分类 › 交流 › 最近看到论坛送甲骨文nat小鸡，分享个甲骨文ARM安装PVE开独立IP小鸡一条龙教程

啵囝 发表于 2023-7-5 10:02:16

最近看到论坛送甲骨文nat小鸡，分享个甲骨文ARM安装PVE开独立IP小鸡一条龙教程

最终效果可以在ARM机器上开两台拥有独立IP的CT容器(可以当做linux小鸡用)
为什么只能开两台？这是甲骨文的限制，一台机器只能拥有两个临时公网地址和一个预留公网地址
成果如图
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fad4d2e2f-8d78-4bf0-bd05-3a2668062bb0%2FUntitled.png?table=block&id=0e6c9baf-3f83-45dc-b7dd-02652adf13ab

CT100 NAT IP

https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fa4f0435b-451d-4e30-9f16-2f31bc6da2c9%2FUntitled.png?table=block&id=9081e77c-9bef-4de9-9a23-aea034f1fc26

CT101 临时公网地址

https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F78897592-b01b-41db-8cfc-5110f0f4800f%2FUntitled.png?table=block&id=a7080c54-b856-4bb5-b444-1a238b69fb23

CT102 预留公网地址

Netboot纯净安装debian
1.首先SSH登录上去，在/boot/efi/EFI目录下下载https://boot.netboot.xyz/ipxe/netboot.xyz-arm64.efi
2.登录甲骨文后台，在控制台连接启动Cloud Shell连接
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fcc16a9e0-21c9-4ef2-96ff-88643290bcca%2FUntitled.png?table=block&id=d90a3d09-9721-4906-852e-104ff83aa5cd

3.强制重启机器，然后在cloud shell狂按ESC，进入这样一个简易BIOS界面
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F16d7f1de-c8d3-4005-a22b-332b4688e347%2FUntitled.png?table=block&id=9f6f4394-8aef-4eae-a79b-bd37d4290ced
选择Boot Maintenance Manager - Boot From File - 选择硬盘 - EFI - netboot.xyz-arm64.efi 启动到netboot，然后在线安装debian，这里不过多赘述


在DEBIAN上安装PVE先配置下网络

ip a #查看IP，我这里是10.0.0.118
nano /etc/network/interfacesiface enp0s3 inet static
      address 10.0.0.118
      netmask 255.255.255.0
      gateway 10.0.0.1改成这样就行，将原来的DHCP改为静态
然后修改/etc/hosts，添加一行
公网IP 主机名.proxmox.com 主机名我这里主机名是arm，所以这样改

146.56.111.111arm.proxmox.com arm然后将其他的删掉，只留下127.0.0.1 localhost和新加的这一条，不然安装会报错！

重启一次
修改软件源，并安装pimox7，下面命令均在root用户下执行
apt install gnupg curl zfsutils-linux -y

rm /etc/apt/sources.list.d/*.list
rm /etc/apt/sources.list

echo "# Raspberry Pi Bullseye Repoo
deb http://archive.raspberrypi.org/debian/ bullseye main

# Pimox7 Repo
deb https://raw.githubusercontent.com/pimox/pimox7/master/ dev/

# Debian Rep0
deb http://deb.debian.org/debian bullseye main contrib non-free

# Security Updated
deb http://security.debian.org/debian-security bullseye-security main contrib non-free" > /etc/apt/sources.list

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 82B129927FA3303E
curl https://raw.githubusercontent.com/pimox/pimox7/master/KEY.gpg | apt-key add -
apt update
apt upgrade -y
apt install proxmox-ve -y安装过程中会有弹窗，默认选项即可
重启，然后就可以打开pve web后台试试了 https://ip:8006
不出意外就已经可以打开了，使用root账号密码登录

修复AppArmor现在的PVE还不能正常使用，开CT容器会报AppArmor错误，开机时候在vnc也能看到这个报错
编译安装AppArmor
apt install git bison flex autoconf libtool swig gettext python3 python3-dev python3-pip -y
git clone https://gitlab.com/apparmor/apparmor.git
cd apparmor
export PYTHONPATH=$(realpath libraries/libapparmor/swig/python)
export PYTHON=/usr/bin/python3
export PYTHON_VERSION=3
export PYTHON_VERSIONS=python3
cd ./libraries/libapparmor
./autogen.sh
./configure --prefix=/usr --with-perl --with-python
make
make install
cd ../../binutils/
make
make install
cd ../parser/
make
make install
cd ../utils/
make
make install

reboot这次启动的时候就已经看不到AppArmor报错了

配置网桥用于NAT修改 /etc/network/interfaces
创建vmbr0网桥并配置NAT
auto enp0s3
iface enp0s3 inet static
      address 10.0.0.118
      netmask 255.255.255.0
      gateway 10.0.0.1


auto vmbr0
iface vmbr0 inet static
      address 192.168.1.1
      netmask 255.255.255.0
      bridge_ports none
      bridge_stp off
      bridge_fd 0
      post-up echo 1 > /proc/sys/net/ipv4/ip_forward
      post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o enp0s3 -j MASQUERADE
      post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o enp0s3 -j MASQUERADE重启网络

systemctl restart networking现在就可以先去试试开nat的小鸡了

创建NAT CT容器前往https://uk.lxd.images.canonical.com/images/下载ARM64镜像，官方镜像为x86无法使用，下载文件名rootfs.tar.xz的
我这里下载的是debian镜像，镜像链接https://uk.lxd.images.canonical.com/images/debian/bullseye/arm64/cloud/20230310_05:25/rootfs.tar.xz
这个链接过两天估计就没用了
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fe0cfbfe9-a918-4785-a257-76e9fdefd804%2FUntitled.png?table=block&id=f108efe8-72cc-4c63-b34b-08730505defc

创建CT容器网络配置，桥接vmbr0，IP设置为192.168.1.0/24段的，网关就是上面设置的192.168.1.1

https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F3f48ace9-31ee-46d2-aed3-b3d046750e93%2FUntitled.png?table=block&id=77c4fd01-2d47-4849-901a-f4eeddbea3b5

NAT小鸡测试成功

https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fed3a1271-44e9-4d25-b8f1-78d652686e6f%2FUntitled.png?table=block&id=dfdbea16-e38e-4779-9c73-1c53c3bd76a6

配置独立IP回到vps详情，进入附加的 VNIC，创建VNIC，创建时候选一下默认的虚拟云网络和子网，然后随便起个IP，我这里用的10.0.0.119
勾选分配公共IPV4地址，就会分配临时公网地址了，这里最多只能额外加一个，挺可惜的
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Ffa8c70f6-48d1-4546-a582-de490a8acd57%2FUntitled.png?table=block&id=cf2d4f2d-44f2-45cb-9d9a-d203a6bb9a30
不过还能创建一个预留的，所以一台机器上最多可以有三个独立公网IP，一个被主机用掉，最多还能开两台独立IP小鸡
现在回ssh上看，发现多了两张网卡，我上面加了两个
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fb03d345c-0cac-4136-a834-742d0d2f4007%2FUntitled.png?table=block&id=25563734-74b2-4e09-9dd8-d4b8070cd7d0

修改/etc/network/interfaces，添加下面内容

auto enp1s0
iface enp1s0 inet manual

auto enp2s0
iface enp2s0 inet manual重启网络

systemctl restart networking现在就可以去尝试开独立IP的小鸡了

创建独立IP CT容器创建时网络设置随意，创建好先别开机，直接把网卡删掉
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F4b72b273-6894-4ae9-a890-f6ec40e330f3%2FUntitled.png?table=block&id=705d58f5-b99f-4743-a0dd-c9d6b76085e5

修改CT配置文件，直通网卡
/etc/pve/lxc/101.conf 这里101对应CT ID
lxc.net.0.type: phys
lxc.net.0.link: 新的网卡名
lxc.net.0.ipv4.address: 内网IP/24
lxc.net.0.ipv4.gateway: 10.0.0.1(默认都是这个)
lxc.net.0.flags: up这里的内网可以在这里复制专用IP
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F4f812d3d-7565-41fa-bb57-db6eaafbe628%2FUntitled.png?table=block&id=dc4da022-eab8-4bf8-a40a-9155a67b6402
然后开机，独立IP小鸡测试成功
https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fa5061647-d393-49f8-8073-6cd718906099%2FUntitled.png?table=block&id=f375dd5f-9f61-40ac-a58e-171838cf854a

xiaow 发表于 2023-7-7 09:17:15

支持技术贴

110 发表于 2023-7-7 09:18:16

虽然没看 但是支持一下

查看完整版本: 最近看到论坛送甲骨文nat小鸡，分享个甲骨文ARM安装PVE开独立IP小鸡一条龙教程