Migration from VMware to XCP-NG complete.

Finally just finished our migration from VMware to XCP-NG.

VMs - 34 mix windows server and ubuntu linux.
Pools - 3
Host - 6
Dell R660 - 2
Dell R640 - 4

@rzr Installed latest update and no issues to report. I dont hvae any 2tb+ drives in my vms. converting from vhd to qcow2 and backups all working.

@rzr

installed updates will report back.

Update - I had migrated vms back over to vhd prior to update release. I have migrated 2 vms back over to qcow2 and the initial backup ran successfull. Ran a second delta backup and that as well was successful with out issues. Backups happen very quickly now. But it appears the % and progress bar are working.

When CBT is enabled on the vm vdi. They show up as needing to be coalesced. VMs without CBT enabled the vdis are coalesced.

Will continue to monitor.

Once the coalesence hits 2 for the vm. The vm is skipped form future backups until cleared. (shutting down the vm will allow the coalescence to happen.
2026-04-23T19_52_34.694Z - backup NG.txt

@olivierlambert Created new topic.

@rzr

Updated my to AMD Ryzen host in my home lab. No issues with update will monitor and report back any issues.

While this project is more for myself it is open to others to use. Please use at your own risk. Double check my script before using in a production environment. I am open to suggestions and please report any issues here - https://github.com/acebmxer/install_xen_orchestra/issues

With that said I wanted to create my own script to install XOA from sources using the information provided by https://docs.xen-orchestra.com/installation#from-the-sources. It took many tries to get it working just to see the log in screen.

I have only tested on Ubuntu 24.04.4 as of yet.

https://github.com/acebmxer/install_xen_orchestra

# Xen Orchestra Installation Script

Automated installation script for [Xen Orchestra](https://xen-orchestra.com/) from source, based on the [official documentation](https://docs.xen-orchestra.com/installation#from-the-sources).

## Features

- Installs all required dependencies and prerequisites automatically
- Uses Node.js 20 LTS (with npm v10)
- Yarn package manager installed globally
- Self-signed SSL certificate generation for HTTPS
- Direct port binding (80 and 443) - no proxy required
- Systemd service for automatic startup
- Update functionality with commit comparison
- Automatic backups before updates (keeps last 5)
- Interactive restore from any available backup
- Rebuild functionality — fresh clone + clean build on the current branch, preserves settings
- Configurable via simple config file
- **Customizable service user** - run as any username or root, defaults to 'xo'
- **Automatic swap space management** - creates 2GB swap if needed for builds
- **NFS mount support** - automatically configures sudo permissions for remote storage
- **Memory-efficient builds** - prevents out-of-memory errors on low-RAM systems

## Quick Start

### 1. Clone this repository

```bash
git clone https://github.com/acebmxer/install_xen_orchestra.git
cd install_xen_orchestra

2. Configure the installation

Copy the sample configuration file and customize it:

cp sample-xo-config.cfg xo-config.cfg

Edit xo-config.cfg with your preferred settings:

nano xo-config.cfg

Note: If xo-config.cfg is not found when running the script, it will automatically be created from sample-xo-config.cfg with default settings.

3. Run the installation

Important: Do NOT run this script with sudo. Run as a normal user with sudo privileges - the script will use sudo internally for commands that require elevated permissions.

./install-xen-orchestra.sh

Configuration Options

The xo-config.cfg file supports the following options:

Option	Default	Description
HTTP_PORT	80	HTTP port for web interface
HTTPS_PORT	443	HTTPS port for web interface
INSTALL_DIR	/opt/xen-orchestra	Installation directory
SSL_CERT_DIR	/etc/ssl/xo	SSL certificate directory
SSL_CERT_FILE	xo-cert.pem	SSL certificate filename
SSL_KEY_FILE	xo-key.pem	SSL private key filename
GIT_BRANCH	master	Git branch (master, stable, or tag)
BACKUP_DIR	/opt/xo-backups	Backup directory for updates
BACKUP_KEEP	5	Number of backups to retain
NODE_VERSION	20	Node.js major version
SERVICE_USER	xo	Service user (any username, leave empty for root)
DEBUG_MODE	false	Enable debug logging

Updating Xen Orchestra

To update an existing installation:

./install-xen-orchestra.sh --update

The update process will:

1. Compare the installed commit with the latest from GitHub
2. Skip if already up to date
3. Create a backup of the current installation
4. Pull the latest changes
5. Rebuild Xen Orchestra
6. Restart the service

Backup Management

• Backups are stored in BACKUP_DIR (default: /opt/xo-backups)
• Only the last BACKUP_KEEP backups are retained (default: 5)
• Older backups are automatically purged before each new backup is created
• Backup folder names are timestamped in UTC; dates and times are displayed converted to the local system timezone
• When restoring, backups are listed newest first — [1] is the most recent, [5] is the oldest

Restoring from Backup

To restore a previous installation:

./install-xen-orchestra.sh --restore

The restore process will:

1. List all available backups newest first (1 = newest, 5 = oldest) with their dates and commit hashes
2. Prompt you to select which backup to restore
3. Ask for confirmation before making any changes
4. Stop the running service
5. Replace the current installation with the selected backup
6. Rebuild Xen Orchestra (node_modules are excluded from backups to save space)
7. Restart the service and report the restored commit hash

Example output:

==============================================
  Available Backups
==============================================

  [1] xo-backup-20260221_233000  (2026-02-21 06:30:00 PM EST)  commit: a1b2c3d4e5f6 (newest)
  [2] xo-backup-20260221_141500  (2026-02-21 09:15:00 AM EST)  commit: 9f8e7d6c5b4a
  [3] xo-backup-20260220_162000  (2026-02-20 11:20:00 AM EST)  commit: 1a2b3c4d5e6f
  [4] xo-backup-20260219_225200  (2026-02-19 05:52:00 PM EST)  commit: 3c4d5e6f7a8b
  [5] xo-backup-20260219_133000  (2026-02-19 08:30:00 AM EST)  commit: 7d8e9f0a1b2c (oldest)

Enter the number of the backup to restore [1-5], or 'q' to quit:

After a successful restore the confirmed commit is displayed:

[SUCCESS] Restore completed successfully!
[INFO]    Restored commit: a1b2c3d4e5f6

Rebuilding Xen Orchestra

If your installation becomes corrupted or broken, use --rebuild to do a fresh clone and clean build of your current branch without losing any settings:

./install-xen-orchestra.sh --rebuild

The rebuild process will:

1. Detect the currently installed branch
2. Display a summary and ask for confirmation
3. Stop the running service
4. Create a backup of the current installation (same as --update — saved to BACKUP_DIR)
5. Remove the current INSTALL_DIR and do a fresh git clone of the same branch
6. Perform a clean build (turbo cache cleared)
7. Restart the service and report the new commit hash

Note: Settings stored in /etc/xo-server (config.toml) and /var/lib/xo-server (databases and state) are not touched during a rebuild, so all your connections, users, and configuration are preserved.

Service Management

After installation, Xen Orchestra runs as a systemd service:

# Start the service
sudo systemctl start xo-server

# Stop the service
sudo systemctl stop xo-server

# Check status
sudo systemctl status xo-server

# View logs
sudo journalctl -u xo-server -f

Accessing Xen Orchestra

After installation, access the web interface:

• HTTP: http://your-server-ip
• HTTPS: https://your-server-ip

Note: If you changed HTTP_PORT or HTTPS_PORT in xo-config.cfg from the defaults (80/443), append the port to the URL — e.g. http://your-server-ip:8080

Default Credentials

• Username: admin@admin.net
• Password: admin

Warning: Change the default password immediately after first login!

Switching Branches

To switch to a different branch (e.g., from master to stable

1. Edit xo-config.cfg and change GIT_BRANCH
2. Run the update:

./install-xen-orchestra.sh --update

The script will automatically fetch and checkout the new branch during the update process.

System Requirements

Minimum Hardware

• RAM: 2GB minimum (4GB+ recommended for building)
• Disk: 10GB free space
• CPU: 1 core minimum (2+ recommended)

Note: The script automatically creates 2GB swap space if insufficient memory is detected during builds to prevent out-of-memory errors.

Dependencies

The script automatically installs all required dependencies:

Debian/Ubuntu:

• apt-transport-https, ca-certificates, libcap2-bin, curl, gnupg
• build-essential, git, patch, sudo
• Node.js v20 (with npm v10), yarn
• redis-server
• python3-minimal, libpng-dev
• lvm2, cifs-utils, nfs-common, ntfs-3g
• libvhdi-utils, dmidecode
• libfuse2t64 (or libfuse2 on older systems)
• software-properties-common (Ubuntu only)

RHEL/CentOS/Fedora:

• redis or valkey (RHEL 10+)
• Node.js v20 (with npm v10), yarn
• ca-certificates, gnupg2, curl
• make, automake, gcc, gcc-c++, patch, sudo
• git, libpng-devel
• lvm2, cifs-utils, nfs-utils, ntfs-3g
• dmidecode, libcap, fuse-libs

Supported Operating Systems

• Debian 10/11/12/13 (apt-based)
• Ubuntu (apt-based, all supported versions)
• RHEL/CentOS/AlmaLinux/Rocky (dnf/yum-based)
• Fedora (dnf-based)

Troubleshooting

Service fails to start

Check the service logs:

sudo journalctl -u xo-server -n 50

Port binding issues

If running as non-root, the service uses CAP_NET_BIND_SERVICE to bind to privileged ports. Ensure systemd is configured correctly.

Build failures

The easiest fix is to use the built-in rebuild command, which takes a backup first:

./install-xen-orchestra.sh --rebuild

Or manually (if running as non-root SERVICE_USER):

cd /opt/xen-orchestra
rm -rf node_modules
# Replace 'xo' with your SERVICE_USER if different
sudo -u xo yarn
sudo -u xo yarn build

Out of Memory (OOM) during build

If the build process fails with exit code 137 (killed), your system ran out of memory:

The script automatically handles this by:

• Detecting available swap space before building
• Creating 2GB swap file if insufficient
• Setting Node.js memory limits (4GB max)

To manually check/add swap:

# Check current swap
free -h

# Create 2GB swap file if needed
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

NFS mount errors ("user" NFS mounts not supported)

If you get an error when adding NFS remote storage:

mount.nfs: not installed setuid - "user" NFS mounts not supported

The script automatically handles this by configuring sudo permissions for your service user (default: xo) to run mount/umount commands including NFS-specific helpers.

If you encounter this issue on an existing installation:

# Update sudoers configuration (replace 'xo' with your SERVICE_USER if different)
sudo tee /etc/sudoers.d/xo-server-xo > /dev/null << 'EOF'
# Allow xo-server user to mount/unmount without password
Defaults:xo !requiretty
xo ALL=(ALL:ALL) NOPASSWD:SETENV: /bin/mount, /usr/bin/mount, /bin/umount, /usr/bin/umount, /bin/findmnt, /usr/bin/findmnt, /sbin/mount.nfs, /usr/sbin/mount.nfs, /sbin/mount.nfs4, /usr/sbin/mount.nfs4, /sbin/umount.nfs, /usr/sbin/umount.nfs, /sbin/umount.nfs4, /usr/sbin/umount.nfs4
EOF

sudo chmod 440 /etc/sudoers.d/xo-server-xo
sudo systemctl restart xo-server

NFS permission denied errors

If NFS mounts succeed but you get permission errors when writing:

EACCES: permission denied, open '/run/xo-server/mounts/.keeper_*'

This is a UID/GID mismatch between the xo-server user and your NFS export permissions:

Option 1: Run as root (recommended for simplicity)

# Edit config
nano xo-config.cfg
# Set: SERVICE_USER=
# (leave empty to run as root)

# Update service (replace 'xo' with your SERVICE_USER if different)
sudo sed -i 's/User=xo/User=root/' /etc/systemd/system/xo-server.service
sudo chown -R root:root /opt/xen-orchestra /var/lib/xo-server /etc/xo-server
sudo systemctl daemon-reload
sudo systemctl restart xo-server

Option 2: Configure NFS for your service user's UID
On your NFS server, adjust exports to allow your service user's UID (check with id <username>), or use appropriate squash settings in your NFS export configuration.

Redis connection issues

Ensure Redis is running:

redis-cli ping
# Should respond with: PONG

Security Considerations

• No Root: The script refuses to run as root/sudo and uses sudo internally
• Service User: Runs as dedicated xo user by default (customizable to any username; leave empty for root)
• SSL: Self-signed certificate generated automatically for HTTPS
• Sudo Permissions: Service user configured with minimal sudo access for:
  • NFS/CIFS mount operations (/bin/mount, /usr/bin/mount, /sbin/mount.nfs, etc.)
  • Unmount operations (/bin/umount, /usr/bin/umount, /sbin/umount.nfs, etc.)
  • Mount point discovery (/bin/findmnt, /usr/bin/findmnt)
  • All configured in /etc/sudoers.d/xo-server-<username> with NOPASSWD for specific commands only
• Automatic Swap: Swap file created with secure permissions (600) if needed for builds

License

This installation script is provided as-is. Xen Orchestra itself is licensed under AGPL-3.0.

Credits

• Xen Orchestra by Vates
• Installation Documentation

Confirm commit 1a7b5 backups completed successfully.

@simonp

[info] Updating Xen Orchestra from 'cb85e44ae' to 'eed3d72f7'

First log is from automatic schedule before latest update.
2026-02-17T18_00_00.012Z - backup NG.txt

latest log after update. Backup completed successfully.
2026-02-17T18_22_52.199Z - backup NG.txt

Updated AMD Ryzen pool at home and update two Intel Dell r660 and r640 pools at work. No issues to report back.

@stormi

Thanks for the reply back. Update when sucessfull. Windows Server 2025 iso now properly installs.

At work I was not able to install default certs for UEFI due to one failing to download. Run these updates and I was able to successfully install the certs to the host.

@florent

I didnt setup ssh on work XOA i just set the password but need to reboot it for it to work. The tunnel is still open if you dont mind doing it otherwise I will need to reboot xoa to get in myself.

@MathieuRA

Confirmed Dashboard now loads correctly.

@MathieuRA

If you still are waiting i have opened a support tunnel - 35965 this is for my home lab. You may reboot XOA if needed.

I didnt refresh the page when i ran the blow command before.

xoa@xoa:~$ sudo journalctl -u xo-server -f
Apr 30 10:28:02 xoa xo-server[568]:     at new Promise (/usr/local/lib/node_modules/xo-server/node_modules/bluebird/js/release/promise.js:103:10)
Apr 30 10:28:02 xoa xo-server[568]:     at Peer.request (/usr/local/lib/node_modules/xo-server-xoa/node_modules/json-rpc-peer/src/index.js:139:12)
Apr 30 10:28:02 xoa xo-server[568]:     at JsonRpcWebSocketClient.call (/usr/local/lib/node_modules/xo-server-xoa/node_modules/jsonrpc-websocket-client/src/index.js:63:23)
Apr 30 10:28:02 xoa xo-server[568]:     at Xoa.apply [as _getCurrentChannel] (/usr/local/lib/node_modules/xo-server-xoa/src/index.js:704:45)
Apr 30 10:28:02 xoa xo-server[568]:     at Xo.<anonymous> (file:///usr/local/lib/node_modules/xo-server/src/xo.mjs:256:24)
Apr 30 10:28:02 xoa xo-server[568]:     at Config.getGuiRoutes (file:///usr/local/lib/node_modules/xo-server/node_modules/@xen-orchestra/mixins/Config.mjs:102:52)
Apr 30 10:28:02 xoa xo-server[568]:     at main (file:///usr/local/lib/node_modules/xo-server/src/index.mjs:1037:56)
Apr 30 10:28:02 xoa xo-server[568]: 2026-04-30T15:28:02.981Z xo:main INFO Setting up /v5 → /usr/local/lib/node_modules/xo-web/dist
Apr 30 10:28:02 xoa xo-server[568]: 2026-04-30T15:28:02.981Z xo:main INFO Setting up /v6 → /usr/local/lib/node_modules/@xen-orchestra/web/dist
Apr 30 10:28:02 xoa xo-server[568]: 2026-04-30T15:28:02.981Z xo:main INFO Setting up / → /usr/local/lib/node_modules/@xen-orchestra/web/dist
Apr 30 10:29:00 xoa xo-server[568]: 2026-04-30T15:29:00.487Z xo:rest-api:error-handler INFO [GET] /users/f1397281-6d64-442b-a78c-e53fea09aa76 (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.014Z xo:rest-api:error-handler INFO [GET] /pools (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.020Z xo:rest-api:error-handler INFO [GET] /hosts (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.027Z xo:rest-api:error-handler INFO [GET] /vms (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.044Z xo:rest-api:error-handler INFO [GET] /tasks (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.077Z xo:rest-api:error-handler INFO [GET] /alarms (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.079Z xo:rest-api:error-handler INFO [GET] /vm-controllers (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.082Z xo:rest-api:error-handler INFO [GET] /vdis (403)
Apr 30 10:29:01 xoa xo-server[568]: 2026-04-30T15:29:01.088Z xo:rest-api:error-handler INFO [GET] /srs (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.204Z xo:rest-api:error-handler INFO [GET] /users/f1397281-6d64-442b-a78c-e53fea09aa76 (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.748Z xo:rest-api:error-handler INFO [GET] /alarms (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.751Z xo:rest-api:error-handler INFO [GET] /vm-controllers (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.751Z xo:rest-api:error-handler INFO [GET] /srs (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.751Z xo:rest-api:error-handler INFO [GET] /vdis (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.753Z xo:rest-api:error-handler INFO [GET] /pools (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.778Z xo:rest-api:error-handler INFO [GET] /hosts (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.778Z xo:rest-api:error-handler INFO [GET] /vms (403)
Apr 30 10:29:13 xoa xo-server[568]: 2026-04-30T15:29:13.784Z xo:rest-api:error-handler INFO [GET] /tasks (403)

I am seeing these errors....

[09:45 30] xoa@xoa:~$ sudo journalctl -u xo-server -p warning --no-pager
Mar 13 13:13:52 xoa systemd[1]: xo-server.service: State 'stop-sigterm' timed out. Killing.
Mar 13 13:13:52 xoa systemd[1]: xo-server.service: Main process exited, code=killed, status=9/KILL
Mar 13 13:13:52 xoa systemd[1]: xo-server.service: Failed with result 'timeout'.
-- Boot 8398ef48e4e94d27b11bfc3300a68727 --
Apr 25 11:37:14 xoa systemd[1]: xo-server.service: State 'stop-sigterm' timed out. Killing.
Apr 25 11:37:14 xoa systemd[1]: xo-server.service: Main process exited, code=killed, status=9/KILL
Apr 25 11:37:14 xoa systemd[1]: xo-server.service: Failed with result 'timeout'.
-- Boot 9a9a6f09bdea43729cbe3aa74acc7a3b --
Apr 30 09:36:06 xoa systemd[1]: xo-server.service: State 'stop-sigterm' timed out. Killing.
Apr 30 09:36:06 xoa systemd[1]: xo-server.service: Main process exited, code=killed, status=9/KILL
Apr 30 09:36:06 xoa systemd[1]: xo-server.service: Failed with result 'timeout'.
[09:45 30] xoa@xoa:~$ sudo journalctl -u xo-server -f
Apr 30 09:43:14 xoa xo-server[594]:       at Function.emit (node:events:519:28)
Apr 30 09:43:14 xoa xo-server[594]:       at Function.emit (/usr/local/lib/node_modules/xo-server/node_modules/@xen-orchestra/log/configure.js:52:17)
Apr 30 09:43:14 xoa xo-server[594]:       at Server.<anonymous> (file:///usr/local/lib/node_modules/xo-server/src/index.mjs:977:13)
Apr 30 09:43:14 xoa xo-server[594]:       at Server.emit (node:events:531:35)
Apr 30 09:43:14 xoa xo-server[594]:       at Server.patchedEmit [as emit] (/usr/local/lib/node_modules/xo-server/node_modules/@xen-orchestra/log/configure.js:52:17)
Apr 30 09:43:14 xoa xo-server[594]:       at onParserExecuteCommon (node:_http_server:977:14)
Apr 30 09:43:14 xoa xo-server[594]:       at onParserExecute (node:_http_server:881:3) {
Apr 30 09:43:14 xoa xo-server[594]:     code: 'DEP0060'
Apr 30 09:43:14 xoa xo-server[594]:   }
Apr 30 09:43:14 xoa xo-server[594]: }

@Baronvaile

Just to confirm this is with actual XOA and not XO from sources? Have you rebooted XO? Check logs? sudo journalctl -u xo-server -n 50

Edit - Just updated my home lab XOA

I see same thing... XO from sources no issues. Work XOA no issues...

@MajorP93

Not seeing any issues on my end. I only have NFS SRs or Remotes. No SMBs.

home lab

Work XOA - just updated XOA, proxies, and host last night after backup jobs.... Just told @florent he could close my open support ticket. Maybe i jumped the gun....

@stormi

Well I just ran rolling pool update on my 2 host home lab. I wanted to watch to make sure there were no issues. Of coarse I got distracted. Only to come back and find both host updated and running. Will continue to monitor.

@stormi said:

Thanks. Ping @Team-Storage

I think these screenshot better show the picture. It shows more or seems more dramatic on truenas.
That is two cloud inti vms 1 ubuntu and 1 alma, And 1 existing vm running on the qcow2 enabled SR.

Both SR are on the same truenas just different data sets.

@stormi

Left side of chart is all VMS running. 1.5gb/s each vm's vdi ranges from 128gb - 256gb allocated. Actual disk spaced used not sure)

The 200mb/s - 300mb/s on far right is just XO-CE running idle.

So if each vm is consuming 300mb/s ish times 4 -5 vms would get close to the 1.5gb/s.