PVE 初始化配置

修改基础系统(Debian)的源文件 /etc/apt/sources.list 和 Proxmox 的源文件

修改基础系统(Debian)的源文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 备份
root@HomeLab:~# cp /etc/apt/sources.list /etc/apt/sources.list_backup
root@HomeLab:~# cp /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list_backup
# 替换成中科大换
root@HomeLab:~# sed -i 's|^deb http://ftp.debian.org|deb https://mirrors.ustc.edu.cn|g' /etc/apt/sources.list
root@HomeLab:~# sed -i 's|^deb http://security.debian.org|deb https://mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list
# 查看替换结果
root@HomeLab:~# cat /etc/apt/sources.list
deb https://mirrors.ustc.edu.cn/debian bullseye main contrib

deb https://mirrors.ustc.edu.cn/debian bullseye-updates main contrib

# security updates
deb https://mirrors.ustc.edu.cn/debian-security bullseye-security main contrib

修改 Proxmox 的源文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 下载秘钥
root@HomeLab:~# wget https://mirrors.ustc.edu.cn/proxmox/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
--2023-03-04 13:23:29-- https://mirrors.ustc.edu.cn/proxmox/debian/proxmox-release-bullseye.gpg
Resolving mirrors.ustc.edu.cn (mirrors.ustc.edu.cn)... 202.141.160.110, 2001:da8:d800:95::110
Connecting to mirrors.ustc.edu.cn (mirrors.ustc.edu.cn)|202.141.160.110|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1187 (1.2K) [application/octet-stream]
Saving to: ‘/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg’

/etc/apt/trusted.gpg.d/proxmox-relea 100%[======================================================================>] 1.16K --.-KB/s in 0s

2023-03-04 13:23:29 (51.3 MB/s) - ‘/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg’ saved [1187/1187]

root@HomeLab:~# source /etc/os-release
# 替换成中科大换
root@HomeLab:~# echo "deb https://mirrors.ustc.edu.cn/proxmox/debian/pve $VERSION_CODENAME pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
# 删除企业源
root@HomeLab:~# rm /etc/apt/sources.list.d/pve-enterprise.list
# 查看修改结果
root@HomeLab:~# cat /etc/apt/sources.list.d/pve-no-subscription.list
deb https://mirrors.ustc.edu.cn/proxmox/debian/pve bullseye pve-no-subscription

更新

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
root@HomeLab:~# apt update && apt dist-upgrade
Hit:1 https://mirrors.ustc.edu.cn/debian bullseye InRelease
Hit:2 https://mirrors.ustc.edu.cn/debian bullseye-updates InRelease
Hit:3 https://mirrors.ustc.edu.cn/debian-security bullseye-security InRelease
Hit:4 https://mirrors.ustc.edu.cn/proxmox/debian/pve bullseye InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
N: Ignoring file 'pve-enterprise.list_backup' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
N: Ignoring file 'pve-enterprise.list_backup' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension

修改 LXC 模板仓库源

1
2
3
root@HomeLab:~# cp /usr/share/perl5/PVE/APLInfo.pm /usr/share/perl5/PVE/APLInfo.pm_backup
root@HomeLab:~# sed -i 's|http://download.proxmox.com|https://mirrors.ustc.edu.cn/proxmox|g' /usr/share/perl5/PVE/APLInfo.pm
root@HomeLab:~# systemctl restart pvedaemon

执行完成后,浏览器 Ctrl+F5 强制刷新缓存

删除订阅弹窗

1
root@HomeLab:~# sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service

执行完成后,浏览器 Ctrl+F5 强制刷新缓存

调整内核

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# 当前使用内核
root@HomeLab:~# uname -r
5.15.85-1-pve
# 查看内核
root@HomeLab:~# proxmox-boot-tool kernel list
Manually selected kernels:
None.

Automatically selected kernels:
5.15.74-1-pve
5.15.85-1-pve
# 选中 5.15.85-1-pve 作为启动内核
root@HomeLab:~# proxmox-boot-tool kernel pin 5.15.85-1-pve
Setting '5.15.85-1-pve' as grub default entry and running update-grub.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.85-1-pve
Found initrd image: /boot/initrd.img-5.15.85-1-pve
Found linux image: /boot/vmlinuz-5.15.74-1-pve
Found initrd image: /boot/initrd.img-5.15.74-1-pve
Found memtest86+ image: /boot/memtest86+.bin
Found memtest86+ multiboot image: /boot/memtest86+_multiboot.bin
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
# 查看内核
root@HomeLab:~# proxmox-boot-tool kernel list
Manually selected kernels:
None.

Automatically selected kernels:
5.15.74-1-pve
5.15.85-1-pve

Pinned kernel:
5.15.85-1-pve
# 卸载 pve-kernel-5.15.74-1-pve 内核
root@HomeLab:~# dpkg --purge pve-kernel-5.15.74-1-pve
(Reading database ... 51104 files and directories currently installed.)
Removing pve-kernel-5.15.74-1-pve (5.15.74-1) ...
Examining /etc/kernel/postrm.d.
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
update-initramfs: Deleting /boot/initrd.img-5.15.74-1-pve
run-parts: executing /etc/kernel/postrm.d/proxmox-auto-removal 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
run-parts: executing /etc/kernel/postrm.d/zz-proxmox-boot 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
Re-executing '/etc/kernel/postrm.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.85-1-pve
Found initrd image: /boot/initrd.img-5.15.85-1-pve
Found memtest86+ image: /boot/memtest86+.bin
Found memtest86+ multiboot image: /boot/memtest86+_multiboot.bin
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
Purging configuration files for pve-kernel-5.15.74-1-pve (5.15.74-1) ...
Examining /etc/kernel/postrm.d.
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
update-initramfs: Deleting /boot/initrd.img-5.15.74-1-pve
run-parts: executing /etc/kernel/postrm.d/proxmox-auto-removal 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
run-parts: executing /etc/kernel/postrm.d/zz-proxmox-boot 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
Re-executing '/etc/kernel/postrm.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 5.15.74-1-pve /boot/vmlinuz-5.15.74-1-pve
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.85-1-pve
Found initrd image: /boot/initrd.img-5.15.85-1-pve
Found memtest86+ image: /boot/memtest86+.bin
Found memtest86+ multiboot image: /boot/memtest86+_multiboot.bin
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
# 查看内核
root@HomeLab:~# proxmox-boot-tool kernel list
Manually selected kernels:
None.

Automatically selected kernels:
5.15.85-1-pve

Pinned kernel:
5.15.85-1-pve

安装 ZSH 和 Oh-My-ZSH

1
2
# 注入魔法
root@pve:~# export https_proxy=http://10.10.6.3:7890 http_proxy=http://10.10.6.3:7890 all_proxy=socks5://10.10.6.3:7891
1
2
3
4
# 安装 ZSH
root@pve:~# apt-get install -y wget vim git zsh
# 安装 Oh-My-ZSH
root@pve:~# sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
1
2
3
4
5
6
7
# 设置 Oh-My-ZSH 主题
root@pve:~# vim .zshrc
# 修改下面的内容
ZSH_THEME="alanpeabody"

# 使配置生效
root@pve:~# source .zshrc

使用 Nginx 代理 PVE 的 8006 端口

  • 代理 8006 端口,可以不输端口使用 https://host 直接访问 PVE 网站

安装 Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# 先安装必备依赖包
root@pve:~# apt-get install -y build-essential libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev

# 上传 nginx-1.22.1.tar.gz 并解压
root@pve:~# ll
total 1.1M
drwxr-xr-x 8 1001 1001 4.0K Oct 19 16:02 nginx-1.22.1
root@pve:~# tar -zxvf nginx-1.22.1.tar.gz

···

root@pve:~# ll
total 1.1M
drwxr-xr-x 8 1001 1001 4.0K Oct 19 16:02 nginx-1.22.1
-rw-r--r-- 1 root root 1.1M Feb 10 19:46 nginx-1.22.1.tar.gz

# 编译并安装 Nginx
root@pve:~# cd /root/nginx-1.22.1
root@pve ~/nginx-1.22.1# ./configure --prefix=/usr/local/nginx/v1.22.1 --with-http_stub_status_module --with-http_ssl_module

···

root@pve ~/nginx-1.22.1# make && make install

设置 Nginx 开机自启动服务

1
root@pve:~# vim /usr/lib/systemd/system/nginx.service

/usr/lib/systemd/system/nginx.service 文件中写入下面内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[Unit]
Description=Nginx-v1.22.1
Requires=pve-cluster.service
After=pve-cluster.service

[Service]
Type=forking
PIDFile=/usr/local/nginx/v1.22.1/logs/nginx.pid
ExecStartPre=/usr/local/nginx/v1.22.1/sbin/nginx -t -c /usr/local/nginx/v1.22.1/conf/nginx.conf
ExecStart=/usr/local/nginx/v1.22.1/sbin/nginx -c /usr/local/nginx/v1.22.1/conf/nginx.conf
ExecReload=/usr/local/nginx/v1.22.1/sbin/nginx -s reload
ExecStop=/usr/local/nginx/v1.22.1/sbin/nginx -s stop
ExecQuit=/usr/local/nginx/v1.22.1/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
# 重启服务
root@pve:~# systemctl daemon-reload

# 开机自启动
root@pve:~# systemctl enable nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
1
2
3
4
# 启动 Nginx 服务
root@pve:~# systemctl start nginx
# 查看 Nginx 服务状态
root@pve:~# systemctl status nginx

使用 Nginx 代理 8006 端口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
root@HomeLab ~$ cd /usr/local/nginx/v1.22.1/conf                                                                                                     
root@HomeLab /usr/local/nginx/v1.22.1/conf$ ll
total 72K
-rw-r--r-- 1 root root 1.1K Feb 12 20:59 fastcgi.conf
-rw-r--r-- 1 root root 1.1K Feb 12 20:59 fastcgi.conf.default
-rw-r--r-- 1 root root 1007 Feb 12 20:59 fastcgi_params
-rw-r--r-- 1 root root 1007 Feb 12 20:59 fastcgi_params.default
-rw-r--r-- 1 root root 2.8K Feb 12 20:59 koi-utf
-rw-r--r-- 1 root root 2.2K Feb 12 20:59 koi-win
-rw-r--r-- 1 root root 5.3K Feb 12 20:59 mime.types
-rw-r--r-- 1 root root 5.3K Feb 12 20:59 mime.types.default
-rw-r--r-- 1 root root 2.6K Feb 12 20:59 nginx.conf
-rw-r--r-- 1 root root 2.6K Feb 12 20:59 nginx.conf.default
-rw-r--r-- 1 root root 636 Feb 12 20:59 scgi_params
-rw-r--r-- 1 root root 636 Feb 12 20:59 scgi_params.default
-rw-r--r-- 1 root root 664 Feb 12 20:59 uwsgi_params
-rw-r--r-- 1 root root 664 Feb 12 20:59 uwsgi_params.default
-rw-r--r-- 1 root root 3.6K Feb 12 20:59 win-utf

# 备份 Nginx 配置文件
root@HomeLab /usr/local/nginx/v1.22.1/conf$ cp nginx.conf nginx.conf_bak
1
2
# 编辑 Nginx 配置文件
root@HomeLab /usr/local/nginx/v1.22.1/conf$ vim nginx.conf

修改为下面内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
worker_processes  1;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}

server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/pve/local/pve-ssl.pem;
ssl_certificate_key /etc/pve/local/pve-ssl.key;
proxy_redirect off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://localhost:8006;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
}

}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 启动或者重启 Nginx
root@HomeLab ~$ systemctl start nginx
root@HomeLab ~$ systemctl restart nginx

# 查看 Nginx 服务状态
root@HomeLab ~$ systemctl status nginx
● nginx.service - Nginx-v1.22.1
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2023-02-12 21:15:59 CST; 2s ago
Process: 40027 ExecStartPre=/usr/local/nginx/v1.22.1/sbin/nginx -t -c /usr/local/nginx/v1.22.1/conf/nginx.conf (code=exited, status=0/SUCCESS)
Process: 40029 ExecStart=/usr/local/nginx/v1.22.1/sbin/nginx -c /usr/local/nginx/v1.22.1/conf/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 40030 (nginx)
Tasks: 2 (limit: 18925)
Memory: 1.8M
CPU: 15ms
CGroup: /system.slice/nginx.service
├─40030 nginx: master process /usr/local/nginx/v1.22.1/sbin/nginx -c /usr/local/nginx/v1.22.1/conf/nginx.conf
└─40031 nginx: worker process

Feb 12 21:15:59 HomeLab systemd[1]: Starting Nginx-v1.22.1...
Feb 12 21:15:59 HomeLab nginx[40027]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/v>
Feb 12 21:15:59 HomeLab nginx[40027]: nginx: the configuration file /usr/local/nginx/v1.22.1/conf/nginx.conf syntax is ok
Feb 12 21:15:59 HomeLab nginx[40027]: nginx: configuration file /usr/local/nginx/v1.22.1/conf/nginx.conf test is successful
Feb 12 21:15:59 HomeLab nginx[40029]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/v>
Feb 12 21:15:59 HomeLab systemd[1]: Started Nginx-v1.22.1.

完成 Nginx 配置后,不用端口号即可访问 PVE 管理网站

设置笔记本盒盖情况下 PVE 不休眠

1
root@pve:/root # vim /etc/systemd/logind.conf
1
2
# 添加下面内容
HandleLidSwitch=ignore
1
2
# 重启服务
root@pve:/root # service systemd-logind restart

安装黑群晖

1
2
3
4
5
6
7
8
9
root@pve ~/dsm$ qm importdisk 231 DS918-7.X_42218-42951RC.img local-lvm

...

transferred 124.0 MiB of 128.0 MiB (96.88%)
transferred 126.0 MiB of 128.0 MiB (98.44%)
transferred 128.0 MiB of 128.0 MiB (100.00%)
transferred 128.0 MiB of 128.0 MiB (100.00%)
Successfully imported disk as 'unused0:local-lvm:vm-231-disk-0'

MySQL

1
2
3
4
5
6
7
8
export https_proxy=http://10.10.6.3:7890 http_proxy=http://10.10.6.3:7890 all_proxy=socks5://10.10.6.3:7891
wget https://repo.mysql.com//mysql80-community-release-el7-3.noarch.rpm
yum localinstall -y mysql80-community-release-el7-3.noarch.rpm
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum repolist enabled | grep "mysql.*-community.*"
yum install -y mysql-community-server
systemctl status mysqld
grep 'temporary password' /var/log/mysqld.log
1
2
3
4
5
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Wrg2022.MySQL';
CREATE USER 'gg'@'%' IDENTIFIED BY 'Wrg2022.MySQL';
GRANT ALL PRIVILEGES ON *.* TO 'gg'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
SELECT user, authentication_string, plugin, host FROM mysql.user;

Docker

1
2
3
4
5
6
7
8
9
10
11
docker run --detach \
--hostname gitlab.jxb \
--publish 443:443 --publish 80:80 --publish 8022:22 \
--name gitlab \
--volume $GITLAB_HOME/config:/etc/gitlab \
--volume $GITLAB_HOME/logs:/var/log/gitlab \
--volume $GITLAB_HOME/data:/var/opt/gitlab \
--shm-size 256m \
gitlab/gitlab-ce

/etc/default/grub

PCIE

No IOMMU detected, please activate it.See Documentation for further information.

1
2
3
4
5
root@pve ~$ vim /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"

root@pve ~$ update-grub