Can't create Private Network, on XO 5.83

bberndt

@benjireis
No, there is no error on the servers page. In XCP-Center, it seemed to create the private network fine, but not sure my co-worker got it to actually work yet
I can also get to the console of the host in question as well.

olivierlambert

XCP-ng Center can't create a private network with XO SDN controller (which is ONLY possible with XO).

Remember that XCP-ng Center isn't an officially supported client for XCP-ng.

BenjiReis

@bberndt okay can you capture the logs of your XO while attempting to create a network?
Can you try to create a normal network on the same pool?

Can you try on another pool?

Thanks

bberndt

@benjireis

Im not ruling out user error, either.

But here is the log when trying on a different pool. This one happens to be 8.2 XCP-ng, the previous is 7.6 (yes, I know, but it is hardware limited). its a different error.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.
https://computingforgeeks.com/create-internal-network-in-xenserver-xcp-ng/
It does show as a regular network in XO, not under the Private list.

sdnController.createPrivateNetwork
{
  "poolIds": [
    "8e059584-1d7b-b674-1fe4-ef5cd08d2550"
  ],
  "pifIds": [
    "566e0925-72d9-f3c3-6c06-b05ab7035018"
  ],
  "name": "dsf",
  "description": "sdf",
  "encapsulation": "gre",
  "encrypted": false,
  "mtu": 1546
}
{
  "code": "ECONNRESET",
  "host": "172.16.64.2",
  "port": 6640,
  "message": "Client network socket disconnected before secure TLS connection was established",
  "name": "Error",
  "stack": "Error: Client network socket disconnected before secure TLS connection was established
    at connResetException (internal/errors.js:639:14)
    at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19)
    at TLSSocket.emit (events.js:412:35)
    at TLSSocket.emit (domain.js:475:12)
    at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17)
    at endReadableNT (internal/streams/readable.js:1334:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)"

BenjiReis

@bberndt can you try to set on in the settings of sdn-controller plugin override-certs to on?
And then try again.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.

In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools.

It does show as a regular network in XO, not under the Private list.

This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either.

bberndt

@benjireis said in Can't create Private Network, on XO 5.83:

@bberndt can you try to set on in the settings of sdn-controller plugin override-certs to on?
And then try again.

In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs.

In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools.

It does show as a regular network in XO, not under the Private list.

This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either.

Same error as above. I looked in the iptables of the (second)host, and it does appear to have this 6640 in it.
Im only looking for a Private Network on the same host, no need to across hosts yet. And these are all single-host-pools, no multiple host pools.

bberndt

I went back to my XCP-ng 8.2 pool. It looks like its been creating these networks all along, despite the error.

So, I guess the question remains why the error on XCP-ng 7.6? (somewhat rhetorical, I know its old, and outa support)

BenjiReis

@bberndt I'd need logs to tell you.
Just the error displayed in XO is not enough.

bberndt

@benjireis
So..... I ran
journalctl -u xo-server -f -n 50 on XO machine
and then created a netwokr, and got the same second error, not the first one. and it created the network on the XCP 7.6 machine. They both seem to have the sdn service running, but only the 8.2 machine has a firewall rule for 6640.
do I need one for the XO machine as well? Im not completely sure, but I think im cool other than the weird (erroneous?) messages.

Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.827Z xo:xo-server:sdn-controller INFO Private network registered { privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]' }
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.889Z xo:xo-server:sdn-controller INFO New network created {
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]',
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   network: 'temp',
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]:   pool: ''
Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: }
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.700Z xo:xo-server:sdn-controller:tls-connect ERROR TLS connection failed {
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   error: Error: Client network socket disconnected before secure TLS connection was established
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at connResetException (internal/errors.js:639:14)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.emit (events.js:412:35)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.emit (domain.js:475:12)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at endReadableNT (internal/streams/readable.js:1334:12)
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:       at processTicksAndRejections (internal/process/task_queues.js:82:21) {
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     code: 'ECONNRESET',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     path: undefined,
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     host: '172.16.[redacted]',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     port: 6640,
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:     localAddress: undefined
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   },
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   address: '172.16.[redacted]',
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]:   port: 6640
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: }
Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.703Z xo:api WARN bberndt | sdnController.createPrivateNetwork(...) [3s] =!> Error: Client network socket disconnected before secure TLS connection was established

BenjiReis

@bberndt the sdn controller communicate with the hosts on port 6640, opening it on the host should be enough.
I don't know what's happening. !this TLS error should have been solved by the override-certs option set to on.