-
So far fine on an epyc 7002 and a xeon e5 v3
-
@gduperrey Installed on several old and new Intel machines. Working as expected.
-
Updated my playlab and nothing to report. Looks good.
-
New security update candidate (kernel)
The linux kernel in XCP-ng's domain control is being updated to fix vulnerabilities which may allow a guest to crash to host or make it unresponsive. Even without a malicious attacker, users had reported such issues triggered by the Qlogic/Broadcom netxtreme 2 and the Cisco
enicdrivers.It also contains two fixes for issues that were debugged by the XCP-ng developers and the user community, and reported to XenServer developers at the time:
- Samba shares failing to reconnect after an unexpected disconnection.
- Display issue with Intel NUCs and other hardware, due to a bug in EFI Framebuffer support.
Test on XCP-ng 8.2
From an up to date host:
yum clean metadata --enablerepo=xcp-ng-testing yum update kernel --enablerepo=xcp-ng-testing rebootVersions:
- kernel: 4.19.19-7.0.15.1.xcpng8.2
What to test
Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.
Test window before official release of the updates
~2 days.
-
Tested and working it on my local EPYC box
-
Same on my playlab. Updated both hosts and no issues so far.
-
Both sets of updates installed and tested in my lab with no problems so far.
-
@stormi Running both updates on everything. The 64 bit EFI console on the NUCs works for me with this kernel update.
If you (anyone) is using one of my NUC Test ISO install images then the EFI console will work with the update but the i225/r8125 network may not. To fix that issue, make sure you have installed the network PACKAGE and not just the ISO install. My test ISO installer may not have fully installed the needed package. Download and install the network driver BEFORE the kernel update. If it's too late then you can use a USB stick to just copy the RPM files and install them after the update.
It does not hurt to reinstall the r8125 or the IGC drivers anyway. login to XCP, download driver, install (remove very old driver if there is an error):
wget http://users.ntplx.net/~andrew/xcp/r8125-module-9.009.02-2.xcpng8.2.x86_64.rpm yum install ./r8125-module-9.009.02-2.xcpng8.2.x86_64.rpmwget http://users.ntplx.net/~andrew/xcp/igc-module-5.10.146-2.xcpng8.2.x86_64.rpm yum remove intel-igc-5.10.108-1.xcpng8.2.x86_64 yum install ./igc-module-5.10.146-2.xcpng8.2.x86_64.rpm -
@stormi I do see this now at boot (related to netdata):
[ 49.028835] xenstat.plugin[1818]: segfault at 80 ip 000000000040378a sp 00007ffc4f4278a0 error 4 in xenstat.plugin[400000+8000] [ 49.028842] Code: f4 ff ff 41 b8 68 5d 40 00 b9 d4 00 00 00 ba 30 5f 40 00 be d8 52 40 00 bf 8b 4f 40 00 31 c0 45 31 e4 e8 a9 04 00 00 4c 89 e3 <48> 8b 9b 80 00 00 00 48 85 db 0f 85 be f4 ff ff e9 b7 f7 ff ff 8b -
@Andrew It never happened before?
-
@Andrew said in Updates announcements and testing:
@stormi I do see this now at boot (related to netdata):
[ 49.028835] xenstat.plugin[1818]: segfault at 80 ip 000000000040378a sp 00007ffc4f4278a0 error 4 in xenstat.plugin[400000+8000] [ 49.028842] Code: f4 ff ff 41 b8 68 5d 40 00 b9 d4 00 00 00 ba 30 5f 40 00 be d8 52 40 00 bf 8b 4f 40 00 31 c0 45 31 e4 e8 a9 04 00 00 4c 89 e3 <48> 8b 9b 80 00 00 00 48 85 db 0f 85 be f4 ff ff e9 b7 f7 ff ff 8bSo, I reproduced, but also with the previous kernel, so it's not related to this kernel update.
Update: same regarding the Xen update candidate. Reverting it does not fix the segfault.
-
@stormi I have just not seen that error before and it was not in the old logs. I guess it's just netdata getting old and cranky (grincheux). Otherwise things are good in normal operation.
-
Update published. Thanks for the tests!
https://xcp-ng.org/blog/2022/12/21/december-2022-security-update/
-
New Update Candidates (xen, xapi, templates)
- Xen: Enable AVX-512 by default for EPYC Zen4 (Genoa)
- Xapi: Redirect http requests on the host webpage to https by default.
- Guest templates:
- Add the following templates: RHEL 9, AlmaLinux 9, Rocky Linux 9, CentOS Stream 8 & 9, Oracle Linux 9
Test on XCP-ng 8.2
From an up to date host:
For Xen, Xapi and Guest templates:
yum clean metadata --enablerepo=xcp-ng-testing yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools xapi-core xapi-tests xapi-xe guest-templates-json guest-templates-json-data-linux guest-templates-json-data-other guest-templates-json-data-windows --enablerepo=xcp-ng-testing rebootVersions:
- xen-*: 4.13.4-9.29.1.xcpng8.2
- xapi-*: 1.249.26-2.2.xcpng8.2
- guest-templates-json-*: 1.9.6-1.2.xcpng8.2
What to test
Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.
Test window before official release of the updates
No precise ETA, but the sooner the feedback the better.
-
@gduperrey Mirror error
failure: repodata/6b271e84b07dced2015bb0d835fb0ec1be1d308d92010993d44a1af0c130aa9f-primary.sqlite.bz2 from xcp-ng-testing: [Errno 256] No more mirrors to try. http://mirrors.xcp-ng.org/8/8.2/testing/x86_64/repodata/6b271e84b07dced2015bb0d835fb0ec1be1d308d92010993d44a1af0c130aa9f-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found Name: mirrors.xcp-ng.org Address: 37.26.189.194 -
@gduperrey The repository seems to work now....
-
G gduperrey referenced this topic on
-
Unrelated to the above: a security update for sudo was published. I don't think it's very likely to be an actual threat in the context of your use of XCP-ng, but it might be in specific contexts.
https://xcp-ng.org/blog/2023/01/31/january-2023-security-update/
-
@stormi Applied the update through XO and now XO can not login to the host with the below error.
connect ECONNREFUSED 192.168.40.201:443I rebooted the host and I can no longer login as root.
ssh: connect to host 192.168.40.201 port 22: Connection refusedAny ideas?
-
Was it the only update applied? Is the stunnel service running?
Oh, I also read that you can't connect as root.
-
@stormi Yes only update.
