XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.2 updates announcements and testing

    Scheduled Pinned Locked Moved News
    703 Posts 67 Posters 1.1m Views 86 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jmccoy555 @gskger
      last edited by jmccoy555

      Hi @stormi is there any easy way to rollback the September updates??? I'm guessing not but I have a strange issue which I think coincides with my last reboot after applying the updates so want to confirm or eliminate as the cause.

      Thanks.

      stormiS 1 Reply Last reply Reply Quote 0
      • stormiS Offline
        stormi Vates 🪐 XCP-ng Team @jmccoy555
        last edited by

        @jmccoy555 Have a look at yum history. You should find the update listed and be able to rollback.

        Another way is to use yum downgrade package-1version-release package2-version-release on every package involved in the update (list found in yum history or /var/log/yum.log).

        1 Reply Last reply Reply Quote 0
        • stormiS Offline
          stormi Vates 🪐 XCP-ng Team
          last edited by stormi

          Note (for you or anyone coming here later): rollback/downgrade is not officially supported, because it's not tested, and it is not always possible to ensure that it really brings the exact previous state. You wouldn't rollback a XAPI update that modified the structure of the XAPI db, for example. However for many packages it's safe to attempt it. The September update, that only contains xen packages IIRC, is one of the updates that should be easy and safe to revert.

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            jmccoy555 @stormi
            last edited by

            @stormi thanks as always. If I do find the issue I'll let you know..... if I break everything then I'll just get a 🍺

            🤣

            J 1 Reply Last reply Reply Quote 1
            • J Offline
              jmccoy555 @jmccoy555
              last edited by

              It appears that the rollback worked, but doesn't appear to have an impact on my issue, which is good news in a way.

              1 Reply Last reply Reply Quote 1
              • stormiS Offline
                stormi Vates 🪐 XCP-ng Team
                last edited by stormi

                Let's test the next train of updates

                I have various updates ready and tested internally that are eager to be pushed officially. All they need is a bit of user feedback, and that's why we're all on this thread right?

                What changes

                • Updated ca-certificates removes an expired root certificate that was used by Let's Encrypt, in order to workaround a limitation of the old version of openssl included in XCP-ng when the chain of trust contains an expired certificate, even when another path would allow to verify the certificate. Basically, this just means that wget would fail on most HTTPS URLs that use a Let's Encrypt certificate, and now it won't fail anymore.
                • Updated kernel (bugfix update, already detailed above and tested by some of you)
                  Update (2021-10-27): new patches synced from new [Citrix hotfix](https://support.citrix.com/article/CTX330706). Removes spurious kernel warnings and supposedly increases the "resiliency" of the kernel (ie, bugs were fixed).
                • Updated grub fixes a booting issue with buggy UEFI firmware that only wants to boot from EFI/BOOT/BOOTX64.EFI... Or worse, firmware that doesn't really boot from this file but won't boot if the file doesn't exist...
                • Updated xcp-featured fixes a bug that made the Pool Secret Rotation feature (something you rarely need - as no one reported the issue - but can be useful sometimes) unavailable.
                • Updated guest-templates-json* packages add a VM template for Rocky Linux. It's not really different from the template for CentOS 8, but should please Rocky users.
                • Updated xcp-ng-release* packages bring small fixes to the XOA deploy feature on host landing web pages, and update jquery to fix an XSS vulnerability in this library.

                How to update

                yum clean metadata --enablerepo=xcp-ng-testing
                yum update ca-certificates grub grub-efi grub-tools guest-templates-json guest-templates-json-data-linux guest-templates-json-data-other guest-templates-json-data-windows kernel xcp-featured xcp-ng-release xcp-ng-release-config xcp-ng-release-presets --enablerepo=xcp-ng-testing
                

                Then reboot.

                What to test

                The same as usual: installation of the update, normal use, check that you find no obvious regressions... This is the most important.

                And optionnally the changes described above if you're in a situation that allows it.

                Test window before release

                A few days.

                What's not included in this update train

                The XAPI update is not included yet due to a regression found during the tests: our landing web page was completely broken when loaded in HTTPS (which becomes the only way as HTTP is disabled with this update). We identified the issue and contributed a fix to the XAPI project. There's still some work to do internally before we can release it confidently.

                H J 2 Replies Last reply Reply Quote 0
                • U Offline
                  ug1556 @JCastang
                  last edited by

                  @jcastang

                  Hello are you using i40e driver for your network card?

                  1 Reply Last reply Reply Quote 0
                  • H Offline
                    HeMaN @stormi
                    last edited by

                    @stormi
                    I just installed the updates and have not had any issues this far, will have an eye on the systemfor the next few days and report back if I notice something different.

                    PS you must add --enablerepo=xcp-ng-testing to the yum update command, otherwise it will not install the new packages from the test repo 😉

                    stormiS 1 Reply Last reply Reply Quote 1
                    • stormiS Offline
                      stormi Vates 🪐 XCP-ng Team @HeMaN
                      last edited by

                      @heman Thanks, fixing!

                      DanpD 1 Reply Last reply Reply Quote 1
                      • DanpD Offline
                        Danp Pro Support Team @stormi
                        last edited by

                        @stormi Updated and rebooted. I'll report back if I encounter any issues.

                        1 Reply Last reply Reply Quote 1
                        • J Offline
                          JeffBerntsen Top contributor @stormi
                          last edited by

                          @stormi
                          Working well for me so far.

                          1 Reply Last reply Reply Quote 1
                          • stormiS Offline
                            stormi Vates 🪐 XCP-ng Team
                            last edited by

                            So, Citrix published a new kernel hotfix yesterday, so I synced our kernel package to it. As a result, there's a new kernel package in the testing repository, so please update again if you had updated already 🙂

                            yum clean metadata --enablerepo=xcp-ng-testing
                            yum update kernel --enablerepo=xcp-ng-testing
                            

                            Anyone else, just follow the instructions of the big post above, you'll get the new kernel with the other updates.

                            I'll update the big post with details about the new kernel update.

                            H X J 3 Replies Last reply Reply Quote 1
                            • H Offline
                              HeMaN @stormi
                              last edited by

                              @stormi installed this new kernel as well and rebooted.
                              Still no regression issues found till now.

                              1 Reply Last reply Reply Quote 2
                              • X Offline
                                XCP-ng-JustGreat @stormi
                                last edited by

                                @stormi All new patches applied fine. No apparent problems identified so far.

                                1 Reply Last reply Reply Quote 2
                                • J Offline
                                  JeffBerntsen Top contributor @stormi
                                  last edited by

                                  @stormi So far, so good for my systems with the re-updated kernel.

                                  1 Reply Last reply Reply Quote 2
                                  • stormiS Offline
                                    stormi Vates 🪐 XCP-ng Team
                                    last edited by

                                    A big thank you to those who tested, and last call for the others! Publish time is close.

                                    stormiS 1 Reply Last reply Reply Quote 1
                                    • DanpD Danp referenced this topic on
                                    • stormiS Offline
                                      stormi Vates 🪐 XCP-ng Team @stormi
                                      last edited by

                                      @stormi said in Updates announcements and testing:

                                      A big thank you to those who tested, and last call for the others! Publish time is close.

                                      If you are wondering "how close", I delayed them a bit to potentially group them with another update.

                                      N 1 Reply Last reply Reply Quote 0
                                      • N Offline
                                        NielsH @stormi
                                        last edited by

                                        @stormi said in Updates announcements and testing:

                                        @stormi said in Updates announcements and testing:

                                        A big thank you to those who tested, and last call for the others! Publish time is close.

                                        If you are wondering "how close", I delayed them a bit to potentially group them with another update.

                                        Hi @stormi

                                        Any idea how long "a bit" is?

                                        Cheers!
                                        Niels

                                        1 Reply Last reply Reply Quote 0
                                        • stormiS Offline
                                          stormi Vates 🪐 XCP-ng Team
                                          last edited by

                                          The updates I wanted to group them with did not come, so it all got delayed (and retrospectively I could have released them earlier).

                                          Are you waiting for a specific fix?

                                          N 1 Reply Last reply Reply Quote 0
                                          • N Offline
                                            NielsH @stormi
                                            last edited by

                                            @stormi said in Updates announcements and testing:

                                            The updates I wanted to group them with did not come, so it all got delayed (and retrospectively I could have released them earlier).

                                            Are you waiting for a specific fix?

                                            Not specifically, but we have not yet installed the previous patches. We were planning on combining them with the upcoming patches. Since it always takes a while to update / reboot all hypervisors we wanted to avoid double work if we were to install the current available updates today and for example tomorrow new ones are released 🙂

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post