Can't create Private Network, on XO 5.83

bberndt

I got to the Pool page, and select Network tab, and then, Select Manage. Add a network, and then hit the Private button. It makes me select a PIF, but anyone I select, and hit go, gives me an error.

I've seen instructions, and they seem pretty easy, so not sure what im doing wrong here.

Doing so in XCP-Center worked fine.

sdnController.createPrivateNetwork
{
  "poolIds": [
    "8e059584-1d7b-b674-1fe4-ef5cd08d2550"
  ],
  "pifIds": [
    "566e0925-72d9-f3c3-6c06-b05ab7035018"
  ],
  "name": "dfg",
  "description": "dfg",
  "encapsulation": "gre",
  "encrypted": false
}
{
  "message": "no connection found for object 8e059584-1d7b-b674-1fe4-ef5cd08d2550",
  "name": "Error",
  "stack": "Error: no connection found for object 8e059584-1d7b-b674-1fe4-ef5cd08d2550
    at default.getXenServerIdByObject (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:197:13)
    at default.getXapi (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:478:29)
    at default.getXapiObject (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:484:17)
    at Xo.getXapiObject (/opt/xo/xo-builds/xen-orchestra-202111011545/node_modules/lodash/_createBind.js:23:15)
    at map (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:716:46)
    at Array.map (<anonymous>)
    at SDNController._createPrivateNetwork (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:716:27)
    at Object.call (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:363:12)
    at Api.callApiMethod (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/api.mjs:304:33)"
}

BenjiReis

bberndt AFAIK XCP-ng Center doesn't have the feature since it'd requires a proprietary citrix DVSC.

From the error message it seems XO has trouble connecting to your pool. Can you check the pool is properly connected to your XO and the pool's master is reachable from it?

Regards

bberndt

BenjiReis

yeah, I think its connected. I mean its connected as much as any other pool. I can connect to it and do anything else, in XO.

BenjiReis

bberndt do you have access to the hosts console from the host view?
In Settings > Server is there an error appearing for this pool?

bberndt

BenjiReis
No, there is no error on the servers page. In XCP-Center, it seemed to create the private network fine, but not sure my co-worker got it to actually work yet
I can also get to the console of the host in question as well.

olivierlambert

XCP-ng Center can't create a private network with XO SDN controller (which is ONLY possible with XO).

Remember that XCP-ng Center isn't an officially supported client for XCP-ng.

BenjiReis

bberndt okay can you capture the logs of your XO while attempting to create a network?
Can you try to create a normal network on the same pool?

Can you try on another pool?

Thanks

bberndt

BenjiReis

Im not ruling out user error, either.

But here is the log when trying on a different pool. This one happens to be 8.2 XCP-ng, the previous is 7.6 (yes, I know, but it is hardware limited). its a different error.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.
https://computingforgeeks.com/create-internal-network-in-xenserver-xcp-ng/
It does show as a regular network in XO, not under the Private list.

sdnController.createPrivateNetwork
{
  "poolIds": [
    "8e059584-1d7b-b674-1fe4-ef5cd08d2550"
  ],
  "pifIds": [
    "566e0925-72d9-f3c3-6c06-b05ab7035018"
  ],
  "name": "dsf",
  "description": "sdf",
  "encapsulation": "gre",
  "encrypted": false,
  "mtu": 1546
}
{
  "code": "ECONNRESET",
  "host": "172.16.64.2",
  "port": 6640,
  "message": "Client network socket disconnected before secure TLS connection was established",
  "name": "Error",
  "stack": "Error: Client network socket disconnected before secure TLS connection was established
    at connResetException (internal/errors.js:639:14)
    at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19)
    at TLSSocket.emit (events.js:412:35)
    at TLSSocket.emit (domain.js:475:12)
    at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17)
    at endReadableNT (internal/streams/readable.js:1334:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)"

BenjiReis

bberndt can you try to set on in the settings of sdn-controller plugin override-certs to on?
And then try again.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.

In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools.

It does show as a regular network in XO, not under the Private list.

This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either.

bberndt

BenjiReis said in Can't create Private Network, on XO 5.83:

bberndt can you try to set on in the settings of sdn-controller plugin override-certs to on?
And then try again.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.

In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools.

It does show as a regular network in XO, not under the Private list.

This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either.

Same error as above. I looked in the iptables of the (second)host, and it does appear to have this 6640 in it.
Im only looking for a Private Network on the same host, no need to across hosts yet. And these are all single-host-pools, no multiple host pools.

bberndt

I went back to my XCP-ng 8.2 pool. It looks like its been creating these networks all along, despite the error.

So, I guess the question remains why the error on XCP-ng 7.6? (somewhat rhetorical, I know its old, and outa support)

BenjiReis

bberndt I'd need logs to tell you.
Just the error displayed in XO is not enough.

bberndt

BenjiReis
So..... I ran
journalctl -u xo-server -f -n 50 on XO machine
and then created a netwokr, and got the same second error, not the first one. and it created the network on the XCP 7.6 machine. They both seem to have the sdn service running, but only the 8.2 machine has a firewall rule for 6640.
do I need one for the XO machine as well? Im not completely sure, but I think im cool other than the weird (erroneous?) messages.

Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.827Z xo:xo-server:sdn-controller INFO Private network registered { privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]' }
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.889Z xo:xo-server:sdn-controller INFO New network created {
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]',
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   network: 'temp',
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   pool: ''
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: }
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.700Z xo:xo-server:sdn-controller:tls-connect ERROR TLS connection failed {
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   error: Error: Client network socket disconnected before secure TLS connection was established
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at connResetException (internal/errors.js:639:14)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.emit (events.js:412:35)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.emit (domain.js:475:12)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at endReadableNT (internal/streams/readable.js:1334:12)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at processTicksAndRejections (internal/process/task_queues.js:82:21) {
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     code: 'ECONNRESET',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     path: undefined,
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     host: '172.16.[redacted]',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     port: 6640,
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     localAddress: undefined
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   },
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   address: '172.16.[redacted]',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   port: 6640
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: }
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.703Z xo:api WARN bberndt | sdnController.createPrivateNetwork(...) [3s] =!> Error: Client network socket disconnected before secure TLS connection was established

BenjiReis

bberndt the sdn controller communicate with the hosts on port 6640, opening it on the host should be enough.
I don't know what's happening. !this TLS error should have been solved by the override-certs option set to on.