Virtual Machines

From Sea of Fate
Jump to navigationJump to search

Introduction

There will be a variety of Virtual Machines contained within the Home Lab. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.

Virtual Machine Installation & Configuration Notes

Qemu Agent Install

All VMs should have the qemu guest installed even server installs, it will allow the guest VM to communicate with Proxmox and give better options from the Proxmox . For Debian / Ubuntu type. 

sudo apt update && install qemu-guest-agent

For Windows VMs there is a cd that can be referenced when defining the VM. On the OS page as soon as the Guest OS "Microsoft Windows" is selected a tick box, with the title "Add additional drive for VirtIO Drivers" appears. When selected find an ISO image "Virtio-win.iso". If it is not available it can be added to the ISO library on Proxmox by downloading it from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso or https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso.

Virtual Machines

A fairly high level description of each of the VMs in use in the Home Lab.

Template Virtual Machines

Future Virtual machines will be based on the Debian 13.3 template further details can be found here.

Firewall

Pfsense

The firewall and gateway to the whole of the Home Lab. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the Pfsense firewall can be found here.

MGT VLAN

Management kiosk

A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive we have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of 192.168.99.20.

CA Server

I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24.

Infra Vlan

Nameserver

There is only one nameserver at the moment called ns1 Infra.11. It is the only host on the Infra VLAN.

The update to this that NS1 was replaced by a container called ctns1. The container is lighter and faster to start/stop than a VM but the DNSMasq functions the same while consuming less resources.

Prometheus & Grafana

Two more hosts were created in the Infra network ( Pineapple and Granadilla ) to handle monitoring of the whole of the Pear network. probably overkill for a small virtual network but now it is done it does make seeing what is going on a bit easier. Further details of how the Prometheus & Grafana work can be found here.

Update Pineapple and Granadilla are to decommissioned and replaced with the Unified Monitoring Stack on Mango Pineapple and Granadilla notes pages will remain for reference but the Mango build notes will be more relevant in the evolving homelab

Victoria Metrics

Since Prometheus & Grafana have already been installed it seemed only logical that pear should have some historical context so Victoria Metrics has been installed on a host imaginatively, named Victoria, maybe it should be Victoria plum but Plum already exists.

Update Victoria is to be decommissioned and is being replaced by the Unified Monitoring Stack on Mango and it will also replace Pineapple and Granadilla at the same time the old pages will remain in place for reference but we assume that Unified Monitoring Stack notes will be more relevant to our Home Lab. We will also have a new dashboard setup that will take on some of the monitoring roles and be able to control the operational components of the Home Lab

VPNNet VLAN

VPNserver

There is a VPN server called vanilla on VPNnet. It controls VPN access to the rest of the network using Wireguard, the community edition so it has no support but it is free. More details can be found here.

Terminals

Remote Access Terminal

There will be three VMs setup on terminals VLAN with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other two will be Windows 11 Pro with a hostname Wahoo and Walnut. More details can be found here.

Prodution

Reverse Proxy

The Reverse proxy Ngnix install is hosted on Raisin production.9. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers. The Update for this is that we are now using a origin SSL cert from CloudFlare and it is working well, the only downside is that the origin certs are not public so they will give warnings in the browser if we access any website directly, not through WWW & CloudFlare, although it will not affect any external connections because they will always have the CloudFlare DNS proxy.

Webservers

There will be at least three webservers, One hosting www.seaoffate.net, another hosting plum.seaoffate.net and another hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role. The updated webserver list has :-

  • Plum is still hosting photo.seaoffate.net using Piwigo
  • Fig is hosting files.seaoffate.net using NextCloud
  • Logan is hosting wiki.seaoffate.net using MediaWiki
  • Lime is hosting www.seaoffate.net using Joomla (in addition Postfix is also installed here so that the various CMS can send emails through Breva)
  • Satsuma is the Upload server but will have a control type of Web Gui probably under the name of satsuma.

Anything else will be added as required

Update Logan and Lime have both been retired. Their webservers have become Vhosts of Plum and Postfix has been moved to Plum

File server

There is a file server called fig at Production.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. The plan for this host has changed and now it has NextCloud installed. Maybe OwnCloud would be better or maybe it does not make any difference. NextCloud is a bit like DropBox but is locally hosted and it has a few more options that have not been fully explored yet. For the moment it is under evaluation until it's usefulness has been decided, It is free so there is no need to do anything about it yet.

MySQL Server

Manderin at Production.8 is hosting the MySQL Databases. I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.

UpLoad Server

There is an server especially set for SFTP and SMB serving. It will be on Production.25. It will have a large HD that will be used to import and export all pictures from the network.

Backup Server

We will have a dedicated backup server, Strawberry, that will share files with other servers like the Plum (Photo) server by NFS. It will mostly do not too much except monitor the files for others. If it looks like NFS is creating too much of a bottleneck we can look at storing photos directly on Plum and grabbing them periodically to upload. i will be doin just that so this note will change when i have reconfigured the Plum (Photo) and this server Strawberry.

Linux Docker And GPU Passthrough

Now that Nvidia drivers for Linux appear to be working the GPU is now passed through to a Linux server VM, hostname quince. To make the best use of the GPU Quince has docker containers for Jellyfin and Ollama. Other VMs will be setup to host other docker containers that do not need or benefit from the GPU. More details acn be found Here .

General Docker Hosts

There are some other much more general docker applications that are not very computationally intensive as the AI apps are but they are arguably more useful as information retrieval. To avoid having all of the docker containers in one place we have decided to have some of the data archival containers on Blackberry on Pear and some on Tayberry on Kiwi, although Kiwi is a smaller and less capable host it has still got large storage pool and enough compute to solve a wide variety of puzzles at present the main application for Kiwi is to host the OpenAlex index through Tayberry's docker.

Future VMs

I may well setup a streaming server with some sort of NFS RO share from the file server.

Installation Scripts

We are creating several scripts to speed up the installation of the VMs. some are long and major time savers and some are not much more than one or two lines.

Webserver Setup Scripts

Some Apache and Gninx scrips to speed up creation and deployment of Webservers. The actual scripts are here

To help with installing the various packages for webservers we have a simple script to call apt to install them all. We have a copy in my Templates dir on lemon as we will need to copy it to the new webserver. After it is copied to the target webserver we call the script with ./lamp_client_install.sh

Once Apache and it supporting packages are done we will need to create the config files. We will need 6 configs created.

  • hostname.seaoffate.local as http
  • hostname.seaoffate.local as https
  • purpose.seaoffate.local as http
  • purpose.seaoffate.local as https
  • purpose.seaoffate.net as http
  • purpose.seaoffate.net as https

The file will be stored in the Templates dir on nigel login on lemon Although there are six websites they all will serve from the same docroot. we will get one of the names from the hostname of the VM and the other will be the parameter in the call. 

./apache_config.sh purpose

purpose will be what the reason for having the webserver eg wiki or photo. We do not need the .seaofffate.local or .net as that is assumed

Add site to Nginx This will take two parameters the first is the website name and the second is the IP address 

website_fwd_config.sh websitename x.x.x.x

There is no need to add seaoffate.local or .net. this script will create four configs.

  • sitename.seaoffate.local as http
  • sitename.seaoffate.local as https
  • sitename.seaoffate.net as http
  • sitename.seaoffate.net as https

It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. Note we will have to do this for a hostname and the purpose as the hostname will not be known here eg run once for photo and once more for plum.

We all make mistakes and we have to recover. This script will remove mistakes created by the website_fwd_config.sh above call it with 

./remove_nginx_website.sh sitename

sitename is the site that needs to be removed, only the host potion needs to be supplied do not put in the .seaoffate.let or .seaoffate.local because it will remove all four configs(.local & .net and http ang https). All four website configs created above will be removed from /etc/nginx/sites-available & sites.enabled.



Add a Hostname & IP Address to DNSmsaq

There is a script that can be run to add a dns record to dnsmasq 

sudo ./add_dns_record.sh <hostname> <ip_address>

It will have two parameters one for hostname and the other for the IP Address of the host we would be dealing with. The script can be found here


As a quick check to make sure dns looks right there is a quick list of all dns entries called with 

sudo ./list_dns_entries.sh

The third thing we will want to do from time to time is to delete a record. Call this with the hostname of the dns entry that is to be removed 

sudo ./delete_dns_record.sh hostname

hostname can be either FQDN or just the hostname.



Retrieved from "https://wiki.seaoffate.net/index.php?title=Virtual_Machines&oldid=1280"