Proxmox VM/Container Creator
Create Ubuntu 24.04 LXC containers or full VMs on Proxmox VE. Returns a Docker-ready host with SSH access.
When to Use
- - "create proxmox vm"
- "create proxmox container"
- "spin up lxc"
- "new container on proxmox-host"
- Any time you need a fresh Linux host on Proxmox
This is a base skill. It creates the infrastructure. Other skills deploy applications onto it.
LXC vs VM Decision Guide
| Use LXC when | Use VM when |
|---|
| Running Docker containers (TheHive, MISP, etc.) | Security Onion, Zeek with AF_PACKET |
| Lightweight services |
Need custom kernel modules |
| Want fast startup (~5 seconds) | Need full OS isolation |
| Most SOC tools | Network monitoring with raw sockets |
Default: LXC. Only use VM when the application explicitly needs kernel access.
User Inputs
| Parameter | Default | Required |
|---|
| Name | - | Yes |
| Proxmox host |
proxmox-host (YOUR
PROXMOXIP) | No |
| Type | lxc | No (lxc or vm) |
| CPU cores | 2 | No |
| RAM (MB) | 4096 | No |
| Disk (GB) | 8 | No |
| Extra packages | - | No |
Prerequisites Check
CODEBLOCK0
Execution Flow: LXC Container
Step 1: Ensure template is cached
CODEBLOCK1
Step 2: Find next available CTID
CODEBLOCK2
Step 3: Create container
CODEBLOCK3
Key flags:
- -
--unprivileged 1: Security best practice - INLINECODE1�: Required for Docker inside LXC
- INLINECODE2�: Start immediately after creation
Step 4: Wait for boot and get IP
CODEBLOCK4
Step 5: Post-boot Docker setup
CODEBLOCK5
Or manually:
�CODEBLOCK6
Step 6: Verify
CODEBLOCK7
Execution Flow: Full VM
Use scripts/create-vm.sh for full VMs when LXC won't work:
CODEBLOCK8
Return Values
Report to caller:
�CODEBLOCK9
Teardown
CODEBLOCK10
Critical Gotchas
See references/gotchas.md for full details:
- 1. Docker in LXC needs nesting=1: Without
--features nesting=1, Docker fails to create networks - LXC limitations: No custom kernel modules, no raw sockets (AF_PACKET). Use VM for Security Onion, Zeek
- Template caching:
pveam download is slow first time. Check pveam list local first - CTID conflicts: Always check
pct list before picking a CTID - Disk is thin-provisioned: 770GB free in pool but containers can fill up fast
- Wazuh (CTID 105): 99.3% full at 25GB. Don't colocate storage-heavy services
Proxmox VM/容器创建器
在Proxmox VE上创建Ubuntu 24.04 LXC容器或完整虚拟机。返回一个支持SSH访问且已配置Docker的主机。
使用场景
- - 创建proxmox虚拟机
- 创建proxmox容器
- 启动lxc
- 在proxmox主机上新建容器
- 任何需要在Proxmox上创建全新Linux主机的情况
这是一个基础技能。它负责创建基础设施,其他技能则在其上部署应用程序。
LXC与虚拟机选择指南
| 使用LXC的场景 | 使用虚拟机的场景 |
|---|
| 运行Docker容器(TheHive、MISP等) | Security Onion、带AF_PACKET的Zeek |
| 轻量级服务 |
需要自定义内核模块 |
| 需要快速启动(约5秒) | 需要完整的操作系统隔离 |
| 大多数SOC工具 | 使用原始套接字的网络监控 |
默认选择:LXC。 仅当应用程序明确需要内核访问权限时才使用虚拟机。
用户输入参数
proxmox-host (YOUR
PROXMOXIP) | 否 |
| 类型 | lxc | 否(lxc或vm) |
| CPU核心数 | 2 | 否 |
| 内存(MB) | 4096 | 否 |
| 磁盘(GB) | 8 | 否 |
| 额外软件包 | - | 否 |
前置条件检查
bash
SSH连接到Proxmox
ssh proxmox-host pveversion || echo 失败:无法SSH连接到Proxmox主机
检查模板(LXC)
ssh proxmox-host pveam list local | grep ubuntu-24.04 || echo 模板未缓存,将进行下载
查找下一个CTID
ssh proxmox-host pct list | tail -n +2 | awk {print $1} | sort -n | tail -1
使用最大值 + 1
执行流程:LXC容器
步骤1:确保模板已缓存
bash
ssh proxmox-host pveam list local | grep ubuntu-24.04 || pveam download local ubuntu-24.04-standard24.04-2amd64.tar.zst
步骤2:查找下一个可用CTID
bash
NEXT_CTID=$(ssh proxmox-host cat <(pct list | tail -n +2 | awk {print \$1}) <(qm list | tail -n +2 | awk {print \$1}) 2>/dev/null | sort -n | tail -1)
NEXTCTID=$((NEXTCTID + 1))
步骤3:创建容器
bash
ssh proxmox-host pct create $CTID local:vztmpl/ubuntu-24.04-standard24.04-2amd64.tar.zst \
--hostname <名称> \
--memory <内存> \
--cores <核心数> \
--rootfs local-lvm:<磁盘> \
--net0 name=eth0,bridge=vmbr0,ip=dhcp \
--unprivileged 1 \
--features nesting=1 \
--start 1
关键标志:
- - --unprivileged 1:安全最佳实践
- --features nesting=1:LXC内运行Docker必需
- --start 1:创建后立即启动
步骤4:等待启动并获取IP
bash
sleep 10 # LXC约5秒启动完成
从Proxmox获取IP
ssh proxmox-host pct exec $CTID -- hostname -I
或从DHCP获取
ssh proxmox-host pct exec $CTID -- ip -4 addr show eth0 | grep inet | awk {print \$2} | cut -d/ -f1
步骤5:启动后Docker配置
bash
bash scripts/post-boot-setup.sh proxmox-host $CTID
或手动执行:
bash
ssh proxmox-host pct exec $CTID -- bash -c
apt-get update -qq
apt-get install -y -qq docker.io curl git htop
systemctl enable docker && systemctl start docker
mkdir -p /usr/local/lib/docker/cli-plugins
curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
步骤6:验证
bash
ssh proxmox-host pct exec $CTID -- docker --version && pct exec $CTID -- docker compose version
执行流程:完整虚拟机
当LXC无法满足需求时,使用scripts/create-vm.sh创建完整虚拟机:
bash
ssh proxmox-host qm create $VMID --name <名称> --memory <内存> --cores <核心数> \
--net0 virtio,bridge=vmbr0 --scsihw virtio-scsi-pci \
--scsi0 local-lvm:<磁盘>,format=raw --ide2 local-lvm:cloudinit \
--boot c --bootdisk scsi0 --serial0 socket --vga serial0 \
--ciuser deploy --cipassword <密码> --ipconfig0 ip=dhcp \
--start 1
返回值
向调用方报告:
容器/虚拟机已创建:<名称>
CTID/VMID:
类型:lxc | vm
IP:
SSH:root@(LXC)或 deploy@(虚拟机)
Docker:已安装
Docker Compose v2:已安装
销毁操作
bash
LXC
ssh proxmox-host pct stop $CTID && pct destroy $CTID --purge
虚拟机
ssh proxmox-host qm stop $VMID && qm destroy $VMID --purge
关键注意事项
详见references/gotchas.md:
- 1. LXC中的Docker需要nesting=1:没有--features nesting=1,Docker无法创建网络
- LXC限制:不支持自定义内核模块、原始套接字(AF_PACKET)。Security Onion、Zeek请使用虚拟机
- 模板缓存:首次pveam download速度较慢。先检查pveam list local
- CTID冲突:选择CTID前务必检查pct list
- 磁盘为精简配置:池中有770GB空闲空间,但容器可能快速填满
- Wazuh(CTID 105):25GB磁盘使用率达99.3%。避免将存储密集型服务部署在同一位置
