Proxmox VE, upgrade from 7 to 8.1, on Dell T7910

Table of Contents

I upgraded my existing ProxmoxVE version 7 install to version 8.1.

As expected, this was hassle free.

These are mainly my notes on cleaning out previous CephFS fiddlings.

8.1 was released last November. I finally found time where I could have a short downtime of all the VMs I run on my single PVE node.

New features of interest to me

  • Secure boot is now supported, so I followed the docs for switching an existing install to secboot and then enabled secboot in my T7910’s BIOS setup.
  • There are repos for Ceph Reef, while my Ceph (currently Reef) cluster is external of Proxmox, I like having easy access to Reef client tools.

Upgrade procedure from 7 to 8.1

Is extremely well documented on their Wiki page Upgrade from 7 to 8. That page contained all the information I needed. Props for making good docs.

BaseOS update from Debian 11 to 12 is the well known and hassle free dist-upgrade. For the Proxmox part there is a shell script and the detailed wiki page linked above,

The update of both Debian and PVE took me less then an hour, since I curreny only run a single PVE node, I shut down all my VMs before starting the upgrade.

The following wiki pages applied to my setup

Used repositories

NOTE: These repositories suit my use-case. Refer to Proxmox’ docs for choosing repos that match yours.

root@t7910:~# for i in /etc/apt/sources.list /etc/apt/sources.list.d/* ; do echo "### START of my ${i}" ; cat ${i} ;echo "### END of my ${i}" ; echo ; done
### START of my /etc/apt/sources.list
deb bookworm main contrib non-free-firmware
deb bookworm-updates main contrib non-free-firmware

# Proxmox VE pve-no-subscription repository provided by,
# NOT recommended for production use
deb bookworm pve-no-subscription

# security updates
deb bookworm-security main contrib non-free-firmware
### END of my /etc/apt/sources.list

### START of my /etc/apt/sources.list.d/ceph.list
#deb bullseye main
deb bookworm no-subscription

### END of my /etc/apt/sources.list.d/ceph.list

### START of my /etc/apt/sources.list.d/pve-enterprise.list
# deb bookworm pve-enterprise

### END of my /etc/apt/sources.list.d/pve-enterprise.list

### START of my /etc/apt/sources.list.d/pve-enterprise.list.dpkg-dist
deb bookworm pve-enterprise
### END of my /etc/apt/sources.list.d/pve-enterprise.list.dpkg-dist

### START of my /etc/apt/sources.list.d/tarsnap.list
deb ./
### END of my /etc/apt/sources.list.d/tarsnap.list

I do not know if the docs got better of if I simply overlooked this part of the PVE docs when I initially set up access to my (external) CephFS.

Specifically the note The secret is only the key itself, as opposed to the rbd backend, doh, my bad. Fixed now.

I very much presume that back then I just read the docs badly, no matter, cleaned this up as follows;

  1. Get a secret (secret, not a keyring), on the Ceph side
[root@f5-422-01 ~]# cephadm shell
Using ceph image with id '8b60f94e29cf' and tag '<none>' created on 2023-12-07 14:38:55 +0000 UTC
[ceph: root@f5-422-01 /]# ceph auth get-key client.proxmox_fs
  1. Put secret in a file

  2. transfer file to Proxmox node t7910, out of old habits I put it at /etc/ceph/ceph.client.proxmox_fs.secret

  3. adjust my existing storage config as follows

root@t7910:~# pvesm set cephfs-external --keyring /etc/ceph/ceph.client.proxmox_fs.secret 
  1. verify PVE ingested the secret
root@t7910:~# ls -lh /etc/pve/priv/ceph/
total 1.5K
-rw------- 1 root www-data 153 Aug 29  2021 cephfs-external.keyring
-rw------- 1 root www-data  41 Mar 27 18:24 cephfs-external.secret
-rw------- 1 root www-data 138 Aug 29  2021 ceph-rbd-external.keyring

And I guess this also explains why I had issues previously, I had fed it a keyring, not a secret.

FIXME: Clean out the now obsolete /etc/pve/priv/ceph/cephfs-external.keyring and /etc/ceph/…?

root@t7910:~# ls -lh /etc/ceph/
total 19K
-r-------- 1 root root 153 Aug 29  2021 ceph.client.proxmox_fs.keyring
-rw------- 1 root root  41 Mar 27 18:21 ceph.client.proxmox_fs.secret
-r-------- 1 root root 138 Aug 29  2021 ceph.client.proxmox_rbd.keyring
-rw-r--r-- 1 root root 287 Aug 29  2021 ceph.conf
-rw-r--r-- 1 root root  92 May 31  2021 rbdmap

Disable Kernel Samepage Merging

Since I have plenty RAM and do not want the performance hit of KSM, I disabled as per docs

root@t7910:~# systemctl disable --now ksmtuned
root@t7910:~# echo 2 > /sys/kernel/mm/ksm/run

Enable Secure Boot

Again, just followed the documentation. Specifically 3.13.8. Secure Boot, Switching an Existing Installation to Secure Boot.

Check Secure Boot Status

root@t7910:~# date ; mokutil --sb-state 
Sun Mar 31 09:07:51 PM CEST 2024
SecureBoot enabled