XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. ditzy-olive
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 7
    • Posts 17
    • Groups 0

    ditzy-olive

    @ditzy-olive

    6
    Reputation
    4
    Profile views
    17
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online
    ditzy-olive Unfollow Follow

    Best posts made by ditzy-olive

    • RE: Can't get dns to work with cloud-init on debian11

      @olivierlambert Thanks, just stumbled over this a few minutes ago and tried it, but doesn't work. According to https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting#write-files-to-the-disk

      This currently only works for RHEL-based distributions.

      But this led me to write_files and this works:

      write_files:
  - path: /etc/resolv.conf
    content: |
      domain exmple.com
      search example.com
      nameserver 192.168.20.1

      this is the full configuration I use:

      #cloud-config
hostname: {name}
timezone: Europe/Vienna
users:
  - default
  - name: johndow
    passwd: ****
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin, sudo
    shell: /bin/bash
    lock_passwd: true
    ssh_authorized_keys:
      - ssh-ed25519 AAAA****
write_files:
  - path: /etc/resolv.conf
    content: |
      domain example.com
      search example.com
      nameserver 192.168.20.1
package_update: true
packages:
  - sudo
  - htop
  - vim
  - python
  - tmux
package_upgrade: true
runcmd:
  - sudo reboot

      the Network configuration looks like this:

        version: 2
  ethernets:
    eth0:
      match:
        name: eth0
      addresses:
        - 192.168.20.6/28
      gateway4: 192.168.20.1
    eth1:
      match:
        name: eth1
      addresses:
        - 10.10.10.6/24

      but now it seems I forgot the MTU but this is a different story, thanks for the hint in the right direction.

      posted in Advanced features
      ditzy-oliveD
      ditzy-olive
    • Deploying firewall to XCP-NG with rescue

      Hi, just wanted to share this script I am using to deploy firewall to xcp-ng.
      I'm rather a UFW person or MikroTik with safe mode, but I don't have that on xcp-ng, so meddling with the firewall was always increasing my anxiety levels. So I was using the Hetzner built in vSwitch firewall which is a pain and allows only 10 rules.

      So I made (actually I just told Claude to create this) script that will take the local file called iptables and push that to one or all of my servers I have with hetzner. The script is intended to be called from you local machine, not on the server.

      To be safe that I didn't break anything, it schedules an automatic rollback in 2 minutes, applies the new firewall, checks that ssh is still accessible, then removes the planed rollback.

      #!/bin/bash
# XCP-ng Firewall Deployment Script
# Deploys the unified firewall configuration to all hosts
# Usage: ./deploy-firewall.sh [test|x1|x2|x3|all]

set -e

# Host definitions
X1_IP="167.235.xx.xx"
X2_IP="167.235.xx.xx"
X3_IP="167.235.xx.xx"

FIREWALL_FILE="iptables"
BACKUP_SUFFIX="backup.$(date +%Y%m%d_%H%M%S)"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

print_header() {
    echo -e "${GREEN}================================${NC}"
    echo -e "${GREEN}$1${NC}"
    echo -e "${GREEN}================================${NC}"
}

print_warning() {
    echo -e "${YELLOW}WARNING: $1${NC}"
}

print_error() {
    echo -e "${RED}ERROR: $1${NC}"
}

print_success() {
    echo -e "${GREEN}SUCCESS: $1${NC}"
}

deploy_to_host() {
    local HOST_IP=$1
    local HOST_NAME=$2

    print_header "Deploying to $HOST_NAME ($HOST_IP)"

    echo "1. Checking if 'at' command is available..."
    ssh root@$HOST_IP "command -v at > /dev/null" || {
        print_error "'at' command not found on $HOST_NAME"
        print_warning "Installing 'at' package..."
        ssh root@$HOST_IP "yum install -y at && systemctl enable --now atd" || {
            print_error "Failed to install 'at' on $HOST_NAME"
            return 1
        }
    }

    echo "2. Ensuring atd service is running..."
    ssh root@$HOST_IP "systemctl is-active atd > /dev/null || systemctl start atd" || {
        print_error "Failed to start atd service on $HOST_NAME"
        return 1
    }

    echo "3. Copying firewall configuration..."
    scp $FIREWALL_FILE root@$HOST_IP:/root/iptables.new || {
        print_error "Failed to copy file to $HOST_NAME"
        return 1
    }

    echo "4. Backing up current configuration..."
    ssh root@$HOST_IP "cp /etc/sysconfig/iptables /etc/sysconfig/iptables.$BACKUP_SUFFIX" || {
        print_error "Failed to backup on $HOST_NAME"
        return 1
    }

    echo "5. Creating rollback script..."
    ssh root@$HOST_IP "cat > /root/firewall-rollback.sh << 'ROLLBACK_EOF'
#!/bin/bash
# Automatic firewall rollback script
echo \"[\$(date)] FIREWALL ROLLBACK: Restoring previous configuration\" >> /var/log/firewall-rollback.log
cp /etc/sysconfig/iptables.$BACKUP_SUFFIX /etc/sysconfig/iptables
systemctl restart iptables
echo \"[\$(date)] FIREWALL ROLLBACK: Completed\" >> /var/log/firewall-rollback.log
ROLLBACK_EOF
chmod +x /root/firewall-rollback.sh" || {
        print_error "Failed to create rollback script on $HOST_NAME"
        return 1
    }

    echo "6. Scheduling automatic rollback in 2 minutes..."
    local AT_JOB_ID=$(ssh root@$HOST_IP "echo '/root/firewall-rollback.sh' | at now + 5 minutes 2>&1 | grep 'job' | awk '{print \$2}'")
    if [ -z "$AT_JOB_ID" ]; then
        print_error "Failed to schedule rollback on $HOST_NAME"
        return 1
    fi
    print_warning "Rollback scheduled with job ID: $AT_JOB_ID"
    print_warning "If SSH connection is lost, firewall will auto-rollback in 2 minutes!"

    echo "7. Installing new configuration..."
    ssh root@$HOST_IP "cp /root/iptables.new /etc/sysconfig/iptables" || {
        print_error "Failed to install new config on $HOST_NAME"
        return 1
    }

    echo "8. Restarting iptables service..."
    ssh root@$HOST_IP "systemctl restart iptables" || {
        print_error "Failed to restart iptables on $HOST_NAME"
        print_warning "Manual rollback will occur in 2 minutes..."
        return 1
    }

    echo "9. Waiting 5 seconds before testing SSH..."
    sleep 5

    echo "10. Verifying SSH access..."
    if ssh root@$HOST_IP "echo 'SSH test successful'" 2>/dev/null; then
        print_success "SSH verification successful!"
    else
        print_error "SSH verification failed on $HOST_NAME"
        print_warning "Automatic rollback will occur in ~2 minutes"
        print_warning "You can also use console access to verify or manually rollback"
        return 1
    fi

    echo "11. Canceling automatic rollback..."
    ssh root@$HOST_IP "atrm $AT_JOB_ID" || {
        print_warning "Failed to cancel rollback job - but SSH works, so manual cancellation recommended"
    }
    print_success "Automatic rollback cancelled - firewall is stable!"

    echo "12. Displaying active rules..."
    ssh root@$HOST_IP "iptables -L RH-Firewall-1-INPUT -n | head -20"

    print_success "Deployment to $HOST_NAME completed!"
    echo ""
    return 0
}

test_connectivity() {
    local HOST_IP=$1
    local HOST_NAME=$2

    echo "Testing connectivity to $HOST_NAME..."
    if ping -c 2 $HOST_IP > /dev/null 2>&1; then
        print_success "$HOST_NAME is reachable"
    else
        print_error "$HOST_NAME is not reachable"
        return 1
    fi

    if ssh -o ConnectTimeout=5 root@$HOST_IP "echo 'SSH OK'" > /dev/null 2>&1; then
        print_success "SSH to $HOST_NAME is working"
    else
        print_error "SSH to $HOST_NAME failed"
        return 1
    fi

    return 0
}

show_usage() {
    echo "Usage: $0 [test|x1|x2|x3|all|rollback]"
    echo ""
    echo "Commands:"
    echo "  test     - Test connectivity to all hosts without deploying"
    echo "  x1       - Deploy to x1 only ($X1_IP)"
    echo "  x2       - Deploy to x2 only ($X2_IP)"
    echo "  x3       - Deploy to x3 only ($X3_IP)"
    echo "  all      - Deploy to all hosts (x1, x2, x3)"
    echo "  rollback - Manually rollback firewall on specified host"
    echo ""
    echo "Examples:"
    echo "  $0 x3                    # Test deployment on x3 first"
    echo "  $0 all                   # Deploy to all hosts"
    echo "  $0 rollback x3           # Manually rollback x3"
    echo ""
    echo "Safety Features:"
    echo "  - Automatic rollback scheduled for 2 minutes after deployment"
    echo "  - Rollback is cancelled only if SSH verification succeeds"
    echo "  - If you lose SSH access, firewall auto-reverts in 2 minutes"
    exit 1
}

manual_rollback() {
    local HOST_IP=$1
    local HOST_NAME=$2

    if [ -z "$HOST_IP" ]; then
        print_error "Please specify host: x1, x2, or x3"
        echo "Example: $0 rollback x3"
        exit 1
    fi

    print_header "Manual Rollback on $HOST_NAME ($HOST_IP)"

    echo "1. Finding latest backup..."
    local BACKUP_FILE=$(ssh root@$HOST_IP "ls -t /etc/sysconfig/iptables.backup.* 2>/dev/null | head -1")

    if [ -z "$BACKUP_FILE" ]; then
        print_error "No backup file found on $HOST_NAME"
        echo "Available files:"
        ssh root@$HOST_IP "ls -la /etc/sysconfig/iptables*"
        return 1
    fi

    echo "Latest backup: $BACKUP_FILE"

    echo "2. Restoring backup..."
    ssh root@$HOST_IP "cp $BACKUP_FILE /etc/sysconfig/iptables" || {
        print_error "Failed to restore backup"
        return 1
    }

    echo "3. Restarting iptables..."
    ssh root@$HOST_IP "systemctl restart iptables" || {
        print_error "Failed to restart iptables"
        return 1
    }

    echo "4. Verifying SSH access..."
    sleep 2
    ssh root@$HOST_IP "echo 'SSH test successful'" || {
        print_error "SSH verification failed - you may need console access"
        return 1
    }

    print_success "Rollback completed successfully on $HOST_NAME!"

    echo "5. Current rules:"
    ssh root@$HOST_IP "iptables -L RH-Firewall-1-INPUT -n | head -10"
}

# Main script
if [ ! -f "$FIREWALL_FILE" ]; then
    print_error "Firewall configuration file '$FIREWALL_FILE' not found!"
    exit 1
fi

case "$1" in
    test)
        print_header "Testing Connectivity"
        test_connectivity $X1_IP "x1" || echo ""
        test_connectivity $X2_IP "x2" || echo ""
        test_connectivity $X3_IP "x3" || echo ""
        ;;
    x1)
        deploy_to_host $X1_IP "x1"
        ;;
    x2)
        deploy_to_host $X2_IP "x2"
        ;;
    x3)
        deploy_to_host $X3_IP "x3"
        ;;
    rollback)
        case "$2" in
            x1)
                manual_rollback $X1_IP "x1"
                ;;
            x2)
                manual_rollback $X2_IP "x2"
                ;;
            x3)
                manual_rollback $X3_IP "x3"
                ;;
            *)
                manual_rollback "" ""
                ;;
        esac
        ;;
    all)
        print_warning "This will deploy to ALL hosts!"
        read -p "Are you sure? (yes/no): " confirm
        if [ "$confirm" != "yes" ]; then
            echo "Deployment cancelled."
            exit 0
        fi

        deploy_to_host $X3_IP "x3" || exit 1
        sleep 2
        deploy_to_host $X1_IP "x1" || exit 1
        sleep 2
        deploy_to_host $X2_IP "x2" || exit 1

        print_header "Deployment Summary"
        print_success "All hosts deployed successfully!"
        echo ""
        echo "Next steps:"
        echo "1. Test VM internet connectivity on all hosts"
        echo "2. Test VM migration between hosts"
        echo "3. Disable Hetzner vSwitch firewall"
        ;;
    *)
        show_usage
        ;;
esac
      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • RE: suggestions for upgrade path XCP-ng 8.2.1 -> XCP-ng 8.3.0

      @olivierlambert perfect. Thanks. Am currently doing exactly that.
      Had to fiddle a bit with the hetzner vSwtitch Firewall, if I find the time I will post some instructions that could maybe help others as well.

      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive

    Latest posts made by ditzy-olive

    • RE: Deploying firewall to XCP-NG with rescue

      @bleader thanks for the tip. You see my knowledge in redhat based systems is almost non existant. Think I'm almost 99% debian and 1% ubuntu (and that not by choice)
      So I will take care of redeploying the script as soon as I upgrade, should be easily noticeable since monitoring will loose access and yell at me.

      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • Deploying firewall to XCP-NG with rescue

      Hi, just wanted to share this script I am using to deploy firewall to xcp-ng.
      I'm rather a UFW person or MikroTik with safe mode, but I don't have that on xcp-ng, so meddling with the firewall was always increasing my anxiety levels. So I was using the Hetzner built in vSwitch firewall which is a pain and allows only 10 rules.

      So I made (actually I just told Claude to create this) script that will take the local file called iptables and push that to one or all of my servers I have with hetzner. The script is intended to be called from you local machine, not on the server.

      To be safe that I didn't break anything, it schedules an automatic rollback in 2 minutes, applies the new firewall, checks that ssh is still accessible, then removes the planed rollback.

      #!/bin/bash
# XCP-ng Firewall Deployment Script
# Deploys the unified firewall configuration to all hosts
# Usage: ./deploy-firewall.sh [test|x1|x2|x3|all]

set -e

# Host definitions
X1_IP="167.235.xx.xx"
X2_IP="167.235.xx.xx"
X3_IP="167.235.xx.xx"

FIREWALL_FILE="iptables"
BACKUP_SUFFIX="backup.$(date +%Y%m%d_%H%M%S)"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

print_header() {
    echo -e "${GREEN}================================${NC}"
    echo -e "${GREEN}$1${NC}"
    echo -e "${GREEN}================================${NC}"
}

print_warning() {
    echo -e "${YELLOW}WARNING: $1${NC}"
}

print_error() {
    echo -e "${RED}ERROR: $1${NC}"
}

print_success() {
    echo -e "${GREEN}SUCCESS: $1${NC}"
}

deploy_to_host() {
    local HOST_IP=$1
    local HOST_NAME=$2

    print_header "Deploying to $HOST_NAME ($HOST_IP)"

    echo "1. Checking if 'at' command is available..."
    ssh root@$HOST_IP "command -v at > /dev/null" || {
        print_error "'at' command not found on $HOST_NAME"
        print_warning "Installing 'at' package..."
        ssh root@$HOST_IP "yum install -y at && systemctl enable --now atd" || {
            print_error "Failed to install 'at' on $HOST_NAME"
            return 1
        }
    }

    echo "2. Ensuring atd service is running..."
    ssh root@$HOST_IP "systemctl is-active atd > /dev/null || systemctl start atd" || {
        print_error "Failed to start atd service on $HOST_NAME"
        return 1
    }

    echo "3. Copying firewall configuration..."
    scp $FIREWALL_FILE root@$HOST_IP:/root/iptables.new || {
        print_error "Failed to copy file to $HOST_NAME"
        return 1
    }

    echo "4. Backing up current configuration..."
    ssh root@$HOST_IP "cp /etc/sysconfig/iptables /etc/sysconfig/iptables.$BACKUP_SUFFIX" || {
        print_error "Failed to backup on $HOST_NAME"
        return 1
    }

    echo "5. Creating rollback script..."
    ssh root@$HOST_IP "cat > /root/firewall-rollback.sh << 'ROLLBACK_EOF'
#!/bin/bash
# Automatic firewall rollback script
echo \"[\$(date)] FIREWALL ROLLBACK: Restoring previous configuration\" >> /var/log/firewall-rollback.log
cp /etc/sysconfig/iptables.$BACKUP_SUFFIX /etc/sysconfig/iptables
systemctl restart iptables
echo \"[\$(date)] FIREWALL ROLLBACK: Completed\" >> /var/log/firewall-rollback.log
ROLLBACK_EOF
chmod +x /root/firewall-rollback.sh" || {
        print_error "Failed to create rollback script on $HOST_NAME"
        return 1
    }

    echo "6. Scheduling automatic rollback in 2 minutes..."
    local AT_JOB_ID=$(ssh root@$HOST_IP "echo '/root/firewall-rollback.sh' | at now + 5 minutes 2>&1 | grep 'job' | awk '{print \$2}'")
    if [ -z "$AT_JOB_ID" ]; then
        print_error "Failed to schedule rollback on $HOST_NAME"
        return 1
    fi
    print_warning "Rollback scheduled with job ID: $AT_JOB_ID"
    print_warning "If SSH connection is lost, firewall will auto-rollback in 2 minutes!"

    echo "7. Installing new configuration..."
    ssh root@$HOST_IP "cp /root/iptables.new /etc/sysconfig/iptables" || {
        print_error "Failed to install new config on $HOST_NAME"
        return 1
    }

    echo "8. Restarting iptables service..."
    ssh root@$HOST_IP "systemctl restart iptables" || {
        print_error "Failed to restart iptables on $HOST_NAME"
        print_warning "Manual rollback will occur in 2 minutes..."
        return 1
    }

    echo "9. Waiting 5 seconds before testing SSH..."
    sleep 5

    echo "10. Verifying SSH access..."
    if ssh root@$HOST_IP "echo 'SSH test successful'" 2>/dev/null; then
        print_success "SSH verification successful!"
    else
        print_error "SSH verification failed on $HOST_NAME"
        print_warning "Automatic rollback will occur in ~2 minutes"
        print_warning "You can also use console access to verify or manually rollback"
        return 1
    fi

    echo "11. Canceling automatic rollback..."
    ssh root@$HOST_IP "atrm $AT_JOB_ID" || {
        print_warning "Failed to cancel rollback job - but SSH works, so manual cancellation recommended"
    }
    print_success "Automatic rollback cancelled - firewall is stable!"

    echo "12. Displaying active rules..."
    ssh root@$HOST_IP "iptables -L RH-Firewall-1-INPUT -n | head -20"

    print_success "Deployment to $HOST_NAME completed!"
    echo ""
    return 0
}

test_connectivity() {
    local HOST_IP=$1
    local HOST_NAME=$2

    echo "Testing connectivity to $HOST_NAME..."
    if ping -c 2 $HOST_IP > /dev/null 2>&1; then
        print_success "$HOST_NAME is reachable"
    else
        print_error "$HOST_NAME is not reachable"
        return 1
    fi

    if ssh -o ConnectTimeout=5 root@$HOST_IP "echo 'SSH OK'" > /dev/null 2>&1; then
        print_success "SSH to $HOST_NAME is working"
    else
        print_error "SSH to $HOST_NAME failed"
        return 1
    fi

    return 0
}

show_usage() {
    echo "Usage: $0 [test|x1|x2|x3|all|rollback]"
    echo ""
    echo "Commands:"
    echo "  test     - Test connectivity to all hosts without deploying"
    echo "  x1       - Deploy to x1 only ($X1_IP)"
    echo "  x2       - Deploy to x2 only ($X2_IP)"
    echo "  x3       - Deploy to x3 only ($X3_IP)"
    echo "  all      - Deploy to all hosts (x1, x2, x3)"
    echo "  rollback - Manually rollback firewall on specified host"
    echo ""
    echo "Examples:"
    echo "  $0 x3                    # Test deployment on x3 first"
    echo "  $0 all                   # Deploy to all hosts"
    echo "  $0 rollback x3           # Manually rollback x3"
    echo ""
    echo "Safety Features:"
    echo "  - Automatic rollback scheduled for 2 minutes after deployment"
    echo "  - Rollback is cancelled only if SSH verification succeeds"
    echo "  - If you lose SSH access, firewall auto-reverts in 2 minutes"
    exit 1
}

manual_rollback() {
    local HOST_IP=$1
    local HOST_NAME=$2

    if [ -z "$HOST_IP" ]; then
        print_error "Please specify host: x1, x2, or x3"
        echo "Example: $0 rollback x3"
        exit 1
    fi

    print_header "Manual Rollback on $HOST_NAME ($HOST_IP)"

    echo "1. Finding latest backup..."
    local BACKUP_FILE=$(ssh root@$HOST_IP "ls -t /etc/sysconfig/iptables.backup.* 2>/dev/null | head -1")

    if [ -z "$BACKUP_FILE" ]; then
        print_error "No backup file found on $HOST_NAME"
        echo "Available files:"
        ssh root@$HOST_IP "ls -la /etc/sysconfig/iptables*"
        return 1
    fi

    echo "Latest backup: $BACKUP_FILE"

    echo "2. Restoring backup..."
    ssh root@$HOST_IP "cp $BACKUP_FILE /etc/sysconfig/iptables" || {
        print_error "Failed to restore backup"
        return 1
    }

    echo "3. Restarting iptables..."
    ssh root@$HOST_IP "systemctl restart iptables" || {
        print_error "Failed to restart iptables"
        return 1
    }

    echo "4. Verifying SSH access..."
    sleep 2
    ssh root@$HOST_IP "echo 'SSH test successful'" || {
        print_error "SSH verification failed - you may need console access"
        return 1
    }

    print_success "Rollback completed successfully on $HOST_NAME!"

    echo "5. Current rules:"
    ssh root@$HOST_IP "iptables -L RH-Firewall-1-INPUT -n | head -10"
}

# Main script
if [ ! -f "$FIREWALL_FILE" ]; then
    print_error "Firewall configuration file '$FIREWALL_FILE' not found!"
    exit 1
fi

case "$1" in
    test)
        print_header "Testing Connectivity"
        test_connectivity $X1_IP "x1" || echo ""
        test_connectivity $X2_IP "x2" || echo ""
        test_connectivity $X3_IP "x3" || echo ""
        ;;
    x1)
        deploy_to_host $X1_IP "x1"
        ;;
    x2)
        deploy_to_host $X2_IP "x2"
        ;;
    x3)
        deploy_to_host $X3_IP "x3"
        ;;
    rollback)
        case "$2" in
            x1)
                manual_rollback $X1_IP "x1"
                ;;
            x2)
                manual_rollback $X2_IP "x2"
                ;;
            x3)
                manual_rollback $X3_IP "x3"
                ;;
            *)
                manual_rollback "" ""
                ;;
        esac
        ;;
    all)
        print_warning "This will deploy to ALL hosts!"
        read -p "Are you sure? (yes/no): " confirm
        if [ "$confirm" != "yes" ]; then
            echo "Deployment cancelled."
            exit 0
        fi

        deploy_to_host $X3_IP "x3" || exit 1
        sleep 2
        deploy_to_host $X1_IP "x1" || exit 1
        sleep 2
        deploy_to_host $X2_IP "x2" || exit 1

        print_header "Deployment Summary"
        print_success "All hosts deployed successfully!"
        echo ""
        echo "Next steps:"
        echo "1. Test VM internet connectivity on all hosts"
        echo "2. Test VM migration between hosts"
        echo "3. Disable Hetzner vSwitch firewall"
        ;;
    *)
        show_usage
        ;;
esac
      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • RE: Large VM Migration fails, host has free disk - Storage_error

      I managed to do the migration by splitting over the two storages the remove system has.
      This made it work and I managed to move that one VM. However I still have a second one 😞
      It's thick provisioned (LVM - never can remember the terms thin/thick).
      Offline isn't an option unfortunately since I need the services running, can't take if off for 15 hours. But since two of the services are docker containers, both having a separate disk of 500GB, I can make it work by setting up a two new systems and moving everything from the container there. Which would reduce the size by 1TB and make thing easier to manage.
      Was hoping I could finally upgrade the main xcp-ng last weekend.

      posted in Xen Orchestra
      ditzy-oliveD
      ditzy-olive
    • RE: Large VM Migration fails, host has free disk - Storage_error

      @Pilow both are local.
      the host where it's being moved from has 2.3 TB free the host where it's being migrated to has 3TB Free.
      I moved other VM without any issue.

      posted in Xen Orchestra
      ditzy-oliveD
      ditzy-olive
    • Large VM Migration fails, host has free disk - Storage_error

      I am trying to migrate a rather large vm 1.6T of disks in total.
      It runs for 15 Hours and then fails with There is insufficient space
      The target xcp-ng however has 3.09TB of disk free so I am a bit confused where the insufficient space is coming from.
      They hosts are running XCP-ng 8.2.1, other VM could be migrated without issue but struggling with this large one.
      I could potentially start splitting the services from the VM into smaller VM which wouldn't be a bad idea anyway, but still would like to understand how to debug this.

      "(((process xapi)(filename ocaml/xapi/xapi_vm_migrate.ml)(line 1564))((process xapi)(filename lib/xapi-stdext-pervasives/pervasiveext.ml)(line 24))((process xapi)(filename lib/xapi-stdext-pervasives/pervasiveext.ml)(line 35))((process xapi)(filename ocaml/xapi/message_forwarding.ml)(line 131))((process xapi)(filename lib/xapi-stdext-pervasives/pervasiveext.ml)(line 24))((process xapi)(filename lib/xapi-stdext-pervasives/pervasiveext.ml)(line 35))((process xapi)(filename lib/xapi-stdext-pervasives/pervasiveext.ml)(line 24))((process xapi)(filename ocaml/xapi/rbac.ml)(line 205))((process xapi)(filename ocaml/xapi/server_helpers.ml)(line 95)))"
message	"INTERNAL_ERROR(Storage_error ([S(Internal_error);S(Storage_error ([S(Internal_error);S(Storage_error ([S(Internal_error);S(Storage_error ([S(Backend_error);[S(SR_BACKEND_FAILURE_44);[S();S(There is insufficient space);S()]]]))]))]))]))"
name	"XapiError"
stack	"XapiError: INTERNAL_ERROR(Storage_error ([S(Internal_error);S(Storage_error ([S(Internal_error);S(Storage_error ([S(Internal_error);S(Storage_error ([S(Backend_error);[S(SR_BACKEND_FAILURE_44);[S();S(There is insufficient space);S()]]]))]))]))]))\n    at Function.wrap (file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/_XapiError.mjs:16:12)\n    at default (file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/_getTaskResult.mjs:13:29)\n    at Xapi._addRecordToCache (file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/index.mjs:1073:24)\n    at file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/index.mjs:1107:14\n    at Array.forEach (<anonymous>)\n    at Xapi._processEvents (file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/index.mjs:1097:12)\n    at Xapi._watchEvents (file:///opt/xo/xo-builds/xen-orchestra-202512060836/packages/xen-api/index.mjs:1270:14)
      posted in Xen Orchestra
      ditzy-oliveD
      ditzy-olive
    • RE: suggestions for upgrade path XCP-ng 8.2.1 -> XCP-ng 8.3.0

      @olivierlambert perfect. Thanks. Am currently doing exactly that.
      Had to fiddle a bit with the hetzner vSwtitch Firewall, if I find the time I will post some instructions that could maybe help others as well.

      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • RE: suggestions for upgrade path XCP-ng 8.2.1 -> XCP-ng 8.3.0

      @Forza thanks. But as @normanghenderson a live migrate from 8.2 -> 8.3 didn't work for me either.
      I tried that approach first, made the 8.3 to a new pool but it delivered some XCP API Errors ... which thinking of it now might have been a firewall issue but I manually checked access between the systems and everything seemed fine.
      I now have everything running on 8.2. Have some non important VM on the new server that is 8.2 and will upgrade that one to 8.3 then see if I can migrate other VM away from the 8.2 systems.
      If that works, I'm all good. If not ... I will have to start over from scratch.

      But thanks everyone for the quick replies.

      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • suggestions for upgrade path XCP-ng 8.2.1 -> XCP-ng 8.3.0

      Hi xcp-ng community,
      I've have a xcp-ng setup consisting out of a pool of two servers that are both running XCP-ng 8.2.1, yes yes, I know it's outdated and I should have upgraded. Don't judge please, it's been a rough year.
      Now I've finally made time to setup a third server so I can migrate and upgrade the others. This is where my problems started, I can't add the new xcp-ng running 8.3.0 to the existing pool.
      I'm getting an error "message": "The hosts are not compatible",
      Which I assume is based on the fact that they are running different xcp-ng versions.

      I was thinking of two paths out of this mess.

      1. Reinstall the new server with 8.2.1, adding it to the pool then migrate VMs and start upgrading.
      2. Upgrade the existing servers then add the new one to the pool.

      The 2nd option sounds like the more reasonable idea but it just feels scary to install an iso over an existing system.

      Was just hoping to be able to move the VM off to the new server and start a rolling upgrade but since I can't add it to the pool it seems that I have to take the risk.

      Any suggestions how I could do this better? Or what to pay attention to?

      Thanks

      posted in XCP-ng
      ditzy-oliveD
      ditzy-olive
    • RE: Task stuck at "Importing content into VDI XO"

      @olivierlambert weird, I tried the restart, because I'm doing that a lot now since I have some backup issues.
      Need to move my old (very old) datacenter to the new XCP-NG Server and after that I can get to upgrading XO.

      posted in Advanced features
      ditzy-oliveD
      ditzy-olive
    • Task stuck at "Importing content into VDI XO"

      I might be running into this issue, not sure however, will upgrade my xen Orchestra soon to confirm
      https://github.com/vatesfr/xen-orchestra/issues/5896

      but for now I would just like to know how I can cancel these tasks. I have two of them running, cancel and Disabled buttons are not active.

      Here's what I did. I added a new Physical machine, so far I have only moved some VM to that machine from the first one.
      Now for the first time I created a new Machine with the Debian 11 cloud template, and the tasks that are stuck [XO] Importing content into VDI XO CloudConfigDrive (on x1.example.com) 0% show x1 which is my first physical machine. I have no idea why it would be running there.

      RobertH1993 created this issue in vatesfr/xen-orchestra

      closed [BUG] Adding new cloud-init VM causes hanging VDI imports. #5896

      posted in Advanced features
      ditzy-oliveD
      ditzy-olive