Again you seem to miss the Point ... It is a new occurrence with Proxmox 8 and Kernel 6.8.x (at least for me), it didn't happen before. Never before I was getting hangups when saving a 100KB file with nano !
As for the Write Amplification I can sort of agree, I looked at the TBW and I was VERY...
I don't recall 6.5 being *THIS* Problematic. You could be right though, as I'm doing some more work now that I used to do back then ...
Definitively 6.8 is an Issue.
But having to install Kernel 6.2 on the latest Proxmox VE ... That seems really a Hack.
Did you have to recompile the Kernel ...
Any update from Proxmox Developers would be appreciated. I am experiencing this on SEVERAL Servers. And it cannot be that I need NVME Drives for the very limited amount of work that I am currently doing :rolleyes: .
I am (re)debating this Issue, as I have done in the Past.
My use Case, as a Homelab user, is that some/many Hosts are up only when needed (at specific Times, in order to reduce Power Consumption), and so the "normal" way with Quorum doesn't really work.
I had a look at...
But also if I removed the chown command I still get one error. See attached files in the original Post.
It works, but it's weird to have failure logs in that case ...
salt-minion is definitively running as REAL root, otherwise it won't be able to do anything on the minion:
root@PVE:~# ps aux | grep salt
root 6257 0.2 0.0 131264 26368 ? Ss 12:14 0:00 /opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion
root 6266 1.6 0.0 734016...
I am bit surprised (and I think it's only happening since a few Weeks/Months) by the Error but it seems to be working somehow.
I use certbot in a Podman/Docker Container to generates ALL Certificates for my Infrastructure. No, I do NOT use the ACME "plugin" of Proxmox VE, since I have wildcard...
On another Note, as soon as I enable "Outbound NAT" on OPNSense using one of the Additional IPv4 Addresses, everything breaks down :rolleyes: .
It seems Inbound (Port-forwarding) NAT works correctly with the Additional IPs (configured in OPNSense -> Interfaces -> Virtual IPs), but for Outbound...
I have this ...
cat /etc/default/grub.d/zfs.cfg
GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} root=ZFS=\"rpool/ROOT/debian\""
GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} root=ZFS=\"rpool/ROOT/debian\""
Optionally you could also add these (I add to each line) in case of a headless...
I am observing some very high (>40%, sometimes 80%) IO Delay on Proxmox VE 8.2.2 with pve-no-subscription Repository.
Looking at some Posts over this Forum, this may be due to not using Enterprise-Grade SSD, although to be honest I don't necessarily "buy" this justification.
I am using Crucial...
As I said, unfortunately, with Hetzner at least, this does NOT seem to be sufficient :rolleyes: .
I'm starting to wonder if I should transition to a Brouter / Routed setup and avoid all of these Issues with IPv4 Single IPs, just like I am doing with IPv6, although I am not sure if I can do it...
So you agree that the problem is NOT fixed by:
bridge-disable-mac-learning 1
any of my sysctl Configuration
any of the other Linux Bridge Options such as
bridge-unicast-flood off
bridge-multicast-flood off
bridge-vlan-aware yes
bridge-vids 2-4096
manually disabling unicast flooding...
Besides the fact that the ipset with the nomatch didn't appear to work correctly (at least for me), what feels wrong is that we filter on the IPv4 Level, rather than MAC Address. Then again it's true that I cannot really filter by MAC Address since apparently I am marked as the destination MAC...
I originally tried that but I think it was not behaving correctly.
Maybe a OR(NOT(A) , NOT(B)) not working as expected and not being equivalent to NOT(A OR B), when you do your ipset or something like that.
I also have that implemented (and disabled multicast flood & unicast flood).
I also tried to use "port isolation" for the member of a Bridge, that also does NOT solve this issue.
Neither does ebtables rules (because actually the traffic is addressed to my MAC but NOT my IP - weird stuff at...
Same experience here ...
The main Fix (besides changing a bunch of sysctl, disable mac bridge learning & unicast/multicast flood in bridge settings) was to add a Firewall Rule to Drop Incoming traffic with Destination = NOT_MY_IPs.
Unfortunately I did NOT find an easy way to Invert the sense...
I'd still say there is something weird going on with IPv6 now.
Strangely, for IPv4, I see the logs in the VM -> Firewall -> Logs-
But for IPv6, even though I added the Security Group Rule and associated it with "net0" on the VM, I see "allow-ping-in" in the Host Logs, *not* in the VM (like I...
I'm very new to IPv6, but if you want the LAN Interface to "track" the WAN Interface with Regards to IPV6 and maybe want to do Prefix Delegation (IPv6-PD), according to my understanding the minimum size of delegation available needs to be /64. If you use One IP Address for the Proxmox Host and...
I didn't really make much progress.
I'm trying to play with the Proxmox Firewall, but it's really tricky, as some stuff is no logged no matter what.
I tried to "force" that behavior by adding some Catch-All "DROP" Rules for Inbound & Outbound, but it brings more questions than it answers.
It...
Maybe the only Option is to order an additional NIC and LAN (WAN) Connection fore roughly 5 EUR Extra per Month in Total, then setup PCIe Passthrough in Proxmox VE to pass the NIC directly to OPNSense...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.