Subcategories

  • All Xen related stuff

    621 Topics
    6k Posts
    Y
    Just FYI, we had some issues with some Debian VMs for instance, with old kernel where the VM would suddenly take 100% CPU and would we completely frozen and unresponsive. It was in fact Debian enabling the suspend, the guest would suspend and trigger a bug in xen PV driver in the guest kernel which would never be able to wake up anymore. Newer kernel don't have this issue and are able to wake up. I'm quoting Debian here but it might very well happen on other distro
  • The integrated web UI to manage XCP-ng

    29 Topics
    373 Posts
    olivierlambertO
    The same as @john.c and also XO Lite tends to be less a priority because less critical than the full fledged XO (the priority is to replace entirely XO 5 in the next releases). Why you would need XO Lite outside basic actions? It's mostly meant to bootstrap XO itself and do basic operations (which is already the case, at least with many basic features already). Initially, the goal hasn't moved: replacing XenCenter. We are moving in that direction, but again, I think it's more important to get XO 6 finished first. I'm curious to understand more the use case of XO Lite in your context @unreal-shizzle ?
  • Section dedicated to migrations from VMWare, HyperV, Proxmox etc. to XCP-ng

    126 Topics
    1k Posts
    C
    Hi, everyone Thank you for your help. I had a flux that was blocked by our firewall. The button worked after that. But it doesn't explain why I lost this configuration and had to reinstall it. Thanks again.
  • Hardware related section

    173 Topics
    2k Posts
    T
    @MajorP93 said: What you are describing must be a storage live migration then (XenMotion). That should work across pools, yes. I stand corrected because I did not factor in this variant in my initial answer. Yes, that's it - sorry - I should have been more explicit, even if 'lumbers along' wasn't a hint //EDIT: also there is no such thing as non-pool hosts. Even a single host setup has it's own pool. Pedantic, but true I technically meant 'not hosts in the source pool' I guess.
  • The place to discuss new additions into XCP-ng

    254 Topics
    3k Posts
    DanpD
    @rvreugde I believe this is already being reviewed internally.
  • Unable to live migrate VM between 2 local storages SR

    Solved
    5
    0 Votes
    5 Posts
    136 Views
    poddingueP
    I converted the topic to a question, then marked it solved. Thanks!
  • 0 Votes
    5 Posts
    537 Views
    gthvn1G
    PRs upstream are in review
  • Can't restart stopped VMs; unclear error message

    8
    0 Votes
    8 Posts
    496 Views
    acebmxerA
    @the_jest Not showen in this picutre but this is where the message would be displayed. Next to the name of the host... [image: 1782931263879-screenshot-2026-07-01-144023.png]
  • Start: no host available?

    9
    2
    0 Votes
    9 Posts
    854 Views
    olivierlambertO
    For your storage question, it's fully explained in the doc: https://docs.xcp-ng.org/storage/#-how-to-modify-an-existing-sr-connection And yes, it's planned to get the complete error visible in XO, sadly, it's not "obvious" since the error message isn't returned by XAPI when you try to start but by another method we need to call after it fails ("assert can be started here" from the top of my head). Let me ping @julienXOvates
  • 0 Votes
    9 Posts
    932 Views
    N
    @Danp said: Smart Reboot option found on the host's Advanced tab does what you are asking Very nice!
  • 0 Votes
    2 Posts
    282 Views
    bleaderB
    @AlexanderK you could try to install perl-interpreter manually maybe? I happened to have a test host at hand that hasn't been updated since december, and the yum update went fine, perl interpreter was not installed before and yum update did install it on its own as a depency for openssl 3. Maybe others will have ideas as to why this would happen in your case.
  • 0 Votes
    8 Posts
    1k Views
    TeddyAstieT
    The rule is oddly written, and may conflict with another similar one that already exist in the distro (hence may not be useful to begin with). The modern generic rule for doing vCPU hotplug is, which would be preferable to the current z10-xen-vcpu-hotplug.rules. ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}=="0", ATTR{online}="1"
  • cifs-utils LPE (CVE-2026-46243) / 8.3 dom0 vulnerability inquiry

    5
    0 Votes
    5 Posts
    1k Views
    R
    Closing the loop on this one — VSA-2026-021 went up yesterday (June 10) covering CIFSwitch / CVE-2026-46243: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-021 A few things worth flagging for anyone following along: Severity landed at Moderate 🟠 — same ballpark as CopyFail/DirtyFrag, as Lucien anticipated. XCP-ng 8.3 and XOA both confirmed affected. XCP-ng 8.3 fix isn't in the main repo yet. The advisory notes there's a publicly available package with the fix, but it's not in the standard channel — Vates is asking people to reach out for the install procedure so you don't break future Rolling Pool Updates. So don't go hand-rolling the kernel commit yourself if you want to stay on the RPU path. XOA is already handled — fixed in Debian kernel 6.1.174-1, pushed via the unattended update mechanism. Just note the XOA VM needs a restart for it to take effect, and anything older than Debian 11/12 won't get the update and needs an OS upgrade first. Mitigation is unchanged from what we discussed: blacklist the cifs module if you're not using SMB-based SRs (which breaks SMB SRs, so only if you don't rely on them). Good turnaround given the disclosure-to-advisory window. Thanks again @LucienLassalle and the security team.
  • Adding new host to pool fails - Stunnel SSL certiticate verification failure

    Solved
    16
    0 Votes
    16 Posts
    2k Views
    LucienLassalleL
    @Bryanvh No problem The issue you encountered wasn't very clear. Therefore, I've proposed a change to the XAPI to make the error more explicit (this will likely be implemented in future XAPI releases). So instead of SSL Certification failure the message will be: POOL_JOINING_MASTER_CERTIFICATE_NOT_IN_POOL_BUNDLE. Thank you very much for your patience and for bringing this issue to our attention. References: https://github.com/xapi-project/xen-api/pull/7112 LucienLassalle opened this pull request in xapi-project/xen-api closed xapi: Improve error reporting when pool join fails on TLS verification #7112
  • Ubuntu 24.04 VMs not reporting IP addresses to XCP-NG 8.2.1

    13
    5
    0 Votes
    13 Posts
    5k Views
    olivierlambertO
    Because it works already better than the GO tool from Citrix… There's no urgent fix to do, I personally use it in my production since it's available. It's just less a priority for extra features because it's already ultra stable. Right now, we choose to work in priority on XCP-ng 9.0 than the Rust tools, we can't do everything at once yet.
  • [Solved] SR_SOURCE_SPACE_INSUFFICIENT - Problems enabling HA

    Solved
    10
    0 Votes
    10 Posts
    844 Views
    J
    @olivierlambert Thanks again for your input and recomendations! I'll verify that this is solved by having the LUN expanded to 8GB instead. Afterwards I'll mark your answer as the solution!
  • Citrix or XCP-ng drivers for Windows Server 2022

    19
    0 Votes
    19 Posts
    8k Views
    ForzaF
    @iams3le we have switched to the signed xcp-ng drivers. We also replaced our older 2022 servers.
  • xe-gues-utilities woes on openSUSE Leap 16

    8
    0 Votes
    8 Posts
    733 Views
    D
    @MajorP93 that’s fine - I never use ballooning anyway so I guess I am covered good
  • 0 Votes
    21 Posts
    3k Views
    poddingueP
    The sr.scan-driven SMlog growth angle that gumbo2k surfaced is a real lead; there's some context in the storage-related log files reference, but the docs don't go as far as "here's how to throttle it safely on a pool where the underlying disks should spin down." Soft ping to @Team-Storage and @Team-Hypervisor-Kernel: could one of you weigh in on whether other-config:auto-scan=false on the SR is the supported way to reduce scan pressure, or if there's a better lever? I don't want to send anyone down a path that breaks an SR. Apologies if this has already been answered somewhere I haven't seen.
  • XOA vulnerabilty to "copy fail" and "dirty frag" bug

    8
    0 Votes
    8 Posts
    2k Views
    R
    Quick update now that Vates has published their official advisory. First, kudos to the Vates security team for the thorough and timely response. VSA-2026-014 is well-documented and covers the full picture, including a third CVE I had not covered in my earlier posts. VSA-2026-014 confirms what I outlined above: XCP-ng is affected by CVE-2026-43284 (XFRM-ESP) and is NOT affected by CVE-2026-43500 (no RxRPC support). The CVE I had missed: CVE-2026-46300 ("Fragnesia") also affects XCP-ng via the XFRM ESP-in-TCP subsystem. The same esp4/esp6 blacklist mitigation applies, with the same caveat @semarie raised: it will break encrypted private networks on XCP-ng. Now that the VSA and official mitigation guidance are public, I'm releasing the diagnostic script I built. It's Python 3.6, no external dependencies, safe to run on production dom0. It tests whether an unprivileged process can engage the esp4 engine via the XFRM interface inside a user namespace — without touching any exploit code. Since both CVE-2026-43284 and CVE-2026-46300 (Fragnesia) require esp4 or esp6 to be reachable from an unprivileged namespace, and share the same mitigation, a positive result confirms exposure to both. Blacklist esp4/esp6, then run the script again — ACCESS DENIED means both CVEs are mitigated. One important note before running it: please read the code before executing it on any of your systems. This is good practice with any script from the internet, regardless of the source. The code is intentionally short and straightforward so you can review it quickly and satisfy yourself that it does exactly what it says. VSA-2026-014: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-014/ Diagnostic tool: https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester A kernel patch from Vates is in progress. Apply as soon as it lands.
  • 0 Votes
    8 Posts
    2k Views
    I
    @yomeyo I had this also, but problem disappeared itself. https://github.com/xcp-ng/xcp/issues/793 [image: a3dcbb0b-fe7a-4389-addc-247190039a18] IgorGlock created this issue in xcp-ng/xcp open XN-xenguestagent-rs skips IPv4 at Windows boot #793
  • Revert to snapshot, resets creation date. Intended behaviour?

    3
    0 Votes
    3 Posts
    470 Views
    J
    @poddingue Thanks for your input. Yes I'm aware that basically everything on the VM is incorporated into the snapshot. Including settings and metadata. This is acctually why I was surprised that the creation date wasn't preserved as part of that metadata. And as you say, if one uses that metric to track VM history. Then it can, and will, throw you off. I'll gladly submit this as a feature request. But my gut feeling is that it is more akin to a bug than missing feature per se. Thanks!
  • Question about pools

    10
    0 Votes
    10 Posts
    802 Views
    P
    @vlamincktr XO PROXY from source is pretty reliable at no cost either use @acebmxer script or @ronivay here is a quick tuto on an ubuntu VM https://omnibox.huducloud.com/shared_article/QJ9y1bRSPj9VTbWp6NKaV7yn/installation-xoa-a-partir-des-sources-github-ronivay first part is XO CE, second part is XO PROXY CE beware as you delegate some jobs to XO PROXY, to ever upgrade XO PROXY when you upgrade XOA, so that they have the same backup mechanisms/code
  • [SOLVED] Just FYI: current update seams to break NUT dependancies

    29
    0 Votes
    29 Posts
    4k Views
    F
    Hi, I just wanted to comment that the provided packages work for all my server. Thank you!
  • Alcatel OXE on XCP-ng – anyone done this before?

    4
    0 Votes
    4 Posts
    602 Views
    olivierlambertO
    Ah very good, so it was even easier than this. You had the Xen blk driver but instead of using an UUID, the appliance was having a hardcoded sda. Keep us posted