IT-Syndikat/its-network
27
0
Fork 1
Code Issues1 Pull requests Projects Releases Packages Wiki Activity Actions
its-network/docs/space/srv-acraze/acraze.md
Wachtl Enterprises LLC 57de17fe39 Update documentation 
Signed-off-by: Wachtl Enterprises LLC <tyrolyean@escpe.net>
2025-03-19 00:15:14 +01:00

113 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# About
Acraze is the proxmox hypervisor in the space. All virtual services inside the
space reside here.
# Maintainers
Current Maintainers:
- tyrolyean: Responsible. Don't want to, but need to
# Technical
The hypervisors web-interface may be reached at
<https://acraze.srv.it-syndikat.org:8006>. It takes ldap credentials.
## unlock
In case the server was rebootet, has received a power cut, or for any other
reason was rebooted, you need to unlock it. For this you need the
unlock password. As per policy, at least 4 people need to have the unlock key
inside their personal password managers. This currently includes @tyrolyean,
@lambda, @deneb and @drkhsh. The server is reachable during unlock at
`10.17.4.2` assigned via dhcp or `acraze-unlock.srv.it-syndikat.org` if dns
works. Unlock user is `root`.
To unlock, run `zfsunlock`.
## Specifications
The following is an excerpt of the hardware specifications:
<pre>
.://:` `://:. tyrolyean@acraze
`hMMMMMMd/ /dMMMMMMh` ----------------
`sMMMMMMMd: :mMMMMMMMs` OS: Proxmox VE 8.3.4 x86_64
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-` Host: Super Server 0123456789
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:` Kernel: 6.8.12-8-pve
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/` Uptime: 14 days, 5 hours, 17 mins
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/. Packages: 1032 (dpkg)
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Shell: fish 3.6.0
-+ooooooo/.`sMMs`./ooooooo+- Resolution: 1920x1080
:oooooooo/`..`/oooooooo: Terminal: /dev/pts/1
:oooooooo/`..`/oooooooo: CPU: Intel Xeon E5-2683 v4 (64) @ 3.000GHz
-+ooooooo/.`sMMs`./ooooooo+- GPU: NVIDIA Tesla P40
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Memory: 258922MiB / 290059MiB
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-`
`sMMMMMMMm: :dMMMMMMMs`
`hMMMMMMd/ /dMMMMMMh`
`://:` `://:`
</pre>
## File system
VMs are stored on a ZFS raid 1. It uses ZFS subvolumes to separate virtual
machines.
## Interfacing
To interface either access <https://acraze.srv.it-syndikat.org:8006/> or ssh to the same
host. For recovery purposes, the IP address is 10.17.4.2. The root password is noted in
Vaultwarden.
## VM Network
VMs should use the pre-configured bridge interface `vmbr0`, which will put them
in the SRV subnet on the router (currently 10.17.4.0/24). You will also get your
dns record set into the `.srv.it-syndikat.org` local dyn dns domain and get an
IPv6 address assigned, but **ONLY** via dhcpv6.
## Commands
If you don't want to use the graphical interface, you can use the several
command line programs.
### List virtual machines
`qm list`
### Get ther serial console of an old parabox vm
`qm terminal <VM-ID>`
### List guest volumes
`pvesm list <storage>`
Note: at the time of writing there is only one storage: `tank_id`
### Delete a guests volume
`pvesm free <volume_id>`
### Import a disk image as new vm disk
`qm importdisk <VM-ID> <image path> <storage>`
Note: if an import fails or is aborted, there will probably be a leftover zfs
subvolume with the size of the imported image. To remove it, see the command
above.
### Create local (PAM) user with PVE web access
Creating a system user isn't enough for access to the PVE webinterface. We
have to tell PVE about the user and assing them some roles. Here we use
PVEAdmin which should be root equivalent:
$ adduser my-user
...
$ pveum user add my-user@pam
$ pveum acl modify / --roles PVEAdmin --users my-user@pam
Reference in a new issue View git blame Copy permalink