]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
4 | {pmg} is based on Debian and comes with an installation CD-ROM | |
7cf7c2d3 | 5 | which includes a complete Debian ("buster" for version 6.x) system as |
03c03402 DM |
6 | well as all necessary {pmg} packages. |
7 | ||
582a64ad | 8 | The installer asks you a few questions, then partitions the local |
03c03402 DM |
9 | disk(s), installs all required packages, and configures the system |
10 | including a basic network setup. You can get a fully functional system | |
11 | within a few minutes. This is the preferred and recommended | |
12 | installation method. | |
13 | ||
14 | Alternatively, {pmg} can be installed on top of an existing Debian | |
15 | system. This option is only recommended for advanced users since | |
16 | it requires more detailed knowledge about {pmg} and Debian. | |
17 | ||
39abbce4 | 18 | [[pmg_install_iso]] |
03c03402 DM |
19 | Using the {pmg} Installation CD-ROM |
20 | ----------------------------------- | |
21 | ||
e9fb7667 | 22 | You can download the ISO from https://www.proxmox.com. It includes the |
b2d388d4 | 23 | following: |
03c03402 DM |
24 | |
25 | * Complete operating system (Debian Linux, 64-bit) | |
26 | ||
b2d388d4 DM |
27 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
28 | ext3, xfs or ZFS and installs the operating system. | |
03c03402 DM |
29 | |
30 | * Linux kernel | |
31 | ||
32 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
33 | ||
582a64ad | 34 | * Web-based management interface for using the toolset |
03c03402 | 35 | |
b2d388d4 | 36 | Please burn the downloaded ISO image to a CD or create a |
4be88c15 | 37 | xref:installation_prepare_media[bootable USB flash drive]. |
b2d388d4 DM |
38 | |
39 | Then insert the installation CD-ROM on the physical host where you want | |
582a64ad | 40 | to install {pmg} and boot from that drive. Afterwards you |
b2d388d4 | 41 | can choose the following menu options: |
03c03402 DM |
42 | |
43 | image::images/installer/pmg-grub-menu.png[] | |
44 | ||
45 | Install {pmg}:: | |
46 | ||
47 | Start normal installation. | |
48 | ||
49 | Install {pmg} (Debug mode):: | |
50 | ||
51 | Start installation in debug mode. It opens a shell console at several | |
52 | installation steps, so that you can debug things if something goes | |
582a64ad | 53 | wrong. You can press `CTRL-D` to exit those debug consoles and continue |
03c03402 DM |
54 | installation. This option is mostly for developers and not meant for |
55 | general use. | |
56 | ||
57 | Rescue Boot:: | |
58 | ||
59 | This option allows you to boot an existing installation. It searches | |
60 | all attached hard disks and, if it finds an existing installation, | |
61 | boots directly into that disk using the existing Linux kernel. This | |
62 | can be useful if there are problems with the boot block (grub), or the | |
63 | BIOS is unable to read the boot block from the disk. | |
64 | ||
65 | Test Memory:: | |
66 | ||
67 | Runs `memtest86+`. This is useful to check if your memory is | |
68 | functional and error free. | |
69 | ||
dc69da07 | 70 | You normally select *Install {pmg}* to start the installation. |
03c03402 | 71 | |
dc69da07 | 72 | image::images/installer/pmg-select-target-disk.png[] |
03c03402 | 73 | |
dc69da07 DM |
74 | First step ist to read our EULA (End User License Agreement). After |
75 | that you get prompted to select the target hard disk(s). | |
03c03402 | 76 | |
582a64ad OB |
77 | CAUTION: By default, the whole server is used and all existing data is removed. |
78 | Make sure there is no important data on the server before proceeding with the | |
79 | installation. | |
03c03402 | 80 | |
03c03402 DM |
81 | The `Options` button lets you select the target file system, which |
82 | defaults to `ext4`. The installer uses LVM if you select `ext3`, | |
83 | `ext4` or `xfs` as file system, and offers additional option to | |
84 | restrict LVM space (see <<advanced_lvm_options,below>>) | |
85 | ||
86 | If you have more than one disk, you can also use ZFS as file system. | |
87 | ZFS supports several software RAID levels, so this is specially useful | |
88 | if you do not have a hardware RAID controller. The `Options` button | |
89 | lets you select the ZFS RAID level, and you can choose disks there. | |
90 | ||
dc69da07 DM |
91 | image::images/installer/pmg-select-location.png[] |
92 | ||
582a64ad OB |
93 | The next page asks for basic configuration options like your |
94 | location, the timezone and keyboard layout. The location is used to | |
95 | select a download server near you to speed up updates. The installer is | |
96 | usually able to auto-detect those settings, so you only need to change | |
97 | them in rare situations when auto-detection fails, or when you want to | |
98 | use a keyboard layout not commonly used in your country. | |
dc69da07 DM |
99 | |
100 | image::images/installer/pmg-set-password.png[] | |
101 | ||
102 | You then need to specify an email address and the superuser (root) | |
103 | password. The password must have at least 5 characters, but we highly | |
104 | recommend to use stronger passwords - here are some guidelines: | |
105 | ||
106 | - Use a minimum password length of 12 to 14 characters. | |
107 | ||
108 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
109 | ||
60522152 TL |
110 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
111 | number sequences, usernames, relative or pet names, romantic links (current | |
112 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
113 | dates). | |
dc69da07 | 114 | |
aecce55c TL |
115 | It is sometimes necessary to send notification to the system administrator, for |
116 | example: | |
dc69da07 DM |
117 | |
118 | - Information about available package updates. | |
119 | ||
120 | - Error messages from periodic CRON jobs. | |
121 | ||
aecce55c | 122 | All those notification mails will be sent to the specified email address. |
dc69da07 DM |
123 | |
124 | image::images/installer/pmg-setup-network.png[] | |
03c03402 | 125 | |
aecce55c TL |
126 | The next step is the network configuration. Please note that you can use either |
127 | IPv4 or IPv6 here, but not both. If you want to configure a dual stack node, | |
128 | you can easily do that after installation. | |
03c03402 | 129 | |
f6249b79 TL |
130 | image::images/installer/pmg-summary.png[] |
131 | ||
aecce55c TL |
132 | When you press `Next`, you will see an overview of your entered configuration. |
133 | Please re-check every setting, you can still use the `Previous` button to go | |
134 | back and edit any settings. | |
f6249b79 | 135 | |
aecce55c TL |
136 | After pressing `Install`, the installer starts to format disks, and copies |
137 | packages to the target disk(s). | |
dc69da07 DM |
138 | |
139 | image::images/installer/pmg-installation.png[] | |
140 | ||
582a64ad OB |
141 | Copying the packages usually takes a few minutes. Please wait until that is |
142 | finished, and reboot the server. | |
03c03402 | 143 | |
f03ead41 SI |
144 | Further configuration is done via the Proxmox web interface. |
145 | ||
146 | [thumbnail="pmg-gui-login-window.png"] | |
03c03402 | 147 | |
f03ead41 SI |
148 | Just point your browser to the IP address given during installation |
149 | (https://youripaddress:8006). | |
b5b01ac3 | 150 | |
b2d388d4 DM |
151 | . Login and upload subscription key. |
152 | + | |
aecce55c TL |
153 | NOTE: Default login is "root" and the password is chosen during the |
154 | installation. | |
03c03402 | 155 | |
b2d388d4 DM |
156 | . Check the IP configuration and hostname. |
157 | ||
582a64ad | 158 | . Check and save the timezone. |
b2d388d4 DM |
159 | |
160 | . Check your xref:firewall_settings[Firewall settings]. | |
161 | ||
162 | . Configure {pmg} to forward the incoming SMTP traffic to your Mail | |
163 | server ('Configuration/Mail Proxy/Default Relay') - 'Default | |
164 | Relay' is your e-mail server. | |
165 | ||
166 | . Configure your e-mail server to send all outgoing messages through | |
303ee757 | 167 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
168 | |
169 | For detailed deployment scenarios see chapter | |
170 | xref:chapter_deployment[Planning for Deployment]. | |
171 | ||
582a64ad OB |
172 | After the installation you have to route all your incoming and |
173 | outgoing e-mail traffic to the {pmg}. For incoming traffic you | |
b2d388d4 DM |
174 | have to configure your firewall and/or DNS settings. For outgoing |
175 | traffic you need to change the existing e-mail server configuration. | |
176 | ||
03c03402 DM |
177 | |
178 | [[advanced_lvm_options]] | |
179 | Advanced LVM Configuration Options | |
180 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
181 | ||
182 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
183 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
184 | those volumes can be controlled with: | |
185 | ||
186 | `hdsize`:: | |
187 | ||
582a64ad OB |
188 | Defines the total disk size to be used. This way you can save free |
189 | space on the disk for further partitioning (i.e. for an additional PV | |
190 | and VG on the same disk that can be used for LVM storage). | |
03c03402 DM |
191 | |
192 | `swapsize`:: | |
193 | ||
194 | Defines the size of the `swap` volume. The default is the size of the | |
195 | installed memory, minimum 4 GB and maximum 8 GB. The resulting value cannot | |
196 | be greater than `hdsize/8`. | |
197 | ||
03c03402 DM |
198 | `minfree`:: |
199 | ||
2729e8b8 | 200 | Defines the amount of free space left in LVM volume group `pmg`. |
03c03402 DM |
201 | With more than 128GB storage available the default is 16GB, else `hdsize/8` |
202 | will be used. | |
203 | + | |
204 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
205 | required for lvmthin snapshots). | |
206 | ||
207 | ||
208 | ZFS Performance Tips | |
209 | ~~~~~~~~~~~~~~~~~~~~ | |
210 | ||
211 | ZFS uses a lot of memory, so it is best to add additional RAM if you | |
212 | want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB | |
213 | RAW disk space. | |
214 | ||
215 | ZFS also provides the feature to use a fast SSD drive as write cache. The | |
216 | write cache is called the ZFS Intent Log (ZIL). You can add that after | |
582a64ad | 217 | the installation using the following command: |
03c03402 DM |
218 | |
219 | zpool add <pool-name> log </dev/path_to_fast_ssd> | |
220 | ||
4be88c15 | 221 | include::pmg-installation-media.adoc[] |
3372775f | 222 | |
39abbce4 | 223 | [[pmg_install_on_debian]] |
03c03402 DM |
224 | Install {pmg} on Debian |
225 | ----------------------- | |
226 | ||
227 | {pmg} ships as a set of Debian packages, so you can install it | |
228 | on top of a normal Debian installation. After configuring the | |
582a64ad | 229 | xref:pmg_package_repositories[Package repositories], you need to run: |
03c03402 DM |
230 | |
231 | [source,bash] | |
232 | ---- | |
3e2d2270 TL |
233 | apt update |
234 | apt install proxmox-mailgateway | |
03c03402 DM |
235 | ---- |
236 | ||
237 | Installing on top of an existing Debian installation looks easy, but | |
582a64ad | 238 | it assumes that you have correctly installed the base system, and you |
03c03402 DM |
239 | know how you want to configure and use the local storage. Network |
240 | configuration is also completely up to you. | |
241 | ||
242 | NOTE: In general, this is not trivial, especially when you use LVM or | |
243 | ZFS. | |
e3eaa56a DM |
244 | |
245 | ||
39abbce4 | 246 | [[pmg_install_on_debian_container]] |
c13d3d4f TL |
247 | Install {pmg} as Linux Container Appliance |
248 | ------------------------------------------ | |
249 | ||
250 | The full functionality of {pmg} can also run on top of a Debian-based LXC | |
251 | instance. In order to keep the set of installed software, and thus the | |
582a64ad | 252 | necessary updates minimal, you can use the `proxmox-mailgateway-container` |
c13d3d4f TL |
253 | meta-package. It does not depend on any Linux Kernel, firmware, or components |
254 | used for booting from bare-metal, like grub2. | |
17a13972 TL |
255 | |
256 | A ready-to-use appliance template is available through the | |
257 | https://www.proxmox.com/proxmox-ve[Proxmox VE] appliance manager in the `mail` | |
258 | section, so if you already use Proxmox VE you can setup a {pmg} instance in a | |
259 | minute. | |
260 | ||
261 | NOTE: It's recommended to use a static network configuration. If DHCP should be | |
582a64ad | 262 | used ensure that the container always leases the same IP, for example, by |
17a13972 | 263 | reserving one with the containers network MAC address. |
5991f9eb | 264 | |
3e2d2270 TL |
265 | Additionally you can also install this on top of a container based Debian |
266 | installation. After configuring the | |
267 | xref:pmg_package_repositories[Package repositories], you need to run: | |
268 | ||
269 | [source,bash] | |
270 | ---- | |
271 | apt update | |
272 | apt install proxmox-mailgateway-container | |
273 | ---- | |
5991f9eb | 274 | |
e3eaa56a DM |
275 | [[pmg_package_repositories]] |
276 | Package Repositories | |
277 | -------------------- | |
278 | ||
279 | All {debian} based systems use | |
e9fb7667 | 280 | https://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as package |
e3eaa56a DM |
281 | management tool. The list of repositories is defined in |
282 | `/etc/apt/sources.list` and `.list` files found inside | |
283 | `/etc/apt/sources.d/`. Updates can be installed directly using | |
3e2d2270 | 284 | `apt`, or via the GUI. |
e3eaa56a DM |
285 | |
286 | Apt `sources.list` files list one package repository per line, with | |
287 | the most preferred source listed first. Empty lines are ignored, and a | |
288 | `#` character anywhere on a line marks the remainder of that line as a | |
289 | comment. The information available from the configured sources is | |
3e2d2270 | 290 | acquired by `apt update`. |
e3eaa56a DM |
291 | |
292 | .File `/etc/apt/sources.list` | |
293 | ---- | |
7cf7c2d3 | 294 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a | 295 | |
7cf7c2d3 | 296 | deb http://ftp.debian.org/debian buster-updates main contrib |
aedc8192 | 297 | |
e3eaa56a | 298 | # security updates |
79569792 | 299 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a | 300 | ---- |
79569792 | 301 | // FIXME for 7.0: change security update suite to bullseye-security |
e3eaa56a DM |
302 | |
303 | In addition, {pmg} provides three different package repositories. | |
304 | ||
305 | ||
306 | {pmg} Enterprise Repository | |
307 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
308 | ||
309 | This is the default, stable and recommended repository, available for | |
310 | all {pmg} subscription users. It contains the most stable packages, | |
311 | and is suitable for production use. The `pmg-enterprise` repository is | |
312 | enabled by default: | |
313 | ||
314 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
315 | ---- | |
7cf7c2d3 | 316 | deb https://enterprise.proxmox.com/debian/pmg buster pmg-enterprise |
e3eaa56a DM |
317 | ---- |
318 | ||
319 | As soon as updates are available, the `root@pam` user is notified via | |
320 | email about the available new packages. On the GUI, the change-log of | |
321 | each package can be viewed (if available), showing all details of the | |
322 | update. So you will never miss important security fixes. | |
323 | ||
324 | Please note that and you need a valid subscription key to access this | |
325 | repository. We offer different support levels, and you can find further | |
d2ae160b | 326 | details at {pricing-url}. |
e3eaa56a DM |
327 | |
328 | NOTE: You can disable this repository by commenting out the above line | |
329 | using a `#` (at the start of the line). This prevents error messages | |
330 | if you do not have a subscription key. Please configure the | |
331 | `pmg-no-subscription` repository in that case. | |
332 | ||
333 | ||
334 | {pmg} No-Subscription Repository | |
335 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
336 | ||
337 | As the name suggests, you do not need a subscription key to access | |
338 | this repository. It can be used for testing and non-production | |
339 | use. Its not recommended to run on production servers, as these | |
340 | packages are not always heavily tested and validated. | |
341 | ||
342 | We recommend to configure this repository in `/etc/apt/sources.list`. | |
343 | ||
344 | .File `/etc/apt/sources.list` | |
345 | ---- | |
7cf7c2d3 | 346 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a DM |
347 | |
348 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
349 | # NOT recommended for production use | |
7cf7c2d3 | 350 | deb http://download.proxmox.com/debian/pmg buster pmg-no-subscription |
e3eaa56a DM |
351 | |
352 | # security updates | |
79569792 | 353 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a DM |
354 | ---- |
355 | ||
356 | ||
357 | {pmg} Test Repository | |
358 | ~~~~~~~~~~~~~~~~~~~~~ | |
359 | ||
360 | Finally, there is a repository called `pmgtest`. This one contains the | |
361 | latest packages and is heavily used by developers to test new | |
362 | features. As usual, you can configure this using | |
363 | `/etc/apt/sources.list` by adding the following line: | |
364 | ||
365 | .sources.list entry for `pmgtest` | |
366 | ---- | |
7cf7c2d3 | 367 | deb http://download.proxmox.com/debian/pmg buster pmgtest |
e3eaa56a DM |
368 | ---- |
369 | ||
582a64ad | 370 | WARNING: the `pmgtest` repository should only be used |
e3eaa56a DM |
371 | for testing new features or bug fixes. |
372 | ||
373 | ||
374 | SecureApt | |
375 | ~~~~~~~~~ | |
376 | ||
377 | We use GnuPG to sign the `Release` files inside those repositories, | |
378 | and APT uses that signatures to verify that all packages are from a | |
379 | trusted source. | |
380 | ||
381 | The key used for verification is already installed if you install from | |
382 | our installation CD. If you install by other means, you can manually | |
383 | download the key with: | |
384 | ||
7cf7c2d3 | 385 | # wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
e3eaa56a DM |
386 | |
387 | Please verify the checksum afterwards: | |
388 | ||
389 | ---- | |
7cf7c2d3 SI |
390 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
391 | acca6f416917e8e11490a08a1e2842d500b3a5d9f322c6319db0927b2901c3eae23cfb5cd5df6facf2b57399d3cfa52ad7769ebdd75d9b204549ca147da52626 /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
392 | ---- |
393 | ||
394 | or | |
395 | ||
396 | ---- | |
7cf7c2d3 SI |
397 | # md5sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
398 | f3f6c5a3a67baf38ad178e5ff1ee270c /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
399 | ---- |
400 | ||
401 |