extremeshok/xshok-proxmox extremeshok/xshok-proxmox

  • Stars
    star
    623
  • Rank 71,836 (Top 2 %)
  • Language
    Shell
  • License
    Other
  • Created almost 8 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
extremeshok/xshok-proxmox
github

extremeshok

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

proxmox (pve) post installation optimizing and helper scripts

xshok-proxmox :: eXtremeSHOK.com Proxmox (pve)

Scripts for working with and optimizing proxmox

Maintained and provided by https://eXtremeSHOK.com

Please Submit Patches / Pull requests

Optimization / Post Install Script (install-post.sh aka postinstall.sh) run once

Turns a fresh proxmox install into an optimised proxmox host not required if server setup with installimage-proxmox.sh

'reboot-quick' command which uses kexec to boot the latest kernel, its a fast method of rebooting, without needing to do a hardware reboot

  • Disable the enterprise repo, enable the public repo, Add non-free sources
  • Fixes known bugs (public key missing, max user watches, etc)
  • Update the system
  • Detect AMD EPYC CPU and Apply Fixes
  • Force APT to use IPv4
  • Update proxmox and install various system utils
  • Customise bashrc
  • add the latest ceph provided by proxmox
  • Disable portmapper / rpcbind (security)
  • Ensure Entropy Pools are Populated, prevents slowdowns whilst waiting for entropy
  • Protect the web interface with fail2ban
  • Detect if is running in a virtual machine and install the relavant guest agent
  • Install ifupdown2 for a virtual internal network allows rebootless networking changes (not compatible with openvswitch-switch)
  • Limit the size and optimise journald
  • Install kernel source headers
  • Install kexec, allows for quick reboots into the latest updated kernel set as primary in the boot-loader.
  • Ensure ksmtuned (ksm-control-daemon) is enabled and optimise according to ram size
  • Set language, if chnaged will disable XS_NOAPTLANG
  • Increase max user watches, FD limit, FD ulimit, max key limit, ulimits
  • Optimise logrotate
  • Lynis security scan tool by Cisofy
  • Increase Max FS open files
  • Optimise Memory
  • Pretty MOTD BANNER
  • Enable Network optimising
  • Save bandwidth and skip downloading additional languages, requires XS_LANG="en_US.UTF-8"
  • Disable enterprise proxmox repo
  • Remove subscription banner
  • Install openvswitch for a virtual internal network
  • Detect if this is an OVH server and install OVH Real Time Monitoring
  • Set pigz to replace gzip, 2x faster gzip compression
  • Bugfix: high swap usage with low memory usage
  • Enable TCP BBR congestion control
  • Enable TCP fastopen
  • Enable testing proxmox repo
  • Automatically Synchronize the time
  • Set Timezone, empty = set automatically by IP
  • Install common system utilities
  • Increase vzdump backup speed
  • Optimise ZFS arc size accoring to memory size
  • Install zfs-auto-snapshot

https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/install-post.sh

return value is 0

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/install-post.sh -c -O install-post.sh && bash install-post.sh && rm install-post.sh

TO SET AND USE YOUR OWN OPTIONS (using xs-post-install.env)

User Defined Options for (install-post.sh) post-installation script for Proxmox are set in the xs-install-post.env, see the sample : xs-install-post.env.sample

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/xs-install-post.env.sample -c -O xs-install-post.env
wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/install-post.sh -c -O install-post.sh
nano xs-install-post.env
bash install-post.sh

TO SET AND USE YOUR OWN OPTIONS (using ENV)

Examnple to disable the MOTD banner

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/install-post.sh -c -O install-post.sh
export XS_MOTD="no"
bash install-post.sh

Install Proxmox Recommendations

Recommeneded partitioning scheme:

  • Raid 1 (mirror) 40 000MB ext4 /
  • Raid 1 (mirror) 30 000MB ext4 /xshok/zfs-cache only create if an ssd and there is 1+ unused hdd which will be made into a zfspool
  • Raid 1 (mirror) 5 000MB ext4 /xshok/zfs-slog only create if an ssd and there is 1+ unused hdd which will be made into a zfspool
  • SWAP
    • HDD less than 130gb = 16GB swap
    • HDD more than 130GB and RAM less than 64GB = 32GB swap
    • HDD more than 130GB and RAM more than 64GB = 64GB swap
  • Remaining for lv xfs /var/lib/vz (LVM)

Hetzner Proxmox Installation Guide

see hetzner folder

OVH Proxmox Installation Guide

see ovh folder

------- SCRIPTS ------

Convert from Debian 11 to Proxmox 7 (debian11-2-proxmox7.sh) optional

Assumptions: Debian11 installed with a valid FQDN hostname set

  • Tested on KVM, VirtualBox and Dedicated Server
  • Will automatically detect cloud-init and disable.
  • Will automatically generate a correct /etc/hosts
  • Note: will automatically run the install-post.sh script
curl -O https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/debian-2-proxmox/debian11-2-proxmox7.sh && chmod +x debian11-2-proxmox7.sh
./debian11-2-proxmox7.sh

Convert from Debian 10 to Proxmox 6 (debian10-2-proxmox6.sh) optional

curl -O https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/debian-2-proxmox/debian10-2-proxmox6.sh && chmod +x debian10-2-proxmox6.sh
./debian10-2-proxmox6.sh

Convert from Debian 9 to Proxmox 5 (debian9-2-proxmox5.sh) optional

curl -O https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/debian-2-proxmox/debian9-2-proxmox5.sh && chmod +x debian9-2-proxmox5.sh
./debian9-2-proxmox5.sh

Enable Docker support for an LXC container (pve-enable-lxc-docker.sh) optional

There can be security implications as the LXC container is running in a higher privileged mode.

curl https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/helpers/pve-enable-lxc-docker.sh --output /usr/sbin/pve-enable-lxc-docker && chmod +x /usr/sbin/pve-enable-lxc-docker
pve-enable-lxc-docker container_id

Convert from LVM to ZFS (lvm-2-zfs.sh) run once

Converts the a MDADM BASED LVM into a ZFS raid 1 (mirror)

  • Defaults to mount point: /var/lib/vz
  • Optional: specify the LVM_MOUNT_POINT ( ./lvm-2-zfs.sh LVM_MOUNT_POINT )
  • Creates the following storage/rpools
  • zfsbackup (rpool/backup)
  • zfsvmdata (rpool/vmdata)
  • /var/lib/vz/tmp_backup (rpool/tmp_backup)
  • Will automatically detect the required raid level and optimise.
  • 1 Drive = zfs
  • 2 Drives = mirror
  • 3-5 Drives = raidz-1
  • 6-11 Drives = raidz-2
  • 11+ Drives = raidz-3

NOTE: WILL DESTROY ALL DATA ON LVM_MOUNT_POINT

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/zfs/lvm-2-zfs.sh -c -O lvm-2-zfs.sh && chmod +x lvm-2-zfs.sh
./lvm-2-zfs.sh

Create ZFS from devices (createzfs.sh) optional

Creates a zfs pool from specified devices

  • Will automatically detect the required raid level and optimise
  • 1 Drive = zfs (single)
  • 2 Drives = mirror (raid1)
  • 3-5 Drives = raidz-1 (raid5)
  • 6-11 Drives = raidz-2 (raid6)
  • 11+ Drives = raidz-3 (raid7)

NOTE: WILL DESTROY ALL DATA ON SPECIFIED DEVICES

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/zfs/createzfs.sh -c -O createzfs.sh && chmod +x createzfs.sh
./createzfs.sh poolname /dev/device1 /dev/device2

Create ZFS cache and slog from /xshok/zfs-cache and /xshok/zfs-slog partitions and adds them to a zpool (xshok_slog_cache-2-zfs.sh) optional

Creates a zfs pool from specified devices

  • Will automatically mirror the slog and stripe the cache if there are multiple drives

NOTE: WILL DESTROY ALL DATA ON SPECIFIED PARTITIONS

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/zfs/xshok_slog_cache-2-zfs.sh -c -O xshok_slog_cache-2-zfs.sh && chmod +x xshok_slog_cache-2-zfs.sh
./xshok_slog_cache-2-zfs.sh poolname

CREATES A ROUTED vmbr0 AND NAT vmbr1 NETWORK CONFIGURATION FOR PROXMOX (network-configure.sh) run once

Autodetects the correct settings (interface, gatewat, netmask, etc) Supports IPv4 and IPv6, Private Network uses 10.10.10.1/24 Also installs and properly configures the isc-dhcp-server to allow for DHCP on the vmbr1 (NAT) ROUTED (vmbr0): All traffic is routed via the main IP address and uses the MAC address of the physical interface. VM's can have multiple IP addresses and they do NOT require a MAC to be set for the IP via service provider

NAT (vmbr1): Allows a VM to have internet connectivity without requiring its own IP address Assignes 10.10.10.100 - 10.10.10.200 via DHCP

Public IP's can be assigned via DHCP, adding a host define to the /etc/dhcp/hosts.public file

Tested on OVH and Hetzner based servers

ALSO CREATES A NAT Private Network as vmbr1

NOTE: WILL OVERWRITE /etc/network/interfaces A backup will be created as /etc/network/interfaces.timestamp

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/networking/network-configure.sh -c -O network-configure.sh && chmod +x network-configure.sh
./network-configure.sh && rm network-configure.sh

Creates default routes to allow for extra ip ranges to be used (network-addiprange.sh) optional

If no interface is specified the default gateway interface will be detected and used.

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/networking/network-addiprange.sh -c -O network-addiprange.sh && chmod +x network-addiprange.sh
./network-addiprange.sh ip.xx.xx.xx/cidr interface_optional

Create Private mesh vpn/network (tincvpn.sh)

tinc private mesh vpn/network which supports multicast, ideal for private cluster communication

wget https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/networking/tincvpn.sh -c -O tincvpn.sh && chmod +x tincvpn.sh
./tincvpn.sh -h

Example for 3 node Cluster

cat /etc/hosts

global ips for tinc servers

11.11.11.11 host1

22.22.22.22 host2

33.33.33.33 host3

First Host (hostname: host1)

bash tincvpn.sh -i 1 -c host2

Second Host (hostname: host2)

bash tincvpn.sh -i 2 -c host3

Third Host (hostname: host3)

bash tincvpn.sh -i 3 -c host1

NOTES

Alpine Linux KVM / Qemu Agent Client Fix

Run the following on the guest alpine linux

apk update && apk add qemu-guest-agent acpi
echo 'GA_PATH="/dev/vport2p1"' >> /etc/conf.d/qemu-guest-agent
rc-update add qemu-guest-agent default
rc-update add acpid default
/etc/init.d/qemu-guest-agent restart

Proxmox ACME / Letsencrypt

Run the following on the proxmox server, ensure you have a valid DNS for the server which resolves

pvenode acme account register default [email protected]
pvenode config set --acme domains=example.invalid
pvenode acme cert order

ZFS Snapshot Usage

# list all snapshots
zfs list -t snapshot
# create a pre-rollback snapshot
zfs-auto-snapshot --verbose --label=prerollback -r //
# rollback to a specific snapshot
zfs rollback <snapshotname>

More Repositories

1

clamav-unofficial-sigs

ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com
Shell
494
star
2

spamassassin-extremeshok_fromreplyto

Configures spamassassin to score mails with various rules against the reply-to, from and to headers.
Raku
41
star
3

xshok-docker

Scripts for working with docker
Shell
26
star
4

docker-webserver

Our optimized production web-server setup based on docker + openlitespeed + PHP 7.4 + letsencrypt ssl + mariadb(mysql) + redis + memcached
Shell
22
star
5

fail2ban-remove-ban

Remove Ban / Unban an IP from all Fail2ban Jails
Shell
15
star
6

docker-openlitespeed-php

# eXtremeSHOK.com Docker OpenLiteSpeed with php
Shell
15
star
7

docker-geoip

Automatically fetch and update geoip databases
Shell
12
star
8

docker-deepguard

camera monitoring and alerts using deepstack
Shell
10
star
9

docker-elasticsearch-elasticpress

optimised for elasticsearch server for wordpress elasticpress plugin
Dockerfile
8
star
10

docker-unbound

unbound caching dns
Shell
8
star
11

docker-openlitespeed

eXtremeSHOK.com Docker OpenLiteSpeed with mod_security and pagespeed on Ubuntu
Shell
7
star
12

dovecot-maildir-compression

Compress existing emails in a maildir, for use with dovecot zlib
Shell
7
star
13

docker-acme-http2https

letsencrypt support and automatically redirect all http traffic to https
Shell
7
star
14

docker-nginx

Custom Nginx Built following the official nginx Debian Stretch Docker
Dockerfile
7
star
15

geoip-update

The geoip-update script provides a simple and efficient way to update and download the latest geoip datatabases
Shell
6
star
16

docker-elasticsearch-owncloud

optimised elasticsearch server for owncloud plugin
Shell
5
star
17

docker-nginx-pagespeed

alpine nginx pagespeed
Shell
5
star
18

docker-xmysql-https-auth

xmysql with https and auth via apikey and/or htpasswd and/or ip
Shell
5
star
19

postpals

Postpals is a simple policy daemon for Postfix. It maintains a database of outgoing mail, specifically recipients and relays associated to them.
Perl
5
star
20

mailpiler-recovery

Public Information for the commercial / non-free eXtremeSHOK.com Piler / Mailpiler Archive Recovery
4
star
21

docker-nginx-https-proxy

nginx based https proxy
Shell
4
star
22

denyhosts-remove-ban

Denyhosts IP Remove Ban / Unban Script
Shell
4
star
23

xshok_raspberry-pi_sysinfo_script

Fork of the Raspberry Pi Sysinfo Script originally by derkev.in
PHP
4
star
24

cups_windows_print_driver

CUPS_windows_print_drivers
3
star
25

docker-php-ubuntu

eXtremeSHOK.com Docker PHP-FPM on Ubuntu Linux
PHP
3
star
26

automated-bayesian-training

Shell
3
star
27

monit-init

service / init scripts for monit
3
star
28

docker-baseimage-alpine

extremeshok docker baseimage alpine
Shell
3
star
29

unraid-repository

unRAID app and plugin repository for community applications app store
3
star
30

xshok-raspberry-pi

2
star
31

docker-php

eXtremeSHOK.com Docker PHP-FPM on Alpine Linux
PHP
2
star
32

docker-clamav-unofficial-sigs

docker version of clamav-unofficial-sigs
2
star
33

docker-clamav

clamav with freshclam
Dockerfile
2
star
34

docker-rsyncd

rsync server with chroot
Shell
2
star
35

ovh-cloud-alphinelinux

Rescue mode alphinelinux installer for ovh cloud hosted servers (VM)
Shell
2
star
36

powerdns-to-gdnsd

Imports all domains/zones from PowerDNS and generates gdnsd zone files
Shell
2
star
37

docker-powerdns-slave

powerdns slave server
Shell
2
star
38

docker-hbmonitoring

centos6 docker container providing HBmonitoring
Shell
1
star
39

docker-legacy-apache-php-53

apahe mod php 5.3 with geoip, memcached, mysql, sqlite, imagick, gnutls to allow a legacy web app to run
Dockerfile
1
star
40

xshok-countdown

A graphical countdown timer which can be used for a conference, accepts keyboard input to notify a speaker how long is remaining.
Python
1
star
41

clamav-sample-db

used for travis-ci testing, as there is a bug with git-lfs
1
star
42

docker-legacy-phpfpm-56

php-fpm 5.6 with geoip, redis, memcached, mysql, sqlite, composer, imagick to allow a legacy web app to run
Dockerfile
1
star
43

solr-dovecot2

fts-solr schema.xml for solar 4.10 and dovecot 2
1
star
44

xshok-directadmin

eXtremeSHOK.com DirectAdmin deploy and post install scripts
1
star
45

docker-server-redirector

Listens and redirects a list of ports to a specific IP, used for server migrations until DNS provisions
Dockerfile
1
star