跳转至

Proxmox VE

Mirror

https://mirrors.tuna.tsinghua.edu.cn/proxmox/iso/

https://mirrors.tuna.tsinghua.edu.cn/ubuntu-cloud-images/noble/current/

https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso

Install

自主分区:

  • swap 0
  • ~~root 20G~~

PVE Server

# sources pve8
sed -i 's|^deb http://deb.debian.org|deb https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list
sed -i 's|^deb http://ftp.debian.org|deb https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list
sed -i 's|^deb http://security.debian.org|deb https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list

rm /etc/apt/sources.list.d/ceph.list
rm /etc/apt/sources.list.d/pve-enterprise.list

source /etc/os-release
echo >> /etc/apt/sources.list "deb https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian $VERSION_CODENAME pve-no-subscription"

# sources pve9
sed -i 's|^URIs: http://deb.debian.org|URIs: https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list.d/debian.sources
sed -i 's|^URIs: http://ftp.debian.org|URIs: https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list.d/debian.sources
sed -i 's|^URIs: http://security.debian.org|URIs: https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list.d/debian.sources

rm /etc/apt/sources.list.d/ceph.sources
rm /etc/apt/sources.list.d/pve-enterprise.sources

source /etc/os-release
cat << EOF >/etc/apt/sources.list.d/proxmox.sources
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian/pve
Suites: $VERSION_CODENAME
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

# apt
apt update && apt full-upgrade -y
apt install -y aria2 curl wget htop vim iftop iotop tree netcat-openbsd net-tools ifupdown2
apt install -y libgl1 libegl1

# lvm
lvremove /dev/pve/data
lvextend -rl +100%FREE /dev/pve/root
lvs
vgs
pvs
df -hT

# storage
/etc/pve/storage.cfg

# bash
sed -i 's|# zh_CN.UTF-8 UTF-8|zh_CN.UTF-8 UTF-8|' /etc/locale.gen
locale-gen

echo >> ~/.bashrc "export LC_ALL='en_US.UTF-8'"
echo >> ~/.bashrc "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '"

# vim
cat << EOF >~/.vimrc
syntax on
hi Comment ctermfg=6
let loaded_matchparen=1
set encoding=utf-8
set tabstop=4
set softtabstop=4
set expandtab
set ruler
set showcmd
set showmatch
set hlsearch
set incsearch
EOF

KVM Guest

Image

aria2c -c -x 10 -s 10 https://mirrors.huaweicloud.com/ubuntu-cloud-images/noble/current/noble-server-cloudimg-amd64.img
qemu-img convert -f qcow2 -O raw noble-server-cloudimg-amd64.img noble-server-cloudimg-amd64.raw

mkdir -p /raw
# fdisk -ul noble-server-cloudimg-amd64.raw
mount -o loop,offset=$((2099200 * 512)) noble-server-cloudimg-amd64.raw /raw

sed -i "s@http://.*archive.ubuntu.com@http://mirrors.huaweicloud.com@g"  /raw/etc/apt/sources.list.d/ubuntu.sources
sed -i "s@http://.*security.ubuntu.com@http://mirrors.huaweicloud.com@g" /raw/etc/apt/sources.list.d/ubuntu.sources

sed -i "s@http://.*archive.ubuntu.com@http://mirrors.huaweicloud.com@g"  /raw/etc/cloud/cloud.cfg
sed -i "s@http://.*security.ubuntu.com@http://mirrors.huaweicloud.com@g" /raw/etc/cloud/cloud.cfg

umount /raw

Create

# 创建虚拟机
qm create 101

# 导入 cloudimg 文件作为硬盘
qm importdisk 101 noble-server-cloudimg-amd64.raw hd01 --format raw
qm set 101 --scsihw virtio-scsi-single --scsi0 hd01:101/vm-101-disk-0.raw

# 设置启动盘
qm set 101 --boot c --bootdisk scsi0

# 添加 cloudinit 设置
# qm set 101 --ide2 hd01-lvm:cloudinit
qm set 101 --ide2 hd01:cloudinit,format=raw
qm set 101 --ciuser root
qm set 101 --ciupgrade 0
qm set 101 --sshkey ~/.ssh/authorized_keys

# 添加网卡设置
qm set 101 --net0 virtio,bridge=vmbr0
# qm set 101 --ipconfig0 ip=dhcp
# qm set 101 --ipconfig0 ip=192.168.1.11/24,gw=192.168.1.1

# 其他杂项设置
qm set 101 --serial0 socket --vga serial0
qm set 101 --agent enabled=1,fstrim_cloned_disks=1,type=virtio
qm set 101 --ostype l26
qm set 101 --onboot 1
qm set 101 --cpu host
qm set 101 --name ubuntu

# 设置 CPU 内存 硬盘
qm set 101 --cores 4
qm set 101 --memory 2048
qm resize 101 scsi0 10G

系统初始化设置

- name: PVE
  hosts: all
  gather_facts: false
  vars:
    basic_tools:
      - apache2-utils
      - apt-transport-https
      - aria2
      - bash-completion
      - build-essential
      - ca-certificates
      - cron
      - curl
      - git
      - htop
      - iftop
      - iptables
      - jq
      - man
      - mosh
      - mtr-tiny
      - net-tools
      - p7zip-full
      - python3-dev
      - python3-docker
      - python3-passlib
      - python3-pip
      - p7zip-full
      - qemu-guest-agent
      - software-properties-common
      - tree
      - vim
      - vnstat
      - wget
      - yq
      - zip

  tasks:
    - name: 设置为中国时区
      community.general.timezone:
        name: "Asia/Shanghai"

    - name: 设置 bash 命令行提示符为彩色
      ansible.builtin.lineinfile:
        path: /root/.bashrc
        regexp: "^#?force_color_prompt=yes"
        line: force_color_prompt=yes

    - name: Vim 的自定义配置 | 1
      ansible.builtin.copy:
        content: |
          "syntax on"
        dest: /root/.vimrc
        force: true
        backup: true
        mode: "0644"
    - name: Vim 的自定义配置 | 2
      ansible.builtin.lineinfile:
        path: "/root/.vimrc"
        line: "{{ item }}"
      with_items:
        - syntax on
        - hi Comment ctermfg=6
        - let loaded_matchparen=1
        - set encoding=utf-8
        - set tabstop=4
        - set softtabstop=4
        - set expandtab
        - set ruler
        - set showcmd
        - set showmatch
        - set hlsearch
        - set incsearch

    - name: 启用 ipv4 的转发,并禁用 ipv6 | 1
      ansible.builtin.copy:
        content: |
          # Automatically generated by Ansible\n
        dest: /etc/sysctl.conf
        force: true
        backup: true
        mode: "0644"
    - name: 启用 ipv4 的转发,并禁用 ipv6 | 2
      ansible.builtin.lineinfile:
        path: "/etc/sysctl.conf"
        line: "{{ item }}"
      with_items:
        - net.ipv4.ip_forward = 1
        - fs.file-max = 262144
        - vm.max_map_count = 262144
        - net.ipv6.conf.all.disable_ipv6 = 1
        - net.ipv6.conf.default.disable_ipv6 = 1
        - net.ipv6.conf.lo.disable_ipv6 = 1

    - name: 调整系统参数
      ansible.builtin.lineinfile:
        path: "/etc/security/limits.conf"
        line: "{{ item }}"
      with_items:
        - "* soft nofile 262144"
        - "* hard nofile 262144"
        - "root soft nofile 262144"
        - "root hard nofile 262144"

    - name: 安装系统更新
      ansible.builtin.apt:
        upgrade: full
        update_cache: true

    - name: 安装系统基础的应用工具
      ansible.builtin.apt:
        name: "{{ item }}"
        state: present
      with_items: "{{ basic_tools }}"

    - name: 停用 systemd-resolved
      ansible.builtin.systemd_service:
        name: systemd-resolved
        state: stopped
        enabled: false

    - name: 删除旧的 resolv.conf
      ansible.builtin.file:
        path: /etc/resolv.conf
        state: absent

    - name: 添加新的 resolv.conf
      ansible.builtin.copy:
        content: |
          # Automatically generated by Ansible
          nameserver 114.114.114.114
        dest: /etc/resolv.conf
        mode: "0644"

    - name: 卸载 snap step 1
      community.general.snap:
        name: "{{ item }}"
        state: absent
      loop:
        - lxd
        - core20
        - snapd
    - name: 卸载 snap step 2
      ansible.builtin.systemd_service:
        name: snapd
        state: stopped
    - name: 卸载 snap step 3
      ansible.builtin.apt:
        name: snapd
        state: absent
    - name: 卸载 snap step 4
      ansible.builtin.file:
        path: /root/snap
        state: absent

    - name: 静态路由 | 1
      ansible.builtin.copy:
        content: |
          [Unit]
          # /lib/systemd/system/lan_static.service
          Description = Apply static route rules
          After = ssh.service

          [Service]
          Type=oneshot
          ExecStart=/bin/sh -c 'bash -x /root/route_add.sh'
          RemainAfterExit=yes

          [Install]
          WantedBy=default.target
        dest: /lib/systemd/system/lan_static.service
        mode: "0644"
    - name: 静态路由 | 2
      ansible.builtin.systemd:
        name: lan_static.service
        enabled: true
    - name: 静态路由 | 3
      ansible.builtin.copy:
        content: |
          #!/bin/bash
          set -x
          lan_ip='192.168.0.0/16'
          switch=192.168.99.254
          ip route add $lan_ip via $switch
        dest: /root/route_add.sh
        mode: "0755"