Proxmox VE 7.2 erschienen

Die Virtualisierungslösung Proxmox, erhielt das Update 7.2. Dieses behebt einige Fehler, bringt neue Funktionen und trägt zur Stabilität bei.

Highlights

• Debian 11.3 (Bullseye), but using a newer Linux kernel 5.15.30
• QEMU 6.2.0, LXC 4.0.12, and ZFS 2.1.4
• Ceph Pacific 16.2.7, and continued support for Ceph Octopus 15.2.16 (until mid 2022)
• Backup/Restore: notes templates, updated next-event scheduling code, a new job-init hook step, and much more…
• Proxmox HA Manager: improved LRM scheduler, and improved HA simulator tool
• Cluster: configuration of a desired range of VMIDs
• Ceph: erasure-coded pools
• Support for the accelerated virtio-gl (VirGL) display driver
• updated Proxmox VE Android app
• ‘proxmox-boot-tool kernel pin’
• and much much much more…

Proxmox VE 7.2 Komponenten

• Based on Debian Bullseye (11.3)
• Ceph Pacific 16.2.7
• Ceph Octopus 15.2.16 (continued support until mid 2022)
• Kernel 5.15.30
• LXC 4.0
• QEMU 6.2
• ZFS 2.1.4

Release notes
https://pve.proxmox.com/wiki/Roadmap#Proxmox_VE_7.2

Press release
https://www.proxmox.com/en/news/press-releases/proxmox-virtual-environment-7-2-available

Video tutorial
https://www.proxmox.com/en/training/video-tutorials/item/what-s-new-in-proxmox-ve-7-2

Changelog Overview

• Enhancements in the web interface (GUI):
  • Enhance backup restore dialog by allowing administrators to override some basic settings for the virtual guest being restored.
  • Allow for safe reassignment of a VM disk or CT volume to another guest on the same node.
  • Support configuring the range that new VMIDs are selected from when creating a VM or CT.
  You can set the upper and lower boundaries in the datacenter’s options panel. Setting lower equal to upper disables auto-suggestion completely.
  • Enable passing the keyring secret for external Ceph clusters in the web interface when adding an RBD or CephFS storage to Proxmox VE.
  • Render „ghost“ OSDs in the Ceph dashboard to make admins aware of such leftover entries.
  • Provide the „next-run“ time, i.e., the time a backup job will be executed next, in the datacenter’s backup job overview.
  • Display a prominent Start Guest button in the Console view of guests, if they are not running .
  • Improve performance for the task log viewer in the GUI.
  • Move the actions affecting a disk or volume of a virtual guest to its own submenu.
  • Switch some bitmap-based VM & CT resource icons over to vector based SVG.
  • Allow assigning up to 16 PCI(e) devices to a VM via the web interface.
  • Improved translations, among others:
    • Arabic
    • Basque
    • German
    • Japanese
    • Polish
    • Traditional Chinese
    • Turkish
  The previous limit of 5 has already expanded in the backend.
• Virtual Machines (KVM/QEMU)
  • Add support for the accelerated virtio-gl (VirGL) display driver.
  • Enable SPICE support by default for the VirtIO and VirGL display types.
  • If VMs were paused before migration starts, keep them paused after migration finishes.
  • Support for importing disk-images via the API – currently not available in the GUI.
  • Support for reading OVF files via the API – currently not available in the GUI.
  • The PCI vendor and device IDs can be overridden for a configuration passthrough entry, and do not need to correspond to the actual IDs of the physical device.
  • Increase the timeout for the fsthaw operation issued through the QEMU guest agent.
  • Fixed issues that occur in certain storage layouts, when migrating local VM state volumes, such as the TPM state or cloud-init.
  • Improved clean-up of unneeded resources upon restore, for example, if a restore fails, drop the left-over snapshots of replaced disks and cloud-init disks.
  • Improved consistency when cloning from a snapshot (rather than from the current state) – the EFI disk’s state is also taken from the snapshot.
• Containers (LXC)
  • Support for NixOS container templates
  • Support Ubuntu 22.04, Devuan 4.0 and the upcoming Fedora 36
  • Provide new pre-made templates for:
    • Ubuntu 22.04
    • Devuan 4.0
    • Alpine 3.15
  • Refreshed some existing templates:
    • CentOS 8 Stream,
    • Arch Linux
    • Debian 11 (to the 11.3 point release)
  • Containers with multiple mount points can now be successfully trimmed with pct fstrim, even if one of the mount points does not support trimming, for example, because it’s on a ZFS subvolume.
  • Add target-storage support to migration.
  • Allow lazytime mount option for containers.
  • Fix an issue with wrong ownership for files/directories created by the container stack on unprivileged containers.
  Files on Red Hat and SUSE based templates were created as root on the host and showed up as owned by nobody inside the container, resulting in NetworkManager failing.
• General improvements for virtual guests
  • Better handling of snapshot removal (for example, after finishing a backup) when storage replication is configured.
• HA Manager
  • Improve handling of huge numbers of services per node, by improving the LRM scheduler that starts workers.
  ha-manager uses a statically configurable number of workers to handle the services, by scheduling jobs in repeating scheduling rounds with a time-slice of 10s max.Since the services that have already started must also be checked to ensure that they are still in the target state, it could happen during large deployments that the services starved at the end of the queue.The issue was fixed by additionally sorting the services by the amount of time in which they hadn’t been scheduled. This increased the number of configurable services to be well above the previous implementation.
  • Handle an edge case where a node would get stuck in fence state, if all services were removed from it before the node actually fenced itself.
  • The ha-simulator can now better help to test races in scheduling (on the different nodes) by introducing a skip-round
• Cluster
  • A segfault triggered with certain usage patterns was fixed.
  • The lower and upper boundaries to be considered when selecting the next free VMID can now be set in the datacenter.cfg.
  The issue was reported in the context of a cluster having many sessions opened with username and password (instead of API tokens) by a monitoring system.The settings are available over the web interface’s Datacenter -> Options panel.
• Backup/Restore
  • Allow for the configuration of a notes-template for backup jobs, which will be evaluated once the job runs and added to each resulting backup of said job.
  With this, useful meta-information can be added, allowing backups to be easier to distinguish, so that a relevant one can be found quickly if required.Note templates can contain template variables like {{guestname}} or {{cluster}}.
  • The next-event scheduling code was updated and now uses the more powerful one from Proxmox Backup Server via a Perl to rust binding (perlmod).
  In addition to the existing weekday, time and time range support, you can now specify:
  • Dates: For example 2015-10-21 or *-12-31 23:50 (New Year’s Eve, 10 minutes before midnight every year)
  • Date ranges: Sat *-1..7 15:00 (first Saturday every month at 15:00)
  • Repeating ranges Sat *-1..7 */30 (first Saturday every month, every half hour)
• Storage
  • Increase the timeout of ZFS operations for synchronous and worker calls to 10 seconds and a minimum of 5 minutes respectively, based on a report of the current settings being too low.
• pve-zsync
  • Improved resiliency of the crontab parser to better cope with manual modifications.
  • Support syncing TPM state.
• Ceph
  • Support creating and destroying erasure coded pools, which can also be added as Proxmox VE Storage entries.
  • Support for selecting existing custom device classes when adding OSDs through the web interface.
  • Out/In commands for OSDs are now executed on the node the user is connected to, instead of the node where the OSDs are located.
  This makes it possible to disable OSDs in the GUI, in case the target node is not available (for example in a disaster recovery situation).

• Access Control
  • More fine-grained control over how users or groups that vanished while syncing realms should be handled.
  Administrators can now choose if the user and all their configured values (for example TFA configurations, ACL entries) are set to the state in LDAP, or if only the users are added/removed, while their properties remain.This makes it possible to handle removed users, without losing the TFA configuration for all users who did not change since the last sync.
• OpenID realms support configuring of scopes, authentication context class reference (ACR) values, and whether the provider prompts the user for re-authentication and consent.
  • Fixed an issue with using Azure as an OpenID provider (unexpected Content-Type-Encoding leading to rejected logins).
  • WebAuthn TFA configurations now support only optionally providing the origin parameter for clustered systems.
  • Improved robustness in case of misconfigured U2F and WebAuthn settings.
  • TFA settings can now be viewed by users with User.Modify and Sys.Audit permissions in addition to root@pam
  Logins with other TFA methods do not get rejected if the U2F/WebAuthn configuration is incorrect.
• Firewall & Software Defined Networking (tech preview)
  • Set the ICMP type in the firewall rules GUI directly.
  • Add support for configuring anycast addresses on guests, by advertising the whole subnet to the EVPN network.
  • Add configuration for allowing exit-notes to reach guests inside the EVPN network, for example if they need to talk with a DNS server running inside a virtual guest.
  • Support for floating IPs on guests (by not suppressing ARP/ND packets).
  • Hide bridges that a user doesn’t have access to, if vNets are in use.
• Improvements for managing a Proxmox VE system
  • It is now possible to select a particular kernel version to boot persistently from a running system through proxmox-boot-tool kernel pin
  • Administrators can now disable MAC learning on a bridge in /etc/network/interfaces with the bridge-disable-mac-learning flag.
  You can select a particular version to be used either indefinitely or just for the next boot. This removes the need to watch the boot process to select the desired version in the bootloader screen.This reduces the number of packets flooded on all ports (for unknown MAC addresses), preventing issues with certain hosting providers (for example, Hetzner), which resulted in the Proxmox VE node getting disconnected.
  • The location of the private key-file used for pveproxy can now be set in /etc/default/pveproxy, supporting certain setups which need sensitive data to be stored in a different location due to regulatory requirements.
  • The TLS configuration options for pveproxy now support disabling TLS 1.2 (to run in a pure TLS 1.3 environment) and configuring the advertised TLS1.3 ciphers.
  • Client-initiated TLS renegotiation was disabled, following best-practices.
  • The pveschedule daemon was improved based on the feedback received from its initial release with Proxmox VE 7.1.
  • Data sent to a configured metrics server is now formatted in a more strict fashion to prevent type mismatches, which were possible if a guest had a numeric-only name.
• Mobile App
  • Provide a simple dark theme and enable it if the system settings are configured to use dark designs.
  • Provide an inline console by relaying noVNC for VMs, and xterm.js for containers and the Proxmox VE node shell in the GUI.
  • Improved support for notches and full-screen mode.
• Installation ISO
  • Updated memtest86+ to the completely rewritten 6.0b version, adding support for UEFI and modern memory like DDR5.
  • Support for restricting the partitioned space for BTRFS installs, in order to leave unpartitioned space, which can be used for swap, for example.
  • Improved accuracy of displayed disk size by adding a decimal point. Otherwise, a 1.8 TB disk, for example, was shown as being just 1 TB.
  • Support for creating RAID0 configurations with differently sized disks.
  • Improved UX when setting the hdsize for RAID setups.
  • ZFS installs can now be configured to use zstd or GZIP compression.
  • Better support for installing ZFS on Systems with certain bugs in their UEFI implementation (HP Thin clients).
  • Drop the kernel command line quiet flag when booting in the advanced mode to provide more verbosity.
• Notable bug fixes
  • To prevent a network outage during the transition from ifupdown to ifupdown2, the ifupdown package was modified to not stop networking upon its removal.
  • For backups of running VMs with multiple disks, it was possible that write operations happening after the backup start synchronization point to the non-primary disks to be included in the backup.
  This has been fixed with QEMU 6.2.0 by initializing the relevant bitmap early enough.

Known Issues

• Systems passing through a GPU may be affected from the switch to the SYS_FB (system frame buffer) KConfig build options using the simplefb module as driver in the new default 5.15 based kernel.The sys-fb allows taking over the FB from the firmware/earlier boot stages. Note that Proxmox VE uses the legacy simplefb driver over the modern simpledrm one due to regressions and issues we encountered on testing with the latter.Most of those issues are already fixed in newer kernels and Proxmox VE may try to switch to the modern, DRM based FB driver once it moves to 5.17, or newer, as its default kernel.If your systems is configured to pass through the (i)GPU, and you had to avoid the host kernel claiming the device, you may now need to also add video=simplefb:off to the kernel boot command line.
• Setups using vendor-reset for PCIe pass through need to adapt to changes of the new default 5.15 based kernel, see For details see this issue.They must run the command echo 'device_specific' > /sys/bus/pci/devices/<PCI-ID>/reset_method before the VM is started. This can be automated by using a systemd service or using a on-boot cron script.Alternatively one can also use a VM hook script with the pre-start hook.

Quelle: Roadmap – Proxmox VE