作者

QQ群：852283276
微信：arm80x86
微信公众号：青儿创客基地
B站：主页 https://space.bilibili.com/208826118

使用

镜像制作

img2kvm

客户端

Proxmox VE Qemu/KVM 虚拟机设置要求
如何修改proxmox ve中虚拟机的分辨率
基于PVE搭建云桌面体验
适合中小企业的桌面云平台 — DoraCloud 快速部署指导
proxmox VE安装Windows虚拟机（包括virtIO驱动）及SPICE远程桌面配置
Proxmox配置虚拟桌面
Configure remote console access
noVNC实现浏览器远程访问Windows桌面
NoVNC—以Web方式交付VNC远程连接
Proxmox VE三种控制台对比(novnc/xterm.js/SPICE)
Embed Proxmox noVNC on external Website
noVNC connect to Proxmox failed: HTTP authentication failed; no valid credentials available
Facing issue with proxmox noVNC (API), Error 401 no ticket
How to use the SPICE client (virt-viewer) to connect to a VM console?
Running novnc from somewhere else
VNC not working as expected in PVE7
nova vnc proxy基本原理
nova分析（9）—— nova-novncproxy
NoVNC的使用之一: 让我们把NoVNC代理跑起来
使用 noVNC 开发 Web 虚拟机控制台
webvnc之novnc实战
如何解决Vue.js里面noVNC的截图问题之后篇——用web虚拟终端作为替代功能
如何在跨域请求中允许带入原网站的cookie(401：not authorizated)
vue中使用novnc
proxmox CT external vnc access
8小时用HTML5打造VNCViewer
VNC Client Access
Proxmox SPICE wiki
spice issues

noVNC跨域，查看一下有无日志提示
I’m creating a PAAS provider with openVZ virtual machines on proxmox. I want to use noVNC to access the instances in another website different than proxmox console. I used an url with this form
wss://promox_ip:8006/api2/json/nodes/node_name/openvz/instance_id/vncwebsocket?port=5900&vncticket=vnc_ticket
I’m always getting this error:connection closed unexpectedly. note that i use a new ticket each connection.
Finally solved by adding modifications to HTTPerver.pm file under
/usr/share/perl5/PVE/
to Allow accessing novnc console when not logged in. Then send POST resquest to
/api2/json/nodes/{node}/lxc/{vmid}/vncproxy
and get ticket and port. Then you can connect via websocket to this link
/api2/json/nodes/{node}/lxc/{vmid}/vncwebsocket

Ubuntu16.04下编译virt-viewer
MingW编译virt-viewer
Windows下MinGW编译virt-viewer源码
交叉编译Spice-gtk
spice官网download
spice gitlab
virt-manager官网内含virt-viewer源代码

Proxmox VE 允许启动具有不同固件和机器类型的 VM，即 SeaBIOS 和 OVMF。在大多数情况下，只有当您计划使用 PCIe pass through 时，您才希望从默认的 SeaBIOS 切换到 OVMF 。VM机器类型定义了 VM 的虚拟主板的硬件布局。您可以选择默认的 Intel 440FX 或 Q35 芯片组，后者还提供虚拟 PCIe 总线，因此如果想要直通 PCIe 硬件，可能需要。

进bios确实可以修改了，我修改成 1280960，但是进入系统后显示还只是只有一个800600 4：3，用vnc的时候可以把分辨率变了就行。win虚拟机虽然分辨率也不高，但是用远程桌面连接的时候分辨率会变成显示器这边的分辨率，相当舒服。就是搞不定这个ubuntu的分辨率，在虚拟机的“硬件”菜单里面找到“显示”，编辑成vmware兼容就可以了，重启虚拟机就可以更改分辨率选项了，至少我在xubuntu里面设置成功

SPICE远程桌面配置
安装系统时显卡配置为默认，不需要通过远程管理界面修改硬件将显卡配置为spice远程。通过主机节点修改虚拟机配置文件即可。
远程界面选择服务器节点pve1，选择shell，cd到/etc/pve/qemu-server目录下，服务器上安装的虚拟机配置文件均在此目录下。在虚拟机配置文件中添加一下内容（如100.conf）：
args: -spice port=61002,addr=0.0.0.0,disable-ticketing,seamless-migration=on
其中，-spice即为配置SPICE；
port为监听端口，一般应大于61001；
addr为容许网络，设置为0.0.0.0为允许任何网络连接；
disable-ticketing为去掉密码验证，如需加密码验证，将此参数改为password=xxxx；
seamless-migration=on为QMP支持。
设置完毕后在SPICE client端输入spice://ip:61002就可以正常远程连接了。

noVNC：是web的VNC。
spice：是rehat开发的显示协议。需要的软件为virt-viewer
xterm.js：相当于一个web的ssh端，依靠串口实现。
pve创建vm之后，默认的时候只有novnc。
当添加【串口】设备之后，支持xterm.js控制台
当把显示适配器设置成【SPICE】之后，支持spice控制台Proxmox VE三种控制台对比(novnc/xterm.js/SPICE
NOVNC的具有强大的硬件控制功能，能够重启开启，也是类似显示器的功能
spice相当于就是个虚拟机控制台，还可以添加usb映射高级功能。3D效果支持好
xtem.js是网页端的ssh，能够复制粘贴。
novnc和spice显示的东西都是一样，操作同步。可见都是显示器式直接访问画面。区别就在于，spice功能更加强大，性能更好。
SPICE能够是画面无缝切换，双向粘贴，USB挂载，例如远程桌面一样。具体例子可以见 pve安装server2019

dcsapak(Proxmox Staff Member): the connection to the websocket has to carry the proxmox auth ticket as a cookie
if you want to expose the vms consoles, you have 2 possibillities

1. expose the api + built in novnc
   the user needs to be logged into the pve webui and access to the api needs to be there, otherwise the built in novnc cannot request a token
2. build a custom proxy software that only exposes novnc
   this is not trivial to implement but the basics would be:

• implementing some user authentication (can probably be proxied to pve?)
• expose some minimal api that exposes a websocket connection that is proxied to the pve one
• expose a custom novnc client that does not use the pve api for creating the websocket, etc.

13.6.1 Standard IP set management

This IP set applies only to host firewalls (not VM firewalls). Those IPs are allowed to do normal management
tasks (PVE GUI, VNC, SPICE, SSH).
The local cluster network is automatically added to this IP set (alias cluster_network), to enable interhost
cluster communication. (multicast,ssh,. . . )

# /etc/pve/firewall/cluster.fw
[IPSET management]
192.168.2.10
192.168.2.10/24

PCIe

10.9.1章节

GPU

Nach Update funktioniert GPU Passthrough nicht mehr
笔记本 Optimus MUXless 下的 Intel 和 NVIDIA 虚拟机显卡直通
Re: The arm virtual machine displays problems in QXL during the UEFI phase

It is not possible to display the frame buffer of the GPU via NoVNC or SPICE on the Proxmox VE web interface.When passing through a whole GPU or a vGPU and graphic output is wanted, one has to either physically connect a monitor to the card, or configure a remote desktop software (for example, VNC or RDP) inside the guest.If you want to use the GPU as a hardware accelerator, for example, for programs using OpenCL or CUDA,this is not required.

From the above point of view, your speculation is right. excellent! In this way, if a QXL device wants to work on ARM, the io window of the bridge it is mounted on must be allocated as 00000000-00000fff [size=4K]. In my work, by modifying the qemu code, the io window of the bridge mounted with the qxl device is fixed to 00000000-00000fff to solve this problem. what do you think?

13.8.1 Datacenter incoming/outgoing DROP/REJECT

If the input or output policy for the firewall is set to DROP or REJECT, the following traffic is still allowed for
all Proxmox VE hosts in the cluster:
• traffic over the loopback interface
• already established connections
• traffic using the IGMP protocol
• TCP traffic from management hosts to port 8006 in order to allow access to the web interface
• TCP traffic from management hosts to the port range 5900 to 5999 allowing traffic for the VNC web console
• TCP traffic from management hosts to port 3128 for connections to the SPICE proxy
• TCP traffic from management hosts to port 22 to allow ssh access
• UDP traffic in the cluster network to port 5404 and 5405 for corosync
• UDP multicast traffic in the cluster network
• ICMP traffic type 3 (Destination Unreachable), 4 (congestion control) or 11 (Time Exceeded)
The following traffic is dropped, but not logged even with logging enabled:
• TCP connections with invalid connection state
• Broadcast, multicast and anycast traffic not related to corosync, i.e., not coming through port 5404 or 5405
• TCP traffic to port 43
• UDP traffic to ports 135 and 445
• UDP traffic to the port range 137 to 139
• UDP traffic form source port 137 to port range 1024 to 65535
• UDP traffic to port 1900
• TCP traffic to port 135, 139 and 445
• UDP traffic originating from source port 53
The rest of the traffic is dropped or rejected, respectively, and also logged. This may vary depending on the
additional options enabled in Firewall ! Options, such as NDP, SMURFS and TCP flag filtering.
Please inspect the output of the
# iptables-save
system command to see the firewall chains and rules active on your system. This output is also included in a
System Report, accessible over a node’s subscription tab in the web GUI, or through the pvereport
command line tool.