Proxmox VM Boot Troubleshooting#

What Was Established#

• Ubuntu VMs can hang during the boot process at apparmor.service (displayed as “staring apparmor.service - L:oad appArmor profiles…”).
• In Proxmox, this specific hang was caused by an iGPU (…)

Coffee Lake iGPU Passthrough Freeze & Recovery#

• Issue: Coffee Lake iGPU passthrough to an Ubuntu VM causes the Proxmox VM to freeze on boot.
• Immediate Recovery Steps (run from Proxmox host console):
  1. Stop the frozen VM: qm stop <VMID> --force or kill -9 <PID> via ps aux | grep qemu.
  2. Remove iGPU from VM config: Edit /etc/pve/qemu-server/<VMID>.conf and remove hostpci lines and GPU-related args: lines.
  3. Reset host iGPU state: Edit /etc/modprobe.d/pve-blacklist.conf and comment out blacklist i915.
  4. Reboot host: update-initramfs -u -k all && reboot.
  5. Verify host recovery: lspci | grep -i vga and lsmod | grep i915.
• Proper Re-configuration Steps:
  1. Enable IOMMU: Update /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt", then update-grub && reboot.
  2. Verify IOMMU Groups: find /sys/kernel/iommu_groups/ -type l.
  3. Add iGPU via UI: VM → Hardware → Add PCI Device → Select iGPU → Check “All Functions” & “PCI-Express” → DO NOT check “Primary GPU”.
• Advanced/Alternative Configuration:
  • GRUB Parameters: quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction nofb nomodeset video=efifb:off
  • Host Blacklist: echo "blacklist i915" >> /etc/modprobe.d/pve-blacklist.conf
  • VM Config (args):

    args: -device vfio-pci,host=00:02.0,addr=0x18,x-igd-gms=1,driver=vfio-pci
    args: -device vfio-pci,host=00:02.1,addr=0x18.1,driver=vfio-pci
    args: -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off
    args: -set device.vga.ramfb=off
    args: -set device.vga.driver=vfio-pci

  • VM Hardware Requirements: Machine q35, BIOS OVMF (UEFI), Display Default (not SPICE).
  • Ubuntu VM Guest: Install Intel graphics drivers, add i915.enable_guc=2 to kernel parameters, ensure early KMS start.

Sources#

• ingested/chats/103-Troubleshooting Coffee Lake iGPU Passthrough on Proxmox.md
• ingested/chats/101-Troubleshooting Slow Ubuntu VM Boot.md

Web Server Architecture on Proxmox#

What Was Established#

High-level architectural strategies for deploying web development environments on Proxmox, focusing on balancing isolation with resource efficiency.

Key Decisions#

• LXC for Services: Use LXC containers for lightweight, single-purpose services (e.g., Nginx, Databases) to minimize overhead.
• VM for Complex Workloads: Use full VMs when running Docker, Kubernetes, or when custom kernel modules are required.
• Reverse Proxy Pattern: Always use a reverse proxy (Nginx Proxy Manager, Traefik, or C/Caddy) to handle SSL termination and route traffic to multiple internal services.
• Database Isolation: Separate databases into their own containers/VMs to improve security and facilitate independent backups.

Current Configuration#

Networking Patterns#

• Bridge Mode: Default vmbr0 for services requiring LAN access.
• Internal Network: Use secondary bridges (e.g., vmbr1) for isolated communication between web servers and databases.

Storage Patterns#

• Local-LVM: Preferred for high-performance VM/container disks.
• Directory Storage: Suitable for container volumes and simpler storage needs.

Historical Notes#

This architecture plan was established in March 2025. The preference for LXCs over VMs for simple web services was a primary driver.