1. Home
  2. Xen Orchestra

Subcategories

  • VMs, hosts, pools, networks and all other usual management tasks.

    457 Topics
    3k Posts
    A
    @olivierlambert I would think HP servers would be a top tier for IPMI support.... please...

  • ACLs, Self-service, Cloud-init, Load balancing...

    102 Topics
    841 Posts
    C
    We are trying to use the OIDC auth plugin to enable login to our Xen Orchestra without local accounts. We registered a client with our identity provider and got a client id, client secret and the auto-discovery url. That we used to configure the plugin. However, if we login we get redirected back from the identity provider to the XO callback url and receive then an "Internal Server Error" The callback URL is as follow: https://xoa.domain.com/signin/oidc/callback?state=STRING&scope=profile+openid&code=STRING&iss=https://identity-provider.url&client_id=XXXXX In the log file we see then the following 4 lines: mrt 25 12:29:25 vm-xoa xo-server[2618522]: Expected values to be strictly equal: mrt 25 12:29:25 vm-xoa xo-server[2618522]: + actual - expected mrt 25 12:29:25 vm-xoa xo-server[2618522]: + 'undefined' mrt 25 12:29:25 vm-xoa xo-server[2618522]: - 'string' If we change both the username field and the scope to email, we get the same Internal Server Error, but with a different single log line: mrt 25 13:18:04 vm-xoa xo-server[2618522]: Cannot read properties of undefined (reading '0') Because we are getting redirected back from our identity provider to Xen Orchestra we guess that the issue is not there. We also get in the browser a SAML response with the userdata. Running a wireshark on the server shows also traffic between Xen Orchestra and the identity provider, but unfortunately we cannot look in the contents of that traffic stream. Setting the log level to debug does unfortunately not produce more (error) output. We are running Xen Orchestra with commit c3dcb and the auth-oidc (v0.4.2) plugin Is there an other way to figure out what is going wrong?

  • All XO backup features: full and incremental, replication, mirrors...

    481 Topics
    5k Posts
    M
    We currently perform: hourly CR during business hours - retention 15 daily full CR at 8 pm (full) - retention 1 I am happy with this; however, I am not 100% sure how best to manage the offsite backups. We currently perform: Daily Delta at 8 pm I wanted to add to this: 2) a weekly full backup - retention 8 3) a monthly full backup - retention 12 My question is, how can I schedule these three so they do not conflict with each other? can run Mon-Thurs at 8pm can run Fri at 8pm (usually takes 3 days to complete a full offsite) will conflict with 2

  • Everything related to Xen Orchestra's REST API

    83 Topics
    624 Posts
    K
    @gduperrey Worked swell, thanks

  • Terraform, Packer or any tool to do IaC

    49 Topics
    463 Posts
    dalemD
    Version 1.4.0 is released: https://codeberg.org/NiXOA/system/releases/tag/v1.4.0 It includes significant changes and improvements, including: dedicated getting started section, migration to valkey, only needing to clone system, and helper scripts. the xen-orchestra-ce nixpkg now references the libvhdi nixpkg, and the core flake now references and pulls from the xen-orchestra-ce repo as an overlay. System (the user input flake) now uses the Core repo as an overlay, reducing the need to clone both locally AND allowing system to pull new updates and releases from core. XO, and libvhdi as needed. The next goal is: Make an xsconsole-like TUI Automate package updates for libvhdi and xen-orchestra-ce using CI/CD pipelines Submit libvhdi and xen-orchestra-ce as official nixpkgs
Log in to post
Load new posts
  • M

    How to Install XCP-ng Guest Tools to VM?

    14
    0 Votes
    14 Posts
    23k Views
    JamfoFLJ
    @MichaelCropper That's awesome! I'm glad the usual computer pixie dust fairies dropped by and fixed the issue for you. Poor Windows though... you initially laid the blame at their feet, but it seems more like this was a Google Chrome issue. I've noted a LOT of peculiarities with Google Chrome as of late and have started to migrate away for that reason. Reading a lot of forums on Reddit and other IT sources, this seems to be something that is pretty wide-spread. In any case, it's working for you now... until Google changes something again. LOL I hope you have a great weekend!
  • Z

    Xen-Orchestra unsupported on freeBSD because of fuse-shared-library?

    truenas sources
    2
    0 Votes
    2 Posts
    858 Views
    olivierlambertO
    Hi, I think it's used for file level restore on S3 enabled backup. It's not crucial as long as you don't need to restore individual files on S3, obviously. @julien-f is there a way to avoid this dep manually in order to build the rest of XO?
  • K

    Question regarding copying of VMs within storage pool

    Solved
    9
    0 Votes
    9 Posts
    2k Views
    K
    @olivierlambert Well damn -- you're right. Well VM now up and running. Just have to figure out how networking works in this new copied VM. Thanks for help.
  • AtaxyaNetworkA

    "Remove" TOTP on a user account

    in backlog
    5
    0 Votes
    5 Posts
    1k Views
    AtaxyaNetworkA
    @julien-f Hello ! Ok, not problem, I hope it will arrive soon in the UI Thank you for the command, I don't think I saw this command in the docs, maybe I can add it ^^ I will look, and I will make a PR if I found in which section I can add the command
  • C

    Health Check

    Unsolved
    21
    2
    0 Votes
    21 Posts
    7k Views
    olivierlambertO
    I was about to post here but you were even faster
  • A

    Private Connection Grey Out On XOA

    10
    1
    0 Votes
    10 Posts
    2k Views
    slamj1S
    Hi @BenjiReis, the certificate procedure I posted yesterday isn't quite right and although the plugin will enable, TLS will not negotiate. My openssl.conf defaults to adding x509v3 attributes that breaks the TLS negotiation process. Here's the correct procedure on Rocky Linux 9. Should work for most other recent Linux flavors. Create a temporary directory to work in, and copy your OS's openssl.cnf file into it. Edit the [ v3_ca ] section so it only has the following 2 entries: subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer Now create the CA (run all commands in your tmp directory). I am also now using 4096 bit strength: openssl genrsa 4096 > ca-key.pem openssl req -new -x509 -config ./openssl.cnf -nodes -days 365000 -key ca-key.pem -out ca-cert.pem ** The server certificate step in the previous post is not necessary so just skip it. Now create a file called client_attr.cnf and put the following entries in it: subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer Now Create the client certificate: openssl req -newkey rsa:4096 -nodes -keyout client-key.pem -out client-req.pem openssl x509 -req -days 365000 -set_serial 01 -in client-req.pem -out client-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -extfile ./client_attr.cnf The ca-cert.pem and client_cert.pem should now conform to the correct x509 format that will work with XOA and hence cross-server private networking. Sorry for the incorrect procedure, it was a late night Cheers.
  • gskgerG

    XO from source - Pool support not available for source users?

    5
    1
    1 Votes
    5 Posts
    2k Views
    olivierlambertO
    Should be merged soon: https://github.com/vatesfr/xen-orchestra/pull/6517/files Thanks @MathieuRA MathieuRA opened this pull request in vatesfr/xen-orchestra closed fix(xo-web): "Pro Support" instead of "pool support" in XCP-ng support tooltips #6517
  • M

    Xen Orchestra Community Edition won't let me Create my initial Virtual Machine via the Wizard.

    creating virtual disk virtual machine not working help
    5
    0 Votes
    5 Posts
    2k Views
    olivierlambertO
    Please print the output of xl info and xl dmesg
  • T

    Backup through XO fails (VHD check error etc.)

    16
    0 Votes
    16 Posts
    3k Views
    T
    @florent I reverted back to: xo-server 5.100.0 xo-web 5.101.0 commit 26e7e and I'm facing the same issues. If you can tell me, which logs you need, I can surely provide them. Thanks!
  • P

    Backup fails - how to investigate

    7
    0 Votes
    7 Posts
    829 Views
    P
    @olivierlambert Without any change in the configuration, the backup now reports to be successful. Next step is to check whether the backups will restore correctly. The mystery still stands - what was wrong previously.
  • A

    connect using external ssh tool

    2
    1
    0 Votes
    2 Posts
    630 Views
    olivierlambertO
    You need to tell your browser how to react on ssh:// and rdp:// link
  • AtaxyaNetworkA

    ACL configuration for independent pool

    5
    0 Votes
    5 Posts
    1k Views
    pdoniasP
    @AtaxyaNetwork No worries! Glad it's working now
  • Spunky_SurveyorS

    VM Creation Date

    2
    1
    0 Votes
    2 Posts
    483 Views
    olivierlambertO
    This is the date get from XAPI. If it was migrated from another host, you have the first time it was visible for this XAPI.
  • wyatt-madeW

    Pools Showing Red Warning Symbol

    7
    0 Votes
    7 Posts
    2k Views
    wyatt-madeW
    Thank you! @olivierlambert @Danp
  • F

    WHMCS integration

    15
    0 Votes
    15 Posts
    4k Views
    olivierlambertO
    We'll be happy to assist on what you need API wise to make it real
  • R

    Can't upgrade XOA from CLI - ENOENT: no such file or directory, mkdir '/tmp/xoa-updater'

    Solved
    5
    0 Votes
    5 Posts
    940 Views
    olivierlambertO
    haha so it was that Lucky guess or experience, call that the way you want
  • planedropP

    Help Me Grasp Templates

    Solved
    7
    1 Votes
    7 Posts
    2k Views
    planedropP
    @olivierlambert This did it, thank you so much!
  • Q

    XS 7.0.0, xoa 5.74.3, no consoles

    11
    0 Votes
    11 Posts
    1k Views
    Q
    @olivierlambert I was not, and cert is invalid, but when I override I get the same result. I will fix the cert and try again.
  • B

    too many tasks

    5
    1
    0 Votes
    5 Posts
    943 Views
    B
    I thought I did that. Oh I see whats happening. My cold moves are freaking out. The first time, I restarted the toolstack for the server I was working on the # of tasks dropped by 50% or so. as soon as I tried my cold move of a VM again, im up to 50-60 tasks again. Going from Xen 7.1 to XCP 7.6. and a Xeon 2630 V3 to a 2620 V0. Which I know is a bad idea, hence the cold move.
  • A

    Unable to deploy a proxy

    3
    1
    0 Votes
    3 Posts
    1k Views
    ShylaMoranS
    You have a transparent proxy, it does not hide its identity, so web resources see that the request is not coming directly from the user but from the proxy. In addition, the real IP address is also visible, so there is no anonymity. Usually, educational institutions use this type of server to filter incoming and outgoing content and cache information. It's better to use thailand proxy, which will encrypt you from the inside.