Proxmox hypervisor

eliasp,
@eliasp@mastodon.social avatar

#Proxmox just generates a #UUIDv4 like
3b7d2d2c-3732-41db-a678-8bc4aeaf9155 as a secret for auth tokens? 😱
This looks a lot like a bad security practice to me, especially when RFC4122 says:

"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation."

#ITSecurity

eliasp,
@eliasp@mastodon.social avatar

@pid_eins good to know. I was scared for a brief moment!

AngryAnt,
@AngryAnt@mastodon.gamedev.place avatar

@eliasp @pid_eins Also worth noting you can share the pve RNG with guests in order to further deepen your randomness - assuming those guests don't boot and behave fully deterministically.

DarrenNevares,
@DarrenNevares@mas.to avatar

Finally getting MacOS setup on

bazcurtis,
@bazcurtis@mastodon.social avatar

@DarrenNevares That is interesting. I would like to know more.

wagesj45,
@wagesj45@mastodon.jordanwages.com avatar

https://www.xda-developers.com/i-turned-my-old-pc-into-a-proxmox-home-lab/

felis, German
@felis@social.tchncs.de avatar

Am gestrigen Regentag nahm ich meinen Mut zusammen wollte meinen von 6.4 auf 7.x updaten. Viel zu spät war ich dran, aber es lief seit Jahren alles so schön fehlerfrei. Leider fror das Upgrade bei 58 % ein. Ich konnte herausfinden, dass es etwas mit „memtest“ zu tun hat. Nachdem ich diesen Prozess abschoss, lief das Upgrade bis zum Ende durch jedoch nicht fehlerfrei: Ich kam nicht mehr ins Proxmox-Gui, da „pveproxy“ und „pveservice“ (oder so) nicht mehr starteten. 😞 1/3

stooovie,
@stooovie@mas.to avatar

Whew! host went belly up, took me seven hours to fix even with backups.

TWO SSDs failed this morning.

stooovie,
@stooovie@mas.to avatar

@robertdahlem yes. In the last 25 years I had like 15 drives die and probably less than two SMART warnings. But yes, one of these drives today did report end of life. After it died. Thanks SMART, I guess.

stooovie,
@stooovie@mas.to avatar

Also like half of my Zigbee devices do not work now, which is doubly weird as there was no backup restore. I just re-added the drive I have all my containers and VMs on.

gnulinux, German
@gnulinux@social.anoxinon.de avatar

Manufacturing-Lab mit Proxmox und OctoPrint

Ich steuere meinen 3D-Drucker mithilfe von OctoPrint, welches als LXC auf Proxmox läuft. Proxmox hat dabei seinen eigenen Desktop, mit dem man auf den Webhost von OctoPrint zugreifen kann.

#proxmox #octoprint #laptop #Linux

https://gnulinux.ch/manufacturing-lab-mit-proxmox-und-octoprint-0

dustinrue,
@dustinrue@chateaude.luxe avatar

Thoughts on Proxmox and Home Lab Use

This post is really a small collection of thoughts about Proxmox when used in a home lab situation and home labs in general. I was originally going to post this to Mastodon only but it didn't fit in a single post.

A lot of people (at least what I see on reddit) build Proxmox systems with shared file systems like ceph, even for home lab use.

https://dustinrue.com/2024/04/thoughts-on-proxmox-and-home-lab-use/

stefano,
@stefano@bsd.cafe avatar

Proxmox VE 8.2 released!

https://forum.proxmox.com/threads/proxmox-ve-8-2-released.145723/

wagesj45,
@wagesj45@mastodon.jordanwages.com avatar

I totally understand men that obsess over their lawn. I do the exact same thing with my home network.

zeh,
@zeh@mstdn.io avatar

@wagesj45
yeah, my point is that a lawn is useless while a network is not, so the comparison doesn't hold.

also, in parallel, everybody can obsess over those things, not just men

wagesj45,
@wagesj45@mastodon.jordanwages.com avatar

@zeh fair. I was just makin' a funny haha with stereotypes. Especially since I fit the stereotype of a white man obsessing over something he views as "his domain". 😃

stefano,
@stefano@bsd.cafe avatar

Today I pondered something: Proxmox and others boast native ZFS integration as one of their strengths. Many Proxmox features rely on ZFS's unique capabilities, and many setups are built around them. If Oracle were to send a cease and desist tomorrow, how would the situation unfold?

zrail,
@zrail@hachyderm.io avatar

@stefano According to this reddit thread from a year ago, that seems unlikely. OpenZFS is built on Sun's ZFS which was released under a permissive-ish license (CDDL) which includes a patent grant.

https://www.reddit.com/r/zfs/comments/108ztxr/can_oracle_shut_down_openzfs_if_they_wanted/

Linus can't merge it into the mainline linux tree until he gets an explicit grant from Oracle that it won't cause GPL issues for the kernel, but that doesn't stop anyone else from using it or integrating it.

https://www.realworldtech.com/forum/?threadid=189711&curpostid=189841

apgarcia,
@apgarcia@fosstodon.org avatar

@stefano Do they use ZFS in Oracle Linux? I'm not a license lawyer, but I suspect that might complicate things for them.

Mawoka,
@Mawoka@mastodon.online avatar

A question for the #network-guys here:

I've got the 192.168.1.x network with HA in there. Now, I've got an #OpenWrt router with the IP 192.168.1.190 creating 2 new networks: 192.168.100.x. I now want to get the HA into the 192.168.100.x network, but I can't connect it physically, as both the OpenWrt and HomeAssistant run in containers/VMs on #proxmox. I tried experimenting with IP routes, but no success. Does anyone have a clue for me?

marud,

Bon, je suis complètement à court d'idées, j'ai besoin d' sur du sur ce serveur... Si vous avez une idée ou si vous pouvez partager, j'en peux plus là

Le serveur qui fait tourner cette instance est sur un . Jusqu'ici, tout allait bien.
Hier, suite à un plantage, j'ai du reboot le serveur (VPS chez Ionos). Après redémarrage, impossible d'accéder à quoi que ce soit : Interface Proxmox, services dans les conteneurs, rien.

La configuration était la suivante :

Interface externe (ens6) et 2 bridges :

  • vmbr0, en bridge-port sur ens6 (avec donc son ip publique), utilisé pour l'administration
  • vmbr1, avec une ip dans un réseau en 192.168.2.0/24 qui sert les conteneurs (reverse proxy pour un et docker pour l'autre)

J'ai dans mon fichier d'interfaces pour vmbr1 ceci :

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o vmbr0 -j MASQUERADE
        post-up /script/dnat.sh
        post-down iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -o vmbr0 -j MASQUERADE

Pour les ouvertures de port, j'ai dans dnat.sh des entrées comme celle ci (exemple pour le port 443)

iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to-destination 192.168.2.10:443

Après debug, j'ai vu que le trafic passait à nouveau lorsque je foutais en down VMBR0.

J'ai donc, dans l'urgence, changé mes règles pour retirer vmbr0 et le changer par ens6, qui est le nom d'interface "physique".

J'ai pu constater que tout était revenu : accès à l'interface de proxmox, accès aux conteneurs... tout sauf, un point important : impossible depuis le serveur d'utiliser sa propre ip publique.

Par exemple, impossible pour l'instance d'envoyer un mail (le conteneur de mailing est situé derrière la même ip), impossible même depuis le shell de proxmox... ou encore impossible de renouveler les certificats sur le conteneur qui fait reverse.

[1/2]

tangeek,

@alarig @marud @R1Rail Y en a qui ont de la chance. 😮‍💨

alarig,
@alarig@hostux.social avatar

@tangeek @marud @R1Rail Y’a encore de la place :D https://grifon.fr/services/hebergement/

tomi,

(Link to the original blog post with a proper layout)

It’s a pity that doesn’t report CPU and other temperatures to .

I had several freezes of my old laptop that runs Proxmox due to a stuck CPU fan. I googled a bit and found an elegant solution for temperature reporting: a command_line sensor.

Nevertheless, it took several hours to configure it correctly (I forgot how to deal with ssh keys and similar).

This is the end result:

home assistant cpu temperature sensor chartThe procedure:

  1. I installed the ‘Terminal & SSH’ add-on in to home assistant.
  2. I created SSH keys, put them into /config/.ssh folder, and copied to my proxmox server. Read these instructions. I’ve put something like this in my HA Terminal addon:
$ mkdir /config/.ssh$ ssh-keygen <em># generated ssh keys and when asked, i enter the folder /root/config/.ssh</em> $ ssh-copy-id -i /root/config/.ssh/id_proxmox root@MY_PROXMOX_IP <em># copy keys to my prox server</em>$ ssh root@MY_PROXMOX_IP <em>#try out if I can log on without password prompt, then exit</em>
  1. I had to find out where my proxmox stores temperatures. I ssh’ed to my proxmox again, browsed folders and looked into files which one store temps. My AMD laptop stores it in /sys/class/thermal/thermal_zone0/temp.

It could be also …/thermal_zone1, 2, 3 or similar.

  1. Then I pulled temperature data via SSH to HA terminal:
$ ssh -i /config/.ssh/id_prox -o StrictHostKeyChecking=no -q root@YOUR_PROXMOX_IP cat /sys/class/thermal/thermal_zone0/temp

The command returned 52000.

Edited my configuration.yaml and added the sensor. This is a working code (as of Apr. 2024). I used tips from here (deprecated sensor) and here.

##################

Temperature proxmox

##################
command_line:
– sensor:
name: temperature_cpu
command: “ssh -i /config/.ssh/id_prox -o StrictHostKeyChecking=no -q root@YOUR_PROXMOX_IP cat /sys/class/thermal/thermal_zone0/temp”
value_template: “{{ value | multiply(0.001) | round(1) }}”
unit_of_measurement: “°C”

After 20 restarts of Home Assistant, it finally shows the proxmox CPU temp.

Bonus: here is a picture my homelab proxmox ‘server’ with external fans (because CPU fan is not working).

https://blog.rozman.info/wp-content/uploads/2024/04/20240415_081455-1024x576.jpgBonus #2: A hypothesis: Fediverse is causing global warming! 😉 😉

When I publish a blog post, the WordPress Activitypub plugin delivers the post to the . This causes the CPU to heat to 75C+. I know it now, because I can track its temp. in HA.

The hypothesis is confirmed.

temperature chart of the CPU, a spike is detected at blog publish time, because of activitypub pluginhttps://blog.rozman.info/proxmox-server-temperature-tracking-in-home-assistant/

#2

image/jpeg
image/png

fm_volker,
@fm_volker@mastodon.social avatar

@po3mah @tomi I see. I tried that integration just today, and was a bit underwhelmed that it only delivers "VM up Y/N" -- or are there different integrations? I used proxmoxve.

po3mah,
@po3mah@mastodon.social avatar

@fm_volker @tomi I don't use the default one, too little info. I use this one: https://github.com/dougiteixeira/proxmoxve

danielsreichenbach,
@danielsreichenbach@mastodon.world avatar

So I had a bit of a unpleasant experience with and trying to successfully do a PCI(e) Passthrough.

In my cluster, I have a few machines running on an AMD Ryzen 7 4800U with Radeon Graphics. Following the Proxmox WIki guide, I kinda managed to pass the APU into a guest.

The unpleasant side effect was that following that, the host then lost control over the remaining PCI devices too, as in IO, network, etc. First thing to happen of course was all OSDs on that host just disappeared.

stooovie,
@stooovie@mas.to avatar

@danielsreichenbach IOMMU issues? I'm not sure AMD works the same as Intel but it looks like it.

pieceofthepie, (edited )
@pieceofthepie@n8e.dev avatar

Don't enable your firewall without reading the instructions, or you will have a very bad time.

Shit.

bradfrank,

@pieceofthepie I’ve thought about setting up a PiKVM so I could remote in to the console in case of something like this. Lugging monitors up and down stairs isn’t how I want to get my workout 🙃

pieceofthepie,
@pieceofthepie@n8e.dev avatar

@bradfrank May or may not have the bits to do that in my cart.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • proxmox
  • DreamBathrooms
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • InstantRegret
  • slotface
  • osvaldo12
  • kavyap
  • khanakhh
  • Durango
  • megavids
  • everett
  • cisconetworking
  • normalnudes
  • tester
  • ngwrru68w68
  • cubers
  • modclub
  • tacticalgear
  • provamag3
  • Leos
  • anitta
  • JUstTest
  • lostlight
  • All magazines
    •