]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
4 | {pmg} is based on Debian and comes with an installation CD-ROM | |
7cf7c2d3 | 5 | which includes a complete Debian ("buster" for version 6.x) system as |
03c03402 DM |
6 | well as all necessary {pmg} packages. |
7 | ||
582a64ad | 8 | The installer asks you a few questions, then partitions the local |
03c03402 DM |
9 | disk(s), installs all required packages, and configures the system |
10 | including a basic network setup. You can get a fully functional system | |
11 | within a few minutes. This is the preferred and recommended | |
12 | installation method. | |
13 | ||
14 | Alternatively, {pmg} can be installed on top of an existing Debian | |
15 | system. This option is only recommended for advanced users since | |
16 | it requires more detailed knowledge about {pmg} and Debian. | |
17 | ||
39abbce4 | 18 | [[pmg_install_iso]] |
03c03402 DM |
19 | Using the {pmg} Installation CD-ROM |
20 | ----------------------------------- | |
21 | ||
e9fb7667 | 22 | You can download the ISO from https://www.proxmox.com. It includes the |
b2d388d4 | 23 | following: |
03c03402 DM |
24 | |
25 | * Complete operating system (Debian Linux, 64-bit) | |
26 | ||
b2d388d4 DM |
27 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
28 | ext3, xfs or ZFS and installs the operating system. | |
03c03402 DM |
29 | |
30 | * Linux kernel | |
31 | ||
32 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
33 | ||
582a64ad | 34 | * Web-based management interface for using the toolset |
03c03402 | 35 | |
b2d388d4 DM |
36 | Please burn the downloaded ISO image to a CD or create a |
37 | xref:create_bootable_usb[bootable USB stick]. | |
38 | ||
39 | Then insert the installation CD-ROM on the physical host where you want | |
582a64ad | 40 | to install {pmg} and boot from that drive. Afterwards you |
b2d388d4 | 41 | can choose the following menu options: |
03c03402 DM |
42 | |
43 | image::images/installer/pmg-grub-menu.png[] | |
44 | ||
45 | Install {pmg}:: | |
46 | ||
47 | Start normal installation. | |
48 | ||
49 | Install {pmg} (Debug mode):: | |
50 | ||
51 | Start installation in debug mode. It opens a shell console at several | |
52 | installation steps, so that you can debug things if something goes | |
582a64ad | 53 | wrong. You can press `CTRL-D` to exit those debug consoles and continue |
03c03402 DM |
54 | installation. This option is mostly for developers and not meant for |
55 | general use. | |
56 | ||
57 | Rescue Boot:: | |
58 | ||
59 | This option allows you to boot an existing installation. It searches | |
60 | all attached hard disks and, if it finds an existing installation, | |
61 | boots directly into that disk using the existing Linux kernel. This | |
62 | can be useful if there are problems with the boot block (grub), or the | |
63 | BIOS is unable to read the boot block from the disk. | |
64 | ||
65 | Test Memory:: | |
66 | ||
67 | Runs `memtest86+`. This is useful to check if your memory is | |
68 | functional and error free. | |
69 | ||
dc69da07 | 70 | You normally select *Install {pmg}* to start the installation. |
03c03402 | 71 | |
dc69da07 | 72 | image::images/installer/pmg-select-target-disk.png[] |
03c03402 | 73 | |
dc69da07 DM |
74 | First step ist to read our EULA (End User License Agreement). After |
75 | that you get prompted to select the target hard disk(s). | |
03c03402 | 76 | |
582a64ad OB |
77 | CAUTION: By default, the whole server is used and all existing data is removed. |
78 | Make sure there is no important data on the server before proceeding with the | |
79 | installation. | |
03c03402 | 80 | |
03c03402 DM |
81 | The `Options` button lets you select the target file system, which |
82 | defaults to `ext4`. The installer uses LVM if you select `ext3`, | |
83 | `ext4` or `xfs` as file system, and offers additional option to | |
84 | restrict LVM space (see <<advanced_lvm_options,below>>) | |
85 | ||
86 | If you have more than one disk, you can also use ZFS as file system. | |
87 | ZFS supports several software RAID levels, so this is specially useful | |
88 | if you do not have a hardware RAID controller. The `Options` button | |
89 | lets you select the ZFS RAID level, and you can choose disks there. | |
90 | ||
dc69da07 DM |
91 | image::images/installer/pmg-select-location.png[] |
92 | ||
582a64ad OB |
93 | The next page asks for basic configuration options like your |
94 | location, the timezone and keyboard layout. The location is used to | |
95 | select a download server near you to speed up updates. The installer is | |
96 | usually able to auto-detect those settings, so you only need to change | |
97 | them in rare situations when auto-detection fails, or when you want to | |
98 | use a keyboard layout not commonly used in your country. | |
dc69da07 DM |
99 | |
100 | image::images/installer/pmg-set-password.png[] | |
101 | ||
102 | You then need to specify an email address and the superuser (root) | |
103 | password. The password must have at least 5 characters, but we highly | |
104 | recommend to use stronger passwords - here are some guidelines: | |
105 | ||
106 | - Use a minimum password length of 12 to 14 characters. | |
107 | ||
108 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
109 | ||
60522152 TL |
110 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
111 | number sequences, usernames, relative or pet names, romantic links (current | |
112 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
113 | dates). | |
dc69da07 DM |
114 | |
115 | It is sometimes necessary to send notification to the system | |
116 | administrator, for example: | |
117 | ||
118 | - Information about available package updates. | |
119 | ||
120 | - Error messages from periodic CRON jobs. | |
121 | ||
122 | All those notification mails will be sent to the specified email | |
123 | address. | |
124 | ||
125 | image::images/installer/pmg-setup-network.png[] | |
03c03402 | 126 | |
f6249b79 | 127 | The next step is the network configuration. Please note that you can |
03c03402 DM |
128 | use either IPv4 or IPv6 here, but not both. If you want to configure a |
129 | dual stack node, you can easily do that after installation. | |
130 | ||
f6249b79 TL |
131 | image::images/installer/pmg-summary.png[] |
132 | ||
582a64ad | 133 | When you press `Next`, you will see an overview of your entered |
f6249b79 TL |
134 | configuration. Please re-check every setting, you can still use the `Previous` |
135 | button to go back and edit any settings. | |
136 | ||
582a64ad | 137 | After pressing `Install`, the installer starts to format disks, |
f6249b79 | 138 | and copies packages to the target disk(s). |
dc69da07 DM |
139 | |
140 | image::images/installer/pmg-installation.png[] | |
141 | ||
582a64ad OB |
142 | Copying the packages usually takes a few minutes. Please wait until that is |
143 | finished, and reboot the server. | |
03c03402 | 144 | |
f03ead41 SI |
145 | Further configuration is done via the Proxmox web interface. |
146 | ||
147 | [thumbnail="pmg-gui-login-window.png"] | |
03c03402 | 148 | |
f03ead41 SI |
149 | Just point your browser to the IP address given during installation |
150 | (https://youripaddress:8006). | |
b5b01ac3 | 151 | |
b2d388d4 DM |
152 | . Login and upload subscription key. |
153 | + | |
582a64ad OB |
154 | NOTE: Default login is "root" and the password is |
155 | chosen during the installation. | |
03c03402 | 156 | |
b2d388d4 DM |
157 | . Check the IP configuration and hostname. |
158 | ||
582a64ad | 159 | . Check and save the timezone. |
b2d388d4 DM |
160 | |
161 | . Check your xref:firewall_settings[Firewall settings]. | |
162 | ||
163 | . Configure {pmg} to forward the incoming SMTP traffic to your Mail | |
164 | server ('Configuration/Mail Proxy/Default Relay') - 'Default | |
165 | Relay' is your e-mail server. | |
166 | ||
167 | . Configure your e-mail server to send all outgoing messages through | |
303ee757 | 168 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
169 | |
170 | For detailed deployment scenarios see chapter | |
171 | xref:chapter_deployment[Planning for Deployment]. | |
172 | ||
582a64ad OB |
173 | After the installation you have to route all your incoming and |
174 | outgoing e-mail traffic to the {pmg}. For incoming traffic you | |
b2d388d4 DM |
175 | have to configure your firewall and/or DNS settings. For outgoing |
176 | traffic you need to change the existing e-mail server configuration. | |
177 | ||
03c03402 DM |
178 | |
179 | [[advanced_lvm_options]] | |
180 | Advanced LVM Configuration Options | |
181 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
182 | ||
183 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
184 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
185 | those volumes can be controlled with: | |
186 | ||
187 | `hdsize`:: | |
188 | ||
582a64ad OB |
189 | Defines the total disk size to be used. This way you can save free |
190 | space on the disk for further partitioning (i.e. for an additional PV | |
191 | and VG on the same disk that can be used for LVM storage). | |
03c03402 DM |
192 | |
193 | `swapsize`:: | |
194 | ||
195 | Defines the size of the `swap` volume. The default is the size of the | |
196 | installed memory, minimum 4 GB and maximum 8 GB. The resulting value cannot | |
197 | be greater than `hdsize/8`. | |
198 | ||
03c03402 DM |
199 | `minfree`:: |
200 | ||
2729e8b8 | 201 | Defines the amount of free space left in LVM volume group `pmg`. |
03c03402 DM |
202 | With more than 128GB storage available the default is 16GB, else `hdsize/8` |
203 | will be used. | |
204 | + | |
205 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
206 | required for lvmthin snapshots). | |
207 | ||
208 | ||
209 | ZFS Performance Tips | |
210 | ~~~~~~~~~~~~~~~~~~~~ | |
211 | ||
212 | ZFS uses a lot of memory, so it is best to add additional RAM if you | |
213 | want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB | |
214 | RAW disk space. | |
215 | ||
216 | ZFS also provides the feature to use a fast SSD drive as write cache. The | |
217 | write cache is called the ZFS Intent Log (ZIL). You can add that after | |
582a64ad | 218 | the installation using the following command: |
03c03402 DM |
219 | |
220 | zpool add <pool-name> log </dev/path_to_fast_ssd> | |
221 | ||
222 | ||
3372775f DM |
223 | include::pmg-usbstick.adoc[] |
224 | ||
225 | ||
39abbce4 | 226 | [[pmg_install_on_debian]] |
03c03402 DM |
227 | Install {pmg} on Debian |
228 | ----------------------- | |
229 | ||
230 | {pmg} ships as a set of Debian packages, so you can install it | |
231 | on top of a normal Debian installation. After configuring the | |
582a64ad | 232 | xref:pmg_package_repositories[Package repositories], you need to run: |
03c03402 DM |
233 | |
234 | [source,bash] | |
235 | ---- | |
3e2d2270 TL |
236 | apt update |
237 | apt install proxmox-mailgateway | |
03c03402 DM |
238 | ---- |
239 | ||
240 | Installing on top of an existing Debian installation looks easy, but | |
582a64ad | 241 | it assumes that you have correctly installed the base system, and you |
03c03402 DM |
242 | know how you want to configure and use the local storage. Network |
243 | configuration is also completely up to you. | |
244 | ||
245 | NOTE: In general, this is not trivial, especially when you use LVM or | |
246 | ZFS. | |
e3eaa56a DM |
247 | |
248 | ||
39abbce4 | 249 | [[pmg_install_on_debian_container]] |
c13d3d4f TL |
250 | Install {pmg} as Linux Container Appliance |
251 | ------------------------------------------ | |
252 | ||
253 | The full functionality of {pmg} can also run on top of a Debian-based LXC | |
254 | instance. In order to keep the set of installed software, and thus the | |
582a64ad | 255 | necessary updates minimal, you can use the `proxmox-mailgateway-container` |
c13d3d4f TL |
256 | meta-package. It does not depend on any Linux Kernel, firmware, or components |
257 | used for booting from bare-metal, like grub2. | |
17a13972 TL |
258 | |
259 | A ready-to-use appliance template is available through the | |
260 | https://www.proxmox.com/proxmox-ve[Proxmox VE] appliance manager in the `mail` | |
261 | section, so if you already use Proxmox VE you can setup a {pmg} instance in a | |
262 | minute. | |
263 | ||
264 | NOTE: It's recommended to use a static network configuration. If DHCP should be | |
582a64ad | 265 | used ensure that the container always leases the same IP, for example, by |
17a13972 | 266 | reserving one with the containers network MAC address. |
5991f9eb | 267 | |
3e2d2270 TL |
268 | Additionally you can also install this on top of a container based Debian |
269 | installation. After configuring the | |
270 | xref:pmg_package_repositories[Package repositories], you need to run: | |
271 | ||
272 | [source,bash] | |
273 | ---- | |
274 | apt update | |
275 | apt install proxmox-mailgateway-container | |
276 | ---- | |
5991f9eb | 277 | |
e3eaa56a DM |
278 | [[pmg_package_repositories]] |
279 | Package Repositories | |
280 | -------------------- | |
281 | ||
282 | All {debian} based systems use | |
e9fb7667 | 283 | https://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as package |
e3eaa56a DM |
284 | management tool. The list of repositories is defined in |
285 | `/etc/apt/sources.list` and `.list` files found inside | |
286 | `/etc/apt/sources.d/`. Updates can be installed directly using | |
3e2d2270 | 287 | `apt`, or via the GUI. |
e3eaa56a DM |
288 | |
289 | Apt `sources.list` files list one package repository per line, with | |
290 | the most preferred source listed first. Empty lines are ignored, and a | |
291 | `#` character anywhere on a line marks the remainder of that line as a | |
292 | comment. The information available from the configured sources is | |
3e2d2270 | 293 | acquired by `apt update`. |
e3eaa56a DM |
294 | |
295 | .File `/etc/apt/sources.list` | |
296 | ---- | |
7cf7c2d3 | 297 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a | 298 | |
7cf7c2d3 | 299 | deb http://ftp.debian.org/debian buster-updates main contrib |
aedc8192 | 300 | |
e3eaa56a | 301 | # security updates |
79569792 | 302 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a | 303 | ---- |
79569792 | 304 | // FIXME for 7.0: change security update suite to bullseye-security |
e3eaa56a DM |
305 | |
306 | In addition, {pmg} provides three different package repositories. | |
307 | ||
308 | ||
309 | {pmg} Enterprise Repository | |
310 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
311 | ||
312 | This is the default, stable and recommended repository, available for | |
313 | all {pmg} subscription users. It contains the most stable packages, | |
314 | and is suitable for production use. The `pmg-enterprise` repository is | |
315 | enabled by default: | |
316 | ||
317 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
318 | ---- | |
7cf7c2d3 | 319 | deb https://enterprise.proxmox.com/debian/pmg buster pmg-enterprise |
e3eaa56a DM |
320 | ---- |
321 | ||
322 | As soon as updates are available, the `root@pam` user is notified via | |
323 | email about the available new packages. On the GUI, the change-log of | |
324 | each package can be viewed (if available), showing all details of the | |
325 | update. So you will never miss important security fixes. | |
326 | ||
327 | Please note that and you need a valid subscription key to access this | |
328 | repository. We offer different support levels, and you can find further | |
d2ae160b | 329 | details at {pricing-url}. |
e3eaa56a DM |
330 | |
331 | NOTE: You can disable this repository by commenting out the above line | |
332 | using a `#` (at the start of the line). This prevents error messages | |
333 | if you do not have a subscription key. Please configure the | |
334 | `pmg-no-subscription` repository in that case. | |
335 | ||
336 | ||
337 | {pmg} No-Subscription Repository | |
338 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
339 | ||
340 | As the name suggests, you do not need a subscription key to access | |
341 | this repository. It can be used for testing and non-production | |
342 | use. Its not recommended to run on production servers, as these | |
343 | packages are not always heavily tested and validated. | |
344 | ||
345 | We recommend to configure this repository in `/etc/apt/sources.list`. | |
346 | ||
347 | .File `/etc/apt/sources.list` | |
348 | ---- | |
7cf7c2d3 | 349 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a DM |
350 | |
351 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
352 | # NOT recommended for production use | |
7cf7c2d3 | 353 | deb http://download.proxmox.com/debian/pmg buster pmg-no-subscription |
e3eaa56a DM |
354 | |
355 | # security updates | |
79569792 | 356 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a DM |
357 | ---- |
358 | ||
359 | ||
360 | {pmg} Test Repository | |
361 | ~~~~~~~~~~~~~~~~~~~~~ | |
362 | ||
363 | Finally, there is a repository called `pmgtest`. This one contains the | |
364 | latest packages and is heavily used by developers to test new | |
365 | features. As usual, you can configure this using | |
366 | `/etc/apt/sources.list` by adding the following line: | |
367 | ||
368 | .sources.list entry for `pmgtest` | |
369 | ---- | |
7cf7c2d3 | 370 | deb http://download.proxmox.com/debian/pmg buster pmgtest |
e3eaa56a DM |
371 | ---- |
372 | ||
582a64ad | 373 | WARNING: the `pmgtest` repository should only be used |
e3eaa56a DM |
374 | for testing new features or bug fixes. |
375 | ||
376 | ||
377 | SecureApt | |
378 | ~~~~~~~~~ | |
379 | ||
380 | We use GnuPG to sign the `Release` files inside those repositories, | |
381 | and APT uses that signatures to verify that all packages are from a | |
382 | trusted source. | |
383 | ||
384 | The key used for verification is already installed if you install from | |
385 | our installation CD. If you install by other means, you can manually | |
386 | download the key with: | |
387 | ||
7cf7c2d3 | 388 | # wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
e3eaa56a DM |
389 | |
390 | Please verify the checksum afterwards: | |
391 | ||
392 | ---- | |
7cf7c2d3 SI |
393 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
394 | acca6f416917e8e11490a08a1e2842d500b3a5d9f322c6319db0927b2901c3eae23cfb5cd5df6facf2b57399d3cfa52ad7769ebdd75d9b204549ca147da52626 /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
395 | ---- |
396 | ||
397 | or | |
398 | ||
399 | ---- | |
7cf7c2d3 SI |
400 | # md5sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
401 | f3f6c5a3a67baf38ad178e5ff1ee270c /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
402 | ---- |
403 | ||
404 |