Xscontainer
-
@stormi OK, thanks. I will try your solution on a small lab.
-
@stormi I tried to do it but I don't think I succeeded. Could you send me a more specific doc of what you are doing?
thanks
-
UPDATE 2024-03-19: DON'T DO THIS. We won't support any XCP-ng hosts where system packages have been overriden with pip.
I think these are the steps that worked for me:
yum install xscontainer yum install python2-pip --enablerepo=epel pip2 install --upgrade "pip < 21" pip2 install --upgrade "cryptography == 2.5" pip2 install --upgrade "paramiko < 3"
As this is done outside a virtualenv (I've tried inside a virtualenv, but I think xscontainer runs stuff outside of it, so it didn't work), this will overwrite the contents of RPMs you installed, so, again, only for testing.
I also had to remove the former host key from the VM metadata:
xe vm-param-remove uuid=... param-name=other-config param-key=xscontainer-sshhostkey
-
@stormi Thanks, I just tried that and it still doesn't work
-
Well, I tried it myself on a freshly installed pool, and this worked. Can you elaborate on what doesn't work?
-
@stormi I still have the same problem, the key does not want to install and asks me if I want to try again.
-
What's the exact error message?
-
Would you like to push a pool-specific public SSH key into the ~/.ssh/authorized_keys file of the specified VM and therefore authorize hosts in the pool to interact with the containers inside the VM? Answer y/n: y Attempting to push the public xscontainer key to USER@IP. ID@IP's password: Success. Attempting to refresh the state of the VM Failure diagnosis: Unable to find ncat inside the VM. Please install ncat. Do you wish to retry? Answer y/n:
-
My server is up to date
-
It's not the same error. Your VM is missing a required package : ncat, as the error message says.
-
@stormi My bad. Ok I installed the nmap-ncat package under rockylinux and works perfectly now Thank you
-
-
@olivierlambert @stormi
Is there any solution for this, I'm researching how to use xcp-ng + XO to build and manage docker.
When I read about Xscontainer I was excited because it seemed like the best option.
I have a small server and would like to know what would be a clean and transparent solution to achieve this.I've read a lot and I'm still confused.
Below is everything I researched and read on the subject:
https://xcp-ng.org/forum/topic/3232/docker-on-xcp-ng?page=1
https://xcp-ng.org/blog/2021/09/14/runx-next-generation-secured-containers/
https://www.youtube.com/watch?v=qOZk8xpIRpQ
http://oinformata.eti.br/wp/xcp-ng-8-0-debian10-docker/
https://doc.rmbinformatica.com.br/ajuda/redes-e-infraestrutura/xen-server/configurando-o-xenserver-para-monitoramento-de-containers-docker -
I found another workaround (one-step solution) for the "Unable to verify key-based authentication error" without having to mess with any of the python packaging.
Adding
PubkeyAcceptedKeyTypes +ssh-rsa
To your /etc/ssh/sshd_config file will make the VM accept the older authentication
-
@codycrypto this worked! thank you so much!
-
@johnnyorange Glad I could help! Took me weeks to figure that out lol....I would caution using that in production though, not sure the security implications for accepting the older key type.
-