1. Home
  2. XCP-ng

Subcategories

  • All Xen related stuff

    617 Topics
    6k Posts
    E
    @tuxen Doing some research, it doesn't look like the Xeon's I have are affected. But I'm willing to try the next time I need to reboot. Will report back after that.

  • The integrated web UI to manage XCP-ng

    29 Topics
    373 Posts
    olivierlambertO
    The same as @john.c and also XO Lite tends to be less a priority because less critical than the full fledged XO (the priority is to replace entirely XO 5 in the next releases). Why you would need XO Lite outside basic actions? It's mostly meant to bootstrap XO itself and do basic operations (which is already the case, at least with many basic features already). Initially, the goal hasn't moved: replacing XenCenter. We are moving in that direction, but again, I think it's more important to get XO 6 finished first. I'm curious to understand more the use case of XO Lite in your context @unreal-shizzle ?

  • Section dedicated to migrations from VMWare, HyperV, Proxmox etc. to XCP-ng

    126 Topics
    1k Posts
    C
    Hi, everyone Thank you for your help. I had a flux that was blocked by our firewall. The button worked after that. But it doesn't explain why I lost this configuration and had to reinstall it. Thanks again.

  • Hardware related section

    170 Topics
    2k Posts
    poddingueP
    Good to hear, thanks a lot for your feedback.

  • The place to discuss new additions into XCP-ng

    253 Topics
    3k Posts
    nathanael-hN
    @pszelestey Hi, yes, we've pushed an initial commit and a few more here https://github.com/vatesfr/cluster-api-provider-vates/ it is moging every day. Ping us in Matrix/Discord devops if you want to chat live while trying
Log in to post
Load new posts
  • B

    The Lowest Priority Bug Ever? (/etc/udev/rules.d/z10-xen-vcpu-hotplug.rules)

    8
    0 Votes
    8 Posts
    694 Views
    TeddyAstieT
    The rule is oddly written, and may conflict with another similar one that already exist in the distro (hence may not be useful to begin with). The modern generic rule for doing vCPU hotplug is, which would be preferable to the current z10-xen-vcpu-hotplug.rules. ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}=="0", ATTR{online}="1"
  • R

    cifs-utils LPE (CVE-2026-46243) / 8.3 dom0 vulnerability inquiry

    5
    0 Votes
    5 Posts
    431 Views
    R
    Closing the loop on this one — VSA-2026-021 went up yesterday (June 10) covering CIFSwitch / CVE-2026-46243: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-021 A few things worth flagging for anyone following along: Severity landed at Moderate 🟠 — same ballpark as CopyFail/DirtyFrag, as Lucien anticipated. XCP-ng 8.3 and XOA both confirmed affected. XCP-ng 8.3 fix isn't in the main repo yet. The advisory notes there's a publicly available package with the fix, but it's not in the standard channel — Vates is asking people to reach out for the install procedure so you don't break future Rolling Pool Updates. So don't go hand-rolling the kernel commit yourself if you want to stay on the RPU path. XOA is already handled — fixed in Debian kernel 6.1.174-1, pushed via the unattended update mechanism. Just note the XOA VM needs a restart for it to take effect, and anything older than Debian 11/12 won't get the update and needs an OS upgrade first. Mitigation is unchanged from what we discussed: blacklist the cifs module if you're not using SMB-based SRs (which breaks SMB SRs, so only if you don't rely on them). Good turnaround given the disclosure-to-advisory window. Thanks again @LucienLassalle and the security team.
  • B

    Adding new host to pool fails - Stunnel SSL certiticate verification failure

    Solved
    16
    0 Votes
    16 Posts
    712 Views
    LucienLassalleL
    @Bryanvh No problem The issue you encountered wasn't very clear. Therefore, I've proposed a change to the XAPI to make the error more explicit (this will likely be implemented in future XAPI releases). So instead of SSL Certification failure the message will be: POOL_JOINING_MASTER_CERTIFICATE_NOT_IN_POOL_BUNDLE. Thank you very much for your patience and for bringing this issue to our attention. References: https://github.com/xapi-project/xen-api/pull/7112 LucienLassalle opened this pull request in xapi-project/xen-api closed xapi: Improve error reporting when pool join fails on TLS verification #7112
  • S

    Ubuntu 24.04 VMs not reporting IP addresses to XCP-NG 8.2.1

    13
    5
    0 Votes
    13 Posts
    5k Views
    olivierlambertO
    Because it works already better than the GO tool from Citrix… There's no urgent fix to do, I personally use it in my production since it's available. It's just less a priority for extra features because it's already ultra stable. Right now, we choose to work in priority on XCP-ng 9.0 than the Rust tools, we can't do everything at once yet.
  • J

    [Solved] SR_SOURCE_SPACE_INSUFFICIENT - Problems enabling HA

    Solved
    10
    0 Votes
    10 Posts
    356 Views
    J
    @olivierlambert Thanks again for your input and recomendations! I'll verify that this is solved by having the LUN expanded to 8GB instead. Afterwards I'll mark your answer as the solution!
  • ForzaF

    Citrix or XCP-ng drivers for Windows Server 2022

    19
    0 Votes
    19 Posts
    8k Views
    ForzaF
    @iams3le we have switched to the signed xcp-ng drivers. We also replaced our older 2022 servers.
  • D

    xe-gues-utilities woes on openSUSE Leap 16

    8
    0 Votes
    8 Posts
    384 Views
    D
    @MajorP93 that’s fine - I never use ballooning anyway so I guess I am covered good
  • M

    log_fs_usage / /var/log directory on pool master filling up constantly

    21
    1
    0 Votes
    21 Posts
    2k Views
    poddingueP
    The sr.scan-driven SMlog growth angle that gumbo2k surfaced is a real lead; there's some context in the storage-related log files reference, but the docs don't go as far as "here's how to throttle it safely on a pool where the underlying disks should spin down." Soft ping to @Team-Storage and @Team-Hypervisor-Kernel: could one of you weigh in on whether other-config:auto-scan=false on the SR is the supported way to reduce scan pressure, or if there's a better lever? I don't want to send anyone down a path that breaks an SR. Apologies if this has already been answered somewhere I haven't seen.
  • rvreugdeR

    XOA vulnerabilty to "copy fail" and "dirty frag" bug

    8
    0 Votes
    8 Posts
    796 Views
    R
    Quick update now that Vates has published their official advisory. First, kudos to the Vates security team for the thorough and timely response. VSA-2026-014 is well-documented and covers the full picture, including a third CVE I had not covered in my earlier posts. VSA-2026-014 confirms what I outlined above: XCP-ng is affected by CVE-2026-43284 (XFRM-ESP) and is NOT affected by CVE-2026-43500 (no RxRPC support). The CVE I had missed: CVE-2026-46300 ("Fragnesia") also affects XCP-ng via the XFRM ESP-in-TCP subsystem. The same esp4/esp6 blacklist mitigation applies, with the same caveat @semarie raised: it will break encrypted private networks on XCP-ng. Now that the VSA and official mitigation guidance are public, I'm releasing the diagnostic script I built. It's Python 3.6, no external dependencies, safe to run on production dom0. It tests whether an unprivileged process can engage the esp4 engine via the XFRM interface inside a user namespace — without touching any exploit code. Since both CVE-2026-43284 and CVE-2026-46300 (Fragnesia) require esp4 or esp6 to be reachable from an unprivileged namespace, and share the same mitigation, a positive result confirms exposure to both. Blacklist esp4/esp6, then run the script again — ACCESS DENIED means both CVEs are mitigated. One important note before running it: please read the code before executing it on any of your systems. This is good practice with any script from the internet, regardless of the source. The code is intentionally short and straightforward so you can review it quickly and satisfy yourself that it does exactly what it says. VSA-2026-014: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-014/ Diagnostic tool: https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester A kernel patch from Vates is in progress. Apply as soon as it lands.
  • P

    Windows Xen Guest Agent (Rust-based) - Not reporting the IP address to Xen Orchestra

    8
    0 Votes
    8 Posts
    1k Views
    I
    @yomeyo I had this also, but problem disappeared itself. https://github.com/xcp-ng/xcp/issues/793 [image: a3dcbb0b-fe7a-4389-addc-247190039a18] IgorGlock created this issue in xcp-ng/xcp open XN-xenguestagent-rs skips IPv4 at Windows boot #793
  • P

    Revert to snapshot, resets creation date. Intended behaviour?

    3
    0 Votes
    3 Posts
    210 Views
    J
    @poddingue Thanks for your input. Yes I'm aware that basically everything on the VM is incorporated into the snapshot. Including settings and metadata. This is acctually why I was surprised that the creation date wasn't preserved as part of that metadata. And as you say, if one uses that metric to track VM history. Then it can, and will, throw you off. I'll gladly submit this as a feature request. But my gut feeling is that it is more akin to a bug than missing feature per se. Thanks!
  • V

    Question about pools

    10
    0 Votes
    10 Posts
    433 Views
    P
    @vlamincktr XO PROXY from source is pretty reliable at no cost either use @acebmxer script or @ronivay here is a quick tuto on an ubuntu VM https://omnibox.huducloud.com/shared_article/QJ9y1bRSPj9VTbWp6NKaV7yn/installation-xoa-a-partir-des-sources-github-ronivay first part is XO CE, second part is XO PROXY CE beware as you delegate some jobs to XO PROXY, to ever upgrade XO PROXY when you upgrade XOA, so that they have the same backup mechanisms/code
  • F

    [SOLVED] Just FYI: current update seams to break NUT dependancies

    29
    0 Votes
    29 Posts
    3k Views
    F
    Hi, I just wanted to comment that the provided packages work for all my server. Thank you!
  • M

    Alcatel OXE on XCP-ng – anyone done this before?

    4
    0 Votes
    4 Posts
    408 Views
    olivierlambertO
    Ah very good, so it was even easier than this. You had the Xen blk driver but instead of using an UUID, the appliance was having a hardcoded sda. Keep us posted
  • henri9813H

    Storage domain server & Rolling pool upgrade

    5
    0 Votes
    5 Posts
    398 Views
    henri9813H
    @gregoire said: @olivierlambert I added this feature request in the backlog regarding RPU improvements. Hello, Thanks all ! Totally agree with @poddingue , be able to exclude VM which has: PCI attached devices Local storage ( maybe ? ) Could be a great option !
  • jerry1333J

    CPU Usage of empty server

    14
    3
    0 Votes
    14 Posts
    671 Views
    P
    @jerry1333 said: There is nothing else on that host and this is only host in pool but it's using 30% of cpu all the time? it's not using 30% of CPU, you see a graph of cumulated (switch is on) core consumption of your 32 cores. never switch this on. it adds up like that : 32x1%=32%, wrongfully letting you think you are at 30%ish CPU usage.
  • I

    Install XCP-ng in old HP ProLiant DL160 G6 (gen 6)

    10
    0 Votes
    10 Posts
    2k Views
    C
    For my reference later. wget http://downloads.hpe.com/pub/softlib2/software1/pubsw-linux/p1257348637/v76502/hpacucli-9.20-9.0.x86_64.rpm yum install -y --nogpgcheck hpacucli-9.20-9.0.x86_64.rpm hpacucli controller slot=0 physicaldrive all show
  • R

    Boot device: Hard Disk - Success

    3
    0 Votes
    3 Posts
    437 Views
    O
    @fnf games If it hangs right after detecting the disk, it could be a bootloader or filesystem inconsistency from the snapshot state. Can you try booting the VM with a recovery ISO to check disk integrity or rebuild the bootloader?
  • D

    XCP-NG upgrade 8.2 to 8.3

    3
    0 Votes
    3 Posts
    527 Views
    R
    To add a bit more detail on the upgrade path: strictly speaking, you do not need to apply outstanding 8.2 patches before upgrading. When you upgrade to 8.3, you are replacing the entire base system with the 8.3 release which already incorporates everything from the 8.2 patch stream. Any 8.2 patches you hadn't yet applied will simply be superseded. That said, applying them first is still a reasonable approach if you want a clean upgrade history and a fully-patched 8.2 baseline before jumping to 8.3. A few things worth checking before you start on a production pool: Check VM compatibility. Run a quick review of your VMs for any that might have specific OS or toolstack dependencies tied to 8.2. Most guests upgrade cleanly but it is worth knowing your environment. Use rolling pool upgrade if you have more than one host. XCP-ng supports rolling upgrades: you migrate VMs off each host, upgrade it, rejoin the pool, then proceed to the next. This maintains VM availability throughout the process. The XO interface handles this workflow if you have XOA. Back up before the jump. Export critical VM configurations or snapshots beforehand. If you use Xen Orchestra for backups, trigger a manual full backup job before starting. The upgrade itself via yum is straightforward: add the 8.3 repo, yum update, reboot. The toolstack and XAPI will handle pool registration after the host comes back up. After upgrading all hosts, run the post-upgrade checks from the docs (pool metadata sync, storage rescans) and verify HA is healthy if you use it.
  • C

    Cannot shutdown VM or migrate

    2
    0 Votes
    2 Posts
    214 Views
    C
    Not sure the issue, but rebooted the host and everything is fine again. I definitely had rebooted the host twice though after applying the patches and physically unplugged and moved the host.