XCP-ng 8.3 public alpha 🚀
-
The plan is to first be able to use a more recent Xen version (matters the most), then to upgrade the kernel. CentOS 7 is indeed old, but only used for non-critical pieces. Remember, we do NOT use a kernel or Xen made by CentOS, but by XenServer and us.
Also, before moving to something more recent in terms of distro, we have to finish to upgrade all the Python 2 code to Python 3 (among other thing). So it's kind of "hardest" task and lower priority vs "new Xen" and "new kernel"
-
@cocoon
The best thing we can do here is inspect the actual certificate:
Please runopenssl x509 -text -noout -in /etc/xensource/xapi-ssl.pemxenserver has generated host certificates with 2048-bit RSA keys for years, these should be able to be loaded by stunnel (through openssl) just fine.
If the key is smaller that this then the fix is easy: generate a new certificate for that host:
xe host-refresh-server-certificate host uuid=<>
Be mindful that clients that trusted the previous certificate will need to trust the new one in order for the TLS connections to be established -
The good news is that I eventually got 8.3 installed and it is looking good.. I had a few problems, but this was mostly down to something weird with the partition layout.
Every time I installed 8.3 (fresh install) onto a machine, it would refuse to create any "Local Storage". I bounced around in circles many time and gave up, installing 8.2 (fresh install) and got the same result. What I had to do eventually is "ALT+Right Arrow" until I got to a # prompt, do a lvdisplay to find the VG and then do a lvremove on the VG + a wipefs -a -f /dev/sda3 to clear EVERYTHING out. It was somehow picking up that the drives I were using previously were used in a ZFS pool (btw.. This is really weird as these drives were used in a different machine, on a different RAID system, etc.. I have no idea how it figured out there was a ZFS pool, but whatever).
Once I did the above, the fresh install worked just fine (8.2), joined it my my existing pool, promote it to a pool master and then do an upgrade to 8.3
After the upgrade, local storage was showing offline for about 5 minutes, but then it magically kicked itsself into life. I am assuming it was doing something in the background as the new pool master.
As a point of note, it looks like XCP-ng Center V20.11.0.3 is still compatiable as I am using that as well as XO to manage the pool with no issues (so far)
-
@Anonabhar said in XCP-ng 8.3 public alpha
:As a point of note, it looks like XCP-ng Center V20.11.0.3 is still compatiable as I am using that as well as XO to manage the pool with no issues (so far)
This looks suspicious. It should have complained about the version. Are you sure the upgrade went fine on all hosts?
-
@stormi Yea.. I though it was weird as well, but I was happy to see it work.. Here is a screen shot of the XCP-ng screen.. I havent upgraded the Peg02 yet (as I have to get more disks in there tonight in order to migrate things around), but notice the version number on the Peg03
-
Yes the key is 1024:
[11:45 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem Certificate: Data: Version: 3 (0x2) Serial Number: b2:32:6b:a9:eb:51:99:0c Signature Algorithm: sha1WithRSAEncryption Issuer: CN=192.168.56.102 Validity Not Before: May 4 15:23:19 2018 GMT Not After : May 1 15:23:19 2028 GMT Subject: CN=192.168.56.102 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c2:62:b4:fc:54:a0:1b:7c:5d:3e:61:4c:51:ef: ff:a4:a0:da:ab:ea:49:f5:99:3e:14:67:a7:9d:68: 28:8e:ea:54:75:45:55:8b:78:fa:46:65:f5:f2:a2: 5e:ca:20:8c:c7:d4:4b:c4:21:a2:70:0e:49:d0:aa: f0:2a:21:40:db:39:2f:57:ec:18:dc:82:2e:d0:b5: f4:cb:48:a0:b8:9d:3f:c4:f5:75:cb:1b:1c:4b:47: a2:07:2f:3c:b4:b1:37:d0:e8:11:e6:00:49:cf:89: e6:4f:38:3d:a6:6f:bb:02:84:e8:17:3c:5b:a1:f7: 98:87:03:ad:36:26:31:ca:63 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:xcp-ng-vm1, DNS:xcp-ng-vm1 Signature Algorithm: sha1WithRSAEncryption 01:dc:44:77:3e:34:3a:b2:06:c5:bc:07:ab:e9:8c:c4:5e:cf: c5:33:fc:74:83:cf:4c:14:cc:2f:fb:dc:d5:45:ff:84:76:40: fc:b0:9c:00:af:a5:00:85:13:97:90:7e:66:81:36:3b:d3:83: 55:2c:e2:54:3d:85:d5:1d:d0:fe:1e:b7:2f:4d:76:8b:01:e1: a5:be:ed:62:73:e0:44:65:74:6e:e3:eb:5b:72:21:66:7f:03: 28:c4:f7:d9:dc:72:46:d1:fc:b0:5f:18:bf:bd:ef:44:9c:64: 09:94:c8:65:1b:6b:06:26:ca:91:ee:ee:19:12:80:f0:f5:5f: 17:f4I found a slightly different command to reset the cert and it seems to work:
[11:54 xcp-ng-vm1 xensource]# cat /etc/xensource-inventory | grep -i installation_uuid INSTALLATION_UUID='efe93b3d-ce2e-4f37-8a0d-00abf186c688' [11:54 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid=efe93b3d-ce2e-4f37-8a0d-00abf186c688 Error: No matching hosts found [11:55 xcp-ng-vm1 xensource]# xe host-list uuid ( RO) : efe93b3d-ce2e-4f37-8a0d-00abf186c688 name-label ( RW): xcp-ng-vm1 name-description ( RW): Default install [11:55 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid='efe93b3d-ce2e-4f37-8a0d-00abf186c688' Error: No matching hosts found [11:55 xcp-ng-vm1 xensource]# xe host-emergency-reset-server-certificate [11:56 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1652293449990601601 (0x16ee20237764fb81) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=xcp-ng-vm1 Validity Not Before: Nov 21 10:56:45 2022 GMT Not After : Nov 18 10:56:45 2032 GMT Subject: CN=xcp-ng-vm1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a4:4d:a0:35:42:cc:1b:0c:0c:1e:5e:68:84:9e: a0:66:5e:9d:d0:e1:8a:9c:00:d8:e1:d9:be:81:6e: f4:88:dd:ee:e3:ba:cf:19:01:74:05:f6:be:f0:b2: 7b:36:3d:99:b1:b8:79:52:10:dc:71:db:5c:4c:cd: 03:cc:2d:49:e9:3f:ab:31:5b:f1:f6:8e:33:99:b0: ed:ee:a6:f8:af:f7:46:25:db:fc:2f:05:da:16:de: 58:df:c8:70:75:17:1f:a8:d9:ed:d9:31:da:f5:5e: ce:d3:93:d1:00:b4:e8:27:29:cb:a6:a8:e6:e1:97: 92:84:74:84:30:b2:09:fc:e4:60:79:6c:4b:f4:07: e3:ba:e6:da:b0:be:6a:35:ef:d8:bc:47:df:58:45: a0:c6:1a:56:ee:2e:32:1c:13:17:66:5c:41:93:1d: da:e2:ac:03:31:16:6d:0c:33:f4:df:67:47:8b:bb: 53:6f:cd:12:aa:aa:af:12:25:77:38:20:d5:88:97: cf:35:b7:e2:cb:28:60:15:a8:9a:8f:69:ce:a1:f1: 4a:de:bf:6a:9e:f6:4a:fc:a4:1e:07:1c:21:db:c0: db:3c:fb:31:5c:cf:4a:95:05:ca:ef:d1:4e:6e:a1: dd:6b:c8:e2:9c:f4:f3:05:2e:b5:a1:bc:78:54:29: df:35 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:xcp-ng-vm1, IP Address:192.168.220.106 Signature Algorithm: sha256WithRSAEncryption 23:bb:bf:fb:78:5e:df:7a:00:15:1a:09:d6:9c:81:b3:ef:e2: a3:a1:6c:18:5f:fe:dd:77:ae:99:48:92:d7:b6:76:c7:93:2f: 40:c3:43:a0:9f:ae:eb:b0:68:56:f0:65:04:29:49:01:b6:c7: 96:42:85:70:29:d0:cb:bc:21:26:55:5a:9e:af:97:4b:4a:19: ad:5d:07:39:e3:e4:e5:6b:4b:2a:f3:7d:de:e5:8f:ea:3a:34: 0b:5e:6a:06:c4:34:d6:e8:5a:12:70:14:2f:95:12:66:da:79: d0:10:43:e9:9d:75:68:e9:aa:56:ae:fe:49:2b:79:b9:f8:16: be:7a:86:ff:b5:b4:84:14:cb:d1:91:ca:4d:95:36:91:43:1e: 1e:50:a6:70:93:77:1c:2e:bb:ee:5f:33:5e:c7:f2:98:2a:b4: 9d:40:a8:a8:ae:22:71:11:50:f4:62:ff:72:3f:9d:c6:0c:6a: 7e:34:c8:c1:f9:8f:5c:ac:fa:9b:bf:8b:e7:6b:92:9a:00:dc: 59:6d:15:23:af:28:c7:b5:b6:0a:a3:d5:98:86:9f:b2:31:1a: 29:16:ca:60:b2:a8:1e:68:b2:14:37:e6:f0:6c:cd:2b:43:d0: 18:6a:c0:43:70:ee:8b:c3:b2:fc:15:6c:a4:e7:c2:12:20:41: ed:e6:23:60 -
@stormi That is my special build where I "fixed" the min version problem that now is in the other "official" client ^^
was here back when the previous relase had no working client for some time
https://github.com/cocoon/xenadmin/releases -
@cocoon Ah great news then!
-
@cocoon Thank you for doing that!!!
-
@cocoon Ah, I thought you had pushed it to https://github.com/xcp-ng/xenadmin/ at that time.
EDIT: actually you did, but maybe your forked build was more permissive regarding the host version.
-
@stormi I will add some details here:
This was my "hardcoded" value, that is not intended to be used here.
Instead the official way is to extend some Enums with supported API Versions.
If the Version of the host (for 8.3 it is 2.20) is not found in the enums, it get's set to 99 = Unknown.The current enum contain only up to 2.16 (API_2_16) so API_2_20 is not found --> set to 99:
https://github.com/xcp-ng/xenadmin/blob/development/XenModel/XenAPI/ApiVersion.cs#L38Problem is here where it compares the min version to the current and if it is higher (and it is with 99) it refuses to connect.
https://github.com/xcp-ng/xenadmin/blob/development/XenAdmin/MainWindow.cs#L928
As I hardcoded it to a lower value (20) it is now lower and allows to connect.
And btw: my build was based on a slightly newer commit from Citrix than the one at xcp-ng repo.
-
I was just wondering... Is it just my installation or is there no XenTools ISO in the dropdown for virtual disks?
EDIT: Never mind.. Its a XCP-ng Center thing.. I can mount the ISO from XO (it does not show up in XCP-ng Center in the dropdown list or even when it is mounted)..
-
No offence to cocoon for doing great work with their release, but will v20.04.01 or variant be made available to support 8.3?
-
Oh! Is this a new feature in XCP-ng 8.3????
If so... YEA!!!!
-
It's a new feature added in SMAPIv1, creating XAPI tasks for the coalesce process
(done by Mark Syms at XenServer). I was VERY happy to saw that pull request 1y ago -
As I had now a chance to take a quick look, XO Light will be a great addition when it's ready
Currently I cannot test the Console, but the Dashboard looks nice and of course I would have some ideas what would be great to have there, but you might already have a list.
But I would say for troubleshooting to extract logs and use the bugtool might be handy to have available.I could not get any VM button to do anything, it simply might not be implemented right now, like poweron etc.
But I have seen at least one possible problems that you might want to add to a FAQ:
If you have ublock adblocker installed it seems to cause problems if you don't whitelist:
@jameso said in XCP-ng 8.3 public alpha
:No offence to cocoon for doing great work with their release, but will v20.04.01 or variant be made available to support 8.3?
Just my 2 cents:
I think chances are a bit better now, because it looks like both teams (XCP-NG and Citrix) are working more closely together now.
In the past I would have said that development goes much more in different directions and so new things would usually not be added to the client as nobody is really working on it.But now it could happen maybe if release is near or ready. I would not expect it for alphas and betas, but mostly depends on if @borzel will find the time then.
-
@cocoon VM actions are already planned (next step after the graphs, so maybe before 2023, but there's very little time now
)About ublock, I don't remember having issues with it, but obviously, we'll test
(also, on the longer run, if the "online version" will fail to load, we'll fallback to an locally "older" installed version. -
@olivierlambert
In that Browser I have even more blockers like AdNauseam + uBlock + NoScript, but the problem can be the same, just to remember that Browsers might have blocking utils in it if there is a problem for someone. -
But that's weird that Adblockers will block our domain, which is harmless and without any spam
How could we explain it's "flagged"? -
@olivierlambert
I can't explain it, just had seen the error
and here it seems to have happened, too:
https://stackoverflow.com/a/62646075/19868457
