sdn certs module

olivierlambert

Well done

adriangabura

Great! Your team proves just how legendary it is once again! Thank you!

eeldivad

@BenjiReis I'm having the same problem. When I leave cert-dir empty and turn on override-certs and click "Save Configuration" then it gives me this error. This is a fresh build from ronivay's github with nothing but the basics installed. See screenshots.

ENOENT: no such file or directory, open '/var/lib/xo-server/data/sdn-controller/client-cert.pem'

Danp

@eeldivad I suggest that you run this in an ssh session to monitor the logs and then retry saving the plugin settings --

journalctl -u xo-server -f -n 50

My guess would be some type of rights issue, but I don't see this same behavior on my XO from sources VM.

eeldivad

@Danp I just checked the logs and it's the same I listed above. I installed this as non-root user with sudo rights and then i rebuilt the vm with root permissions. This is a fresh install on a fresh OS so must be a bug somewhere. The problem is it doesn't auto-generate the keys as it said it would if I don't specify a path. If I create those 3 key files in a folder and specify the path then it will save properly. But these are blank files I created as I'm not sure how to generate them myself with openssl. Does anyone happen to have the command to use? This is just a test lab so I don't want to deal with letsencrypt or external certificate authorities.
Error: ENOENT: no such file or directory, open '/var/lib/xo-server/data/sdn-controller/client-cert.pem'

Danp

@eeldivad Does the directory /var/lib/xo-server/data/sdn-controller/ exist on your VM? This directory is created for me if it doesn't already exist, and the three PEM files are stored there when I click Save Configuration.

I still suspect that you are dealing with a rights issue.

eeldivad

@Danp the folder exists. I see 2 pem files there but client-cert.pem is missing. So it looks like it tried to create the 3 pem files but failed to create the client-cert.pem. Any suggestion?

ls /var/lib/xo-server/data/sdn-controller
ca-cert.pem client-key.pem

Danp

@eeldivad It's possible that it won't recreate the missing file because the other two are present. I would remove them and then retry to process.

eeldivad

@Danp i removed those 2 files and tried again. Now it hangs when I clicked on "Save configuration"
I see this in the log when it's hanging. I waited at least 5 minutes during the hang. I also noticed those 2 files were recreated in the same folder /var/lib/xo-server/data/sdn-controller so my guess is it's hanging trying to create the 3rd file client-cert.pem

Feb 16 19:59:25 xo-server[12428]: 2025-02-16T19:59:25.434Z xo:xo-server ERROR uncaught exception {
Feb 16 19:59:25 xo-server[12428]: error: TypeError: Cannot read properties of undefined (reading 'toString')
Feb 16 19:59:25 xo-server[12428]: at ReadFileContext.callback (/opt/xo/xo-builds/xen-orchestra-202502160214/node_modules/node-openssl-cert/index.js:3032:35)
Feb 16 19:59:25 xo-server[12428]: at FSReqCallback.readFileAfterOpen [as oncomplete] (node:fs:300:13)
Feb 16 19:59:25 xo-server[12428]: at FSReqCallback.callbackTrampoline (node:internal/async_hooks:130:17)
Feb 16 19:59:25 xo-server[12428]: }

eeldivad

I restarted the service and see this error during start up

Feb 16 20:14:25 systemd[1]: Started XO Server.
Feb 16 20:14:26 xo-server[40452]: 2025-02-16T20:14:26.851Z xo:main INFO Configuration loaded.
Feb 16 20:14:26 xo-server[40452]: 2025-02-16T20:14:26.871Z xo:main INFO Web server listening on https://[::]:80
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.276Z xo:main INFO Setting up /robots.txt → /opt/xo/xo-builds/xen-orchestra-202502160214/packages/xo-server/robots.txt
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.342Z xo:main INFO Setting up / → /opt/xo/xo-web/dist/
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.342Z xo:main INFO Setting up /v6 → /opt/xo/xo-builds/xen-orchestra-202502160214/@xen-orchestra/web/dist
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.418Z xo:plugin INFO register audit
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.419Z xo:plugin INFO register auth-github
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.419Z xo:plugin INFO register auth-google
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-ldap
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-oidc
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.420Z xo:plugin INFO register auth-saml
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register backup-reports
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register load-balancer
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register netbox
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.421Z xo:plugin INFO register perf-alert
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register sdn-controller
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register transport-email
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.422Z xo:plugin INFO register transport-icinga2
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-nagios
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-slack
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.423Z xo:plugin INFO register transport-xmpp
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register usage-report
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register web-hooks
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.424Z xo:plugin INFO register test
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.425Z xo:plugin INFO register test-plugin
Feb 16 20:14:27 xo-server[40452]: foobar
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.783Z xo:plugin INFO failed register test
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.783Z xo:plugin INFO Cannot read properties of undefined (reading 'default') {
Feb 16 20:14:27 xo-server[40452]:   error: TypeError: Cannot read properties of undefined (reading 'default')
Feb 16 20:14:27 xo-server[40452]:       at Xo.registerPlugin (file:///opt/xo/xo-builds/xen-orchestra-202502160214/packages/xo-server/src/index.mjs:369:18)
Feb 16 20:14:27 xo-server[40452]:       at runNextTicks (node:internal/process/task_queues:60:5)
Feb 16 20:14:27 xo-server[40452]:       at processImmediate (node:internal/timers:454:9)
Feb 16 20:14:27 xo-server[40452]:       at process.callbackTrampoline (node:internal/async_hooks:130:17)
Feb 16 20:14:27 xo-server[40452]: }
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "discoveryURL" is not defined at "#/anyOf/0" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: missing type "object" for keyword "required" at "#/anyOf/1/properties/advanced" (strictTypes)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "authorizationURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "issuer" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "userInfoURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: strict mode: required property "tokenURL" is not defined at "#/anyOf/1/properties/advanced" (strictRequired)
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-google
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-ldap
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-oidc
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register auth-saml
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register netbox
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-email
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-icinga2
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-nagios
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-slack
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register transport-xmpp
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register usage-report
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register web-hooks
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register test-plugin
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register backup-reports
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.883Z xo:plugin INFO successfully register load-balancer
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.895Z xo:plugin INFO successfully register auth-github
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.895Z xo:plugin INFO successfully register audit
Feb 16 20:14:27 xo-server[40452]: 2025-02-16T20:14:27.896Z xo:plugin INFO successfully register perf-alert
Feb 16 20:14:28 xo-server[40452]: 2025-02-16T20:14:28.133Z xo:plugin INFO successfully register sdn-controller

Danp

@eeldivad I think that error is "normal" since the test-plugin isn't supposed to be loaded.

What is your Node version? Also, what is the commit number in the About screen?

eeldivad

@Danp I think this is the latest version. it's the latest when I run the install from
https://github.com/ronivay/XenOrchestraInstallerUpdater

cat /opt/xo/xo-server/package.json | grep version
"version": "5.170.0",

Here's the commit from about page.
https://github.com/vatesfr/xen-orchestra/commit/66e677d7cbf0089fd48db0c4de1293ffa44cb0d8

0

fbeauchamp committed to vatesfr/xen-orchestra

feat(V2V/powerOff): handle queued state when stopping the VM (#8328)

zammad#34451

Danp

@eeldivad What does node -v return?

eeldivad

@Danp it returns v20.18.3

Danp

@eeldivad That should be fine AFAIK. Are you able to replicate this issue in XOA or XO from sources that wasn't installed using a 3rd party script?

eeldivad

@Danp I created a new xoa vm using this official script
bash -c "$(wget --no-verbose -O- https://xoa.io/deploy)"

I logged in and the sdn controller wasn't available until I signed up for the trial. I updated xoa as well.
Looks like sdn controller is installed after I enabled the trial version.

Then I added a host and tried to create a private network and it failed with this error:
80AC6283327F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 48

2025-02-18T01:49:06.687Z xo:xo-server:sdn-controller:tls-connect ERROR TLS connection failed {
Feb 17 20:49:06 xoa xo-server[3661]: error: [Error: 80AC6283327F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 48
Feb 17 20:49:06 xoa xo-server[3661]: ] {
Feb 17 20:49:06 xoa xo-server[3661]: library: 'SSL routines',
Feb 17 20:49:06 xoa xo-server[3661]: reason: 'tlsv1 alert unknown ca',
Feb 17 20:49:06 xoa xo-server[3661]: code: 'ERR_SSL_TLSV1_ALERT_UNKNOWN_CA'
Feb 17 20:49:06 xoa xo-server[3661]: },
Feb 17 20:49:06 xoa xo-server[3661]: address: 'x.x.x.x',
Feb 17 20:49:06 xoa xo-server[3661]: port: 6640
Feb 17 20:49:06 xoa xo-server[3661]: }

Is anyone else having issues with SDN controller from a fresh xoa install? This is the 4 time I've reinstalled xoa with a fresh VM. I'm now using this version:

Current version: 5.102.1 - XOA build: 20241004

node: 20.18.0
npm: 10.8.3
xen-orchestra-upload-ova: 0.1.6
xen-orchestra-web: 0.6.0
xo-cli-premium: 0.32.1
xo-server: 5.168.1
xo-server-audit-premium: 0.12.1
xo-server-auth-github-premium: 0.3.1
xo-server-auth-google-premium: 0.3.1
xo-server-auth-ldap-premium: 0.10.10
xo-server-auth-oidc-premium: 0.3.0
xo-server-auth-saml-premium: 0.11.0
xo-server-backup-reports-premium: 1.4.4
xo-server-load-balancer-premium: 0.10.1
xo-server-netbox-premium: 1.7.0
xo-server-netdata-premium: 0.2.0
xo-server-perf-alert-premium: 0.6.0
xo-server-sdn-controller-premium: 1.0.11
xo-server-telemetry: 0.7.0
xo-server-transport-email-premium: 1.1.0
xo-server-transport-icinga2-premium: 0.1.2
xo-server-transport-nagios-premium: 1.0.2
xo-server-transport-slack-premium: 0.0.1
xo-server-transport-xmpp-premium: 0.1.3
xo-server-usage-report-premium: 0.10.6
xo-server-web-hooks-premium: 0.3.4
xo-server-xoa: 0.29.3
xo-web-premium: 5.167.0
xoa-cli: 0.40.1
xoa-updater: 0.50.7

eeldivad

@eeldivad i turned on "override-certs" option and it seems to work now. I'm still curious why the other build fails. Does anyone know how i can generate those 3 pem files manually to test?