跟我一起玩转PVE

T0mZhu
189 阅读11分钟

前言

最近换了新电脑,旧笔记本电脑一直闲置,机器配置比较低(Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz + 8G + 500 固态 + 1T 机械),开始想着装成Linux,但单个Linux对我来讲利用率不高,正好PVE9.0版本迎来了第一次大版本更新,所有我就给我的笔记本装了一个pve9.1,安装在了固态硬盘上。后面我就会把我的play过程记录在这篇文章中,欢迎大家参考指正。了

换源

我这里使用的是清华大学的镜像源,整个过程需要更换debian源,无订阅源,CT源,删除企业源和ceph源,最新步骤可以参考Debian 软件源配置帮助Proxmox 软件仓库配置帮助

Debian源

echo "Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/debian
Suites: trixie trixie-updates trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
# Types: deb-src
# URIs: https://mirrors.tuna.tsinghua.edu.cn/debian
# Suites: trixie trixie-updates trixie-backports
# Components: main contrib non-free non-free-firmware
# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# 以下安全更新软件源包含了官方源与镜像站配置,如有需要可自行修改注释切换
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# Types: deb-src
# URIs: https://mirrors.tuna.tsinghua.edu.cn/debian-security
# Suites: trixie-security
# Components: main contrib non-free non-free-firmware
# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
" > /etc/apt/sources.list.d/debian.sources

无订阅源

echo "Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
" > /etc/apt/sources.list.d/pve-no-subscription.sources

CT源

cp /usr/share/perl5/PVE/APLInfo.pm /usr/share/perl5/PVE/APLInfo.pm_back
sed -i 's|http://download.proxmox.com|https://mirrors.tuna.tsinghua.edu.cn/proxmox|g' /usr/share/perl5/PVE/APLInfo.pm

企业源

rm -f /etc/apt/sources.list.d/pve-enterprise.sources

ceph源

rm -f /etc/apt/sources.list.d/ceph.sources

完成以上操作后运行apt-get update更新

删除订阅弹窗

这是一个比较烦的提示,每次登录都要关闭一下,这里直接通过更改执行代码来实现删除订阅弹窗。

cp /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js.bak
sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service

干掉local-lvm

安装系统会自动分两个区,直接搞成一个分区使用的时候更方便

lvremove /dev/pve/data
lvextend -l +100%FREE /dev/pve/root
resize2fs /dev/pve/root

运行完上面的命令后在web界面移除local-lvm即可 {6FE17CAE-CF9B-4503-8E1A-E71F703F1E8E}.png

添加硬盘

硬盘分区格式化操作就自行AI吧!我这里带大家挂载并添加为PVE目录(通过配置fstab文件挂载硬盘): 首先,获取硬盘UUID;

root@pve:~# blkid 
/dev/mapper/pve-root: UUID="c92bdc30-9637-421d-bf96-7a62d40cdeda" BLOCK_SIZE="4096" TYPE="ext4"
/dev/sdb1: UUID="6e3c44bd-fa32-4533-9088-7ee28928a56c" BLOCK_SIZE="4096" TYPE="xfs" PARTUUID="a2077860-34a3-4f4c-b447-863946b318a7"
/dev/mapper/pve-swap: UUID="6aba75dd-2a94-4807-b33c-9ac88edd4d91" TYPE="swap"
/dev/sda2: UUID="700D-4EDE" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="b7e07179-3837-4f00-95a5-9da1140d50ce"
/dev/sda3: UUID="P1L368-DTsX-TUv2-q7QY-9IUX-fD0N-cKd36b" TYPE="LVM2_member" PARTUUID="9af30019-68ad-42c9-8c1b-803b4a53f885"
/dev/sda1: PARTUUID="bbdc02d5-c837-434b-b0ef-64e8c7cc22d2"

我的系统盘是sda,机械硬盘是sdb,所以我们复制sdb1的UUID配置(UUID="6e3c44bd-fa32-4533-9088-7ee28928a56c"); 在修改fstab之前先下载vim以及创建挂载路径,路径可以自定义:

apt-get install -y vim
mkdir /mnt/data

编辑fstab文件:

vim /etc/fstab
#在最后面加一行,内容为:
UUID="6e3c44bd-fa32-4533-9088-7ee28928a56c" /mnt/data xfs defaults 0 0

运行挂载命令:

root@pve:~# systemctl daemon-reload
root@pve:~# mount -a
root@pve:~# lsblk
NAME         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda            8:0    0 447.1G  0 disk 
├─sda1         8:1    0  1007K  0 part 
├─sda2         8:2    0     1G  0 part /boot/efi
└─sda3         8:3    0   446G  0 part 
  ├─pve-swap 252:0    0    16G  0 lvm  [SWAP]
  └─pve-root 252:1    0   430G  0 lvm  /
sdb            8:16   0 931.5G  0 disk 
└─sdb1         8:17   0 931.5G  0 part /mnt/data

命令输出sdb1后面有挂载点,则硬盘已经正常挂载,接下来就要添加到PVE中作为目录来存储文件了。 {D03B6123-07B8-45B2-B508-01841A7A0FD6}.png

在存储中添加目录,可以参考我下面的配置,内容全选: {6B7773CA-B131-47B3-A097-40FCF6E00023}.png

点击添加后就可以了。

显卡直通

显卡直通前先保证物理机主板支持Vt-d以及开启了iommu,主板支持并开启Vt-d是在BIOS里配置,iommu也是在BIOS里开启,开启后验证iommu是否开启(有iommu相关输出):

root@pve:~# dmesg | grep iommu
[    0.394462] iommu: Default domain type: Translated
[    0.394462] iommu: DMA domain TLB invalidation policy: lazy mode
[    0.465140] pci 0000:00:02.0: Adding to iommu group 0
[    0.466177] pci 0000:00:00.0: Adding to iommu group 1
[    0.466197] pci 0000:00:04.0: Adding to iommu group 2
[    0.466231] pci 0000:00:14.0: Adding to iommu group 3
[    0.466248] pci 0000:00:14.2: Adding to iommu group 3
[    0.466281] pci 0000:00:15.0: Adding to iommu group 4
[    0.466301] pci 0000:00:15.1: Adding to iommu group 4
[    0.466326] pci 0000:00:16.0: Adding to iommu group 5
[    0.466351] pci 0000:00:17.0: Adding to iommu group 6
[    0.466373] pci 0000:00:1c.0: Adding to iommu group 7
[    0.466403] pci 0000:00:1c.4: Adding to iommu group 8
[    0.466424] pci 0000:00:1c.5: Adding to iommu group 9
[    0.466456] pci 0000:00:1e.0: Adding to iommu group 10
[    0.466476] pci 0000:00:1e.2: Adding to iommu group 10
[    0.466524] pci 0000:00:1f.0: Adding to iommu group 11
[    0.466544] pci 0000:00:1f.2: Adding to iommu group 11
[    0.466564] pci 0000:00:1f.3: Adding to iommu group 11
[    0.466584] pci 0000:00:1f.4: Adding to iommu group 11
[    0.466604] pci 0000:01:00.0: Adding to iommu group 12
[    0.466626] pci 0000:02:00.0: Adding to iommu group 13
[    0.466646] pci 0000:03:00.0: Adding to iommu group 14
[    1.353111] platform idma64.0: Adding to iommu group 15
[    1.353451] platform i2c_designware.0: Adding to iommu group 16
[    1.361841] platform idma64.1: Adding to iommu group 17
[    1.362060] platform i2c_designware.1: Adding to iommu group 18
[    1.377496] platform idma64.2: Adding to iommu group 19
[    1.379535] platform dw-apb-uart.2: Adding to iommu group 20
[    1.380562] platform idma64.3: Adding to iommu group 21
[    1.380781] platform pxa2xx-spi.3: Adding to iommu group 22

屏蔽显卡驱动(物理机)

PVE 显卡直通时屏蔽宿主机显卡驱动,核心是为了解除宿主机对 GPU 的占用,让 VFIO 驱动接管设备,实现虚拟机独占,避免资源冲突与直通失败。

root@pve:~# cat /etc/modprobe.d/pve-blacklist.conf 
# This file contains a list of modules which are not supported by Proxmox VE 

# nvidiafb see bugreport https://bugzilla.proxmox.com/show_bug.cgi?id=701
blacklist nvidiafb
root@pve:~# echo "blacklist nouveau" >> /etc/modprobe.d/pve-blacklist.conf 
root@pve:~# echo "blacklist nvidia" >> /etc/modprobe.d/pve-blacklist.conf 
root@pve:~# cat /etc/modprobe.d/pve-blacklist.conf 
# This file contains a list of modules which are not supported by Proxmox VE 

# nvidiafb see bugreport https://bugzilla.proxmox.com/show_bug.cgi?id=701
blacklist nvidiafb
blacklist nouveau
blacklist nvidia

显卡绑定到VFIO-PCI(物理机)

root@pve:~# lspci    # 查看显卡设备PCI地址,这里我的MX150的地址是01:00
00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers (rev 08)
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (rev 07)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 08)
00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller (rev 21)
00:14.2 Signal processing controller: Intel Corporation Sunrise Point-LP Thermal subsystem (rev 21)
00:15.0 Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #0 (rev 21)
00:15.1 Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #1 (rev 21)
00:16.0 Communication controller: Intel Corporation Sunrise Point-LP CSME HECI #1 (rev 21)
00:17.0 SATA controller: Intel Corporation Sunrise Point-LP SATA Controller [AHCI mode] (rev 21)
00:1c.0 PCI bridge: Intel Corporation Sunrise Point-LP PCI Express Root Port #1 (rev f1)
00:1c.4 PCI bridge: Intel Corporation Sunrise Point-LP PCI Express Root Port #5 (rev f1)
00:1c.5 PCI bridge: Intel Corporation Sunrise Point-LP PCI Express Root Port #6 (rev f1)
00:1e.0 Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO UART Controller #0 (rev 21)
00:1e.2 Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO SPI Controller #0 (rev 21)
00:1f.0 ISA bridge: Intel Corporation Sunrise Point LPC/eSPI Controller (rev 21)
00:1f.2 Memory controller: Intel Corporation Sunrise Point-LP PMC (rev 21)
00:1f.3 Audio device: Intel Corporation Sunrise Point-LP HD Audio (rev 21)
00:1f.4 SMBus: Intel Corporation Sunrise Point-LP SMBus (rev 21)
01:00.0 3D controller: NVIDIA Corporation GP108M [GeForce MX150] (rev a1)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller (rev 15)
03:00.0 Network controller: Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter (rev 01)
root@pve:~# lspci -n    # 查看显卡vid和did,这里我的MX150的是10de:1d10,这里说明一下,有些显卡有声卡,会有两组,这时两组都要记录
00:00.0 0600: 8086:5914 (rev 08)
00:02.0 0300: 8086:5917 (rev 07)
00:04.0 1180: 8086:1903 (rev 08)
00:14.0 0c03: 8086:9d2f (rev 21)
00:14.2 1180: 8086:9d31 (rev 21)
00:15.0 1180: 8086:9d60 (rev 21)
00:15.1 1180: 8086:9d61 (rev 21)
00:16.0 0780: 8086:9d3a (rev 21)
00:17.0 0106: 8086:9d03 (rev 21)
00:1c.0 0604: 8086:9d10 (rev f1)
00:1c.4 0604: 8086:9d14 (rev f1)
00:1c.5 0604: 8086:9d15 (rev f1)
00:1e.0 1180: 8086:9d27 (rev 21)
00:1e.2 1180: 8086:9d29 (rev 21)
00:1f.0 0601: 8086:9d4e (rev 21)
00:1f.2 0580: 8086:9d21 (rev 21)
00:1f.3 0403: 8086:9d71 (rev 21)
00:1f.4 0c05: 8086:9d23 (rev 21)
01:00.0 0302: 10de:1d10 (rev a1)
02:00.0 0200: 10ec:8168 (rev 15)
03:00.0 0280: 168c:0036 (rev 01)
root@pve:~# echo "options vfio-pci ids=10de:1d10" > /etc/modprobe.d/vfio.conf
# 注意,ids后面跟的就是vid:did组,如果有两组都要添加到ids后面,中间以英文逗号隔开;
root@pve:~# cat /etc/modprobe.d/vfio.conf
options vfio-pci ids=10de:1d10

更新内核(物理机)

我的是nvidia显卡,需要增加一个kvm相关内核参数,核心是为了阻止 KVM 对虚拟机访问未定义 MSR 寄存器时抛出异常,避免虚拟机崩溃、蓝屏或驱动报错(如代码 43):

root@pve:~# echo "options kvm_intel ignore_msrs=1 report_ignored_msrs=0" > /etc/modprobe.d/kvm.conf
root@pve:~# cat /etc/modprobe.d/kvm.conf 
options kvm_intel ignore_msrs=1 report_ignored_msrs=0
root@pve:~# update-initramfs -k all -u
update-initramfs: Generating /boot/initrd.img-6.17.2-1-pve
Running hook script 'zz-proxmox-boot'..
Re-executing '/etc/kernel/postinst.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.

注意: options kvm ignore_msrs=1 options kvm_amd ignore_msrs=1 # 如果你是AMD CPU options kvm_intel ignore_msrs=1 # 如果你是Intel CPU

完成后重启主机。

开始直通显卡

打开虚拟机硬件列表,BIOS需要为UEFI,如果不是建议重新做一个虚拟机,添加PCI设备; {219DCAF3-D6F6-49DB-AEBB-A3E8266521C7}.png

选择原始设备下拉找到显卡; {3839714D-7F4F-45FB-A090-EEAA46C6B93A}.png

勾选所有功能和pcie,点击添加; {81A5D8F5-0AE3-4490-AFE9-DEE60937B939}.png

通过命令修改虚拟机CPU配置:

root@pve:~# qm set 100 --cpu host,hidden=1,hv-vendor-id=1234567890ab
update VM 100: -cpu host,hidden=1,hv-vendor-id=1234567890ab
# NVIDIA驱动会检测虚拟机环境,检测到就直接禁用显卡,所有要有这一步欺骗一下虚拟机里的显卡驱动

启动虚拟机查看设备是否映射并安装驱动(注意物理机和虚拟机都要在BIOS关闭secure boot); {E951CCA1-1828-4834-A79B-F098437ECD80}.png

最终虚拟机lspci可以看到显卡lsmod看内核也加载了nvidia驱动,但是nvidia-smi报没有这个驱动,通过dmesg发现驱动初始化时报错失败,尝试了很多方法,最终AI了一下,说我这个笔记本的核显和独显是绑定的,可能无法给虚拟机使用; {11A5C48E-80C5-4FF0-9893-259EFCA253B4}.png

不过大家的电脑如果是独立显卡应该不会有什么问题!

网卡直通

我的笔记本有一个有线网卡,一个无线网卡,我通过有线网卡作为PVE管理口,无线网卡还是空闲状态,下面我把它直通到虚拟机作为虚拟机的无线网卡使用!参考显卡直通时的操作步骤查看显卡设备PCI地址,vid,did,然后直接在虚拟机硬件里添加pcie设备即可;注意:如果您的机器是两个同样的网卡型号不要勾选所有功能。 {ECCD9ED2-68F1-4AE4-9FA2-0B0D67022AF9}.png

开机后查看虚拟机里多了无线网卡,且可以连接wifi。 {0293F145-4066-4EBD-AB08-9DC8098D844E}.png

LXC

之前我们更换了CT源,我们可以通过国内地址快速下载LXC容器模板,在CT模板界面点击模板即可在里面下载容器镜像,我这里下载了三个系统镜像; {CC133C27-B4D1-452A-88FB-A1B752AA6DEF}.png

avatar
文章
阅读
粉丝