Mastodon Mastodon Mastodon Systeemkabouter blog archive – Preparing new rackserver setup with proxmox + opnsense + openbsd

Preparing new rackserver setup with proxmox + opnsense + openbsd

Posted on zo 14 november 2021 in servers

Physical server

Just for fun and for profit I'm preparing a new physical setup to be deployed in some rack not to far from my home. The first step was selecting hardware. I still have a Proliant ML350 on the attic, but figured it was too big to actually deploy for fun. Looking at some second hand site I quickly found an affordable DL360 G8 1U server. It came with a single six core CPU, 44 GB RAM and 1 TB of RAID5 protected SAS storage. Should be plenty enough.

Proliant DL360 with APU2 on top larger version

Host operating system

At first I was considering an Ubuntu / KVM based setup, as Ubuntu supports live kernel patching. But running multiple virtual machines this way is quite complex. Running something like ESXi or XCP-NG is a lot simpler. Then within a day or two I got two recommendations for proxmox. So I figured it was something worth checking out.

The proxmox install itself is really easy and polished. After that it was quite easy to find my own around the webUI. As it looks nice and feature rich enough for my needs, I figured I'll stick with it.

Proxmox with OpenBSD VM console screenshot

Remote management

Most or all proliant servers come with a remote management card. The machine I have lacks the license for the 'advanced' features, something that I will address in the future. But to securely expose this interface, I needed more hardware. A small APU2 device was added to allow secure remote management

Firewall setup using Opnsense / APU2

The APU2 has three ethernet ports. One will be the uplink to the big bad Internet. The second one will handle server traffic, whilst the third one will be connected to the Prioliant ILO / out of band management card.

The firewall is configured as a VPN server, that allows me to connect to all devices securely using a management VPN setup.

Services to the outside world hosted on OpenBSD

At first I considered running OpenBSD as host operating system and use OpenBSD virtualisation. But I learned that the OpenBSD does not support SMP in virtual machines just yet. So I went for something Linux/KVM based. But I'm planning on running multiple OpenBSD virtual machines to run stuff such as haproxy and other services that will be exposed to the outside world.

Layout diagram

It's that simple :-)

Layout diagram

This is a work in progress. Next weekend I will be configuring the OpenBSD virtual machines and label the physical devices/cabling.