The original post: /r/selfhosted by /u/esiy0676 on 2025-03-14 01:52:16.
TL;DR Build a live system that boots the same kernel and provides necessary compatible tooling as a regular install - with a compact footprint. Use it as a rescue system, custom installer springboard and much more - including running full PVE node disk-less.
ORIGINAL POST Proxmox VE Live System build
While there are official ISO installers available for Proxmox products, most notably Proxmox Virtual Environment,^ they are impractically bulky and rigid solutions. There is something missing within the ecosystem - options such as those provided by Debian - a network install^ or better yet, a live installer.^ Whilst Debian can be used instead to further install PVE,^ it is useful only to a point until the custom Proxmox kernel (i.e. customised Ubuntu kernel, but with own flavour of ZFS support) is needed during early stages of the installation. Moreover, Debian system is certainly NOT entirely suitable for Proxmox rescue scenarios. Finally, there really is no official headless approach to go about deploying, fixing or even just e.g. running an offline backup and restore of a complete Proxmox system.
Live system
A system that can boot standalone off a medium without relying on its files being modifiable and in fact which will reliably run again from the same initial state upon a reboot without having persisted any changes from any prior boot is what underpins a typical installer - they are live systems of its own. While it certainly is convenient that installation media can facilitate setting up a full system on a target host, the installer itself is just additional software bundled with the live system. Many distributions provide so-called live environment which takes the concept further and allow for testing out the full-fledged system off the installation medium before any actual installation on the target host whatsoever. Either way, live systems also make for great rescue systems. This is especially convenient with network booted ones, such as via iPXE,^ but they can be old-fashioned built into an ISO image and e.g. virtually mounted over out-of-band (OOB) management.
System build
Without further ado, we will build a minimal Debian system (i.e. as is the case with the actual Proxmox VE), which we will equip with Proxmox-built kernel from their own repositories. We also preset the freely available Proxmox repositories into the system, so that all other Proxmox packages are available to us out of the box from the get go. Finally, we set up ordinary (sudoer) user account of pvelive, networking with DHCP client and SSH server - so that right upon boot, the system can be remotely logged into.
TIP This might be a great opportunity to consider additional SSH configuration for purely key-based access, especially one that will fit into wider SSH Public Key Infrastructure setup.
We do not need much work for all this, as Debian provides all the necessary tooling: debootstrap^ to obtain the base system packages, chroot^ to perform additional configuration within, squashfs^ to create live filesystem and live-boot package^ to give us good live system support, especially with the initramfs^ generation. We will toss in some rudimentary configuration and hint announcements pre- and post-login (MOTD) - /etc/issue^ and /etc/motd^ - as well for any unsuspecting user.
Any Debian-like environment will reliably do for all this.
STAGE=~/pvelive
DEBIAN=bookworm
MIRROR=http://ftp.us.debian.org/debian/
CAPTION="PVE LIVE System - free-pmx.pages.dev"
apt install -y debootstrap squashfs-tools
mkdir -p $STAGE/medium/live
debootstrap --variant=minbase $DEBIAN $STAGE/rootfs $MIRROR
cat > $STAGE/rootfs/etc/default/locale <<< "LANG=C"
cat > $STAGE/rootfs/etc/hostname <<< "pvelive"
cat > $STAGE/rootfs/etc/hosts << EOF
127.0.0.1 localhost
127.0.1.1 pvelive
EOF
cat > $STAGE/rootfs/etc/issue << EOF
$CAPTION - \l
DEFAULT LOGIN / PASSWORD: pvelive / pvelive
IP ADDRESS: \4
SSH server available.
EOF
cat > $STAGE/rootfs/etc/motd << EOF
ROOT SHELL
sudo -i
EXTRA TOOLS
apt install gdisk lvm2 zfsutils-linux iputils-ping curl [...]
SEE ALSO
https://free-pmx.pages.dev/
https://github.com/free-pmx/
EOF
wget https://enterprise.proxmox.com/debian/proxmox-release-$DEBIAN.gpg -O $STAGE/rootfs/etc/apt/trusted.gpg.d/proxmox-release-$DEBIAN.gpg
cat > $STAGE/rootfs/etc/apt/sources.list.d/pve.list << EOF
deb http://download.proxmox.com/debian/pve $DEBIAN pve-no-subscription
EOF
for i in /dev/pts /proc ; do mount --bind $i $STAGE/rootfs$i; done
chroot $STAGE/rootfs << EOF
unset HISTFILE
export DEBIAN_FRONTEND="noninteractive" LC_ALL="C" LANG="C"
apt update
apt install -y --no-install-recommends proxmox-default-kernel live-boot systemd-sysv zstd ifupdown2 isc-dhcp-client openssh-server sudo bash-completion less nano wget
apt clean
useradd pvelive -G sudo -m -s /bin/bash
chpasswd <<< "pvelive:pvelive"
EOF
for i in /dev/pts /proc ; do umount $STAGE/rootfs$i; done
mksquashfs $STAGE/rootfs $STAGE/medium/live/filesystem.squashfs -noappend -e boot
TIP If you wish to watch each command and respective outputs, you may use
set -xandset +xbefore and after (respectively).^ Of course, the entire script can be put into a separate file prepended with^ and thus run via a single command.
Do note that within the chroot enviroment, we really only went as far as adding up very few rudimentary tools - beyond what alredy came with the debootstrap --variant=minbase run already - most of what we might need - and in fact some could have been trimmed down further yet. You are at liberty to add in whatever you wish here, but for the sake of simplicity, we only want a good base system.
Good to go
At this point, we have everything needed:
- kernel in
rootfs/boot/vmlinuz*and initramfs inrootfs/boot/initrd.img*– making up around 100M payload; - and the entire live filesystem in
medium/live/filesystem.squashfs– under 500M in size.
TIP If you are used to network boot Linux images, the only thing extra for this system is to make use of
boot=livekernel line parameter andfetch=pointing to the live filesystem^ - and your system will boot disk-less over the network.
Now if you are more conservative, this might not feel like just enough yet and you would want to bundle this all together into a bootable image still.
Live ISO image for EFI systems
Most of this is rather bland and for the sake of simplicity, we only cater for modern EFI systems. Notably we will embed GRUB configuration file into standalone binary which will be populated onto encapsulated EFI system partition.
Details of GRUB can be best consulted in its extended manual.^ The ISO creation tool xorisso with all its options is its own animal yet,^ complicated by the fact it is run with -as mkisofs emulation mode of the original tool and intricacies of which are out of scope here.
TIP If you wish to create more support-rich image, such as the one that e.g. Debian ships, you may wish to check content of such ISO and adapt accordingly. The generation flags Debian is using can be found within their official ISO image in
.disk/mkisofsfile.
apt install -y grub-efi-amd64-bin dosfstools mtools xorriso
cp $STAGE/rootfs/boot/vmlinuz-* $STAGE/medium/live/vmlinuz
cp $STAGE/rootfs/boot/initrd.img-* $STAGE/medium/live/initrd.img
dd if=/dev/zero of=$STAGE/medium/esp bs=16M count=1
mkfs.vfat $STAGE/medium/esp
UUID=`blkid -s UUID -o value $STAGE/medium/esp`
cat > $STAGE/grub.cfg << EOF
insmod all_video
set timeout=3
menuentry "$CAPTION" {
search -s -n -l PVELIVE-$UUID
EOF
cat >> $STAGE/grub.cfg << 'EOF'
linux ($root)/live/vmlinuz boot=live
initrd ($root)/live/initrd.img
}
EOF
grub-mkstandalone -O x86_64-efi -o $STAGE/BOOTx64.EFI boot/grub/grub.cfg=$STAGE/grub.cfg
mmd -i $STAGE/medium/esp ::/EFI ::/EFI/BOOT
mcopy -i $STAGE/medium/esp "$STAGE/BOOTx64.EFI" ::/EFI/BOOT/
xorriso -as mkisofs -o $STAGE/pvelive.iso -V PVELIVE-$UUID -iso-level 3 -l -r -J -partition_offset 16 -e --interval:appended_partition_2:all:: -no-emul-boot -append_partition 2 0xef $STAGE/medium/esp $STAGE/medium
At the of this run, we will have the final pvelive.iso at our disposal - either to mount it via OOB management or flash it onto a medium with whatever favourite tool, such as e.g. Etcher.^
Boot into the Live system
Booting this system will now give us a fairly familiar Linux environment - bear in mind it is also available via SSH, which a regular installer - of ouf a box - would not:
IMPORTANT Unlike default Proxmox installs, we follow basic security practice and the root user is not allowed to log in over SSH. Further, root user has no password set and therefore cannot directly log in at all. Use pvelive user to login and then switch to root user with
sudo -ias necessary.
[]
We are now at liberty to perform any additional tasks we would on a regular system, including installation of packages - some of which we got a hint of in the MOTD. None of these operations will be persisted, i.e. they rely on sufficient RAM on the system as opposed…
Content cut off. Read original on https://old.reddit.com/r/selfhosted/comments/1jasxm9/proxmox_ve_live_system_build/