IT-Syndikat/its-network
27
0
Fork 1
Code Issues1 Pull requests Projects Releases Packages Wiki Activity Actions
its-network/docs/space/srv-acraze/acraze.md
Wachtl Enterprises LLC 57de17fe39 Update documentation 
Signed-off-by: Wachtl Enterprises LLC <tyrolyean@escpe.net>
2025-03-19 00:15:14 +01:00

3.7 KiB
Raw Permalink Blame History

About

Acraze is the proxmox hypervisor in the space. All virtual services inside the space reside here.

Maintainers

Current Maintainers:

  • tyrolyean: Responsible. Don't want to, but need to

Technical

The hypervisors web-interface may be reached at https://acraze.srv.it-syndikat.org:8006. It takes ldap credentials.

unlock

In case the server was rebootet, has received a power cut, or for any other reason was rebooted, you need to unlock it. For this you need the unlock password. As per policy, at least 4 people need to have the unlock key inside their personal password managers. This currently includes @tyrolyean, @lambda, @deneb and @drkhsh. The server is reachable during unlock at 10.17.4.2 assigned via dhcp or acraze-unlock.srv.it-syndikat.org if dns works. Unlock user is root.

To unlock, run zfsunlock.

Specifications

The following is an excerpt of the hardware specifications:

         .://:`              `://:.            tyrolyean@acraze
       `hMMMMMMd/          /dMMMMMMh`          ----------------
        `sMMMMMMMd:      :mMMMMMMMs`           OS: Proxmox VE 8.3.4 x86_64
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`   Host: Super Server 0123456789
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`   Kernel: 6.8.12-8-pve
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`     Uptime: 14 days, 5 hours, 17 mins
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.       Packages: 1032 (dpkg)
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         Shell: fish 3.6.0
        -+ooooooo/.`sMMs`./ooooooo+-           Resolution: 1920x1080
          :oooooooo/`..`/oooooooo:             Terminal: /dev/pts/1
          :oooooooo/`..`/oooooooo:             CPU: Intel Xeon E5-2683 v4 (64) @ 3.000GHz
        -+ooooooo/.`sMMs`./ooooooo+-           GPU: NVIDIA Tesla P40
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         Memory: 258922MiB / 290059MiB
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`
        `sMMMMMMMm:      :dMMMMMMMs`
       `hMMMMMMd/          /dMMMMMMh`
         `://:`              `://:`

File system

VMs are stored on a ZFS raid 1. It uses ZFS subvolumes to separate virtual machines.

Interfacing

To interface either access https://acraze.srv.it-syndikat.org:8006/ or ssh to the same host. For recovery purposes, the IP address is 10.17.4.2. The root password is noted in Vaultwarden.

VM Network

VMs should use the pre-configured bridge interface vmbr0, which will put them in the SRV subnet on the router (currently 10.17.4.0/24). You will also get your dns record set into the .srv.it-syndikat.org local dyn dns domain and get an IPv6 address assigned, but ONLY via dhcpv6.

Commands

If you don't want to use the graphical interface, you can use the several command line programs.

List virtual machines

qm list

Get ther serial console of an old parabox vm

qm terminal <VM-ID>

List guest volumes

pvesm list <storage>

Note: at the time of writing there is only one storage: tank_id

Delete a guests volume

pvesm free <volume_id>

Import a disk image as new vm disk

qm importdisk <VM-ID> <image path> <storage>

Note: if an import fails or is aborted, there will probably be a leftover zfs subvolume with the size of the imported image. To remove it, see the command above.

Create local (PAM) user with PVE web access

Creating a system user isn't enough for access to the PVE webinterface. We have to tell PVE about the user and assing them some roles. Here we use PVEAdmin which should be root equivalent:

$ adduser my-user
...
$ pveum user add my-user@pam
$ pveum acl modify / --roles PVEAdmin --users my-user@pam