One of the benefits of using Proxmox is the ability to perform management functions via a built-in CLI utility. For a recap of this functionality, check out the previous blog post about Increasing Operational Efficiency in Proxmox with PVESH.
Beyond doing normal management activities within Proxmox, this functionality can be leveraged to rapidly deploy virtual machines and their corresponding virtual switches. This allows the administrator to create configurations to represent topologies for testing specific use-cases. Since these configurations can be defined as text, it can be used for rapid deployment via copy/paste into the command line. Also, it can be distributed to others for sharing those topologies.
Planning the Topology
It is beneficial to have a network design on paper prior to creating the configuration files that define the topology. This is useful to prevent mistakes in the configuration file as well as serve as a guideline to make sure the configuration has the intended results. In this particular case, we will be using a simple straight forward topology which is defined in the screenshot below.
Once the design is in place, we can move on to creating the templates.
Templates in Proxmox
Creating templates is one of the most useful features in Proxmox. In a nutshell, it allows you to “copy” a pre-configured VM and generate it into its own instance. The more detailed explanation of this is explained in the following quote:
A template is a fully pre-configured operating system image that can used to deploy KVM virtual machines. Creating a special template is usually preferred over cloning an existing VM.
https://pve.proxmox.com/wiki/VM_Templates_and_Clones
Deploying virtual machines from templates is blazing fast, very comfortable and if you use linked clones you can optimize your storage by using base images and thin-provisioning.
While this article will not dive into the complete details of creating templates, we will cover at a high level the methodology on creating a template for use within the context of this article.
Creating a Template in Proxmox
To create a template in Proxmox, follow the steps below:
1. Within the Proxmox UI, right-click the VM you wish to turn into a template | Select “Convert to Template”
2. Select “Yes” from the “Confirm” dialog box to continue the process to convert the VM to a template
Please note: At this point, you will not be able to start this template like a normal VM and you will need to create a clone of this template as a new VM to use it.
3. Confirm that the VM has been converted by noting the change of the icon as well as an “OK” from the event log status at the bottom
Creating VMs from Templates
To create a VM from a template, follow the steps below:
1. Right-click the template | Select “Clone”
2. In the “Clone VM” dialog box, fill out the applicable fields | Click “Clone”
3. Confirm that the VM was successfully created
While these steps can be completed from the WebGUI, the amount of administrative overhead associated with creating the template, modifying the hardware resources and updating the network connectivity does not scale with large topologies.
To gain efficiencies and rapidly deploy the topology, the pvesh command can be leveraged.
Deploying with PVESH
Once the templates have been created, the PVESH utility can be utilized to quickly generate VMs. To accomplish this, follow the section below:
Creating the VM from Template with PVESH
To streamline the creation of the VMs, two commands are ran. The first is to create the VM from the template.
pvesh create /nodes/pve1/qemu/<id of template>/clone --newid <new id of VM> --name <name of new vm>
The second is to set the hardware parameters on the newly created VM.
pvesh set /nodes/pve1/qemu/<id of VM>/config --net0 virtio,bridge=vmbr1,tag=<vlanid>
Although it is not specifically highlighted, the virtual networking is dictated via the use of the “–net#” command referenced in the command above. This leverages the already created virtual bridges within Proxmox and assigns the corresponding VLAN to those bridges.
Resultant Configurations
The resultant configurations for each of the components are as follows:
Windows1
pvesh create /nodes/pve1/qemu/20000/clone --newid 4000 --name windows1
pvesh set /nodes/pve1/qemu/4000/config --net0 virtio,bridge=vmbr1,tag=310FortiGate1
pvesh create /nodes/pve1/qemu/10000/clone --newid 4001 --name fortigate1
pvesh set /nodes/pve1/qemu/4001/config --net0 virtio,bridge=vmbr1,tag=350 --net1 virtio,bridge=vmbr1,tag=300 --net2 virtio,bridge=vmbr1,tag=310FortiGate2
pvesh create /nodes/pve1/qemu/10000/clone --newid 4002 --name fortigate2
pvesh set /nodes/pve1/qemu/4002/config --net0 virtio,bridge=vmbr1,tag=350 --net1 virtio,bridge=vmbr1,tag=300 --net2 virtio,bridge=vmbr1,tag=320Windows2
pvesh create /nodes/pve1/qemu/20000/clone --newid 4003 --name windows2
pvesh set /nodes/pve1/qemu/4003/config --net0 virtio,bridge=vmbr1,tag=320Results
Once all of the configurations have been generated, they can be pasted in the command line and the topology can be generated quickly.
To show all of the commands in its entirety, I copied the commands into NotePad++.
Prior to pasting the commands via the Proxmox CLI, I confirmed the current topology of VMs within the Proxmox navigation.
Since the topology is defined via text, it can all be pasted at one time and Proxmox will execute those commands via the pvesh utility.
After pasting these commands into the Proxmox CLI, the new topology of VMs can be confirmed via the Proxmox GUI:
At this point, the VMs are created but they still need to have configurations applied to them before they can be used. The information in the article about cloud-init can be leveraged to apply a zero-touch provisioning of the Fortinet assets within the deployed topology.
I know that this was a lot of information but I hope it proves useful in leveraging Proxmox to quickly stand up topologies for simulation as well as production deployment. Leave a comment below and let me know how the information in this article impacts your operations.
Thanks for this! I’m curious how templating would work with Linux — I use a lot of Ubuntu VMs for various infrastructure and testing things, and join *everything* to Active Directory via SSSD. I’ve been doing this manually every time out of laziness, but I hope this could be done with templates too — have you played with this at all?
Hey JD, First, thanks for coming to my site! As far as your question goes, I have not personally tried to do what you are describing but I have an idea that you can try to automate things going forward. Have you heard of cloud-init before? (For a quick primer on the matter, check out my previous article around cloud-init with FortiGate). In a nutshell, cloud-init is a virtualization feature that allows you to mount a specially crafted iso image (as a CD-ROM drive to your virtual machine) and it execute whatever you tell it to upon first boot of… Read more »