Proxmox: Difference between revisions

From Omnia
Jump to navigation Jump to search
No edit summary
No edit summary
Line 70: Line 70:


See https://pve.proxmox.com/wiki/Linux_Container
See https://pve.proxmox.com/wiki/Linux_Container
== Upgrade Proxmox 7 to Proxmox 8 ==
Upgrade from 7 to 8 - Proxmox VE
https://pve.proxmox.com/wiki/Upgrade_from_7_to_8
Update to latest v7:
apt update
apt dist-upgrade
Checks:
pve7to8
All checks:
pve7to8 --full
Switch to Bookworm:
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
Add VE 8:
# echo "deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list
sed -i -e 's/bullseye/bookworm/g' /etc/apt/sources.list.d/pve-install-repo.list
Update system to v8:
apt update
apt dist-upgrade
== ping - Operation not permitted ==
Fix with:
setcap cap_net_raw+ep /bin/ping
or:
chmod u+s /sbin/ping
"I suspect the setuid workaround would likely work and is how ping was shipped in distros for a very long time (and so not particularly risky)." <ref>https://discuss.linuxcontainers.org/t/ping-is-failing-in-containers-with-ping-socket-operation-not-permitted/14240/4</ref>
ref <ref>Ping with unprivileged user in LXC container / Linux capabilities | Proxmox Support Forum - https://forum.proxmox.com/threads/ping-with-unprivileged-user-in-lxc-container-linux-capabilities.42308/</ref> <ref>No ping from non root user in Debian Buster LXC | Proxmox Support Forum - https://forum.proxmox.com/threads/no-ping-from-non-root-user-in-debian-buster-lxc.72366/#post-387633</ref>
== keywords ==
== references ==
{{ref}}

Revision as of 19:38, 21 December 2023

NFS in Container

NFS requires extra permissions to run in a Container (CT), which uses LXC.

Deselect "Unprivileged container", and add the Features "mount=nfs" 

# mount 192.168.108.30:/nfs/ken /mnt
mount.nfs: access denied by server while mounting 192.168.108.30:/nfs/ken

When trying to add the "mount=nfs" feature: 

Permission check failed (changing feature flags for privileged container is only allowed for root@pam) (403)

Login as root and: 

pct set 112 -features mount=nfs

# pct set 112 -features mount=nfs --save  # is this needed?


ref [1] [2]

LXC - Linux Containers

To use the LC options you first need to download a LC template.

First update the list: 

pveam update

Note: The list of available templates is updated daily through the pve-daily-update timer

To list images: 

pveam available

To list only system images: 

pveam available --section system

Example: 

root@proxmox1:~# pveam available --section system
system          almalinux-9-default_20221108_amd64.tar.xz
system          alpine-3.18-default_20230607_amd64.tar.xz
system          archlinux-base_20230608-1_amd64.tar.zst
system          centos-9-stream-default_20221109_amd64.tar.xz
system          debian-11-standard_11.7-1_amd64.tar.zst
system          debian-12-standard_12.2-1_amd64.tar.zst
system          devuan-4.0-standard_4.0_amd64.tar.gz
system          fedora-38-default_20230607_amd64.tar.xz
system          fedora-39-default_20231118_amd64.tar.xz
system          gentoo-current-openrc_20231009_amd64.tar.xz
system          opensuse-15.4-default_20221109_amd64.tar.xz
system          opensuse-15.5-default_20231118_amd64.tar.xz
system          rockylinux-9-default_20221109_amd64.tar.xz
system          ubuntu-20.04-standard_20.04-1_amd64.tar.gz
system          ubuntu-22.04-standard_22.04-1_amd64.tar.zst
system          ubuntu-23.04-standard_23.04-1_amd64.tar.zst
system          ubuntu-23.10-standard_23.10-1_amd64.tar.zst

Download to data store: 

pveam download mydatastore ubuntu-22.04-standard_22.04-1_amd64.tar.zst

List images on data store: 

pveam list mydatastore

# example
NAME                                                                 SIZE
mydatastore:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst       123.81MB

To remove: 

pveam remove mydatastore:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst

See https://pve.proxmox.com/wiki/Linux_Container

Upgrade Proxmox 7 to Proxmox 8

Upgrade from 7 to 8 - Proxmox VE
https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

Update to latest v7: 

apt update
apt dist-upgrade

Checks: 

pve7to8

All checks: 

pve7to8 --full

Switch to Bookworm: 

sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list

Add VE 8: 

# echo "deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list
sed -i -e 's/bullseye/bookworm/g' /etc/apt/sources.list.d/pve-install-repo.list

Update system to v8: 

apt update
apt dist-upgrade

ping - Operation not permitted

Fix with: 

setcap cap_net_raw+ep /bin/ping

or: 

chmod u+s /sbin/ping

"I suspect the setuid workaround would likely work and is how ping was shipped in distros for a very long time (and so not particularly risky)." [1]

ref [2] [3]

keywords

references

  1. https://discuss.linuxcontainers.org/t/ping-is-failing-in-containers-with-ping-socket-operation-not-permitted/14240/4
  2. Ping with unprivileged user in LXC container / Linux capabilities | Proxmox Support Forum - https://forum.proxmox.com/threads/ping-with-unprivileged-user-in-lxc-container-linux-capabilities.42308/
  3. No ping from non root user in Debian Buster LXC | Proxmox Support Forum - https://forum.proxmox.com/threads/no-ping-from-non-root-user-in-debian-buster-lxc.72366/#post-387633
Retrieved from "https://aznot.com/index.php?title=Proxmox&oldid=6625"