@ph7 This update only covers the security issue described above. Fix for the stats issue will roll out later.
andriy.sultanov
@andriy.sultanov
Best posts made by andriy.sultanov
-
RE: XCP-ng 8.3 updates announcements and testing
-
RE: PCI device doesn't show in XO or xe pci-list
@chicagomed Could you (and others with the issue) please post the output of
lspci -mnn
for the devices that are not shown inxe pci-list
?XAPI filters for PCI devices with classes 01XX, 02XX, and 03XX as a safety measure (better to be safe than sorry in avoiding passthrough of critical devices), but perhaps we could reasonably expand this filter.
-
RE: Installation: expecting an rsa key, any plans to support elliptic curve keys?
@jivanpal We do not currently have any plans to support elliptic curve keys - this is a very sensitive topic given different governmental security requirements around the world.
Note that Let's Encrypt recommends a dual setup for this exact reason: "Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support." (https://letsencrypt.org/docs/integration-guide/)
-
RE: Unable to enable High Availability - INTERNAL_ERROR(Not_found)
@jmannik Please upload your
/var/log/xensource.log
from the time of the error, otherwise it's hard to see what went wrong -
RE: "Block migraton" option on the VM´s Advanced tab
@panzersrmm said in "Block migraton" option on the VM´s Advanced tab:
Hi! Is there a VM parameter that saves this "Block migration" UI button?
I wasn't able to identify which one it is with command:
xe vm-param-list uuid=<VMuuid>
Thank you!
How do you mean? Is the XO option not persistent?
XO sets these parameters:
# xe vm-list uuid=$UUID params=blocked-operations blocked-operations (MRW) : pool_migrate: true; migrate_send: true
Which you can set like this yourself:
# xe vm-param-set uuid=$UUID blocked-operations:migrate_send=true # xe vm-param-set uuid=$UUID blocked-operations:pool_migrate=true
-
RE: USB Passthrough has stopped working after update and updating usb-policy.conf
@techjeff I'll fix the script to not choke on empty lines - thanks for the spot!
Our documentation (https://docs.xcp-ng.org/compute/#passing-through-keyboards-and-mice) does say to run
usb_scan.py -d
to verify the config file, though the error wasn't particularly helpful...The config file also specifies its "syntax is an ordered list of rules", maybe the fact that the order is important could be worth emphasizing even more?
-
RE: Pass Through of USB Storage Adapters Not Working
@olivierlambert The only discussion about USB3 that I'm aware of is about making USB3 passthrough faster (https://github.com/xapi-project/xen-api/issues/6389). Not being able to see them in the guest OS at all would indicate a different issue...
-
RE: XCP-ng 8.3 updates announcements and testing
@Greg_E Thanks, but that will not be necessary - I think I've figured out where the problem lies now. Good luck with the move
-
RE: Setting Video RAM above 16MB
@olivierlambert @hitechhillbilly
I don't see any indications that it's capped at 16... it's at least 16 with a VGPU, but otherwise the value is just passed through to QEMU (which might do some capping of its own ...)
You should be able to see how much your VM booted with:
xe vm-param-list uuid=VM_UUID | grep video_mib
And set it to a bigger value with:
xe vm-param-set uuid=VM_UUID platform:videoram=32
-
RE: CPU Stats bottoming out to Zero every five minutes
@olivierlambert I think this has already been fixed upstream (https://github.com/xapi-project/xen-api/pull/6458) - I will backport it for the release after the LTS and see if it fixes the issue for people in this thread.
Latest posts made by andriy.sultanov
-
RE: Unable to enable High Availability - INTERNAL_ERROR(Not_found)
@jmannik Please upload your
/var/log/xensource.log
from the time of the error, otherwise it's hard to see what went wrong -
RE: "ACLs" and "VM creator" options on the VM´s Advanced tab
@panzersrmm I don't think these are saved in the XAPI VM object (that you are querying with
xe
) - these are tracked by XOA itself. -
RE: "Block migraton" option on the VM´s Advanced tab
@panzersrmm said in "Block migraton" option on the VM´s Advanced tab:
Hi! Is there a VM parameter that saves this "Block migration" UI button?
I wasn't able to identify which one it is with command:
xe vm-param-list uuid=<VMuuid>
Thank you!
How do you mean? Is the XO option not persistent?
XO sets these parameters:
# xe vm-list uuid=$UUID params=blocked-operations blocked-operations (MRW) : pool_migrate: true; migrate_send: true
Which you can set like this yourself:
# xe vm-param-set uuid=$UUID blocked-operations:migrate_send=true # xe vm-param-set uuid=$UUID blocked-operations:pool_migrate=true
-
RE: PCI device doesn't show in XO or xe pci-list
@chicagomed Could you (and others with the issue) please post the output of
lspci -mnn
for the devices that are not shown inxe pci-list
?XAPI filters for PCI devices with classes 01XX, 02XX, and 03XX as a safety measure (better to be safe than sorry in avoiding passthrough of critical devices), but perhaps we could reasonably expand this filter.
-
RE: USB Passthrough has stopped working after update and updating usb-policy.conf
@techjeff I'll fix the script to not choke on empty lines - thanks for the spot!
Our documentation (https://docs.xcp-ng.org/compute/#passing-through-keyboards-and-mice) does say to run
usb_scan.py -d
to verify the config file, though the error wasn't particularly helpful...The config file also specifies its "syntax is an ordered list of rules", maybe the fact that the order is important could be worth emphasizing even more?
-
RE: Installation: expecting an rsa key, any plans to support elliptic curve keys?
@jivanpal We do not currently have any plans to support elliptic curve keys - this is a very sensitive topic given different governmental security requirements around the world.
Note that Let's Encrypt recommends a dual setup for this exact reason: "Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support." (https://letsencrypt.org/docs/integration-guide/)
-
RE: PCI Passthorugh INTERNAL_ERROR
@TITUS-MAXIMUS You are correct. Sorry, the command to run is
/opt/xensource/libexec/xen-cmdline --get-dom0 xen-pciback.hide
- does this return anything? what's the return code of the command? -
RE: PCI Passthorugh INTERNAL_ERROR
@TITUS-MAXIMUS
--get-dom0
being empty means no PCI devices were hidden from dom0 either, did you follow this step of the guide? https://docs.xcp-ng.org/compute/#2-tell-xcp-ng-not-to-use-this-device-id-for-dom0 -
RE: PCI Passthorugh INTERNAL_ERROR
@TITUS-MAXIMUS Could you please attach
/var/log/xensource.log
from the time of the error? Would be very useful to have a backtrace from where the error occurs -
RE: Setting Video RAM above 16MB
@olivierlambert @hitechhillbilly
I don't see any indications that it's capped at 16... it's at least 16 with a VGPU, but otherwise the value is just passed through to QEMU (which might do some capping of its own ...)
You should be able to see how much your VM booted with:
xe vm-param-list uuid=VM_UUID | grep video_mib
And set it to a bigger value with:
xe vm-param-set uuid=VM_UUID platform:videoram=32