Recent content by kraut.hosting

@Glowsome Get you and so do we, but that's mostly managing Debian with bunch on services on top. Common Ansible modules can be used for that. Integration starts is once you need command & shell: - name: create cluster on first node command: "pvecm create {{ pve_cluster_name }}" args...

IMHO The most valuable missing plugin for Ansible is a connection one like those community ones: This would allow us to manage VMs without SSH & network like for VMware, libvirt, LXD, Qubes & co.

@TheMrg For Zen2 & below you need to wait for a new kernel or swap in Zen3 CPUs to apply microcode from Debian. The upcoming 6.5 kernel will have the latest patchset for SRSO fixes that quite likely will be backported to 5.15 LTS. The upstream 5.15.126 has the initial fixes, but also they first...

@fiona @Stoiko Ivanov Just my five cents but the SRSO will be a replacement for microcode update prior Zen 3. Didn't understand what "intermediate hypervisors" and "outer hosts" are? Guess this is nested virtualization. But unless recent Debian kernel with SRSO fixes runs directly on the metal...

@piefke To be precise Ubuntu doesn't depend on Debian for their kernel but on their kernel team. For AMD Eypcs with Zen3 and up the mitigations are available via amd64-mircocode => 3.20230719.1 For AMD Eypcs with Zen2 and earlier plus all desktop CPUs like Ryzens we need the kernel update...

@Stoiko Ivanov Thanks for your work on Intel Downfall :) Any idea about a timeline for AMD Inception? Prior to Zen3 we need kernel mitigation but see no Ubuntu kernel yet with 5.15.125 from Andy & Stefan. With 6.2 as non-LTS it needs backporting by them first. Do we need to wait for the kernel...

FYI also with FRR on three node mesh with ConnectX-4 & AMD EPYC 7502P we get combined ~98.7 Gbit/s https://pve.proxmox.com/wiki/Full_Mesh_Network_for_Ceph_Server#Routed_Setup_.28with_Fallback.29 Trying iperf2 (as shipped with bullseye) in parallel doesn't yield any performance gains: Also...

We did now the PoC of a simple ZFS decrypt service with wait dependencies on VMs/containers. Tested only VMs with autoboot sofar but this setup serves the our use case of encrypt rpool/data. If someone like to use single node Proxmox with ZFS encryption add this for encrypted dataset...

@Dunuin Thanks for the hint but check the Shell script at /lib/systemd/system-generators/zfs-mount-generator Sofar it doesn't integrate at all with Proxmox and also only set dependencies for the keyload service needs: DefaultDependencies=no Wants=${wants} After=${wants} ${pathdep} For minimal...

We have also some interest into this so better to continue then start a new thread ;) For the scope of using ZFS encrypted dataset for all VMs a proper solution is desired. Rather then going for a script some systemd dependency integration seems plausible. FYI ideas about an unlock service are...