Operations & Runbooks
Operational runbooks, build-phase tracking, and remote-access procedures for the two-site homelab.
Operational reference for the two-site private cloud: runbooks for hardware access and fan control, the phased build sequence from bootstrap to Kubernetes, and a snapshot of where the build currently stands.
IPMI / Java KVM Remote Install
Remote Proxmox ISO installation on Supermicro hardware is done through IPMI virtual media and the Java iKVM viewer. The IPMI / KVM page covers the full troubleshooting path: ephemeral-port blockage (the most common silent failure), Java 8 / OpenWebStart issues on macOS, SMB virtual media compatibility, and the Dockerized iKVM fallback approach.
Ephemeral ports are the common failure mode
The iKVM viewer uses ephemeral ports such as 63630/63631 for its data channel. If the viewer launches but cannot connect, check port reachability before assuming a certificate problem.
Build Phases
The build runs seven phases — from flat bootstrap on temporary IPs through OPNsense insertion, WireGuard site-to-site VPN, Proxmox clustering, ZFS/Ceph/Proxmox Backup Server storage, and finally Kubernetes. The Build Phases page documents each phase's topology change, key IPs, and hard rules (one cluster per site, no stretched Ceph, no stretched L2).
Current Build State
A point-in-time snapshot of which phases are complete and what is in progress lives on the Current Build State page. As of 2026-07-02, Site A Phase 0 is complete — Proxmox on all four nodes plus the full edge stack (OPNsense, UniFi OS Server, OpenBao) rebuildable from the repo; Site B has not started. The bare-metal path that got there is captured as a repeatable runbook on the Initial Site Bootstrap page: temp-LAN plan, hardware install, Proxmox, edge VMs via Pulumi, and the bao-first secrets migration, with verification gates after every step.
Hardware: E200 Fan Quieting
The Supermicro SYS-E200-8D nodes (sa-edge-01, sb-edge-01) ship with loud 40 mm fans. The fan-quieting runbook on the Hardware page covers IPMI fan-mode commands, threshold lowering, and the optional Noctua swap.
CA & Certificate Infrastructure
Certificate strategy for the AORXI homelab: Let's Encrypt DNS-01 via Cloudflare for OPNsense, Proxmox, PBS, and Kubernetes; step-ca private CA for IPMI/BMC and internal mTLS.
Initial Site Bootstrap
The bare-metal → operational-baseline runbook: temp LAN, hardware install, Proxmox, edge VMs (OPNsense, UOS, OpenBao) via Pulumi, and the bao-first secrets migration.