* [PVE-User] install pve-enterprise (with subscription key) on top of debian install
@ 2025-10-16 10:05 DERUMIER, Alexandre via pve-user
2025-10-22 1:19 ` Gilou
0 siblings, 1 reply; 6+ messages in thread
From: DERUMIER, Alexandre via pve-user @ 2025-10-16 10:05 UTC (permalink / raw)
To: pve-user; +Cc: DERUMIER, Alexandre
[-- Attachment #1: Type: message/rfc822, Size: 12669 bytes --]
From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-user@lists.proxmox.com" <pve-user@lists.proxmox.com>
Subject: install pve-enterprise (with subscription key) on top of debian install
Date: Thu, 16 Oct 2025 10:05:48 +0000
Message-ID: <10a91bee8f709d27a414208998a58bdbed281a7f.camel@groupe-cyllene.com>
Hi,
I'm currently working on a hardened pve installation for CIS
certification, and as it need luks encryption + specific partionning,
I need to install it on top of a debian install.
I would like to deploy pve-enterprise repo directly, but how can I do
it on top of debian ?
The wiki said to install no-subscription first, then switch to
enteprise after uploading the key in the gui
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm
But that mean than more recent packages could be pushed from no-
subscription first.
Is is possible to put the key somewhere in /etc/apt/ ?
Alexandre
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
2025-10-16 10:05 [PVE-User] install pve-enterprise (with subscription key) on top of debian install DERUMIER, Alexandre via pve-user
@ 2025-10-22 1:19 ` Gilou
2025-10-22 1:24 ` Gilou
2025-10-22 10:22 ` DERUMIER, Alexandre via pve-user
0 siblings, 2 replies; 6+ messages in thread
From: Gilou @ 2025-10-22 1:19 UTC (permalink / raw)
To: pve-user
Le 16/10/2025 à 12:05, DERUMIER, Alexandre via pve-user a écrit :
> Hi,
>
> I'm currently working on a hardened pve installation for CIS
> certification, and as it need luks encryption + specific partionning,
> I need to install it on top of a debian install.
>
> I would like to deploy pve-enterprise repo directly, but how can I do
> it on top of debian ?
>
> The wiki said to install no-subscription first, then switch to
> enteprise after uploading the key in the gui
> https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm
>
> But that mean than more recent packages could be pushed from no-
> subscription first.
>
> Is is possible to put the key somewhere in/etc/apt/ ?
>
> Alexandre
Hi,
It's been a while since I've had to do such things.. but here goes..
Unless you have an offline key, you'll need to register the server
first, so that the server ID (hex version of the md5 hash of the SSH RSA
key) is allowed.
Basically, as you can see in proxmox-subscription/src/check.rs:
you need to call:
https://shop.proxmox.com/modules/servers/licensing/verify.php
with that JSON (challenge is epoch time + random string) :
{
"licensekey": key,
"dir": server_id,
"domain": "www.proxmox.com",
"ip": "localhost",
"check_token": challenge,
}
Then either you re-register/check it once you have the API available, or
you try to write a valid /etc/subscription file..
Otherwise, it's "simple", you can get the info on a running server:
/etc/apt/auth.conf.d/pve.conf
machine enterprise.proxmox.com/debian/pve
login server_id
password server_key
Set the proper enterprise repos, and it should work, if the server ID is
registered...
This might be interesting to have in the ansible role lae.proxmox (that
you'll probably despise, given your love for ansible HAHA) as well, as
the only supported scenario for now there is to.. remove the enterprise
repos.. either have a curl command to register the server id and compute
/etc/subscription, or a tool (pvesubscription) to wrap that Rust API in
Debian..
Cheers,
Gilou
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
2025-10-22 1:19 ` Gilou
@ 2025-10-22 1:24 ` Gilou
2025-10-22 10:22 ` DERUMIER, Alexandre via pve-user
1 sibling, 0 replies; 6+ messages in thread
From: Gilou @ 2025-10-22 1:24 UTC (permalink / raw)
To: pve-user
Le 22/10/2025 à 03:19, Gilou a écrit :
> Le 16/10/2025 à 12:05, DERUMIER, Alexandre via pve-user a écrit :
>> Hi,
>>
>> I'm currently working on a hardened pve installation for CIS
>> certification, and as it need luks encryption + specific partionning,
>> I need to install it on top of a debian install.
And of course, Thunderbird missed that you already had an answer from
Shannon regarding POM use, but that's another route.
Cheers,
Gilou
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
2025-10-22 1:19 ` Gilou
2025-10-22 1:24 ` Gilou
@ 2025-10-22 10:22 ` DERUMIER, Alexandre via pve-user
1 sibling, 0 replies; 6+ messages in thread
From: DERUMIER, Alexandre via pve-user @ 2025-10-22 10:22 UTC (permalink / raw)
To: pve-user; +Cc: DERUMIER, Alexandre
[-- Attachment #1: Type: message/rfc822, Size: 17464 bytes --]
From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-user@lists.proxmox.com" <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
Date: Wed, 22 Oct 2025 10:22:47 +0000
Message-ID: <87b62e3475d6befe15a387e1d35d6aae44151ca2.camel@groupe-cyllene.com>
Thanks Gilou !
(I'm going to use ansible for this setup deployment, no puppet :p )
I'm using it for hardening
https://github.com/ansible-lockdown/DEBIAN12-CIS
so, I'll add deploy && tuning of proxmox too.
See you at Fosdem !
-------- Message initial --------
De: Gilou <contact+dev@gilouweb.com>
Répondre à: Proxmox VE user list <pve-user@lists.proxmox.com>
À: pve-user@lists.proxmox.com
Objet: Re: [PVE-User] install pve-enterprise (with subscription key) on
top of debian install
Date: 22/10/2025 03:19:42
Le 16/10/2025 à 12:05, DERUMIER, Alexandre via pve-user a écrit :
> Hi,
>
> I'm currently working on a hardened pve installation for CIS
> certification, and as it need luks encryption + specific partionning,
> I need to install it on top of a debian install.
>
> I would like to deploy pve-enterprise repo directly, but how can I do
> it on top of debian ?
>
> The wiki said to install no-subscription first, then switch to
> enteprise after uploading the key in the gui
> https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aPE86c9l
> _NoW4_35ZkzMrkRr2MW_BjbnDTswuy0AwOve3AOvphs1mSlvmN7amrdGSQ&i=SGI0YVJG
> NmxZNE90Z2thMHUqf210Bsg_fKIWrGzx11E&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYaKp
> fBJeBDlAX9E2aicRCRO3qsFIBX9zb4pDqGdxG45MOoGKkZ3R8w3DjSjAvqYgRg&s=ed00
> ffb3fa787e4023c0aba95836088c08aaa9676b5e2d10613ab1260804b8c9&u=https%
> 3A%2F%2Fpve.proxmox.com%2Fwiki%2FInstall_Proxmox_VE_on_Debian_12_Book
> worm
>
> But that mean than more recent packages could be pushed from no-
> subscription first.
>
> Is is possible to put the key somewhere in/etc/apt/ ?
>
> Alexandre
Hi,
It's been a while since I've had to do such things.. but here goes..
Unless you have an offline key, you'll need to register the server
first, so that the server ID (hex version of the md5 hash of the SSH
RSA
key) is allowed.
Basically, as you can see in proxmox-subscription/src/check.rs:
you need to call:
https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aPE86c9l_N
oW4_35ZkzMrkRr2MW_BjbnDTswuy0AwOve3AOvphs1mSlvmN7amrdGSQ&i=SGI0YVJGNmxZ
NE90Z2thMHUqf210Bsg_fKIWrGzx11E&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYaKpfBJeBD
lAX9E2aicRCRO3qsFIBX9zb4pDqGdxG45MOoGKkZ3R8w3DjSjAvqYgRg&s=c8a0cb214ea1
5d84f14072c9cfb91451ab6f5c8a5367adc430eab7e679b070c4&u=https%3A%2F%2Fsh
op.proxmox.com%2Fmodules%2Fservers%2Flicensing%2Fverify.php
with that JSON (challenge is epoch time + random string) :
{
"licensekey": key,
"dir": server_id,
"domain": "www.proxmox.com",
"ip": "localhost",
"check_token": challenge,
}
Then either you re-register/check it once you have the API available,
or
you try to write a valid /etc/subscription file..
Otherwise, it's "simple", you can get the info on a running server:
/etc/apt/auth.conf.d/pve.conf
machine enterprise.proxmox.com/debian/pve
login server_id
password server_key
Set the proper enterprise repos, and it should work, if the server ID
is
registered...
This might be interesting to have in the ansible role lae.proxmox (that
you'll probably despise, given your love for ansible HAHA) as well, as
the only supported scenario for now there is to.. remove the enterprise
repos.. either have a curl command to register the server id and
compute
/etc/subscription, or a tool (pvesubscription) to wrap that Rust API in
Debian..
Cheers,
Gilou
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aPE86c9l_N
oW4_35ZkzMrkRr2MW_BjbnDTswuy0AwOve3AOvphs1mSlvmN7amrdGSQ&i=SGI0YVJGNmxZ
NE90Z2thMHUqf210Bsg_fKIWrGzx11E&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYaKpfBJeBD
lAX9E2aicRCRO3qsFIBX9zb4pDqGdxG45MOoGKkZ3R8w3DjSjAvqYgRg&s=faee9ce2e044
e17613a395871950698d1e48cb3131c4054a7ed46b8baa3e1cee&u=https%3A%2F%2Fli
sts.proxmox.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fpve-user
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
2025-10-16 10:53 ` Shannon Sterz
@ 2025-10-16 11:38 ` DERUMIER, Alexandre via pve-user
0 siblings, 0 replies; 6+ messages in thread
From: DERUMIER, Alexandre via pve-user @ 2025-10-16 11:38 UTC (permalink / raw)
To: s.sterz; +Cc: DERUMIER, Alexandre, pve-user
[-- Attachment #1: Type: message/rfc822, Size: 12491 bytes --]
From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "s.sterz@proxmox.com" <s.sterz@proxmox.com>
Cc: "pve-user@lists.proxmox.com" <pve-user@lists.proxmox.com>
Subject: Re: install pve-enterprise (with subscription key) on top of debian install
Date: Thu, 16 Oct 2025 11:38:11 +0000
Message-ID: <f3bfce1f8b9f758a64cfc6f29821f3ac172b7c56.camel@groupe-cyllene.com>
>>The most straight forward way to do that with our current tooling is
>>probably to leverage POM [1]. It should allow you to mirror the
>>enterprise repo and then you can configure the PVE host to use that
>>mirror. You can also use POM to activate the subscription key on the
>>node.
thanks ! I was thinking to use it, thanks for the confirmation !
Alexandre
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] install pve-enterprise (with subscription key) on top of debian install
[not found] <10a91bee8f709d27a414208998a58bdbed281a7f.camel@groupe-cyllene.com>
@ 2025-10-16 10:53 ` Shannon Sterz
2025-10-16 11:38 ` DERUMIER, Alexandre via pve-user
0 siblings, 1 reply; 6+ messages in thread
From: Shannon Sterz @ 2025-10-16 10:53 UTC (permalink / raw)
To: DERUMIER, Alexandre; +Cc: pve-user
On Thu Oct 16, 2025 at 12:05 PM CEST, Alexandre DERUMIER wrote:
> Hi,
>
Hi Alexandre!
> I'm currently working on a hardened pve installation for CIS
> certification, and as it need luks encryption + specific partionning,
> I need to install it on top of a debian install.
>
> I would like to deploy pve-enterprise repo directly, but how can I do
> it on top of debian ?
>
> The wiki said to install no-subscription first, then switch to
> enteprise after uploading the key in the gui
> https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm
>
> But that mean than more recent packages could be pushed from no-
> subscription first.
>
> Is is possible to put the key somewhere in /etc/apt/ ?
The most straight forward way to do that with our current tooling is
probably to leverage POM [1]. It should allow you to mirror the
enterprise repo and then you can configure the PVE host to use that
mirror. You can also use POM to activate the subscription key on the
node.
[1]: https://pom.proxmox.com/
> Alexandre
Best regards, Shannon
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-10-22 10:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-16 10:05 [PVE-User] install pve-enterprise (with subscription key) on top of debian install DERUMIER, Alexandre via pve-user
2025-10-22 1:19 ` Gilou
2025-10-22 1:24 ` Gilou
2025-10-22 10:22 ` DERUMIER, Alexandre via pve-user
[not found] <10a91bee8f709d27a414208998a58bdbed281a7f.camel@groupe-cyllene.com>
2025-10-16 10:53 ` Shannon Sterz
2025-10-16 11:38 ` DERUMIER, Alexandre via pve-user
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.