XCP-ng 8.3 betas and RCs feedback 🚀
-
@psafont Will a 8.2 to 8.3 upgrade (through the installation ISO) leave TLS verification disabled, or will it enable it by default?
In other words: must we expect any user who upgrades from 8.2 or lower and then later wants to add a new host to the pool to see this error (and likely ask for help, even if we document it properly - and we would of course)?
-
@stormi said in XCP-ng 8.3 beta
:@psafont Will a 8.2 to 8.3 upgrade (through the installation ISO) leave TLS verification disabled, or will it enable it by default?
It's not enabled by default, enabling it by default is not possible with the current update procedure where the pool coordinator is updated before the other pool member because these do not expose the new certificates to xmlrpc clients before upgrading, breaking communications.
In other words: must we expect any user who upgrades from 8.2 or lower and then later wants to add a new host to the pool to see this error (and likely ask for help, even if we document it properly - and we would of course)?
Yes
-
@psafont that's good to know, there were disturbingly few results when I searched for the error or the command.
This post is actually the top result for me now alongside a blog post from Oliver that wasn't there originally.
-
I just pushed a few updates to the XCP-ng 8.3 repositories. Update as usual.
- blktap, sm, tzdata: requirements for supporting XOSTOR on XCP-ng 8.3
- xsconsole: now displays VLAN number for each NIC (improvement contributed by XCP-ng users: https://github.com/xapi-project/xsconsole/pull/6)
closed add vlan display on xsconsole #6
-
Hi stormi !
Thanks for the wonderful release. Here are my 2 cents after preliminary testing :
Bugs Found :
The iso creates the partitions: 1,2,3,5,6 ( Partition No. 4 seems to be missing ), this is when NO SR is created at the time of install.Improvements Found [ Over previous Releases] :
The IP is allotted much faster than in 8.3 alpha release which took a long time to set-up the network.Other Notes:
Dual-Stack without static IPv6 does not seem to work. I don't know if this is a bug. Also if Dual-stack is selected at the time of installation, and the Router/DHCP does not support IPv6, even IPv4 is not allotted. Technically, if IPv6 is not available, then IPv4 should be allotted and IPv6 left without allotment. But in this case the whole system seems to have no network.Test Specs :
Processor : Intel 8700
RAM : 32 GB
SSD : 512GB + 1 TBPlease note that this is a preliminary test only and I would conduct more tests soon on Ryzen 5950X also.
Thanks once again for your quick releases !
-
Hi @gb-123 thanks for the tests
Can you be more precise with your Dual stack issue reports?
- are you encountering issue during the isntall or after when XCP-ng is installed?
Ipv4 and 6 configuration are independant from one another so it surprises me.
- are you encountering issue during the isntall or after when XCP-ng is installed?
-
It was just a preliminary test.
There seems to be no problem when installing. Its just that when dual stack is chosen, and the router ipv6 dhcp is disabled, xcp-ng gets no network.
I was expecting that in case IPv6 is not available, IPv4 would get allotted. Rather if both are available, both would get allotted.
This may be a router issue, I will have to dig deeper into this. That's Why I put it to 'Other Notes' instead of 'Bug' section.
-
@gb-123 I see, the behavior should be as you said that IPv4 would be alloted.
Can you runxe pif-param-list uuid={uuid}on your host to see what's the ip abd ipv6 onfig says?Thx
-
Actually, I have re-installed the server with ipv4 only since it was not getting network and the server was needed. But I'll try and do some tests over the weekend.
-
New Security Update Candidates (Xen and AMD CPUs) for Zenbleed
Xen is being updated to mitigate hardware vulnerabilities in AMD CPUs.
- Upstream (Xen project) advisory: XSA-433
This issue affects systems running AMD Zen 2 CPUs. Under specific microarchitectural circumstances, it may allow an attacker to potentially access sensitive information.
As this flaw can be critical for AMD Zen 2 users, we integrated the patch into our 8.3. You can read about this vulnerability on our blog here. This update includes the latest bugfix of this patch from upstream. You can read about it here on the blog.
Test on XCP-ng 8.3
From an up to date host:
yum clean metadata --enablerepo=xcp-ng-testing yum update "xen-*" amd-microcode --enablerepo=xcp-ng-testing rebootVersions:
- xen-*: xen-4.13.5-10.42.3.xcpng8.3
- amd-microcode: amd-microcode-20220930-2.1.xcpng8.3
What to test
Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.
Test window before official release of the updates
None defined, but early feedback is always better than late feedback, which is in turn better than no feedback
-
@gb-123 said in XCP-ng 8.3 beta
:Bugs Found :
The iso creates the partitions: 1,2,3,5,6 ( Partition No. 4 seems to be missing ), this is when NO SR is created at the time of install.Hi. I think this is on purpose, in the installer code coming initially from XenServer, so that partitions with a given number always serve the same purpose.
-
I'm publishing new updates to the base repository of XCP-ng 8.3:
- Security fixes for AMD
- Debian 12 VM template
- Removal of the old and unused experimental EXT4 SR driver. Don't jump: the main EXT SR driver still uses EXT4. I'm talking of the old experimental driver we added back then when the default EXT driver would use EXT3 only. This experimental driver has been deprecated since XCP-ng 8.1.
- smartmontools updated to version 7 which brings JSON output
- A fix for live migration support in IPv6-only pools
-
Hi, I saw we are still using 4.13.5-10.42.1 version of Xen in beta, however, I noticed that there was plan to use 4.17.x by https://en.wikipedia.org/wiki/XCP-ng. I am wondering what is the roadmap of xen in xcp-ng eventually? Do we have upgrade plan for Xen?
-
Great work,
BTW, would it be possible to add nvme-cli to the installer image? It would be nice if we could actually attach NVMeOF at install time and install to NVMeOF volumes
(While keeping /boot either on USB/SD locally or on iSCSI), this way we could easily provision a cluster of diskless hosts, while keeping system storage redundancy by using MD RAID between two NVMEoF volumes located on different target hosts.(with some manual work to attach NVMeOF before mounting root)
-
@lyan Yes, for a version 9.0, because a major number change means we can make huge bump in kernel and Xen versions
-
@POleszkiewicz Interesting, might worth doing a PoC with this to see if it works correctly. Can you open an issue on the main XCP Github repo?
-
To pave the way, you can also modify the installation ISO with https://github.com/xcp-ng/xcp/tree/master/scripts/iso-remaster: add nvme-cli inside
install.img, rebuild the ISO, and see how the installer behaves. -
@olivierlambert nice, out of curiosity, what is the rough timeline for the 9.0 release,
-
Hello, I have encountered a crash with kernel panic and loop reboot on a working 8.2 install. XCP-NG was on a RAID1 SSD partition and datas on a RAID 10 SSD partition. I found no error on the SSDs (which are Enterprise quality) and had no idea how to get a simple way to have the VMs up and running if I wiped and completely reinstall XCP-NG.
So, I did a quick and dirty repair remotely through the DELL R420 IDRAC : upgrading the broken 8.2 with the 8.3 beta ISO and it worked perfectly.
Nevertheless, IDRAC is showing 192 Gb ram and XCP-NG 8.3 see only 144 Gb .
I suspect a RAM issue unless there is something wrong in the beta release.My concern is: how can I move the VMs to another DELL R820 server which should be running 8.2 (since running a beta on production is a very bad practice) ?
Should I have to export in XVA files the VMs or should 8.2 could accept motion move ? or backup and restore with XenOrchestra ?Thanks for your advices.
Kind regards,
Laurent
-
Live migration from 8.3 to 8.2 is not possible. You can't migrate to a lower release. Warm migration using XenOrchestra is possible.
See this blog post which explains the principle: https://xen-orchestra.com/blog/warm-migration-with-xen-orchestra/
