-
New security updates candidates
Update candidates are ready for XCP-ng 8.1 and 8.2.
Install them with:
yum clean all --enablerepo=xcp-ng-testing yum update kernel xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools xenopsd xenopsd-cli xenopsd-xc --enablerepo=xcp-ng-testing
And reboot.
Please install them and report to confirm that everything is still working as expected. -
Update done, rebooting went well, will start to monitor for anomalities.
No news after this message means good news[17:16 xenserver-2 ~]# yum update kernel xen-dom0-libs xen-dom0-tools xen-hyperv isor xen-libs xen-tools xenopsd xenopsd-cli xenopsd-xc --enablerepo=xcp-ng-testi ng Loaded plugins: fastestmirror Determining fastest mirrors Excluding mirror: updates.xcp-ng.org * xcp-ng-base: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-testing: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-updates: mirrors.xcp-ng.org xcp-ng-base/signature | 473 B 00:00 xcp-ng-base/signature | 3.0 kB 00:00 !!! xcp-ng-testing/signature | 473 B 00:00 xcp-ng-testing/signature | 3.0 kB 00:00 !!! xcp-ng-updates/signature | 473 B 00:00 xcp-ng-updates/signature | 3.0 kB 00:00 !!! (1/3): xcp-ng-updates/primary_db | 21 kB 00:00 (2/3): xcp-ng-base/primary_db | 1.2 MB 00:00 (3/3): xcp-ng-testing/primary_db | 47 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package kernel.x86_64 0:4.19.19-7.0.8.1.xcpng8.2 will be updated ---> Package kernel.x86_64 0:4.19.19-7.0.9.1.xcpng8.2 will be an update ---> Package xen-dom0-libs.x86_64 0:4.13.1-9.7.1.xcpng8.2 will be updated ---> Package xen-dom0-libs.x86_64 0:4.13.1-9.8.2.xcpng8.2 will be an update ---> Package xen-dom0-tools.x86_64 0:4.13.1-9.7.1.xcpng8.2 will be updated ---> Package xen-dom0-tools.x86_64 0:4.13.1-9.8.2.xcpng8.2 will be an update ---> Package xen-hypervisor.x86_64 0:4.13.1-9.7.1.xcpng8.2 will be updated ---> Package xen-hypervisor.x86_64 0:4.13.1-9.8.2.xcpng8.2 will be an update ---> Package xen-libs.x86_64 0:4.13.1-9.7.1.xcpng8.2 will be updated ---> Package xen-libs.x86_64 0:4.13.1-9.8.2.xcpng8.2 will be an update ---> Package xen-tools.x86_64 0:4.13.1-9.7.1.xcpng8.2 will be updated ---> Package xen-tools.x86_64 0:4.13.1-9.8.2.xcpng8.2 will be an update ---> Package xenopsd.x86_64 0:0.150.0-1.2.xcpng8.2 will be updated ---> Package xenopsd.x86_64 0:0.150.2-1.1.xcpng8.2 will be an update ---> Package xenopsd-cli.x86_64 0:0.150.0-1.2.xcpng8.2 will be updated ---> Package xenopsd-cli.x86_64 0:0.150.2-1.1.xcpng8.2 will be an update ---> Package xenopsd-xc.x86_64 0:0.150.0-1.2.xcpng8.2 will be updated ---> Package xenopsd-xc.x86_64 0:0.150.2-1.1.xcpng8.2 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: kernel x86_64 4.19.19-7.0.9.1.xcpng8.2 xcp-ng-testing 30 M xen-dom0-libs x86_64 4.13.1-9.8.2.xcpng8.2 xcp-ng-testing 621 k xen-dom0-tools x86_64 4.13.1-9.8.2.xcpng8.2 xcp-ng-testing 2.4 M xen-hypervisor x86_64 4.13.1-9.8.2.xcpng8.2 xcp-ng-testing 2.3 M xen-libs x86_64 4.13.1-9.8.2.xcpng8.2 xcp-ng-testing 36 k xen-tools x86_64 4.13.1-9.8.2.xcpng8.2 xcp-ng-testing 29 k xenopsd x86_64 0.150.2-1.1.xcpng8.2 xcp-ng-testing 74 k xenopsd-cli x86_64 0.150.2-1.1.xcpng8.2 xcp-ng-testing 1.3 M xenopsd-xc x86_64 0.150.2-1.1.xcpng8.2 xcp-ng-testing 3.9 M Transaction Summary ================================================================================ Upgrade 9 Packages Total download size: 40 M Is this ok [y/d/N]: y Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/9): xen-dom0-libs-4.13.1-9.8.2.xcpng8.2.x86_64.rpm | 621 kB 00:00:00 (2/9): kernel-4.19.19-7.0.9.1.xcpng8.2.x86_64.rpm | 30 MB 00:00:01 (3/9): xen-hypervisor-4.13.1-9.8.2.xcpng8.2.x86_64.rpm | 2.3 MB 00:00:00 (4/9): xen-libs-4.13.1-9.8.2.xcpng8.2.x86_64.rpm | 36 kB 00:00:00 (5/9): xen-tools-4.13.1-9.8.2.xcpng8.2.x86_64.rpm | 29 kB 00:00:00 (6/9): xenopsd-0.150.2-1.1.xcpng8.2.x86_64.rpm | 74 kB 00:00:00 (7/9): xenopsd-cli-0.150.2-1.1.xcpng8.2.x86_64.rpm | 1.3 MB 00:00:00 (8/9): xen-dom0-tools-4.13.1-9.8.2.xcpng8.2.x86_64.rpm | 2.4 MB 00:00:02 (9/9): xenopsd-xc-0.150.2-1.1.xcpng8.2.x86_64.rpm | 3.9 MB 00:00:03 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 6.9 MB/s | 40 MB 00:00:05 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : xen-hypervisor-4.13.1-9.8.2.xcpng8.2.x86_64 1/18 Updating : xen-dom0-libs-4.13.1-9.8.2.xcpng8.2.x86_64 2/18 Updating : xen-libs-4.13.1-9.8.2.xcpng8.2.x86_64 3/18 Updating : xen-tools-4.13.1-9.8.2.xcpng8.2.x86_64 4/18 Updating : xen-dom0-tools-4.13.1-9.8.2.xcpng8.2.x86_64 5/18 Updating : xenopsd-0.150.2-1.1.xcpng8.2.x86_64 6/18 Updating : xenopsd-cli-0.150.2-1.1.xcpng8.2.x86_64 7/18 Updating : xenopsd-xc-0.150.2-1.1.xcpng8.2.x86_64 8/18 Updating : kernel-4.19.19-7.0.9.1.xcpng8.2.x86_64 9/18 Cleanup : xenopsd-xc-0.150.0-1.2.xcpng8.2.x86_64 10/18 Cleanup : xenopsd-cli-0.150.0-1.2.xcpng8.2.x86_64 11/18 Cleanup : xenopsd-0.150.0-1.2.xcpng8.2.x86_64 12/18 Cleanup : kernel-4.19.19-7.0.8.1.xcpng8.2.x86_64 13/18 Cleanup : xen-dom0-tools-4.13.1-9.7.1.xcpng8.2.x86_64 14/18 Cleanup : xen-tools-4.13.1-9.7.1.xcpng8.2.x86_64 15/18 Cleanup : xen-dom0-libs-4.13.1-9.7.1.xcpng8.2.x86_64 16/18 Cleanup : xen-libs-4.13.1-9.7.1.xcpng8.2.x86_64 17/18 Cleanup : xen-hypervisor-4.13.1-9.7.1.xcpng8.2.x86_64 18/18 Verifying : kernel-4.19.19-7.0.9.1.xcpng8.2.x86_64 1/18 Verifying : xen-libs-4.13.1-9.8.2.xcpng8.2.x86_64 2/18 Verifying : xen-dom0-tools-4.13.1-9.8.2.xcpng8.2.x86_64 3/18 Verifying : xenopsd-0.150.2-1.1.xcpng8.2.x86_64 4/18 Verifying : xen-tools-4.13.1-9.8.2.xcpng8.2.x86_64 5/18 Verifying : xen-hypervisor-4.13.1-9.8.2.xcpng8.2.x86_64 6/18 Verifying : xen-dom0-libs-4.13.1-9.8.2.xcpng8.2.x86_64 7/18 Verifying : xenopsd-cli-0.150.2-1.1.xcpng8.2.x86_64 8/18 Verifying : xenopsd-xc-0.150.2-1.1.xcpng8.2.x86_64 9/18 Verifying : xen-hypervisor-4.13.1-9.7.1.xcpng8.2.x86_64 10/18 Verifying : xen-dom0-libs-4.13.1-9.7.1.xcpng8.2.x86_64 11/18 Verifying : xenopsd-xc-0.150.0-1.2.xcpng8.2.x86_64 12/18 Verifying : xen-tools-4.13.1-9.7.1.xcpng8.2.x86_64 13/18 Verifying : xenopsd-cli-0.150.0-1.2.xcpng8.2.x86_64 14/18 Verifying : xen-libs-4.13.1-9.7.1.xcpng8.2.x86_64 15/18 Verifying : xen-dom0-tools-4.13.1-9.7.1.xcpng8.2.x86_64 16/18 Verifying : kernel-4.19.19-7.0.8.1.xcpng8.2.x86_64 17/18 Verifying : xenopsd-0.150.0-1.2.xcpng8.2.x86_64 18/18 Updated: kernel.x86_64 0:4.19.19-7.0.9.1.xcpng8.2 xen-dom0-libs.x86_64 0:4.13.1-9.8.2.xcpng8.2 xen-dom0-tools.x86_64 0:4.13.1-9.8.2.xcpng8.2 xen-hypervisor.x86_64 0:4.13.1-9.8.2.xcpng8.2 xen-libs.x86_64 0:4.13.1-9.8.2.xcpng8.2 xen-tools.x86_64 0:4.13.1-9.8.2.xcpng8.2 xenopsd.x86_64 0:0.150.2-1.1.xcpng8.2 xenopsd-cli.x86_64 0:0.150.2-1.1.xcpng8.2 xenopsd-xc.x86_64 0:0.150.2-1.1.xcpng8.2 Complete!
-
@stormi Same here. Updated my three host playlab (8.2.0 fully patched) with no problem. Starting, stopping, migrating (running/stopped) VMs, storage migration (local, shared SR), creating/snapshoting/deleting VMs (Linux only) worked as well as backup and restore (of one VM). Looks good.
-
@stormi I've updated my R620 running XCP-ng 8.2, and only issue I've observed thus far is the network slowdown that we've been discussing elsewhere.
I need to rebuild the kernel again without the one patch. Has there been any feedback / response from the Xen group?
-
@danp I haven't contacted them globally though I asked a developer individually for guidance on how to move on. My issue is: we do know that for some users there's a performance impact and it's related to the kernel updates, but the results of the tests don't reveal yet the exact updates or patches that are involved, or not for everyone (though the one you found looks definitely a good candidate to explain at least parts of the slowdown). And I want to see where @fohdeesha's attempt at helping everyone get better perfs will lead.
(but let's continue on the dedicated thread)
-
Thanks for all the tests. The security updates have been pushed: https://xcp-ng.org/blog/2020/12/18/december-2020-security-updates/
-
New security update for XCP-ng 8.2 only
See https://xcp-ng.org/forum/post/35658
The interesting story about this one is that it was first reported and debugged on this forum, on the thread linked just above, without us knowing that it would be identified as a security (DoS) issue by Xen developers when we'd report it to them.
Please install it, reboot, and as usual check for any obvious regressions.
-
@stormi Can not speak for the issue solved, but upgrading my three host playlab from XCP-ng 8.2 fully patched worked as well as create, live / storage migrate, copy, delete, snapshot (with/without ram), backup and restore of Linux and Windows 10 VMs. Nice upstream, downstream and forum work .
-
@gskger Thanks, you're always there for the tests!
-
Indeed, that's really useful! Thanks @gskger
-
Update pushed to the update repository, blog post to be published on Monday.
-
Another update in testing:
ca-certificates
, for both XCP-ng 8.1 and 8.2.The one we have (from Citrix Hypervisor) is 2 years old and it's good to refresh the list of root certificates from time to time. Not much impact on XCP-ng actually because it's mostly used when you wget or curl an external URL AFAIK. And probably for yum too.
Install with
yum clean metadata --enablerepo=xcp-ng-testing yum update ca-certificates --enablerepo=xcp-ng-testing
Then usual checks that nothing looks unexpectedly broken.
-
@stormi
I did not test the updates in the test-repository this time because I wanted to test the Rolling Pool Update function from XO. I recently created a pool of 2 hosts.I noticed the patches were available according to XO on the recently installed host, but not on the host I am using already for a longer time (and used to install the test-patches before). This host is also the pool master.
Only after ayum clean all
and ayum update
the updates were visible on the first host and thus the pool.After fixing that, the Rolling Pool Update went very smooth. I like this feature!
-
@stormi said in Updates announcements and testing:
yum clean metadata --enablerepo=xcp-ng-testing
yum update ca-certificatesAfter the rolling pool update of the released production patches, I wanted to test the ca-certificates from the testing repository as well.
Maybe I was to fast but I got no updates on both hosts[18:30 xenserver-2 ~]# yum clean metadata --enablerepo=xcp-ng-testing Loaded plugins: fastestmirror Cleaning repos: xcp-ng-base xcp-ng-testing xcp-ng-updates 9 metadata files removed 8 sqlite files removed 0 metadata files removed [18:30 xenserver-2 ~]# yum update ca-certificates Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding mirror: updates.xcp-ng.org * xcp-ng-base: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-updates: mirrors.xcp-ng.org xcp-ng-base/signature | 473 B 00:00:00 xcp-ng-base/signature | 3.0 kB 00:00:00 !!! xcp-ng-updates/signature | 473 B 00:00:00 xcp-ng-updates/signature | 3.0 kB 00:00:00 !!! (1/2): xcp-ng-updates/primary_db | 46 kB 00:00:00 (2/2): xcp-ng-base/primary_db | 1.2 MB 00:00:01 No packages marked for update
[18:34 xenserver-3 ~]# yum list installed ca-certificates Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding mirror: updates.xcp-ng.org * xcp-ng-base: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-updates: mirrors.xcp-ng.org Installed Packages ca-certificates.noarch 2018.2.22-70.0.el7_5 @install/$releasever
-
@heman You're right, I had forgotten an
--enablerepo
switch in my post. I edited it to add it. -
@stormi said in Updates announcements and testing:
@heman You're right, I had forgotten an
--enablerepo
switch in my post. I edited it to add it.I am not at my best today I noticed, I should have seen that
Anyway, installed without issue. No strange behaviour afterwards
-
@heman said in Updates announcements and testing:
I noticed the patches were available according to XO on the recently installed host, but not on the host I am using already for a longer time (and used to install the test-patches before). This host is also the pool master.
Only after ayum clean all
and ayum update
the updates were visible on the first host and thus the pool.After fixing that, the Rolling Pool Update went very smooth. I like this feature!
Thanks for the feedback. I think we must add a feature to do that from the plugin ("force refresh updates"). Pinging @nraynaud about this.
-
@stormi Applied ca-certificates along with the security patch and all is good in my pool.
-
The blog post, as promised: https://xcp-ng.org/blog/2021/01/25/january-2021-security-update/
-
A new update of the Xen packages which is not a security update this time is available for tests. It fixes crash analysis with
xen-crashdump-analyser
(this runs automatically when the host crashes and puts results in/var/crash
).When the
Release
tag (e.g.9.8.2.xcpng8.2
) of the RPM was longer than a certain number of characters (last digit of Xen version +-
+ release tag <= 16 chars), it was truncated in thexen_extra
field (xl info xen_extra
) which causedxen-crashdump-analyser
to not find some required files from/boot
to conduct its crash analysis). The updated packages fix that by removing the.xcpng8.2
or.xcpng8.1
suffix from the filenames in/boot
and from thexen_extra
value.Installation:
yum clean metadata --enablerepo=xcp-ng-testing yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
Main objective of the tests: as usual, detect obvious regressions.
If you want to test the fixed behaviour in case of crash, see https://github.com/xcp-ng/xcp/issues/476 (basically, provoke a crash with the command I gave in the comments, then check that the
xen-crashdump-analyser.log
file in/var/crash
is OK).