Proxmox VE 8.2 released!

[RolandK]

EDIT:
this has nothing to do with 8.2 update, there was some change for alias handling last year and apparently settings getting changed if you edit and re select via dropdown box. so it's not an issue but a feature. see https://github.com/proxmox/pve-firewall/commit/eeed0d90c99b1a2838d8db5e46a1d5916eeea308 (vm/ has been renamed to guest/. later on)


i see some weirdness with firewall rules, there is some weird "dc/" prefix in source and destination for one rule.

what could this mean ?

i have no clue where this comes from, i cannot remember that i have seen this before - but i think i did not have a look onto firewall rules for a while

# cat cluster.fw |grep -i fritz
NET_FRITZBOX_MEROWINGER 192.168.179.0/24
IN ACCEPT -source dc/net_fritzbox_merowinger -dest dc/host_s740 -p icmp -log nolog -icmp-type any
IN ACCEPT -i vmbr0 -source NET_FRITZBOX_MEROWINGER -dest HOST_s740 -p tcp -log nolog
IN ACCEPT -i vmbr0 -source NET_FRITZBOX_MEROWINGER -dest HOST_opnsense -p tcp -dport 443 -log nolog

 

[RolandK]

You need to check the fleecing check box above it and the first storage from the list is selected by default.
The reason that enablement and storage are two different settings is, that we wanted to allow adding other storage overrides (like from the VM configuration) later. I hope that explains it.

ah, ok. that makes sense. sorry, i could have found this myself

 

[tuxis]

The description from the manual page is a bit older, and while it's an advanced feature, I'd not call it tech preview anymore.
Albeit it cannot be guaranteed to be 100% bug free, like all but the most trivial software.

The things that can go wrong with it are mostly user decisions, like e.g., using the same storage as the backup target for fleecing too, which would be rather making things worse. As long as you use a fast and local storage, as recommended, you should be good to go.

Good to know! Thanks.

 

[bbgeek17]

Good news! 8.2 has passed our automated release qualification testing, so we can officially mark it as supported for iSCSI/TCP and NVMe/TCP.

Initial by-hand testing with fleecing support (backed by Blockbridge storage) is working as expected. We'll integrate it into our testing suites along with some additional tests specific to data integrity. Excellent job, PVE team!

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[at4b]

Yes, but this just happened after kernel change and wasn't an issue from 6.2 to 6.5 in the past. I would expect this to be enabled by default or at least with a warning or information in the release notes... Just tried to update a second host and again only the X710 interfaces are affected.

View attachment 66882View attachment 66881

Same issue with a Dell PowerEdge R730xd equipped with the Intel/Dell x710 4 port interface card. I am posting this so others with this Dell network card will not be surprised like I was when all the interfaces disappeared.

And yes, this absolutely needs to be mentioned in the release notes.

 

[RolandK]

fleecing works good for me, from a first point of view.

but do i see this right that it is only availble when doing backup via backupjob , but not when doing backup manually via "backup now" option in vm configuration ?

guess this is planned to be added later on ?

 

[Dunuin]

i have no clue where this comes from, i cannot remember that i have seen this before - but i think i did not have a look onto firewall rules for a while

Same here but with 8.1 and I think 8.0 too. I always thought that was because of the SDN stuff that came with PVE8.

 

[Der Harry]

I had the same issue.
Also the old interface names are still there.

Luckily I could SSH via the NAS that has a direct link to my server in order to change the config.

I have also issues with the new kernel - random kvm crashes as mentioned here (basically at boot time)

https://www.reddit.com/r/Proxmox/comments/1c4z9xh/new_to_proxmox_issues_dl380_g9_random/

(Ryzen 5700G / Asus ROG STRIX B550-A GAMING / old Bios: 3002)

-> willing to investigate & help - point me to a thread please

 

[fireon]

If you use the pve-firewall, a "_" is not allowed anymore in the rules. If you have an underline, the "proxmox-firewall.service" can't start anymore. You have to change it to an other character like a "-". After the service is starting again.

...
Apr 24 21:42:48 pve02 proxmox-firewall[167236]: thread 'main' panicked at 'cluster firewall config is valid: invalid ip address or CIDR: "_20_DMZ"'
...

 

[bbgeek17]

but do i see this right that it is only availble when doing backup via backupjob , but not when doing backup manually via "backup now" option in vm configuration ?

guess this is planned to be added later on ?

That must be it. Since its early preview.

We've integrated directly via vzdump CLI

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[RolandK]

where in the rules is this not allowed anymore?

and how can they change thi

If you use the pve-firewall, a "_" is not allowed anymore in the rules. If you have an underline, the "proxmox-firewall.service" can't start anymore. You have to change it to an other character like a "-". After the service is starting again.

...
Apr 24 21:42:48 pve02 proxmox-firewall[167236]: thread 'main' panicked at 'cluster firewall config is valid: invalid ip address or CIDR: "_20_DMZ"'
...

where in the rules isn't that allowed anymore ?

 

[Der Harry]

I reverded back to the old 6.5 kernel - I have multiple crashlogs for 6.8

- https://pve.proxmox.com/wiki/Host_Bootloader

root@proxmox:~# proxmox-boot-tool  kernel list
Manually selected kernels:
None.

Automatically selected kernels:
6.5.13-5-pve
6.8.4-2-pve
root@proxmox:~# proxmox-boot-tool  kernel pin 6.5.13-5-pve
Setting '6.5.13-5-pve' as grub default entry and running update-grub.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.8.4-2-pve
Found initrd image: /boot/initrd.img-6.8.4-2-pve
Found linux image: /boot/vmlinuz-6.5.13-5-pve
Found initrd image: /boot/initrd.img-6.5.13-5-pve
Found linux image: /boot/vmlinuz-6.5.13-3-pve
Found initrd image: /boot/initrd.img-6.5.13-3-pve
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done

 

[t.lamprecht]

but do i see this right that it is only availble when doing backup via backupjob , but not when doing backup manually via "backup now" option in vm configuration ?

guess this is planned to be added later on ?

The "backup now" feature was always a bit slimmed down compared to the backup job editor, but if there's popular demand we can add it to the backup now edit window just fine, feel free to open an enhancement request in our Bugzilla for the web UI.

 

[t.lamprecht]

If you use the pve-firewall, a "_" is not allowed anymore in the rules. If you have an underline, the "proxmox-firewall.service" can't start anymore. You have to change it to an other character like a "-". After the service is starting again.

...
Apr 24 21:42:48 pve02 proxmox-firewall[167236]: thread 'main' panicked at 'cluster firewall config is valid: invalid ip address or CIDR: "_20_DMZ"'
...

Thanks for your report – this should be already fixed in the latest proxmox-firewall package version 0.3.1.
As the existing Perl firewall code is not affected by this we're not rushing a fix out, the new package is currently available on no-subscription though.

 

[t.lamprecht]

I reverded back to the old 6.5 kernel - I have multiple crashlogs for 6.8

- https://pve.proxmox.com/wiki/Host_Bootloader

root@proxmox:~# proxmox-boot-tool  kernel list
Manually selected kernels:
None.

Automatically selected kernels:
6.5.13-5-pve
6.8.4-2-pve
root@proxmox:~# proxmox-boot-tool  kernel pin 6.5.13-5-pve
Setting '6.5.13-5-pve' as grub default entry and running update-grub.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.8.4-2-pve
Found initrd image: /boot/initrd.img-6.8.4-2-pve
Found linux image: /boot/vmlinuz-6.5.13-5-pve
Found initrd image: /boot/initrd.img-6.5.13-5-pve
Found linux image: /boot/vmlinuz-6.5.13-3-pve
Found initrd image: /boot/initrd.img-6.5.13-3-pve
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done

It would be great if you could open a separate thread and post them there, as they will get buried here in the general release announcement discussion thread.

 

[shanreich]

when i use the macro for ping, it works:

The new firewall doesn't seem to recognize 'any' as a valid icmp-type. You should be able to create a rule that solely matches on protocol 'icmp', leaving the icmp-type empty. Then it should match all ICMP-Messages (caveat: there are more than ping though, so it might make sense to only allow echo request / echo reply).

I have not enabled the nftables firewall

Yes, the new firewall is included with the update and auto-started, but doesn't do anything (except parse configurations). Only when you explicitly enable it via the Firewall-Options it should switch to the new nftables one. Until then the existing 'pve-firewall' will continue working.

Same here but with 8.1 and I think 8.0 too. I always thought that was because of the SDN stuff that came with PVE8.

It was a separate change [1], as already mentioned by @RolandK above.


[1] https://github.com/proxmox/pve-firewall/commit/eeed0d90c99b1a2838d8db5e46a1d5916eeea308

 

[d0glesby]

Just updated our three node hyperconverged cluster to 8.2, and everything booted up clean. Cluster is back online, including CEPH integrated storage.

Thanks for all the hard work, PVE team!

 

[Der Harry]

It would be great if you could open a separate thread and post them there, as they will get buried here in the general release announcement discussion thread.

Voila: https://forum.proxmox.com/threads/random-6-8-4-2-pve-kernel-crashes.145760/

(Still investigating if this is a "me" or a "general" issue. I think it's more general, as others have crashes on 13gen Intels and Xeons - and I have a AMD Ryzen)

 

[jasonsansone]

LXC support is still missing for Ubuntu 24.04. When will this be added? (ie inclusion in /usr/share/perl5/PVE/LXC/Setup/Ubuntu.pm)

 

[VictorSTS]

Awesome release and even more awesomely detailed release note!
Thanks!!