1. 检查PVE下915 guc huc dmc固件是否齐全(正常情况下PVE7.3-3默认系统自带) 1 cd /lib/firmware/i915 && ls ehl_guc*.bin && ls ehl_huc*.bin && ls icl_dmc*.bin
ehl_guc_70.1.1.bin
2. PVE使用lxc模板安装debian 12 安装时一定把非特权容器前面的勾去掉,去掉,去掉。我们需要一个特权的容器。完成后不要启动。
3. 在宿主PVE节点下指派核显及Docker相关权限映射给lxc下的debian 1 nano /etc/ pve/lxc/ 101 .conf
1 2 3 4 5 6 lxc.cgroup2 .devices .allow : c 226 :0 rwm lxc.cgroup2 .devices .allow : c 226 :128 rwm lxc.cgroup2 .devices .allow : c 29 :0 rwm lxc.mount .entry : /dev/dri dev/dri none bind,optional,create=dir lxc.apparmor .profile : unconfined lxc.cap .drop :
ctrl+x,y,回车1 nano /etc/m odprobe.d/i915.conf
1 options i915 enable_guc=3
4. 开启远程秘钥SSH登录
参数
作用
PermitRootLogin yes
是否允许root直接登入
PasswordAuthentication yes
启用密码认证
PubkeyAuthentication yes
启用公钥认证
AuthenticationMethods publickey,password
需要秘钥和密码同时认证通过
RSAAuthentication yes
启用RSA认证
4.1 开启root登入 1 2 3 sed - i 's/#PermitRootLogin prohibit-password/ PermitRootLogin yes/' / etc/ssh/ sshd_config \ && sed - i 's/#PasswordAuthentication yes/ PasswordAuthentication yes/' / etc/ssh/ sshd_config \&& service ssh restart
4.2 生成秘钥文件 1 ssh-keygen -b 384 -t ECDSA && cd /root/.ssh/ && cp id_ecdsa.pub authorized_keys && chmod 600 authorized_keys && chmod 700 ~/.ssh
4.3 保存秘钥文件到本地 使用WinSCP下载id_ecdsa 秘钥文件到本地保存
4.4 开启密码与秘钥双认证 1 2 3 4 sed - i 's/#PubkeyAuthentication yes/ PubkeyAuthentication yes/' / etc/ssh/ sshd_config \ && sed - i 's/#MaxAuthTries 6/ RSAAuthentication yes/' / etc/ssh/ sshd_config \&& sed - i 's/#MaxSessions 10/ AuthenticationMethods publickey,password/' / etc/ssh/ sshd_config \&& service ssh restart
5. Debian更改国内源 1 2 3 4 5 6 7 cat > /etc/apt/sources.list <<EOF deb https: deb https: deb https: deb https: # deb https: EOF
6. 更新和安装包
安装nfs-common软件包1 apt update && apt install curl -y && apt install nfs-common -y
一键安装docker1 curl -sSL https://get .docker.com / | sh
修改 Docker 配置(可选)1 2 3 4 5 6 7 8 9 10 11 12 13 14 cat > /etc/docker/daemon.json <<EOF { "log-driver" : "json-file" , "log-opts" : { "max-size" : "10m" , "max-file" : "3" }, # "data-root" : "/var/lib/docker" , # "ipv6" : true, # "fixed-cidr-v6" : "fd00:dead:beef:c0::/80" , # "experimental" :true, # "ip6tables" :true } EOF
更新系统包1 apt update && apt upgrade -y
7. 修改docker.service 使其可以被portainer远程管理 1 nano /usr/ lib/systemd/ system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// –containerd=/run/containerd/containerd.sock
1 ExecStart=/usr/ bin/dockerd -H fd:/ / --containerd=/ run/containerd/ containerd.sock -H tcp:// 192.168 .10.3 :9820 -H unix:// var/run/ docker.sock
8. 重启并验证编码是否开启 1 journalctl -b -o short-monotonic -k | egrep -i "i915 |dmr |dmc |guc |huc"
返回信息中有以下HuC和GuC成功开启
1 2 3 4 5 [ 3.862964] pve kernel: i915 0000 :00 :02.0 : [drm] Finished loading DMC firmware i915/icl_dmc_ver1_09.bin (v1.9 )[ 3.884978] pve kernel: i915 0000 :00 :02.0 : [drm] GuC firmware i915/ehl_guc_70.1.1 .bin version 70.1 [ 3.884987] pve kernel: i915 0000 :00 :02.0 : [drm] HuC firmware i915/ehl_huc_9.0.0 .bin version 9.0 [ 3.899160] pve kernel: i915 0000 :00 :02.0 : [drm] HuC authenticated[ 3.899505] pve kernel: i915 0000 :00 :02.0 : [drm] GuC submission enabled
9. 启动docker服务,并开启开机自启 1 system ctl start docker && system ctl enable docker
10. 远程挂载文件 使用SMB 建立docker volume
1 apt update && apt install curl -y && apt install cifs-utils -y
1 2 3 4 5 docker volume create --driver local \ --opt type =cifs \ --opt o =addr=192.168.10.5,username=rastyu,password=qQ75969207,vers=3.0 \ --opt device =:/volume2/pt \ nfs_pt
使用NFS 建立docker volume
1 2 3 4 5 docker volume create --driver local \ --opt type =nfs \ --opt o =addr=192.168.10.5,rw,nfsvers=4 \ --opt device =:/volume2/pt \ nfs_pt
查看核对此docker volume中设置参数是否准确
1 docker volume inspect nfs_pt
11. 安装emby开心版,并在此容器下直接挂载nfs共享文件夹 1 2 3 4 5 6 7 8 9 10 11 12 13 docker run -d \ --name emby \ --net =host \--hostname emby \ --volume /home/emby:/config \ --mount source =nfs_pt,target=/pt \ --device =/dev/dri:/dev/dri \--restart =unless-stopped \--env UID =0 \ --env GID =0 \ --env GIDLIST =0 \ --env TZ =Asia/Shanghai \ rastyu/emby:wei