Can't create Private Network, on XO 5.83
- 
 Can't create Private Network, on XO 5.83 I got to the Pool page, and select Network tab, and then, Select Manage. Add a network, and then hit the Private button. It makes me select a PIF, but anyone I select, and hit go, gives me an error. I've seen instructions, and they seem pretty easy, so not sure what im doing wrong here. Doing so in XCP-Center worked fine. sdnController.createPrivateNetwork { "poolIds": [ "8e059584-1d7b-b674-1fe4-ef5cd08d2550" ], "pifIds": [ "566e0925-72d9-f3c3-6c06-b05ab7035018" ], "name": "dfg", "description": "dfg", "encapsulation": "gre", "encrypted": false } { "message": "no connection found for object 8e059584-1d7b-b674-1fe4-ef5cd08d2550", "name": "Error", "stack": "Error: no connection found for object 8e059584-1d7b-b674-1fe4-ef5cd08d2550 at default.getXenServerIdByObject (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:197:13) at default.getXapi (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:478:29) at default.getXapiObject (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/xen-servers.mjs:484:17) at Xo.getXapiObject (/opt/xo/xo-builds/xen-orchestra-202111011545/node_modules/lodash/_createBind.js:23:15) at map (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:716:46) at Array.map (<anonymous>) at SDNController._createPrivateNetwork (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:716:27) at Object.call (/opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server-sdn-controller/src/index.js:363:12) at Api.callApiMethod (file:///opt/xo/xo-builds/xen-orchestra-202111011545/packages/xo-server/src/xo-mixins/api.mjs:304:33)" }
- 
 @bberndt AFAIK XCP-ng Center doesn't have the feature since it'd requires a proprietary citrix DVSC. From the error message it seems XO has trouble connecting to your pool. Can you check the pool is properly connected to your XO and the pool's master is reachable from it? Regards 
- 
 yeah, I think its connected. I mean its connected as much as any other pool. I can connect to it and do anything else, in XO. 
- 
 @bberndt do you have access to the hosts console from the host view? 
 In Settings > Server is there an error appearing for this pool?
- 
 @benjireis 
 No, there is no error on the servers page. In XCP-Center, it seemed to create the private network fine, but not sure my co-worker got it to actually work yet 
 I can also get to the console of the host in question as well.
- 
 XCP-ng Center can't create a private network with XO SDN controller (which is ONLY possible with XO). Remember that XCP-ng Center isn't an officially supported client for XCP-ng. 
- 
 @bberndt okay can you capture the logs of your XO while attempting to create a network? 
 Can you try to create a normal network on the same pool?Can you try on another pool? Thanks 
- 
 Im not ruling out user error, either.  But here is the log when trying on a different pool. This one happens to be 8.2 XCP-ng, the previous is 7.6 (yes, I know, but it is hardware limited). its a different error. In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs. 
 https://computingforgeeks.com/create-internal-network-in-xenserver-xcp-ng/
 It does show as a regular network in XO, not under the Private list.sdnController.createPrivateNetwork { "poolIds": [ "8e059584-1d7b-b674-1fe4-ef5cd08d2550" ], "pifIds": [ "566e0925-72d9-f3c3-6c06-b05ab7035018" ], "name": "dsf", "description": "sdf", "encapsulation": "gre", "encrypted": false, "mtu": 1546 } { "code": "ECONNRESET", "host": "172.16.64.2", "port": 6640, "message": "Client network socket disconnected before secure TLS connection was established", "name": "Error", "stack": "Error: Client network socket disconnected before secure TLS connection was established at connResetException (internal/errors.js:639:14) at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19) at TLSSocket.emit (events.js:412:35) at TLSSocket.emit (domain.js:475:12) at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17) at endReadableNT (internal/streams/readable.js:1334:12) at processTicksAndRejections (internal/process/task_queues.js:82:21)"
- 
 @bberndt can you try to set on in the settings of sdn-controller plugin override-certsto on?
 And then try again.In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs. In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools. It does show as a regular network in XO, not under the Private list. This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either. 
- 
 @benjireis said in Can't create Private Network, on XO 5.83: @bberndt can you try to set on in the settings of sdn-controller plugin override-certsto on?
 And then try again.In XCP-Center, Co-worker used something like this, and it created it, but Im not sure its actually working yet, he's still working on it, AFAIK and a Win7, and 2 WinXP VMs. In XCP-ng Center you can create an Internal network which only works for the VMs on the SAME hosts. this is different than XO private neworks which work across hosts and even pools. It does show as a regular network in XO, not under the Private list. This is another thing, the private network you're trying to create is accessible by the VMs so it won't be listed here either. Same error as above. I looked in the iptables of the (second)host, and it does appear to have this 6640 in it. 
 Im only looking for a Private Network on the same host, no need to across hosts yet. And these are all single-host-pools, no multiple host pools.
- 
 I went back to my XCP-ng 8.2 pool. It looks like its been creating these networks all along, despite the error. So, I guess the question remains why the error on XCP-ng 7.6? (somewhat rhetorical, I know its old, and outa support) 
- 
 @bberndt I'd need logs to tell you. 
 Just the error displayed in XO is not enough.
- 
 @benjireis 
 So..... I ran
 journalctl -u xo-server -f -n 50 on XO machine
 and then created a netwokr, and got the same second error, not the first one. and it created the network on the XCP 7.6 machine. They both seem to have the sdn service running, but only the 8.2 machine has a firewall rule for 6640.
 do I need one for the XO machine as well? Im not completely sure, but I think im cool other than the weird (erroneous?) messages.Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.827Z xo:xo-server:sdn-controller INFO Private network registered { privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]' } Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:36.889Z xo:xo-server:sdn-controller INFO New network created { Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: privateNetwork: '42b5f6da-e06a-4801-84ae-[redacted]', Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: network: 'temp', Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: pool: '' Nov 19 10:17:36 xo1.logistics.int xo-server[654246]: } Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.700Z xo:xo-server:sdn-controller:tls-connect ERROR TLS connection failed { Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: error: Error: Client network socket disconnected before secure TLS connection was established Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at connResetException (internal/errors.js:639:14) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at TLSSocket.onConnectEnd (_tls_wrap.js:1570:19) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at TLSSocket.emit (events.js:412:35) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at TLSSocket.emit (domain.js:475:12) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202111011545/@xen-orchestra/log/configure.js:118:17) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at endReadableNT (internal/streams/readable.js:1334:12) Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: at processTicksAndRejections (internal/process/task_queues.js:82:21) { Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: code: 'ECONNRESET', Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: path: undefined, Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: host: '172.16.[redacted]', Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: port: 6640, Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: localAddress: undefined Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: }, Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: address: '172.16.[redacted]', Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: port: 6640 Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: } Nov 19 10:17:39 xo1.logistics.int xo-server[654246]: 2021-11-19T17:17:39.703Z xo:api WARN bberndt | sdnController.createPrivateNetwork(...) [3s] =!> Error: Client network socket disconnected before secure TLS connection was established
- 
 @bberndt the sdn controller communicate with the hosts on port 6640, opening it on the host should be enough. 
 I don't know what's happening. !this TLS error should have been solved by theoverride-certsoption set to on.

