From lists at merit.unu.edu Wed Nov 1 09:06:09 2017 From: lists at merit.unu.edu (mj) Date: Wed, 1 Nov 2017 09:06:09 +0100 Subject: [PVE-User] copy paste In-Reply-To: <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> Message-ID: Hi Martin, Thanks for your reply, interesting that it works for you...! Details: - proxmox 4.4-13 - debian stretch as a guest - display spice (qxl) - qemu agent yes (though not sure if this is required) - apt-get installed qemu-guest-agent in the stretch guest My workstations runs linux mint 18.2 that comes with virt-viewer 1.00. I click console button, select SPICE, and the virt-viewer is launched, and connects automatically. However, ctrl-v only gives "^V" in the guest, and shift-insert gives "^[[2~" Perhaps I should use different shortcuts? But also selecting text in the virt-viewer cli console is not possible, the mouse disappears when above the virt-viewer window. Surprised that it works for you. Do I do something wrong? MJ On 10/31/2017 01:41 PM, Martin Maurer wrote: > Hi, > > works for me. > > pls describe exactly your setup. > > - guest VM (Debian Stretch?) > - your desktop system, I mean how to you run the remote viewer? > > From f.cuseo at panservice.it Wed Nov 1 09:20:02 2017 From: f.cuseo at panservice.it (Fabrizio Cuseo) Date: Wed, 1 Nov 2017 09:20:02 +0100 (CET) Subject: [PVE-User] Ceph server osd monitoring Message-ID: <1829149658.15661570.1509524402211.JavaMail.zimbra@zimbra.panservice.it> Hi all. Can you introduce in 5.1 a mail allarm when ceph server has some problem (mon or osd down for example). Regards, Fabrizio From lists at merit.unu.edu Wed Nov 1 09:26:25 2017 From: lists at merit.unu.edu (mj) Date: Wed, 1 Nov 2017 09:26:25 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> Message-ID: Even more details, on proxmox, the guest is started ith: > root 25870 1.9 0.3 5773784 504344 ? Sl 08:52 0:29 /usr/bin/kvm -id 502 -chardev socket,id=qmp,path=/var/run/qemu-server/502.qmp,server,nowait -mon chardev=qmp,mode=control -pidfile /var/run/qemu-server/502.pid -daemonize -smbios type=1,uuid=802dffac-175b-49ce-abbb-df6a5bbcdf5b -name dc2-d9 -smp 4,sockets=2,cores=2,maxcpus=4 -nodefaults -boot menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg -vga qxl -vnc unix:/var/run/qemu-server/502.vnc,x509,password -cpu kvm64,+lahf_lm,+sep,+kvm_pv_unhalt,+kvm_pv_eoi,enforce -m 4096 -k en-us -device pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f -device pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e -device piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2 -chardev socket,path=/var/run/qemu-server/502.qga,server,nowait,id=qga0 -device virtio-serial,id=qga0,bus=pci.0,addr=0x8 -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 -spice tls-port=61000,addr=localhost,tls-ciphers=HIGH,seamless-migration=on -device virtio-serial,id=spice,bus=pci.0,addr=0x9 -chardev spicevmc,id=vdagent,name=vdagent -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 -iscsi initiator-name=iqn.1993-08.org.debian:01:a5d06825dad -drive file=/mnt/pve/freenas-backup/template/iso/debian-9.0.0-amd64-netinst.iso,if=none,id=drive-ide2,media=cdrom,aio=threads -device ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=200 -device virtio-scsi-pci,id=scsihw0,bus=pci.0,addr=0x5 -drive file=rbd:ceph-storage/vm-502-disk-1:mon_host=10.10.89.1\:6789;10.10.89.2\:6789;10.10.89.3\:6789:id=admin:auth_supported=cephx:keyring=/etc/pve/priv/ceph/ceph-storage.keyring,if=none,id=drive-scsi0,discard=on,format=raw,cache=none,aio=native,detect-zeroes=unmap -device scsi-hd,bus=scsihw0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0,id=scsi0,bootindex=100 -netdev type=tap,id=net0,ifname=tap502i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown,vhost=on -device virtio-net-pci,mac=CE:11:EB:20:6D:6D,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300 So various spice options appear... From lists at merit.unu.edu Wed Nov 1 09:28:44 2017 From: lists at merit.unu.edu (mj) Date: Wed, 1 Nov 2017 09:28:44 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> Message-ID: On the guest< have verified that the spice-vdagent is actually running. From elacunza at binovo.es Thu Nov 2 09:18:13 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Thu, 2 Nov 2017 09:18:13 +0100 Subject: [PVE-User] Ceph server osd monitoring In-Reply-To: <1829149658.15661570.1509524402211.JavaMail.zimbra@zimbra.panservice.it> References: <1829149658.15661570.1509524402211.JavaMail.zimbra@zimbra.panservice.it> Message-ID: You can use nagios/icinga for this. You probably have some monitoring in place, so why not use it? El 01/11/17 a las 09:20, Fabrizio Cuseo escribi?: > Hi all. > > Can you introduce in 5.1 a mail allarm when ceph server has some problem (mon or osd down for example). > > Regards, Fabrizio > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From martin at proxmox.com Thu Nov 2 15:13:02 2017 From: martin at proxmox.com (Martin Maurer) Date: Thu, 2 Nov 2017 15:13:02 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> Message-ID: Works here, tested with a default Debian Stretch (Gnome). Seems you do not run any x/desktop in your guest? On 01.11.2017 09:06, mj wrote: > Hi Martin, > > Thanks for your reply, interesting that it works for you...! > > Details: > - proxmox 4.4-13 > - debian stretch as a guest > - display spice (qxl) > - qemu agent yes (though not sure if this is required) > - apt-get installed qemu-guest-agent in the stretch guest > > My workstations runs linux mint 18.2 that comes with virt-viewer 1.00. > > I click console button, select SPICE, and the virt-viewer is launched, > and connects automatically. However, ctrl-v only gives "^V" in the > guest, and shift-insert gives "^[[2~" > > Perhaps I should use different shortcuts? > > But also selecting text in the virt-viewer cli console is not possible, > the mouse disappears when above the virt-viewer window. > > Surprised that it works for you. Do I do something wrong? > > MJ > > On 10/31/2017 01:41 PM, Martin Maurer wrote: >> Hi, >> >> works for me. >> >> pls describe exactly your setup. >> >> - guest VM (Debian Stretch?) >> - your desktop system, I mean how to you run the remote viewer? >> >> > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Best Regards, Martin Maurer From lists at merit.unu.edu Thu Nov 2 15:50:59 2017 From: lists at merit.unu.edu (mj) Date: Thu, 2 Nov 2017 15:50:59 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> Message-ID: <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> On 11/02/2017 03:13 PM, Martin Maurer wrote: > Works here, tested with a default Debian Stretch (Gnome). > Seems you do not run any x/desktop in your guest? True. Is it only supported under x? Nothing possible onder a text only (server) install? MJ From dorsyka at yahoo.com Thu Nov 2 15:54:50 2017 From: dorsyka at yahoo.com (dorsy) Date: Thu, 2 Nov 2017 15:54:50 +0100 Subject: [PVE-User] copy paste In-Reply-To: <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> Message-ID: <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> I'd suggest using ssh for console. So you can copy/paste at your local terminal emulator. On 2017-11-02 15:50, mj wrote: > > > On 11/02/2017 03:13 PM, Martin Maurer wrote: >> Works here, tested with a default Debian Stretch (Gnome). >> Seems you do not run any x/desktop in your guest? > > True. Is it only supported under x? > > Nothing possible onder a text only (server) install? > > MJ > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From lists at merit.unu.edu Thu Nov 2 15:59:15 2017 From: lists at merit.unu.edu (mj) Date: Thu, 2 Nov 2017 15:59:15 +0100 Subject: [PVE-User] copy paste In-Reply-To: <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> Message-ID: On 11/02/2017 03:54 PM, dorsy wrote: > I'd suggest using ssh for console. > So you can copy/paste at your local terminal emulator. Yeah I do that, but sometimes I need to test things in an isolated VMs-only network, and in that case I cannot simply ssh into a VM. In those cases I can only work via the console, and copying/pasting would help SO much. But guessing from these answers, copy/paste only works under X? MJ From dorsyka at yahoo.com Thu Nov 2 16:06:14 2017 From: dorsyka at yahoo.com (dorsy) Date: Thu, 2 Nov 2017 16:06:14 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> Message-ID: You can ssh to the proxmox node, which is a linux host, therefore you can ssh to any of your VMs. The only thing you need is an IP from the "VM-only" network. The thing is that modern linux systems do not initialize a "text" console, but they use a graphical local console. You can have a serial console in KVM. More info: https://pve.proxmox.com/wiki/Serial_Terminal On 2017-11-02 15:59, mj wrote: > > On 11/02/2017 03:54 PM, dorsy wrote: >> I'd suggest using ssh for console. >> So you can copy/paste at your local terminal emulator. > > Yeah I do that, but sometimes I need to test things in an isolated > VMs-only network, and in that case I cannot simply ssh into a VM. > > In those cases I can only work via the console, and copying/pasting > would help SO much. > > But guessing from these answers, copy/paste only works under X? > > MJ > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From martin at proxmox.com Thu Nov 2 17:03:14 2017 From: martin at proxmox.com (Martin Maurer) Date: Thu, 2 Nov 2017 17:03:14 +0100 Subject: [PVE-User] copy paste In-Reply-To: <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> Message-ID: <02da928b-c9a9-8364-6469-acc4162b33b3@proxmox.com> On 02.11.2017 15:50, mj wrote: > > > On 11/02/2017 03:13 PM, Martin Maurer wrote: >> Works here, tested with a default Debian Stretch (Gnome). >> Seems you do not run any x/desktop in your guest? > > True. Is it only supported under x? yes. > Nothing possible onder a text only (server) install? use ssh. > MJ > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Best Regards, Martin Maurer From IMMO.WETZEL at adtran.com Thu Nov 2 17:12:21 2017 From: IMMO.WETZEL at adtran.com (IMMO WETZEL) Date: Thu, 2 Nov 2017 16:12:21 +0000 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> Message-ID: Why not using the serial interface ? see wiki/forum -----Original Message----- From: pve-user [mailto:pve-user-bounces at pve.proxmox.com] On Behalf Of mj Sent: Thursday, November 02, 2017 3:59 PM To: pve-user at pve.proxmox.com Subject: Re: [PVE-User] copy paste On 11/02/2017 03:54 PM, dorsy wrote: > I'd suggest using ssh for console. > So you can copy/paste at your local terminal emulator. Yeah I do that, but sometimes I need to test things in an isolated VMs-only network, and in that case I cannot simply ssh into a VM. In those cases I can only work via the console, and copying/pasting would help SO much. But guessing from these answers, copy/paste only works under X? MJ _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From lae at lae.is Thu Nov 2 17:19:11 2017 From: lae at lae.is (Musee Ullah) Date: Thu, 02 Nov 2017 09:19:11 -0700 Subject: [PVE-User] Ceph server osd monitoring In-Reply-To: References: <1829149658.15661570.1509524402211.JavaMail.zimbra@zimbra.panservice.it> Message-ID: <1509639551.7511.4.camel@lae.is> Ceph Luminous has a Prometheus plugin that can be enabled in ceph-mgr, you could probably use that if you're using the Prometheus monitoring environment. 2017-11-02 (?) ? 09:18 +0100 ? Eneko Lacunza ????????: > You can use nagios/icinga for this. > > You probably have some monitoring in place, so why not use it? > > El 01/11/17 a las 09:20, Fabrizio Cuseo escribi?: > > Hi all. > > > > Can you introduce in 5.1 a mail allarm when ceph server has some > > problem (mon or osd down for example). > > > > Regards, Fabrizio > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > -- Musee Ullah -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part URL: From lists at merit.unu.edu Thu Nov 2 17:22:33 2017 From: lists at merit.unu.edu (mj) Date: Thu, 2 Nov 2017 17:22:33 +0100 Subject: [PVE-User] copy paste In-Reply-To: References: <0bd65b0d-fc77-7389-04f3-69fba4ef17d2@merit.unu.edu> <8ab7cfe5-8fb5-45a0-6ccf-c535c8bae3b0@merit.unu.edu> <346b40eb-a6cb-738e-6d93-7c2ea25e9e63@proxmox.com> <83b178a4-5b03-f73f-ddb4-b6e74560606e@merit.unu.edu> <6df352ae-9f31-e4b7-3edb-005ca5d1b914@yahoo.com> Message-ID: <44e7944c-9778-6e7f-45c0-3fd0865ef618@merit.unu.edu> On 11/02/2017 04:06 PM, dorsy wrote: > You can have a serial console in KVM. > > More info: https://pve.proxmox.com/wiki/Serial_Terminal This works super! Thanks also Immo for the same suggestion! Can we somehow make this the default for new machines? (is there a template somewhere?) Thanks! MJ From f.cuseo at panservice.it Thu Nov 2 17:27:54 2017 From: f.cuseo at panservice.it (f.cuseo at panservice.it) Date: Thu, 2 Nov 2017 17:27:54 +0100 (CET) Subject: [PVE-User] Ceph server osd monitoring In-Reply-To: <1509639551.7511.4.camel@lae.is> References: <1829149658.15661570.1509524402211.JavaMail.zimbra@zimbra.panservice.it> <1509639551.7511.4.camel@lae.is> Message-ID: <1077041499.16009724.1509640074601.JavaMail.zimbra@zimbra.panservice.it> In my data center no problem. But when I have on premises clusters, tipically no monitor services are present. So, a push message will be preferred to a poll monitoring service. The tipical problem is a disk failure, so a warning email in case of osd down can be enough. Regards, Fabrizio Inviato da iPad > Il giorno 02 nov 2017, alle ore 17:19, Musee Ullah ha scritto: > > Ceph Luminous has a Prometheus plugin that can be enabled in ceph-mgr, > you could probably use that if you're using the Prometheus monitoring > environment. > > 2017-11-02 (?) ? 09:18 +0100 ? Eneko Lacunza ????????: > > You can use nagios/icinga for this. > > > > You probably have some monitoring in place, so why not use it? > > > > El 01/11/17 a las 09:20, Fabrizio Cuseo escribi?: > > > Hi all. > > > > > > Can you introduce in 5.1 a mail allarm when ceph server has some > > > problem (mon or osd down for example). > > > > > > Regards, Fabrizio > > > _______________________________________________ > > > pve-user mailing list > > > pve-user at pve.proxmox.com > > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > -- > Musee Ullah > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > From daniel at linux-nerd.de Fri Nov 3 10:20:40 2017 From: daniel at linux-nerd.de (Daniel) Date: Fri, 03 Nov 2017 10:20:40 +0100 Subject: [PVE-User] Traffic from other Servers Message-ID: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> Hi there, i have some strange issues. I have a couple of Proxmox Server in a Cluster. First of all I see on all Servers the same Traffic. This confused me and I started to debug where it come from. First point was tcpdump and here is something strange. I see on server7 all traffic which is going to the NFS Server from server18 Normally in a switched network this is not possible for my understanding. 10:09:29.686286 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22820576:22848088, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 27512 10:09:29.686519 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22848088:22850984, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 2896 10:09:29.686527 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22850984:22877048, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 26064 10:09:29.686774 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22877048:22906008, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 28960 10:09:29.687010 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [P.], seq 22906008:22912924, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 6916 I have to possibilities. My HP Switch is doing this with maybe mirror ports (but not configured as I know) The Proxmox Cluster show traffic on all Hosts. All my Hosts has the same Traffic Account when I check the Graphs My opinion is that it will be the Switch which makes wiered thinks. Cheers Daniel From uwe.sauter.de at gmail.com Fri Nov 3 11:32:28 2017 From: uwe.sauter.de at gmail.com (Uwe Sauter) Date: Fri, 3 Nov 2017 11:32:28 +0100 Subject: [PVE-User] Wiki regarding Ceph OSD tunables still correct? Message-ID: <7f00a0f0-57b2-997d-b975-604ea35b4d3c@gmail.com> Hi, is it still correct to set tunables to "hammer" even whit Proxmox 5? This is mentioned in the wiki [1]. Regards, Uwe [1] https://pve.proxmox.com/wiki/Ceph_Server#Set_the_Ceph_OSD_tunables From malyarchuk at cyfra.ua Fri Nov 3 11:45:10 2017 From: malyarchuk at cyfra.ua (Ivan Malyarchuk) Date: Fri, 3 Nov 2017 12:45:10 +0200 Subject: [PVE-User] Traffic from other Servers In-Reply-To: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> References: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> Message-ID: Hello. Looks like your switch is flooding known unicast traffic. Check if mac of 10.0.2.7 exists in FDB on all switches, also mac-learning is enabled on this port or vlan, and check overall MAC count on switch. Also there is a chance of hash collision, which leads to things thet some mac addresses cant be learned on switch FDB. 03.11.2017 11:20, Daniel ?????: > Hi there, > > > > i have some strange issues. I have a couple of Proxmox Server in a Cluster. > > First of all I see on all Servers the same Traffic. This confused me and I started to debug where it come from. > > > > First point was tcpdump and here is something strange. I see on server7 all traffic which is going to the NFS Server from server18 > > Normally in a switched network this is not possible for my understanding. > > > > 10:09:29.686286 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22820576:22848088, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 27512 > > 10:09:29.686519 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22848088:22850984, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 2896 > > 10:09:29.686527 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22850984:22877048, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 26064 > > 10:09:29.686774 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22877048:22906008, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 28960 > > 10:09:29.687010 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [P.], seq 22906008:22912924, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 6916 > > > > I have to possibilities. My HP Switch is doing this with maybe mirror ports (but not configured as I know) > > The Proxmox Cluster show traffic on all Hosts. All my Hosts has the same Traffic Account when I check the Graphs > > > > My opinion is that it will be the Switch which makes wiered thinks. > > > > Cheers > > > > Daniel > > > > > > > > > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- ? ?????????, ???? ???????? "?????-???????" ????? ???????, ???? (044) 206-77-33 ???.155 www.cyfra.ua From lists at merit.unu.edu Fri Nov 3 14:35:51 2017 From: lists at merit.unu.edu (mj) Date: Fri, 3 Nov 2017 14:35:51 +0100 Subject: [PVE-User] Wiki regarding Ceph OSD tunables still correct? In-Reply-To: <7f00a0f0-57b2-997d-b975-604ea35b4d3c@gmail.com> References: <7f00a0f0-57b2-997d-b975-604ea35b4d3c@gmail.com> Message-ID: <50b0a183-aa71-edde-4603-bad96220da44@merit.unu.edu> Hi, I set them to optimal, took the hit of the rebalance, and things are fine now. (we're on jewel now) MJ On 11/03/2017 11:32 AM, Uwe Sauter wrote: > Hi, > > is it still correct to set tunables to "hammer" even whit Proxmox 5? This is mentioned in the wiki [1]. > > Regards, > > Uwe > > [1] https://pve.proxmox.com/wiki/Ceph_Server#Set_the_Ceph_OSD_tunables > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > From a.antreich at proxmox.com Fri Nov 3 15:05:21 2017 From: a.antreich at proxmox.com (Alwin Antreich) Date: Fri, 3 Nov 2017 15:05:21 +0100 Subject: [PVE-User] Wiki regarding Ceph OSD tunables still correct? In-Reply-To: <7f00a0f0-57b2-997d-b975-604ea35b4d3c@gmail.com> References: <7f00a0f0-57b2-997d-b975-604ea35b4d3c@gmail.com> Message-ID: <20171103140521.ji2x7nxzyjexr2fb@dona.proxmox.com> Hi Uwe, On Fri, Nov 03, 2017 at 11:32:28AM +0100, Uwe Sauter wrote: > Hi, > > is it still correct to set tunables to "hammer" even whit Proxmox 5? This is mentioned in the wiki [1]. No, but on a Luminous cluster the profile is already set to jewel and the tunables are on optimal. I fixed the text for it. > > Regards, > > Uwe > > [1] https://pve.proxmox.com/wiki/Ceph_Server#Set_the_Ceph_OSD_tunables > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Cheers, Alwin From daniel at linux-nerd.de Fri Nov 3 17:31:08 2017 From: daniel at linux-nerd.de (Daniel) Date: Fri, 03 Nov 2017 17:31:08 +0100 Subject: [PVE-User] Traffic from other Servers In-Reply-To: References: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> Message-ID: <797B913E-8CCA-431D-AB9A-862363602C0C@linux-nerd.de> Hi, yes the MAC is learned and i can see that mac. So this seems not the problem Maybe someone has another idea. We use HP-1920 48 Port Switch. Am 03.11.17, 11:45 schrieb "pve-user im Auftrag von Ivan Malyarchuk" : Hello. Looks like your switch is flooding known unicast traffic. Check if mac of 10.0.2.7 exists in FDB on all switches, also mac-learning is enabled on this port or vlan, and check overall MAC count on switch. Also there is a chance of hash collision, which leads to things thet some mac addresses cant be learned on switch FDB. 03.11.2017 11:20, Daniel ?????: > Hi there, > > > > i have some strange issues. I have a couple of Proxmox Server in a Cluster. > > First of all I see on all Servers the same Traffic. This confused me and I started to debug where it come from. > > > > First point was tcpdump and here is something strange. I see on server7 all traffic which is going to the NFS Server from server18 > > Normally in a switched network this is not possible for my understanding. > > > > 10:09:29.686286 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22820576:22848088, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 27512 > > 10:09:29.686519 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22848088:22850984, ack 67363421, win 24575, options [nop,nop,TS val 552550304 ecr 1340486158], length 2896 > > 10:09:29.686527 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22850984:22877048, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 26064 > > 10:09:29.686774 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq 22877048:22906008, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 28960 > > 10:09:29.687010 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [P.], seq 22906008:22912924, ack 67363421, win 24576, options [nop,nop,TS val 552550304 ecr 1340486158], length 6916 > > > > I have to possibilities. My HP Switch is doing this with maybe mirror ports (but not configured as I know) > > The Proxmox Cluster show traffic on all Hosts. All my Hosts has the same Traffic Account when I check the Graphs > > > > My opinion is that it will be the Switch which makes wiered thinks. > > > > Cheers > > > > Daniel > > > > > > > > > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- ? ?????????, ???? ???????? "?????-???????" ????? ???????, ???? (044) 206-77-33 ???.155 www.cyfra.ua _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From silvestrefigueroa at gmail.com Fri Nov 3 18:05:16 2017 From: silvestrefigueroa at gmail.com (Silvestre Figueroa) Date: Fri, 3 Nov 2017 14:05:16 -0300 Subject: [PVE-User] Traffic from other Servers In-Reply-To: <797B913E-8CCA-431D-AB9A-862363602C0C@linux-nerd.de> References: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> <797B913E-8CCA-431D-AB9A-862363602C0C@linux-nerd.de> Message-ID: Hi Daniel, 2017-11-03 13:31 GMT-03:00 Daniel : > Hi, > > yes the MAC is learned and i can see that mac. So this seems not the > problem > Maybe someone has another idea. We use HP-1920 48 Port Switch. > Im using the same switches at whole network (10 devices) and no problems. VLANs, tagged and untagged, trunkings, "lacp"... works like a charm. Atte.- > > > Am 03.11.17, 11:45 schrieb "pve-user im Auftrag von Ivan Malyarchuk" < > pve-user-bounces at pve.proxmox.com im Auftrag von malyarchuk at cyfra.ua>: > > Hello. > Looks like your switch is flooding known unicast traffic. > Check if mac of 10.0.2.7 exists in FDB on all switches, also > mac-learning is enabled on this port or vlan, and check overall MAC > count on switch. > Also there is a chance of hash collision, which leads to things thet > some mac addresses cant be learned on switch FDB. > > 03.11.2017 11:20, Daniel ?????: > > Hi there, > > > > > > > > i have some strange issues. I have a couple of Proxmox Server in a > Cluster. > > > > First of all I see on all Servers the same Traffic. This confused me > and I started to debug where it come from. > > > > > > > > First point was tcpdump and here is something strange. I see on > server7 all traffic which is going to the NFS Server from server18 > > > > Normally in a switched network this is not possible for my > understanding. > > > > > > > > 10:09:29.686286 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22820576:22848088, ack 67363421, win 24575, options [nop,nop,TS val > 552550304 ecr 1340486158], length 27512 > > > > 10:09:29.686519 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22848088:22850984, ack 67363421, win 24575, options [nop,nop,TS val > 552550304 ecr 1340486158], length 2896 > > > > 10:09:29.686527 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22850984:22877048, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 26064 > > > > 10:09:29.686774 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22877048:22906008, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 28960 > > > > 10:09:29.687010 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [P.], seq > 22906008:22912924, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 6916 > > > > > > > > I have to possibilities. My HP Switch is doing this with maybe > mirror ports (but not configured as I know) > > > > The Proxmox Cluster show traffic on all Hosts. All my Hosts has the > same Traffic Account when I check the Graphs > > > > > > > > My opinion is that it will be the Switch which makes wiered thinks. > > > > > > > > Cheers > > > > > > > > Daniel > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > -- > ? ?????????, > ???? ???????? > "?????-???????" ????? > ???????, ???? > (044) 206-77-33 ???.155 > www.cyfra.ua > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > From daniel at linux-nerd.de Fri Nov 3 18:12:19 2017 From: daniel at linux-nerd.de (Daniel) Date: Fri, 03 Nov 2017 18:12:19 +0100 Subject: [PVE-User] Traffic from other Servers In-Reply-To: References: <7BB48E9C-9B74-479E-9731-1574965B23A4@linux-nerd.de> <797B913E-8CCA-431D-AB9A-862363602C0C@linux-nerd.de> Message-ID: <74FBA570-7C47-4B6A-A2B1-7F3301E8046D@linux-nerd.de> Hi, i just have 2 VLANs and 2 LACP Trunks. I and can see traffic on all interfaces from all Servers.. this is soooo strange and I also have packetloss. I think this is because of the Switches. Its after I upgraded the firmware to the latest version. Maybe I will rollback to the last version and test if the issue will remove. Am 03.11.17, 18:05 schrieb "pve-user im Auftrag von Silvestre Figueroa" : Hi Daniel, 2017-11-03 13:31 GMT-03:00 Daniel : > Hi, > > yes the MAC is learned and i can see that mac. So this seems not the > problem > Maybe someone has another idea. We use HP-1920 48 Port Switch. > Im using the same switches at whole network (10 devices) and no problems. VLANs, tagged and untagged, trunkings, "lacp"... works like a charm. Atte.- > > > Am 03.11.17, 11:45 schrieb "pve-user im Auftrag von Ivan Malyarchuk" < > pve-user-bounces at pve.proxmox.com im Auftrag von malyarchuk at cyfra.ua>: > > Hello. > Looks like your switch is flooding known unicast traffic. > Check if mac of 10.0.2.7 exists in FDB on all switches, also > mac-learning is enabled on this port or vlan, and check overall MAC > count on switch. > Also there is a chance of hash collision, which leads to things thet > some mac addresses cant be learned on switch FDB. > > 03.11.2017 11:20, Daniel ?????: > > Hi there, > > > > > > > > i have some strange issues. I have a couple of Proxmox Server in a > Cluster. > > > > First of all I see on all Servers the same Traffic. This confused me > and I started to debug where it come from. > > > > > > > > First point was tcpdump and here is something strange. I see on > server7 all traffic which is going to the NFS Server from server18 > > > > Normally in a switched network this is not possible for my > understanding. > > > > > > > > 10:09:29.686286 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22820576:22848088, ack 67363421, win 24575, options [nop,nop,TS val > 552550304 ecr 1340486158], length 27512 > > > > 10:09:29.686519 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22848088:22850984, ack 67363421, win 24575, options [nop,nop,TS val > 552550304 ecr 1340486158], length 2896 > > > > 10:09:29.686527 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22850984:22877048, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 26064 > > > > 10:09:29.686774 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [.], seq > 22877048:22906008, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 28960 > > > > 10:09:29.687010 IP 10.0.2.128.782 > 10.0.2.7.2049: Flags [P.], seq > 22906008:22912924, ack 67363421, win 24576, options [nop,nop,TS val > 552550304 ecr 1340486158], length 6916 > > > > > > > > I have to possibilities. My HP Switch is doing this with maybe > mirror ports (but not configured as I know) > > > > The Proxmox Cluster show traffic on all Hosts. All my Hosts has the > same Traffic Account when I check the Graphs > > > > > > > > My opinion is that it will be the Switch which makes wiered thinks. > > > > > > > > Cheers > > > > > > > > Daniel > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > -- > ? ?????????, > ???? ???????? > "?????-???????" ????? > ???????, ???? > (044) 206-77-33 ???.155 > www.cyfra.ua > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From john at shasta.com Sat Nov 4 12:00:29 2017 From: john at shasta.com (John C. Reid) Date: Sat, 4 Nov 2017 04:00:29 -0700 Subject: [PVE-User] Out of Office Autoreply Message-ID: I am out of the office from 11/3 through 11/8. Assistance is available via phone or E-mail 24 hours a day by contacting support. The support E-mail address is support at gmail.com. Thank you. From uwe.sauter.de at gmail.com Sat Nov 4 16:44:23 2017 From: uwe.sauter.de at gmail.com (Uwe Sauter) Date: Sat, 4 Nov 2017 16:44:23 +0100 Subject: [PVE-User] PVE 5.1 pveperf not working correctly Message-ID: <35f96cd5-cedf-edd6-664e-4e7a61bd6c0a@gmail.com> Hi running a cluster with PVE 5.1 and Ceph. pveperf as described in [1] doesn't work anymore. Even as root I get: root at pxmx-02:~# pveperf help CPU BOGOMIPS: 89368.48 REGEX/SECOND: 1505926 df: help: No such file or directory DNS EXT: 13.68 ms DNS INT: 19.98 ms (localdomain) Don't know if this is due to the fact that 5 of the 6 local disks are used by Ceph (bluestore). Just to let developers know? Regards, Uwe [1] https://pve.proxmox.com/wiki/Command_line_tools#pveperf From dietmar at proxmox.com Sat Nov 4 17:27:36 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Sat, 4 Nov 2017 17:27:36 +0100 (CET) Subject: [PVE-User] PVE 5.1 pveperf not working correctly In-Reply-To: <35f96cd5-cedf-edd6-664e-4e7a61bd6c0a@gmail.com> References: <35f96cd5-cedf-edd6-664e-4e7a61bd6c0a@gmail.com> Message-ID: <1108830447.9.1509812857031@webmail.proxmox.com> > pveperf as described in [1] doesn't work anymore. Even as root I get: > > root at pxmx-02:~# pveperf help > CPU BOGOMIPS: 89368.48 > REGEX/SECOND: 1505926 > df: help: No such file or directory > DNS EXT: 13.68 ms > DNS INT: 19.98 ms (localdomain) see "man pveperf" The syntax is: pveperf [PATH] You run "pveperf help", and I am quite sure that path "help" does not exist. So I cant see whats wrong? From uwe.sauter.de at gmail.com Sat Nov 4 19:17:32 2017 From: uwe.sauter.de at gmail.com (Uwe Sauter) Date: Sat, 4 Nov 2017 19:17:32 +0100 Subject: [PVE-User] PVE 5.1 pveperf not working correctly In-Reply-To: <1108830447.9.1509812857031@webmail.proxmox.com> References: <35f96cd5-cedf-edd6-664e-4e7a61bd6c0a@gmail.com> <1108830447.9.1509812857031@webmail.proxmox.com> Message-ID: <9345dba7-9475-b2a9-5ac4-c58d2cbc5f22@gmail.com> True, my bad. But every other PVE related command I used so far had a " help" subcommand so I didn't look into the man page. Please take this than as bug report for the subcommand (or a "-h" help option) and as a request to update the wiki article to include the info, that a PATH argument can be given. Regards, Uwe Am 04.11.2017 um 17:27 schrieb Dietmar Maurer: >> pveperf as described in [1] doesn't work anymore. Even as root I get: >> >> root at pxmx-02:~# pveperf help >> CPU BOGOMIPS: 89368.48 >> REGEX/SECOND: 1505926 >> df: help: No such file or directory >> DNS EXT: 13.68 ms >> DNS INT: 19.98 ms (localdomain) > > see "man pveperf" > > The syntax is: pveperf [PATH] > > You run "pveperf help", and I am quite sure that path "help" does > not exist. So I cant see whats wrong? > From dietmar at proxmox.com Sat Nov 4 22:08:53 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Sat, 4 Nov 2017 22:08:53 +0100 (CET) Subject: [PVE-User] PVE 5.1 pveperf not working correctly In-Reply-To: <9345dba7-9475-b2a9-5ac4-c58d2cbc5f22@gmail.com> References: <35f96cd5-cedf-edd6-664e-4e7a61bd6c0a@gmail.com> <1108830447.9.1509812857031@webmail.proxmox.com> <9345dba7-9475-b2a9-5ac4-c58d2cbc5f22@gmail.com> Message-ID: <1120336661.15.1509829733390@webmail.proxmox.com> > Please take this than as bug report for the subcommand (or a "-h" help option) > and as a request to update the wiki > article to include the info, that a PATH argument can be given. OK ;-) Will try to improve things ... From john at shasta.com Sun Nov 5 12:00:28 2017 From: john at shasta.com (John C. Reid) Date: Sun, 5 Nov 2017 03:00:28 -0800 Subject: [PVE-User] Out of Office Autoreply Message-ID: <5e480226e65a4e788c5bf5b1814de53b@7e1b70728b5d487ea1fd61261506f90b> I am out of the office from 11/3 through 11/8. Assistance is available via phone or E-mail 24 hours a day by contacting support. The support E-mail address is support at gmail.com. Thank you. From john at shasta.com Mon Nov 6 12:00:33 2017 From: john at shasta.com (John C. Reid) Date: Mon, 6 Nov 2017 03:00:33 -0800 Subject: [PVE-User] Out of Office Autoreply Message-ID: <0a0e0084da9a455a9ce633231c8f2c66@cd952a37d6594018bb3e4137c3a9f9d4> I am out of the office from 11/3 through 11/8. Assistance is available via phone or E-mail 24 hours a day by contacting support. The support E-mail address is support at gmail.com. Thank you. From john at shasta.com Tue Nov 7 12:00:36 2017 From: john at shasta.com (John C. Reid) Date: Tue, 7 Nov 2017 03:00:36 -0800 Subject: [PVE-User] Out of Office Autoreply Message-ID: I am out of the office from 11/3 through 11/8. Assistance is available via phone or E-mail 24 hours a day by contacting support. The support E-mail address is support at gmail.com. Thank you. From proxmox at elchaka.de Wed Nov 8 00:04:02 2017 From: proxmox at elchaka.de (Mehmet) Date: Wed, 08 Nov 2017 00:04:02 +0100 Subject: [PVE-User] PVE 5.1 zfs replication In-Reply-To: References: Message-ID: <6DDA00FF-E2D5-4A14-9D4A-26894786EE0C@elchaka.de> Hi Gilberto, Am 31. Oktober 2017 23:58:17 MEZ schrieb Gilberto Nunes : >Hi guys > >Again, I am in trouble with ZFS Replication: > >2017-10-31 20:56:01 100-0: start replication job >2017-10-31 20:56:01 100-0: guest => CT 100, running => 1 >2017-10-31 20:56:01 100-0: volumes => STG:subvol-100-disk-1 >2017-10-31 20:56:02 100-0: freeze guest filesystem >2017-10-31 20:56:02 100-0: create snapshot >'__replicate_100-0_1509490561__' >on STG:subvol-100-disk-1 >2017-10-31 20:56:03 100-0: thaw guest filesystem >2017-10-31 20:56:03 100-0: full sync 'STG:subvol-100-disk-1' >(__replicate_100-0_1509490561__) >2017-10-31 20:56:04 100-0: full send of >ZFS/subvol-100-disk-1 at __replicate_100-0_1509490561__ >estimated size is 417M >2017-10-31 20:56:04 100-0: total estimated size is 417M >2017-10-31 20:56:04 100-0: TIME SENT SNAPSHOT >2017-10-31 20:56:04 100-0: ZFS/subvol-100-disk-1 name >ZFS/subvol-100-disk-1 >- >2017-10-31 20:56:04 100-0: volume 'ZFS/subvol-100-disk-1' already >exists >2017-10-31 20:56:04 100-0: warning: cannot send >'ZFS/subvol-100-disk-1 at __replicate_100-0_1509490561__': >signal received >2017-10-31 20:56:04 100-0: cannot send 'ZFS/subvol-100-disk-1': I/O >error You should have a look on your dmesg Output. It seems there is an issue with your harddisk (s) - Mehmet >2017-10-31 20:56:04 100-0: command 'zfs send -Rpv -- >ZFS/subvol-100-disk-1 at __replicate_100-0_1509490561__' >failed: exit code 1 >2017-10-31 20:56:04 100-0: delete previous replication snapshot >'__replicate_100-0_1509490561__' on STG:subvol-100-disk-1 >2017-10-31 20:56:04 100-0: end replication job with error: command 'set >-o >pipefail && pvesm export STG:subvol-100-disk-1 zfs - -with-snapshots 1 >-snapshot __replicate_100-0_1509490561__ | /usr/bin/ssh -o >'BatchMode=yes' >-o 'HostKeyAlias=pve200' root at 10.1.1.2 -- pvesm import >STG:subvol-100-disk-1 zfs - -with-snapshots 1' failed: exit code 255 > >How can I fix it??? > >Thanks >--- >Gilberto Ferreira >_______________________________________________ >pve-user mailing list >pve-user at pve.proxmox.com >https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From john at shasta.com Wed Nov 8 12:00:31 2017 From: john at shasta.com (John C. Reid) Date: Wed, 8 Nov 2017 03:00:31 -0800 Subject: [PVE-User] Out of Office Autoreply Message-ID: <5504487c1e0b44489f0013f35f180f3f@f57fda5106d84e2dbf4061ab1ba97db6> I am out of the office from 11/3 through 11/8. Assistance is available via phone or E-mail 24 hours a day by contacting support. The support E-mail address is support at gmail.com. Thank you. From francois.deslauriers at gmail.com Wed Nov 8 23:20:49 2017 From: francois.deslauriers at gmail.com (Francois Deslauriers) Date: Wed, 8 Nov 2017 17:20:49 -0500 Subject: [PVE-User] OVA, OVF support Message-ID: is there any plan to support OVA, OVF import into Proxmox ? And if so when this could be expected ? It would geatly help in promoting the plataform and ease the process of migration From aderumier at odiso.com Thu Nov 9 07:38:22 2017 From: aderumier at odiso.com (Alexandre DERUMIER) Date: Thu, 9 Nov 2017 07:38:22 +0100 (CET) Subject: [PVE-User] OVA, OVF support In-Reply-To: References: Message-ID: <2084640559.2844319.1510209502879.JavaMail.zimbra@oxygem.tv> already available in proxmox 5.1 :) #qm importovf ----- Mail original ----- De: "Francois Deslauriers" ?: "proxmoxve" Envoy?: Mercredi 8 Novembre 2017 23:20:49 Objet: [PVE-User] OVA, OVF support is there any plan to support OVA, OVF import into Proxmox ? And if so when this could be expected ? It would geatly help in promoting the plataform and ease the process of migration _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From e.kasper at proxmox.com Thu Nov 9 09:19:47 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Thu, 9 Nov 2017 09:19:47 +0100 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: Message-ID: <2c175069-09e0-89d4-6c43-29a43f30cb35@proxmox.com> On 11/08/2017 11:20 PM, Francois Deslauriers wrote: > is there any plan to support OVA, OVF import into Proxmox ? > And if so when this could be expected ? Technically we only support import from OVF. But an OVA file is just a tarball with the OVF xml and a vmdk disk image. From francois.deslauriers at gmail.com Thu Nov 9 13:00:09 2017 From: francois.deslauriers at gmail.com (Francois Deslauriers) Date: Thu, 09 Nov 2017 12:00:09 +0000 Subject: [PVE-User] OVA, OVF support In-Reply-To: <2c175069-09e0-89d4-6c43-29a43f30cb35@proxmox.com> References: <2c175069-09e0-89d4-6c43-29a43f30cb35@proxmox.com> Message-ID: Oh , Great , i do have to upgrade then :.) On Thu, Nov 9, 2017 at 3:19 AM Emmanuel Kasper wrote: > On 11/08/2017 11:20 PM, Francois Deslauriers wrote: > > is there any plan to support OVA, OVF import into Proxmox ? > > And if so when this could be expected ? > > Technically we only support import from OVF. > > But an OVA file is just a tarball with the OVF xml and a vmdk disk image. > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Envoy? avec Gmail Mobile From demarcog83 at gmail.com Thu Nov 9 13:33:57 2017 From: demarcog83 at gmail.com (Giuseppe De Marco) Date: Thu, 9 Nov 2017 13:33:57 +0100 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <2c175069-09e0-89d4-6c43-29a43f30cb35@proxmox.com> Message-ID: Good news, this is a very important feature. Thanks a lot 2017-11-09 13:00 GMT+01:00 Francois Deslauriers : > Oh , Great , i do have to upgrade then :.) > > > > On Thu, Nov 9, 2017 at 3:19 AM Emmanuel Kasper wrote: > >> On 11/08/2017 11:20 PM, Francois Deslauriers wrote: >> > is there any plan to support OVA, OVF import into Proxmox ? >> > And if so when this could be expected ? >> >> Technically we only support import from OVF. >> >> But an OVA file is just a tarball with the OVF xml and a vmdk disk image. >> >> _______________________________________________ >> pve-user mailing list >> pve-user at pve.proxmox.com >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > -- > Envoy? avec Gmail Mobile > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From Brian.Chase at gd-ms.com Thu Nov 9 18:36:10 2017 From: Brian.Chase at gd-ms.com (Chase, Brian E) Date: Thu, 9 Nov 2017 17:36:10 +0000 Subject: [PVE-User] Can't mount external USB drive to container Message-ID: I was able to use the GUI to add a USB device and subsequently mount it on a guest QEMU Virtual Machine, but those same options are not present in the web UI for containers, so I found some related documentation here: https://pve.proxmox.com/wiki/USB_Devices_in_Virtual_Machines I followed instructions, substituting the container number and the desired USB device found with the 'lsusb' command, and get this error: root at pve:~# qm set 103 -usb0 host=0bc2:3322 Configuration file 'nodes/pve/qemu-server/103.conf' does not exist root at pve:~# I noticed that it was looking at a directory that caught my attention, the "qemu-server" portion of the pathname above set off a red flag, and made me believe that perhaps ONLY full blown QEMU virtual machines are supported when it comes to attaching USB devices. Is there anyone out there who can tell me definitely whether or not containers support the connection of external USB storage devices? If so, can you point me to documentation that works in order to make this container/USB device connections? From Brian.Chase at gd-ms.com Thu Nov 9 18:59:51 2017 From: Brian.Chase at gd-ms.com (Chase, Brian E) Date: Thu, 9 Nov 2017 17:59:51 +0000 Subject: [PVE-User] User Management question Message-ID: <30e0b9e8b9574ea293b6a5d032627ed2@VADC-MMB01.GD-MS.US> The User Management documentation at (https://pve.proxmox.com/wiki/User_Management) is insufficient for me to be able to create a user with limited permissions. A couple of examples that I do not see in the documentation that would be helpful are: 1. Create a user that only has console access to specific virtual machines, but not others. This user would not be able to add/delete VM's or change any settings on any existing VM's. 2. Create another user that could create and manage new VM's, but only modify VM's the he/she created and have no ability to modify any settings of any VM's created by another user. Examples are the way I learn best, so any who may be able to provide the above examples would help me a great deal. I think once I see those two examples, I should be able to decipher the rest on my own using the documentation in the link shown above Thanks, Brian From t.lamprecht at proxmox.com Fri Nov 10 07:11:26 2017 From: t.lamprecht at proxmox.com (Thomas Lamprecht) Date: Fri, 10 Nov 2017 07:11:26 +0100 Subject: [PVE-User] Can't mount external USB drive to container In-Reply-To: References: Message-ID: <303c76fa-4c0f-17e1-e8eb-b040b45aa80b@proxmox.com> Hi, On 11/09/2017 06:36 PM, Chase, Brian E wrote: > I was able to use the GUI to add a USB device and subsequently mount it on a guest QEMU Virtual Machine, but those same options are not present in the web UI for containers, so I found some related documentation here: > > https://pve.proxmox.com/wiki/USB_Devices_in_Virtual_Machines > > I followed instructions, substituting the container number and the desired USB device found with the 'lsusb' command, and get this error: > > root at pve:~# qm set 103 -usb0 host=0bc2:3322 > Configuration file 'nodes/pve/qemu-server/103.conf' does not exist > root at pve:~# > qm is the CLI management tool for Qemu VMs (*q*emu *m*anager, AFAIK), so you cannot manage container with them. > I noticed that it was looking at a directory that caught my attention, the "qemu-server" portion of the pathname above set off a red flag, and made me believe that perhaps ONLY full blown QEMU virtual machines are supported when it comes to attaching USB devices. > Yes, from our management stack only VMs have USB support. > Is there anyone out there who can tell me definitely whether or not containers support the connection of external USB storage devices? If so, can you point me to documentation that works in order to make this container/USB device connections? Our container are based on LXC (LinuX Containers) thus it's best to use LXC within the search term when looking for resources. In general it's possible to "passthrough" USB devices to containers, but as it's not supported by our management stack you need to do it with the LXC level config options. See: https://forum.proxmox.com/threads/lxc-usb-passthrough-zwave-stick.30058/ Maybe also: https://forum.proxmox.com/threads/passthrough-usb-from-host-to-lxc.23856/ cheers, Thomas From mark at openvs.co.uk Fri Nov 10 19:02:51 2017 From: mark at openvs.co.uk (Mark Adams) Date: Fri, 10 Nov 2017 18:02:51 +0000 Subject: [PVE-User] snapshot=off Message-ID: Hi All, On proxmox 5.1, with ceph as storage, I'm trying to disable the snapshotting of a specific disk on a VM. This is not an option in the gui, but I've added the option to the disk in the conf file scsi1: ssd_ceph_vm:vm-100-disk-2,discard=on,size=32G,snapshot=off However, this seems to be ignored and the snapshot is still created. Is this just not supported? Thanks in advance! From daniel at linux-nerd.de Sun Nov 12 23:28:40 2017 From: daniel at linux-nerd.de (Daniel) Date: Sun, 12 Nov 2017 23:28:40 +0100 Subject: [PVE-User] OVA, OVF support Message-ID: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Hi, but actually not on the GUI right? Am 09.11.17, 07:38 schrieb "pve-user im Auftrag von Alexandre DERUMIER" : already available in proxmox 5.1 :) #qm importovf ----- Mail original ----- De: "Francois Deslauriers" ?: "proxmoxve" Envoy?: Mercredi 8 Novembre 2017 23:20:49 Objet: [PVE-User] OVA, OVF support is there any plan to support OVA, OVF import into Proxmox ? And if so when this could be expected ? It would geatly help in promoting the plataform and ease the process of migration _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From francois.deslauriers at gmail.com Mon Nov 13 01:02:39 2017 From: francois.deslauriers at gmail.com (Francois Deslauriers) Date: Mon, 13 Nov 2017 00:02:39 +0000 Subject: [PVE-User] OVA, OVF support In-Reply-To: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: Effectively ,not in gui , but it works fine , very simple parameters , ajustments are often needed after migration , on the vm On Sun, Nov 12, 2017 at 5:28 PM Daniel wrote: > Hi, > > but actually not on the GUI right? > > Am 09.11.17, 07:38 schrieb "pve-user im Auftrag von Alexandre DERUMIER" < > pve-user-bounces at pve.proxmox.com im Auftrag von aderumier at odiso.com>: > > already available in proxmox 5.1 :) > > #qm importovf > > ----- Mail original ----- > De: "Francois Deslauriers" > ?: "proxmoxve" > Envoy?: Mercredi 8 Novembre 2017 23:20:49 > Objet: [PVE-User] OVA, OVF support > > is there any plan to support OVA, OVF import into Proxmox ? > And if so when this could be expected ? > > > > It would geatly help in promoting the plataform > and ease the process of migration > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Envoy? avec Gmail Mobile From f.gruenbichler at proxmox.com Mon Nov 13 08:36:34 2017 From: f.gruenbichler at proxmox.com (Fabian =?iso-8859-1?Q?Gr=FCnbichler?=) Date: Mon, 13 Nov 2017 08:36:34 +0100 Subject: [PVE-User] snapshot=off In-Reply-To: References: Message-ID: <20171113073634.fhxxglj6p7ryrpa3@nora.maurer-it.com> On Fri, Nov 10, 2017 at 06:02:51PM +0000, Mark Adams wrote: > Hi All, > > On proxmox 5.1, with ceph as storage, I'm trying to disable the > snapshotting of a specific disk on a VM. > > This is not an option in the gui, but I've added the option to the disk in > the conf file > > scsi1: ssd_ceph_vm:vm-100-disk-2,discard=on,size=32G,snapshot=off > > However, this seems to be ignored and the snapshot is still created. > > Is this just not supported? > > Thanks in advance! yes, this is not (yet) implemented - there is a related bug entry for pve-container already[1]. the snapshot property for VM drives is a leftover of some old functionality IIRC, and not used anymore at all (so it could be recycled for this use case?). 1: https://bugzilla.proxmox.com/show_bug.cgi?id=1007 From mcooper at coopfire.com Mon Nov 13 10:08:03 2017 From: mcooper at coopfire.com (Michael Cooper) Date: Mon, 13 Nov 2017 04:08:03 -0500 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: Hello guys, What adjustments? Memory, Nic??? On Nov 12, 2017 7:02 PM, "Francois Deslauriers" < francois.deslauriers at gmail.com> wrote: > Effectively ,not in gui , but it works fine , very simple parameters , > ajustments are often needed after migration , on the vm > > > On Sun, Nov 12, 2017 at 5:28 PM Daniel wrote: > > > Hi, > > > > but actually not on the GUI right? > > > > Am 09.11.17, 07:38 schrieb "pve-user im Auftrag von Alexandre DERUMIER" < > > pve-user-bounces at pve.proxmox.com im Auftrag von aderumier at odiso.com>: > > > > already available in proxmox 5.1 :) > > > > #qm importovf > > > > ----- Mail original ----- > > De: "Francois Deslauriers" > > ?: "proxmoxve" > > Envoy?: Mercredi 8 Novembre 2017 23:20:49 > > Objet: [PVE-User] OVA, OVF support > > > > is there any plan to support OVA, OVF import into Proxmox ? > > And if so when this could be expected ? > > > > > > > > It would geatly help in promoting the plataform > > and ease the process of migration > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > > > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > -- > Envoy? avec Gmail Mobile > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > From e.kasper at proxmox.com Mon Nov 13 10:24:56 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Mon, 13 Nov 2017 10:24:56 +0100 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: On 11/13/2017 10:08 AM, Michael Cooper wrote: > Hello guys, > > What adjustments? Memory, Nic??? Memory is detected, Nic type no. If you need the NIC detection badly, please submit a request for enhancement at bugzilla.proxmox.com From francois.deslauriers at gmail.com Mon Nov 13 13:30:52 2017 From: francois.deslauriers at gmail.com (Francois Deslauriers) Date: Mon, 13 Nov 2017 07:30:52 -0500 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: Hard to determine in advance , processer type, disk controller Nic card type , for example I am unable to use a imported ova I used to use on VMware , Unix based it starts but freezes at boot time I am unable to find the proper ajustements to make it works , VA-DTE , juniper demo vpn-ssl VM On Nov 13, 2017 04:08, "Michael Cooper" wrote: > Hello guys, > > What adjustments? Memory, Nic??? > > On Nov 12, 2017 7:02 PM, "Francois Deslauriers" < > francois.deslauriers at gmail.com> wrote: > > > Effectively ,not in gui , but it works fine , very simple parameters , > > ajustments are often needed after migration , on the vm > > > > > > On Sun, Nov 12, 2017 at 5:28 PM Daniel wrote: > > > > > Hi, > > > > > > but actually not on the GUI right? > > > > > > Am 09.11.17, 07:38 schrieb "pve-user im Auftrag von Alexandre > DERUMIER" < > > > pve-user-bounces at pve.proxmox.com im Auftrag von aderumier at odiso.com>: > > > > > > already available in proxmox 5.1 :) > > > > > > #qm importovf > > > > > > ----- Mail original ----- > > > De: "Francois Deslauriers" > > > ?: "proxmoxve" > > > Envoy?: Mercredi 8 Novembre 2017 23:20:49 > > > Objet: [PVE-User] OVA, OVF support > > > > > > is there any plan to support OVA, OVF import into Proxmox ? > > > And if so when this could be expected ? > > > > > > > > > > > > It would geatly help in promoting the plataform > > > and ease the process of migration > > > _______________________________________________ > > > pve-user mailing list > > > pve-user at pve.proxmox.com > > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > > _______________________________________________ > > > pve-user mailing list > > > pve-user at pve.proxmox.com > > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > > > > > > > > _______________________________________________ > > > pve-user mailing list > > > pve-user at pve.proxmox.com > > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > > -- > > Envoy? avec Gmail Mobile > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > From elacunza at binovo.es Mon Nov 13 16:26:31 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Mon, 13 Nov 2017 16:26:31 +0100 Subject: [PVE-User] Ceph jewel to luminous upgrade problem Message-ID: <2a581de7-405a-099b-7f7a-48263323ce90@binovo.es> Hi all, We're in the process of upgrading our office Proxmox v4.4 cluster to v5.1 . For that we first have followed instructions in https://pve.proxmox.com/wiki/Ceph_Jewel_to_Luminous to upgrade Ceph Jewel to Luminous. Upgrade was apparently a success: # ceph -s ? cluster: ??? id:???? 8ee074d4-005c-4bd6-a077-85eddde543b5 ??? health: HEALTH_OK ? services: ??? mon: 3 daemons, quorum 0,2,3 ??? mgr: butroe(active), standbys: guadalupe, sanmarko ??? osd: 12 osds: 12 up, 12 in ? data: ??? pools:?? 2 pools, 640 pgs ??? objects: 518k objects, 1966 GB ??? usage:?? 4120 GB used, 7052 GB / 11172 GB avail ??? pgs:???? 640 active+clean ? io: ??? client:?? 644 kB/s rd, 3299 kB/s wr, 61 op/s rd, 166 op/s wr And versions seem good too: # ceph mon versions { ??? "ceph version 12.2.1 (3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e) luminous (stable)": 3 } # ceph osd versions { ??? "ceph version 12.2.1 (3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e) luminous (stable)": 12 } But this weeked there were problems backing up some VMs, all with the same error: no such volume 'ceph-proxmox:vm-120-disk-1' The "missing" volumes don't show in storage content, but they DO if we do a "rbd -p proxmox ls". When we try an info command we get an error though: # rbd -p proxmox info vm-120-disk-1 2017-11-13 16:04:02.979006 7f99d8ff9700 -1 librbd::image::OpenRequest: failed to retreive immutable metadata: (2) No such file or directory rbd: error opening image vm-120-disk-1: (2) No such file or directory Other VM disk images behave normally: # rbd -p proxmox info vm-119-disk-1 rbd image 'vm-119-disk-1': ??? size 3072 MB in 768 objects ??? order 22 (4096 kB objects) ??? block_name_prefix: rbd_data.575762ae8944a ??? format: 2 ??? features: layering ??? flags: I don't really know what to look at to further diagnose this. I recall that there was a version 1 format for rbd, but I doubt "missing" disk images are in that old format (and really don't know how to check that if info doesn't work...) Some of the missing VMs continue to be used by "old" running qemu processes and work correctly; but if we stop the VM, then it won't start again with the error reported above. I can start and stop VMs with non-"missing" disk images normally. Any hints about what to try next? OSDs are filestore with XFS (created from GUI). # pveversion -v proxmox-ve: 4.4-96 (running kernel: 4.4.83-1-pve) pve-manager: 4.4-18 (running version: 4.4-18/ef2610e8) pve-kernel-4.4.67-1-pve: 4.4.67-92 pve-kernel-4.4.76-1-pve: 4.4.76-94 pve-kernel-4.4.83-1-pve: 4.4.83-96 lvm2: 2.02.116-pve3 corosync-pve: 2.4.2-2~pve4+1 libqb0: 1.0.1-1 pve-cluster: 4.0-53 qemu-server: 4.0-113 pve-firmware: 1.1-11 libpve-common-perl: 4.0-96 libpve-access-control: 4.0-23 libpve-storage-perl: 4.0-76 pve-libspice-server1: 0.12.8-2 vncterm: 1.3-2 pve-docs: 4.4-4 pve-qemu-kvm: 2.9.0-5~pve4 pve-container: 1.0-101 pve-firewall: 2.0-33 pve-ha-manager: 1.0-41 ksm-control-daemon: 1.2-1 glusterfs-client: 3.5.2-2+deb8u3 lxc-pve: 2.0.7-4 lxcfs: 2.0.6-pve1 criu: 1.6.0-1 novnc-pve: 0.5-9 smartmontools: 6.5+svn4324-1~pve80 zfsutils: 0.6.5.9-pve15~bpo80 ceph: 12.2.1-1~bpo80+1 Thanks a lot Eneko -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From elacunza at binovo.es Mon Nov 13 16:44:56 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Mon, 13 Nov 2017 16:44:56 +0100 Subject: [PVE-User] Ceph jewel to luminous upgrade problem In-Reply-To: <2a581de7-405a-099b-7f7a-48263323ce90@binovo.es> References: <2a581de7-405a-099b-7f7a-48263323ce90@binovo.es> Message-ID: <26898c37-56df-c1c3-c309-9b6d751d4480@binovo.es> Hi again, It seems we hit this reported/won't fix bug: http://tracker.ceph.com/issues/16211 I managed to start an affected VM following step #12, will continue applying the fix to see if all affected VMs are fixed this way. Thanks El 13/11/17 a las 16:26, Eneko Lacunza escribi?: > Hi all, > > We're in the process of upgrading our office Proxmox v4.4 cluster to > v5.1 . > > For that we first have followed instructions in > https://pve.proxmox.com/wiki/Ceph_Jewel_to_Luminous > > to upgrade Ceph Jewel to Luminous. > > Upgrade was apparently a success: > # ceph -s > ? cluster: > ??? id:???? 8ee074d4-005c-4bd6-a077-85eddde543b5 > ??? health: HEALTH_OK > > ? services: > ??? mon: 3 daemons, quorum 0,2,3 > ??? mgr: butroe(active), standbys: guadalupe, sanmarko > ??? osd: 12 osds: 12 up, 12 in > > ? data: > ??? pools:?? 2 pools, 640 pgs > ??? objects: 518k objects, 1966 GB > ??? usage:?? 4120 GB used, 7052 GB / 11172 GB avail > ??? pgs:???? 640 active+clean > > ? io: > ??? client:?? 644 kB/s rd, 3299 kB/s wr, 61 op/s rd, 166 op/s wr > > And versions seem good too: > # ceph mon versions > { > ??? "ceph version 12.2.1 (3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e) > luminous (stable)": 3 > } > # ceph osd versions > { > ??? "ceph version 12.2.1 (3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e) > luminous (stable)": 12 > } > > But this weeked there were problems backing up some VMs, all with the > same error: > no such volume 'ceph-proxmox:vm-120-disk-1' > > The "missing" volumes don't show in storage content, but they DO if we > do a "rbd -p proxmox ls". > > When we try an info command we get an error though: > # rbd -p proxmox info vm-120-disk-1 > 2017-11-13 16:04:02.979006 7f99d8ff9700 -1 librbd::image::OpenRequest: > failed to retreive immutable metadata: (2) No such file or directory > rbd: error opening image vm-120-disk-1: (2) No such file or directory > > Other VM disk images behave normally: > # rbd -p proxmox info vm-119-disk-1 > rbd image 'vm-119-disk-1': > ??? size 3072 MB in 768 objects > ??? order 22 (4096 kB objects) > ??? block_name_prefix: rbd_data.575762ae8944a > ??? format: 2 > ??? features: layering > ??? flags: > > I don't really know what to look at to further diagnose this. I recall > that there was a version 1 format for rbd, but I doubt "missing" disk > images are in that old format (and really don't know how to check that > if info doesn't work...) > > Some of the missing VMs continue to be used by "old" running qemu > processes and work correctly; but if we stop the VM, then it won't > start again with the error reported above. I can start and stop VMs > with non-"missing" disk images normally. > > Any hints about what to try next? > > OSDs are filestore with XFS (created from GUI). > > # pveversion -v > proxmox-ve: 4.4-96 (running kernel: 4.4.83-1-pve) > pve-manager: 4.4-18 (running version: 4.4-18/ef2610e8) > pve-kernel-4.4.67-1-pve: 4.4.67-92 > pve-kernel-4.4.76-1-pve: 4.4.76-94 > pve-kernel-4.4.83-1-pve: 4.4.83-96 > lvm2: 2.02.116-pve3 > corosync-pve: 2.4.2-2~pve4+1 > libqb0: 1.0.1-1 > pve-cluster: 4.0-53 > qemu-server: 4.0-113 > pve-firmware: 1.1-11 > libpve-common-perl: 4.0-96 > libpve-access-control: 4.0-23 > libpve-storage-perl: 4.0-76 > pve-libspice-server1: 0.12.8-2 > vncterm: 1.3-2 > pve-docs: 4.4-4 > pve-qemu-kvm: 2.9.0-5~pve4 > pve-container: 1.0-101 > pve-firewall: 2.0-33 > pve-ha-manager: 1.0-41 > ksm-control-daemon: 1.2-1 > glusterfs-client: 3.5.2-2+deb8u3 > lxc-pve: 2.0.7-4 > lxcfs: 2.0.6-pve1 > criu: 1.6.0-1 > novnc-pve: 0.5-9 > smartmontools: 6.5+svn4324-1~pve80 > zfsutils: 0.6.5.9-pve15~bpo80 > ceph: 12.2.1-1~bpo80+1 > > Thanks a lot > Eneko > -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From elacunza at binovo.es Tue Nov 14 09:41:48 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Tue, 14 Nov 2017 09:41:48 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang Message-ID: Hi all, We have a Debian 9 VM running on a v3.4 Proxmox cluster (yes I know we should upgrade it), that periodically hangs. When it hangs, we can't reach it neither by network nor by Console (it is frezeed). Also, CPU is shown at about 52%-53% (VM has 2 cores). It hangs quite often, about every 1-3 days, no backups running. It is running Icinga2. We have other Debian 9 VMs in that cluster that don't hang (but none is running Icinga2) VM config: - 512MB RAM (use tops at about 450MB) - 2 cores, 1 socket (Default -kvm64) - Display default - ide2 - CD - Hard disk scsi0 on ceph, writeback - net0 e1000 (originally had virtio) We have tried: - Changing proxmox node - Changing network from virtio to e1000 - Increased core number from 1 to 2 Any ideas about what can we try next? Thanks a lot Eneko -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From e.kasper at proxmox.com Tue Nov 14 10:35:36 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Tue, 14 Nov 2017 10:35:36 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang In-Reply-To: References: Message-ID: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> On 11/14/2017 09:41 AM, Eneko Lacunza wrote: > Hi all, > > We have a Debian 9 VM running on a v3.4 Proxmox cluster (yes I know we > should upgrade it), that periodically hangs. > > When it hangs, we can't reach it neither by network nor by Console (it > is frezeed). Also, CPU is shown at about 52%-53% (VM has 2 cores). > > It hangs quite often, about every 1-3 days, no backups running. It is > running Icinga2. > > We have other Debian 9 VMs in that cluster that don't hang (but none is > running Icinga2) > > VM config: > - 512MB RAM (use tops at about 450MB) > - 2 cores, 1 socket (Default -kvm64) > - Display default > - ide2 - CD > - Hard disk scsi0 on ceph, writeback > - net0 e1000 (originally had virtio) > > We have tried: > - Changing proxmox node > - Changing network from virtio to e1000 > - Increased core number from 1 to 2 > > Any ideas about what can we try next? > > Thanks a lot > Eneko > Hi Eneko What is the status of the qemu process when the VM hangs ? Is it in D state ? Also which SCSI controller type are you using ? Emmanuel From elacunza at binovo.es Tue Nov 14 10:41:26 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Tue, 14 Nov 2017 10:41:26 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang In-Reply-To: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> References: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> Message-ID: Hi Emmanuel, El 14/11/17 a las 10:35, Emmanuel Kasper escribi?: > On 11/14/2017 09:41 AM, Eneko Lacunza wrote: >> Hi all, >> >> We have a Debian 9 VM running on a v3.4 Proxmox cluster (yes I know we >> should upgrade it), that periodically hangs. >> >> When it hangs, we can't reach it neither by network nor by Console (it >> is frezeed). Also, CPU is shown at about 52%-53% (VM has 2 cores). >> >> It hangs quite often, about every 1-3 days, no backups running. It is >> running Icinga2. >> >> We have other Debian 9 VMs in that cluster that don't hang (but none is >> running Icinga2) >> >> VM config: >> - 512MB RAM (use tops at about 450MB) >> - 2 cores, 1 socket (Default -kvm64) >> - Display default >> - ide2 - CD >> - Hard disk scsi0 on ceph, writeback >> - net0 e1000 (originally had virtio) >> >> We have tried: >> - Changing proxmox node >> - Changing network from virtio to e1000 >> - Increased core number from 1 to 2 >> >> Any ideas about what can we try next? >> >> Thanks a lot >> Eneko >> > Hi Eneko > What is the status of the qemu process when the VM hangs ? Is it in D > state ? I don't think but didn't check it. Will do next time it hangs. > Also which SCSI controller type are you using ? It was set as default (LSI 53C895A), just changed to virtio on this morning's reset. I think we have changed this previously too, but can't say for sure. Thanks Eneko -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From e.kasper at proxmox.com Tue Nov 14 11:03:25 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Tue, 14 Nov 2017 11:03:25 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang In-Reply-To: References: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> Message-ID: >> Hi Eneko >> What is the status of the qemu process when the VM hangs ? Is it in D >> state ? > I don't think but didn't check it. Will do next time it hangs. >> Also which SCSI controller type are you using ? > It was set as default (LSI 53C895A), just changed to virtio on this > morning's reset. I think we have changed this previously too, but can't > say for sure. LSI 53C895A could be well the cause of your problem. IIRC it is not that much tested / used by Qemu Upstream. ( on Pve 4.2 we switched the SCSI controller to Virtio SCSI for new Linux VMs) Virtio Blk was the controller we recommended for Linux guests running on PVE 3.4. If you're using UUID in your /etc/fstab, you can switch to Virtio Blk without problem. From elacunza at binovo.es Tue Nov 14 11:45:43 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Tue, 14 Nov 2017 11:45:43 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang In-Reply-To: References: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> Message-ID: <8abde4e8-9789-543d-3e76-36677bc42146@binovo.es> Ok, will try that also, thanks a lot. El 14/11/17 a las 11:03, Emmanuel Kasper escribi?: >>> Hi Eneko >>> What is the status of the qemu process when the VM hangs ? Is it in D >>> state ? >> I don't think but didn't check it. Will do next time it hangs. >>> Also which SCSI controller type are you using ? >> It was set as default (LSI 53C895A), just changed to virtio on this >> morning's reset. I think we have changed this previously too, but can't >> say for sure. > LSI 53C895A could be well the cause of your problem. > IIRC it is not that much tested / used by Qemu Upstream. > ( on Pve 4.2 we switched the SCSI controller to Virtio SCSI for new > Linux VMs) > > Virtio Blk was the controller we recommended for Linux guests running on > PVE 3.4. If you're using UUID in your /etc/fstab, you can switch to > Virtio Blk without problem. > > > -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From proxmox at iancoetzee.za.net Tue Nov 14 12:45:06 2017 From: proxmox at iancoetzee.za.net (Ian Coetzee) Date: Tue, 14 Nov 2017 13:45:06 +0200 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: Hi Guys, Thank you for this awesome feature. My 2cents worth though.... Trying to import an OVF that was coverted from a XVA that was exported from a XenServer 6.5 fails gloriously. Also doesn't import into VirtualBox, so I am gonna blame Citrix for this one Now if only we could get a XVA importer, for some whacky reason XenSever fails to export the VM's as OVF/OVA's Kind regards On 13 November 2017 at 14:30, Francois Deslauriers wrote: > Hard to determine in advance , processer type, disk controller Nic card > type , for example I am unable to use a imported ova I used to use on > VMware , Unix based it starts but freezes at boot time I am unable to find > the proper ajustements to make it works , VA-DTE , juniper demo vpn-ssl > VM > > > On Nov 13, 2017 04:08, "Michael Cooper" wrote: > >> Hello guys, >> >> What adjustments? Memory, Nic??? >> >> On Nov 12, 2017 7:02 PM, "Francois Deslauriers" < >> francois.deslauriers at gmail.com> wrote: >> >> > Effectively ,not in gui , but it works fine , very simple parameters , >> > ajustments are often needed after migration , on the vm >> > >> > >> > On Sun, Nov 12, 2017 at 5:28 PM Daniel wrote: >> > >> > > Hi, >> > > >> > > but actually not on the GUI right? >> > > >> > > Am 09.11.17, 07:38 schrieb "pve-user im Auftrag von Alexandre >> DERUMIER" < >> > > pve-user-bounces at pve.proxmox.com im Auftrag von aderumier at odiso.com>: >> > > >> > > already available in proxmox 5.1 :) >> > > >> > > #qm importovf >> > > >> > > ----- Mail original ----- >> > > De: "Francois Deslauriers" >> > > ?: "proxmoxve" >> > > Envoy?: Mercredi 8 Novembre 2017 23:20:49 >> > > Objet: [PVE-User] OVA, OVF support >> > > >> > > is there any plan to support OVA, OVF import into Proxmox ? >> > > And if so when this could be expected ? >> > > >> > > >> > > >> > > It would geatly help in promoting the plataform >> > > and ease the process of migration >> > > _______________________________________________ >> > > pve-user mailing list >> > > pve-user at pve.proxmox.com >> > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > > >> > > _______________________________________________ >> > > pve-user mailing list >> > > pve-user at pve.proxmox.com >> > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > > >> > > >> > > >> > > _______________________________________________ >> > > pve-user mailing list >> > > pve-user at pve.proxmox.com >> > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > > >> > -- >> > Envoy? avec Gmail Mobile >> > _______________________________________________ >> > pve-user mailing list >> > pve-user at pve.proxmox.com >> > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > >> _______________________________________________ >> pve-user mailing list >> pve-user at pve.proxmox.com >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From aderumier at odiso.com Tue Nov 14 13:23:23 2017 From: aderumier at odiso.com (Alexandre DERUMIER) Date: Tue, 14 Nov 2017 13:23:23 +0100 (CET) Subject: [PVE-User] PVE 5.1 Clone problem In-Reply-To: <1836373003.15659424.1509470068646.JavaMail.zimbra@zimbra.panservice.it> References: <1836373003.15659424.1509470068646.JavaMail.zimbra@zimbra.panservice.it> Message-ID: <1620938205.3296456.1510662203980.JavaMail.zimbra@oxygem.tv> yes, this is normal. the block job mirror is cancelled at the end, to avoid that source vm switch on the new disk. ----- Mail original ----- De: "Fabrizio Cuseo" ?: "proxmoxve" Envoy?: Mardi 31 Octobre 2017 18:14:28 Objet: [PVE-User] PVE 5.1 Clone problem Hello. I have just installed a test cluster with PVE 5.1 and Ceph (bluestore). 3 nodes, 4 HD per node, 3 OSD, single gigabit ethernet, no ceph dedicated network (is only a test cluster). Cloning a VM (both Powered ON and OFF), returns "trying to acquire lock...drive-scsi0: Cancelling block job", but the clone seems ok. See the screenshot: http://cloud.fabry.it/index.php/s/9vrEvMQE5zToCrE Regards, Fabrizio Cuseo -- --- Fabrizio Cuseo - mailto:f.cuseo at panservice.it Direzione Generale - Panservice InterNetWorking Servizi Professionali per Internet ed il Networking Panservice e' associata AIIP - RIPE Local Registry Phone: +39 0773 410020 - Fax: +39 0773 470219 http://www.panservice.it mailto:info at panservice.it Numero verde nazionale: 800 901492 _______________________________________________ pve-user mailing list pve-user at pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From f.cuseo at panservice.it Tue Nov 14 13:26:59 2017 From: f.cuseo at panservice.it (Fabrizio Cuseo) Date: Tue, 14 Nov 2017 13:26:59 +0100 (CET) Subject: [PVE-User] PVE 5.1 Clone problem In-Reply-To: <1620938205.3296456.1510662203980.JavaMail.zimbra@oxygem.tv> References: <1836373003.15659424.1509470068646.JavaMail.zimbra@zimbra.panservice.it> <1620938205.3296456.1510662203980.JavaMail.zimbra@oxygem.tv> Message-ID: <958857690.77793.1510662419634.JavaMail.zimbra@zimbra.panservice.it> Ops :D Sorry :) I don't remember the same message on 4.X ----- Il 14-nov-17, alle 13:23, Alexandre DERUMIER aderumier at odiso.com ha scritto: > yes, this is normal. > > the block job mirror is cancelled at the end, to avoid that source vm switch on > the new disk. > > > ----- Mail original ----- > De: "Fabrizio Cuseo" > ?: "proxmoxve" > Envoy?: Mardi 31 Octobre 2017 18:14:28 > Objet: [PVE-User] PVE 5.1 Clone problem > > Hello. > I have just installed a test cluster with PVE 5.1 and Ceph (bluestore). > > 3 nodes, 4 HD per node, 3 OSD, single gigabit ethernet, no ceph dedicated > network (is only a test cluster). > > Cloning a VM (both Powered ON and OFF), returns "trying to acquire > lock...drive-scsi0: Cancelling block job", but the clone seems ok. > > See the screenshot: > http://cloud.fabry.it/index.php/s/9vrEvMQE5zToCrE > > Regards, Fabrizio Cuseo > > > -- > --- > Fabrizio Cuseo - mailto:f.cuseo at panservice.it > Direzione Generale - Panservice InterNetWorking > Servizi Professionali per Internet ed il Networking > Panservice e' associata AIIP - RIPE Local Registry > Phone: +39 0773 410020 - Fax: +39 0773 470219 > http://www.panservice.it mailto:info at panservice.it > Numero verde nazionale: 800 901492 > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- --- Fabrizio Cuseo - mailto:f.cuseo at panservice.it Direzione Generale - Panservice InterNetWorking Servizi Professionali per Internet ed il Networking Panservice e' associata AIIP - RIPE Local Registry Phone: +39 0773 410020 - Fax: +39 0773 470219 http://www.panservice.it mailto:info at panservice.it Numero verde nazionale: 800 901492 From fk at datenfalke.de Tue Nov 14 20:30:39 2017 From: fk at datenfalke.de (Falco Kleinschmidt) Date: Tue, 14 Nov 2017 20:30:39 +0100 Subject: [PVE-User] change /proc/sys/fs/inotify/max_user_watches Message-ID: Hi all! I am running a 3 node 5.0 cluster. I want to raise the limit of "/proc/sys/fs/inotify/max_user_watches" globally on the cluster. Using the following on a node solves the problem (inotify resources exhausted) locally (for CTs running on the node): echo 81920 > /proc/sys/fs/inotify/max_user_watches Should I use rc.local on all nodes to make it persistent cluster wide? Is there a different recommended way for system configurations like this? Thank you! Falco From f.gruenbichler at proxmox.com Wed Nov 15 08:47:31 2017 From: f.gruenbichler at proxmox.com (Fabian =?iso-8859-1?Q?Gr=FCnbichler?=) Date: Wed, 15 Nov 2017 08:47:31 +0100 Subject: [PVE-User] change /proc/sys/fs/inotify/max_user_watches In-Reply-To: References: Message-ID: <20171115074731.mquklmer2ecjmsnn@nora.maurer-it.com> On Tue, Nov 14, 2017 at 08:30:39PM +0100, Falco Kleinschmidt wrote: > Hi all! > > I am running a 3 node 5.0 cluster. I want to raise the limit of > "/proc/sys/fs/inotify/max_user_watches" globally on the cluster. > > Using the following on a node solves the problem (inotify resources > exhausted) locally (for CTs running on the node): > > echo 81920 > /proc/sys/fs/inotify/max_user_watches > > Should I use rc.local on all nodes to make it persistent cluster wide? > Is there a different recommended way for system configurations like this? see man sysctl and man sysctl.conf/sysctl.d From elacunza at binovo.es Wed Nov 15 09:49:17 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Wed, 15 Nov 2017 09:49:17 +0100 Subject: [PVE-User] Ghost Ceph node after upgrade to luminous/PVE 5.1 Message-ID: Hi all, We have just upgraded our cluster from PVE 4.4/jewel to PVE 5.1/luminous . Overall experience was quite good; we found some problems with live migration because although all VMs had a "default" display, most where using std and only a few cirrus . We had to look at KVM process parameters to check and change vga setting accordingly for live migration to work. Nonetheless thanks a lot for all your work! We're now having a bit of fun :) because an old retired cluster member is showing back at Ceph/OSD nodelist (without OSDs...). This node doesn't exist anymore, and doesn't show in pvecm nodelist (it was removed from config). It's directory was present in /etc/pve/nodes for our surprise; we have deleted it too but ghost continues to show. The only place I can see a reference to this retired node is in crushmap: # buckets host camelot { ???? id -2 # do not change unnecessarily ???? id -7 class hdd # do not change unnecessarily ??? # weight 0.000 ??? alg straw ??? hash 0 # rjenkins1 } Should we modify the crushmap manually to remove it? Was there something we must have done before "pvecm delnode camelot", so that node was removed from crushmap too? Thanks a lot Eneko -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From e.kasper at proxmox.com Wed Nov 15 11:08:57 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Wed, 15 Nov 2017 11:08:57 +0100 Subject: [PVE-User] OVA, OVF support In-Reply-To: References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> Message-ID: <94c029f7-eb9d-9719-c5da-29f4aab0697a@proxmox.com> On 11/14/2017 12:45 PM, Ian Coetzee wrote: > Hi Guys, > > Thank you for this awesome feature. My 2cents worth though.... > > Trying to import an OVF that was coverted from a XVA that was exported > from a XenServer 6.5 fails gloriously. Also doesn't import into > VirtualBox, so I am gonna blame Citrix for this one > > Now if only we could get a XVA importer, for some whacky reason > XenSever fails to export the VM's as OVF/OVA's > > Kind regards If you manage to get a disk image from Xen , remember you can also use qm importdisk ( see qm help importdisk) If you have a real OVF which is not recognized by PVE, please check first with the ovftool from VmWare if the format is right ( ovftool --verifyOnly /path/to_my.ovf) If you have an OVF which passes this test successfully and is recognized by PVE, please submit a bug report in our bugzilla. From fk at datenfalke.de Wed Nov 15 14:13:40 2017 From: fk at datenfalke.de (Falco Kleinschmidt) Date: Wed, 15 Nov 2017 14:13:40 +0100 Subject: [PVE-User] change /proc/sys/fs/inotify/max_user_watches In-Reply-To: <20171115074731.mquklmer2ecjmsnn@nora.maurer-it.com> References: <20171115074731.mquklmer2ecjmsnn@nora.maurer-it.com> Message-ID: <86cc01d1-d5f7-7377-76ea-8b0530ee3c63@datenfalke.de> >> Hi all! >> >> I am running a 3 node 5.0 cluster. I want to raise the limit of >> "/proc/sys/fs/inotify/max_user_watches" globally on the cluster. >> >> Using the following on a node solves the problem (inotify resources >> exhausted) locally (for CTs running on the node): >> >> echo 81920 > /proc/sys/fs/inotify/max_user_watches >> >> Should I use rc.local on all nodes to make it persistent cluster wide? >> Is there a different recommended way for system configurations like this? > see man sysctl and man sysctl.conf/sysctl.d Good advice, thank you! The following is working: # cat /etc/sysctl.d/inotify.conf fs.inotify.max_user_watches = 81920 From proxmox at iancoetzee.za.net Wed Nov 15 14:39:58 2017 From: proxmox at iancoetzee.za.net (Ian Coetzee) Date: Wed, 15 Nov 2017 15:39:58 +0200 Subject: [PVE-User] OVA, OVF support In-Reply-To: <94c029f7-eb9d-9719-c5da-29f4aab0697a@proxmox.com> References: <0554ED85-C38F-4122-AAB8-00DF85130B1C@linux-nerd.de> <94c029f7-eb9d-9719-c5da-29f4aab0697a@proxmox.com> Message-ID: On 15 November 2017 at 12:08, Emmanuel Kasper wrote: > On 11/14/2017 12:45 PM, Ian Coetzee wrote: >> Hi Guys, >> >> Thank you for this awesome feature. My 2cents worth though.... >> >> Trying to import an OVF that was coverted from a XVA that was exported >> from a XenServer 6.5 fails gloriously. Also doesn't import into >> VirtualBox, so I am gonna blame Citrix for this one >> >> Now if only we could get a XVA importer, for some whacky reason >> XenSever fails to export the VM's as OVF/OVA's >> >> Kind regards > > If you manage to get a disk image from Xen , remember you can also use > qm importdisk ( see qm help importdisk) > > If you have a real OVF which is not recognized by PVE, please check > first with the ovftool from VmWare if the format is right > ( ovftool --verifyOnly /path/to_my.ovf) > > If you have an OVF which passes this test successfully and is recognized > by PVE, please submit a bug report in our bugzilla. Hi Emmanuel, Thank you for the tip on qm importdisk. That is helping me quite a lot! I will keep the ovftool tip in mind. Also should note. I imported a ova from vyos successfully today using qm importovf Kind regards From a.antreich at proxmox.com Wed Nov 15 15:27:17 2017 From: a.antreich at proxmox.com (Alwin Antreich) Date: Wed, 15 Nov 2017 15:27:17 +0100 Subject: [PVE-User] Ghost Ceph node after upgrade to luminous/PVE 5.1 In-Reply-To: References: Message-ID: <20171115142717.ve7zlcwgmntlamym@dona.proxmox.com> Hi Eneko, On Wed, Nov 15, 2017 at 09:49:17AM +0100, Eneko Lacunza wrote: > Hi all, > > We have just upgraded our cluster from PVE 4.4/jewel to PVE 5.1/luminous . > > Overall experience was quite good; we found some problems with live > migration because although all VMs had a "default" display, most where using > std and only a few cirrus . We had to look at KVM process parameters to > check and change vga setting accordingly for live migration to work. > > Nonetheless thanks a lot for all your work! > > We're now having a bit of fun :) because an old retired cluster member is > showing back at Ceph/OSD nodelist (without OSDs...). > > This node doesn't exist anymore, and doesn't show in pvecm nodelist (it was > removed from config). > > It's directory was present in /etc/pve/nodes for our surprise; we have > deleted it too but ghost continues to show. > > The only place I can see a reference to this retired node is in crushmap: > # buckets host camelot { > ???? id -2 # do not change unnecessarily > ???? id -7 class hdd # do not change unnecessarily > ??? # weight 0.000 > ??? alg straw > ??? hash 0 # rjenkins1 > } ceph osd crush remove ceph auth del > > Should we modify the crushmap manually to remove it? You can also do that, but auth keys might then still exist. > > Was there something we must have done before "pvecm delnode camelot", so > that node was removed from crushmap too? The 'pvecm delnode' deletes the node from the PVE cluster not Ceph. With 'pveceph' you can destroy any ceph service on the machine. If there are still any leftovers, then you go with the above commands. > > Thanks a lot > Eneko > > -- > Zuzendari Teknikoa / Director T?cnico > Binovo IT Human Project, S.L. > Telf. 943569206 > Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) > www.binovo.es > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Cheers, Alwin From lonnie at outstep.com Thu Nov 16 17:52:10 2017 From: lonnie at outstep.com (Lonnie Cumberland) Date: Thu, 16 Nov 2017 11:52:10 -0500 Subject: [PVE-User] smallest proxmox footprint? Message-ID: Greetings All, I am actually researching various hypervisors for a project that I am trying to coordinate to move forward and have narrowed it down to: 1. SmartOS (Illumos-based, via OpenSolaris) -- this is a wonderful hypervisor, but does not support PCI pass-through. It does have zones, kvm, ZFS, and a bunch of other solid performance factors as well as having a relatively small footprint of just a couple hundred MB in size. Not sure if it will support NoMachine NX or X2GO. 2. Proxmox (Debian-based, if I read correctly) -- this is also a really good hypervisor which does support PCI pass-through, seems to have great performance as well, and also will support NoMachine NX or X2GO. I am wanting to see what could be the smallest estimated footprint that Proxmox might be able to attain as smaller is better for my project. Also, I am wondering if it might be possible to add a very small XServer to proxmox as well as I would typically like to try and run NoMachine NX, or X2GO perhaps in a container and pass through the video, audio, etc... if possible as opposed to running a separate machine for Proxmox and one for the client. Basically, I am investigating a way to incorporate a small GUI remote client into proxmox on the same local machine that is running. Cheers, Lonnie From mark at openvs.co.uk Thu Nov 16 19:20:04 2017 From: mark at openvs.co.uk (Mark Adams) Date: Thu, 16 Nov 2017 18:20:04 +0000 Subject: [PVE-User] HA Fencing Message-ID: Hi all, It looks like in newer versions of proxmox, the only fencing type advised is watchdog. Is that the case? Is it still possible to do PDU fencing as well? This should enable us to be able to fail over faster as the fence will not fail if the machine has no power right? Thanks From t.lamprecht at proxmox.com Fri Nov 17 11:55:48 2017 From: t.lamprecht at proxmox.com (Thomas Lamprecht) Date: Fri, 17 Nov 2017 11:55:48 +0100 Subject: [PVE-User] HA Fencing In-Reply-To: References: Message-ID: <0bc124d5-a080-2e38-af47-bdcf36507bc3@proxmox.com> Hi, On 11/16/2017 07:20 PM, Mark Adams wrote: > Hi all, > > It looks like in newer versions of proxmox, the only fencing type advised > is watchdog. Is that the case? > Yes, since PVE 4.0 watchdog fencing is the norm. There is a patch set of mine which implements the use of external fence device, but it has seen no review. I should probably dust it up, look over it and re send it again, it's about time we finally get this feature. > Is it still possible to do PDU fencing as well? This should enable us to be > able to fail over faster as the fence will not fail if the machine has no > power right? > No, at the moment external fence devices are not integrated. You can expect an faster recovery with external fence devices, at least in simple setups (i.e., not multiple fence device hierachy) cheers, Thomas From t.lamprecht at proxmox.com Fri Nov 17 12:18:37 2017 From: t.lamprecht at proxmox.com (Thomas Lamprecht) Date: Fri, 17 Nov 2017 12:18:37 +0100 Subject: [PVE-User] smallest proxmox footprint? In-Reply-To: References: Message-ID: <42cc3ff0-cc4e-303b-9268-c40d7e8e1d6a@proxmox.com> Hi, On 11/16/2017 05:52 PM, Lonnie Cumberland wrote: > Greetings All, > > I am actually researching various hypervisors for a project that I am > trying to coordinate to move forward and have narrowed it down to: > > 1. SmartOS (Illumos-based, via OpenSolaris) -- this is a wonderful > hypervisor, but does not support PCI pass-through. It does have zones, kvm, > ZFS, and a bunch of other solid performance factors as well as having a > relatively small footprint of just a couple hundred MB in size. Not sure if > it will support NoMachine NX or X2GO. > I do not have experience with SmartOS so leaving this other community members, which may have played with it. > 2. Proxmox (Debian-based, if I read correctly) -- this is also a really > good hypervisor which does support PCI pass-through, seems to have great > performance as well, and also will support NoMachine NX or X2GO. > > I am wanting to see what could be the smallest estimated footprint that > Proxmox might be able to attain as smaller is better for my project. > Could you be a tad more specific with footprint here? Is it disk space, memory, CPU usage? Assuming it's memory then you may even slim down PVE a bit, e.g., stop and disable the high availability pve-ha-crm and pve-ha-lrm services, the pvesr.timer (storage replication) if you do not use this features. There may be others which are also OK do be disable for you, depends on your setup and usage. > Also, I am wondering if it might be possible to add a very small XServer to > proxmox as well as I would typically like to try and run NoMachine NX, or > X2GO perhaps in a container and pass through the video, audio, etc... if > possible as opposed to running a separate machine for Proxmox and one for > the client. > I'm using Proxmox VE as my developer workstation, with X11, it works wonderfully for me. I'm using i3, a very low footprint but still full featured tiling window manager. dwm would be even smaller, so it may be worth looking at it, if small is what you seek. You could also use a plain X11 server, but a minimal window manager does not have much overhead and its convenience may out weight the one it has. I do not have a login manager, meaning I boot into the a basic Linux tty, log in there and then execute `startx`, with my ~/.xinitrc containing: numlockx & xbindkeys exec /usr/bin/i3 This results in quite a slimmed down system, when compared to a KDE, GNOME or similar desktop environment. > Basically, I am investigating a way to incorporate a small GUI remote > client into proxmox on the same local machine that is running. > As setting up Proxmox VE really fast I'd suggest to just try it out and see if it holds up to your expectation. IMO your usecase should be dooable quite fine. cheers, Thomas From lonnie at outstep.com Fri Nov 17 13:40:33 2017 From: lonnie at outstep.com (Lonnie Cumberland) Date: Fri, 17 Nov 2017 07:40:33 -0500 Subject: [PVE-User] smallest proxmox footprint? In-Reply-To: <42cc3ff0-cc4e-303b-9268-c40d7e8e1d6a@proxmox.com> References: <42cc3ff0-cc4e-303b-9268-c40d7e8e1d6a@proxmox.com> Message-ID: Greetings, Thanks for the wonderful replies on this post. Actually, this is an experiment in minimalism. > > 2. Proxmox (Debian-based, if I read correctly) -- this is also a really > > good hypervisor which does support PCI pass-through, seems to have great > > performance as well, and also will support NoMachine NX or X2GO. > > > > I am wanting to see what could be the smallest estimated footprint that > > Proxmox might be able to attain as smaller is better for my project. > > > > Could you be a tad more specific with footprint here? > Is it disk space, memory, CPU usage? > Assuming it's memory then you may even slim down PVE a bit, e.g., stop and > disable the high availability pve-ha-crm and pve-ha-lrm services, > the pvesr.timer (storage replication) if you do not use this features. > There may be others which are also OK do be disable for you, depends on > your setup and usage. > > Sorry for not being clear on this footprint idea. Actually, I am looking at the minimal disk (boot CD) footprint and was playing with the idea of a type of "ram-based live-cd" with FS mount mapping in the drives for VM storage, and a few other essential directories like home, root, etc.. mostly persistent data directories. The idea was to have the absolute smallest proxmox cd/usb boot footprint and have the drives for user/VM data. > > Also, I am wondering if it might be possible to add a very small XServer > to > > proxmox as well as I would typically like to try and run NoMachine NX, or > > X2GO perhaps in a container and pass through the video, audio, etc... if > > possible as opposed to running a separate machine for Proxmox and one for > > the client. > > > > I'm using Proxmox VE as my developer workstation, with X11, it works > wonderfully for me. I'm using i3, a very low footprint but still full > featured tiling window manager. dwm would be even smaller, so it may > be worth looking at it, if small is what you seek. You could also use > a plain X11 server, but a minimal window manager does not have much > overhead and its convenience may out weight the one it has. > > I do not have a login manager, meaning I boot into the a basic Linux tty, > log in there and then execute `startx`, with my ~/.xinitrc containing: > > numlockx & > xbindkeys > exec /usr/bin/i3 > > This results in quite a slimmed down system, when compared to a KDE, GNOME > or similar desktop environment. > > This might be interesting as I actually never hear of the i3 wm before but it looks a lot like the "terminator" console which I installed on Ubuntu 16.04 that has similar functionality. For this sub-project, and although some in the community may not see a need for which I do have a very specific use case in mind and potential follow on growth model. I just what to have proxmox running and then have a very simple X-Server to service just one application (NoMachine NX client or X2GO client perhaps) that comes up on boot. Ideally, it would be good if I could somehow run the X-Server in a VM perhaps and pass-through to the video so as not to add more components to the hypervisor base, but if that is not possible then adding the X-Server and remote client to be base could work for now. > Basically, I am investigating a way to incorporate a small GUI remote > > client into proxmox on the same local machine that is running. > > > > As setting up Proxmox VE really fast I'd suggest to just try it out and > see if it holds up to your expectation. IMO your usecase should be > dooable quite fine. > I have actually set up the base Proxmox VE on 4 LAN systems and 2 VPS systems that I was initially playing around with to see if I could cluster LAN nodes across the WAN to the VPS nodes just to see if it could be done easily but further wanted to set up a self-balancing VPN like Tinc, or MeshBird to do it. Never got it all to work together smoothly so now I am looking at another direction for a second project to test and will come back to the clustering sub-project stuff a bit later once this part is working as it is also related to the first one in just being another part of the same master project. Both projects will come together at some point. Thanks again and have a great day, Lonnie From uwe.sauter.de at gmail.com Fri Nov 17 19:08:49 2017 From: uwe.sauter.de at gmail.com (Uwe Sauter) Date: Fri, 17 Nov 2017 19:08:49 +0100 Subject: [PVE-User] Backup process starts VM?? Message-ID: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> Hi all, I'm a bit shocked. I wanted to create a "save" backup where the VM is shut down and thus all filesystems are in a consistent state. For that I shut down my VM and then started a backup (backup mode=stop, compression=lzo) and what must I see: INFO: starting new backup job: vzdump 106 --storage local --remove 0 --mode stop --compress lzo --node pxmx-01 INFO: Starting Backup of VM 106 (qemu) INFO: status = stopped INFO: update VM 106: -lock backup INFO: backup mode: stop INFO: ionice priority: 7 INFO: VM Name: webserver INFO: include disk 'scsi0' 'pxmx-ceph:vm-106-disk-2' 8G INFO: include disk 'scsi1' 'pxmx-ceph:vm-106-disk-1' 32G INFO: creating archive '/var/lib/vz/dump/vzdump-qemu-106-2017_11_17-19_02_06.vma.lzo' INFO: starting kvm to execute backup task ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This makes my question the assumption that the filesystems are in a consistent state while the backup is created. Could someone with insight into the backup process explain why kvm is started? From my POV taking a backup from a stopped VM only requires to save the VM config and the disk, but no memory (as it is not running?). Best, Uwe From dietmar at proxmox.com Fri Nov 17 20:20:40 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Fri, 17 Nov 2017 20:20:40 +0100 (CET) Subject: [PVE-User] Backup process starts VM?? In-Reply-To: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> References: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> Message-ID: <2043151995.44.1510946440986@webmail.proxmox.com> > Could someone with insight into the backup process explain why kvm is started? It uses the qemu copy-on-write feature to make sure the state is consistent. You can immediately work with that VM, while qemu make sure that everything is consistent. From lae at lae.is Sat Nov 18 10:42:17 2017 From: lae at lae.is (Musee Ullah) Date: Sat, 18 Nov 2017 01:42:17 -0800 Subject: [PVE-User] smallest proxmox footprint? In-Reply-To: References: <42cc3ff0-cc4e-303b-9268-c40d7e8e1d6a@proxmox.com> Message-ID: <1510998137.1723.2.camel@lae.is> 2017-11-17 (?) ? 07:40 -0500 ? Lonnie Cumberland ????????: > Actually, this is an experiment in minimalism. Have you considered not running a GUI at all and just using installing and using qemu-kvm directly? -- Musee Ullah -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part URL: From diaolin at diaolin.com Sat Nov 18 18:42:36 2017 From: diaolin at diaolin.com (Diaolin) Date: Sat, 18 Nov 2017 18:42:36 +0100 Subject: [PVE-User] =?utf-8?q?Backup_process_starts_VM=3F=3F?= In-Reply-To: <2043151995.44.1510946440986@webmail.proxmox.com> References: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> <2043151995.44.1510946440986@webmail.proxmox.com> Message-ID: <1da8c125f7e0993164133d63b5cec155@diaolin.com> Il 2017-11-17 20:20 Dietmar Maurer ha scritto: >> Could someone with insight into the backup process explain why kvm is >> started? > > It uses the qemu copy-on-write feature to make sure the state is > consistent. > You can immediately work with that VM, while qemu make sure that > everything > is consistent. > But normally when in stopped mode the backup starts the VM but it's unusable or i missed things? Diaolin --- par s?mpro V?ime b?n sol qoanche ?s t?mp anca ?l fuss sol en men?t par mi e par ti e po? p? ni?nt Giuliano Tel: 349 66 84 215 Skype: diaolin From dietmar at proxmox.com Sun Nov 19 09:11:06 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Sun, 19 Nov 2017 09:11:06 +0100 (CET) Subject: [PVE-User] Backup process starts VM?? In-Reply-To: <2043151995.44.1510946440986@webmail.proxmox.com> References: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> <2043151995.44.1510946440986@webmail.proxmox.com> Message-ID: <1660428794.5.1511079066591@webmail.proxmox.com> > > Could someone with insight into the backup process explain why kvm is > > started? > > It uses the qemu copy-on-write feature to make sure the state is consistent. > You can immediately work with that VM, while qemu make sure that everything > is consistent. In your case (you stopped the VM before backup) only the KVM process gets started, but not the VM! Note: The KVM process does the backup. Hope this is more clear now. From uwe.sauter.de at gmail.com Sun Nov 19 14:33:08 2017 From: uwe.sauter.de at gmail.com (Uwe Sauter) Date: Sun, 19 Nov 2017 14:33:08 +0100 Subject: [PVE-User] Backup process starts VM?? In-Reply-To: <1660428794.5.1511079066591@webmail.proxmox.com> References: <0d3e4434-27b8-580a-6205-c4b7fb19fee7@gmail.com> <2043151995.44.1510946440986@webmail.proxmox.com> <1660428794.5.1511079066591@webmail.proxmox.com> Message-ID: Thanks for clarification! Am 19.11.2017 um 09:11 schrieb Dietmar Maurer: >>> Could someone with insight into the backup process explain why kvm is >>> started? >> >> It uses the qemu copy-on-write feature to make sure the state is consistent. >> You can immediately work with that VM, while qemu make sure that everything >> is consistent. > > In your case (you stopped the VM before backup) only the KVM process > gets started, but not the VM! > > Note: The KVM process does the backup. > > Hope this is more clear now. > From edgardo.ghibaudo at provincia.biella.it Thu Nov 23 10:11:34 2017 From: edgardo.ghibaudo at provincia.biella.it (Edgardo Ghibaudo) Date: Thu, 23 Nov 2017 10:11:34 +0100 Subject: [PVE-User] Proxmox 4.3 - BFE blocked in virtual machines with Windows Server 2012r2 / Windows Server 2016 Message-ID: <552d0ff7-1dca-f5d5-4da6-63549e33e314@provincia.biella.it> Environment: Proxmox 4.3 I tried to create a virtual machine with _Windows Server 2012 R2_ and/or _Windows Server 2016_. After the execution of all updates through Windows Update, I had the *BFE service NOT RUNNING* (blocked during the starting) with the following Event ID: *7022* Then it's impossible to recover the situation also uninstalling windows updates. Somebody had the same problem?* * Thank you, Edgardo* * * * --http://www.provincia.biella.it------------------------------------------------------ Vuoi rimanere sempre aggiornato sulle nostre attivita'? Visita la pagina dei feed RSS sul nostro sito ed iscriviti alla sezione di interesse. --Avviso------------------------------------------------------------------------------ Questo messaggio e i suoi allegati sono riservati esclusivamente alle persone in indirizzo e possono contenere informazioni confidenziali. Se questo messaggio vi e' pervenuto per errore, vi informiamo che ogni suo uso e'proibito. In questo caso rispedite immediatamente il messaggio al mittente e cancellatelo. Per ogni chiarimento contattateci scrivendo a ced at provincia.biella.it. Grazie -Il Webmaster. --Warning----------------------------------------------------------------------------- This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to ced at provincia.biella.it. The Webmaster. -------------------------------------------------------------------------------------- From miguel_3_gonzalez at yahoo.es Mon Nov 27 12:32:54 2017 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Mon, 27 Nov 2017 12:32:54 +0100 Subject: [PVE-User] Qcow2 and raw format, disk provisioning and SSDs Message-ID: Hi, I am migrating from a server with Proxmox 4.4-18 with SATA drives to a Proxmox 5.1-36 with SSD drives. I am trying to get the best in performance. I already split OS and data disk drives so /home folder is not being backed up by Proxmox, only OS. Filesystem Size Used Avail Use% Mounted on /dev/sda5 29G 17G 12G 58% / tmpfs 8.3G 0 8.3G 0% /dev/shm /dev/sdb1 50G 33G 14G 71% /home /dev/sda1 504M 178M 301M 38% /boot /dev/sda2 2.0G 75M 1.8G 4% /tmp The sda drive was 250 Gb and I shrink it to 36 Gb. I have already zeroed all sda partitions with dd but still after converting qcow2 following this https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files the resulting qcow2 file is 48 Gb, not 36-40 Gb. Something am I missing? On the other hand, a few more questions: - Should I move to RAW format? Pros? Cons? I have read that backups take longer but performance boost is better. - Anything that I have to change in Proxmox settings when using SSD instead of SATA? Thanks! Miguel From elacunza at binovo.es Mon Nov 27 13:09:24 2017 From: elacunza at binovo.es (Eneko Lacunza) Date: Mon, 27 Nov 2017 13:09:24 +0100 Subject: [PVE-User] PVE 3.4 - Debian 9 hang In-Reply-To: <8abde4e8-9789-543d-3e76-36677bc42146@binovo.es> References: <8e3cce3b-7f9f-16cb-8106-150fa3c416ec@proxmox.com> <8abde4e8-9789-543d-3e76-36677bc42146@binovo.es> Message-ID: Just a follow-up on this issue, we're getting the best uptime ever with the VM using scsi/virtio, so the problem seems fixed. I have also checked and it looks like we created the VM with default scsi config, so I'm almost sure we tried changing network interfaces but not disk drives. Thanks a lot for your help. Cheers El 14/11/17 a las 11:45, Eneko Lacunza escribi?: > > Ok, will try that also, thanks a lot. > > El 14/11/17 a las 11:03, Emmanuel Kasper escribi?: >>>> Hi Eneko >>>> What is the status of the qemu process when the VM hangs ? Is it in D >>>> state ? >>> I don't think but didn't check it. Will do next time it hangs. >>>> Also which SCSI controller type are you using ? >>> It was set as default (LSI 53C895A), just changed to virtio on this >>> morning's reset. I think we have changed this previously too, but can't >>> say for sure. >> LSI 53C895A could be well the cause of your problem. >> IIRC it is not that much tested / used by Qemu Upstream. >> ( on Pve 4.2 we switched the SCSI controller to Virtio SCSI for new >> Linux VMs) >> >> Virtio Blk was the controller we recommended for Linux guests running on >> PVE 3.4. If you're using UUID in your /etc/fstab, you can switch to >> Virtio Blk without problem. >> >> >> > -- Zuzendari Teknikoa / Director T?cnico Binovo IT Human Project, S.L. Telf. 943569206 Astigarraga bidea 2, 2? izq. oficina 11; 20180 Oiartzun (Gipuzkoa) www.binovo.es From miguel_3_gonzalez at yahoo.es Tue Nov 28 23:35:13 2017 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Tue, 28 Nov 2017 23:35:13 +0100 Subject: [PVE-User] Qcow2 and raw format, disk provisioning and SSDs In-Reply-To: References: Message-ID: nobody? On 11/27/17 12:32 PM, Miguel Gonz?lez wrote: > Hi, > > I am migrating from a server with Proxmox 4.4-18 with SATA drives to a > Proxmox 5.1-36 with SSD drives. > > I am trying to get the best in performance. I already split OS and data > disk drives so /home folder is not being backed up by Proxmox, only OS. > > Filesystem Size Used Avail Use% Mounted on > /dev/sda5 29G 17G 12G 58% / > tmpfs 8.3G 0 8.3G 0% /dev/shm > /dev/sdb1 50G 33G 14G 71% /home > /dev/sda1 504M 178M 301M 38% /boot > /dev/sda2 2.0G 75M 1.8G 4% /tmp > > The sda drive was 250 Gb and I shrink it to 36 Gb. I have already zeroed > all sda partitions with dd but still after converting qcow2 following > this https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files the resulting > qcow2 file is 48 Gb, not 36-40 Gb. > > Something am I missing? > > On the other hand, a few more questions: > > - Should I move to RAW format? Pros? Cons? I have read that backups take > longer but performance boost is better. > > - Anything that I have to change in Proxmox settings when using SSD > instead of SATA? > > Thanks! > > Miguel > > > > > --- This email has been checked for viruses by AVG. http://www.avg.com From e.kasper at proxmox.com Wed Nov 29 09:46:22 2017 From: e.kasper at proxmox.com (Emmanuel Kasper) Date: Wed, 29 Nov 2017 09:46:22 +0100 Subject: [PVE-User] Qcow2 and raw format, disk provisioning and SSDs In-Reply-To: References: Message-ID: <0844b3d5-6bd4-5357-ea37-0f155521753c@proxmox.com> Hi Miguel >> Something am I missing? >> >> On the other hand, a few more questions: >> >> - Should I move to RAW format? Pros? Cons? I have read that backups take >> longer but performance boost is better. choosing raw vs qcow2 is a performance vs features tradeoff see the online pve reference documentation Qemu Chapter you can optionnally activate a periodic option for the FS you put on top of your SSD, see https://wiki.archlinux.org/index.php/Solid_State_Drives#TRIM Periodic Trim for details From lonnie at outstep.com Wed Nov 29 11:11:34 2017 From: lonnie at outstep.com (Lonnie Cumberland) Date: Wed, 29 Nov 2017 05:11:34 -0500 Subject: [PVE-User] PCI Pass-Through question Message-ID: Greetings All, I am still very new to Proxmox VX and have been looking for some documentation on doing PCI Pass-Through from a VM. I actually have a older nVidia GeForce XFX 6800 XT video card and would like to pass it through in a VM that I want to load up to get the video for media playing. Not sure if this all makes sense, but I am wanting to let the VM have video/audio access to the host, if possible. Any ideas on where to find some type of documentation? Thanks and have a great day, Lonnie From dorsyka at yahoo.com Wed Nov 29 11:23:15 2017 From: dorsyka at yahoo.com (dORSY) Date: Wed, 29 Nov 2017 10:23:15 +0000 (UTC) Subject: [PVE-User] PCI Pass-Through question In-Reply-To: References: Message-ID: <1664901179.5525081.1511950995198@mail.yahoo.com> A good starting poin would be: https://pve.proxmox.com/wiki/Pci_passthrough On Wednesday, 29 November 2017, 11:11:42 CET, Lonnie Cumberland wrote: ... I am still very new to Proxmox VX and have been looking for some documentation on doing PCI Pass-Through from a VM. ... Any ideas on where to find some type of documentation? Thanks and have a great day, Lonnie From lonnie at outstep.com Wed Nov 29 11:28:23 2017 From: lonnie at outstep.com (Lonnie Cumberland) Date: Wed, 29 Nov 2017 05:28:23 -0500 Subject: [PVE-User] PCI Pass-Through question In-Reply-To: <1664901179.5525081.1511950995198@mail.yahoo.com> References: <1664901179.5525081.1511950995198@mail.yahoo.com> Message-ID: Thanks for the link and I'll look into this more. I would also be interested in any experiences or problems that people in the community might have encountered while trying to do something like this. It would be interesting to know if anyone has been able to do any type of GPU gaming in a VM using Proxmox as well. Cheers, Lonnie On Wed, Nov 29, 2017 at 5:23 AM, dORSY wrote: > A good starting poin would be: > > https://pve.proxmox.com/wiki/Pci_passthrough > > > > On Wednesday, 29 November 2017, 11:11:42 CET, Lonnie Cumberland < > lonnie at outstep.com> wrote: > ... > I am still very new to Proxmox VX and have been looking for some > documentation on doing PCI Pass-Through from a VM. > ... > Any ideas on where to find some type of documentation? > > Thanks and have a great day, > Lonnie > > From ml+pve-user at valo.at Wed Nov 29 11:43:56 2017 From: ml+pve-user at valo.at (Christian Kivalo) Date: Wed, 29 Nov 2017 11:43:56 +0100 Subject: [PVE-User] PCI Pass-Through question In-Reply-To: References: <1664901179.5525081.1511950995198@mail.yahoo.com> Message-ID: <7CD84A96-CE29-4F72-AC09-256E411255EE@valo.at> Am 29. November 2017 11:28:23 MEZ schrieb Lonnie Cumberland : >Thanks for the link and I'll look into this more. > >I would also be interested in any experiences or problems that people >in >the community might have encountered while trying to do something like >this. > >It would be interesting to know if anyone has been able to do any type >of >GPU gaming in a VM using Proxmox as well. I'm doing gaming in a win10 VM, not using proxmox but a KVM vm based on the information provided on this page https://www.evonide.com/non-root-gpu-passthrough-setup/ This page and the pages linked there also gives advice on how to test your hardware if PCI pass through is possible. >Cheers, >Lonnie > >On Wed, Nov 29, 2017 at 5:23 AM, dORSY wrote: > >> A good starting poin would be: >> >> https://pve.proxmox.com/wiki/Pci_passthrough >> >> >> >> On Wednesday, 29 November 2017, 11:11:42 CET, Lonnie Cumberland < >> lonnie at outstep.com> wrote: >> ... >> I am still very new to Proxmox VX and have been looking for some >> documentation on doing PCI Pass-Through from a VM. >> ... >> Any ideas on where to find some type of documentation? >> >> Thanks and have a great day, >> Lonnie >> >> >_______________________________________________ >pve-user mailing list >pve-user at pve.proxmox.com >https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Christian Kivalo From nmachkova at verdnatura.es Wed Nov 29 12:44:44 2017 From: nmachkova at verdnatura.es (nmachkova at verdnatura.es) Date: Wed, 29 Nov 2017 12:44:44 +0100 Subject: [PVE-User] replication problems after upgrade to 5.0-15 Message-ID: <1b4ca2e31ce894d12c6ea29c939e0161@imap.verdnatura.es> I am using ZFS for CTs at PROXMOX cluster with 2 nodes without HA since August 2017 I installed proxmox-ve_5.0-af4267bf-4.iso at 2 old servers and proxmox is really great 8-))) but I did upgrade at both nodes and something is wrong, because I am unable to do CT replications or migrations example of replication of CT 106(goat) from node mox11 => mox ========== errors from webGUI 2017-11-29 10:42:01 106-0: start replication job 2017-11-29 10:42:01 106-0: guest => CT 106, running => 1 2017-11-29 10:42:01 106-0: volumes => zfs:subvol-106-disk-1 2017-11-29 10:42:02 106-0: freeze guest filesystem 2017-11-29 10:42:03 106-0: create snapshot '__replicate_106-0_1511948521__' on zfs:subvol-106-disk-1 2017-11-29 10:42:03 106-0: thaw guest filesystem 2017-11-29 10:42:03 106-0: full sync 'zfs:subvol-106-disk-1' (__replicate_106-0_1511948521__) 2017-11-29 10:42:04 106-0: internal error: Invalid argument 2017-11-29 10:42:04 106-0: command 'zfs send -Rpv -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511948521__' failed: got signal 6 2017-11-29 10:42:04 106-0: cannot receive: failed to read from stream 2017-11-29 10:42:04 106-0: cannot open 'ctpool/subvol-106-disk-1': dataset does not exist 2017-11-29 10:42:04 106-0: command 'zfs recv -F -- ctpool/subvol-106-disk-1' failed: exit code 1 2017-11-29 10:42:04 106-0: delete previous replication snapshot '__replicate_106-0_1511948521__' on zfs:subvol-106-disk-1 2017-11-29 10:42:04 106-0: end replication job with error: command 'set -o pipefail && pvesm export zfs:subvol-106-disk-1 zfs - -with-snapshots 1 -snapshot __replicate_106-0_1511948521__ | /usr/bin/ssh -o 'BatchMode=yes' -o 'HostKeyAlias=mox' root at 172.16.251.8 -- pvesm import zfs:subvol-106-disk-1 zfs - -with-snapshots 1' failed: exit code 1 =========== version (same at both nodes) proxmox-ve: 5.0-15 (running kernel: 4.10.15-1-pve) pve-manager: 5.1-36 (running version: 5.1-36/131401db) pve-kernel-4.10.15-1-pve: 4.10.15-15 libpve-http-server-perl: 2.0-6 lvm2: 2.02.168-pve6 corosync: 2.4.2-pve3 libqb0: 1.0.1-1 pve-cluster: 5.0-15 qemu-server: 5.0-12 pve-firmware: 2.0-3 libpve-common-perl: 5.0-20 libpve-guest-common-perl: 2.0-13 libpve-access-control: 5.0-7 libpve-storage-perl: 5.0-16 pve-libspice-server1: 0.12.8-3 vncterm: 1.5-2 pve-docs: 5.1-12 pve-qemu-kvm: 2.9.0-2 pve-container: 2.0-17 pve-firewall: 3.0-3 pve-ha-manager: 2.0-3 ksm-control-daemon: 1.2-2 glusterfs-client: 3.8.8-1 lxc-pve: 2.1.0-2 lxcfs: 2.0.7-pve4 criu: 2.11.1-1~bpo90 novnc-pve: 0.6-4 smartmontools: 6.5+svn4324-1 zfsutils-linux: 0.7.3-pve1~bpo9 ========== zfs status === node mox # zfs list -t all -r ctpool NAME USED AVAIL REFER MOUNTPOINT ctpool 3.41G 25.4G 112K /ctpool ctpool/subvol-110-disk-1 503M 521M 503M /ctpool/subvol-110-disk-1 ctpool/subvol-251-disk-1 478M 3.54G 468M /ctpool/subvol-251-disk-1 ctpool/subvol-251-disk-1 at dyn01sharednet 10.1M - 467M - ctpool/subvol-252-disk-1 478M 3.54G 468M /ctpool/subvol-252-disk-1 ctpool/subvol-252-disk-1 at dyn01sharednet 10.2M - 468M - ctpool/subvol-301-disk-1 690M 3.49G 518M /ctpool/subvol-301-disk-1 ctpool/subvol-301-disk-1 at silla70y100 151M - 538M - ctpool/subvol-301-disk-1 at silla70y100fixed 18.3M - 526M - ctpool/subvol-302-disk-1 531M 3.54G 470M /ctpool/subvol-302-disk-1 ctpool/subvol-302-disk-1 at silla70y100 40.3M - 472M - ctpool/subvol-302-disk-1 at silla70y100fixed 17.6M - 478M - ctpool/subvol-501-disk-1 402M 110M 402M /ctpool/subvol-501-disk-1 ctpool/subvol-502-disk-1 388M 124M 388M /ctpool/subvol-502-disk-1 === node mox11 # zfs list -t all -r ctpool NAME USED AVAIL REFER MOUNTPOINT ctpool 3.97G 24.8G 96K /ctpool ctpool/subvol-102-disk-1 589M 7.42G 589M /ctpool/subvol-102-disk-1 ctpool/subvol-103-disk-1 870M 7.16G 855M /ctpool/subvol-103-disk-1 ctpool/subvol-103-disk-1 at campana 9.42M - 756M - ctpool/subvol-103-disk-1 at beforenodeupg 4.87M - 855M - ctpool/subvol-106-disk-1 427M 3.59G 424M /ctpool/subvol-106-disk-1 ctpool/subvol-106-disk-1 at goat_apache2 3.08M - 423M - ctpool/subvol-111-disk-1 1.65G 6.58G 1.42G /ctpool/subvol-111-disk-1 ctpool/subvol-111-disk-1 at postgresql 53.4M - 513M - ctpool/subvol-111-disk-1 at phppgadmin 2.00M - 524M - ctpool/subvol-111-disk-1 at pgwebssl 1.93M - 524M - ctpool/subvol-111-disk-1 at redmine01 28.8M - 714M - ctpool/subvol-111-disk-1 at redmine02 31.5M - 882M - ctpool/subvol-111-disk-1 at redmine03 43.4M - 1.42G - ctpool/subvol-111-disk-1 at redmine04 19.0M - 1.42G - ctpool/subvol-111-disk-1 at redmine05 7.14M - 1.42G - ctpool/subvol-220-disk-1 470M 554M 470M /ctpool/subvol-220-disk-1 ============== node mox11 # zpool history ctpool 2017-11-28.14:26:08 zfs destroy ctpool/subvol-106-disk-1 at __replicate_106-0_1511875560__ 2017-11-28.14:32:05 zpool import -c /etc/zfs/zpool.cache -aN 2017-11-28.15:10:04 zfs snapshot ctpool/subvol-103-disk-1 at __replicate_103-0_1511878201__ 2017-11-28.15:10:09 zfs destroy ctpool/subvol-103-disk-1 at __replicate_103-0_1511878201__ 2017-11-28.15:15:04 zfs snapshot ctpool/subvol-103-disk-1 at __replicate_103-0_1511878501__ 2017-11-28.15:15:09 zfs destroy ctpool/subvol-103-disk-1 at __replicate_103-0_1511878501__ 2017-11-28.15:43:59 zfs snapshot ctpool/subvol-106-disk-1 at __migration__ 2017-11-28.15:44:04 zfs destroy ctpool/subvol-106-disk-1 at __migration__ 2017-11-29.10:42:04 zfs snapshot ctpool/subvol-106-disk-1 at __replicate_106-0_1511948521__ 2017-11-29.10:42:09 zfs destroy ctpool/subvol-106-disk-1 at __replicate_106-0_1511948521__ 2017-11-29.10:47:04 zfs snapshot ctpool/subvol-106-disk-1 at __replicate_106-0_1511948821__ 2017-11-29.10:47:09 zfs destroy ctpool/subvol-106-disk-1 at __replicate_106-0_1511948821__ 2017-11-29.10:57:04 zfs snapshot ctpool/subvol-106-disk-1 at __replicate_106-0_1511949421__ 2017-11-29.10:57:09 zfs destroy ctpool/subvol-106-disk-1 at __replicate_106-0_1511949421__ ============== node mox # zpool history ctpool 2017-11-28.05:10:40 zfs get -o value -Hp available,used ctpool 2017-11-28.05:33:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.06:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.06:09:59 zpool list -o name -H ctpool 2017-11-28.06:21:30 zfs get -o value -Hp available,used ctpool 2017-11-28.06:33:10 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.07:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.07:04:52 zpool list -o name -H ctpool 2017-11-28.07:04:57 zfs get -o value -Hp available,used ctpool 2017-11-28.07:33:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.08:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.08:04:21 zfs get -o value -Hp available,used ctpool 2017-11-28.08:07:41 zpool list -o name -H ctpool 2017-11-28.08:33:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.08:56:12 zpool list -o name -H ctpool 2017-11-28.09:03:10 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.09:04:21 zfs get -o value -Hp available,used ctpool 2017-11-28.09:16:59 zfs get -o value -Hp available,used ctpool 2017-11-28.09:33:08 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.10:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.10:33:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.11:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.11:13:29 zpool list -o name -H ctpool 2017-11-28.11:33:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.12:03:09 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.12:09:49 zpool list -o name -H ctpool 2017-11-28.12:22:47 zpool list -o name -H ctpool 2017-11-28.12:33:08 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.12:38:41 zpool list -o name -H ctpool 2017-11-28.12:42:11 zpool list -o name -H ctpool 2017-11-28.13:07:37 zfs get -o value -Hp available,used ctpool 2017-11-28.13:10:59 zpool import -c /etc/zfs/zpool.cache -aN 2017-11-28.13:33:10 zfs rollback -r -- ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.13:43:02 zfs destroy ctpool/subvol-106-disk-1 at __replicate_106-0_1511251201__ 2017-11-28.13:43:09 zfs destroy -r ctpool/subvol-106-disk-1 2017-11-28.14:12:19 zfs destroy ctpool/subvol-103-disk-1 2017-11-29.04:50:24 zfs get -o value -Hp available,used ctpool 2017-11-29.10:39:14 zfs set compression=lz4 ctpool # zpool status pool: ctpool state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using 'zpool upgrade'. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(5) for details. scan: scrub repaired 0B in 0h6m with 0 errors on Sun Nov 26 00:30:42 2017 config: NAME STATE READ WRITE CKSUM ctpool ONLINE 0 0 0 zfs ONLINE 0 0 0 errors: No known data errors root at mox:~# zfs get all ctpool NAME PROPERTY VALUE SOURCE ctpool type filesystem - ctpool creation Mon Jul 31 16:48 2017 - ctpool used 3.41G - ctpool available 25.4G - ctpool referenced 112K - ctpool compressratio 1.87x - ctpool mounted yes - ctpool quota none default ctpool reservation none default ctpool recordsize 128K default ctpool mountpoint /ctpool default ctpool sharenfs off default ctpool checksum on default ctpool compression lz4 local ctpool atime on default ctpool devices on default ctpool exec on default ctpool setuid on default ctpool readonly off default ctpool zoned off default ctpool snapdir hidden default ctpool aclinherit restricted default ctpool createtxg 1 - ctpool canmount on default ctpool xattr on default ctpool copies 1 default ctpool version 5 - ctpool utf8only off - ctpool normalization none - ctpool casesensitivity sensitive - ctpool vscan off default ctpool nbmand off default ctpool sharesmb off default ctpool refquota none default ctpool refreservation none default ctpool guid 2622709745618035732 - ctpool primarycache all default ctpool secondarycache all default ctpool usedbysnapshots 0B - ctpool usedbydataset 112K - ctpool usedbychildren 3.41G - ctpool usedbyrefreservation 0B - ctpool logbias latency default ctpool dedup off default ctpool mlslabel none default ctpool sync standard default ctpool dnodesize legacy default ctpool refcompressratio 1.00x - ctpool written 112K - ctpool logicalused 5.79G - ctpool logicalreferenced 45.5K - ctpool volmode default default ctpool filesystem_limit none default ctpool snapshot_limit none default ctpool filesystem_count none default ctpool snapshot_count none default ctpool snapdev hidden default ctpool acltype off default ctpool context none default ctpool fscontext none default ctpool defcontext none default ctpool rootcontext none default ctpool relatime off default ctpool redundant_metadata all default ctpool overlay off default I disabled and removed ALL the replication tasks and tried to find some answer at # systemctl status zed # pvesr status BUT this is interesting, I tried to upgrade the pool as it is recommended via zpool status # zpool upgrade -a This system supports ZFS pool feature flags. cannot set property for 'ctpool': invalid argument for this pool operation =============== end hm, replication error is occuring just after some "sync" operation so these are my packages related to sync # dpkg -l |grep sync ii corosync 2.4.2-pve3 amd64 cluster engine daemon and utilities ii libasyncns0:amd64 0.8-6 amd64 Asynchronous name service query library ii libcorosync-common4:amd64 2.4.2-pve3 amd64 cluster engine common library ii libevent-2.0-5:amd64 2.0.21-stable-3 amd64 Asynchronous event notification library ii libfile-sync-perl 0.11-2+b3 amd64 Perl interface to sync() and fsync() ii libpve-http-server-perl 2.0-6 all Proxmox Asynchrounous HTTP Server Implementation ii rsync 3.1.2-1 amd64 fast, versatile, remote (and local) file-copying tool do I have to install pve-zsync ??? MANY THANKS for your time&energy amigos Nada From w.link at proxmox.com Wed Nov 29 12:48:44 2017 From: w.link at proxmox.com (Wolfgang Link) Date: Wed, 29 Nov 2017 12:48:44 +0100 (CET) Subject: [PVE-User] replication problems after upgrade to 5.0-15 In-Reply-To: <1b4ca2e31ce894d12c6ea29c939e0161@imap.verdnatura.es> References: <1b4ca2e31ce894d12c6ea29c939e0161@imap.verdnatura.es> Message-ID: <545814722.30.1511956124438@webmail.proxmox.com> > =========== version (same at both nodes) > > proxmox-ve: 5.0-15 (running kernel: 4.10.15-1-pve) > pve-manager: 5.1-36 (running version: 5.1-36/131401db) > pve-kernel-4.10.15-1-pve: 4.10.15-15 > libpve-http-server-perl: 2.0-6 > lvm2: 2.02.168-pve6 > corosync: 2.4.2-pve3 > libqb0: 1.0.1-1 > pve-cluster: 5.0-15 > qemu-server: 5.0-12 > pve-firmware: 2.0-3 > libpve-common-perl: 5.0-20 > libpve-guest-common-perl: 2.0-13 > libpve-access-control: 5.0-7 > libpve-storage-perl: 5.0-16 > pve-libspice-server1: 0.12.8-3 > vncterm: 1.5-2 > pve-docs: 5.1-12 > pve-qemu-kvm: 2.9.0-2 > pve-container: 2.0-17 > pve-firewall: 3.0-3 > pve-ha-manager: 2.0-3 > ksm-control-daemon: 1.2-2 > glusterfs-client: 3.8.8-1 > lxc-pve: 2.1.0-2 > lxcfs: 2.0.7-pve4 > criu: 2.11.1-1~bpo90 > novnc-pve: 0.6-4 > smartmontools: 6.5+svn4324-1 > zfsutils-linux: 0.7.3-pve1~bpo9 > The kernel 4.10.15-15 has zfs 0.6.5 modules in it and you are using zfsutils 0.7.3. You have to upgrade your kernel. From nmachkova at verdnatura.es Wed Nov 29 13:50:55 2017 From: nmachkova at verdnatura.es (nmachkova at verdnatura.es) Date: Wed, 29 Nov 2017 13:50:55 +0100 Subject: [PVE-User] replication problems after upgrade to 5.0-15 In-Reply-To: <545814722.30.1511956124438@webmail.proxmox.com> References: <1b4ca2e31ce894d12c6ea29c939e0161@imap.verdnatura.es> <545814722.30.1511956124438@webmail.proxmox.com> Message-ID: <6b090071ca49048f7d102a56ed9aae03@imap.verdnatura.es> MUCHAS GRACIAS Wolfgang !!! I have just done distupgrade at both nodes root at mox:~# pveversion pve-manager/5.1-36/131401db (running kernel: 4.13.4-1-pve) root at mox11:~# pveversion pve-manager/5.1-36/131401db (running kernel: 4.13.8-1-pve) replication & migration works denuevo ;-) have a NICE day Nada El 2017-11-29 12:48, Wolfgang Link escribi?: > The kernel 4.10.15-15 has zfs 0.6.5 modules in it and you are using > zfsutils 0.7.3. > You have to upgrade your kernel. >> =========== version (same at both nodes) >> >> proxmox-ve: 5.0-15 (running kernel: 4.10.15-1-pve) >> pve-manager: 5.1-36 (running version: 5.1-36/131401db) >> pve-kernel-4.10.15-1-pve: 4.10.15-15 >> libpve-http-server-perl: 2.0-6 >> lvm2: 2.02.168-pve6 >> corosync: 2.4.2-pve3 >> libqb0: 1.0.1-1 >> pve-cluster: 5.0-15 >> qemu-server: 5.0-12 >> pve-firmware: 2.0-3 >> libpve-common-perl: 5.0-20 >> libpve-guest-common-perl: 2.0-13 >> libpve-access-control: 5.0-7 >> libpve-storage-perl: 5.0-16 >> pve-libspice-server1: 0.12.8-3 >> vncterm: 1.5-2 >> pve-docs: 5.1-12 >> pve-qemu-kvm: 2.9.0-2 >> pve-container: 2.0-17 >> pve-firewall: 3.0-3 >> pve-ha-manager: 2.0-3 >> ksm-control-daemon: 1.2-2 >> glusterfs-client: 3.8.8-1 >> lxc-pve: 2.1.0-2 >> lxcfs: 2.0.7-pve4 >> criu: 2.11.1-1~bpo90 >> novnc-pve: 0.6-4 >> smartmontools: 6.5+svn4324-1 >> zfsutils-linux: 0.7.3-pve1~bpo9 >> From miguel_3_gonzalez at yahoo.es Wed Nov 29 15:00:25 2017 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Wed, 29 Nov 2017 15:00:25 +0100 Subject: [PVE-User] NAT Message-ID: <233125c9-564b-0454-f9aa-72ca9138e655@yahoo.es> I have installed Proxmox 5.1. Can I have two vmbr ? One for the bridge IPs and another for NAT? I want to have two VMs that only have access to Internet but not reachable from outside. Right now I have: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # for Routing auto vmbr1 iface vmbr1 inet manual bridge_ports dummy0 bridge_stp off bridge_fd 0 # vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you. auto vmbr0 iface vmbr0 inet static address x.x.x.x netmask 255.255.255.0 network x.x.x.0 broadcast x.x.x.255 gateway x.x.x.254 bridge_ports eth0 bridge_stp off bridge_fd 0 iface vmbr0 inet6 static address 2001:41d0:0008:0d0c:: netmask 64 post-up /sbin/ip -f inet6 route add x.x.x.x dev vmbr0 post-up /sbin/ip -f inet6 route add default via x.x.x.x pre-down /sbin/ip -f inet6 route del default via x.x.x.x pre-down /sbin/ip -f inet6 route del x.x.x.x dev vmbr0 auto vmbr2 #private sub network iface vmbr2 inet static address 10.10.10.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE But this is not working Miguel --- This email has been checked for viruses by AVG. http://www.avg.com From dietmar at proxmox.com Thu Nov 30 12:32:14 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Thu, 30 Nov 2017 12:32:14 +0100 (CET) Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> Message-ID: <2026549297.36.1512041535093@webmail.proxmox.com> This is why we have an enterprise repository! Please use the enterprise repository if you want SSL. > On November 30, 2017 at 12:22 PM Florent B wrote: > > > Up ! > > > On 30/05/2017 15:21, Florent B wrote: > > Hi PVE team, > > > > Would it be possible to include "download.proxmox.com" in SSL > > certificate for accessing downloads with HTTPS. > > > > Current certificate is only valid for proxmox.com & enterprise.proxmox.com. > > > > Thank you. > > > > Florent > > > > _______________________________________________ > > pve-user mailing list > > pve-user at pve.proxmox.com > > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user From f.gruenbichler at proxmox.com Thu Nov 30 12:51:52 2017 From: f.gruenbichler at proxmox.com (Fabian =?iso-8859-1?Q?Gr=FCnbichler?=) Date: Thu, 30 Nov 2017 12:51:52 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <3f335c71-9b2d-30f1-4545-e765b3ca6291@coppint.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <3f335c71-9b2d-30f1-4545-e765b3ca6291@coppint.com> Message-ID: <20171130115152.yibjduakt6x7todw@nora.maurer-it.com> On Thu, Nov 30, 2017 at 12:42:29PM +0100, Florent B wrote: > So https on repository is not possible without subscription ? Ok > wonderfull... > > https cost is null nowadays. > you don't need TLS to ensure the integrity of updates, the packages are hashed and (transitively) signed, all of which is verified after downloading. the main reason why the enterprise repository is available via https (only) is the authentication of the PVE server to the repository server.. From francesco.ongaro at isgroup.it Thu Nov 30 14:07:00 2017 From: francesco.ongaro at isgroup.it (Francesco Ongaro) Date: Thu, 30 Nov 2017 14:07:00 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <2026549297.36.1512041535093@webmail.proxmox.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> Message-ID: On 30/11/2017 12:32, Dietmar Maurer wrote: > This is why we have an enterprise repository! Please use the enterprise > repository > if you want SSL. Hi Dietmar, I greatly respect the work you do on Proxmox but this specific response is under your habitual standards from a security standpoint. $ curl "https://download.proxmox.com" curl: (51) SSL: certificate subject name (enterprise.proxmox.com) does not match target host name 'download.proxmox.com' $ curl "http://download.proxmox.com" Index of /

Index of /

../
debian/
14-Nov-2017 08:14                   -
images/
16-Mar-2017 15:58                   -
iso/
24-Oct-2017 11:19                   -
temp/
25-Oct-2017 13:03                   -
Even if some files are signed and can be manually verified it would be nice to have such vhost protected by a secure communication channel. Using SNI you can implement this at little cost (no need to have an additional IP, given clients are up date) and then just get a certificate for that Common Name from your certificate authority of choice. +1 for HTTPS Thanks, Francesco `ascii` Ongaro -- Francesco Ongaro, Senior Security Researcher ISGroup: Information Security Group (www.isgroup.it) Tel (+39) 045 4853232 Fax (+39) 045 5111719 Voicemail (+39) 02 320624653 AVVISO PRIVACY Il contenuto della presente e-mail ed i suoi allegati, sono diretti esclusivamente al destinatario e devono ritenersi riservati, con divieto di diffusione o di uso non conforme alle finalit? per le quali la presente e-mail ? stata inviata. Pertanto, ne ? vietata la diffusione e la comunicazione da parte di soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p. e D.lgs n. 196/03 Codice Privacy. Se la presente e-mail ed i suoi allegati sono stati ricevuti per errore, siete pregati di distruggere quanto ricevuto e di informare il mittente al seguente recapito: isgroup at isgroup.it From dietmar at proxmox.com Thu Nov 30 14:21:41 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Thu, 30 Nov 2017 14:21:41 +0100 (CET) Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> Message-ID: <1173003957.40.1512048101985@webmail.proxmox.com> > I greatly respect the work you do on Proxmox but this specific response > is under your habitual standards from a security standpoint. Exactly. That is why we provide the enterprise repository. From frank.thommen at uni-heidelberg.de Thu Nov 30 14:27:41 2017 From: frank.thommen at uni-heidelberg.de (Frank Thommen) Date: Thu, 30 Nov 2017 14:27:41 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <1173003957.40.1512048101985@webmail.proxmox.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> Message-ID: On 11/30/2017 02:21 PM, Dietmar Maurer wrote: >> I greatly respect the work you do on Proxmox but this specific response >> is under your habitual standards from a security standpoint. > > Exactly. That is why we provide the enterprise repository. IMHO the times where security and confidentiality (https) are limited to enterprise/paid services are long gone. As the OP noted, https comes at no cost and there is no reason not to have it configured. I'd even say, that https is mandatory for every site publishing more than just personal statements. Cheers frank From dietmar at proxmox.com Thu Nov 30 14:34:51 2017 From: dietmar at proxmox.com (Dietmar Maurer) Date: Thu, 30 Nov 2017 14:34:51 +0100 (CET) Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> Message-ID: <419162235.42.1512048892203@webmail.proxmox.com> > On 11/30/2017 02:21 PM, Dietmar Maurer wrote: > >> I greatly respect the work you do on Proxmox but this specific response > >> is under your habitual standards from a security standpoint. > > > > Exactly. That is why we provide the enterprise repository. > > IMHO the times where security and confidentiality (https) are limited to > enterprise/paid services are long gone. As the OP noted, https comes at > no cost and there is no reason not to have it configured. I'd even say, > that https is mandatory for every site publishing more than just > personal statements. Again, please use the enterprise repository if you want https. From jcrisp at safeandsoundit.co.uk Thu Nov 30 15:01:53 2017 From: jcrisp at safeandsoundit.co.uk (John Crisp) Date: Thu, 30 Nov 2017 15:01:53 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <419162235.42.1512048892203@webmail.proxmox.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> Message-ID: On 30/11/17 14:34, Dietmar Maurer wrote: >> On 11/30/2017 02:21 PM, Dietmar Maurer wrote: >>>> I greatly respect the work you do on Proxmox but this specific response >>>> is under your habitual standards from a security standpoint. >>> >>> Exactly. That is why we provide the enterprise repository. >> >> IMHO the times where security and confidentiality (https) are limited to >> enterprise/paid services are long gone. As the OP noted, https comes at >> no cost and there is no reason not to have it configured. I'd even say, >> that https is mandatory for every site publishing more than just >> personal statements. > > Again, please use the enterprise repository if you want https. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From lemonnierk at ulrar.net Thu Nov 30 15:11:41 2017 From: lemonnierk at ulrar.net (lemonnierk at ulrar.net) Date: Thu, 30 Nov 2017 14:11:41 +0000 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> Message-ID: <20171130141141.GA24417@ciara.ulrar.net> This is dumb. I agree that it wouldn't cost them anything to setup HTTPS, but I also agree that it is useless. The packages are signed and apt already checks the signature, HTTPS wouldn'd add anything at all. Unless you want to hide the fact that you are installing proxmox itself, but the connection to proxmox's repo itself gives that away. On Thu, Nov 30, 2017 at 03:01:53PM +0100, John Crisp wrote: > On 30/11/17 14:34, Dietmar Maurer wrote: > >> On 11/30/2017 02:21 PM, Dietmar Maurer wrote: > >>>> I greatly respect the work you do on Proxmox but this specific response > >>>> is under your habitual standards from a security standpoint. > >>> > >>> Exactly. That is why we provide the enterprise repository. > >> > >> IMHO the times where security and confidentiality (https) are limited to > >> enterprise/paid services are long gone. As the OP noted, https comes at > >> no cost and there is no reason not to have it configured. I'd even say, > >> that https is mandatory for every site publishing more than just > >> personal statements. > > > > Again, please use the enterprise repository if you want https. > > > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Digital signature URL: From frank.thommen at uni-heidelberg.de Thu Nov 30 15:45:19 2017 From: frank.thommen at uni-heidelberg.de (Frank Thommen) Date: Thu, 30 Nov 2017 15:45:19 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <20171130141141.GA24417@ciara.ulrar.net> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> Message-ID: <016b5438-f383-3018-1ad3-4d6d85b3e1ea@uni-heidelberg.de> On 11/30/2017 03:11 PM, lemonnierk at ulrar.net wrote: > This is dumb. I agree that it wouldn't cost them anything to setup > HTTPS, but I also agree that it is useless. The packages are signed and > apt already checks the signature, HTTPS wouldn'd add anything at all. Not true: It gives you the certainty to be connected to the "real" proxmox page and not a fake page, e.g. by being redirected through a hacked nameserver or local resolver. And afaik, those using the community version don't have access to the enterprise repos. frank > > Unless you want to hide the fact that you are installing proxmox itself, > but the connection to proxmox's repo itself gives that away. > > On Thu, Nov 30, 2017 at 03:01:53PM +0100, John Crisp wrote: >> On 30/11/17 14:34, Dietmar Maurer wrote: >>>> On 11/30/2017 02:21 PM, Dietmar Maurer wrote: >>>>>> I greatly respect the work you do on Proxmox but this specific response >>>>>> is under your habitual standards from a security standpoint. >>>>> >>>>> Exactly. That is why we provide the enterprise repository. >>>> >>>> IMHO the times where security and confidentiality (https) are limited to >>>> enterprise/paid services are long gone. As the OP noted, https comes at >>>> no cost and there is no reason not to have it configured. I'd even say, >>>> that https is mandatory for every site publishing more than just >>>> personal statements. >>> >>> Again, please use the enterprise repository if you want https. >>> >> >> >> > > > > >> _______________________________________________ >> pve-user mailing list >> pve-user at pve.proxmox.com >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > _______________________________________________ > pve-user mailing list > pve-user at pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Frank Thommen | HD-HuB / DKFZ Heidelberg | frank.thommen at uni-heidelberg.de | MMK: +49-6221-54-3637 (Mo-Mi, Fr) | IPMB: +49-6221-54-5823 (Do) From lemonnierk at ulrar.net Thu Nov 30 15:49:50 2017 From: lemonnierk at ulrar.net (lemonnierk at ulrar.net) Date: Thu, 30 Nov 2017 14:49:50 +0000 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <016b5438-f383-3018-1ad3-4d6d85b3e1ea@uni-heidelberg.de> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> <016b5438-f383-3018-1ad3-4d6d85b3e1ea@uni-heidelberg.de> Message-ID: <20171130144950.GB24417@ciara.ulrar.net> > Not true: It gives you the certainty to be connected to the "real" > proxmox page and not a fake page, e.g. by being redirected through a > hacked nameserver or local resolver. Sure, but the packages are signed. Since apt does check that itself, where you connect really doesn't matter, you are already sure the packages are only installed if they come from the actual proxmox repo (at least you are sure if you pay attention to what key you import into apt) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Digital signature URL: From t.lamprecht at proxmox.com Thu Nov 30 16:25:59 2017 From: t.lamprecht at proxmox.com (Thomas Lamprecht) Date: Thu, 30 Nov 2017 16:25:59 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <016b5438-f383-3018-1ad3-4d6d85b3e1ea@uni-heidelberg.de> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> <016b5438-f383-3018-1ad3-4d6d85b3e1ea@uni-heidelberg.de> Message-ID: On 11/30/2017 03:45 PM, Frank Thommen wrote: > On 11/30/2017 03:11 PM, lemonnierk at ulrar.net wrote: >> This is dumb. I agree that it wouldn't cost them anything to setup >> HTTPS, but I also agree that it is useless. The packages are signed and >> apt already checks the signature, HTTPS wouldn'd add anything at all. > > Not true: It gives you the certainty to be connected to the "real" proxmox page and not a fake page, e.g. by being redirected through a hacked nameserver or local resolver. > Not true, at least for the free certificates mentioned - I assume Let's Encrypt (or to be more general: ACME). An encrypted connection does not imply a verified/trusted identification, i.e., that the host you're connecting to is really the one you wanted. So no, just using SSL does not really adds you anything here, AFAIK. The packages are signed with our release key, thus if you do not add other untrusted keys you're as safe as it gets with apt/dpkg, independent of how the package was pulled, over an encrypted or unencrypted connection. If one tampers with it you will notice it. A bit off topic: The enterprise repository starts at ca. a big beer per month (or two, if you're lucky and have good cheap beer :), IMHO a affordable price for most, and if that's not the case no problem and no security loss with using no-subscription. You may naturally say that I, as a Proxmox employee, am biased, but I follow also the 'a beer per month for *free* software is totally worth it' paradigm for various projects I'm using at daily/weekly basis, be it community and/or company backed projects. Also contributing, by helping others, fixing/testing stuff helps naturally also a lot. I saw a post in the forum where one said that he sadly cannot afford support but tries to helps this way, found that also cool. Just a private side note about how I look at this/similar issue on most open source/software freedom projects. > And afaik, those using the community version don't have access to the enterprise repos. > FYI: Those who have a Community Subscription do have access to the enterprise repository, but no Enterprise Support, if I understood you correctly. cheers, Thomas > frank > > > >> >> Unless you want to hide the fact that you are installing proxmox itself, >> but the connection to proxmox's repo itself gives that away. >> >> On Thu, Nov 30, 2017 at 03:01:53PM +0100, John Crisp wrote: >>> On 30/11/17 14:34, Dietmar Maurer wrote: >>>>> On 11/30/2017 02:21 PM, Dietmar Maurer wrote: >>>>>>> I greatly respect the work you do on Proxmox but this specific response >>>>>>> is under your habitual standards from a security standpoint. >>>>>> >>>>>> Exactly. That is why we provide the enterprise repository. >>>>> >>>>> IMHO the times where security and confidentiality (https) are limited to >>>>> enterprise/paid services are long gone.? As the OP noted, https comes at >>>>> no cost and there is no reason not to have it configured.? I'd even say, >>>>> that https is mandatory for every site publishing more than just >>>>> personal statements. >>>> >>>> Again, please use the enterprise repository if you want https. >>>> >>> >>> >>> >> >> >> >> >>> _______________________________________________ >>> pve-user mailing list >>> pve-user at pve.proxmox.com >>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> >> >> >> _______________________________________________ >> pve-user mailing list >> pve-user at pve.proxmox.com >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> > From francesco.ongaro at isgroup.it Thu Nov 30 16:34:28 2017 From: francesco.ongaro at isgroup.it (Francesco Ongaro) Date: Thu, 30 Nov 2017 16:34:28 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <20171130141141.GA24417@ciara.ulrar.net> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> Message-ID: On 30/11/2017 15:11, lemonnierk at ulrar.net wrote: > This is dumb. I agree that it wouldn't cost them anything to setup > HTTPS, but I also agree that it is useless. The packages are signed and > apt already checks the signature, HTTPS wouldn'd add anything at all. > > Unless you want to hide the fact that you are installing proxmox itself, > but the connection to proxmox's repo itself gives that away. You are right until you install something manually using dpkg. Example: http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb Best, Francesco -- Francesco Ongaro, Senior Security Researcher ISGroup: Information Security Group (www.isgroup.it) Tel (+39) 045 4853232 Fax (+39) 045 5111719 Voicemail (+39) 02 320624653 AVVISO PRIVACY Il contenuto della presente e-mail ed i suoi allegati, sono diretti esclusivamente al destinatario e devono ritenersi riservati, con divieto di diffusione o di uso non conforme alle finalit? per le quali la presente e-mail ? stata inviata. Pertanto, ne ? vietata la diffusione e la comunicazione da parte di soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p. e D.lgs n. 196/03 Codice Privacy. Se la presente e-mail ed i suoi allegati sono stati ricevuti per errore, siete pregati di distruggere quanto ricevuto e di informare il mittente al seguente recapito: isgroup at isgroup.it -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From f.gruenbichler at proxmox.com Thu Nov 30 16:44:22 2017 From: f.gruenbichler at proxmox.com (=?UTF-8?Q?Fabian_Gr=C3=BCnbichler?=) Date: Thu, 30 Nov 2017 16:44:22 +0100 (CET) Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> Message-ID: <1759221372.59.1512056662732@webmail.proxmox.com> > Francesco Ongaro hat am 30. November 2017 um 16:34 geschrieben: > > > On 30/11/2017 15:11, lemonnierk at ulrar.net wrote: > > This is dumb. I agree that it wouldn't cost them anything to setup > > HTTPS, but I also agree that it is useless. The packages are signed and > > apt already checks the signature, HTTPS wouldn'd add anything at all. > > > > Unless you want to hide the fact that you are installing proxmox itself, > > but the connection to proxmox's repo itself gives that away. > > You are right until you install something manually using dpkg. > > Example: > > http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb > for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous.. 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463 From francesco.ongaro at isgroup.it Thu Nov 30 18:12:13 2017 From: francesco.ongaro at isgroup.it (Francesco Ongaro) Date: Thu, 30 Nov 2017 18:12:13 +0100 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: <1759221372.59.1512056662732@webmail.proxmox.com> References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> <1759221372.59.1512056662732@webmail.proxmox.com> Message-ID: On 30/11/2017 16:44, Fabian Gr?nbichler wrote: >> Francesco Ongaro hat am 30. November 2017 um 16:34 geschrieben: >> You are right until you install something manually using dpkg. >> >> Example: >> >> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb > > for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous.. > > 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463 Hi Fabian, I think that good security is implemented by overlapping multiple controls while keeping the workflow simple and convenient for end users. When the cost is low it's often a no-brainer to implement a security control. Checking hashes manually is certainly doable, maybe not that convenient. Sorry to sound ridiculous to you[1], my opinion is that being able to communicate in a professional way is a nice skill to cultivate. Best regards, Francesco [1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG "I am an advocat of free and open source software as well as meaningful security solutions for everyone (such as accessable encrypted communication methods and secure information storage)." -- Francesco Ongaro, Senior Security Researcher ISGroup: Information Security Group (www.isgroup.it) Tel (+39) 045 4853232 Fax (+39) 045 5111719 Voicemail (+39) 02 320624653 AVVISO PRIVACY Il contenuto della presente e-mail ed i suoi allegati, sono diretti esclusivamente al destinatario e devono ritenersi riservati, con divieto di diffusione o di uso non conforme alle finalit? per le quali la presente e-mail ? stata inviata. Pertanto, ne ? vietata la diffusione e la comunicazione da parte di soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p. e D.lgs n. 196/03 Codice Privacy. Se la presente e-mail ed i suoi allegati sono stati ricevuti per errore, siete pregati di distruggere quanto ricevuto e di informare il mittente al seguente recapito: isgroup at isgroup.it From jeremiah at jltechinc.com Thu Nov 30 18:23:18 2017 From: jeremiah at jltechinc.com (obj@jltechinc.com) Date: Thu, 30 Nov 2017 12:23:18 -0500 Subject: [PVE-User] HTTPS for download.proxmox.com In-Reply-To: References: <0701d274-de00-84e2-e8e4-e62f0ac5ee3a@coppint.com> <2026549297.36.1512041535093@webmail.proxmox.com> <1173003957.40.1512048101985@webmail.proxmox.com> <419162235.42.1512048892203@webmail.proxmox.com> <20171130141141.GA24417@ciara.ulrar.net> <1759221372.59.1512056662732@webmail.proxmox.com> Message-ID: <057a4ea6-9d91-65c7-b376-6c673a04012d@jltechinc.com> Francesco, please let it go and stop this thread. There are no more answers to give you on this subject... -obj Francesco Ongaro wrote on 11/30/2017 12:12 PM: > On 30/11/2017 16:44, Fabian Gr?nbichler wrote: >>> Francesco Ongaro hat am 30. November 2017 um 16:34 geschrieben: >>> You are right until you install something manually using dpkg. >>> >>> Example: >>> >>> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb >> for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous.. >> >> 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463 > Hi Fabian, > > I think that good security is implemented by overlapping multiple > controls while keeping the workflow simple and convenient for end > users. > > When the cost is low it's often a no-brainer to implement a security > control. > > Checking hashes manually is certainly doable, maybe not that convenient. > > Sorry to sound ridiculous to you[1], my opinion is that being able to > communicate in a professional way is a nice skill to cultivate. > > Best regards, > Francesco > > [1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG > > "I am an advocat of free and open source software as well as meaningful > security solutions for everyone (such as accessable encrypted > communication methods and secure information storage)." >