Search results

Hi @andre78, you need to catch up on the # Setup systemd service for automatic unlocking of rpool/data on boot section for automatic unlocking of rpool/data on boot. Otherwise you'd need to execute `zfs load-key -a` on every reboot.

Hi @dynostatic, I'm sorry for this issue. Please try the "Encrypt rpool/data" section before the "Prepare for chroot" section and thus before importing the pool. EDIT: I just updated the guide so this workaround won't be needed anymore. Should work flawlessly now.

Hey @Dunuin , thank you very much for the feedback! Dropbear is truely neat (and easy to set up with PrivSecs guide from above), personally I'll just use an IP-KVM. Good catch with rpool/data! Totally forgot that ... I just added it to the guide. As for the simplefb-module I wondered too...

Hello there! I really like the idea of having the full root-filesystem encrypted using native ZFS encryption (only). However, as I currently couldn't find any complete writeup on on this topic, here's what worked for me (with and without Secureboot on PVE 8.1): 1. Install with zfs (RAID0 for...

Hi! +1 from me too. Very happy to see this security feature in Proxmox :)

@Dunuin Ok, noted! However currently I have not (yet ..?.) got around to using clustering. PS: Applying ZFS encryption manually on top of PVE doesn't seem that hard, e.g. this guide.

I would have never thought of this :O Thank you so much @leesteken! Yeah ... of course it should be possible to do technically "RAID0" striping accross only one drive ... Genius ... Cheers!

Hi! I'm really wondering why the Proxmox Installation Wizard doesn't offer an option for ZFS without any RAID(Z) setup. Some benefits of ZFS rely heavily on RAID(Z), but many don't: Copy-on-write, integrity checksums, snapshot features, deduplication, native block-level encryption, etc...

Thank you for this update @tom! I really appreciate the efforts in this matter!

Hi! It's the first time, that I tried to install a Proxmox server with UEFI Secure Boot enabled today and realized that it would not work. Even the PVE8 docs (https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm#PVE_Kernel_fails_to_boot) tell that Secure Boot should just be...

Hi, While researching this I stumbled up on an older thread discussing bind mounts to Linux Containers and UID/GID mapping here. The unanswered question @John Driessen asked can't get out of my head: Normally when we think about unprivileged LXC it's ID on host = ID on guest + 100 000. But...

Ah, okaaay ... So to make sure I understood it correctly: Creating multiple VLAN sub-interfaces (vmbr0.100 & vmbr0.200) wouldn't make lots of sense as you (normaly) can only have one gateway for the PVE management, right? EDIT: I just realized myself that the above sentence is nonsense. In...

Still I'm not sure why you should create those VLAN sub-interfaces (vmbr0.100, vmbr0.200). What is the benefit of creating such a sub-interface inside of Proxmox when you also set the VID inside the VM settings?

Thanks @Dunuin! This makes perfectly sense ... As you (usually) should have only one default gateway. Sometimes you can't see the forest for the trees :)

What do you mean by that? Which of those (sub)interfaces will Proxmox use and is this configurable?

Good question ... let's say apt on Proxmox is fetching the newest repositories; Which interface will the traffic go on?

Hi, I'm currently splitting up my network in multiple subnets and VLANs but stumbled on something with Proxmox, I don't quite understand: What do we create these subinterfaces (vmbr0.100, vmbr0.200) for, as in the final configuration of VMs/CTs we won't select any of those, but rather the...

So, of course everything depends on the specific scenario ... But in my case I'd like to run some applications inside of docker runtime. As you mentioned @Rivolity, it is not recommended to run docker directly on your Proxmox VE host. Therefore there are two options left now: Run Docker inside a...

Thank you all for the support! You were right, editing the ct-id.conf was not necessary. Without that, so only with nesting and keyctl docker works perfectly inside my (Ubuntu 22.04) LXC. For all trying the same, in order to be on the safe side make sure you do this configurations to the LXC...

Oh, yeah, I had forgotten that .. So is everything that should be needed as follows? Enable Nesting Enable Keyctl Add to /etc/pve/lxc/<ID>.conf: lxc.apparmor.profile: unconfined lxc.cgroup.devices.allow: a lxc.cap.drop: And is it certainly lxc.cgroup.devices.allow: a and not...