-
Notifications
You must be signed in to change notification settings - Fork 3
/
README
152 lines (95 loc) · 4.07 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
KERNEL SOURCE:
==============
We currently use the Ubuntu kernel sources, available from:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/
Ubuntu will maintain those kernels till:
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Additional/Updated Modules:
---------------------------
- include latest e1000e driver from intel/sourceforge
- include latest ixgbe driver from intel/sourceforge
- include latest igb driver from intel/sourceforge
# Note: hpsa does not compile with kernel 3.19.8
#- include latest HPSA driver (HP Smart Array)
#
# * http://sourceforge.net/projects/cciss/
- include native OpenZFS filesystem kernel modules for Linux
* https://github.com/zfsonlinux/
For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
- include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/
FIRMWARE:
=========
We create our own firmware package, which includes the firmware for
all proxmox-ve kernels. So far this include
pve-kernel-2.6.18
pve-kernel-2.6.24
pve-kernel-2.6.32
pve-kernel-3.10.0
pve-kernel-3.19.0
We use 'find-firmware.pl' to extract lists of required firmeware
files. The script 'assemble-firmware.pl' is used to read those lists
and copy the files from various source directory into a target
directory.
We do not include firmeware for some wireless HW when there is a
separate debian package for that, for example:
zd1211-firmware
atmel-firmware
bluez-firmware
PATCHES:
--------
bridge-patch.diff: Avoid bridge problems with changing MAC
see also: http://forum.openvz.org/index.php?t=msg&th=5291
Behaviour after 2.6.27 has changed slighly - after setting mac address
of bridge device, then address won't change. So we could omit
that patch, requiring to set hwaddress in /etc/network/interfaces.
Watchdog blacklist
------------------
By default, all watchdog modules are black-listed because it is totally undefined
which device is actually used for /dev/watchdog.
We ship this list in /lib/modprobe.d/blacklist_pve-kernel-<VERSION>.conf
The user typically edit /etc/modules to enable a specific watchdog device.
Additional information
----------------------
We use the default configuration provided by Ubuntu, and apply
the following modification:
see Makefile (PVE_CONFIG_OPTS)
- enable CONFIG_CEPH_FS=m (request from user)
- enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
problems (udev, undate-initramfs have serious problems without that)
CONFIG_BLK_DEV_SD=y
CONFIG_BLK_DEV_SR=y
CONFIG_BLK_DEV_DM=y
- add workaround for Debian bug #807000 (see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000)
CONFIG_BLK_DEV_NVME=y
- compile NBD and RBD modules
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_RBD=m
- set LOOP_MIN_COUNT to 8 (debian defaults)
CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
- disable module signatures (CONFIG_MODULE_SIG)
- enable IBM JFS file system
This is disabled in RHEL kernel for no real reason, so we enable
it as requested by users (bug #64)
- enable apple HFS and HFSPLUS
This is disabled in RHEL kernel for no real reason, so we enable
it as requested by users
- enable CONFIG_BCACHE=m (requested by user)
- enable CONFIG_BRIDGE=y
Else we get warnings on boot, that
net.bridge.bridge-nf-call-iptables is an unknown key
- enable CONFIG_DEFAULT_SECURITY_APPARMOR
We need this for lxc
- set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
because if not set, it can give some dynamic memory or cpu frequencies
change, and vms can crash (mainly windows guest).
see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273
- use 'deadline' as default scheduler
This is the suggested setting for KVM. We also measure bad fsync
performance with ext4 and cfq.
- disable CONFIG_INPUT_EVBUG
Module evbug is not blacklisted on debian, so we simply disable it
to avoid key-event logs (which is a big security problem)
Testing final kernel with kvm
-----------------------------
kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero