XCP-ng 8.3 betas and RCs feedback π
-
@ecoutinho at the moment, reinstalling is indeed the only solution to switch from BIOS to UEFI.
Note that the deprecation announcement comes with 8.3, but BIOS boot mode will still work and is still tested for this release. So you have some time to plan the switch.
-
@stormi I've upgraded the master in BIOS mode, and proceeded to reinstall one of the other hosts in UEFI mode, after having removed it from the pool. It went fine, until I tried to add the host back into the pool. This was not possible because the reinstalled host has Certificate Verification enabled, while the pool doesn't. Even if I host-emergency-disable-tls-verification, it's not possible to add the server back into the pool.
It seems I'll have to upgrade the other hosts in BIOS mode, enable certificate verification on the pool and then add this host. I guess I'll reinstall the other hosts in UEFI mode on a future upgrade.
-
@ecoutinho You can enable TLS verification on the pool then join the new host. Or disable it on the new host but that's a downgrade of this new security feature meant to protect against MITM attacks.
-
@stormi Thanks for your suggestions. I've tried to enable it on the pool:
# xe pool-enable-tls-verification This operation is not supported during an upgrade.I have to finish the upgrade of the other hosts before enabling it on the pool.
As for disabling it on the new host, I didn't find any way to do it permanently. I just found the host-emergency-disable-tls-verification option, which does not disable it completely, and doesn't allow to add it to a pool without TLS verification. Would you clarify how to disable it on the new host?
I will enable it on the pool when the upgrade is finished.
-
@ecoutinho I don't see a way to disable TLS verification, but anyway I wouldn't join a host to a pool which is currently being upgraded. I even suspect XAPI would refuse.
-
@stormi OK, thanks, I'll finish upgrading the other hosts.
-
@brezlord If you haven't reinstalled it yet, yes, we could use more information about the host, the PCI passthrough setup on it, how the error is triggered exactly, and various logs. And/or a support tunnel to have a look by ourselves.
-
@brezlord Can you sahre the value you put in the xen-cmdline on 8.2?
I think the XAPI awaits this format:
xen-pciback.hide=(pci-id1)(pci-id2)...and will fail the value doesn't match this format. -
@BenjiReis Sorry I have destroyed the host and loaded a fresh install of 8.3. If you'd like I can install 8.2 on a host and pass through a pci device via the cmd then upgrade to 8.3 and see if the error is reproducible.
-
@brezlord If it's not to much a bother that would be great yeah.
Comparing the xen-cmdline when doing the passthrough manually on 8.2 VS how it looks on 8.3 and when done via the XAPI. -
I'm pushed a new set of updates, hopefully the last one before the release of XCP-ng 8.3.0 RC2, which itself should be followed shortly by the release of XCP-ng 8.3.0 itself.
Main packages
- intel-microcode-20240717-1.xcpng8.3: updated microcode for Intel vulnerabilities
- sm-3.2.3-1.4.xcpng8.3: fix the cause of a warning displayed during update, and restore changes that we had removed because they were suspected to cause issues in some cases with iSCSI, but revealed themselves necessary to support another kind of setup.
- vim-7.4.629-8.el7_9 (which provides
vim-minimal, installed by default): bugfixes and security fixes - xapi-24.19.2-1.3.xcpng8.3: Fixes an issue where new fields in XAPI DB for certificate fingerprints were not populated, which under some circumstances caused joining new hosts to a pool fail.
- xcp-ng-release-8.3.0-28:
- Update repository files for CentOS and EPEL.
- Point at repo.vates.tech for CentOS since mirrorlist.centos.org was cut
- Add "(EOL)" to repo descriptions for EOL repos
- Drop unused repos
Optional package
- kernel-alt-4.19.316+1-2.xcpng8.3: Enable CONFIG_X86_AMD_PLATFORM_DEVICE in kernel config
- ldns-1.7.0-21.xcpng8.3 + libreswan-4.12-2.3.1.xcpng8.3: security updates
-
On my 8.3 test pool I am unable to create SR ISO libary (SMB/cifs).
On my production pools with XCP-NG 8.2.x it does work as expected.
-
Can you provide a bit more details? Errors and such.
-
@olivierlambert
yes I can
on dom0:
mount -t cifs --verbose -o username=admin,password=******** //192.168.1.202/iso /mnt/test mount.cifs kernel mount options: ip=192.168.1.202,unc=\\192.168.1.202\iso,user=admin,pass=******** mount error(112): Host is downXCP-NG Center:
Creating ISO SR 'SMB ISO library' on 'IT1HALIZARD-TEST1' Unable to mount the directory specified in device configuration request it1xcp-ng-test-slave1 Sep 5, 2024 12:59 PM DismissXO from Sources:
sr.createIso { "host": "c1f34b07-c4dc-4584-8bc0-a01bcec81c5b", "nameLabel": "test", "nameDescription": "test", "path": "\\\\192.168.1.202\\public\\iso", "type": "smb", "user": "admin", "password": "* obfuscated *" } { "code": "SR_BACKEND_FAILURE_222", "params": [ "", "Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)]", "" ], "call": { "method": "SR.create", "params": [ "OpaqueRef:cee521f7-dc00-5d91-1499-6143d2fd0040", { "type": "cifs", "username": "admin", "cifspassword": "* obfuscated *", "location": "//192.168.1.202/public/iso" }, 0, "test", "test", "iso", "iso", true, {} ] }, "message": "SR_BACKEND_FAILURE_222(, Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)], )", "name": "XapiError", "stack": "XapiError: SR_BACKEND_FAILURE_222(, Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)], ) at Function.wrap (file:///srv/xen-orchestra/packages/xen-api/_XapiError.mjs:16:12) at file:///srv/xen-orchestra/packages/xen-api/transports/json-rpc.mjs:38:21 at runNextTicks (node:internal/process/task_queues:60:5) at processImmediate (node:internal/timers:447:9) at process.callbackTrampoline (node:internal/async_hooks:128:17)" }The SR is mounted on our production pools.
-
Well, clearly, as it comes from 2 different systems (XOA and XCP-ng) you have an issue to reach this IP address. It's simply not up and running or not connected to this IP (or blocked) from XCP-ng/XO perspective.
-
Don't know if this is the right place for this forum post.
But is it possible to pass through Usb keyboard, mouse or bluetooth adapter to a vm? None of these things appear in Xen Orchestra.
Smart house z-wave usb stick appears right away in Xen Orchestra
Or must I buy a usb to pcie card and passthrough this to vm to make it work
-
I think yes, but probably need some tinkering in the USB script filtering some devices for security reasons. It's documented: https://docs.xcp-ng.org/compute/#passing-through-keyboards-and-mice
-
@olivierlambert ok thanks
-
-
Is there a way to track the progress of applying patches to a host? I'm updating the master of one of my pools and it dropped out of XO and hasn't come back yet. I don't recall applying patches to take this long normally.
