Proxmox - Madness w/ systemd boot, and updating to kernel 5.10/5.11

Proxmox

We all love Proxmox, right? …right?? … RIGHT…? Real talk – Proxmox VE 6.3 with Kernel 5.4 is pretty ancient for a kernel version. It is, and it isn’t, at the same time. (Some) Drivers and fixes from newer kernels have been backported, and this is the way it’s always been since the early days of Debian.

The problem? Well, when you’ve got newer hardware that Kernel 5.4 might not like. Newer Epyc? Yeah, problems about. Even basic computer hygene like properly-operating CPU Turbo is problematic.

Enter Kernel 5.10 / 5.11 with the Proxmox/PVE Patches:

The idea with this repo is the kind soul has done the hard work for you, and makes it to where you can just install this kernel.

Out of the box, however, Proxmox is using systemd to boot. You might think all you need to do is

pve-efiboot-tool refresh

once you install one of those kernels. Nope! You have to manually add the new kernel THEN you can refresh.

Another quirk I noticed, which is not fatal because of the way pve-efiboot-tool works, but is none-the-less annoying, is that /boot/efi is NOT mounted by default on ZFS root systems with proxmox. So be aware of that if you’re troubleshooting. Don’t be like me and spend about 20 minutes rebooting over and over again trying to figure out why the EFI wasn’t seeing changes to the EFI config in the efi/EFI folder (hint, that’s on zfs, stupid, not The Actual EFI Partition. Who did this? This is terrible.)

ls /boot
# see kernel 5.11.0-2 in there! okay 
pve-efiboot-tool kernel add 5.11.0-2
pve-efiboot-tool refresh 

And that should be all you need to do to get up and running with a modern kernel, for modern hardware, on proxmox. BTW: Don’t bother trying to get commercial support for this, you mad lad.

ps. Don’t forget to update your apparmor config for 5.11 because it won’t work for sure. Details in the github readme.md

7 Likes

Yet more reasons to abolish both systemd and efi :stuck_out_tongue: Well, systemd for sure. (just installing Funtoo (OpenRC based) on an AM3 system: Phenom II X4 965 and 16GB DDR3 1333 on a GA-970FXTA-UD5 mainboard)

OK, OK, I’ll get off my perch :roll_of_toilet_paper:

will there be a video tutorial coming on this?

I’m close to redoing everthing to clean up my initial flailing about with getting things set up the first time, so perfect time to give this a shot.

Found a small correction
pve-efiboot-tool add 5.11.0-2pve-efiboot-tool kernel add 5.11.0-2

Also curious about an error message

root@kobold:~# apt install ./pve-edge-headers-5.11.0-2_5.11.0-2_amd64.debReading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'pve-edge-headers-5.11.0-2' instead of './pve-edge-headers-5.11.0-2_5.11.0-2_amd64.deb'
The following packages were automatically installed and are no longer required:
  pve-headers-5.4.73-1-pve pve-headers-5.4.78-1-pve
Use 'apt autoremove' to remove them.
The following NEW packages will be installed:
  pve-edge-headers-5.11.0-2
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 0 B/12.0 MB of archives.
After this operation, 85.0 MB of additional disk space will be used.
Get:1 /root/pve-edge-headers-5.11.0-2_5.11.0-2_amd64.deb pve-edge-headers-5.11.0-2 amd64 5.11.0-2 [12.0 MB]
Selecting previously unselected package pve-edge-headers-5.11.0-2.
(Reading database ... 149667 files and directories currently installed.)
Preparing to unpack .../pve-edge-headers-5.11.0-2_5.11.0-2_amd64.deb ...
Unpacking pve-edge-headers-5.11.0-2 (5.11.0-2) ...
Setting up pve-edge-headers-5.11.0-2 (5.11.0-2) ...
N: Download is performed unsandboxed as root as file '/root/pve-edge-headers-5.11.0-2_5.11.0-2_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

Specifically that last bit. Is this something terrible or something I just ignore? I can never fucking tell with linux.

N: Download is performed unsandboxed as root as file '/root/pve-edge-headers-5.11.0-2_5.11.0-2_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

Haven’t rebooted just yet, wanted to post this first. edit And it seems to work fine, woohoo!

1 Like

@Log no, it’s not a problem. It was just a notification, the file was retrieved and installed.

Actually, Linux is way more descriptive then Win-OS on errors: it’s all just there. The problem is that you didn’t grasp what it said. That’s not Linux’ fault :stuck_out_tongue:

2 Likes

It works!

❯ mkdir ~/pve-edge-kernel && cd ~/pve-edge-kernel 
❯ wget https://github.com/fabianishere/pve-edge-kernel/releases/download/v5.11.7-1/pve-edge-kernel-5.11.7-1_5.11.7-1+zen21_amd64.deb
❯ wget https://github.com/fabianishere/pve-edge-kernel/releases/download/v5.11.7-1/pve-edge-headers-5.11.7-1_5.11.7-1_amd64.deb
❯ dpkg -i pve-edge-kernel-5.11.7-1_5.11.7-1+zen21_amd64.deb && dpkg -i pve-edge-headers-5.11.7-1_5.11.7-1_amd64.deb
❯ pve-efiboot-tool kernel add 5.11.7-1
❯ pve-efiboot-tool refresh
❯ sed -i "s/^features-file/\# features-file/" /etc/apparmor/parser.conf
❯ echo "features-file=/usr/share/apparmor-features/features.stock" >> /etc/apparmor/parser.conf
❯ reboot now

# if you have vfio passthrough enabled run the following after installing / updating pve-edge-kernel
❯ update-grub
❯ update-initramfs -u
❯ reboot now
3 Likes

Sums up one half of a typical software engineer life.
Other half is doing terrible things because we’re cutting corners to meet deadlines due to spending time and energy on troubleshooting terrible things. Cycle repeats.

1 Like

A little update, now you can install the latest kernel directly from the package manager.

apt install pve-kernel-5.11
apt install pve-headers-$(uname -r)
update-grub
update-initramfs -u
reboot
5 Likes

If you are using Proxmox VE 7 then you can test the new 5.15 kernel now.

apt update && apt install pve-kernel-5.15
1 Like