Reworking the 'xe-guest-utilities' Repo


  • @stormi said in Reworking the 'xe-guest-utilities' Repo:

    Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

    Yeah, that is the bain of every multi-distro project. I am actually tooling something right now that can hopefully do that. It won't be the most advanced thing on the face of the earth but it will at least allow for testing on multiple distro's at once. Will prob take me a few days to finish.

  • XCP-ng Team

    Be sure to use:

     xe vm-param-get param-name=PV-drivers-version uuid=<VM UUID>
    

    Output example:

    # xe vm-param-get param-name=PV-drivers-version uuid=1c970fff-a74c-2f9d-21fe-9a9259e333e1
    major: 8; minor: 0; micro: 50; build: 1
    

  • Okay yeah, that works. Wow, what the hell then... So basically the management engine is a totally pointless output as far as determining the xe-guest-utilities version. I would have thought that the management engine was == to utilities version.

    • FreeBSD 12.1 is xe-guest-utilities-6.2.0_3.txz and Management agent 6.2 detected
    • Alpine Linux 3.11 is xe-guest-utilities-7.17.0-r1.apk and Management agent 6.6 detected
    • Ubuntu 20.04 is xe-guest-utilities_7.16.0-2_amd64.deb and Management agent 8.0 detected

    wat

  • XCP-ng Team

    🀷


  • @olivierlambert @stormi

    Having tests will be a great argument to become the new upstream πŸ™‚

    Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

    This weekend I was able to finish the first tool I needed to help streamline the process of testing and building these tools. Its something I'm just calling PRT(Parallel Remote Terminal) for now. I currently have a number of testbeds in my cluster but testing manually on each is a huge pain. PRT is a tool that allows a user to define a group of remote hosts using a yaml file, then send the same command in parallel to each host. PRT returns the connection status, output, and errors on each host directly back to your machine. I hope you won't judge too hard on the quality of my code and docs because this was built in space of 48 hours lol.

    You can check it out here:
    https://github.com/JustinTimperio/prt

    I'll clean this up and improve it over the coming weeks but obviously, this is just tooling to help facilitate the actual work of improving these tools.


  • Hey @stormi could you send me an original Citrix iso with its tagged version? I'm trying to figure out if they are making changes before shipping by comparing checksums.

  • XCP-ng Team

    You can download the latest built tools from https://www.citrix.com/downloads/citrix-hypervisor/, select CH 8.2 express edition and then the Citrix VM Tools for linux.


  • @stormi I've tried that but all the downloads are behind a login wall.

  • XCP-ng Team

    I could upload it but I think it would take me the same amount of time as it would take you to create a Citrix account. If you really can't, I'll try to remember to do it a bit later.


  • I was trying to avoid making a Citrix account lol. (I have a strong distaste for them, for reasons I will cover below)

    After digging through the Citrix repo, I have found somethings that frankly infuriate me. Citrix has really no desire to support the opensource community as seen in this comment and their total lack of responsiveness in fixing issues. For instance, this issue, opened and fixed by a member of the fedora team, has sat for over a year. They also have zero documentation anywhere in the code base, and from issues like this they have no intention of adding it. Citrix has abandoned the opensource model to try and compete with VMWare.

    While I can understand your desire to maintain some relation with Citrix, I personally have no desire to help them. They have burned their goodwill with the opensource community and this is why, I assume, you started XCP-ng. Moving forward, my desire is to turn this repo into a peer-reviewed, well documented, and actively maintained repository. If Citrix would like to use the improvements XCP-ng makes that's fine, but I don't want my work to sit for years in a pull request that will never be merged by Citrix.

    A quick update on progress:

    • Added support in install.sh for OpenSuse
    • Rebuilt the security audit process of go binaries from python2 --> python3.
    • Improved the audit process pretty dramatically.
    • Started patching 23 security issues found by the new audit process.
    • Started adding documentation across the entire repo.

    Up next:

    • New package makefiles for the following package managers.
      - apt/dpkg
      - yum/dnf
      - zypper/yast
      - pacman
      - pkg
      - apk
    • New test process for xe-linux-distribution
  • XCP-ng Team

    I agree on various point, Citrix never really was an Open Source friendly company… It's not inside their culture. However, I still have hope we can help them to go into a better direction.

    Collaboration is always more powerful than competition, that's why we love Open Source after all πŸ™‚

  • XCP-ng Team

    I must also add that there are many individuals inside Citrix' XenServer team who do care about open source.

  • XCP-ng Team

    @JustinTimperio don't hesitate to "release early and often" that work of yours so that you can get early feedback and make reviewing easier.

    Note: providing makefiles for more package managers is not a priority in my eyes. We prefer to push for xe-guest-utilities packages in each distribution so that users of those don't even need the binaries and packages we provide. A few distros that already have such packages in their repos are listed at https://xcp-ng.org/docs/guests.html#install-from-the-distro-s-online-repositories (some are missing : I know there exist AURs for example).

    One of my priorities, however, is to build our own binaries instead of using those provided by Citrix. If you want to help on that front, the ideal situation would be to be able to build them in Koji. This would imply that we manage to build all packages (deb, tgz, etc.), both 32 and 64 bit versions, and put all this into an ISO file, all that from the %build and %install sections of the spec file of our xcp-ng-pv-tools RPM. I think this is doable with Go's GOARCH environment variable, but I haven't tried yet and there may be obstacles to this solution.

    Said differently, in case it's not very clear: one single source RPM => a RPM that contains an ISO image that itself contains all the built packages. That's not how packaging works usually, but that's the need πŸ™‚

  • XCP-ng Team

    Oh, as a package maintainer, there's also a question I need to ask: if we were to follow your impulsion and include all the changes that you are currently working on or planning to, will you stay around for the next few years to continue maintaining that code, fix bugs, help review PRs, etc?


  • don't hesitate to "release early and often" that work of yours so that you can get early feedback and make reviewing easier.

    Total agreement here. Unfortunately, I am basically rebasing the entire repo so none of my changes are in a fully functional state and not in a place where I could create a PR. If you want to track my progress check out this repo.

    providing makefiles for more package managers is not a priority in my eyes.

    For me, this one of my main priorities. I am of an 'open-source first' mentality and placing the burden on each distributions package maintainers is a bit backward in my eyes. Citrix already supports enterprise clients, and basically only updates rpm and deb packages. My goal is to bring all opensource, free distributions up to the same level of compatibility and support as enterprise. In addition, by placing the burden on each distributions team, updates have been largely ignored. Freebsd, Fedora, Ubuntu, CentOS, etc all have xe-guest-utilities that are in some cases, years out of date.

    One of my priorities, however, is to build our own binaries instead of using those provided by Citrix

    I'm a little confused about this statement. Since I am patching security issues in the go code itself, we will have to compile these into our own binaries, and therefore a separate package(not called xe-guest-utilities for obvious versioning conflict issues). Makefiles will be separated in a similar-ish way to how they are in the Citrix Repo. The core makefile creates a secure temp go build environment, then generates the target binaries. From there, each distribution has it own makefile (in Citrix repo mk/Makefile.deb and mk/Makefile.rpm), which then take the compiled binaries and collects the other various files needed to package these into a xe-guest-utilities.deb or xe-guest-utilities.deb.

    If you want to help on that front, the ideal situation would be to be able to build them in Koji.

    I can't speak to Koji, I've never used it. Honestly, building the binaries is like the easiest part of this process(you just need to setup some gopaths). I was just gonna use the tool wrote to natively build a package for each distro in its target distro(IE build fedora packages inside fedora), then return the compiled packages to an endpoint.

    will you stay around for the next few years to continue maintaining that code, fix bugs, help review PRs, etc?

    Just depends if the work I've done gets adopted or not. I usually take on projects when they have a direct impact on my life and also helps the community. I use a lot of distros and I'm really sick of having second rate drivers on non deb and rpm based systems. It solves a problem for me so I will maintain them for at least that reason. My hope obviously, is that this work will be helpful for people using none deb and rpm systems as well, I just try not to get too attached to how many people are using an opensource project I write. It can be really discouraging if you put hundreds of hours into a project for the community that then is never used.


  • O, also do you know anyone willing to help with RHEL and SLES testing? I don't have access to enterprise distros I can test or build on. Idk what is even in their /etc/os-release at this point? (I threw away Citrix distro identification script and rewrote it from scratch. It's 1/3 as long and supports way more distros πŸ˜‹

  • XCP-ng Team

    @JustinTimperio said in Reworking the 'xe-guest-utilities' Repo:

    providing makefiles for more package managers is not a priority in my eyes.

    For me, this one of my main priorities. I am of an 'open-source first' mentality and placing the burden on each distributions package maintainers is a bit backward in my eyes. Citrix already supports enterprise clients, and basically only updates rpm and deb packages. My goal is to bring all opensource, free distributions up to the same level of compatibility and support as enterprise. In addition, by placing the burden on each distributions team, updates have been largely ignored. Freebsd, Fedora, Ubuntu, CentOS, etc all have xe-guest-utilities that are in some cases, years out of date.

    Well, I've been packager for a distro for long and I've almost never encountered spec files from software projects that were of any use. Spec files written by developers usually miss a lot of the distros' packaging rules, and little is reusable. Unless you're lucky and the developer knows your packaging rules very well (you can often find spec files targetd at RedHat/Fedora or Debian that are "good enough" to be useful, but you often find that aren't).

    Also, lack of spec files or equivalents is never what delays a package update. Usually it's just that the maintainer for the distro is less available, or left. So to really help them, one would have to join them and maintain the package for them.

    So my rule of thumb is: produce package sources only if you intend to produce packages, else don't. What a packager needs is a source tarball as well and build and installation instructions (that can be provided as a spec file or debian rules, but you don't need them to be for your distro specifically), the rest is in their hands. I think you do want to produce such packages, so why not, as long as maintaining them in the long term does not increase the maintenance burden.

    However I still consider that the best solution is to maintain the package for all those distros, in each distro's repository. Ideally, they should even be installed by default with the system when XCP-ng is detected, like many distro do regarding VMWare or Virtualbox guest additions. We need both:

    • xe-guest-utilites-latest in every distro
    • The ISO image shipped with XCP-ng and containing the xe-guest-utilities packages for the most used distros + a generic tarball

    One of my priorities, however, is to build our own binaries instead of using those provided by Citrix

    I'm a little confused about this statement. Since I am patching security issues in the go code itself, we will have to compile these into our own binaries, and therefore a separate package(not called xe-guest-utilities for obvious versioning conflict issues). Makefiles will be separated in a similar-ish way to how they are in the Citrix Repo. The core makefile creates a secure temp go build environment, then generates the target binaries. From there, each distribution has it own makefile (in Citrix repo mk/Makefile.deb and mk/Makefile.rpm), which then take the compiled binaries and collects the other various files needed to package these into a xe-guest-utilities.deb or xe-guest-utilities.deb.

    What is confusing for most people is that at XCP-ng level we provide an ISO image that people mount on they guest systems and install the tools from there. That ISO image itself is delivered through XCP-ng's RPM packages. My goal is to provide that package, that contains the ISO, the ISO itself containing the various variations of the xe-guest-utilities packages and the install.sh script. This my need as XCP-ng packager.

    will you stay around for the next few years to continue maintaining that code, fix bugs, help review PRs, etc?

    Just depends if the work I've done gets adopted or not. I usually take on projects when they have a direct impact on my life and also helps the community. I use a lot of distros and I'm really sick of having second rate drivers on non deb and rpm based systems. It solves a problem for me so I will maintain them for at least that reason. My hope obviously, is that this work will be helpful for people using none deb and rpm systems as well, I just try not to get too attached to how many people are using an opensource project I write. It can be really discouraging if you put hundreds of hours into a project for the community that then is never used.

    πŸ‘

    Another maintenance point is that the more distros you support, the more new releases of those distros you'll have to test when they go out.

  • XCP-ng Team


  • @stormi You bring up some interesting points. I want to make it clear, my intention is not to abandon the creation of a generic tarball. I just also want to include a full package build process for each distro that is officially maintained. My plan was to message the current maintainers of xe-guest-utilites for each distro and strike up a convo.

    My goal is to provide that package, that contains the ISO, the ISO itself containing the various variations of the xe-guest-utilities packages and the install.sh script. This my need as XCP-ng packager.

    Ahhhh I see what you mean now. Sure that should be pretty easy. I also wanted to create a 'net-install.sh' so users won't even need to mount an iso, just run something like curl net-install-url | sudo bash.

    Another maintenance point is that the more distros you support, the more new releases of those distros you'll have to test when they go out.

    Yeah, I have def thought about that. I'm still not totally sure how I want to address it, but I currently have custom templates in my cluster for each of these distros. By using the xoapi and PRT I'm pretty confident that I can fully automate the build, and testing process. Another alternative is a custom travis-ci cluster but I'll cross that bridge when I get there.

    I don't know, but there are at least test cases: https://github.com/xenserver/xe-guest-utilities/tree/master/mk/testcases

    I checked those out but that dir contains /etc/rhel-release rather than /etc/os-release which I generally prefer. We can always figure that out later but currently, this new script provides more os info in way fewer lines. (Sample output here)


  • @JustinTimperio I can test SLES for you, I'm a SUSE partner so have access. Here's output from a sles11.4,12.4, 12.5, 15 and 15.1. Sorry don't have a sles15.2 spun up (only leap15.2) but easy enough to extrapolate.
    Best way to get stuff into their official distro is to have it build on OBS

    NAME="SLES"
    VERSION="11.4"
    VERSION_ID="11.4"
    PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"
    ID="sles"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:suse:sles:11:4"
    
    NAME="SLES"
    VERSION="12-SP4"
    VERSION_ID="12.4"
    PRETTY_NAME="SUSE Linux Enterprise Server 12 SP4"
    ID="sles"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:suse:sles:12:sp4"
    
    NAME="SLES"
    VERSION="12-SP5"
    VERSION_ID="12.5"
    PRETTY_NAME="SUSE Linux Enterprise Server 12 SP5"
    ID="sles"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:suse:sles:12:sp5"
    
    NAME="SLES"
    VERSION="15"
    VERSION_ID="15"
    PRETTY_NAME="SUSE Linux Enterprise Server 15"
    ID="sles"
    ID_LIKE="suse"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:suse:sles:15"
    
    NAME="SLES"
    VERSION="15-SP1"
    VERSION_ID="15.1"
    PRETTY_NAME="SUSE Linux Enterprise Server 15 SP1"
    ID="sles"
    ID_LIKE="suse"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:suse:sles:15:sp1"
    
XCP-ng Pro Support

XCP-ng Pro Support