PVE 9
修改源
屏蔽企业源与Ceph
先屏蔽企业源和Ceph:
mv /etc/apt/sources.list.d/pve-enterprise.sources /etc/apt/sources.list.d/pve-enterprise.sources.bak
mv /etc/apt/sources.list.d/ceph.sources /etc/apt/sources.list.d/ceph.sources.bak非订阅PVE源
创建非订阅源:
root@pve:~# cat > /etc/apt/sources.list.d/pve-no-subscription.sources << EOF
> Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/proxmox/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
> EOF修改Debian源
修改Debian源:
mv /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list.d/debian.sources.bak
root@pve:~# cat > /etc/apt/sources.list.d/debian.sources << EOF
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/debian
Suites: trixie trixie-updates trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
# Types: deb-src
# URIs: https://mirrors.tuna.tsinghua.edu.cn/debian
# Suites: trixie trixie-updates trixie-backports
# Components: main contrib non-free non-free-firmware
# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# 以下安全更新软件源包含了官方源与镜像站配置,如有需要可自行修改注释切换
Types: deb
URIs: https://security.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
# Types: deb-src
# URIs: https://security.debian.org/debian-security
# Suites: trixie-security
# Components: main contrib non-free non-free-firmware
# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF修改CT模板源
修改CT模板源:
cp /usr/share/perl5/PVE/APLInfo.pm /usr/share/perl5/PVE/APLInfo.pm_back
sed -i 's|http://download.proxmox.com|https://mirrors.tuna.tsinghua.edu.cn/proxmox|g' /usr/share/perl5/PVE/APLInfo.pm省电模式
直通SATA控制器
外部控制令牌
首先在数据中心-权限-API令牌中创建一个API令牌,用户ID和令牌需要记住:
创建后到数据中心-权限中,为此API令牌添加权限,添加为Administrator角色即可。
如果希望尽量减少权限泄漏的情况,那么需要手动创建角色,赋予对应的能力,然后为此API令牌限定。
核显虚拟化
更新GRUB
注意这里和直通SATA控制器这里有点类似,不同的是不仅需要开启iommu还需要开启i915 sriov,先做好SATA直通后,再编辑/etc/default/grub:
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
# GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt i915.enable_guc=3 i915.max_vfs=7 module_blacklist=xe"
GRUB_CMDLINE_LINUX=""
这里添加了i915.enable_guc=3 i915.max_vfs=7 module_blacklist=xe,然后我们更新grub:
update-grub完成后重启PVE,再开始下一步。
安装I915-SRIOV-DKMS
接下来安装https://github.com/strongtz/i915-sriov-dkms:
all_proxy="http://nikki:???@192.168.31.???:7890" curl -O https://github.com/strongtz/i915-sriov-dkms/releases/download/2025.07.22/i915-sriov-dkms_2025.07.22_amd64.deb -L安装过程会构建很多东西,推荐值守不要离开shell面板,否则报错容易错过:
root@pve:/tmp# dpkg -i i915-sriov-dkms_2025.07.22_amd64.deb
Selecting previously unselected package i915-sriov-dkms.
(Reading database ... 88623 files and directories currently installed.)
Preparing to unpack i915-sriov-dkms_2025.07.22_amd64.deb ...
Unpacking i915-sriov-dkms (2025.07.22) ...
Setting up i915-sriov-dkms (2025.07.22) ...
install dkms modules for all kernels
Loading new i915-sriov-dkms/2025.07.22 DKMS files...
Building for 6.14.8-2-pve
Building initial module i915-sriov-dkms/2025.07.22 for 6.14.8-2-pve
Sign command: /lib/modules/6.14.8-2-pve/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub
Certificate or key are missing, generating self signed certificate for MOK...
Building module(s)................... done.
Signing module /var/lib/dkms/i915-sriov-dkms/2025.07.22/build/i915.ko
Signing module /var/lib/dkms/i915-sriov-dkms/2025.07.22/build/kvmgt.ko
Found pre-existing /lib/modules/6.14.8-2-pve/kernel/drivers/gpu/drm/i915/i915.ko, archiving for uninstallation
Installing /lib/modules/6.14.8-2-pve/updates/dkms/i915.ko
Found pre-existing /lib/modules/6.14.8-2-pve/kernel/drivers/gpu/drm/i915/kvmgt.ko, archiving for uninstallation
Installing /lib/modules/6.14.8-2-pve/updates/dkms/kvmgt.ko
Running depmod... done.
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.148.3) ...
update-initramfs: Generating /boot/initrd.img-6.14.8-2-pve
Running hook script 'zz-proxmox-boot'..
Re-executing '/etc/kernel/postinst.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.验证是否成功:
root@pve:~# modinfo i915|grep vf
parm: max_vfs:Limit number of virtual functions to allocate. (0 = no VFs [default]; N = allow up to N VFs) (uint)出现这个输出就是成功了。
安装完成后请注意固定内核(内核更新可能导致核显虚拟化失效):
root@pve:~# proxmox-boot-tool kernel list
Manually selected kernels:
None.
Automatically selected kernels:
6.14.8-2-pve
root@pve:~# proxmox-boot-tool kernel pin 6.14.8-2-pve
Setting '6.14.8-2-pve' as grub default entry and running update-grub.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.14.8-2-pve
Found initrd image: /boot/initrd.img-6.14.8-2-pve
Found memtest86+ 64bit EFI image: /boot/memtest86+x64.efi
Found memtest86+ 32bit EFI image: /boot/memtest86+ia32.efi
Found memtest86+ 64bit image: /boot/memtest86+x64.bin
Found memtest86+ 32bit image: /boot/memtest86+ia32.bin
Adding boot menu entry for UEFI Firmware Settings ...
done
root@pve:~# proxmox-boot-tool kernel list
Manually selected kernels:
None.
Automatically selected kernels:
6.14.8-2-pve
Pinned kernel:
6.14.8-2-pve增加VFs核显数量
首先安装系统配置工具:
apt install -y sysfsutils接下来注意,我们需要找到原始的PCI设备编号:
可以在任意机器上添加PCI设备,然后找到即可知道核显的ID了。
这里最多能设置7个,我选择设置4个,1个给FnOS、1个给Windows、1个给Linux、1个做冗余:
echo "devices/pci0000:00/0000:00:02.0/sriov_numvfs = 4" > /etc/sysfs.conf完成后再次重启,通过lspci来查看设备数量:
root@pve:~# lspci |grep VGA
00:02.0 VGA compatible controller: Intel Corporation Alder Lake-S GT1 [UHD Graphics 730] (rev 0c)
00:02.1 VGA compatible controller: Intel Corporation Alder Lake-S GT1 [UHD Graphics 730] (rev 0c)
00:02.2 VGA compatible controller: Intel Corporation Alder Lake-S GT1 [UHD Graphics 730] (rev 0c)
00:02.3 VGA compatible controller: Intel Corporation Alder Lake-S GT1 [UHD Graphics 730] (rev 0c)
00:02.4 VGA compatible controller: Intel Corporation Alder Lake-S GT1 [UHD Graphics 730] (rev 0c)这样就成功了,不过注意,00:02.0不能使用,这是物理设备,直通后其他的虚拟显卡全部消失。
飞牛启用虚拟显卡
按图添加:
注意不能启用所有功能,否则会强制选择物理设备。
apt install build-* dkmslinux-headers应该已经有了
然后安装驱动:
evalexp@FnOS:/tmp$ all_proxy="http://nikki:???@192.168.31.???:7890" curl -O https://github.com/strongtz/i915-sriov-dkms/releases/download/2025.07.22/i915-sriov-dkms_2025.07.22_amd64.deb -L
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1883k 100 1883k 0 0 1972k 0 --:--:-- --:--:-- --:--:-- 1972k
evalexp@FnOS:/tmp$ sudo dpkg -i i915-sriov-dkms_2025.07.22_amd64.deb
(Reading database ... 73070 files and directories currently installed.)
Preparing to unpack i915-sriov-dkms_2025.07.22_amd64.deb ...
Module i915-sriov-dkms-2025.07.22 for kernel 6.12.18-trim (x86_64).
Before uninstall, this module version was ACTIVE on this kernel.
i915.ko:
- Uninstallation
- Deleting from: /lib/modules/6.12.18-trim/updates/dkms/
- Original module
- No original module was found for this module on this kernel.
- Use the dkms install command to reinstall any previous module version.
kvmgt.ko:
- Uninstallation
- Deleting from: /lib/modules/6.12.18-trim/updates/dkms/
- Original module
- No original module was found for this module on this kernel.
- Use the dkms install command to reinstall any previous module version.
depmod...
Deleting module i915-sriov-dkms-2025.07.22 completely from the DKMS tree.
Unpacking i915-sriov-dkms (2025.07.22) over (2025.07.22) ...
Setting up i915-sriov-dkms (2025.07.22) ...
install dkms modules for all kernels
Loading new i915-sriov-dkms-2025.07.22 DKMS files...
Building for 6.12.18-trim
Building initial module for 6.12.18-trim
cp: cannot stat '/lib/modules/6.12.18-trim/build/.config': No such file or directory
Done.
i915.ko:
Running module version sanity check.
- Original module
- Installation
- Installing to /lib/modules/6.12.18-trim/updates/dkms/
kvmgt.ko:
Running module version sanity check.
- Original module
- Installation
- Installing to /lib/modules/6.12.18-trim/updates/dkms/
depmod...
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.142+deb12u3) ...
update-initramfs: Generating /boot/initrd.img-6.12.18-trim
这里的错误貌似不影响。
安装完成后修改grub:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on i915.enable_guc=3 module_blacklist=xe"完成后更新一下重启:
update-grub
update-initramfs -u检验是否启用成功:
evalexp@FnOS:~$ sudo vainfo
error: XDG_RUNTIME_DIR is invalid or not set in the environment.
error: can't connect to X server!
libva info: VA-API version 1.22.0
libva info: Trying to open /usr/trim/lib/mediasrv/dri/iHD_drv_video.so
libva info: Found init function __vaDriverInit_1_22
libva info: va_openDriver() returns 0
vainfo: VA-API version: 1.22 (libva 2.12.0)
vainfo: Driver version: Intel iHD driver for Intel(R) Gen Graphics - 25.1.0 (aa5ca48)
vainfo: Supported profile and entrypoints
VAProfileNone : VAEntrypointVideoProc
VAProfileNone : VAEntrypointStats
VAProfileMPEG2Simple : VAEntrypointVLD
VAProfileMPEG2Simple : VAEntrypointEncSlice
VAProfileMPEG2Main : VAEntrypointVLD
VAProfileMPEG2Main : VAEntrypointEncSlice
VAProfileH264Main : VAEntrypointVLD
VAProfileH264Main : VAEntrypointEncSlice
VAProfileH264Main : VAEntrypointFEI
VAProfileH264Main : VAEntrypointEncSliceLP
VAProfileH264High : VAEntrypointVLD
VAProfileH264High : VAEntrypointEncSlice
VAProfileH264High : VAEntrypointFEI
VAProfileH264High : VAEntrypointEncSliceLP
VAProfileVC1Simple : VAEntrypointVLD
VAProfileVC1Main : VAEntrypointVLD
VAProfileVC1Advanced : VAEntrypointVLD
VAProfileJPEGBaseline : VAEntrypointVLD
VAProfileJPEGBaseline : VAEntrypointEncPicture
VAProfileH264ConstrainedBaseline: VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
VAProfileH264ConstrainedBaseline: VAEntrypointFEI
VAProfileH264ConstrainedBaseline: VAEntrypointEncSliceLP
VAProfileHEVCMain : VAEntrypointVLD
VAProfileHEVCMain : VAEntrypointEncSlice
VAProfileHEVCMain : VAEntrypointFEI
VAProfileHEVCMain : VAEntrypointEncSliceLP
VAProfileHEVCMain10 : VAEntrypointVLD
VAProfileHEVCMain10 : VAEntrypointEncSlice
VAProfileHEVCMain10 : VAEntrypointEncSliceLP
VAProfileVP9Profile0 : VAEntrypointVLD
VAProfileVP9Profile0 : VAEntrypointEncSliceLP
VAProfileVP9Profile1 : VAEntrypointVLD
VAProfileVP9Profile1 : VAEntrypointEncSliceLP
VAProfileVP9Profile2 : VAEntrypointVLD
VAProfileVP9Profile2 : VAEntrypointEncSliceLP
VAProfileVP9Profile3 : VAEntrypointVLD
VAProfileVP9Profile3 : VAEntrypointEncSliceLP
VAProfileHEVCMain12 : VAEntrypointVLD
VAProfileHEVCMain12 : VAEntrypointEncSlice
VAProfileHEVCMain422_10 : VAEntrypointVLD
VAProfileHEVCMain422_10 : VAEntrypointEncSlice
VAProfileHEVCMain422_12 : VAEntrypointVLD
VAProfileHEVCMain422_12 : VAEntrypointEncSlice
VAProfileHEVCMain444 : VAEntrypointVLD
VAProfileHEVCMain444 : VAEntrypointEncSliceLP
VAProfileHEVCMain444_10 : VAEntrypointVLD
VAProfileHEVCMain444_10 : VAEntrypointEncSliceLP
VAProfileHEVCMain444_12 : VAEntrypointVLD
VAProfileHEVCSccMain : VAEntrypointVLD
VAProfileHEVCSccMain : VAEntrypointEncSliceLP
VAProfileHEVCSccMain10 : VAEntrypointVLD
VAProfileHEVCSccMain10 : VAEntrypointEncSliceLP
VAProfileHEVCSccMain444 : VAEntrypointVLD
VAProfileHEVCSccMain444 : VAEntrypointEncSliceLP
VAProfileAV1Profile0 : VAEntrypointVLD
VAProfileHEVCSccMain444_10 : VAEntrypointVLD
VAProfileHEVCSccMain444_10 : VAEntrypointEncSliceLP当vainfo有输出时就证明成功了。
Windows使用虚拟显卡
Win10比较方便,唯一需要注意一点的是,将CPU类型设置为Host即可;然后安装驱动即可正常使用;不需要额外操作。
完全由核显驱动可以将默认的显卡改为None;注意这样将无法在PVE中进入该主机。
Win11就不试了,用Win10能正常办公就行。
去除无效订阅弹窗
参考去除无效订阅弹窗