Can't designate new master on XO source pool

vaewyn

Edit to add version info: xcp-ng 8.3.0 with Xen Orchestra, commit 71fa8
Master, commit 32b3c

Have a working pool with several hosts.... can migrate etc... trying to change the master always results in:

XapiError: INTERNAL_ERROR(Xmlrpc_client.Connection_reset)\n    at Function.wrap (file:///opt/xo/xo-builds/xen-orchestra-202512011349/packages/xen-api/_XapiError.mjs:16:12)\n    at file:///opt/xo/xo-builds/xen-orchestra-202512011349/packages/xen-api/transports/json-rpc.mjs:38:21\n    at runNextTicks (node:internal/process/task_queues:65:5)\n    at processImmediate (node:internal/timers:453:9)\n    at process.callbackTrampoline (node:internal/async_hooks:130:17)"

Looking at the host I am trying to change to I see:

Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|stunnel] 2025.12.16 21:39:13 LOG5[0]: Service [stunnel] accepted connection from unnamed socket
Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|stunnel] 2025.12.16 21:39:13 LOG5[0]: s_connect: connected 10.10.48.248:443
Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|stunnel] 2025.12.16 21:39:13 LOG5[0]: Service [stunnel] connected remote server from 10.10.48.151:48190
Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|stunnel] 2025.12.16 21:39:13 LOG3[0]: SSL_connect: ssl/record/rec_layer_s3.c:1544: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|stunnel] 2025.12.16 21:39:13 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Dec 16 21:39:13 is-r10-wbxcptest01 xapi: [debug||15 HTTPS 10.10.48.245->:::80|pool.designate_new_master R:e89ae3e02f50|xapi_pool_transition] Phase 1 aborting, caught exception: INTERNAL_ERROR: [ Xmlrpc_client.Connection_reset ]

https to a port 80 connection... sslv3? This seems quite wrong. Anyone run into this that didn't put the symptoms where Google could find them?

olivierlambert

Question for @team-xapi-network

bleader

@vaewyn said in Can't designate new master on XO source pool:

https to a port 80 connection... sslv3? This seems quite wrong. Anyone run into this that didn't put the symptoms where Google could find them?

Reply

XAPI only serves port 80 in http, stunnel that you see in your logs is taking care of https for it, so that is normal.

The routines:ssl3_read_bytes:sslv3 alert handshake failure looks like an issue with certificates, make sure all your certs are properly installed on all hosts in the pool.

vaewyn

@bleader This is a new stock source install with no attempt to install local certs. XO I have the server certificate checking turned off for the connection. All other functions are working... migrations... monitoring... etc... just can't change the pool master. Does that make sense? I can work on setting up and installing self signed across the board but from my understanding I should already be sitting in that state currently with the default install.

vaewyn

I have checked the hosts and they all have non-expired self-signed certificates with:
subject=CN = 10.10.48.152
issuer=CN = 10.10.48.152

matching their IP addresses.

vaewyn

Further testing/playing... I detached 3 hosts into a new pool and those 3 hosts I can reassign the master at will with no issues.