"No Stats" Issue

deadman2141

Good day everyone,
I'm racking my brain trying to find a solution for my stats not working on a member of my pool and the pool itself.
Currently using XO Community Edition, set on commit 749f0.

What I can see so far is that the call for the stats is using an IP rather than the FQDN.

{
  "id": "0m7j80y0c",
  "properties": {
    "method": "vm.stats",
    "params": {
      "id": "8cf0448f-8c00-fa2b-8649-da0edda14b39",
      "granularity": "seconds"
    },
    "name": "API call: vm.stats",
    "userId": "c373ef53-7433-450e-814e-74df95dfad68",
    "type": "api.call"
  },
  "start": 1740411424812,
  "status": "failure",
  "updatedAt": 1740411424843,
  "end": 1740411424843,
  "result": {
    "code": "ERR_TLS_CERT_ALTNAME_INVALID",
    "reason": "IP: 192.168.10.81 is not in the cert's list: ",
    "host": "192.168.10.81",
    "cert": {

I'm guessing I've made a mistake in my pool creation, so any insight would be greatly appreciated!

James

P.S. I'm also getting multiple hung Xapi#getResource /rrd_updates tasks, if that's relevant.

ph7

@deadman2141
I also had some problem with stats running 749f0
I had no stats for ~ 15hours and then the host rebooted
All backups and Continuous replication ran fine during these ~ 15hours.

https://xcp-ng.org/forum/topic/10520/weird-performance-alert.-start-importing-vm-for-no-reason./2

TS79

@deadman2141 did you change your host's IP address after installation? That TLS certificate error and reason seem to indicate that the cert doesn't match the IP.

I found the link which might be worth looking at: https://docs.xcp-ng.org/guides/TLS-certificates-xcpng/

deadman2141

@ph7 I decided to do a reboot like you did, but it did not resolve the issue. During the time the second host was offline, the stats works as expected.

deadman2141

@TS79 I pawed though that a few times, because I have installed lets encrypt certificated. I should have included the rest of the error message:

  "result": {
    "code": "ERR_TLS_CERT_ALTNAME_INVALID",
    "reason": "IP: 192.168.10.81 is not in the cert's list: ",
    "host": "192.168.10.81",
    "cert": {
      "subject": {
        "CN": "xcp-ng2.disappointnetwork.com"
      },
      "issuer": {
        "C": "US",
        "O": "Let's Encrypt",
        "CN": "R11"
      },
      "subjectaltname": "DNS:xcp-ng2.disappointnetwork.com",
      "infoAccess": {
        "OCSP - URI": [
          "http://r11.o.lencr.org"
        ],
        "CA Issuers - URI": [
          "http://r11.i.lencr.org/"
        ]
      },

It looks like its giving back the valid certificate. But its making the call with an IP, not the host.domain. Unless I overlooked over something?

EDIT: I did not change the IP address after installation.

ph7

@deadman2141
Well, I didn't reboot it.
It did it to itself

deadman2141

@ph7 I suppose if I could read, I would have seen that
I'll check and see if over the next day it corrects itself.

deadman2141

Did some more digging, and found this from 2018.
https://github.com/vatesfr/xen-orchestra/issues/2723
Curious if that is still relevant almost 7 years later

If it is, then I wonder if there is another way to allow the connections other than xe host-emergency-disable-tls-verification
Not going to try that yet though.

jcharaoui created this issue in vatesfr/xen-orchestra

"No Stats" Issue

closed SSL certificate verification fails in stats query #2723