If you want to learn about Linux, virtual machines, networking, smart home automation or computing in general, you've come to the right place
I provide tutorials that intend to help you whether you're starting from scratch or if you've got stuck
There is so much that IT can do for you and that's what channel is for
If these tutorial videos help you in any way, please consider supporting the channel
Buy Me a Coffee - buymeacoffee.com/dmckone Donate to the channel - paypal.me/DavidMcKone Become a monthly contributor on Patreon - www.patreon.com/dmckone Become a monthly contributor on RU-vid - ru-vid.comJoin
Disclaimer: This channel is for educational purposes only. Examples may have worked at the time of recording but are not guaranteed to work for others. This channel is not responsible for any work carried out or mistakes made by following these examples
Timing - David this dropped at the perfect time - thanks! - I messed up my Ceph and needed to re-install ALL the nodes - 1 by 1 using this method - everything is great again - In my setup - Each node also requires the re-issue of the SSL cert since we're reverse proxying dns with cloudflare - Keep 'em coming matey. PS Open a discord server - your community would enjoy meeting you!
Good to know to the video was helpful I would like to see a cleaner removal method, a bit like removing a Windows computer from a Domain But I have to say, just removing the node and doing a clean rebuild isn't difficult and it doesn't take much time
Unfortunately I don't use Windows or WSL so I don't know I suggest searching Google as I tried myself but I don't know if what I found would be relevant E.g. I came across this github.com/vadimgrn/usbip-win2
Hello what if i have a problem that only one room got created with on ESPresense Salon and second one that i made is bedroom. Second one does not show up in devices
Check MQTT to make sure the espresence base stations are detected If not then check the network settings because if one works, presumably the other is having network or configuration issues If the device is present in HA then you'll want to connect to the terminal to check the beacon is identified when it's close by The room is where an espresence base station is, so make sure each one is configured with the correct room So let's say you configure one to be in salon and another to be in bedroom For this to work, Home Assistant needs rooms creating called salon and bedroom If a beacon is closest to the base station in salon, then Home Assistant will tell you the beacon is in salon So make sure to create rooms in Home Assistant that have the same name as the rooms assigned to the base stations It would be best to make sure these have the case as well, otherwise there might be issues if HA has a room Bedroom but the espresence base device was configured to be in bedroom
Hello sir, I have been able to setup this for my company. I even downloaded kea control agent and setup the lease commands. But I have a doubt.This kea dhcp server has been installed and setup in GCP VM. Will it be able to capture the port 67,68 packets and allocate Ip address to cisco and ciena devices which will send request to the VM IP address through relay. What kind of a interface do I need to use in that kind of situation?
The DHCP server will listen for packets from the local subnet Any devices outside of that will have to rely on a DHCP relay agent in their own subnet Usually that will be handled by the gateway for the subnet e.g. a L3 switch or a firewall Once the relay is configured to send traffic to the IP of the VM, you need to make sure the DHCP server is configured with IP pools for each of those subnets The relay will forward broadcast requests to the VM Once a device has an IP address it will communicate directly with the DHCP server So if you any firewalls in the path, including on the DHCP server itself, make sure all of the subnets have access to the DHCP server
David, Really a good video but then all your videos a have liked a lot. A while back I had built a test cluster on some temporary hardware and I decided to remove one of the nodes. I saw the warning about not rebooting the node that was killed. Since this was all a test I tried it and what a mess. The other two nodes lost their NFS shares and just trying to connect to the GUIs was miserable. I appreciated hearing all the warnings you gave in your video about making sure you are moving forward appropriately. I truly applaud the effort you put in this video. Anyone building a Proxmox cluster that might need to remove or replace a node needs to see this video.
Thanks for the feedback much appreciated I've had comments in the past and this is one of those videos that definitely needed a warning It's not a video you can just follow along and make changes as you go
Im very new to vlans and i had a question, are you connecting the trunk port 8 of your physical switch to the proxmox host network interface and then connecting your ethernet cable to port 1 on your switch?Thanks, Great videos
The Proxmox server's network interface is connected to port 1 of the switch, which is configured as a trunk port My computer is plugged into port 8 of the switch, which is configured as an access port A trunk port is used when traffic in multiple VLANs needs to be sent and received and you control the device that's attached to the port Typically it was used to connect two switches together, but now we have things like hypervisors that need to access to multiple VLANs An access port is for devices that only belong to a single VLAN. There's no need for VLAN tagging between the switch and computer and for security reasons you don't want to allow this otherwise the computer could access VLANs that it shouldn't be allowed in and bypass a firewall for instance
@@TechTutorialsDavidMcKone Thanks for your detailed answer. I also had 2 questions, for your isp ethernet wan connection should you set the port that it binds to to untagged? what if you wanted to have a virtualized firewall for your vlans ? how would you set your lan and wan with only one network interface for the firewall ? Great videos by the way, thanks again.
@Tmacs-yp6vv It depends on the Internet presentation If the ISP gives you a cable you may have to agree to certain VLAN tagging when you configure the switch port it's plugged into In which case your firewall's WAN interface would have to go into the same VLAN as that If you have an Internet router, you can probably put its LAN interface in a VLAN of your own choosing and your firewall WAN interface would go in that. You'd probably then have an untagged access port on the router side and a tagged or untagged port on your side depending on how the firewall/hypervisor is configured. There's no point setting up a trunk interface on a firewall's WAN interface for instance if it's a dedicated physical interface, so it may as well be an untagged access port But I think it's better to have a physical firewall between the Internet and your private network anyway as it gives you a more secure boundary and keeps Internet traffic well away from your internal network and hypervisors Even an ISP router with a basic firewall that blocks all incoming traffic is preferred over connecting a hypervisor directly to the Internet, even if it passes through an interface to the firewall VM When it comes to creating virtual firewalls, you can provide a VM with multiple virtual interfaces, each with different VLAN tags as defined in the hypervisor The firewall then has access to multiple VLANs, even if there is only one physical interface The problem with having one physical NIC though is the bandwidth limit For company networks using 10Gb+ NICs it rarely matters if you carve that up into multiple VLANs But for a small network with a single 1Gb NIC, well it depends If the Internet link is 512Mb then a 1Gb link would cope fine with Internet traffic Even if traffic comes into the interface at 1Gb it can exit at 1GB because of full duplexing However, if there are lots of internal file transfers taking place over different VLANs then things could slow down if there's more than 1Gb trying to be exchanged As a result, those transfers just take longer to complete
Thanks for the sub I've no idea how this thing works anymore Once on you could put in a topic to search videos for and you'd get a list of videos on that topic Now I get a small list about that topic, then suggestions for other things I might like and so on
Great video! I embarked on something similar when I broke up a 6 node cluster into two different clusters, 2 and 4 nodes. Went into it flying blind because yolo and backups I guess! Came out of the other end in one, or actually two pieces and both clusters are doing fine. Keep up the good work!
I quite like these clusters as they're pretty easy to setup and maintain Information does get left behind I see when you start removing things Not a problem I suppose as I have another cluster that had all the servers replaced over a year ago And even though I found details about those older servers, it's just information and the cluster still works fine
Finally a good video on how to remove them. However i have no clue about a "qdevice". Never even heard of it, but i fix my quorum issue by giving my working node 1 more vote in /etc/pve/corsync.conf but once rebuild you have to change it back
I've not long actually had a server failure in my cluster. I was just about to do the re-install of the host (R610, not your fancy R620 :D) and this is exactly the guide i needed to ensure i had thought of everything and could do this properly. So thank you!
Good to know the video was useful Normally I don't upgrade or rebuild servers, I phase them out with newer ones And it's the first time I've done this with SDN involved as it's still quite new, or it least part of the main code So it was interesting to see that although the server was connected to an NFS share, SDN had to be redeployed
Anyone installed Docker on a Windows VM on ProxMox. I need it because older SQL Server won't run on Linux containers. I can't get the Docker service to start on a Windows 2016 VM. Works fine on Debian.
I don't use Windows anymore but I did come across this which may be related stackoverflow.com/questions/40337324/docker-service-wont-start-windows-server-2016
thanks for this , i used another image internetsystemsconsortium/bind9:9.18 before but it's not work can not access to its bash one . But i just accidently saw you on youtube , less code of dockerfile and it's work smoothly . Big thanks form Viet Nam, keep posting videos like this!!!
really great video. Lots of information, well explained and presented. Only the meaning of the variable creation was not clear to me. Why don't you just create the variables in a file without the hassle of putting them together? You don't gain any flexibility that way, or am I missing something here?
For me it's a bit more flexible as I can maintain each VM independently and I don't end up with one big file If I no longer need a VM I can delete its file and next time it won't get added into the master file If everything is in one file I'll have to search for the specific set of information to remove Of course, if I want to add a new VM I just need to add a new file
@@TechTutorialsDavidMcKone thanks for the clarification, i can understand that very well. I simply packed the desired vms into a global variable file. However, I also make my own ansible script for each rollout. What remains is that your video was a great introduction to working with proxmox, thanks again.
Thanks for the feedback, always appreciated It might be a bit too difficult to provide the full YAML file as this is from a lab and things change over time
@@Gr3mlinz I thought you were talking about access to the completed file I have, otherwise I would have mentioned there is a blog with the details for each video www.techtutorials.tv/sections/management-and-monitoring/prometheus-how-to-send-alerts/
Thank you for sharing, David! Best video on the subject I have seen - you explain very well the reasoning behind the choices. One questions I have: why is Proxmox connecting via root? Can I not have proxmox do backups via `proxmox` user for example and not via root? For context: I do other things such as db backups in from my VM to my NAS and there I need to set up the same DB user/group between the NAS and the VM(s) which is a pain, but that's the only way I have found to work so that I don't do each connection via root. Any advice on the subject would be greatly appreciated!
It's running on a Linux system and is run as root because it needs access to everything; Basically, the hypervisor will carve up all the hardware into virtual devices and that needs root access You can create other users and assign them permissions but I'm not seeing on option when attaching an NFS share to define access using a specific user account, in which case each server connects as the root user If you setup a backup job, there isn't an option to define a user there either Instead it relies on the authentication used to setup the storage location For NFS, we're stuck with the root account but with SMB/CIFS you can assign a different user account, which makes sense as Windows doesn't have a root account In which case, maybe SMB/CIFS is a better option for you VM network access tends to be independent of the hypervisor PVE might establish its own NAS storage connections, typically for central storage of VMs for instance, but these storage allocations aren't then referenced from within a VM For example, the servers connect to an NFS share and then the VM hard drives are stored on that share All the VM knows about is it has a hard drive and it can't reference that same NFS share via the hypervisor for its own purposes If a VM needs to access a share on the NAS, it doesn't connect to it via the hypervisor Instead, it makes its own connection to a share on the NAS, even if it's the same one the hypervisor uses Having said that, you could create hard drives on different storage for backup redundancy You could have a primary hard drive stored on the server's local drive and install the OS and applications on that for the VM You could then attach another hard drive to the VM, but one stored on an NFS share for instance Any backup run from within the VM is just from one hard drive to another Although doing a backup to the same location is frowned upon, you could create both hard drives on the same NAS share as typically you're dealing with database recovery most of the time After all, everything on the NAS needs to be backed up to something else locally anyway as well as somewhere remote in case things go wrong, so is there is still redundancy there
Hello! I hope you're doing well. Thanks again for this great series of videos. I was wondering if you were planning to do a similar series in the future on SCALE. The latest version (24.04) in particular is different enough in the UI to be pretty confusing in parts when coming from CORE. For one thing, they've depreciated SMB Home Shares in the latest SCALE, so I'm trying to figure out the correct way to create a dataset for storage of local (to the NAS) home directories. All the guides I've found assume I'm running an Active Directory server. All I'm trying to do is make a home directory for an admin user I've created so that there's a place to upload their public SSH key for key-based authentication, and it's proving to be quite a bugbear. I'm starting to suspect I'm going to have to cave and teach myself what Active Directory is and how to host an AD server ... which feels like complete overkill for this. :P
I've yet to test 24.04 myself I've had a quick look at the documentation and these seem to be still supported www.truenas.com/docs/scale/24.04/scaletutorials/credentials/managelocalusersscale/#configuring-a-user www.truenas.com/docs/scale/24.04/scaletutorials/shares/smb/addsmbhomeshare/ www.truenas.com/docs/scale/24.04/scaletutorials/shares/smb/ Although it mentions AD there's also an option of a local SMB user But maybe the future direction is this Private SMB datasets and shares preset mentioned
Thank you alot for the video. I have been having issues with connecting to my vms while they are on a VLAN. My interface file is practically the same as yours. I’m using a ruckus switch with a laptop hooked up to an untagged vlan 100 port and the proxmox machine is hooked up to a tagged vlan100 port. I’m able to access the web UI for proxmox but I cannot access the console or any of my vms through the UI and I get a temporary failure in name resolution error. Do you have any advice?
A name resolution error refers to a DNS issue You'll need to check if you can connect to the DNS server and make sure it can resolve the name to the correct IP address Since the server is using a tagged VLAN, you'll want to make sure the switch port it uses treats VLAN 100 as a tagged VLAN Ideally you should add another VLAN to the server port, one which won't be used by anything, and assign that as the PVID or untagged VLAN; This way the switch and server are in agreement for tagging the same VLANs Make sure the VMs have a NIC assigned to the appropriate VLAN and the Linux Bridge on the server is configured to be VLAN aware Double check any network changes have been applied to the server If your laptop is on a different VLAN to any of your VMs then it won't have direct access to them While a layer 3 switch or router can be configured to route between different subnets in different VLANs, a firewall is the better option as one of the main reasons for VLANs is to separate your computers
great video! proxmox without automation is indeed treacherous path. After setting up the API credentials, I'm confused on why the user/key is still required on the command line. It throws an error without it but I expected the playbook API info to suffice?
Not sure what you mean But different connections will need to supply the API credentials if you run a playbook for instance it will have to supply them And even if you run the same one again, it will have to supply them again As far as I'm aware there won't be any caching of credentials and every connection will be new, even if it's from the same computer
@@TechTutorialsDavidMcKone sorry about confusion. question was really, if you already have all the API credentials in the playbook, why the need to supply the command line with the user/key info.
@@ChrisValcke If you're running a playbook that knows about the API details or at least knows where to find them, then you won't need to supply them at the command line when you run the playbook
Thanks for the video. For anyone who does work with an (own) root/intermediate CA, it's very simple: on 11:08 where David pastes the server certificate in the lower _'Certificate Chain'_ field, you do the same but also paste your base64 intermediate certificate and root certificate including the _"BEGIN CERTIFICATE"_, _"END CERTIFICATE"_ lines in the same field below the server certificate. So the order would be: server certificate (top), intermediate certificate (middle), root certificate (bottom).
Thanks for sharing I've had to do that in my past and it was never obvious I think there were some systems that asked for the intermediate certificate, but the ones that didn't left you scratching your head
For those struggling with getting their TrueNAS Scale to work with this, you need to go to the share advanced settings and set maproot user and maproot group to "root". Thanks for the video!
The documentation doesnt match the app version. The task argument section is totally different now. You don't put variables in json anymore. Im still not clear what the extra args should look like, is force_reboot=yes valid format?
Help: I get the following error code: Internal Server Error The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application. Do I need to install something in proxmox?
It doesn't need additional software installing as the exporter connects to the API It would be worth checking the logs on Proxmox VE server as well as Prometheus to try and locate the cause as the error is too vague Check resource utilisation as well in case there isn't enough CPU, RAM, etc.
It should be possible as the backup files aren't owned by one particular server Make sure when attaching the share to the new server though that it can be used for backup files if you want to restore via the GUI
This guide did not work for me until I added "network_mode: host" to my docker-compose.yml. Otherwise it would not connect. I believe Docker's localhost does not connect to the actual host's localhost unless you do this. Anyone else have the same issue? I'd suggest adding this to the web guide and maybe doing an update video with this and the other pve.yml location change.
Thank you very much for the video. I'm not familiar with network and I was always afraid to activate the firewall in proxmox. I just started and thanks to you, it went well.
Good to know the video was helpful It's a very useful firewall to have as you can protect your VMs from other devices in the same network as the main firewall can't do anything about that type of traffic And you don't need to install additional software either :)
David - awesome guide thank you! I have a question. In prometheus.yml you have defined 3 targets - but you are running as a cluster, my servers are individual. Is that mean we would have to create new user for each pve? If yes what about api - which would be unique for each pve. How would we adjust pve.yml to have more tokens?
secure (thanks for using "bind" user) and easy to follow vid. Everything worked as expected however that "rndc reload" isn't really updating my zone file (i also update the serial number). I still get old entry when looking up. "docker restart <container>" this works but what's up with "rndc reload"?
That's strange I've just created a new A record and rndc reload is working fine But are you editing an existing entry? If so it's possible you're running into a caching problem The client computer will cache a DNS lookup, so even if you update the DNS server, the client will use what's in it's own cache until it times out after maybe 24 hours Likewise, the DNS server will cache DNS lookups until the TTL expires, but a container restart probably wipes that out, forcing it to read from the database file again
rndc reload shows the same output server reload successful. But when viewing in the /etc/bind/db.<domain>, it doesn't show new A record so obviously when exiting from the container and using host command shows "Host <hostname> not found: 3(NXDOMAIN)
@@pursue_eternity That's odd because the file on the host should be the same one that the container uses So when you update the file on the host, the container should be updated What the rndc reload command does is to get bind9 to read the config file into memory again What OS are you running Docker on? I've got a VM running Debian 12.6 and that works
@@pursue_eternity Very odd that. It sounds like quite a rabbit hole. I was just reading about files not being updated due to a bug in Docker, but that thread is quite old. Also there can be situations where if you mount a single file it may not get synched so a directory mount can be better. Fortunately, a container restart resolves these
Hi David, thanks for the tutortials on monitoring. They are the best and most clear of all those I have watched and have gotten me set up on the first try. I am curious though, when running with a Proxmox cluster, how can we get the dashboard to better reflect the actual cluster stats i.e. the total amount of RAM. Instead of just showing the RAM of one node to show the total of all 3 nodes together. Or is it possible to show each node individually on a separate per-node dashboard?
I haven't customised the dashboard beyond the basics as I rely more on alerts If you look into the metrics provided you might find information there Though you could open multiple tabs I suppose for Grafana and select different nodes in each
