Contents x
Deployment
    • PDF
    Contents

    Deployment

      • PDF
      Article summary

      To deploy Glasswall Halo in a Proxmox VM, you can choose from the following two options:

      Please refer to Troubleshooting & FAQs or the Proxmox Documentation for further information.

      Deploying from an OVA/VMDK

      Step 1 - Update Proxmox VE Host

      Ensure your Proxmox host is up to date by running the following command to prevent compatibility issues.

      01_proxmox

      • Online connectivity Update:
      apt-get update
apt-get dist-upgrade

      Step 2 - Create a New VM Shell

      1. Access the Proxmox Web UI and click Create VM.

      02_proxmox

      1. General: Provide a VM name (e.g., Glasswall-Halo).

      03_proxmox

      1. OS: Select a generic Linux type (e.g., Linux 5.x/6.x). You do not need an ISO.

      04_proxmox

      1. System:
        • BIOS: Set to SeaBIOS.
        • SCSI Controller: VirtIO SCSI.

      05_proxmox

      1. Hard Disk: Remove the default disk (we’ll attach a converted disk later).

      06_proxmox

      1. CPU: Set type to host for maximum performance; allocate at least 16 cores.

      07_proxmox

      1. Memory: Allocate 32–64 GB.

      08_proxmox

      1. Network: Attach a NIC to the desired bridge (e.g., vmbr0), typically VirtIO model.

      09_proxmox

      1. Confirm the summary and finish. Note: do not start the VM yet.

      10_proxmox

      Step 3 - Extract and Transfer the OVA

      1. Extract the OVA on your local system by running the following command:
        tar -xvf Halo-FULL-<version>.ova

      11_proxmox

      1. Identify the .vmdk file (e.g., Halo-FULL-<version>-disk1.vmdk).

      2. Upload the .vmdk to Proxmox, e.g.:

        scp Halo-FULL-...disk1.vmdk root@<Proxmox-IP>:/root/

      12_proxmox

      4. Prepare Storage (Optional LVM-Thin)

      Why LVM-Thin? It provides thin provisioning and snapshot support, making it ideal for larger or frequently updated VM disks. However, you can also attach disks to directory-based or other storage types in Proxmox.

      Example Steps to Create LVM-Thin:

      # Identify a free disk, e.g. /dev/sdb
pvcreate /dev/sdb
vgcreate vg-halo /dev/sdb
# Create a thin pool consuming all space
lvcreate -l 100%FREE -T -n thin-halo vg-halo

      13_proxmox

      After creating your thin pool, add it via Datacenter -> Storage -> Add -> LVM-Thin. Choose vg-halo as the volume group and thin-halo as the thin pool.

      14_proxmox

      Step 5 - Convert and Attach the Halo Disk

      Option A: qm importdisk

      SSH into your Proxmox Host

      If using storage that supports import (e.g., directory or LVM-Thin), run:

      qm importdisk <VM_ID> /root/Halo-FULL-...disk1.vmdk <StorageName> --format qcow2
      • <VM_ID> is the ID assigned to your VM (e.g., 100).
      • <StorageName> is the Proxmox storage target (e.g., local-lvm, halo-lvmthin).
      • After completion, go to VM -> Hardware, find the “Unused Disk,” then Edit and select IDE0.

      Option B (Recommended): Manual Conversion (qemu-img)

      SSH into your Proxmox Host

      If qm importdisk encounters errors (e.g., “zeroinit”), or if you prefer more direct management:

      1. Create a thin-provisioned volume for the Halo disk:
        lvcreate -n vm-<VM_ID>-disk-0 -V 200G --thinpool thin-halo vg-halo
      2. Convert the .vmdk to a raw disk:
        qemu-img convert -f vmdk -O raw /root/Halo-FULL...disk1.vmdk /dev/vg-halo/vm-<VM_ID>-disk-0
      3. Attach disk to the VM:
        qm set <VM_ID> --ide0 halo-lvmthin:vm-<VM_ID>-disk-0

      15_proxmox

      Step 6 - Final VM Configuration

      1. In VM -> Hardware:
        • IDE0 should be your main Halo disk.
        • Confirm “VirtIO SCSI” is listed as the SCSI controller.

      16_proxmox

      1. In VM -> Options:
        • Ensure Boot Order sets IDE0 as first.
        • Verify BIOS is SeaBIOS.
        • KVM hardware virtualization and ACPI should be enabled.
      2. Optional: QEMU Guest Agent can be installed inside the Halo VM for advanced functionality.

      17_proxmox

      Step 7 - Initial Boot

      1. Start the VM in the Proxmox UI.
      2. Watch the console; it may take up to a minute to pass “Probing EDD…” on first boot.
      3. Configure network inside the Halo VM:
        • For static IP: Edit RHEL’s /etc/sysconfig/network-scripts/ifcfg-... or use nmcli.
        • For DHCP: Ensure your DHCP server is operational.
      4. Finalize application-level configurations (i.e. start_halo.sh, syslog server, TLS).

      18_proxmox

      Deploying from a Glasswall Backup (.vma.zst)

      If our Glasswall team has provided you with a pre-configured Proxmox backup, you can skip the OVA/VMDK steps.

      Step 1 - Uploading and Restoring the Backup

      1. Copy the .vma.zst backup file to your Proxmox host’s backup directory:
        scp glasswall-halo-backup.vma.zst root@<Proxmox-IP>:/var/lib/vz/dump/
      2. In the Proxmox UI, go to Node -> Local -> Backup.
      3. Locate the .vma.zst file and select Restore.
      4. Assign a new VM ID (e.g., 101) and target storage.

      19_proxmox

      Step 2 - Verifying Disk Attachment

      1. After restore, open VM -> Hardware.
      2. Confirm that the main disk is attached to IDE0.
      3. Ensure BIOS is set to SeaBIOS under VM -> Options.

      Step 3 - Starting the VM

      1. Power on the VM.
      2. Watch the console for any errors.
      3. Configure the network settings, if not already set.
      4. Proceed with any final configuration steps within Halo.

      20_proxmox{height="" width="750}

      Troubleshooting and FAQs

      zeroinit Error

      This may occur when using qm importdisk with certain storage types or older QEMU versions. Solution: Use manual conversion with qemu-img.

      Network Configuration Issues

      • If the VM interface is named differently (e.g., ens18 vs. eth0), adjust your ifcfg- files accordingly.
      • Use nmcli device show or ip a to confirm the interface name.

      Why IDE + SeaBIOS?

      • STIG-hardened RHEL images require Legacy BIOS for certain boot configurations.
      • IDE ensures broad compatibility and avoids known issues with some virt drivers.

      Additional Best Practices

      • Snapshots: Leverage Proxmox snapshots or LVM-Thin snapshots for quick rollbacks.
      • Backups: Regularly use vzdump to create compressed backups (.vma.zst).
      • Resource Monitoring: Keep an eye on CPU and memory usage for production loads.

      Initiate Glasswall Halo Services

      • Execute the following command to launch Glasswall Halo:
        bash start_halo.sh
      • Once the script has completed, confirm all the Glasswall Halo services and Pods are running using the following command:
      kubectl get pods

      Access Glasswall Portal

      • Depending on your network configuration and/or domain configuration, you can now clean files by accessing the Glasswall Portal through the domain name and/or IP address assigned to your virtual machine.

      Run the following command to confirm network status:

      sudo netstat -tlnp
      Was this article helpful?
      What's Next