KERNEL SOURCE: ============== We currently use the Ubuntu kernel sources, available from: http://kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/ Ubuntu will maintain those kernels till: https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Additional/Updated Modules: --------------------------- - include latest e1000e driver from intel/sourceforge - include latest ixgbe driver from intel/sourceforge - include latest igb driver from intel/sourceforge - include native OpenZFS filesystem kernel modules for Linux * https://github.com/zfsonlinux/ For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ RELATED PACKAGES: ================= proxmox-ve ---------- top level meta package, depends on current default kernel series meta package. git clone git://git.proxmox.com/git/proxmox-ve.git pve-kernel-meta --------------- depends on latest kernel and header package within a certain kernel series, e.g., pve-kernel-4.13 / pve-headers-4.13 git clone git://git.proxmox.com/git/pve-kernel-meta.git pve-firmware ------------ contains the firmware for all released PVE kernels. git clone git://git.proxmox.com/git/pve-firmware.git NOTES: ====== Watchdog blacklist ------------------ By default, all watchdog modules are black-listed because it is totally undefined which device is actually used for /dev/watchdog. We ship this list in /lib/modprobe.d/blacklist_pve-kernel-.conf The user typically edit /etc/modules to enable a specific watchdog device. Additional information ---------------------- We use the default configuration provided by Ubuntu, and apply the following modifications: see debian/rules (PVE_CONFIG_OPTS) - enable INTEL_MEI_WDT=m (to allow disabling via patch) - disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed) - switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS - enable CONFIG_CEPH_FS=m (request from user) - enable common CONFIG_BLK_DEV_XXX to avoid hardware detection problems (udev, undate-initramfs have serious problems without that) CONFIG_BLK_DEV_SD=y CONFIG_BLK_DEV_SR=y CONFIG_BLK_DEV_DM=y - add workaround for Debian bug #807000 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807000) CONFIG_BLK_DEV_NVME=y - compile NBD and RBD modules CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_RBD=m - set LOOP_MIN_COUNT to 8 (debian defaults) CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 - disable module signatures (CONFIG_MODULE_SIG) - enable IBM JFS file system This is disabled in RHEL kernel for no real reason, so we enable it as requested by users (bug #64) - enable apple HFS and HFSPLUS This is disabled in RHEL kernel for no real reason, so we enable it as requested by users - enable CONFIG_BCACHE=m (requested by user) - enable CONFIG_BRIDGE=y Else we get warnings on boot, that net.bridge.bridge-nf-call-iptables is an unknown key - enable CONFIG_DEFAULT_SECURITY_APPARMOR We need this for lxc - set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y because if not set, it can give some dynamic memory or cpu frequencies change, and vms can crash (mainly windows guest). see http://forum.proxmox.com/threads/18238-Windows-7-x64-VMs-crashing-randomly-during-process-termination?p=93273#post93273 - use 'deadline' as default scheduler This is the suggested setting for KVM. We also measure bad fsync performance with ext4 and cfq. - disable CONFIG_INPUT_EVBUG Module evbug is not blacklisted on debian, so we simply disable it to avoid key-event logs (which is a big security problem) - enable CONFIG_MODVERSIONS (needed for ABI tracking) - switch default UNWINDER to FRAME_POINTER the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS - enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)