Hi,
During Easter I decided to migrate ProxMox on plain unencrypted disks to IncusOS where the security seems more relevant.
And I failed miserably.
And I honestly don’t know why, which is very frustrating as I have over 30 years with linux/unix experience behind me and I just don’t fail with those things. I am the one to call when you fail. Naturally there is something I have misunderstood, something I oversee or something I just assume wrongly so please help me out here.
Problem has mostly been around Networking. Incus creates a bridge network on an empty network segment. My server has two network interfaces but one of the is a RealTek that needs additional firmware.
I need a bridge on an existing network to add containers accessible from the network and any attempt to make such bridge bricks the server and I have to reinstall.
If I install using a download without any network configuration I will only see the bridge from within Incus. I never see the device and cannot add a second bridge attached to my live network segment. Anny attempts I have made to modify the existing bridge och adding a new one bricks the server.
If I add a network configuration I still cannot add a bridge that does not brick my server. Even if I make it on the second NIC and leave the main NIC available for Inucs to have for management.
Only way I can make the NICs available in Incus is to install Incus on a generic Linux. Then I have problems to attach the exact right storage instead (I only made 2 or 3 attempts on OpenSuse though). Also I don’t get the security I’d like.
I have now reverted to ProxMox on a manually installed Debian with encrypted disks. I still like to know how I should have done this properly and I am willing to give it a new try, I can always swap disks to not destroy my current setup.
My physical network interfaces are enp5s0 and enp6s0f1. enp6s0f1 is the RealTek one.
I have my main network on 192.168.5.1 and the server gets 192.168.5.7/24 on enp5s0 and 192.168.5.6/24 on enp6s0f1.
Id like to install a PiHole on 192.168.5.8/24 as the first important thing but I will install a bunch of other stuff and the PiHole is just the starter.
The network configuration I used when downloading the installation image on my last few attempts was:
interfaces:
- name: "enp5"
hwaddr: "enp5s0"
addresses:
- "dhcp4"
roles:
- "management"
- "cluster"
- "storage"
- name: "enp6"
hwaddr: "enp6s0f1"
addresses:
- "dhcp4"
roles:
- "instances"
If I add a bridge to that network will be bricked.
If I chose to not use this setting I will see the two network interfaces on the server display but NICs will not show from incus webui.
Many people use incus, it cannot be that hard so what am I missing out here?
Thanx, Erik