N/A Hyper-converged Ceph: upgrade any Ceph Octopus or Ceph Pacific cluster to Ceph 17.2 Quincy before you start the Proxmox VE upgrade to 8.0.
N/A Follow the guide Ceph Octopus to Pacific and Ceph Pacific to Quincy, respectively.
N/A Co-installed Proxmox Backup Server: see the Proxmox Backup Server 2 to 3 upgrade how-to Reliable access to the node. It's recommended to have access over a host independent channel like iKVM/IPMI or physical access.
N/A If only SSH is available we recommend testing the upgrade on an identical, but non-production machine first.
A healthy cluster
~ Valid and tested backup of all VMs and CTs (in case something goes wrong)
At least 5 GB free disk space on the root mount point. - 54G
The following actions need to be carried out from the command line of each Proxmox VE node in your cluster
Perform the actions via console or ssh; preferably via console to avoid interrupted ssh connections. Do not carry out the upgrade when connected via the virtual console offered by the GUI; as this will get interrupted during the upgrade.
Remember to ensure that a valid backup of all VMs and CTs has been created before proceeding.
Continuously use the pve7to8 checklist script
A small checklist program named pve7to8 is included in the latest Proxmox VE 7.4 packages. The program will provide hints and warnings about potential issues before, during and after the upgrade process.
To run it with all checks enabled, execute:
pve7to8--full
Make sure to run the full checks at least once before the upgrade.
Run pve7to8 --full
root@pve:~#pve7to8--fullperl:warning:Settinglocalefailed.perl:warning:Pleasecheckthatyourlocalesettings:LANGUAGE= (unset),LC_ALL= (unset),LC_ADDRESS="it_IT.UTF-8",LC_NAME="it_IT.UTF-8",LC_MONETARY="it_IT.UTF-8",LC_PAPER="it_IT.UTF-8",LC_IDENTIFICATION="it_IT.UTF-8",LC_TELEPHONE="it_IT.UTF-8",LC_MEASUREMENT="it_IT.UTF-8",LC_TIME="it_IT.UTF-8",LC_NUMERIC="it_IT.UTF-8",LANG="en_US.UTF-8"aresupportedandinstalledonyoursystem.perl:warning:Fallingbacktoafallbacklocale ("en_US.UTF-8").=CHECKINGVERSIONINFORMATIONFORPVEPACKAGES=Checkingforpackageupdates..WARN:updatesforthefollowingpackagesareavailable: bind9-host, libx11-xcb1, libmagic-mgc, libmagic1, file, libflac8, libxpm4, libx11-data, proxmox-backup-file-restore, libc6, locales, bind9-dnsutils, libwebp6, libjson-c5, proxmox-backup-client, libc-dev-bin, pve-manager, libc-l10n, bind9-libs, libc-bin, libc-devtools, pve-kernel-5.15, pve-kernel-5.15.116-1-pve, libc6-dev, pve-firewall, libx11-6, libgstreamer-plugins-base1.0-0, dnsutils, linux-libc-dev
Checkingproxmox-vepackageversion..PASS:proxmox-vepackagehasversion>=7.4-1Checkingrunningkernelversion..PASS:runningkernel'5.15.107-2-pve'isconsideredsuitableforupgrade.=CHECKINGCLUSTERHEALTH/SETTINGS=SKIP:standalonenode.=CHECKINGHYPER-CONVERGEDCEPHSTATUS=SKIP:nohyper-convergedcephsetupdetected!=CHECKINGCONFIGUREDSTORAGES=PASS:storage'local'enabledandactive.PASS:storage'local-lvm'enabledandactive.PASS:storage'lvm-thin-1'enabledandactive.INFO:Checkingstoragecontenttypeconfiguration..PASS:nostoragecontentproblemsfoundPASS:nostoragere-usesadirectoryformultiplecontenttypes.=MISCELLANEOUSCHECKS=INFO:Checkingcommondaemonservices..PASS:systemdunit'pveproxy.service'isinstate'active'PASS:systemdunit'pvedaemon.service'isinstate'active'PASS:systemdunit'pvescheduler.service'isinstate'active'PASS:systemdunit'pvestatd.service'isinstate'active'INFO:Checkingforsupported&activeNTPservice..WARN:systemd-timesyncdisnotthebestchoicefortime-keepingonservers,duetoonlyapplyingupdatesonboot.Whilenotnecessaryfortheupgradeit's recommended to use one of: * chrony (Default in new Proxmox VE installations) * ntpsec * openntpdINFO: Checking for running guests..WARN: 14 running guest(s) detected - consider migrating or stopping them.INFO: Checking if the local node'shostname'pve'isresolvable..INFO:CheckingifresolvedIPisconfiguredonlocalnode..PASS:ResolvednodeIP'<NODE_IP>'configuredandactiveonsingleinterface.INFO:Checknodecertificate's RSA key sizePASS: Certificate 'pve-root-ca.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)PASS: Certificate 'pve-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (2048 >= 2048)PASS: Certificate 'pveproxy-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)INFO: Checking backup retention settings..PASS: no backup retention problems found.INFO: checking CIFS credential location..PASS: no CIFS credentials at outdated location found.INFO: Checking permission system changes..INFO: Checking custom role IDs for clashes with new 'PVE' namespace..PASS: no custom roles defined, so no clash with 'PVE' role ID namespace enforced in Proxmox VE 8INFO: Checking if LXCFS is running with FUSE3 library, if already upgraded..SKIP: not yet upgraded, no need to check the FUSE library version LXCFS usesINFO: Checking node and guest description/note length..PASS: All node config descriptions fit in the new limit of 64 KiBPASS: All guest config descriptions fit in the new limit of 8 KiBINFO: Checking container configs for deprecated lxc.cgroup entriesPASS: No legacy 'lxc.cgroup' keys found.INFO: Checking if the suite for the Debian security repository is correct..INFO: Checking for existence of NVIDIA vGPU Manager..PASS: No NVIDIA vGPU Service found.INFO: Checking bootloader configuration...SKIP: not yet upgraded, no need to check the presence of systemd-boot= SUMMARY =TOTAL: 29PASSED: 22SKIPPED: 4WARNINGS: 3FAILURES: 0ATTENTION: Please check the output for detailed information!
Update the configured APT repositories
First, make sure that the system is using the latest Proxmox VE 7.4 packages:
The last command should report at least 7.4-15 or newer.
Update Debian Base Repositories to Bookworm
Update all Debian and Proxmox VE repository entries to Bookworm.
sed-i's/bullseye/bookworm/g'/etc/apt/sources.list
Ensure that there are no remaining Debian Bullseye specific repositories left, if you can use the # symbol at the start of the respective line to comment these repositories out. Check all files in the /etc/apt/sources.list.d/pve-enterprise.list and /etc/apt/sources.list and see Package_Repositories for the correct Proxmox VE 8 / Debian Bookworm repositories.
Upgrade the system to Debian Bookworm and Proxmox VE 8.0
âī¸Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth. A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in under 5 minutes.
Start with this step, to get the initial set of upgraded packages:
aptdist-upgrade
During the above step, you will be asked to approve changes to configuration files, where the default config has been updated by their respective package.
It's suggested to check the difference for each file in question and choose the answer accordingly to what's most appropriate for your setup.
đ Common configuration files with changes, and the recommended choices are:
/etc/issue
-> Proxmox VE will auto-generate this file on boot, and it has only cosmetic effects on the login console.
â Using the default "No" (keep your currently-installed version) is safe here.
/etc/lvm/lvm.conf
-> Changes relevant for Proxmox VE will be updated, and a newer config version might be useful.
â If you did not make extra changes yourself and are unsure it's suggested to choose "Yes" (install the package maintainer's version) here.
/etc/ssh/sshd_config
-> If you have not changed this file manually, the only differences should be a replacement of ChallengeResponseAuthentication no with KbdInteractiveAuthentication no and some irrelevant changes in comments (lines starting with #).
â If this is the case, both options are safe, though we would recommend installing the package maintainer's version in order to move away from the deprecated ChallengeResponseAuthentication option. If there are other changes, we suggest to inspect them closely and decide accordingly.
/etc/default/grub
-> Here you may want to take special care, as this is normally only asked for if you changed it manually, e.g., for adding some kernel command line option.
It's recommended to check the difference for any relevant change, note that changes in comments (lines starting with #) are not relevant. If unsure, we suggested to selected "No" (keep your currently-installed version)
Check Result & Reboot Into Updated Kernel
If the dist-upgrade command exits successfully, you can re-check the pve7to8 checker script and reboot the system in order to use the new Proxmox VE kernel.
pve7to8--full
root@pve:~#pve7to8--full=CHECKINGVERSIONINFORMATIONFORPVEPACKAGES=Checkingforpackageupdates..PASS:allpackagesup-to-dateCheckingproxmox-vepackageversion..PASS:alreadyupgradedtoProxmoxVE8Checkingrunningkernelversion..WARN:asuitablekernel (proxmox-kernel-6.2) is intalled, but an unsuitable (5.15.107-2-pve) is booted, missing reboot?!=CHECKINGCLUSTERHEALTH/SETTINGS=SKIP:standalonenode.=CHECKINGHYPER-CONVERGEDCEPHSTATUS=SKIP:nohyper-convergedcephsetupdetected!=CHECKINGCONFIGUREDSTORAGES=PASS:storage'local'enabledandactive.PASS:storage'local-lvm'enabledandactive.PASS:storage'lvm-thin-1'enabledandactive.INFO:Checkingstoragecontenttypeconfiguration..PASS:nostoragecontentproblemsfoundPASS:nostoragere-usesadirectoryformultiplecontenttypes.=MISCELLANEOUSCHECKS=INFO:Checkingcommondaemonservices..PASS:systemdunit'pveproxy.service'isinstate'active'PASS:systemdunit'pvedaemon.service'isinstate'active'PASS:systemdunit'pvescheduler.service'isinstate'active'PASS:systemdunit'pvestatd.service'isinstate'active'INFO:Checkingforsupported&activeNTPservice..WARN:systemd-timesyncdisnotthebestchoicefortime-keepingonservers,duetoonlyapplyingupdatesonboot.Whilenotnecessaryfortheupgradeit's recommended to use one of: * chrony (Default in new Proxmox VE installations) * ntpsec * openntpdINFO: Checking for running guests..PASS: no running guest detected.INFO: Checking if the local node'shostname'pve'isresolvable..INFO:CheckingifresolvedIPisconfiguredonlocalnode..PASS:ResolvednodeIP'<NODE_IP>'configuredandactiveonsingleinterface.INFO:Checknodecertificate's RSA key sizePASS: Certificate 'pve-root-ca.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)PASS: Certificate 'pve-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (2048 >= 2048)PASS: Certificate 'pveproxy-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048)INFO: Checking backup retention settings..PASS: no backup retention problems found.INFO: checking CIFS credential location..PASS: no CIFS credentials at outdated location found.INFO: Checking permission system changes..INFO: Checking custom role IDs for clashes with new 'PVE' namespace..PASS: no custom roles defined, so no clash with 'PVE' role ID namespace enforced in Proxmox VE 8INFO: Checking if LXCFS is running with FUSE3 library, if already upgraded..WARN: systems seems to be upgraded but LXCFS is still running with FUSE 2 library, not yet rebooted?INFO: Checking node and guest description/note length..PASS: All node config descriptions fit in the new limit of 64 KiBPASS: All guest config descriptions fit in the new limit of 8 KiBINFO: Checking container configs for deprecated lxc.cgroup entriesPASS: No legacy 'lxc.cgroup' keys found.INFO: Checking if the suite for the Debian security repository is correct..PASS: found no suite mismatchINFO: Checking for existence of NVIDIA vGPU Manager..PASS: No NVIDIA vGPU Service found.INFO: Checking bootloader configuration...SKIP: proxmox-boot-tool not used for bootloader configuration= SUMMARY =TOTAL: 30PASSED: 24SKIPPED: 3WARNINGS: 3FAILURES: 0ATTENTION: Please check the output for detailed information!
Please note that you should reboot even if you already used the 6.2 kernel previously, through the opt-in package on Proxmox VE 7. This is required to guarantee the best compatibility with the rest of the system, as the updated kernel was (re-)build with the newer Proxmox VE 8 compiler and ABI versions.
root@pve:~#pve7to8--full=CHECKINGVERSIONINFORMATIONFORPVEPACKAGES=Checkingforpackageupdates..PASS:allpackagesup-to-dateCheckingproxmox-vepackageversion..PASS:alreadyupgradedtoProxmoxVE8Checkingrunningkernelversion..PASS:runningnewkernel'6.2.16-12-pve'afterupgrade.INFO:Foundoutdatedkernelmeta-packages,takingupextraspaceonbootpartitions.Afterasuccessfulupgrade,youcanremovethemusingthiscommand:aptremovepve-kernel-5.4pve-kernel-5.15=CHECKINGCLUSTERHEALTH/SETTINGS=SKIP:standalonenode.=CHECKINGHYPER-CONVERGEDCEPHSTATUS=SKIP:nohyper-convergedcephsetupdetected!=CHECKINGCONFIGUREDSTORAGES=PASS:storage'local'enabledandactive.PASS:storage'local-lvm'enabledandactive.PASS:storage'lvm-thin-1'enabledandactive.INFO:Checkingstoragecontenttypeconfiguration..PASS:nostoragecontentproblemsfoundPASS:nostoragere-usesadirectoryformultiplecontenttypes.=MISCELLANEOUSCHECKS=INFO:Checkingcommondaemonservices..PASS:systemdunit'pveproxy.service'isinstate'active'PASS:systemdunit'pvedaemon.service'isinstate'active'PASS:systemdunit'pvescheduler.service'isinstate'active'PASS:systemdunit'pvestatd.service'isinstate'active'INFO:Checkingforsupported&activeNTPservice..PASS:Detectedactivetimesynchronisationunit'chrony.service'INFO:Checkingforrunningguests..WARN:14runningguest(s) detected-considermigratingorstoppingthem.INFO:Checkingifthelocalnode's hostname 'pve' is resolvable..INFO: Checking if resolved IP is configured on local node..PASS: Resolved node IP '<NODE_IP>' configured and active on single interface.INFO: Check node certificate'sRSAkeysizePASS:Certificate'pve-root-ca.pem'passedDebianBusters (and newer) security level for TLS connections (4096>=2048)PASS:Certificate'pve-ssl.pem'passedDebianBusters (and newer) security level for TLS connections (2048>=2048)PASS:Certificate'pveproxy-ssl.pem'passedDebianBusters (and newer) security level for TLS connections (4096>=2048)INFO:Checkingbackupretentionsettings..PASS:nobackupretentionproblemsfound.INFO:checkingCIFScredentiallocation..PASS:noCIFScredentialsatoutdatedlocationfound.INFO:Checkingpermissionsystemchanges..INFO:CheckingcustomroleIDsforclasheswithnew'PVE'namespace..PASS:nocustomrolesdefined,sonoclashwith'PVE'roleIDnamespaceenforcedinProxmoxVE8INFO:CheckingifLXCFSisrunningwithFUSE3library,ifalreadyupgraded..PASS:systemsseemstobeupgradedandLXCFSisrunningwithFUSE3libraryINFO:Checkingnodeandguestdescription/notelength..PASS:Allnodeconfigdescriptionsfitinthenewlimitof64KiBPASS:Allguestconfigdescriptionsfitinthenewlimitof8KiBINFO:Checkingcontainerconfigsfordeprecatedlxc.cgroupentriesPASS:Nolegacy'lxc.cgroup'keysfound.INFO:CheckingifthesuitefortheDebiansecurityrepositoryiscorrect..PASS:foundnosuitemismatchINFO:CheckingforexistenceofNVIDIAvGPUManager..PASS:NoNVIDIAvGPUServicefound.INFO:Checkingbootloaderconfiguration...SKIP:proxmox-boot-toolnotusedforbootloaderconfiguration=SUMMARY=TOTAL:30PASSED:26SKIPPED:3WARNINGS:1FAILURES:0ATTENTION:Pleasechecktheoutputfordetailedinformation!
After the Proxmox VE upgrade
Empty the browser cache and/or force-reload (CTRL + SHIFT + R, or for MacOS â + Alt + R) the Web UI.
Check that all VMs/Containers are up and running
For Clusters
Check that all nodes are up and running on the latest package versions.
Disable root user from Proxmox Datacenter Permissions/Users menu