🥇The magic of virtualization: an introductory course in Proxmox VE

Today we will talk about how to quickly and easily deploy several virtual servers with different operating systems on one physical server. This will allow any system administrator to centrally manage the entire IT infrastructure of the company and save a huge amount of resources. The use of virtualization helps to abstract away from the physical server hardware as much as possible, protect critical services and easily restore their operation even in the event of very serious failures.

Without a doubt, most system administrators are familiar with the techniques of working with a virtual environment, and this article will not be a discovery for them. Despite this, there are companies that do not use the flexibility and speed of virtual solutions due to the lack of accurate information about them. We hope that our article will help to understand by example that it is much easier to start using virtualization once than to experience the inconvenience and disadvantages of a physical infrastructure.

Fortunately, trying out how virtualization works is easy enough. We will show you how to create a server in a virtual environment, for example, to migrate a CRM system used in a company. Almost any physical server can be turned into a virtual one, but first you need to master the basic working methods. This will be discussed below.

How does it work

When it comes to virtualization, many beginners find it difficult to understand the terminology, so let's explain a few basic concepts:

hypervisor - special software that allows you to create virtual machines and manage them;
Virtual machine (hereinafter referred to as VM) is a system that is a logical server inside a physical server with its own set of characteristics, drives and operating system;
Virtualization host - a physical server with a hypervisor running on it.

For a server to function as a full-fledged virtualization host, its processor must support one of two technologies, either Intel® VT or AMD-V™. Both technologies perform the most important task - providing server hardware resources to virtual machines.

The key feature is that any actions of virtual machines are performed directly at the hardware level. At the same time, they are isolated from each other, which makes it quite easy to manage them separately. The hypervisor itself plays the role of a controlling body, distributing resources, roles and priorities between them. Also, the hypervisor emulates that part of the hardware that is necessary for the correct operation of the operating system.

The introduction of virtualization makes it possible to have multiple running copies of a single server. A critical failure or error in the process of making changes to such a copy will not affect the operation of the current service or application in any way. At the same time, two main problems are also removed - scaling and the ability to keep a "zoo" of different operating systems on the same equipment. This is an ideal opportunity to combine a wide variety of services without the need to purchase separate equipment for each of them.

Virtualization increases the resiliency of services and deployed applications. Even if the physical server fails and needs to be replaced with another one, the entire virtual infrastructure will remain fully operational, provided that the disk media is intact. In this case, the physical server may be of a different manufacturer altogether. This is especially true for companies that use servers that have been discontinued and will need to migrate to other models.

Now we list the most popular hypervisors that exist today:

VMware ESXi
Microsoft Hyper V
Open Virtualization Alliance KVM
Oracle VM VirtualBox

They are all quite versatile, however, each of them has certain features that should always be considered at the selection stage: deployment/maintenance cost and technical characteristics. The cost of commercial licenses for VMware and Hyper-V is very high, and in the event of failures, it is very difficult to solve the problem with these systems on your own.

KVM, on the other hand, is completely free and quite easy to use, especially as part of a complete Debian Linux-based solution called Proxmox Virtual Environment. It is this system that we can recommend for an initial acquaintance with the world of virtual infrastructure.

How to quickly deploy the Proxmox VE hypervisor

Installation most often does not cause any problems. Downloading the latest version of the image from the official site and write it to any external media using the utility Win32DiskImager (on Linux, the dd command is used), after which we boot the server directly from this media. Our customers who rent dedicated servers from us can use two even simpler ways - simply by mounting the desired image directly from the KVM console, or using our PXE server.

The installer has a graphical interface and will only ask a few questions.

Select the drive on which the installation will be performed. In chapter Options you can also set additional markup options.
Specify regional settings.
Specify the password that will be used to authorize the root superuser and the E-mail address of the administrator.
Specify network settings. FQDN stands for a fully qualified domain name, for example, node01.yourcompany.com.
After the installation is complete, the server can be sent to reboot using the Reboot button.

The web management interface will be available at
```
https://IP_адрес_сервера:8006
```

What to do after installation

There are a few important things to do after installing Proxmox. Let's talk about each of them in more detail.

Update the system to the latest version

To do this, go to the console of our server and disable the paid repository (available only to those who have bought paid support). If this is not done, apt will report an error when updating package sources.

Open the console and edit the apt configuration file:
```
nano /etc/apt/sources.list.d/pve-enterprise.list
```
This file will only have one line. We put a symbol in front of it #to disable receiving updates from a paid repository:
```
#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
```
Keyboard shortcut Ctrl + X exit the editor by answering Y to the system's question about saving the file.
We execute the command to update package sources and update the system:
```
apt update && apt -y upgrade
```

Take care of security

We can recommend installing the most popular utility Fail2Ban, which protects against brute force attacks. The principle of its operation is that if an attacker exceeds a certain number of login attempts for a specified time with an incorrect login / password, then his IP address will be blocked. The blocking period and the number of attempts can be specified in the configuration file.

Based on practical experience, for a week of server operation with an open ssh port 22 and an external static IPv4 address, there were more than 5000 attempts to guess the password. And the utility successfully blocked about 1500 addresses.

To complete the installation, here is a small instruction:

Open the server console via the web interface or SSH.
Update package sources:
```
apt update
```
Install Fail2Ban:
```
apt install fail2ban
```
Open the utility configuration for editing:
```
nano /etc/fail2ban/jail.conf
```
Change variables bantime (the number of seconds the attacker will block) and maxretry (number of login/password entry attempts) for each individual service.
Keyboard shortcut Ctrl + X exit the editor by answering Y to the system's question about saving the file.
Restarting the service:
```
systemctl restart fail2ban
```

You can check the status of the utility, for example, remove the statistics of blocking blocked IP addresses from which there were attempts to brute force SSH passwords, with one simple command:

fail2ban-client -v status sshd

The utility response will look something like this:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

In a similar way, you can close the Web interface from such attacks by creating an appropriate rule. An example of such a rule for Fail2Ban can be found in official guide.

Beginning of work

I would like to draw your attention to the fact that Proxmox is ready to create new machines immediately after installation. However, we recommend that you make preliminary settings so that the system can be easily managed later. Practice shows that the hypervisor and virtual machines should be placed on different physical media. How to do this will be discussed below.

Set up disk drives

The next step is to set up a storage that can be used to store virtual machine data and backups.

ATTENTION! The disk layout example below can be used for test purposes only. For real-world use, we strongly recommend using a software or hardware RAID array to avoid data loss when drives fail. We will tell you how to properly prepare a disk array for work and how to act in case of an emergency in one of the following articles.

Let's assume that the physical server has two disks − / Dev / sda, on which the hypervisor is installed and an empty disk / Dev / sdb, which is planned to be used to store virtual machine data. In order for the system to be able to see the new repository, you can use the simplest and most effective method - connect it as a regular directory. But before that, you need to do some preparatory work. As an example, let's see how to connect a new disk / Dev / sdb, of any size, by formatting it to the file system ext4.

Partition the disk by creating a new partition:
```
fdisk /dev/sdb
```
Press the key o or g (partition the disk in MBR or GPT).
Next, press the key n (create a new section).
And finally w (to save changes).
Create an ext4 filesystem:
```
mkfs.ext4 /dev/sdb1
```
Create a directory where we will mount the partition:
```
mkdir /mnt/storage
```
Open the configuration file for editing:
```
nano /etc/fstab
```

Add a new line there:

/dev/sdb1	/mnt/storage	ext4	defaults	0	0

After making changes, save them with a keyboard shortcut. Ctrl + Xanswering Y to the editor's question.
To check that everything is working, we send the server to reboot:
```
shutdown -r now
```
After the reboot, check the mounted partitions:
```
df -H
```

The command output should show that / dev / sdb1 mounted to directory /mnt/storage. This means that our drive is ready to go.

Add new storage to Proxmox

In the window that opens, fill in the following fields:

ID — the name of the future repository;
Directory - /mnt/storage;
Content - select all options (alternately clicking on each option).

After that, press the button Add. This completes the setup.

Create a virtual machine

To create a virtual machine, perform the following sequence of actions:

We determine the version of the operating system.
Upload the ISO image first.
Choose from the menu Storage the newly created repository.
Click here Content ➝ Download.
Select an ISO image from the list and confirm the selection by pressing the button Download.

After the operation is completed, the image will be displayed in the list of available ones.

Let's create our first virtual machine:

Click here Create VM.
Fill in the parameters one by one: First name ➝ ISO image ➝ Hard disk size and type ➝ Number of processors ➝ Amount of RAM ➝ Network adapter.
After selecting all the desired options, press To complete. The created machine will be displayed in the control panel menu.
Select it and click Release.
Let's go to point Console and install the operating system in exactly the same way as on a regular physical server.

If you need to create another machine, repeat the above operations. After all of them are ready, you can work with them simultaneously by opening several console windows.

Set up autorun

By default, Proxmox does not automatically start machines, but this can be easily solved with just two clicks:

Click on the name of the desired machine.
Selecting a tab Options ➝ Run on boot.
We put a checkmark in front of the inscription of the same name.

Now, if the physical server is rebooted, the VM will be started automatically.

For advanced administrators, there is also the ability to specify additional launch options in the section Start/Shutdown order. You can explicitly specify in which order the machines should be started. You can also specify the time that must elapse before the next VM starts and the shutdown delay time (if the operating system does not have time to shut down, the hypervisor will force it to shut down after a certain number of seconds).

Conclusion

This article has covered the basics of how you can get started with Proxmox VE and we hope it will help beginners take the first step and try virtualization in action.

Proxmox VE is indeed a very powerful and handy tool for any system administrator; the main thing is not to be afraid to experiment and understand how it really works.

If you have any questions, welcome to the comments.

Source: habr.com

The magic of virtualization: an introductory course in Proxmox VE