Migration from VMware to XCP-NG complete.

Finally just finished our migration from VMware to XCP-NG.

VMs - 34 mix windows server and ubuntu linux.
Pools - 3
Host - 6
Dell R660 - 2
Dell R640 - 4

While this project is more for myself it is open to others to use. Please use at your own risk. Double check my script before using in a production environment. I am open to suggestions and please report any issues here - https://github.com/acebmxer/install_xen_orchestra/issues

With that said I wanted to create my own script to install XOA from sources using the information provided by https://docs.xen-orchestra.com/installation#from-the-sources. It took many tries to get it working just to see the log in screen.

I have only tested on Ubuntu 24.04.4 as of yet.

https://github.com/acebmxer/install_xen_orchestra

# Xen Orchestra Installation Script

Automated installation script for [Xen Orchestra](https://xen-orchestra.com/) from source, based on the [official documentation](https://docs.xen-orchestra.com/installation#from-the-sources).

## Features

- Installs all required dependencies and prerequisites automatically
- Uses Node.js 20 LTS (with npm v10)
- Yarn package manager installed globally
- Self-signed SSL certificate generation for HTTPS
- Direct port binding (80 and 443) - no proxy required
- Systemd service for automatic startup
- Update functionality with commit comparison
- Automatic backups before updates (keeps last 5)
- Interactive restore from any available backup
- Rebuild functionality — fresh clone + clean build on the current branch, preserves settings
- Configurable via simple config file
- **Customizable service user** - run as any username or root, defaults to 'xo'
- **Automatic swap space management** - creates 2GB swap if needed for builds
- **NFS mount support** - automatically configures sudo permissions for remote storage
- **Memory-efficient builds** - prevents out-of-memory errors on low-RAM systems

## Quick Start

### 1. Clone this repository

```bash
git clone https://github.com/acebmxer/install_xen_orchestra.git
cd install_xen_orchestra

2. Configure the installation

Copy the sample configuration file and customize it:

cp sample-xo-config.cfg xo-config.cfg

Edit xo-config.cfg with your preferred settings:

nano xo-config.cfg

Note: If xo-config.cfg is not found when running the script, it will automatically be created from sample-xo-config.cfg with default settings.

3. Run the installation

Important: Do NOT run this script with sudo. Run as a normal user with sudo privileges - the script will use sudo internally for commands that require elevated permissions.

./install-xen-orchestra.sh

Configuration Options

The xo-config.cfg file supports the following options:

Option	Default	Description
HTTP_PORT	80	HTTP port for web interface
HTTPS_PORT	443	HTTPS port for web interface
INSTALL_DIR	/opt/xen-orchestra	Installation directory
SSL_CERT_DIR	/etc/ssl/xo	SSL certificate directory
SSL_CERT_FILE	xo-cert.pem	SSL certificate filename
SSL_KEY_FILE	xo-key.pem	SSL private key filename
GIT_BRANCH	master	Git branch (master, stable, or tag)
BACKUP_DIR	/opt/xo-backups	Backup directory for updates
BACKUP_KEEP	5	Number of backups to retain
NODE_VERSION	20	Node.js major version
SERVICE_USER	xo	Service user (any username, leave empty for root)
DEBUG_MODE	false	Enable debug logging

Updating Xen Orchestra

To update an existing installation:

./install-xen-orchestra.sh --update

The update process will:

1. Compare the installed commit with the latest from GitHub
2. Skip if already up to date
3. Create a backup of the current installation
4. Pull the latest changes
5. Rebuild Xen Orchestra
6. Restart the service

Backup Management

• Backups are stored in BACKUP_DIR (default: /opt/xo-backups)
• Only the last BACKUP_KEEP backups are retained (default: 5)
• Older backups are automatically purged before each new backup is created
• Backup folder names are timestamped in UTC; dates and times are displayed converted to the local system timezone
• When restoring, backups are listed newest first — [1] is the most recent, [5] is the oldest

Restoring from Backup

To restore a previous installation:

./install-xen-orchestra.sh --restore

The restore process will:

1. List all available backups newest first (1 = newest, 5 = oldest) with their dates and commit hashes
2. Prompt you to select which backup to restore
3. Ask for confirmation before making any changes
4. Stop the running service
5. Replace the current installation with the selected backup
6. Rebuild Xen Orchestra (node_modules are excluded from backups to save space)
7. Restart the service and report the restored commit hash

Example output:

==============================================
  Available Backups
==============================================

  [1] xo-backup-20260221_233000  (2026-02-21 06:30:00 PM EST)  commit: a1b2c3d4e5f6 (newest)
  [2] xo-backup-20260221_141500  (2026-02-21 09:15:00 AM EST)  commit: 9f8e7d6c5b4a
  [3] xo-backup-20260220_162000  (2026-02-20 11:20:00 AM EST)  commit: 1a2b3c4d5e6f
  [4] xo-backup-20260219_225200  (2026-02-19 05:52:00 PM EST)  commit: 3c4d5e6f7a8b
  [5] xo-backup-20260219_133000  (2026-02-19 08:30:00 AM EST)  commit: 7d8e9f0a1b2c (oldest)

Enter the number of the backup to restore [1-5], or 'q' to quit:

After a successful restore the confirmed commit is displayed:

[SUCCESS] Restore completed successfully!
[INFO]    Restored commit: a1b2c3d4e5f6

Rebuilding Xen Orchestra

If your installation becomes corrupted or broken, use --rebuild to do a fresh clone and clean build of your current branch without losing any settings:

./install-xen-orchestra.sh --rebuild

The rebuild process will:

1. Detect the currently installed branch
2. Display a summary and ask for confirmation
3. Stop the running service
4. Create a backup of the current installation (same as --update — saved to BACKUP_DIR)
5. Remove the current INSTALL_DIR and do a fresh git clone of the same branch
6. Perform a clean build (turbo cache cleared)
7. Restart the service and report the new commit hash

Note: Settings stored in /etc/xo-server (config.toml) and /var/lib/xo-server (databases and state) are not touched during a rebuild, so all your connections, users, and configuration are preserved.

Service Management

After installation, Xen Orchestra runs as a systemd service:

# Start the service
sudo systemctl start xo-server

# Stop the service
sudo systemctl stop xo-server

# Check status
sudo systemctl status xo-server

# View logs
sudo journalctl -u xo-server -f

Accessing Xen Orchestra

After installation, access the web interface:

• HTTP: http://your-server-ip
• HTTPS: https://your-server-ip

Note: If you changed HTTP_PORT or HTTPS_PORT in xo-config.cfg from the defaults (80/443), append the port to the URL — e.g. http://your-server-ip:8080

Default Credentials

• Username: admin@admin.net
• Password: admin

Warning: Change the default password immediately after first login!

Switching Branches

To switch to a different branch (e.g., from master to stable

1. Edit xo-config.cfg and change GIT_BRANCH
2. Run the update:

./install-xen-orchestra.sh --update

The script will automatically fetch and checkout the new branch during the update process.

System Requirements

Minimum Hardware

• RAM: 2GB minimum (4GB+ recommended for building)
• Disk: 10GB free space
• CPU: 1 core minimum (2+ recommended)

Note: The script automatically creates 2GB swap space if insufficient memory is detected during builds to prevent out-of-memory errors.

Dependencies

The script automatically installs all required dependencies:

Debian/Ubuntu:

• apt-transport-https, ca-certificates, libcap2-bin, curl, gnupg
• build-essential, git, patch, sudo
• Node.js v20 (with npm v10), yarn
• redis-server
• python3-minimal, libpng-dev
• lvm2, cifs-utils, nfs-common, ntfs-3g
• libvhdi-utils, dmidecode
• libfuse2t64 (or libfuse2 on older systems)
• software-properties-common (Ubuntu only)

RHEL/CentOS/Fedora:

• redis or valkey (RHEL 10+)
• Node.js v20 (with npm v10), yarn
• ca-certificates, gnupg2, curl
• make, automake, gcc, gcc-c++, patch, sudo
• git, libpng-devel
• lvm2, cifs-utils, nfs-utils, ntfs-3g
• dmidecode, libcap, fuse-libs

Supported Operating Systems

• Debian 10/11/12/13 (apt-based)
• Ubuntu (apt-based, all supported versions)
• RHEL/CentOS/AlmaLinux/Rocky (dnf/yum-based)
• Fedora (dnf-based)

Troubleshooting

Service fails to start

Check the service logs:

sudo journalctl -u xo-server -n 50

Port binding issues

If running as non-root, the service uses CAP_NET_BIND_SERVICE to bind to privileged ports. Ensure systemd is configured correctly.

Build failures

The easiest fix is to use the built-in rebuild command, which takes a backup first:

./install-xen-orchestra.sh --rebuild

Or manually (if running as non-root SERVICE_USER):

cd /opt/xen-orchestra
rm -rf node_modules
# Replace 'xo' with your SERVICE_USER if different
sudo -u xo yarn
sudo -u xo yarn build

Out of Memory (OOM) during build

If the build process fails with exit code 137 (killed), your system ran out of memory:

The script automatically handles this by:

• Detecting available swap space before building
• Creating 2GB swap file if insufficient
• Setting Node.js memory limits (4GB max)

To manually check/add swap:

# Check current swap
free -h

# Create 2GB swap file if needed
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

NFS mount errors ("user" NFS mounts not supported)

If you get an error when adding NFS remote storage:

mount.nfs: not installed setuid - "user" NFS mounts not supported

The script automatically handles this by configuring sudo permissions for your service user (default: xo) to run mount/umount commands including NFS-specific helpers.

If you encounter this issue on an existing installation:

# Update sudoers configuration (replace 'xo' with your SERVICE_USER if different)
sudo tee /etc/sudoers.d/xo-server-xo > /dev/null << 'EOF'
# Allow xo-server user to mount/unmount without password
Defaults:xo !requiretty
xo ALL=(ALL:ALL) NOPASSWD:SETENV: /bin/mount, /usr/bin/mount, /bin/umount, /usr/bin/umount, /bin/findmnt, /usr/bin/findmnt, /sbin/mount.nfs, /usr/sbin/mount.nfs, /sbin/mount.nfs4, /usr/sbin/mount.nfs4, /sbin/umount.nfs, /usr/sbin/umount.nfs, /sbin/umount.nfs4, /usr/sbin/umount.nfs4
EOF

sudo chmod 440 /etc/sudoers.d/xo-server-xo
sudo systemctl restart xo-server

NFS permission denied errors

If NFS mounts succeed but you get permission errors when writing:

EACCES: permission denied, open '/run/xo-server/mounts/.keeper_*'

This is a UID/GID mismatch between the xo-server user and your NFS export permissions:

Option 1: Run as root (recommended for simplicity)

# Edit config
nano xo-config.cfg
# Set: SERVICE_USER=
# (leave empty to run as root)

# Update service (replace 'xo' with your SERVICE_USER if different)
sudo sed -i 's/User=xo/User=root/' /etc/systemd/system/xo-server.service
sudo chown -R root:root /opt/xen-orchestra /var/lib/xo-server /etc/xo-server
sudo systemctl daemon-reload
sudo systemctl restart xo-server

Option 2: Configure NFS for your service user's UID
On your NFS server, adjust exports to allow your service user's UID (check with id <username>), or use appropriate squash settings in your NFS export configuration.

Redis connection issues

Ensure Redis is running:

redis-cli ping
# Should respond with: PONG

Security Considerations

• No Root: The script refuses to run as root/sudo and uses sudo internally
• Service User: Runs as dedicated xo user by default (customizable to any username; leave empty for root)
• SSL: Self-signed certificate generated automatically for HTTPS
• Sudo Permissions: Service user configured with minimal sudo access for:
  • NFS/CIFS mount operations (/bin/mount, /usr/bin/mount, /sbin/mount.nfs, etc.)
  • Unmount operations (/bin/umount, /usr/bin/umount, /sbin/umount.nfs, etc.)
  • Mount point discovery (/bin/findmnt, /usr/bin/findmnt)
  • All configured in /etc/sudoers.d/xo-server-<username> with NOPASSWD for specific commands only
• Automatic Swap: Swap file created with secure permissions (600) if needed for builds

License

This installation script is provided as-is. Xen Orchestra itself is licensed under AGPL-3.0.

Credits

• Xen Orchestra by Vates
• Installation Documentation

Confirm commit 1a7b5 backups completed successfully.

@simonp

[info] Updating Xen Orchestra from 'cb85e44ae' to 'eed3d72f7'

First log is from automatic schedule before latest update.
2026-02-17T18_00_00.012Z - backup NG.txt

latest log after update. Backup completed successfully.
2026-02-17T18_22_52.199Z - backup NG.txt

Updated AMD Ryzen pool at home and update two Intel Dell r660 and r640 pools at work. No issues to report back.

@stormi

Thanks for the reply back. Update when sucessfull. Windows Server 2025 iso now properly installs.

At work I was not able to install default certs for UEFI due to one failing to download. Run these updates and I was able to successfully install the certs to the host.

i have applied updates to my 2 amd home lab hosts. Ryzen 7700x and 7950x amd x670e mobo's. No issues to report. Windows vm migrated between hosts no isssues. No issues with windows vm booting with uefi enabled prior to update.

@WorkAccount1000

Reach out to who's script you are using for deploying XO from sources.

This script - https://github.com/ronivay/XenOrchestraInstallerUpdater there is an option in the config file to enable XOv6. There are concerns with not being fully ready to its disabled by default. I currently have not any issues related to that.

@MathieuRA

Again thank you so much for you time trying to assist with this. The script OP has responded and updated the script to work correctly now.

Again thank to all Vates staff for all the hard work you do that goes unnoticed.

@dinhngtu Well those directions didnt work as I was unable to locate the setup.exe file in any of the vmware directories. I asked google ai how to force uninstall the vmware tools and started to follow those directions of maunally deleting the services and folder and registry entries. However the vm pysically became unbootable. It would not show the logo of the bios starting up. The vm would appear to be starting up but no console screen would load. I even tried to restore from a backup taken two days ago. That VM started up and of coarse windows wanted todo updates and vm became unbootable again.

I deleted all previous vm and did a fresh migration. This time i did remove the tools prior to the migration. VM is back working.

@MajorP93

No by reducing the number of vms that are being backed up by xoa.

I moved Windows vms to veeam as we need application aware backups.

I may have fixed the issue myself. I have moved our Windows VM backups to Veeam and leaving XOA to backup linux VMs.

Updated to XOA 6.2.0 Will monitor memory usage and report back.

Current use before backups after update. All host and pools connected as of yesterday.

@pilow

As I am completly new to this scripting and such I did reach out to Ai for assistance and believe the license check should be bypassed now.

Again not suggested to use in production. Use at your own risk.

still has its own branch for more testing before merging to main branch.

From my XOA

One of my pools have been offline for 24hrs due to power outage.

Standard XOA can open support tunnel if needed.

@Pilow

Yeah i was looking over his script to see how he worked around it but just states that.

I knew there would be limitations with it so i didnt add it to the main branch yet.

@afmart_dei

I had similar issues recently. But not exacly the same. I was able to add second host to pool but was not able to work because in my case eth0 was host managment, eth4 storage, eth5 migration, eth 7 vm network. My second host at the time did not have eht7

Then i further messed myself up by using second host as its own pool attached to same storage and when down hill form there, but was an easy fix.

Just added the option for --proxy to deploy xo proxy.

https://github.com/acebmxer/install_xen_orchestra/tree/xo-proxy

Deploying a Proxy VM
The script supports deploying a Xen Orchestra Proxy VM directly to your XenServer/XCP-ng pool using the --proxy option:

./install-xen-orchestra.sh --proxy

Important Limitations and Notes

️ Network Configuration:
The --proxy option does not allow you to specify which network the VIF is attached to
It will default to "Pool wide network associated with eth0"

️ Production Use Warning:
Use at your own risk. Not advised for use in production environments.

This feature is provided for testing and development purposes. For production deployments, it is recommended to manually configure proxy VMs with proper network planning and validation.

While can add host and remote via proxy. Backups will fail with the following error.

backupNg.runJob
{
  "id": "95ac8089-69f3-404e-b902-21d0e878eec2",
  "schedule": "76989b41-8bcf-4438-833a-84ae80125367"
}
{
  "code": -32000,
  "data": {
    "stack": "TypeError: licenses.find is not a function
    at Function.<anonymous> (file:///usr/local/lib/node_modules/@xen-orchestra/proxy/app/mixins/appliance.mjs:168:23)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at file:///usr/local/lib/node_modules/@xen-orchestra/proxy/app/mixins/backups.mjs:110:25"
  },
  "message": "licenses.find is not a function"
}

I appreciate the comments and they are all welcome. Do keep note that I did say this is not Production ready and use at your own risk. If you see anything that is wrong please provide suggest feedback to correct said issue.

I just started running my home lab from this version yesterday. I imported my config from previous XO. Today i saw 4 new commits and the update function updated to the latest commit. Backups have run with no issue.

As I can only test in my home lab I can only speak of my own experiences.

@dcskinner

Yes I get what you say about the confusion with XO vs XOA. I know there is another person who maintains an install script calls it XO-CE but didnt want to call mine that specifically.

As for the feature set. You get full feature set when you install from sources. You just dont get paid support.

I have just not implemented the process of setting up a proxy via the script.

Edit - Updated title