Installation
Installing Pritunl Cloud
It is recommended to run Pritunl Cloud on AlmaLinux 10 or Oracle Linux 10, these are the only distributions Pritunl Cloud is tested on.
Create Azure Virtual Machine
This example will use a D-Series virtual virtual machine on Azure. These virtual machines support nested KVM virtualization and will allow Pritunl Cloud to run. AWS instances do not support nested KVM virtualization. Refer to the Platforms section for information on installing Pritunl Cloud on bare metal providers.
When creating the virtual machine select the latest AlmaLinux 10 image and a D-Series size.
The disk size should be at least 60gb to allow space for the Pritunl Cloud instances. Below are the firewall rules that will be used for this example. This will allow SSH, HTTP and HTTPs traffic to access the Pritunl Cloud host and web console. The node port range will also be open, this allows Pritunl Cloud node ports to be created for accessing instances.
Install MongoDB
This configuration will run MongoDB inside a Podman Quadlet container using pritunl/toolbox/mongodb-container. This is helpful for isolating the database and controlling resource consumption. Multi host production systems should consider using a replica set. Although the software is designed to keep all virtual machines functioning even if the primary pritunl-cloud process is stopped or connection to the database is lost. Any changes made to the system state will be applied when connectivity is restored.
sudo dnf -y install git-core podman
git clone https://github.com/pritunl/toolbox.git
cd toolbox/mongodb-container
sudo podman build --rm -t mongo .
cd
sudo mkdir /var/lib/mongo
sudo chown 277:277 /var/lib/mongo
sudo tee /etc/containers/systemd/mongodb-podman.container << EOF
[Unit]
Description=MongoDB Podman Service
[Container]
Image=localhost/mongo
ContainerName=mongodb
Environment=DB_NAME=pritunl-cloud
Environment=CACHE_SIZE=1
User=mongodb
Volume=/var/lib/mongo:/data/db:Z
PublishPort=127.0.0.1:27017:27017
PodmanArgs=--cpus=1 --memory=2g
[Service]
Restart=always
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl start mongodb-podman.service
sleep 3
sudo cat /var/lib/mongo/credentials.txtWait for the database to start and for the credentials to be shown in the /var/lib/mongo/credentials.txt file. Then use the commands below to install Pritunl Cloud. On the first run Pritunl Cloud will read from the credentials file if it exists otherwise the database can be configured in /etc/pritunl-cloud.json.
Install Pritunl Cloud
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/10/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF
sudo dnf -y update
sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service || true
sudo systemctl disable firewalld.service || true
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
sudo setenforce 0
sudo dnf -y install iptables net-tools ipset ipvsadm xorriso qemu-kvm qemu-img swtpm swtpm-tools
sudo dnf -y install pritunl-cloud
sudo systemctl enable --now pritunl-cloudAccess Web Console
After the installation is complete run the command below to get the default password and use this to login to the web console on the HTTPS port of the server.
sudo pritunl-cloud default-passwordUse the provided password to login to the web console at the server public IP. Then open the Authorities tab. These store SSH credentials that will be applied to instances based on matched roles. If an instance has a role that matches the authority role that SSH key will be added to the instance under the cloud username. The name of the authority does not change the username it will always be the cloud user. Select the pre-created authority and paste your public SSH key in the SSH Key field and click Save. When creating an instance or pod add the instance role to include this SSH key to allow for SSH access.
Server Maintenance
The container will automatically configure the database with authentication and store the data in /var/lib/mongo The MongoDB shell can be accessed using the command below with the admin password stored in the credentials file. The container also includes an upgrade script that can update the packages in place using the command below.
# MongoDB Shell
sudo cat /var/lib/mongo/credentials.txt
sudo podman exec -it mongodb bash
mongosh -u admin --authenticationDatabase admin
# MongoDB Upgrade
sudo podman exec -u root mongodb update
sudo podman restart mongodbThe next section will explain creating the first pod.
Last updated