-
@jcastang AFAIK there's still room for improvement regarding network perfs in *BSD VMs, but I doubt the update was meant to address this. If you want to discuss it further, please create a new thread.
-
A bugfix update for USB passthrough
A fix was contributed by @jeremfg to the XAPI project, so that when XAPI calls
usb_reset.py
with the-r
switch it does not fail anymore. This fixes passing through both a PCI device and an USB device to a VM, and could also fix other USB passthrough issues that raised the same error:"usage: usb_reset.py attach [-h] -d DOMID -p PID [-r RESET_ONLY] device\nusb_reset.py attach: error: argument -r: expected one argument\n"
.Related thread: https://xcp-ng.org/forum/topic/3594/pci-passthrough-usb-passthrough-does-not-work-together
Related issues:
I have built patched XAPI packages for XCP-ng 8.2 that are available for testing.
How to update (XCP-ng 8.2 only)
yum update xapi-core xapi-tests xapi-xe --enablerepo=xcp-ng-testing xe-toolstack-restart
You should get version-release
1.249.9-1.2.xcpng8.2
What to test
USB passthrough:
- What used to work should still work
- What did not work, if the error message in the logs is the one quoted above, should now work... Or maybe fail further in cases that haven't been tested yet?
Test window before release
None defined at the moment. As it's not a security update, I'll wait for more updates to be ready before I push the next train officially. But feedback is always useful as soon as it can be provided
-
I created a dedicated thread for the testing of Guest Secure Boot support: https://xcp-ng.org/forum/post/41541
See you there.
And a reminder about the current update candidates that are in testing in the current thread:
... with my interest being geared mainly towards regression testing.
-
New toolstack (XAPI) update candidate for 8.2
Based on Citrix's hotfix XS82E031. Also includes the USB passthrough bugfix mentioned above in this thread.
What changed
Fixes
- USB passthrough fix
- Reduced log verbosity for stunnel, to prevent
xapi-ssl.log
from growing so fast that it could fill the/var/log
partition entirely in some cases (users from HA-lizard had reported such behaviour and we were waiting for this upstream fix from the XAPI project to be included in a hotfix). - Fix
xe vm-reset-powerstate
for VMs with GPU passthrough that are stuck in paused state. - Other fixes for rare issues (see hotfix description).
Features
The hotfix from Citrix also comes with a few improvements. Quoting (the highlight in bold characters is mine):
- Adds a default boot order for VMs.
- Improved error messaging for when the graphics card is not configured for SRIOV.
- Remove HTTP access to the management network static web page. This web page can now only be accessed through HTTPS.
- Adds additional snapshots of glocktop data to the bugtool output.
How to update (XCP-ng 8.2 only)
yum clean metadata --enablerepo=xcp-ng-testing yum update forkexecd message-switch xapi-core xapi-tests xapi-xe xcp-rrdd xenopsd xenopsd-cli xenopsd-xc --enablerepo=xcp-ng-testing xe-toolstack-restart # or reboot to be 100% sure everything restarted
What to test
No obvious regressions, and if possible the changes described above.
Test window before release
A few weeks, but the quicker the better, as this kind of message tends to be forgotten over time.
Other update candidates still in testing phase
The kernel bugfix update is still in testing phase. Many thanks to those who already tested it, and I'm still eager for feedback from others: https://xcp-ng.org/forum/post/41241
-
@stormi
Got these applied too fast.
Http does seem disabled
stunnel logging does seem drastically reduced well know more as time goes on.
I do see a boot order section for VM properties and tested this out be booting into a livecd on a VM.
I ran the bugtool but without knowing what was added I can't confirm or deny this one. -
@stormi said in Updates announcements and testing:
Have a installation without any of the fixed bugs, but Installed the updates on my system and did the toolstack restart.
No issues to report this far.
-
There are at least two blocking issues with this update candidate, so we'll retain it until they are fixed:
- HTTP 403 errors on port 443. Easily reproduced: just load XCP-ng's web page over HTTPS, most images and scripts don't load. We debugged it and reported it to the XAPI project: https://github.com/xapi-project/xen-api/issues/4517
- HA Lizard users reported issues connecting to XAPI. I don't know yet whether the fix belongs in XAPI or in HA Lizard itself. Wait and see.
-
New security updates (xen)
Citrix security bulletin: https://support.citrix.com/article/CTX325319
Impact: privileged code in a guest VM may crash or compromise a host.
Test on XCP-ng 8.2
yum clean metadata --enablerepo=xcp-ng-testing yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing reboot
Version for xen packages: 4.13.1-9.12.1.xcpng8.2
What to test
The main goal is to avoid obvious regressions, so test whatever you want. The closer to your actual use of XCP-ng, the better.
Test window before official release of the updates
24h.
-
@stormi Running well for me. I've tested startup, shutdown, and migration of Windows and Linux VMs with no obvious regressions.
-
@stormi No issue with updating my two host playlab. Just run some simple tests with Debian VMs (create, live migrate with/-out 7.20.0-9 guest tools, start/stop/reboot, snapshot with/-out RAM and revert, online-/offline storage migrate from/to shared and local SR, restore from backup). Restored a Windows 10 VM from backup as well and moved it around a bit. Everything works as expected.
-
Any info about support of Windows Server 2022. RTM (final) version has been released ~2 weeks ago.
-
@stormi Also installed on our test-lab and booting, migrating of RockyLinux and Windows VMs works as expected.
-
@cg I've not heard of it yet on Citrix side. Meanwhile the template for 2019 should be enough. IIRC @Darkbeldin has tested Windows Server 2022 regularly during the pre-release phase.
-
@stormi sounds good. I was guessing that 2019 might do the job. Tempted to use 2022 on a fresh installation and not use the "old" 2019. (Thanks!)
-
@stormi Installed on my testlab, no issues
-
The security update is now live. Thank you everyone for the prompt feedback in this short timeframe!
https://xcp-ng.org/blog/2021/09/10/september-2021-security-update/
-
@stormi said in Updates announcements and testing:
There are at least two blocking issues with this update candidate, so we'll retain it until they are fixed:
- HTTP 403 errors on port 443. Easily reproduced: just load XCP-ng's web page over HTTPS, most images and scripts don't load. We debugged it and reported it to the XAPI project: https://github.com/xapi-project/xen-api/issues/4517
I am using my own self signed certificate on my servers and did not notice the page looking any different, all pictures and text are there.
I do notice the "deploy xoa" script is not working. The buttons seems to be non-functional and do nothing when clicked.
All other buttons and links are functional.On a larger screen the alignment of the page content is different (topics and pictures side by side in the old page, but in a single colomn in the new page, just like it is with the old page on smaller windows).
Another thing I think is cosmetical but annoying:
when not typing https explicitly in the browser bar (so using http) I get an "403 forbidden" message instead of being forwarded to httpsEdit: browser is firefox version 91.0.2 64 bits on windows 10
-
@stormi Nice work and the joint effort by the community for tests gets better every time . Keep up the good work . Updated my (semi production) three host homelab and it works - as usual. Now it is time to tear down my playlab for some 10G testing .
-
Hi @stormi is there any easy way to rollback the September updates??? I'm guessing not but I have a strange issue which I think coincides with my last reboot after applying the updates so want to confirm or eliminate as the cause.
Thanks.
-
@jmccoy555 Have a look at
yum history
. You should find the update listed and be able to rollback.Another way is to use
yum downgrade package-1version-release package2-version-release
on every package involved in the update (list found inyum history
or/var/log/yum.log
).