Proxmox VE Administration Guide
Proxmox VE 管理指南

A hyper-converged infrastructure (HCI) is especially useful for deployments in which a high infrastructure demand meets a low administration budget, for distributed setups such as remote and branch office environments or for virtual private and public clouds.
超融合基础设施（HCI）特别适用于基础设施需求高而管理预算低的部署场景，如远程和分支机构环境的分布式设置，或虚拟私有云和公共云。

HCI provides the following advantages:
HCI 提供以下优势：

Proxmox VE has tightly integrated support for deploying a hyper-converged storage infrastructure. You can, for example, deploy and manage the following two storage technologies by using the web interface only:
Proxmox VE 紧密集成了部署超融合存储基础设施的支持。例如，您可以仅通过网页界面部署和管理以下两种存储技术：

Besides above, Proxmox VE has support to integrate a wide range of additional storage technologies. You can find out about them in the Storage Manager chapter.
除了上述内容，Proxmox VE 还支持集成多种额外的存储技术。您可以在存储管理章节中了解相关内容。

The primary source of information is the Proxmox VE Wiki. It combines the reference documentation with user contributed content.
主要的信息来源是 Proxmox VE 维基。它结合了参考文档和用户贡献的内容。

Proxmox VE itself is fully open source, so we always encourage our users to discuss and share their knowledge using the Proxmox VE Community Forum. The forum is moderated by the Proxmox support team, and has a large user base from all around the world. Needless to say, such a large forum is a great place to get information.
Proxmox VE 本身是完全开源的，因此我们始终鼓励用户通过 Proxmox VE 社区论坛进行讨论和分享知识。该论坛由 Proxmox 支持团队进行管理，拥有来自世界各地的大量用户。毋庸置疑，这样一个大型论坛是获取信息的绝佳场所。

This is a fast way to communicate with the Proxmox VE community via email.
这是通过电子邮件与 Proxmox VE 社区快速交流的一种方式。

Proxmox VE is fully open source and contributions are welcome! The primary communication channel for developers is the:
Proxmox VE 完全开源，欢迎贡献！开发者的主要交流渠道是：

Proxmox Server Solutions GmbH also offers enterprise support available as Proxmox VE Subscription Service Plans. All users with a subscription get access to the Proxmox VE Enterprise Repository, and—with a Basic, Standard or Premium subscription—also to the Proxmox Customer Portal. The customer portal provides help and support with guaranteed response times from the Proxmox VE developers.
Proxmox Server Solutions GmbH 还提供企业支持，作为 Proxmox VE 订阅服务计划的一部分。所有订阅用户都可以访问 Proxmox VE 企业代码仓库，并且拥有基础、标准或高级订阅的用户还可以访问 Proxmox 客户门户。客户门户提供帮助和支持，并由 Proxmox VE 开发人员保证响应时间。

For volume discounts, or more information in general, please contact sales@proxmox.com.
如需批量折扣或更多信息，请联系 sales@proxmox.com。

Proxmox runs a public bug tracker at https://bugzilla.proxmox.com. If an issue appears, file your report there. An issue can be a bug as well as a request for a new feature or enhancement. The bug tracker helps to keep track of the issue and will send a notification once it has been solved.
Proxmox 在 https://bugzilla.proxmox.com 运行一个公开的缺陷跟踪器。如果出现问题，请在那里提交报告。问题可以是缺陷，也可以是新功能或改进的请求。缺陷跟踪器有助于跟踪问题，并在问题解决后发送通知。

The language files are available as a git repository. If you are familiar with git, please contribute according to our Developer Documentation.
语言文件以 git 代码仓库的形式提供。如果你熟悉 git，请根据我们的开发者文档进行贡献。

You can create a new translation by doing the following (replace <LANG> with the language ID):
您可以通过以下方式创建新的翻译（将 <LANG> 替换为语言 ID）：

Or you can edit an existing translation, using the editor of your choice:
或者您可以使用您选择的编辑器编辑现有的翻译：

Even if you are not familiar with git, you can help translate Proxmox VE. To start, you can download the language files here. Find the language you want to improve, then right click on the "raw" link of this language file and select Save Link As…. Make your changes to the file, and then send your final translation directly to office(at)proxmox.com, together with a signed contributor license agreement.
即使您不熟悉 git，也可以帮助翻译 Proxmox VE。首先，您可以在此处下载语言文件。找到您想要改进的语言，然后右键点击该语言文件的“raw”链接，选择“另存为…”。对文件进行修改后，将您的最终翻译连同签署的贡献者许可协议一起直接发送至 office(at)proxmox.com。

In order for the translation to be used in Proxmox VE, you must first translate the .po file into a .js file. You can do this by invoking the following script, which is located in the same repository:
为了使翻译能够在 Proxmox VE 中使用，您必须先将 .po 文件转换为 .js 文件。您可以通过调用位于同一代码仓库中的以下脚本来完成此操作：

The resulting file pve-lang-xx.js can then be copied to the directory /usr/share/pve-i18n, on your proxmox server, in order to test it out.
生成的文件 pve-lang-xx.js 然后可以复制到您的 proxmox 服务器上的 /usr/share/pve-i18n 目录中，以便进行测试。

Alternatively, you can build a deb package by running the following command from the root of the repository:
或者，您也可以在代码仓库根目录下运行以下命令来构建一个 deb 包：

You can send the finished translation (.po file) to the Proxmox team at the address office(at)proxmox.com, along with a signed contributor license agreement. Alternatively, if you have some developer experience, you can send it as a patch to the Proxmox VE development mailing list. See Developer Documentation.
您可以将完成的翻译文件（.po 文件）发送到 Proxmox 团队，邮箱地址为 office(at)proxmox.com，同时附上签署的贡献者许可协议。或者，如果您有一定的开发经验，也可以将其作为补丁发送到 Proxmox VE 开发邮件列表。详情请参见开发者文档。

These minimum requirements are for evaluation purposes only and should not be used in production.
这些最低要求仅供评估用途，不应用于生产环境。

To get an overview of the CPU and hard disk performance on an installed Proxmox VE system, run the included pveperf tool.
要了解已安装 Proxmox VE 系统的 CPU 和硬盘性能，请运行随附的 pveperf 工具。

To access the web-based user interface, we recommend using one of the following browsers:
要访问基于网页的用户界面，建议使用以下浏览器之一：

When accessed from a mobile device, Proxmox VE will show a lightweight, touch-based interface.
当从移动设备访问时，Proxmox VE 将显示一个轻量级的触控界面。

The flash drive needs to have at least 1 GB of storage available.
闪存驱动器需要至少有 1 GB 的可用存储空间。

On Unix-like operating system use the dd command to copy the ISO image to the USB flash drive. First find the correct device name of the USB flash drive (see below). Then run the dd command.
在类 Unix 操作系统上，使用 dd 命令将 ISO 镜像复制到 USB 闪存驱动器。首先找到 USB 闪存驱动器的正确设备名称（见下文）。然后运行 dd 命令。

Open the terminal (query Terminal in Spotlight).
打开终端（在聚焦搜索中查询“终端”）。

Convert the .iso file to .dmg format using the convert option of hdiutil, for example:
使用 hdiutil 的 convert 选项将 .iso 文件转换为 .dmg 格式，例如：

To get the current list of devices run the command:
要获取当前设备列表，请运行以下命令：

Now insert the USB flash drive and run this command again to determine which device node has been assigned to it. (e.g., /dev/diskX).
现在插入 USB 闪存驱动器，再次运行此命令以确定分配给它的设备节点。（例如，/dev/diskX）。

After a successful installation and reboot of the system you can use the Proxmox VE web interface for further configuration.
系统成功安装并重启后，您可以使用 Proxmox VE 网页界面进行进一步配置。

The installer creates a Volume Group (VG) called pve, and additional Logical Volumes (LVs) called root, data, and swap, if ext4 or xfs is used. To control the size of these volumes use:
安装程序会创建一个名为 pve 的卷组（VG），如果使用 ext4 或 xfs，还会创建名为 root、data 和 swap 的额外逻辑卷（LV）。要控制这些卷的大小，请使用：

The installer creates the ZFS pool rpool, if ZFS is used. No swap space is created but you can reserve some unpartitioned space on the install disks for swap. You can also create a swap zvol after the installation, although this can lead to problems (see ZFS swap notes).
如果使用 ZFS，安装程序会创建 ZFS 池 rpool。不会创建交换空间，但您可以在安装磁盘上保留一些未分区的空间作为交换空间。您也可以在安装后创建交换 zvol，尽管这可能会导致问题（参见 ZFS 交换注意事项）。

No swap space is created when BTRFS is used but you can reserve some unpartitioned space on the install disks for swap. You can either create a separate partition, BTRFS subvolume or a swapfile using the btrfs filesystem mkswapfile command.
使用 BTRFS 时不会创建交换空间，但您可以在安装磁盘上保留一些未分区的空间用于交换。您可以创建单独的分区、BTRFS 子卷，或使用 btrfs 文件系统的 mkswapfile 命令创建交换文件。

ZFS works best with a lot of memory. If you intend to use ZFS make sure to have enough RAM available for it. A good calculation is 4GB plus 1GB RAM for each TB RAW disk space.
ZFS 在大量内存的情况下表现最佳。如果您打算使用 ZFS，请确保有足够的 RAM 可用。一个好的计算方法是 4GB 加上每 TB 原始磁盘空间 1GB RAM。

ZFS can use a dedicated drive as write cache, called the ZFS Intent Log (ZIL). Use a fast drive (SSD) for it. It can be added after installation with the following command:
ZFS 可以使用专用驱动器作为写缓存，称为 ZFS 意图日志（ZIL）。请使用快速驱动器（SSD）作为写缓存。安装后可以通过以下命令添加：

Problems may arise on very old or very new hardware due to graphics drivers. If the installation hangs during boot, you can try adding the nomodeset parameter. This prevents the Linux kernel from loading any graphics drivers and forces it to continue using the BIOS/UEFI-provided framebuffer.
由于图形驱动程序，极旧或极新的硬件可能会出现问题。如果安装在启动时挂起，可以尝试添加 nomodeset 参数。此参数阻止 Linux 内核加载任何图形驱动程序，并强制其继续使用 BIOS/UEFI 提供的帧缓冲区。

On the Proxmox VE bootloader menu, navigate to Install Proxmox VE (Terminal UI) and press e to edit the entry. Using the arrow keys, navigate to the line starting with linux, move the cursor to the end of that line and add the parameter nomodeset, separated by a space from the pre-existing last parameter.
在 Proxmox VE 启动加载菜单中，导航到 Install Proxmox VE (终端 UI) 并按 e 编辑该条目。使用方向键，导航到以 linux 开头的行，将光标移动到该行末尾，并添加 nomodeset 参数，参数之间用空格与之前的最后一个参数分开。

Then press Ctrl-X or F10 to boot the configuration.
然后按 Ctrl-X 或 F10 启动该配置。

Repositories are a collection of software packages, they can be used to install new software, but are also important to get new updates.
软件仓库是一组软件包，它们可以用来安装新软件，同时也对获取新更新非常重要。

APT Repositories are defined in the file /etc/apt/sources.list and in .list files placed in /etc/apt/sources.list.d/.
APT 代码仓库定义在文件 /etc/apt/sources.list 中，以及放置在 /etc/apt/sources.list.d/ 目录下的 .list 文件中。

This is the recommended repository and available for all Proxmox VE subscription users. It contains the most stable packages and is suitable for production use. The pve-enterprise repository is enabled by default:
这是推荐使用的代码仓库，适用于所有 Proxmox VE 订阅用户。它包含最稳定的软件包，适合生产环境使用。pve-enterprise 代码仓库默认启用：

Please note that you need a valid subscription key to access the pve-enterprise repository. We offer different support levels, which you can find further details about at https://proxmox.com/en/proxmox-virtual-environment/pricing.
请注意，访问 pve-enterprise 代码仓库需要有效的订阅密钥。我们提供不同的支持级别，详细信息请访问 https://proxmox.com/en/proxmox-virtual-environment/pricing。

As the name suggests, you do not need a subscription key to access this repository. It can be used for testing and non-production use. It’s not recommended to use this on production servers, as these packages are not always as heavily tested and validated.
顾名思义，访问此代码仓库无需订阅密钥。它可用于测试和非生产环境。不建议在生产服务器上使用此代码仓库，因为这些软件包并非总是经过严格测试和验证。

We recommend to configure this repository in /etc/apt/sources.list.
我们建议在 /etc/apt/sources.list 中配置此代码仓库。

This repository contains the latest packages and is primarily used by developers to test new features. To configure it, add the following line to /etc/apt/sources.list:
该代码仓库包含最新的软件包，主要供开发人员测试新功能使用。要配置它，请将以下行添加到 /etc/apt/sources.list：

This repository holds the enterprise Proxmox VE Ceph 19.2 Squid packages. They are suitable for production. Use this repository if you run the Ceph client or a full Ceph cluster on Proxmox VE.
该代码仓库包含企业版 Proxmox VE Ceph 19.2 Squid 软件包。它们适合用于生产环境。如果您在 Proxmox VE 上运行 Ceph 客户端或完整的 Ceph 集群，请使用此代码仓库。

This Ceph repository contains the Ceph 19.2 Squid packages before they are moved to the enterprise repository and after they where on the test repository.
该 Ceph 代码仓库包含 Ceph 19.2 Squid 软件包，这些软件包在被移入企业代码仓库之前，以及在测试代码仓库中之后。

This Ceph repository contains the Ceph 19.2 Squid packages before they are moved to the main repository. It is used to test new Ceph releases on Proxmox VE.
该 Ceph 代码仓库包含 Ceph 19.2 Squid 软件包，位于它们被移入主代码仓库之前。它用于在 Proxmox VE 上测试新的 Ceph 版本。

This repository holds the enterprise Proxmox VE Ceph 18.2 Reef packages. They are suitable for production. Use this repository if you run the Ceph client or a full Ceph cluster on Proxmox VE.
此代码仓库包含企业版 Proxmox VE Ceph 18.2 Reef 软件包。它们适用于生产环境。如果您在 Proxmox VE 上运行 Ceph 客户端或完整的 Ceph 集群，请使用此代码仓库。

This Ceph repository contains the Ceph 18.2 Reef packages before they are moved to the enterprise repository and after they where on the test repository.
此 Ceph 代码仓库包含 Ceph 18.2 Reef 软件包，这些软件包在被移至企业代码仓库之前，以及在测试代码仓库中之后。

This Ceph repository contains the Ceph 18.2 Reef packages before they are moved to the main repository. It is used to test new Ceph releases on Proxmox VE.
该 Ceph 代码仓库包含 Ceph 18.2 Reef 软件包，位于它们被移入主代码仓库之前。它用于在 Proxmox VE 上测试新的 Ceph 版本。

This repository holds the enterprise Proxmox VE Ceph Quincy packages. They are suitable for production. Use this repository if you run the Ceph client or a full Ceph cluster on Proxmox VE.
该代码仓库包含企业版 Proxmox VE Ceph Quincy 软件包。它们适用于生产环境。如果您在 Proxmox VE 上运行 Ceph 客户端或完整的 Ceph 集群，请使用此代码仓库。

This Ceph repository contains the Ceph Quincy packages before they are moved to the enterprise repository and after they where on the test repository.
该 Ceph 代码仓库包含 Ceph Quincy 软件包，这些软件包在被移入企业代码仓库之前，以及在测试代码仓库中发布之后。

This Ceph repository contains the Ceph Quincy packages before they are moved to the main repository. It is used to test new Ceph releases on Proxmox VE.
该 Ceph 代码仓库包含 Ceph Quincy 软件包，位于它们被移入主代码仓库之前。它用于在 Proxmox VE 上测试新的 Ceph 版本。

Proxmox VE 8 doesn’t support Ceph Pacific, Ceph Octopus, or even older releases for hyper-converged setups. For those releases, you need to first upgrade Ceph to a newer release before upgrading to Proxmox VE 8.
Proxmox VE 8 不支持 Ceph Pacific、Ceph Octopus，甚至更早版本的超融合设置。对于这些版本，您需要先将 Ceph 升级到较新的版本，然后再升级到 Proxmox VE 8。

See the respective upgrade guide for details.
有关详细信息，请参阅相应的升级指南。

Starting with Debian Bookworm (Proxmox VE 8) non-free firmware (as defined by DFSG) has been moved to the newly created Debian repository component non-free-firmware.
从 Debian Bookworm（Proxmox VE 8）开始，非自由固件（由 DFSG 定义）已被移至新创建的 Debian 代码仓库组件 non-free-firmware。

Enable this repository if you want to set up Early OS Microcode Updates or need additional Runtime Firmware Files not already included in the pre-installed package pve-firmware.
如果您想设置早期操作系统微代码更新或需要预装包 pve-firmware 中未包含的额外运行时固件文件，请启用此代码仓库。

To be able to install packages from this component, run editor /etc/apt/sources.list, append non-free-firmware to the end of each .debian.org repository line and run apt update.
要能够从此组件安装包，请运行编辑器打开 /etc/apt/sources.list，在每个 .debian.org 代码仓库行末尾添加 non-free-firmware，然后运行 apt update。

The Release files in the repositories are signed with GnuPG. APT is using these signatures to verify that all packages are from a trusted source.
代码仓库中的发布文件使用 GnuPG 签名。APT 使用这些签名来验证所有包是否来自可信来源。

If you install Proxmox VE from an official ISO image, the key for verification is already installed.
如果您从官方 ISO 镜像安装 Proxmox VE，验证密钥已经预装。

If you install Proxmox VE on top of Debian, download and install the key with the following commands:
如果您在 Debian 上安装 Proxmox VE，请使用以下命令下载并安装密钥：

Verify the checksum afterwards with the sha512sum CLI tool:
随后使用 sha512sum 命令行工具验证校验和：

or the md5sum CLI tool:
或者使用 md5sum 命令行工具：

This section is suitable for all devices. Updated microcode, which is usually included in a BIOS/UEFI update, is stored on the motherboard, whereas other firmware is stored on the respective device. This persistent method is especially important for the CPU, as it enables the earliest possible regular loading of the updated microcode at boot time.
本节适用于所有设备。更新的微代码通常包含在 BIOS/UEFI 更新中，存储在主板上，而其他固件则存储在各自的设备上。这种持久方法对于 CPU 尤为重要，因为它使得在启动时能够尽早且定期加载更新的微代码成为可能。

Please check with your vendor which update methods are available.
请向您的供应商确认可用的更新方法。

Proxmox VE ships its own version of the fwupd package to enable Secure Boot Support with the Proxmox signing key. This package consciously dropped the dependency recommendation for the udisks2 package, due to observed issues with its use on hypervisors. That means you must explicitly configure the correct mount point of the EFI partition in /etc/fwupd/daemon.conf, for example:
Proxmox VE 自带了自己的 fwupd 包版本，以启用使用 Proxmox 签名密钥的安全启动支持。该包有意取消了对 udisks2 包的依赖推荐，因为在使用该包于虚拟机监控器时观察到了问题。这意味着你必须在 /etc/fwupd/daemon.conf 中显式配置 EFI 分区的正确挂载点，例如：

This method stores firmware on the Proxmox VE operating system and will pass it to a device if its persisted firmware is less recent. It is supported by devices such as network and graphics cards, but not by those that rely on persisted firmware such as the motherboard and hard disks.
这种方法将固件存储在 Proxmox VE 操作系统中，并在设备的持久固件版本较旧时传递给设备。它被网络和显卡等设备支持，但不支持依赖持久固件的设备，如主板和硬盘。

In Proxmox VE the package pve-firmware is already installed by default. Therefore, with the normal system updates (APT), included firmware of common hardware is automatically kept up to date.
在 Proxmox VE 中，pve-firmware 包默认已安装。因此，通过正常的系统更新（APT），常见硬件的内置固件会自动保持最新。

An additional Debian Firmware Repository exists, but is not configured by default.
存在一个额外的 Debian 固件代码仓库，但默认未配置。

If you try to install an additional firmware package but it conflicts, APT will abort the installation. Perhaps the particular firmware can be obtained in another way.
如果尝试安装额外的固件包但发生冲突，APT 将中止安装。也许可以通过其他方式获取该特定固件。

Microcode updates are intended to fix found security vulnerabilities and other serious CPU bugs. While the CPU performance can be affected, a patched microcode is usually still more performant than an unpatched microcode where the kernel itself has to do mitigations. Depending on the CPU type, it is possible that performance results of the flawed factory state can no longer be achieved without knowingly running the CPU in an unsafe state.
微代码更新旨在修复已发现的安全漏洞和其他严重的 CPU 缺陷。虽然 CPU 性能可能会受到影响，但经过修补的微代码通常仍比未修补的微代码性能更好，因为后者需要内核本身进行缓解。根据 CPU 类型，可能无法在不知情地让 CPU 处于不安全状态的情况下，达到有缺陷的出厂状态的性能水平。

To get an overview of present CPU vulnerabilities and their mitigations, run lscpu. Current real-world known vulnerabilities can only show up if the Proxmox VE host is up to date, its version not end of life, and has at least been rebooted since the last kernel update.
要了解当前存在的 CPU 漏洞及其缓解措施，请运行 lscpu。当前已知的实际漏洞只有在 Proxmox VE 主机保持最新状态、版本未达到生命周期终止且至少在上次内核更新后重启过，才会显示出来。

Besides the recommended microcode update via persistent BIOS/UEFI updates, there is also an independent method via Early OS Microcode Updates. It is convenient to use and also quite helpful when the motherboard vendor no longer provides BIOS/UEFI updates. Regardless of the method in use, a reboot is always needed to apply a microcode update.
除了通过持久的 BIOS/UEFI 更新进行推荐的微代码更新外，还有一种独立的方法，即通过早期操作系统微代码更新。这种方法使用方便，当主板厂商不再提供 BIOS/UEFI 更新时也非常有用。无论使用哪种方法，应用微代码更新都需要重启。

Proxmox VE does not write changes directly to /etc/network/interfaces. Instead, we write into a temporary file called /etc/network/interfaces.new, this way you can do many related changes at once. This also allows to ensure your changes are correct before applying, as a wrong network configuration may render a node inaccessible.
Proxmox VE 不会直接将更改写入 /etc/network/interfaces。相反，我们会写入一个名为 /etc/network/interfaces.new 的临时文件，这样你可以一次性进行多项相关更改。这也能确保在应用之前你的更改是正确的，因为错误的网络配置可能导致节点无法访问。

We currently use the following naming conventions for device names:
我们目前使用以下设备名称命名约定：

This makes it easier to debug networks problems, because the device name implies the device type.
这使得调试网络问题更加容易，因为设备名称暗示了设备类型。

Depending on your current network organization and your resources you can choose either a bridged, routed, or masquerading networking setup.
根据您当前的网络组织和资源，您可以选择桥接、路由或伪装网络设置。

Bridges are like physical network switches implemented in software. All virtual guests can share a single bridge, or you can create multiple bridges to separate network domains. Each host can have up to 4094 bridges.
桥接就像软件实现的物理网络交换机。所有虚拟来宾都可以共享一个桥接，或者您可以创建多个桥接以分隔网络域。每个主机最多可以拥有 4094 个桥接。

The installation program creates a single bridge named vmbr0, which is connected to the first Ethernet card. The corresponding configuration in /etc/network/interfaces might look like this:
安装程序会创建一个名为 vmbr0 的单一桥接，该桥接连接到第一块以太网卡。对应的配置文件 /etc/network/interfaces 可能如下所示：

Virtual machines behave as if they were directly connected to the physical network. The network, in turn, sees each virtual machine as having its own MAC, even though there is only one network cable connecting all of these VMs to the network.
虚拟机的行为就像它们直接连接到物理网络一样。网络则将每台虚拟机视为拥有自己的 MAC 地址，尽管实际上只有一根网线将所有这些虚拟机连接到网络。

Most hosting providers do not support the above setup. For security reasons, they disable networking as soon as they detect multiple MAC addresses on a single interface.
大多数托管服务提供商不支持上述设置。出于安全原因，一旦检测到单个接口上存在多个 MAC 地址，他们会禁用网络连接。

You can avoid the problem by “routing” all traffic via a single interface. This makes sure that all network packets use the same MAC address.
您可以通过“路由”所有流量通过单一接口来避免该问题。这确保所有网络数据包使用相同的 MAC 地址。

A common scenario is that you have a public IP (assume 198.51.100.5 for this example), and an additional IP block for your VMs (203.0.113.16/28). We recommend the following setup for such situations:
一个常见的场景是，您拥有一个公网 IP（本例假设为 198.51.100.5），以及一个用于虚拟机的额外 IP 段（203.0.113.16/28）。我们建议在此类情况下采用以下设置：

Masquerading allows guests having only a private IP address to access the network by using the host IP address for outgoing traffic. Each outgoing packet is rewritten by iptables to appear as originating from the host, and responses are rewritten accordingly to be routed to the original sender.
伪装允许仅拥有私有 IP 地址的客户机通过使用主机 IP 地址进行外发流量来访问网络。每个外发的数据包都会被 iptables 重写，使其看起来像是来自主机，响应也会相应地被重写，以便路由回原始发送者。

Adding these lines in the /etc/network/interfaces can fix this problem:
在 /etc/network/interfaces 中添加以下几行可以解决此问题：

For more information about this, refer to the following links:
有关更多信息，请参阅以下链接：

Netfilter Packet Flow  Netfilter 数据包流

Patch on netdev-list introducing conntrack zones
在 netdev-list 上引入 conntrack 区域的补丁

Blog post with a good explanation by using TRACE in the raw table
使用 raw 表中的 TRACE 进行良好解释的博客文章

Bonding (also called NIC teaming or Link Aggregation) is a technique for binding multiple NIC’s to a single network device. It is possible to achieve different goals, like make the network fault-tolerant, increase the performance or both together.
绑定（也称为 NIC 团队或链路聚合）是一种将多个网卡绑定到单个网络设备的技术。它可以实现不同的目标，比如使网络具备容错能力、提高性能，或者两者兼顾。

High-speed hardware like Fibre Channel and the associated switching hardware can be quite expensive. By doing link aggregation, two NICs can appear as one logical interface, resulting in double speed. This is a native Linux kernel feature that is supported by most switches. If your nodes have multiple Ethernet ports, you can distribute your points of failure by running network cables to different switches and the bonded connection will failover to one cable or the other in case of network trouble.
高速硬件如光纤通道及其相关交换硬件可能相当昂贵。通过链路聚合，两个网卡可以表现为一个逻辑接口，从而实现双倍速度。这是 Linux 内核的原生功能，大多数交换机都支持。如果你的节点有多个以太网端口，可以通过将网络线缆连接到不同的交换机来分散故障点，在网络出现问题时，绑定连接会自动切换到另一条线缆。

Aggregated links can improve live-migration delays and improve the speed of replication of data between Proxmox VE Cluster nodes.
聚合链路可以改善实时迁移的延迟，并提高 Proxmox VE 集群节点之间数据复制的速度。

There are 7 modes for bonding:
绑定有 7 种模式：

If your switch supports the LACP (IEEE 802.3ad) protocol, then we recommend using the corresponding bonding mode (802.3ad). Otherwise you should generally use the active-backup mode.
如果您的交换机支持 LACP（IEEE 802.3ad）协议，我们建议使用相应的绑定模式（802.3ad）。否则，通常应使用主动-备份模式。

For the cluster network (Corosync) we recommend configuring it with multiple networks. Corosync does not need a bond for network redundancy as it can switch between networks by itself, if one becomes unusable.
对于集群网络（Corosync），我们建议配置多个网络。Corosync 不需要绑定来实现网络冗余，因为它可以在网络不可用时自行切换网络。

The following bond configuration can be used as distributed/shared storage network. The benefit would be that you get more speed and the network will be fault-tolerant.
以下绑定配置可用作分布式/共享存储网络。其优点是可以获得更高的速度且网络具备容错能力。

Another possibility is to use the bond directly as the bridge port. This can be used to make the guest network fault-tolerant.
另一种可能是直接将绑定接口用作桥接端口。这可以用来使客户机网络具备容错能力。

A virtual LAN (VLAN) is a broadcast domain that is partitioned and isolated in the network at layer two. So it is possible to have multiple networks (4096) in a physical network, each independent of the other ones.
虚拟局域网（VLAN）是在网络第二层被划分和隔离的广播域。因此，在一个物理网络中可以存在多个（4096 个）相互独立的网络。

Each VLAN network is identified by a number often called tag. Network packages are then tagged to identify which virtual network they belong to.
每个 VLAN 网络由一个数字标识，通常称为标签。网络数据包会被打上标签，以识别它们属于哪个虚拟网络。

Proxmox VE works correctly in all environments, irrespective of whether IPv6 is deployed or not. We recommend leaving all settings at the provided defaults.
Proxmox VE 在所有环境中均能正常工作，无论是否部署了 IPv6。我们建议保持所有设置为默认值。

Should you still need to disable support for IPv6 on your node, do so by creating an appropriate sysctl.conf (5) snippet file and setting the proper sysctls, for example adding /etc/sysctl.d/disable-ipv6.conf with content:
如果您仍然需要在节点上禁用对 IPv6 的支持，可以通过创建适当的 sysctl.conf (5) 片段文件并设置相应的 sysctl 来实现，例如添加 /etc/sysctl.d/disable-ipv6.conf 文件，内容如下：

This method is preferred to disabling the loading of the IPv6 module on the kernel commandline.
这种方法优于在内核命令行中禁用 IPv6 模块的加载。

By default, MAC learning is enabled on a bridge to ensure a smooth experience with virtual guests and their networks.
默认情况下，桥接上启用了 MAC 学习，以确保虚拟客户机及其网络的顺畅体验。

But in some environments this can be undesired. Since Proxmox VE 7.3 you can disable MAC learning on the bridge by setting the ‘bridge-disable-mac-learning 1` configuration on a bridge in `/etc/network/interfaces’, for example:
但在某些环境中，这可能是不希望的。从 Proxmox VE 7.3 开始，您可以通过在`/etc/network/interfaces`中的桥接上设置`bridge-disable-mac-learning 1`配置来禁用桥接上的 MAC 学习，例如：

Once enabled, Proxmox VE will manually add the configured MAC address from VMs and Containers to the bridges forwarding database to ensure that guest can still use the network - but only when they are using their actual MAC address.
启用后，Proxmox VE 将手动将虚拟机和容器配置的 MAC 地址添加到桥接的转发表中，以确保客户机仍然可以使用网络——但仅当它们使用其实际的 MAC 地址时。

In some cases, it might be desired to use non-default NTP servers. For example, if your Proxmox VE nodes do not have access to the public internet due to restrictive firewall rules, you need to set up local NTP servers and tell the NTP daemon to use them.
在某些情况下，可能需要使用非默认的 NTP 服务器。例如，如果您的 Proxmox VE 节点由于严格的防火墙规则无法访问公共互联网，则需要设置本地 NTP 服务器，并告诉 NTP 守护进程使用它们。

The default port is set to 2003 and the default graphite path is proxmox.
默认端口设置为 2003，默认的 graphite 路径是 proxmox。

By default, Proxmox VE sends the data over UDP, so the graphite server has to be configured to accept this. Here the maximum transmission unit (MTU) can be configured for environments not using the standard 1500 MTU.
默认情况下，Proxmox VE 通过 UDP 发送数据，因此必须配置 graphite 服务器以接受此类数据。这里可以为不使用标准 1500 MTU 的环境配置最大传输单元（MTU）。

You can also configure the plugin to use TCP. In order not to block the important pvestatd statistic collection daemon, a timeout is required to cope with network problems.
您也可以配置插件使用 TCP。为了不阻塞重要的 pvestatd 统计收集守护进程，需要设置超时以应对网络问题。

Proxmox VE sends the data over UDP, so the influxdb server has to be configured for this. The MTU can also be configured here, if necessary.
Proxmox VE 通过 UDP 发送数据，因此必须配置 influxdb 服务器以支持此方式。如有必要，这里也可以配置 MTU。

Here is an example configuration for influxdb (on your influxdb server):
以下是 influxdb（在您的 influxdb 服务器上）的示例配置：

With this configuration, your server listens on all IP addresses on port 8089, and writes the data in the proxmox database
使用此配置，您的服务器将在所有 IP 地址的 8089 端口监听，并将数据写入 proxmox 数据库

Alternatively, the plugin can be configured to use the http(s) API of InfluxDB 2.x. InfluxDB 1.8.x does contain a forwards compatible API endpoint for this v2 API.
或者，插件可以配置为使用 InfluxDB 2.x 的 http(s) API。InfluxDB 1.8.x 包含一个向前兼容的 v2 API 端点。

To use it, set influxdbproto to http or https (depending on your configuration). By default, Proxmox VE uses the organization proxmox and the bucket/db proxmox (They can be set with the configuration organization and bucket respectively).
要使用它，请将 influxdbproto 设置为 http 或 https（取决于您的配置）。默认情况下，Proxmox VE 使用组织 proxmox 和 bucket/db proxmox（它们可以分别通过配置 organization 和 bucket 设置）。

Since InfluxDB’s v2 API is only available with authentication, you have to generate a token that can write into the correct bucket and set it.
由于 InfluxDB 的 v2 API 仅在认证后可用，您必须生成一个可以写入正确桶的代币并进行设置。

In the v2 compatible API of 1.8.x, you can use user:password as token (if required), and can omit the organization since that has no meaning in InfluxDB 1.x.
在 1.8.x 的 v2 兼容 API 中，您可以使用 user:password 作为代币（如果需要），并且可以省略组织，因为在 InfluxDB 1.x 中组织没有意义。

You can also set the HTTP Timeout (default is 1s) with the timeout setting, as well as the maximum batch size (default 25000000 bytes) with the max-body-size setting (this corresponds to the InfluxDB setting with the same name).
您还可以通过 timeout 设置 HTTP 超时时间（默认是 1 秒），以及通过 max-body-size 设置最大批量大小（默认 25000000 字节）（这对应于 InfluxDB 中同名的设置）。

We highly recommend to use a hardware RAID controller (with BBU) for such setups. This increases performance, provides redundancy, and make disk replacements easier (hot-pluggable).
我们强烈建议在此类配置中使用带有 BBU 的硬件 RAID 控制器。这可以提升性能，提供冗余，并使磁盘更换更方便（支持热插拔）。

LVM itself does not need any special hardware, and memory requirements are very low.
LVM 本身不需要任何特殊硬件，且内存需求非常低。

We install two boot loaders by default. The first partition contains the standard GRUB boot loader. The second partition is an EFI System Partition (ESP), which makes it possible to boot on EFI systems and to apply persistent firmware updates from the user space.
我们默认安装两个引导加载程序。第一个分区包含标准的 GRUB 引导加载程序。第二个分区是 EFI 系统分区（ESP），它使得在 EFI 系统上启动成为可能，并且可以从用户空间应用持久的固件更新。

Let’s assume we have an empty disk /dev/sdb, onto which we want to create a volume group named “vmdata”.
假设我们有一个空磁盘/dev/sdb，我们想在其上创建一个名为“vmdata”的卷组。

First create a partition.
首先创建一个分区。

Create a Physical Volume (PV) without confirmation and 250K metadatasize.
创建一个物理卷（PV），不需要确认，元数据大小为 250K。

Create a volume group named “vmdata” on /dev/sdb1
在 /dev/sdb1 上创建一个名为“vmdata”的卷组。

This can be easily done by creating a new thin LV.
这可以通过创建一个新的精简逻辑卷轻松完成。

A real world example:  一个实际的例子：

Now a filesystem must be created on the LV.
现在必须在该逻辑卷上创建文件系统。

At last this has to be mounted.
最后必须挂载它。

To make it always accessible add the following line in /etc/fstab.
为了使其始终可访问，在 /etc/fstab 中添加以下行。

Resize the LV and the metadata pool with the following command:
使用以下命令调整逻辑卷和元数据池的大小：

A thin pool has to be created on top of a volume group. How to create a volume group see Section LVM.
必须在卷组之上创建一个 thin 池。如何创建卷组请参见 LVM 一节。

ZFS depends heavily on memory, so you need at least 8GB to start. In practice, use as much as you can get for your hardware/budget. To prevent data corruption, we recommend the use of high quality ECC RAM.
ZFS 对内存依赖很大，因此至少需要 8GB 才能启动。实际上，应根据您的硬件和预算尽可能多地使用内存。为了防止数据损坏，我们建议使用高质量的 ECC 内存。

If you use a dedicated cache and/or log disk, you should use an enterprise class SSD. This can increase the overall performance significantly.
如果您使用专用的缓存和/或日志磁盘，应该使用企业级 SSD。这可以显著提升整体性能。

If you are experimenting with an installation of Proxmox VE inside a VM (Nested Virtualization), don’t use virtio for disks of that VM, as they are not supported by ZFS. Use IDE or SCSI instead (also works with the virtio SCSI controller type).
如果您在虚拟机内（嵌套虚拟化）尝试安装 Proxmox VE，不要为该虚拟机的磁盘使用 virtio，因为 ZFS 不支持它们。请改用 IDE 或 SCSI（也适用于 virtio SCSI 控制器类型）。

When you install using the Proxmox VE installer, you can choose ZFS for the root file system. You need to select the RAID type at installation time:
当您使用 Proxmox VE 安装程序安装时，可以选择 ZFS 作为根文件系统。您需要在安装时选择 RAID 类型：

The installer automatically partitions the disks, creates a ZFS pool called rpool, and installs the root file system on the ZFS subvolume rpool/ROOT/pve-1.
安装程序会自动分区磁盘，创建一个名为 rpool 的 ZFS 池，并将根文件系统安装在 ZFS 子卷 rpool/ROOT/pve-1 上。

Another subvolume called rpool/data is created to store VM images. In order to use that with the Proxmox VE tools, the installer creates the following configuration entry in /etc/pve/storage.cfg:
另一个名为 rpool/data 的子卷被创建用于存储虚拟机镜像。为了使 Proxmox VE 工具能够使用它，安装程序在 /etc/pve/storage.cfg 中创建了以下配置条目：

After installation, you can view your ZFS pool status using the zpool command:
安装完成后，您可以使用 zpool 命令查看您的 ZFS 池状态：

The zfs command is used to configure and manage your ZFS file systems. The following command lists all file systems after installation:
zfs 命令用于配置和管理您的 ZFS 文件系统。安装完成后，以下命令列出所有文件系统：

There are a few factors to take into consideration when choosing the layout of a ZFS pool. The basic building block of a ZFS pool is the virtual device, or vdev. All vdevs in a pool are used equally and the data is striped among them (RAID0). Check the zpoolconcepts(7) manpage for more details on vdevs.
在选择 ZFS 池的布局时，需要考虑几个因素。ZFS 池的基本构建块是虚拟设备，或称 vdev。池中的所有 vdev 都会被均等使用，数据会在它们之间进行条带化（RAID0）。有关 vdev 的更多详细信息，请查阅 zpoolconcepts(7)手册页。

In a ZFS dRAID (declustered RAID) the hot spare drive(s) participate in the RAID. Their spare capacity is reserved and used for rebuilding when one drive fails. This provides, depending on the configuration, faster rebuilding compared to a RAIDZ in case of drive failure. More information can be found in the official OpenZFS documentation. [3]
在 ZFS dRAID（去簇 RAID）中，热备盘参与 RAID。它们的备用容量被保留，并在某个磁盘故障时用于重建。根据配置不同，这相比 RAIDZ 在磁盘故障时提供更快的重建速度。更多信息可参见官方 OpenZFS 文档。[3]

Additional information can be found on the manual page:
更多信息可以在手册页中找到：

Proxmox VE uses proxmox-boot-tool to manage the bootloader configuration. See the chapter on Proxmox VE host bootloaders for details.
Proxmox VE 使用 proxmox-boot-tool 来管理引导加载程序的配置。详情请参见 Proxmox VE 主机引导加载程序章节。

This section gives you some usage examples for common tasks. ZFS itself is really powerful and provides many options. The main commands to manage ZFS are zfs and zpool. Both commands come with great manual pages, which can be read with:
本节为您提供一些常见任务的使用示例。ZFS 本身功能强大，提供了许多选项。管理 ZFS 的主要命令是 zfs 和 zpool。两者都附带了详尽的手册页，可以通过以下命令查看：

ZFS comes with an event daemon ZED, which monitors events generated by the ZFS kernel module. The daemon can also send emails on ZFS events like pool errors. Newer ZFS packages ship the daemon in a separate zfs-zed package, which should already be installed by default in Proxmox VE.
ZFS 附带一个事件守护进程 ZED，用于监控由 ZFS 内核模块生成的事件。该守护进程还可以在发生 ZFS 事件（如存储池错误）时发送电子邮件。较新的 ZFS 软件包将该守护进程作为单独的 zfs-zed 软件包提供，Proxmox VE 默认应已安装该软件包。

You can configure the daemon via the file /etc/zfs/zed.d/zed.rc with your favorite editor. The required setting for email notification is ZED_EMAIL_ADDR, which is set to root by default.
您可以使用喜欢的编辑器通过文件 /etc/zfs/zed.d/zed.rc 配置该守护进程。电子邮件通知所需的设置是 ZED_EMAIL_ADDR，默认设置为 root。

Please note Proxmox VE forwards mails to root to the email address configured for the root user.
请注意，Proxmox VE 会将发送给 root 的邮件转发到为 root 用户配置的电子邮件地址。

ZFS uses 50 % of the host memory for the Adaptive Replacement Cache (ARC) by default. For new installations starting with Proxmox VE 8.1, the ARC usage limit will be set to 10 % of the installed physical memory, clamped to a maximum of 16 GiB. This value is written to /etc/modprobe.d/zfs.conf.
ZFS 默认使用主机内存的 50% 作为自适应替换缓存（ARC）。对于从 Proxmox VE 8.1 开始的新安装，ARC 使用限制将设置为已安装物理内存的 10%，并限制最大值为 16 GiB。该值写入 /etc/modprobe.d/zfs.conf。

Allocating enough memory for the ARC is crucial for IO performance, so reduce it with caution. As a general rule of thumb, allocate at least 2 GiB Base + 1 GiB/TiB-Storage. For example, if you have a pool with 8 TiB of available storage space then you should use 10 GiB of memory for the ARC.
为 ARC 分配足够的内存对 IO 性能至关重要，因此请谨慎减少。一般经验法则是，至少分配 2 GiB 基础内存 + 每 TiB 存储 1 GiB。例如，如果您有一个可用存储空间为 8 TiB 的存储池，则应为 ARC 使用 10 GiB 的内存。

ZFS also enforces a minimum value of 64 MiB.
ZFS 还强制执行最小值为 64 MiB。

You can change the ARC usage limit for the current boot (a reboot resets this change again) by writing to the zfs_arc_max module parameter directly:
您可以通过直接写入 zfs_arc_max 模块参数来更改当前启动的 ARC 使用限制（重启后此更改将重置）：

To permanently change the ARC limits, add (or change if already present) the following line to /etc/modprobe.d/zfs.conf:
要永久更改 ARC 限制，请将以下行添加到 /etc/modprobe.d/zfs.conf 文件中（如果已存在则修改）：

This example setting limits the usage to 8 GiB (8 * 2³⁰).
此示例设置将使用限制为 8 GiB（8 * 2 ³⁰ ）。

This example setting (temporarily) limits the usage to 8 GiB (8 * 2³⁰) on systems with more than 256 GiB of total memory, where simply setting zfs_arc_max alone would not work.
此示例设置在总内存超过 256 GiB 的系统上（临时）将使用限制为 8 GiB（8 * 2 ³⁰ ），仅设置 zfs_arc_max 本身将无法生效。

Swap-space created on a zvol may generate some troubles, like blocking the server or generating a high IO load, often seen when starting a Backup to an external Storage.
在 zvol 上创建的交换空间可能会引发一些问题，比如阻塞服务器或产生高 IO 负载，这种情况常见于启动备份到外部存储时。

We strongly recommend to use enough memory, so that you normally do not run into low memory situations. Should you need or want to add swap, it is preferred to create a partition on a physical disk and use it as a swap device. You can leave some space free for this purpose in the advanced options of the installer. Additionally, you can lower the “swappiness” value. A good value for servers is 10:
我们强烈建议使用足够的内存，这样通常不会遇到内存不足的情况。如果您需要或想要添加交换空间，建议在物理磁盘上创建一个分区并将其用作交换设备。您可以在安装程序的高级选项中为此预留一些空间。此外，您还可以降低“swappiness”值。对于服务器来说，10 是一个不错的值：

To make the swappiness persistent, open /etc/sysctl.conf with an editor of your choice and add the following line:
要使 swappiness 设置持久生效，请使用您选择的编辑器打开 /etc/sysctl.conf 文件，并添加以下行：

ZFS on Linux version 0.8.0 introduced support for native encryption of datasets. After an upgrade from previous ZFS on Linux versions, the encryption feature can be enabled per pool:
ZFS on Linux 版本 0.8.0 引入了对数据集原生加密的支持。升级自之前版本的 ZFS on Linux 后，可以针对每个存储池启用加密功能：

Encryption needs to be setup when creating datasets/zvols, and is inherited by default to child datasets. For example, to create an encrypted dataset tank/encrypted_data and configure it as storage in Proxmox VE, run the following commands:
创建数据集/zvol 时需要设置加密，且默认会继承给子数据集。例如，要创建一个加密的数据集 tank/encrypted_data 并将其配置为 Proxmox VE 中的存储，运行以下命令：

All guest volumes/disks create on this storage will be encrypted with the shared key material of the parent dataset.
在此存储上创建的所有客户机卷/磁盘都将使用父数据集的共享密钥材料进行加密。

To actually use the storage, the associated key material needs to be loaded and the dataset needs to be mounted. This can be done in one step with:
要实际使用该存储，需要加载相关的密钥材料并挂载数据集。这可以通过以下一步完成：

It is also possible to use a (random) keyfile instead of prompting for a passphrase by setting the keylocation and keyformat properties, either at creation time or with zfs change-key on existing datasets:
也可以通过设置 keylocation 和 keyformat 属性来使用（随机）密钥文件，而不是提示输入密码短语，这可以在创建时设置，也可以通过 zfs change-key 命令对现有数据集进行设置：

A guest volume created underneath an encrypted dataset will have its encryptionroot property set accordingly. The key material only needs to be loaded once per encryptionroot to be available to all encrypted datasets underneath it.
在加密数据集下创建的客户卷，其 encryptionroot 属性会相应设置。密钥材料只需针对每个 encryptionroot 加载一次，即可供其下所有加密数据集使用。

See the encryptionroot, encryption, keylocation, keyformat and keystatus properties, the zfs load-key, zfs unload-key and zfs change-key commands and the Encryption section from man zfs for more details and advanced usage.
有关更多详细信息和高级用法，请参阅 encryptionroot、encryption、keylocation、keyformat 和 keystatus 属性，zfs load-key、zfs unload-key 和 zfs change-key 命令，以及 man zfs 中的 Encryption 部分。

When compression is enabled on a dataset, ZFS tries to compress all new blocks before writing them and decompresses them on reading. Already existing data will not be compressed retroactively.
当在数据集上启用压缩时，ZFS 会尝试在写入之前压缩所有新块，并在读取时解压它们。已有的数据不会被回溯压缩。

You can enable compression with:
您可以通过以下方式启用压缩：

We recommend using the lz4 algorithm, because it adds very little CPU overhead. Other algorithms like lzjb and gzip-N, where N is an integer from 1 (fastest) to 9 (best compression ratio), are also available. Depending on the algorithm and how compressible the data is, having compression enabled can even increase I/O performance.
我们推荐使用 lz4 算法，因为它几乎不会增加 CPU 开销。其他算法如 lzjb 和 gzip-N（其中 N 是从 1（最快）到 9（最佳压缩比）的整数）也可用。根据算法和数据的可压缩性，启用压缩甚至可能提高 I/O 性能。

You can disable compression at any time with:
您可以随时通过以下方式禁用压缩：

Again, only new blocks will be affected by this change.
同样，只有新的数据块会受到此更改的影响。

Since version 0.8.0 ZFS supports special devices. A special device in a pool is used to store metadata, deduplication tables, and optionally small file blocks.
自版本 0.8.0 起，ZFS 支持特殊设备。池中的特殊设备用于存储元数据、重复数据删除表，以及可选的小文件块。

A special device can improve the speed of a pool consisting of slow spinning hard disks with a lot of metadata changes. For example workloads that involve creating, updating or deleting a large number of files will benefit from the presence of a special device. ZFS datasets can also be configured to store whole small files on the special device which can further improve the performance. Use fast SSDs for the special device.
特殊设备可以提升由转速较慢的硬盘组成且有大量元数据变更的存储池的速度。例如，涉及创建、更新或删除大量文件的工作负载将从特殊设备中受益。ZFS 数据集也可以配置为将整个小文件存储在特殊设备上，这可以进一步提升性能。特殊设备应使用高速 SSD。

ZFS datasets expose the special_small_blocks=<size> property. size can be 0 to disable storing small file blocks on the special device or a power of two in the range between 512B to 1M. After setting the property new file blocks smaller than size will be allocated on the special device.
ZFS 数据集暴露了 special_small_blocks=<size> 属性。size 可以设置为 0 以禁用在特殊设备上存储小文件块，或者设置为 512B 到 1M 范围内的 2 的幂。设置该属性后，新的小于 size 的文件块将分配到特殊设备上。

Setting the special_small_blocks property on a pool will change the default value of that property for all child ZFS datasets (for example all containers in the pool will opt in for small file blocks).
在池上设置 special_small_blocks 属性将更改该属性在所有子 ZFS 数据集中的默认值（例如，池中的所有容器都将选择使用小文件块）。

Changes to the on-disk format in ZFS are only made between major version changes and are specified through features. All features, as well as the general mechanism are well documented in the zpool-features(5) manpage.
ZFS 中对磁盘格式的更改仅在主版本更改之间进行，并通过特性来指定。所有特性以及通用机制都在 zpool-features(5)手册页中有详细说明。

Since enabling new features can render a pool not importable by an older version of ZFS, this needs to be done actively by the administrator, by running zpool upgrade on the pool (see the zpool-upgrade(8) manpage).
由于启用新特性可能导致旧版本的 ZFS 无法导入该存储池，因此需要管理员主动通过在存储池上运行 zpool upgrade 来完成此操作（参见 zpool-upgrade(8)手册页）。