Proxmox: Difference between revisions
| No edit summary | No edit summary | ||
| Line 70: | Line 70: | ||
| See https://pve.proxmox.com/wiki/Linux_Container | See https://pve.proxmox.com/wiki/Linux_Container | ||
| == Upgrade Proxmox 7 to Proxmox 8 == | |||
|  Upgrade from 7 to 8 - Proxmox VE | |||
|  https://pve.proxmox.com/wiki/Upgrade_from_7_to_8 | |||
| Update to latest v7: | |||
|  apt update | |||
|  apt dist-upgrade | |||
| Checks: | |||
|  pve7to8 | |||
| All checks: | |||
|  pve7to8 --full | |||
| Switch to Bookworm: | |||
|  sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list | |||
| Add VE 8: | |||
|  # echo "deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list | |||
|  sed -i -e 's/bullseye/bookworm/g' /etc/apt/sources.list.d/pve-install-repo.list  | |||
| Update system to v8: | |||
|  apt update | |||
|  apt dist-upgrade | |||
| == ping - Operation not permitted == | |||
| Fix with: | |||
|  setcap cap_net_raw+ep /bin/ping | |||
| or: | |||
|  chmod u+s /sbin/ping | |||
| "I suspect the setuid workaround would likely work and is how ping was shipped in distros for a very long time (and so not particularly risky)." <ref>https://discuss.linuxcontainers.org/t/ping-is-failing-in-containers-with-ping-socket-operation-not-permitted/14240/4</ref> | |||
| ref <ref>Ping with unprivileged user in LXC container / Linux capabilities | Proxmox Support Forum - https://forum.proxmox.com/threads/ping-with-unprivileged-user-in-lxc-container-linux-capabilities.42308/</ref> <ref>No ping from non root user in Debian Buster LXC | Proxmox Support Forum - https://forum.proxmox.com/threads/no-ping-from-non-root-user-in-debian-buster-lxc.72366/#post-387633</ref> | |||
| == keywords == | |||
| == references == | |||
| {{ref}} | |||
Revision as of 19:38, 21 December 2023
NFS in Container
NFS requires extra permissions to run in a Container (CT), which uses LXC.
Deselect "Unprivileged container", and add the Features "mount=nfs"
# mount 192.168.108.30:/nfs/ken /mnt mount.nfs: access denied by server while mounting 192.168.108.30:/nfs/ken
When trying to add the "mount=nfs" feature:
Permission check failed (changing feature flags for privileged container is only allowed for root@pam) (403)
Login as root and:
pct set 112 -features mount=nfs
# pct set 112 -features mount=nfs --save # is this needed?
LXC - Linux Containers
To use the LC options you first need to download a LC template.
First update the list:
pveam update
Note: The list of available templates is updated daily through the pve-daily-update timer
To list images:
pveam available
To list only system images:
pveam available --section system
Example:
root@proxmox1:~# pveam available --section system system almalinux-9-default_20221108_amd64.tar.xz system alpine-3.18-default_20230607_amd64.tar.xz system archlinux-base_20230608-1_amd64.tar.zst system centos-9-stream-default_20221109_amd64.tar.xz system debian-11-standard_11.7-1_amd64.tar.zst system debian-12-standard_12.2-1_amd64.tar.zst system devuan-4.0-standard_4.0_amd64.tar.gz system fedora-38-default_20230607_amd64.tar.xz system fedora-39-default_20231118_amd64.tar.xz system gentoo-current-openrc_20231009_amd64.tar.xz system opensuse-15.4-default_20221109_amd64.tar.xz system opensuse-15.5-default_20231118_amd64.tar.xz system rockylinux-9-default_20221109_amd64.tar.xz system ubuntu-20.04-standard_20.04-1_amd64.tar.gz system ubuntu-22.04-standard_22.04-1_amd64.tar.zst system ubuntu-23.04-standard_23.04-1_amd64.tar.zst system ubuntu-23.10-standard_23.10-1_amd64.tar.zst
Download to data store:
pveam download mydatastore ubuntu-22.04-standard_22.04-1_amd64.tar.zst
List images on data store:
pveam list mydatastore
# example NAME SIZE mydatastore:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst 123.81MB
To remove:
pveam remove mydatastore:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst
See https://pve.proxmox.com/wiki/Linux_Container
Upgrade Proxmox 7 to Proxmox 8
Upgrade from 7 to 8 - Proxmox VE https://pve.proxmox.com/wiki/Upgrade_from_7_to_8
Update to latest v7:
apt update apt dist-upgrade
Checks:
pve7to8
All checks:
pve7to8 --full
Switch to Bookworm:
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
Add VE 8:
# echo "deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list sed -i -e 's/bullseye/bookworm/g' /etc/apt/sources.list.d/pve-install-repo.list
Update system to v8:
apt update apt dist-upgrade
ping - Operation not permitted
Fix with:
setcap cap_net_raw+ep /bin/ping
or:
chmod u+s /sbin/ping
"I suspect the setuid workaround would likely work and is how ping was shipped in distros for a very long time (and so not particularly risky)." [1]
keywords
references
- ↑ https://discuss.linuxcontainers.org/t/ping-is-failing-in-containers-with-ping-socket-operation-not-permitted/14240/4
- ↑ Ping with unprivileged user in LXC container / Linux capabilities | Proxmox Support Forum - https://forum.proxmox.com/threads/ping-with-unprivileged-user-in-lxc-container-linux-capabilities.42308/
- ↑ No ping from non root user in Debian Buster LXC | Proxmox Support Forum - https://forum.proxmox.com/threads/no-ping-from-non-root-user-in-debian-buster-lxc.72366/#post-387633