Proxmox Virtual Environment (PVE) is an open-source hypervisor manager.

Based on Debian with a modified Ubuntu LTS kernel, it allows deployment and management of virtual machines (KVM) and containers (LXC).

Unlike XCP-ng, Proxmox VE includes a web interface and provides a REST API for third-party tools.

It can be downloaded for free at [Link]. If needed, use the USB Imager to create a bootable thumb drive [Link].


Creating a bootable USB for installation:

dd bs=1M conv=fdatasync if=./proxmox-ve_8.4-1.iso of=/dev/sdc

Updating and upgrading:

apt update
apt upgrade -y
apt dist-upgrade -y

To avoid error messages about an unsigned repo (which requires a subscription), comment all lines in /etc/apt/sources.list.d/pve-enterprise.list and append:

deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

Go to https://192.168.1.103:8006/ in your browser and set a strong password for the default user root.


CLI COMMANDS

  • man qm
  • qm list
  • qm start 100
  • qm shutdown 100
  • qm reboot 100
  • qm reset 100
  • qm stop 100
  • qm config 100
  • qm set -onboot 1 100
  • man pct
  • pct list
  • pct start 101
  • pct shutdown 101
  • pct reboot 101
  • pct config 101
  • pct set -memory 1024 101
  • pct enter 101

INSTALLING THE GUEST AGENT

sudo apt install qemu-guest-agent -y

BEFORE CREATING AN IMAGE FROM A VM

sudo rm -rf /etc/ssh/ssh_host_*
sudo truncate -s 0 /etc/machine-id
sudo dpkg-reconfigure openssh-server

IMPORTING A VM

wget http://192.168.1.100:8080/Kali-Linux-2021.4-virtualbox-amd64.ova
tar xvf Kali-Linux-2021.4-virtualbox-amd64.ova
qm importovf 100 ./Kali-Linux-2021.4-virtualbox-amd64.ovf Storage --format qcow2

If the disk import (*.ovf) fails, create a new VM manually, then run:

qemu-img convert -f vmdk Kali-Linux-2021.4-virtualbox-amd64-disk001.vmdk Kali-disk001.qcow2 -O qcow2
qm importdisk 100 Kali-disk001.qcow2 Storage

OTHER CLI TIPS

Wiping a secondary disk from the CLI:

wipefs -fa /dev/nvme0n1
dd if=/dev/zero of=/dev/nvme0n1 bs=1M count=1000
udevadm settle
reboot

APPLIANCE MANAGER

pveam update
pveam available
pveam download local debian-10-turnkey-nextcloud_16.1-1_amd64.tar.gz

ATTACHING A USB DEVICE TO A VM (PASSTHROUGH)

In the example below, I am attaching an Intel AX200 Wireless Adapter (Wi-Fi 6).

lsusb | grep AX200

Output: Bus 001 Device 002: ID 8087:0029 Intel Corp. AX200 Bluetooth

qm set 112 -usb0 host=8087:0029,usb3=yes

Output: update VM 112: -usb0 host=8087:0029

OR

Using the Web UI:

Experiment to find the option that best fits your needs:

Pull and list the latest available container templates:

sudo pveam update
sudo pveam available

ATTACHING A DISK TO A VM (PASSTHROUGH)

Stop the VM, then attach the disk:

qm set 101 -scsi1 /dev/sdX

PROXMOX BACKUP SERVER (PBS)

PBS is an open-source backup solution for VMs, containers, and physical (Debian/Ubuntu) hosts [Link].

After installation, the PBS web interface is available on port 8007 (e.g., https://10.10.10.10:8007/).

Installing the PBS Client on Debian/Ubuntu physical hosts:

echo "deb [arch=amd64] http://download.proxmox.com/debian/pbs-client bullseye main" | sudo tee /etc/apt/sources.list.d/pbs-client.list
sudo wget http://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
sudo apt update
sudo apt install proxmox-backup-client -y

Backing up the root filesystem:

sudo su -
proxmox-backup-client backup root.pxar:/ --repository 10.10.10.10:backup1

Backing up with an encryption key:

proxmox-backup-client key create backup.key
proxmox-backup-client backup root.pxar:/ --repository 10.10.10.10:backup1 --keyfile ./backup.key

Listing backups and snapshots:

proxmox-backup-client list --repository 10.10.10.10:backup1
proxmox-backup-client snapshot list --repository 10.10.10.10:backup1

Setting an environment variable for the target repository:

export PBS_REPOSITORY="10.10.10.10:backup1"
echo $PBS_REPOSITORY

Mapping a directory from the host to a guest CT:

sudo nano /etc/pve/nodes/<NODE>/lxc/<ID>.conf
...
mp0: /HOST/PATH/,mp=/GUEST/PATH,mountoptions=noatime

BONUS

Proxmox does not officially run on the Raspberry Pi, but Pimox does [Link].

Pimox is an adapted build of Proxmox tailored for the Raspberry Pi 4.

See this post for a step-by-step guide on how to install, configure, and use it [Link].

Warning: Before converting any instance into a template, wipe the machine ID to prevent all deployed from it from having the same fingerprints. sudo truncate -s 0 /etc/machine-id and sudo truncate -s 0 /var/lib/dbus/machine-id.

Applying NAT to the network on vmbr1:

sudo nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
sudo nano /etc/nftables.conf
table inet nat {
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
    }
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname "vmbr0" masquerade
    }
}
table inet filter {
    chain forward {
        type filter hook forward priority 0; policy drop;
        iifname "vmbr1" oifname "vmbr0" accept
        ct state established,related accept
    }
}
sudo sysctl -p
sudo nft -f /etc/nftables.conf

Disabling, recovering, and managing MFA via CLI:

mv /etc/pve/priv/tfa.cfg /etc/pve/priv/tfa.cfg_DISABLED
mv /etc/pve/priv/tfa.cfg_DISABLED /etc/pve/priv/tfa.cfg

Running Snap packages inside LXC

On Proxmox, edit the LXC config:

nano /etc/pve/lxc/XXX.conf

Add the following lines:

lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file,optional
lxc.mount.auto=cgroup:rw

Inside the LXC, install the required dependencies:

sudo apt update && sudo apt dist-upgrade
sudo apt install squashfuse fuse
sudo apt install snapd
sudo mkdir /lib/modules

Install the Snap package. It may fail on the first attempt, but it will work on the second.

Tips for IPv4 and IPv6 Networks

This example has a “WAN” interface configured along with two isolated “LANs“: one on a physical IPv4 network and the other on a virtual IPv6 network.

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

iface enx7cc2c6357dd7 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.103/24
        gateway 192.168.1.1
        bridge-ports enp0s31f6
        bridge-stp off
        bridge-fd 0
#IPv4 LAN

auto vmbr1
iface vmbr1 inet static
        address 10.1.1.1/24
        bridge-ports enx7cc2c6357dd7
        bridge-stp off
        bridge-fd 0
#IPv4 PXE

auto vmbr2
iface vmbr2 inet6 static
        address 2a11:6c7:2000:c500::1/56
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#IPv6 Only

source /etc/network/interfaces.d/*

For aggregating multiple physical adapters into one logical interface:

 

auto lo
iface lo inet loopback

auto nic0
iface nic0 inet manual

auto nic1
iface nic1 inet manual

auto nic2
iface nic2 inet manual

auto nic3
iface nic3 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves nic0 nic1 nic2 nic3
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.104/24
        gateway 192.168.1.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0

source /etc/network/interfaces.d/*

Enable No-Subscription Package Repository


DHCP ON PROXMOX

nano /etc/network/interfaces
auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
ifreload -a

TROUBLESHOOTING

A new drive or leftover data drives from a previous Proxmox installation may get stuck. To resolve:

dmsetup ls
dmsetup remove <NAME_TO_REMOVE>