• Hey XCP-NG! How's my setup?

    Share your setup!
    10
    2
    1 Votes
    10 Posts
    320 Views
    T
    I've got some updates on the old diagram, and two new ones to add in! [image: 1753485834331-reference-diagram.drawio-resized.png] I've migrated over to XCP 8.3 LTS since it's released! Alongside that I've installed a few applications, condensed some others into group names in the chart, and migrated the ZFS pools for OS storage to better NVME hardware, also added L2ARC in front of the HDD storage. Since MxGPU is no longer supported in the way that it was, I instead had to change the number of VDI max from 4 to 2. Instead of MxGPU, each GPU is PCI-passthru directly to the VMs instead. [image: 1753486012677-dev-diagram.drawio.png] I've also expanded upon how the Dev section is setup, as it has it's own write-up This environment is composed of three core network zones, designed to mimic a typical hybrid enterprise setup: Development VLAN Functions as a proxy-to-internet zone used to hijack or intercept DNS and service calls as needed. It enables testing of redirect logic, hostname spoofing, or simulating cloud resources and CDN endpoints. Internal Host Transit Network A dedicated transit layer that links all Opnsense VMs with static routing only, simulating WAN connectivity across isolated customer domains while allowing controlled traffic flows between them. Domain Networks (White, Gray, Black) Each domain resides in its own internal network segment with no direct internet access. These simulate fully isolated customer environments. All connectivity is routed through the Opnsense perimeter via the transit network. Domain, OS Generation, Windows Stack, Linux Stack White, Modern, Server 2022/Windows 11, RHEL 9, Ubuntu 24 Gray, Prior Gen, Server 2019/Windows 10, RHEL 8, Ubuntu 22 Black, Legacy, Server 2012 R2/Windows 7, RHEL 6, Ubuntu 16 [image: 1753486160941-classroom-diagram.drawio.png] And then I've also setup my old classroom, this was as simpler design used when I taught A+ and Net+ certifications. The first years focused on A+ and we had hardware examples, as well as I created VMs that were broken/infected/improperly configured and general virtualization for anything else. We avoided using the actual workstations in examples lol. Second years had their own server rack with it's own network gear and server for use, they primarily focused on Net+ Been fun all the way and XCP-NG has made a lot of it possible. Thanks for all ya do!
  • 0 Votes
    7 Posts
    26 Views
    B
    @Danp THANKS! That did the trick. I was able to clean up after doing that. Thanks so much!
  • Managing a host using a proxy

    Management
    24
    0 Votes
    24 Posts
    6k Views
    J
    To manage an XCP-ng host through a proxy, you’ll need to configure your management tools (like XenCenter or XCP-ng Center) to use the proxy settings. The host itself doesn’t have built-in proxy options, so the proxy setup is done on the client side.
  • 0 Votes
    4 Posts
    36 Views
    Vincent GV
    @lsouai-vates
  • Expanded VM View Display Issue for Debian based VMs

    Xen Orchestra
    4
    1
    0 Votes
    4 Posts
    20 Views
    olivierlambertO
    It's not a branch question, you need to build XO 6: yarn run turbo run build --filter @xen-orchestra/web
  • Full or not?

    Backup
    1
    1
    0 Votes
    1 Posts
    24 Views
    No one has replied
  • XCP-ng 8.2 updates announcements and testing

    Pinned Moved News
    713
    2 Votes
    713 Posts
    1m Views
    gduperreyG
    New security update candidate A new XSA (Xen Security Advisory) was published on the 8th of July, and an update to Xen addresses it. Security updates linux-firmware: Update to 20250626-1 as redistributed by XenServer. xen-*: Fix XSA-471 - New speculative side-channel attacks have been discovered, affecting systems running all versions of Xen and AMD Fam19h CPUs (Zen3/4 microarchitectures). An attacker could infer data from other contexts. There are no current mitigations, but AMD is producing microcode to address the issue, and patches for Xen are available. These attacks, named Transitive Scheduler Attacks (TSA) by AMD, include CVE-2024-36350 (TSA-SQ) and CVE-2024-36357 (TSA-L1). Test on XCP-ng 8.2 yum clean metadata --enablerepo=xcp-ng-testing yum update --enablerepo=xcp-ng-testing reboot The usual update rules apply: pool coordinator first, etc. Versions: linux-firmware: 20190314-11.3.xcpng8.2 xen: 4.13.5-9.49.3.xcpng8.2 What to test On Intel platform: Normal use and anything else you want to test. On AMD platform zen3 or zen4: Normal use of course On a Linux guest, with cpuid installed, run the command following command: lscpu | grep -q AMD && lscpu | grep -qi "cpu family.* 25$" && [ $(($(cpuid -1 -r -l 0x80000021 | grep eax | sed -r 's/.*eax=([^ ]+) .*/\1/') & 0x20)) -eq 32 ] && echo OK This should print OK if your system is protected against XSA-471. Test window before official release of the updates ~3 days.
  • mirror backup to S3

    Backup
    19
    0 Votes
    19 Posts
    443 Views
    robytR
    @florent said in mirror backup to S3: @robyt your doiing incremental backup with 2 step : complete backup ( full/key disks) and delta (differencing/incremental) Both of theses are transfered through an incremental mirror on the other hand if you do Backup , it build one xva file per VM containing all the VM data at each backup. These are transfered through a Full backup mirror we are working on clarifying the vocabularyahhhh... the full mirror to S3 is not necessary
  • Backup schedule

    Backup
    2
    3
    0 Votes
    2 Posts
    20 Views
    olivierlambertO
    Question for @florent
  • 0 Votes
    25 Posts
    634 Views
    bleaderB
    I think whatever solution suits you will work. Personally, if I know there are issues with it, I would tend to disable it in the bios, to be sure nobody tries to use it later and waste their time, in a enterprise settings, that can be important. One thing to keep in mind if keeping it, is that if you want to add other hosts to the pool, they will need to have similar network topology, so if you endup having eth0 and eth1 with your current management network on eth1, any new host should be able to have its management on eth1 as well. You may work around it with interface renaming, but that tends to get messy over time. That being said, I'm unsure even removing the realtek nic from the bios will change the interface number now that eth1 exists already and is configured. If you don't plan to add hosts to the pool, and don't have a team with people that may act on these machines in the future without being aware of this setup history, leaving it connected and disabling the port on switch should not be an issue.
  • 0 Votes
    3 Posts
    36 Views
    K
    @johnny I think the Vates VMS (whether you go with paid support or not) would fit your use case perfectly. Since each host is essentially a pool of one, you would pretty much have multiple pools managed by a single Xen Orchestra instance (giving you a single pane of glass, if you will). You could augment this with XCP-ng Center. As @olivierlambert correctly inquired, you should contact the Vates Team and have an in-depth discussion into your situation.
  • Unable to add new node to pool using XOSTOR

    XOSTOR
    10
    0 Votes
    10 Posts
    204 Views
    henri9813H
    Hello, I tried on a new pool. a little different scenario since i don't create xostor for now, on my previous example, i tried to add a node as replacement of an existing one.. I just run the install script only on node 1. When i try make node2 join the pool, i reproduce the incompatible sm error i got previously. The things which is "bizarre", is i don't have the license issue i got on Xen-orchestra. ( maybe it was finally not related ? ) Here is the complete logs. pool.mergeInto { "sources": [ "17510fe0-db23-9414-f3df-2941bd34f8dc" ], "target": "cc91fcdc-c7a8-a44c-65b3-a76dced49252", "force": true } { "code": "POOL_JOINING_SM_FEATURES_INCOMPATIBLE", "params": [ "OpaqueRef:090b8da1-9654-066c-84f9-7ab15cb101fd", "" ], "call": { "duration": 1061, "method": "pool.join_force", "params": [ "* session id *", "<MASTER_IP>", "root", "* obfuscated *" ] }, "message": "POOL_JOINING_SM_FEATURES_INCOMPATIBLE(OpaqueRef:090b8da1-9654-066c-84f9-7ab15cb101fd, )", "name": "XapiError", "stack": "XapiError: POOL_JOINING_SM_FEATURES_INCOMPATIBLE(OpaqueRef:090b8da1-9654-066c-84f9-7ab15cb101fd, ) at Function.wrap (file:///etc/xen-orchestra/packages/xen-api/_XapiError.mjs:16:12) at file:///etc/xen-orchestra/packages/xen-api/transports/json-rpc.mjs:38:21 at runNextTicks (node:internal/process/task_queues:60:5) at processImmediate (node:internal/timers:454:9) at process.callbackTrampoline (node:internal/async_hooks:130:17)" }```
  • Vm.migrate Operation blocked

    Compute
    7
    0 Votes
    7 Posts
    1k Views
    K
    @fanuelsen I was having a similar problem just now with XCP-NG 8.3 LTS and the latest XO. I was unable to migrate an MCS-created VM using XO (I was doing a Host Migrate within the pool only; no storage migration). Oddly, I was able to do the Host Migration using XCP-NG Center. This was in a production Pool that I had recently set up, and this time I had been given a dedicated 10Gbps team with VLANs for migration and host management, and two separate 10Gbps teams for storage and for VMs, respectively. To get live migration of my MCS-created VMs to work, I had to delete the Default Migration Network on the Pool's Advanced tab. I don't see a downside to doing this as all my NICs are 10Gbps, so all NICs should operate at roughly the same speed. ETA: With the Default Migration Network deleted, I have confirmed that migration traffic defaults to going over the management NICs where it is desired rather than going over the storage or VM NICs.
  • XSA-468: multiple Windows PV driver vulnerabilities - update now!

    News
    65
    3 Votes
    65 Posts
    4k Views
    G
    @TrapoSAMA All of mine are 2022, but saw this in previous driver versions with 2025. Low priority on this so I haven't fixed it yet.
  • 0 Votes
    16 Posts
    823 Views
    florentF
    @afk said in What is the status/roadmap of V2V (Migrating from VMware to XCPng/XO) ?: Great news ! Thanks @olivierlambert and @florent and let me know if you need some information on the vmware side. yes we are prototyping with vddk , it should open some interesting possibilities. stay tuned, hopefully by the end of the summer (I am saying it again : for a prototype) as a shameless plug, we are looking for users with VSAN to ensure we don't break thing for it
  • Multiple disks groups

    XOSTOR
    1
    0 Votes
    1 Posts
    27 Views
    No one has replied
  • 0 Votes
    6 Posts
    84 Views
    P
    Since I updated 'everything' involved yesterday, the problems remain (this night's backups failed with the similar problem). As I'm again 6 commits behind the current version, I cannot create a useful bug report, so I'll just update and wait for the next scheduled backups to run (nothing the night towards Thursday, the next sequence will run at the night towards Friday)
  • Need Help Understanding the VM Suspend Process

    Solved Management
    11
    2
    0 Votes
    11 Posts
    115 Views
    K
    @olivierlambert Yes sir, it is and I'm glad I confirmed this for myself. Thanks also for helping me understand how the VM Suspend process works. Hopefully this post helps other newbies with the same understanding in the future.
  • How do I diagnose a missing VDI error with Mirror backups

    Backup
    5
    0 Votes
    5 Posts
    116 Views
    C
    Thank you @florent. I'll do that. Update: It worked.
  • Intel x710-t2l Problems

    Hardware
    6
    0 Votes
    6 Posts
    78 Views
    olivierlambertO
    Have you checked: https://docs.xcp-ng.org/troubleshooting/common-problems/#tcp-segmentation-offload-tso-decreasing-performances https://docs.xcp-ng.org/troubleshooting/common-problems/#tcp-segmentation-offload-tso-decreasing-performances And for Pfsense: https://docs.xcp-ng.org/guides/pfsense/#3-disable-tx-checksum-offload