Proxmox v. 9 kasutamine: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
 
(ei näidata sama kasutaja 31 vahepealset redaktsiooni)
409. rida: 409. rida:
 
===BIOS arvuti teisendamine UEFI arvutiks===
  
===BIOS arvuti teisendamine UEFI arvutiks===
   
  +
====Tööpõhimõte====
Peamisteks kaalutlusteks BIOS arvuti teisendamisel UEFI arvutiks
  
  +
  +
Peamised kaalutlused BIOS arvuti teisendamisel UEFI arvutiks
   
 
* vajadus saada osa secure boot lahendusega kaasnevast turvalisusest
  
* vajadus saada osa secure boot lahendusega kaasnevast turvalisusest
 
* nö täieline reinstall oleks liiga aeganõudev, kohmakas jne
  
* nö täieline reinstall oleks liiga aeganõudev, kohmakas jne
  +
  +
Muudatus seisneb virtuaalsele arvutile täiendava nö esimese plokkseadme lisamisel, suurusega 1 G. Sinna moodustatakse gpt partitsioonitabel ning vfat failisüsteem, ja ta vastab nö kataloogile /boot/efi, sinna ta ka monteeritakse kokkuvõttes. Juurfailisüsteem ja muu jääb sinna kus ta seni on olnud. Oluline on, et muudatuse käigus ei muudeta olemasoleva plokkseadme partitsioonitabelit ega lvm vms, st ebaõnnestumisel saab pöörduda tagasi kergesti (varundus peaks aga siiski olema olemas).
  +
  +
====Muudatuse protseduur====
   
 
Enne muudatust paistab virtuaalne arvuti selline
  
Enne muudatust paistab virtuaalne arvuti selline
   
  +
[[Fail:20260516-from-bios-to-uefi-01.png|700px]]
TODO
  
  +
  +
ning
   
 
<pre>
  
<pre>
  +
# df -T -h -t ext4
  +
Failisüsteem Tüüp Maht Kasut Vaba Kas% Haagitud
  +
/dev/mapper/system-root ext4 11G 8,2G 2,2G 80% /
  +
/dev/vda1 ext4 462M 325M 109M 75% /boot
  +
</pre>
   
  +
Lisatakse töötavale arvutile 1 g plokkseade
  +
  +
Hardware -> Add disk -> ...
  +
  +
Veendutakse, mis on konkreetsel juhtumil 1 g lisatud plokkseadme nimi, nt
  +
  +
<pre>
  +
# fdisk /dev/vdb -l
  +
Disk /dev/vdb: 1 GiB, 1073741824 bytes, 2097152 sectors
  +
Units: sectors of 1 * 512 = 512 bytes
  +
Sector size (logical/physical): 512 bytes / 512 bytes
  +
I/O size (minimum/optimal): 512 bytes / 512 bytes
 
</pre>
  
</pre>
  +
  +
edasi käsundamine
  +
  +
<pre>
  +
# apt-get install parted
  +
  +
# parted /dev/vdb mklabel gpt
  +
# parted /dev/vdb mkpart primary fat32 1MiB 100%
  +
# parted /dev/vdb set 1 esp on
  +
# mkfs.vfat -F 32 /dev/vdb1
  +
# mkdir -p /boot/efi
  +
# blkid /dev/vdb1
  +
</pre>
  +
  +
Muuta /etc/fstab faili, st lisada üks rida olemaoleva /boot rea alla, uuid on mitte partitsiooni, aga vfat failisüsteemi
  +
  +
<pre>
  +
# cat /etc/fstab
  +
..
  +
UUID=XXXX-XXXX /boot/efi vfat defaults 0 2
  +
</pre>
  +
  +
Lisada paketid
  +
  +
<pre>
  +
# systemctl daemon-reload
  +
# mount /boot/efi
  +
# apt update
  +
# apt install grub-efi-amd64-signed shim-signed mokutil
  +
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --removable
  +
# update-grub
  +
</pre>
  +
  +
tulemusena
  +
  +
<pre>
  +
# find /boot/efi/ -type f -ls
  +
115 932 -rwxr-xr-x 1 root root 952384 mai 17 12:00 /boot/efi/EFI/BOOT/BOOTX64.EFI
  +
116 2624 -rwxr-xr-x 1 root root 2685544 mai 17 12:00 /boot/efi/EFI/BOOT/grubx64.efi
  +
117 832 -rwxr-xr-x 1 root root 851368 mai 17 12:00 /boot/efi/EFI/BOOT/mmx64.efi
  +
118 4 -rwxr-xr-x 1 root root 112 mai 17 12:00 /boot/efi/EFI/BOOT/BOOTX64.CSV
  +
119 4 -rwxr-xr-x 1 root root 112 mai 17 12:00 /boot/efi/EFI/BOOT/grub.cfg
  +
  +
# cat /boot/efi/EFI/BOOT/grub.cfg
  +
search.fs_uuid 5ebbc6f0-69e8-413b-bb4f-4ec0fa5d2fc1 root
  +
set prefix=($root)'/grub'
  +
configfile $prefix/grub.cfg
  +
  +
# blkid /dev/vda1
  +
/dev/vda1: UUID="5ebbc6f0-69e8-413b-bb4f-4ec0fa5d2fc1" BLOCK_SIZE="1024" TYPE="ext4" PARTUUID="cfa36d3a-01"
  +
</pre>
  +
  +
Õeldakse virtuaalsele arvutile poweroff ja muudetakse seadistusi
  +
  +
* lisatakse 'EFI Disk' (virtuaalne efi riistvara seadistuste salvestamine jms)
  +
* muudetakse bios -> uefi
  +
* muudetakse chipset i440fx -> q35
  +
* muudetakse display default -> virtio-gpu
   
 
Peale muudatust paistab virtuaalne arvuti selline
  
Peale muudatust paistab virtuaalne arvuti selline
   
  +
[[Fail:20260516-from-bios-to-uefi-02.png|700px]]
TODO
  
  +
  +
Lisaks on boot järjekorra seadmed muudetud
  +
  +
[[Fail:20260516-from-bios-to-uefi-03.png|700px]]
  +
  +
kus
  +
  +
* tingimata vajalik on virtio1 ja virtio0 - esimesel on bootload ja grub.cfg lühike konf, teisel on konfi sisuline osa
  +
  +
Tulemusena töötab arvuti uefi secure boot režiimis
   
 
<pre>
  
<pre>
 
# mokutil --sb-state
  
# mokutil --sb-state
 
SecureBoot enabled
  
SecureBoot enabled
  +
  +
# df -t vfat -t ext4 -T -h
  +
Failisüsteem Tüüp Maht Kasut Vaba Kas% Haagitud
  +
/dev/mapper/system-root ext4 11G 8,2G 2,2G 80% /
  +
/dev/vda1 ext4 462M 325M 109M 75% /boot
  +
/dev/vdb1 vfat 1020M 8,7M 1012M 1% /boot/efi
 
</pre>
  
</pre>
  +
  +
Kõige lõpus võiks veel öelda, nii tekivad nö naturaalsed efibootmgr ja /boot/efi sissekanded nagu nad oleks seal nö sündinud-uefi'na arvutil
  +
  +
<pre>
  +
# efibootmgr
  +
BootCurrent: 0002
  +
Timeout: 3 seconds
  +
BootOrder: 0002,0003,0000,0001
  +
Boot0000* BootManagerMenuApp FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(eec25bdc-67f2-4d95-b1d5-f81b2039d11d)
  +
Boot0001* EFI Firmware Setup FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)
  +
Boot0002* UEFI Misc Device PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xb,0x0){auto_created_boot_option}
  +
Boot0003* UEFI Misc Device 2 PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xa,0x0){auto_created_boot_option}
  +
  +
# grub-install /dev/vdb
  +
Installing for x86_64-efi platform.
  +
Installation finished. No error reported.
  +
  +
# efibootmgr
  +
BootCurrent: 0002
  +
Timeout: 3 seconds
  +
BootOrder: 0004,0002,0003,0000,0001
  +
Boot0000* BootManagerMenuApp FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(eec25bdc-67f2-4d95-b1d5-f81b2039d11d)
  +
Boot0001* EFI Firmware Setup FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)
  +
Boot0002* UEFI Misc Device PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xb,0x0){auto_created_boot_option}
  +
Boot0003* UEFI Misc Device 2 PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xa,0x0){auto_created_boot_option}
  +
Boot0004* debian HD(1,GPT,0fb8cfd1-c90b-4da2-97db-ceda14464a90,0x800,0x1ff000)/File(\EFI\proxmox\shimx64.efi)
  +
</pre>
  +
  +
====Boot Order märkused====
  +
  +
PVE webgui Boot Order määrab kaks
  +
  +
* millised plokkseadmed osalevad uefi faasis
  +
* millised järjekorras plokkseadmed osalevad uefi faasis alglaadimisel
  +
  +
Kui on linnutatud ainult üks seade
  +
  +
[[Fail:20260516-from-bios-to-uefi-05.png|800px]]
  +
  +
Kui on linnutatud ainult kaks seadet
  +
  +
[[Fail:20260516-from-bios-to-uefi-04.png|800px]]
  +
  +
Antud juhul on see väga oluline kuna grub alglaadur on kahel seadmel laiali
  +
  +
* grub.efi rakendus asub /dev/vdb
  +
* grub.conf seadistus asub /dev/vda
  +
  +
Kui Boot Order on linnutatud vaid /dev/vda, siis peatub arvuti käivitumine 'grub>' prompt juures. Selles mõttes võiks olla PVE webgui osakonna nimeks nt 'UEFI device visibility and Boot Order'.
  +
  +
===Üle vsock ssh kasutamine===
  +
  +
Osutub, et uuemal ajal, st PVE v. 9, Debian v. 13 virtuaalne avuti on võimalik PVE host pealt pöörduda guest poole üle ssh kasutades vsock protokolli (mitte tavalist tcp/ip protokollil põhinevat võrku). Selleks tuleb virtuaalsele arvutile lisada PVE platvormi poolt vsock tugi
  +
  +
<pre>
  +
root@pve-wrx90e:~# head -n 1 /etc/pve/qemu-server/50056.conf
  +
args: -device vhost-vsock-pci,guest-cid=50056
  +
</pre>
  +
  +
ja virtuaalsel arvutil peab olema tarkvaraline vsock tugi. Nt Debian v. 13 puhul on sshd serverisse see integreeritud
  +
  +
<pre>
  +
root@unifi-oss:~# systemctl | grep ssh
  +
ssh.service loaded active running OpenBSD Secure Shell server
  +
sshd@2-50056:22-2:3327097365.service loaded active running OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097364)
  +
system-sshd.slice loaded active active Slice /system/sshd
  +
sshd-unix-local.socket loaded active listening OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local)
  +
sshd-vsock.socket loaded active listening OpenSSH Server Socket (systemd-ssh-generator, AF_VSOCK)
  +
ssh-access.target loaded active active SSH Access Available
  +
</pre>
  +
  +
kus
  +
  +
* systemd-ssh-generator on selline süsteem, mis käigult avastab süsteemi võimekusi ja vastavalt seadistab teenustele omadusi (nt ssh puhul lülitatakse sisse vsock tugi)
  +
  +
ning
  +
  +
<pre>
  +
root@unifi-oss:~# systemctl status sshd@2-50056:22-2:3327097365.service
  +
● sshd@2-50056:22-2:3327097365.service - OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097365)
  +
Loaded: loaded (/usr/lib/systemd/system/sshd@.service; static)
  +
Active: active (running) since Mon 2026-06-01 00:04:39 EEST; 16s ago
  +
Invocation: 84acdad56690460e8e0fbffd2ecd4d69
  +
TriggeredBy: ● sshd-vsock.socket
  +
Docs: man:sshd(8)
  +
man:sshd_config(5)
  +
Main PID: 876 (sshd-session)
  +
Tasks: 1 (limit: 6978)
  +
Memory: 1.8M (peak: 3.9M)
  +
CPU: 27ms
  +
CGroup: /system.slice/system-sshd.slice/sshd@2-50056:22-2:3327097365.service
  +
‣ 876 "sshd-session: root [priv]"
  +
  +
Jun 01 00:04:39 unifi-oss systemd[1]: Started sshd@2-50056:22-2:3327097365.service - OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097365).
  +
Jun 01 00:04:40 unifi-oss sshd-session[876]: Accepted publickey for root from UNKNOWN port 65535 ssh2: ED25519 SHA256:3cj7QCk4leNOSQJlfeUeHr6YfsA0r3bRUqZS9Rey3jM
  +
Jun 01 00:04:40 unifi-oss sshd-session[876]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
  +
</pre>
  +
  +
kus
  +
  +
* triggered by 'sshd-vsock.socket'
  +
  +
ssh kliendi st pve host poolel peab olema teadmine, kuidas käituda kui üritatakse kasutada vsock protokolli üle sshd serverit
  +
  +
<pre>
  +
root@pve-wrx90e:~# cat /lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf
  +
# SPDX-License-Identifier: LGPL-2.1-or-later
  +
#
  +
# Allow connecting to the local host directly via ".host"
  +
Host .host machine/.host
  +
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy unix/run/ssh-unix-local/socket %p
  +
ProxyUseFdpass yes
  +
CheckHostIP no
  +
  +
# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
  +
# Make sure machine/* can be used to connect to local machines registered in machined.
  +
#
  +
Host unix/* vsock/* machine/*
  +
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
  +
ProxyUseFdpass yes
  +
CheckHostIP no
  +
  +
# Disable all kinds of host identity checks, since these addresses are generally ephemeral.
  +
StrictHostKeyChecking no
  +
UserKnownHostsFile /dev/null
  +
</pre>
  +
  +
kus
  +
  +
* tuleb kasutada 'man systemd-ssh-proxy' utiliiti
  +
  +
Kasutamine paistab välja selline
  +
  +
<pre>
  +
root@pve-wrx90e:~# ssh root@vsock/50056
  +
Warning: Permanently added 'vsock/50056' (ED25519) to the list of known hosts.
  +
Linux unifi-oss 6.12.90+deb13.1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.90-2 (2026-05-27) x86_64
  +
  +
The programs included with the Debian GNU/Linux system are free software;
  +
the exact distribution terms for each program are described in the
  +
individual files in /usr/share/doc/*/copyright.
  +
  +
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
  +
permitted by applicable law.
  +
Last login: Sun May 31 23:53:37 2026 from 192.168.10.156
  +
root@unifi-oss:~#
  +
  +
root@unifi-oss:~# w
  +
23:59:55 up 6 min, 2 users, load average: 0.00, 0.00, 0.00
  +
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  +
root pts/1 - 23:59 1.00s 0.00s ? w
  +
</pre>
  +
  +
kus
  +
  +
* vsock kaudu lähenemise puhul on iseloomulik 'FROM -' (tavaliselt on seal src ip aadress)
  +
  +
Peale kasutaja sisselogimist paistab
  +
  +
<pre>
  +
root@unifi-oss:~# ss -a -p --vsock
  +
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
  +
v_str LISTEN 0 0 *:22 *:* users:(("systemd",pid=1,fd=66))
  +
v_str ESTAB 0 0 50056:22 2:3327097366 users:(("sshd-session",pid=914,fd=7),("sshd-session",pid=914,fd=6),("sshd-session",pid=905,fd=7),("sshd-session",pid=905,fd=6),("systemd",pid=1,fd=8))
  +
</pre>
  +
  +
kus
  +
  +
* af_vsock osakonnas on sarnasel af_inet osakonnale ka listen socket ning 'active connected socket'
  +
  +
Tundub, et uuemal ajal on ssh agar kuulama ka af_unix soketil
  +
  +
<pre>
  +
root@unifi-oss:~# screendump | grep -i ssh
  +
[ OK ] Listening on sshd-unix-local.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local).
  +
[ OK ] Listening on sshd-vsock.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_VSOCK).
  +
[ OK ] Reached target ssh-access.target - SSH Access Available.
  +
Starting ssh.service - OpenBSD Secure Shell server...
  +
[ OK ] Started ssh.service - OpenBSD Secure Shell server.
  +
</pre>
  +
  +
ja tõesti, lokaalselt saab arvutisse logida sisse nii
  +
  +
<pre>
  +
root@unifi-oss:~# ssh unix/run/ssh-unix-local/socket
  +
Warning: Permanently added 'unix/run/ssh-unix-local/socket' (ED25519) to the list of known hosts.
  +
Linux unifi-oss 6.12.90+deb13.1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.90-2 (2026-05-27) x86_64
  +
  +
The programs included with the Debian GNU/Linux system are free software;
  +
the exact distribution terms for each program are described in the
  +
individual files in /usr/share/doc/*/copyright.
  +
  +
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
  +
permitted by applicable law.
  +
Last login: Mon Jun 1 00:16:42 2026 from UNKNOWN
  +
  +
root@unifi-oss:~# w
  +
00:16:44 up 23 min, 3 users, load average: 0.00, 0.00, 0.00
  +
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  +
root pts/2 - 00:16 1.00s 0.00s ? w
  +
root pts/1 - 00:16 2.00s 0.00s ? ssh unix/run/ssh-unix-local/socket
  +
</pre>
  +
  +
Kasulikud lisamaterjalid
  +
  +
* https://www.auul.pri.ee/wiki/Linux_operatsioonis%C3%BCsteemis_t%C3%B6%C3%B6tab_v%C3%B5rgu%C3%BChendus#systemd_kasutamine_network-proxy_rollis
   
 
===Kasulikud lisamaterjalid===
  
===Kasulikud lisamaterjalid===

Viimane redaktsioon: 1. juuni 2026, kell 00:17

Sissejuhatus

TODO

Virtuaalne riistvara

Klaviatuur ja hiir 

root@pwrk-02:~# systool -b serio
Bus = "serio"

  Device = "serio0"
  Device = "serio1"

root@pwrk-02:~# systool -b serio -v
Bus = "serio"

  Device = "serio0"
  Device path = "/sys/devices/platform/i8042/serio0"
    bind_mode           = "auto"
    description         = "i8042 KBD port"
    drvctl              = <store method only>
    err_count           = "0"
    extra               = "0"
    firmware_id         = "PNP: PNP0303"
    force_release       = "369-370"
    modalias            = "serio:ty06pr00id00ex00"
    scroll              = "0"
    set                 = "2"
    softraw             = "1"
    softrepeat          = "0"
    uevent              = "DRIVER=atkbd
SERIO_TYPE=06
SERIO_PROTO=00
SERIO_ID=00
SERIO_EXTRA=00
MODALIAS=serio:ty06pr00id00ex00
SERIO_FIRMWARE_ID=PNP: PNP0303"

  Device = "serio1"
  Device path = "/sys/devices/platform/i8042/serio1"
    bind_mode           = "auto"
    description         = "i8042 AUX port"
    drvctl              = <store method only>
    firmware_id         = "PNP: PNP0f13"
    modalias            = "serio:ty01pr00id00ex00"
    protocol            = "VirtualPS/2"
    rate                = "100"
    resetafter          = "5"
    resolution          = "200"
    resync_time         = "0"
    uevent              = "DRIVER=psmouse
SERIO_TYPE=01
SERIO_PROTO=00
SERIO_ID=00
SERIO_EXTRA=00
MODALIAS=serio:ty01pr00id00ex00
SERIO_FIRMWARE_ID=PNP: PNP0f13"

remote zfs over iscsi

Mõisted

  • FUA (Forced Unit Access) -
  • WCE (Write Cache Enable) -
  • TPU (Thin Provisioning UNMAP) -
  • TPWS (WRITE_SAME / Zeroing) -
  • VFS (virtual file system) -

Tööpõhimõte

Virtuaalse arvuti vaatest andmetega tegelemine 

pve virtuaalne arvuti -> pve füüsiline arvuti -> over-iscsi-zfs-storage-server

Sõltuvalt qemu virtuaalse arvuti virtuaalse plokkseadme 'Cache' seadistustest on võimalik erinevate cache komplektide-kombinatsioonide kasutamine andmete liikumisel virtuaalses arvutis töötava protsessi juurest zfs storage serveri füüsilisele plokkseadmele. Tundub, et 2025 aastal on kõige keskmisemale kasutusele sobiv valik 'Cache: nocache'

  • hea jõudlus
  • hea terviklus

Andmete liikumise teekond

  • virtuaalse arvuti rakendus
  • virtuaalse arvuti vfs failisüsteem
  • virtuaalse arvuti page cache (vfs'ga seotud)
  • virtuaalse arvuti ext4 failisüsteem (ext4 draiver)
  • virtuaalse arvuti lvm
  • virtuaalse arvuti fdisk partitsioonid
  • virtuaalse arvuti virtuaalne sata vms kontroller
  • füüsilise arvuti qemu protsess
  • füüsilise arvuti open-iscsi poolt teostatud /dev/sda scsi plokkseade (puudub cache)
  • füüsilises arvutis storage'ga seotud cache puudub
  • storage arvuti targetcli (puutub cache)
  • storage arvuti zfs ressurss (sisaldab zfs cache)
  • storage avuti füüsilise plokkseadme controller-cache

'Cache: nocache' parameeter on üks vähestest parameetritest, mis avaldab mõju nö mõlemas suunas

  • virtuaalse arvuti seest kasutada olevale storage ressursile
  • kuidas füüsilise arvuti sees virtuaalsele arvutile vastav qemu protsess kasutab allolevat plokkseadet

Käesolevas tekstis kirjeldatakse nelja komponendi seadistamist

  • virtuaalsele arvutile vastav qemu protsess
  • iscsi initiator
  • iscsi target
  • zfs lahendus

zfs lahendus iscsi target arvutis

Füüsilised kettad on kasutusel nö kõige tavalisemal viisil, eriti tähendab see, et ketastel on sisselülitatud nö tavaline controller-cache 

root@pve-svc-02:~# lsscsi -s | grep 4.00T
[2:0:0:0]    disk    ATA      CT4000MX500SSD1  045   /dev/sdc   4.00TB
[3:0:0:0]    disk    ATA      CT4000MX500SSD1  045   /dev/sdd   4.00TB
[N:0:1:1]    disk    Samsung SSD 990 PRO with Heatsink 4TB__1   /dev/nvme0n1  4.00TB
[N:1:1:1]    disk    Samsung SSD 990 PRO with Heatsink 4TB__1   /dev/nvme1n1  4.00TB

zfs lülituse moodustamine 

root@pve-svc-02:~# cat create-zpool-raidz1-x4.sh
zpool create -o ashift=13 zp_data raidz1 \
  /dev/disk/by-id/ata-CT4000MX500SSD1_2246E686FE58 \
  /dev/disk/by-id/ata-CT4000MX500SSD1_2246E686FF7B \
  /dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_4TB_S7DSNJ0X501827B \
  /dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_4TB_S7DSNJ0X501856Z

zfs cache töötab tavalisel viisil, st on sisse lülitatud olekus, nt 

root@pve-svc-02:~# zfs get all | grep -i cache | grep vm-106-disk-0
zp_crucial_mx_4/vm-106-disk-0     primarycache          all                     default
zp_crucial_mx_4/vm-106-disk-0     secondarycache        all                     default

targetcli iscsi target arvutis

targetcli seadistamine koosneb kahest tegevusest

  • zfs põhise alus-storage storage publitseerimine
  • publitseerimisel sobivalt scsi protokolli parameetrite kasutamine (eriti cache, sparse jms esitamine)
/> /iscsi create iqn.2025-10.moraal.srv:storage.zfstarget
/> /iscsi/iqn.2025-10.moraal.srv:storage.zfstarget/tpg1/acls  create iqn.1993-08.org.debian:01:4cbe32bd26b

Sobiv seadistus, mis tuleb plokk-ressursi jaoks kehtestada 

root@pve-svc-02:~# targetcli /backstores/block/zp_crucial_mx_4-vm-108613-disk-4 get attribute | grep =
======================
alua_support=1
block_size=512
emulate_3pc=1
emulate_caw=1
emulate_dpo=1
emulate_fua_read=1
emulate_fua_write=1
emulate_model_alias=1
emulate_pr=1
emulate_rest_reord=0
emulate_rsoc=1
emulate_tas=1
emulate_tpu=0
emulate_tpws=0
emulate_ua_intlck_ctrl=0
emulate_write_cache=0
enforce_pr_isids=1
force_pr_aptpl=0
hw_block_size=512 [ro]
hw_max_sectors=32768 [ro]
hw_pi_prot_type=0 [ro]
hw_queue_depth=128 [ro]
is_nonrot=1
max_unmap_block_desc_count=1
max_unmap_lba_count=131072
max_write_same_len=65535
optimal_sectors=32768
pgr_support=1
pi_prot_format=0
pi_prot_type=0
pi_prot_verify=0
queue_depth=128
submit_type=0
unmap_granularity=8
unmap_granularity_alignment=0
unmap_zeroes_data=0

kus

  • TODO

Muudatuse tegemine 

/backstores/b...108613-disk-4> set attribute emulate_tpws=0
/backstores/b...108613-disk-4> set attribute emulate_tpu=0

Kasutamine paistab välja selline 

root@pve-svc-02:~# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 3]
  | | o- zp_crucial_mx_4-vm-100-disk-0 ......................... [/dev/zp_crucial_mx_4/vm-100-disk-0 (20.0GiB) write-thru activated]
  | | | o- alua ................................................................................................... [ALUA Groups: 1]
  | | |   o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | | o- zp_crucial_mx_4-vm-106-disk-5 ......................... [/dev/zp_crucial_mx_4/vm-106-disk-5 (16.0GiB) write-thru activated]
  | | | o- alua ................................................................................................... [ALUA Groups: 1]
  | | |   o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | | o- zp_crucial_mx_4-vm-108613-disk-1 .................... [/dev/zp_crucial_mx_4/vm-108613-disk-1 (4.0GiB) write-thru activated]
  | |   o- alua ................................................................................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 1]
  | o- iqn.2025-10.moraal.srv:storage.zfstarget .......................................................................... [TPGs: 1]
  |   o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
  |     o- acls .......................................................................................................... [ACLs: 1]
  |     | o- iqn.1993-08.org.debian:01:4cbe32bd26b ................................................................ [Mapped LUNs: 3]
  |     |   o- mapped_lun0 ...................................................... [lun0 block/zp_crucial_mx_4-vm-108613-disk-1 (rw)]
  |     |   o- mapped_lun1 ......................................................... [lun1 block/zp_crucial_mx_4-vm-106-disk-5 (rw)]
  |     |   o- mapped_lun2 ......................................................... [lun2 block/zp_crucial_mx_4-vm-100-disk-0 (rw)]
  |     o- luns .......................................................................................................... [LUNs: 3]
  |     | o- lun0 .............. [block/zp_crucial_mx_4-vm-108613-disk-1 (/dev/zp_crucial_mx_4/vm-108613-disk-1) (default_tg_pt_gp)]
  |     | o- lun1 .................... [block/zp_crucial_mx_4-vm-106-disk-5 (/dev/zp_crucial_mx_4/vm-106-disk-5) (default_tg_pt_gp)]
  |     | o- lun2 .................... [block/zp_crucial_mx_4-vm-100-disk-0 (/dev/zp_crucial_mx_4/vm-100-disk-0) (default_tg_pt_gp)]
  |     o- portals .................................................................................................... [Portals: 1]
  |       o- 0.0.0.0:3260 ..................................................................................................... [OK]
  o- loopback ......................................................................................................... [Targets: 0]
  o- srpt ............................................................................................................. [Targets: 0]
  o- vhost ............................................................................................................ [Targets: 0]
  o- xen-pvscsi ....................................................................................................... [Targets: 0]
/>

Lisaks saab portaali käest küsida attribute ja parameter komplekte, nt 

root@pm60-trt:~# targetcli /iscsi/iqn.2022-09.ee.moraal:pbs-pub/tpg1 get parameter | grep =
======================
AuthMethod=CHAP
DataDigest=CRC32C,None
DataPDUInOrder=Yes
DataSequenceInOrder=Yes
DefaultTime2Retain=20
DefaultTime2Wait=2
ErrorRecoveryLevel=0
FirstBurstLength=65536
HeaderDigest=CRC32C,None
IFMarkInt=Reject
IFMarker=No
ImmediateData=Yes
InitialR2T=Yes
MaxBurstLength=262144
MaxConnections=1
MaxOutstandingR2T=1
MaxRecvDataSegmentLength=8192
MaxXmitDataSegmentLength=262144
OFMarkInt=Reject
OFMarker=No
TargetAlias=LIO Target

root@pm60-trt:~# targetcli /iscsi/iqn.2022-09.ee.moraal:pbs-pub/tpg1 get attribute | grep =
======================
authentication=1
cache_dynamic_acls=0
default_cmdsn_depth=64
default_erl=0
demo_mode_discovery=1
demo_mode_write_protect=1
fabric_prot_type=0
generate_node_acls=0
login_keys_workaround=1
login_timeout=15
prod_mode_write_protect=0
t10_pi=0
tpg_enabled_sendtargets=1
root@pm60-trt:~#

kus

  • parameter - võrgus kõneldavad asjad
  • attribute - lokaalselt olukorda määratlevad asjad

iscsi initiator

TODO

qemu protsess

Kasutamine

20251019-remote-zfs-over-iscsi-01.png

Kasulikud lisamaterjalid

TODO

Secure boot - nn Microsoft 2023 sertifikaat

Tööpõhimõte

TODO

Olemasolev olukord enne muudatust

root@pwrk-01:~# apt-get install efitools
root@pwrk-01:~# (printf "db: \n"; efi-readvar -v db; printf "\nKEK: \n"; efi-readvar -v KEK) | grep -E "2011|2023"
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011

Muudatus

root@pve-wrx90e:~# qm enroll-efi-keys 902198
skipping - OS type is neither Windows 10 nor Windows 11

root@pve-wrx90e:~# qm set 902198 --ostype win10
root@pve-wrx90e:~# qm enroll-efi-keys 902198
root@pve-wrx90e:~# qm set 902198 --ostype l26

ja 

from

efidisk0: si-dpool:vm-902198-disk-0,efitype=4m,pre-enrolled-keys=1,size=1M

to

efidisk0: si-dpool:vm-902198-disk-0,efitype=4m,ms-cert=2023w,pre-enrolled-keys=1,size=1M

Uus olukord peale muudatust

root@pwrk-02:~# (printf "db: \n"; efi-readvar -v db; printf "\nKEK: \n"; efi-readvar -v KEK) | grep -E "2011|2023"
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
            C=US, O=Microsoft Corporation, CN=Microsoft UEFI CA 2023
            C=US, O=Microsoft Corporation, CN=Windows UEFI CA 2023
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011

Misc

pveupdate

  • uuendab webgui liidese sertifikaadi
root@pve-wrx90e:~# pveupdate
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/2232348225/504476182801

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz/2232348225/694056506271'
The validation for pve-wrx90e.auul.pri.ee is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'pve-wrx90e.auul.pri.ee' OK!

All domains validated!

Creating CSR
Checking order status
Order is ready, finalizing order
valid!

Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Revoking old certificate
Revoke request to CA failed: Error: POST to https://acme-v02.api.letsencrypt.org/acme/revoke-cert
{
  "type": "urn:ietf:params:acme:error:unauthorized",
  "detail": "Unable to revoke :: Certificate is expired",
  "status": 403
}

pveupgrade

  • uuendab süsteemi apt paketihaldusega tarkvara

BIOS arvuti teisendamine UEFI arvutiks

Tööpõhimõte

Peamised kaalutlused BIOS arvuti teisendamisel UEFI arvutiks

  • vajadus saada osa secure boot lahendusega kaasnevast turvalisusest
  • nö täieline reinstall oleks liiga aeganõudev, kohmakas jne

Muudatus seisneb virtuaalsele arvutile täiendava nö esimese plokkseadme lisamisel, suurusega 1 G. Sinna moodustatakse gpt partitsioonitabel ning vfat failisüsteem, ja ta vastab nö kataloogile /boot/efi, sinna ta ka monteeritakse kokkuvõttes. Juurfailisüsteem ja muu jääb sinna kus ta seni on olnud. Oluline on, et muudatuse käigus ei muudeta olemasoleva plokkseadme partitsioonitabelit ega lvm vms, st ebaõnnestumisel saab pöörduda tagasi kergesti (varundus peaks aga siiski olema olemas).

Muudatuse protseduur

Enne muudatust paistab virtuaalne arvuti selline

20260516-from-bios-to-uefi-01.png

ning 

# df -T -h -t ext4
Failisüsteem                      Tüüp  Maht Kasut  Vaba Kas% Haagitud
/dev/mapper/system-root           ext4   11G  8,2G  2,2G  80% /
/dev/vda1                         ext4  462M  325M  109M  75% /boot

Lisatakse töötavale arvutile 1 g plokkseade 

Hardware -> Add disk -> ...

Veendutakse, mis on konkreetsel juhtumil 1 g lisatud plokkseadme nimi, nt 

# fdisk /dev/vdb -l
Disk /dev/vdb: 1 GiB, 1073741824 bytes, 2097152 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

edasi käsundamine 

# apt-get install parted

# parted /dev/vdb mklabel gpt
# parted /dev/vdb mkpart primary fat32 1MiB 100%
# parted /dev/vdb set 1 esp on
# mkfs.vfat -F 32 /dev/vdb1
# mkdir -p /boot/efi
# blkid /dev/vdb1

Muuta /etc/fstab faili, st lisada üks rida olemaoleva /boot rea alla, uuid on mitte partitsiooni, aga vfat failisüsteemi 

# cat /etc/fstab
..
UUID=XXXX-XXXX  /boot/efi       vfat    defaults        0       2

Lisada paketid 

# systemctl daemon-reload
# mount /boot/efi
# apt update
# apt install grub-efi-amd64-signed shim-signed mokutil
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --removable
# update-grub

tulemusena 

# find /boot/efi/ -type f -ls
      115    932 -rwxr-xr-x   1 root     root       952384 mai   17 12:00 /boot/efi/EFI/BOOT/BOOTX64.EFI
      116   2624 -rwxr-xr-x   1 root     root      2685544 mai   17 12:00 /boot/efi/EFI/BOOT/grubx64.efi
      117    832 -rwxr-xr-x   1 root     root       851368 mai   17 12:00 /boot/efi/EFI/BOOT/mmx64.efi
      118      4 -rwxr-xr-x   1 root     root          112 mai   17 12:00 /boot/efi/EFI/BOOT/BOOTX64.CSV
      119      4 -rwxr-xr-x   1 root     root          112 mai   17 12:00 /boot/efi/EFI/BOOT/grub.cfg

# cat /boot/efi/EFI/BOOT/grub.cfg
search.fs_uuid 5ebbc6f0-69e8-413b-bb4f-4ec0fa5d2fc1 root
set prefix=($root)'/grub'
configfile $prefix/grub.cfg

# blkid /dev/vda1
/dev/vda1: UUID="5ebbc6f0-69e8-413b-bb4f-4ec0fa5d2fc1" BLOCK_SIZE="1024" TYPE="ext4" PARTUUID="cfa36d3a-01"

Õeldakse virtuaalsele arvutile poweroff ja muudetakse seadistusi

  • lisatakse 'EFI Disk' (virtuaalne efi riistvara seadistuste salvestamine jms)
  • muudetakse bios -> uefi
  • muudetakse chipset i440fx -> q35
  • muudetakse display default -> virtio-gpu

Peale muudatust paistab virtuaalne arvuti selline

20260516-from-bios-to-uefi-02.png

Lisaks on boot järjekorra seadmed muudetud

20260516-from-bios-to-uefi-03.png

kus

  • tingimata vajalik on virtio1 ja virtio0 - esimesel on bootload ja grub.cfg lühike konf, teisel on konfi sisuline osa

Tulemusena töötab arvuti uefi secure boot režiimis 

# mokutil --sb-state
SecureBoot enabled

# df -t vfat -t ext4 -T -h
Failisüsteem                      Tüüp  Maht Kasut  Vaba Kas% Haagitud
/dev/mapper/system-root           ext4   11G  8,2G  2,2G  80% /
/dev/vda1                         ext4  462M  325M  109M  75% /boot
/dev/vdb1                         vfat 1020M  8,7M 1012M   1% /boot/efi

Kõige lõpus võiks veel öelda, nii tekivad nö naturaalsed efibootmgr ja /boot/efi sissekanded nagu nad oleks seal nö sündinud-uefi'na arvutil 

# efibootmgr
BootCurrent: 0002
Timeout: 3 seconds
BootOrder: 0002,0003,0000,0001
Boot0000* BootManagerMenuApp	FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(eec25bdc-67f2-4d95-b1d5-f81b2039d11d)
Boot0001* EFI Firmware Setup	FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)
Boot0002* UEFI Misc Device	PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xb,0x0){auto_created_boot_option}
Boot0003* UEFI Misc Device 2	PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xa,0x0){auto_created_boot_option}

# grub-install /dev/vdb
Installing for x86_64-efi platform.
Installation finished. No error reported.

# efibootmgr
BootCurrent: 0002
Timeout: 3 seconds
BootOrder: 0004,0002,0003,0000,0001
Boot0000* BootManagerMenuApp	FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(eec25bdc-67f2-4d95-b1d5-f81b2039d11d)
Boot0001* EFI Firmware Setup	FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)
Boot0002* UEFI Misc Device	PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xb,0x0){auto_created_boot_option}
Boot0003* UEFI Misc Device 2	PciRoot(0x0)/Pci(0x1e,0x0)/Pci(0x1,0x0)/Pci(0xa,0x0){auto_created_boot_option}
Boot0004* debian	HD(1,GPT,0fb8cfd1-c90b-4da2-97db-ceda14464a90,0x800,0x1ff000)/File(\EFI\proxmox\shimx64.efi)

Boot Order märkused

PVE webgui Boot Order määrab kaks

  • millised plokkseadmed osalevad uefi faasis
  • millised järjekorras plokkseadmed osalevad uefi faasis alglaadimisel

Kui on linnutatud ainult üks seade

20260516-from-bios-to-uefi-05.png

Kui on linnutatud ainult kaks seadet

20260516-from-bios-to-uefi-04.png

Antud juhul on see väga oluline kuna grub alglaadur on kahel seadmel laiali

  • grub.efi rakendus asub /dev/vdb
  • grub.conf seadistus asub /dev/vda

Kui Boot Order on linnutatud vaid /dev/vda, siis peatub arvuti käivitumine 'grub>' prompt juures. Selles mõttes võiks olla PVE webgui osakonna nimeks nt 'UEFI device visibility and Boot Order'.

Üle vsock ssh kasutamine

Osutub, et uuemal ajal, st PVE v. 9, Debian v. 13 virtuaalne avuti on võimalik PVE host pealt pöörduda guest poole üle ssh kasutades vsock protokolli (mitte tavalist tcp/ip protokollil põhinevat võrku). Selleks tuleb virtuaalsele arvutile lisada PVE platvormi poolt vsock tugi 

root@pve-wrx90e:~# head -n 1 /etc/pve/qemu-server/50056.conf
args: -device vhost-vsock-pci,guest-cid=50056

ja virtuaalsel arvutil peab olema tarkvaraline vsock tugi. Nt Debian v. 13 puhul on sshd serverisse see integreeritud 

root@unifi-oss:~# systemctl | grep ssh
  ssh.service                                                                                           loaded active running   OpenBSD Secure Shell server
  sshd@2-50056:22-2:3327097365.service                                                                  loaded active running   OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097364)
  system-sshd.slice                                                                                     loaded active active    Slice /system/sshd
  sshd-unix-local.socket                                                                                loaded active listening OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local)
  sshd-vsock.socket                                                                                     loaded active listening OpenSSH Server Socket (systemd-ssh-generator, AF_VSOCK)
  ssh-access.target                                                                                     loaded active active    SSH Access Available

kus

  • systemd-ssh-generator on selline süsteem, mis käigult avastab süsteemi võimekusi ja vastavalt seadistab teenustele omadusi (nt ssh puhul lülitatakse sisse vsock tugi)

ning 

root@unifi-oss:~# systemctl status sshd@2-50056:22-2:3327097365.service
● sshd@2-50056:22-2:3327097365.service - OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097365)
     Loaded: loaded (/usr/lib/systemd/system/sshd@.service; static)
     Active: active (running) since Mon 2026-06-01 00:04:39 EEST; 16s ago
 Invocation: 84acdad56690460e8e0fbffd2ecd4d69
TriggeredBy: ● sshd-vsock.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 876 (sshd-session)
      Tasks: 1 (limit: 6978)
     Memory: 1.8M (peak: 3.9M)
        CPU: 27ms
     CGroup: /system.slice/system-sshd.slice/sshd@2-50056:22-2:3327097365.service
             ‣ 876 "sshd-session: root [priv]"

Jun 01 00:04:39 unifi-oss systemd[1]: Started sshd@2-50056:22-2:3327097365.service - OpenBSD Secure Shell server per-connection daemon (vsock:2:3327097365).
Jun 01 00:04:40 unifi-oss sshd-session[876]: Accepted publickey for root from UNKNOWN port 65535 ssh2: ED25519 SHA256:3cj7QCk4leNOSQJlfeUeHr6YfsA0r3bRUqZS9Rey3jM
Jun 01 00:04:40 unifi-oss sshd-session[876]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)

kus

  • triggered by 'sshd-vsock.socket'

ssh kliendi st pve host poolel peab olema teadmine, kuidas käituda kui üritatakse kasutada vsock protokolli üle sshd serverit 

root@pve-wrx90e:~# cat /lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Allow connecting to the local host directly via ".host"
Host .host machine/.host
        ProxyCommand /usr/lib/systemd/systemd-ssh-proxy unix/run/ssh-unix-local/socket %p
        ProxyUseFdpass yes
        CheckHostIP no

# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
# Make sure machine/* can be used to connect to local machines registered in machined.
#
Host unix/* vsock/* machine/*
        ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
        ProxyUseFdpass yes
        CheckHostIP no

        # Disable all kinds of host identity checks, since these addresses are generally ephemeral.
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null

kus

  • tuleb kasutada 'man systemd-ssh-proxy' utiliiti

Kasutamine paistab välja selline 

root@pve-wrx90e:~# ssh root@vsock/50056
Warning: Permanently added 'vsock/50056' (ED25519) to the list of known hosts.
Linux unifi-oss 6.12.90+deb13.1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.90-2 (2026-05-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun May 31 23:53:37 2026 from 192.168.10.156
root@unifi-oss:~#

root@unifi-oss:~# w
 23:59:55 up 6 min,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU  WHAT
root     pts/1    -                23:59    1.00s  0.00s   ?    w

kus

  • vsock kaudu lähenemise puhul on iseloomulik 'FROM -' (tavaliselt on seal src ip aadress)

Peale kasutaja sisselogimist paistab 

root@unifi-oss:~# ss -a -p --vsock
Netid    State     Recv-Q    Send-Q       Local Address:Port       Peer Address:Port         Process
v_str    LISTEN    0         0                        *:22                    *:*             users:(("systemd",pid=1,fd=66))
v_str    ESTAB     0         0                    50056:22                    2:3327097366    users:(("sshd-session",pid=914,fd=7),("sshd-session",pid=914,fd=6),("sshd-session",pid=905,fd=7),("sshd-session",pid=905,fd=6),("systemd",pid=1,fd=8))

kus

  • af_vsock osakonnas on sarnasel af_inet osakonnale ka listen socket ning 'active connected socket'

Tundub, et uuemal ajal on ssh agar kuulama ka af_unix soketil 

root@unifi-oss:~# screendump | grep -i ssh
[  OK  ] Listening on sshd-unix-local.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_UNIX Local).
[  OK  ] Listening on sshd-vsock.socket - OpenSSH Server Socket (systemd-ssh-generator, AF_VSOCK).
[  OK  ] Reached target ssh-access.target - SSH Access Available.
         Starting ssh.service - OpenBSD Secure Shell server...
[  OK  ] Started ssh.service - OpenBSD Secure Shell server.

ja tõesti, lokaalselt saab arvutisse logida sisse nii 

root@unifi-oss:~# ssh unix/run/ssh-unix-local/socket
Warning: Permanently added 'unix/run/ssh-unix-local/socket' (ED25519) to the list of known hosts.
Linux unifi-oss 6.12.90+deb13.1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.90-2 (2026-05-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jun  1 00:16:42 2026 from UNKNOWN

root@unifi-oss:~# w
 00:16:44 up 23 min,  3 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU  WHAT
root     pts/2    -                00:16    1.00s  0.00s   ?    w
root     pts/1    -                00:16    2.00s  0.00s   ?    ssh unix/run/ssh-unix-local/socket

Kasulikud lisamaterjalid

Kasulikud lisamaterjalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Proxmox_v._9_kasutamine&oldid=3848"