XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    sdn certs module

    Scheduled Pinned Locked Moved Xen Orchestra
    30 Posts 5 Posters 7.0k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eeldivad @BenjiReis
      last edited by

      @BenjiReis I'm having the same problem. When I leave cert-dir empty and turn on override-certs and click "Save Configuration" then it gives me this error. This is a fresh build from ronivay's github with nothing but the basics installed. See screenshots.

      ENOENT: no such file or directory, open '/var/lib/xo-server/data/sdn-controller/client-cert.pem'

      sdn.png

      DanpD 1 Reply Last reply Reply Quote 0
      • DanpD Offline
        Danp Pro Support Team @eeldivad
        last edited by

        @eeldivad I suggest that you run this in an ssh session to monitor the logs and then retry saving the plugin settings --

        journalctl -u xo-server -f -n 50

        My guess would be some type of rights issue, but I don't see this same behavior on my XO from sources VM.

        E 1 Reply Last reply Reply Quote 0
        • E Offline
          eeldivad @Danp
          last edited by eeldivad

          @Danp I just checked the logs and it's the same I listed above. I installed this as non-root user with sudo rights and then i rebuilt the vm with root permissions. This is a fresh install on a fresh OS so must be a bug somewhere. The problem is it doesn't auto-generate the keys as it said it would if I don't specify a path. If I create those 3 key files in a folder and specify the path then it will save properly. But these are blank files I created as I'm not sure how to generate them myself with openssl. Does anyone happen to have the command to use? This is just a test lab so I don't want to deal with letsencrypt or external certificate authorities.
          Error: ENOENT: no such file or directory, open '/var/lib/xo-server/data/sdn-controller/client-cert.pem'

          DanpD 1 Reply Last reply Reply Quote 0
          • DanpD Offline
            Danp Pro Support Team @eeldivad
            last edited by

            @eeldivad Does the directory /var/lib/xo-server/data/sdn-controller/ exist on your VM? This directory is created for me if it doesn't already exist, and the three PEM files are stored there when I click Save Configuration.

            I still suspect that you are dealing with a rights issue.

            E 1 Reply Last reply Reply Quote 0
            • E Offline
              eeldivad @Danp
              last edited by

              @Danp the folder exists. I see 2 pem files there but client-cert.pem is missing. So it looks like it tried to create the 3 pem files but failed to create the client-cert.pem. Any suggestion?

              ls /var/lib/xo-server/data/sdn-controller
              ca-cert.pem client-key.pem

              DanpD 1 Reply Last reply Reply Quote 0
              • DanpD Offline
                Danp Pro Support Team @eeldivad
                last edited by

                @eeldivad It's possible that it won't recreate the missing file because the other two are present. I would remove them and then retry to process.

                E 1 Reply Last reply Reply Quote 0
                • E Offline
                  eeldivad @Danp
                  last edited by eeldivad

                  @Danp i removed those 2 files and tried again. Now it hangs when I clicked on "Save configuration"
                  I see this in the log when it's hanging. I waited at least 5 minutes during the hang. I also noticed those 2 files were recreated in the same folder /var/lib/xo-server/data/sdn-controller so my guess is it's hanging trying to create the 3rd file client-cert.pem

                  Feb 16 19:59:25 xo-server[12428]: 2025-02-16T19:59:25.434Z xo:xo-server ERROR uncaught exception {
                  Feb 16 19:59:25 xo-server[12428]: error: TypeError: Cannot read properties of undefined (reading 'toString')
                  Feb 16 19:59:25 xo-server[12428]: at ReadFileContext.callback (/opt/xo/xo-builds/xen-orchestra-202502160214/node_modules/node-openssl-cert/index.js:3032:35)
                  Feb 16 19:59:25 xo-server[12428]: at FSReqCallback.readFileAfterOpen [as oncomplete] (node:fs:300:13)
                  Feb 16 19:59:25 xo-server[12428]: at FSReqCallback.callbackTrampoline (node:internal/async_hooks:130:17)
                  Feb 16 19:59:25 xo-server[12428]: }

                  E 1 Reply Last reply Reply Quote 0
                  • E Offline
                    eeldivad @eeldivad
                    last edited by olivierlambert

                    I restarted the service and see this error during start up

                    Feb 16 20:14:25 systemd[1]: Started XO Server.
Feb 16 20:14:26 xo-server[40452]: 2025-02-16T20:14:26.851Z xo:main INFO Configuration loaded.
Feb 16 20:14:26 xo-server[40452]: 2025-02-16T20:14:26.871Z xo:main INFO Web server listening on https://[::]:80
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.276Z xo:main INFO Setting up /robots.txt → /opt/xo/xo-builds/xen-orchestra-202502160214/packages/xo-server/robots.txt
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.342Z xo:main INFO Setting up / → /opt/xo/xo-web/dist/
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.342Z xo:main INFO Setting up /v6 → /opt/xo/xo-builds/xen-orchestra-202502160214/@xen-orchestra/web/dist
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.418Z xo:plugin INFO register audit
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.419Z xo:plugin INFO register auth-github
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.419Z xo:plugin INFO register auth-google
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-ldap
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-oidc
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-saml
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register backup-reports
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register load-balancer
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register netbox
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register perf-alert
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register sdn-controller
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register transport-email
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register transport-icinga2
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-nagios
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-slack
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-xmpp
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register usage-report
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register web-hooks
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register test
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.425Z xo:plugin INFO register test-plugin
Feb 16 20:14:27 xo-server[40452]: foobar
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.783Z xo:plugin INFO failed register test
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.783Z xo:plugin INFO Cannot read properties of undefined (reading 'default') {
Feb 16 20:14:27 xo-server[40452]:   error: TypeError: Cannot read properties of undefined (reading 'default')
Feb 16 20:14:27 xo-server[40452]:       at Xo.registerPlugin (file:///opt/xo/xo-builds/xen-orchestra-202502160214/packages/xo-server/src/index.mjs:369:18)
Feb 16 20:14:27 xo-server[40452]:       at runNextTicks (node:internal/process/task_queues:60:5)
Feb 16 20:14:27 xo-server[40452]:       at processImmediate (node:internal/timers:454:9)
Feb 16 20:14:27 xo-server[40452]:       at process.callbackTrampoline (node:internal/async_hooks:130:17)
Feb 16 20:14:27 xo-server[40452]: }
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "discoveryURL" is not defined at "#/anyOf/0" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: missing type "object" for keyword "required" at "#/anyOf/1/properties/advanced" (strictTypes)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "authorizationURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "issuer" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "userInfoURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "tokenURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-google
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-ldap
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-oidc
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-saml
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register netbox
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-email
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-icinga2
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-nagios
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-slack
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-xmpp
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register usage-report
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register web-hooks
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register test-plugin
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register backup-reports
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register load-balancer
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.895Z xo:plugin INFO successfully register auth-github
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.895Z xo:plugin INFO successfully register audit
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.896Z xo:plugin INFO successfully register perf-alert
Feb 16 20:14:28 xo-server[40452]: 2025-02-16T20:14:28.133Z xo:plugin INFO successfully register sdn-controller
                    DanpD 1 Reply Last reply Reply Quote 0
                    • DanpD Offline
                      Danp Pro Support Team @eeldivad
                      last edited by

                      @eeldivad I think that error is "normal" since the test-plugin isn't supposed to be loaded.

                      What is your Node version? Also, what is the commit number in the About screen?

                      E 1 Reply Last reply Reply Quote 0
                      • E Offline
                        eeldivad @Danp
                        last edited by eeldivad

                        @Danp I think this is the latest version. it's the latest when I run the install from
                        https://github.com/ronivay/XenOrchestraInstallerUpdater

                        cat /opt/xo/xo-server/package.json | grep version
                        "version": "5.170.0",

                        Here's the commit from about page.
                        https://github.com/vatesfr/xen-orchestra/commit/66e677d7cbf0089fd48db0c4de1293ffa44cb0d8

                        0 fbeauchamp committed to vatesfr/xen-orchestra 
                        feat(V2V/powerOff): handle queued state when stopping the VM (#8328)

zammad#34451
                        DanpD 1 Reply Last reply Reply Quote 0
                        • DanpD Offline
                          Danp Pro Support Team @eeldivad
                          last edited by

                          @eeldivad What does node -v return?

                          E 1 Reply Last reply Reply Quote 0
                          • E Offline
                            eeldivad @Danp
                            last edited by

                            @Danp it returns v20.18.3

                            DanpD 1 Reply Last reply Reply Quote 0
                            • DanpD Offline
                              Danp Pro Support Team @eeldivad
                              last edited by

                              @eeldivad That should be fine AFAIK. Are you able to replicate this issue in XOA or XO from sources that wasn't installed using a 3rd party script?

                              E 1 Reply Last reply Reply Quote 1
                              • E Offline
                                eeldivad @Danp
                                last edited by eeldivad

                                @Danp I created a new xoa vm using this official script
                                bash -c "$(wget --no-verbose -O- https://xoa.io/deploy)"

                                I logged in and the sdn controller wasn't available until I signed up for the trial. I updated xoa as well.
                                Looks like sdn controller is installed after I enabled the trial version.

                                Then I added a host and tried to create a private network and it failed with this error:
                                80AC6283327F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 48

                                2025-02-18T01:49:06.687Z xo:xo-server:sdn-controller:tls-connect ERROR TLS connection failed {
                                Feb 17 20:49:06 xoa xo-server[3661]: error: [Error: 80AC6283327F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 48
                                Feb 17 20:49:06 xoa xo-server[3661]: ] {
                                Feb 17 20:49:06 xoa xo-server[3661]: library: 'SSL routines',
                                Feb 17 20:49:06 xoa xo-server[3661]: reason: 'tlsv1 alert unknown ca',
                                Feb 17 20:49:06 xoa xo-server[3661]: code: 'ERR_SSL_TLSV1_ALERT_UNKNOWN_CA'
                                Feb 17 20:49:06 xoa xo-server[3661]: },
                                Feb 17 20:49:06 xoa xo-server[3661]: address: 'x.x.x.x',
                                Feb 17 20:49:06 xoa xo-server[3661]: port: 6640
                                Feb 17 20:49:06 xoa xo-server[3661]: }

                                Is anyone else having issues with SDN controller from a fresh xoa install? This is the 4 time I've reinstalled xoa with a fresh VM. I'm now using this version:

                                Current version: 5.102.1 - XOA build: 20241004

                                • node: 20.18.0
                                • npm: 10.8.3
                                • xen-orchestra-upload-ova: 0.1.6
                                • xen-orchestra-web: 0.6.0
                                • xo-cli-premium: 0.32.1
                                • xo-server: 5.168.1
                                • xo-server-audit-premium: 0.12.1
                                • xo-server-auth-github-premium: 0.3.1
                                • xo-server-auth-google-premium: 0.3.1
                                • xo-server-auth-ldap-premium: 0.10.10
                                • xo-server-auth-oidc-premium: 0.3.0
                                • xo-server-auth-saml-premium: 0.11.0
                                • xo-server-backup-reports-premium: 1.4.4
                                • xo-server-load-balancer-premium: 0.10.1
                                • xo-server-netbox-premium: 1.7.0
                                • xo-server-netdata-premium: 0.2.0
                                • xo-server-perf-alert-premium: 0.6.0
                                • xo-server-sdn-controller-premium: 1.0.11
                                • xo-server-telemetry: 0.7.0
                                • xo-server-transport-email-premium: 1.1.0
                                • xo-server-transport-icinga2-premium: 0.1.2
                                • xo-server-transport-nagios-premium: 1.0.2
                                • xo-server-transport-slack-premium: 0.0.1
                                • xo-server-transport-xmpp-premium: 0.1.3
                                • xo-server-usage-report-premium: 0.10.6
                                • xo-server-web-hooks-premium: 0.3.4
                                • xo-server-xoa: 0.29.3
                                • xo-web-premium: 5.167.0
                                • xoa-cli: 0.40.1
                                • xoa-updater: 0.50.7
                                E 1 Reply Last reply Reply Quote 0
                                • E Offline
                                  eeldivad @eeldivad
                                  last edited by

                                  @eeldivad i turned on "override-certs" option and it seems to work now. I'm still curious why the other build fails. Does anyone know how i can generate those 3 pem files manually to test?

                                  1 Reply Last reply Reply Quote 0

                                  Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                                  Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                                  With your input, this post could be even better 💗

                                  Register Login
                                  • First post
                                    Last post