XCP-ng 8.3 public alpha π
-
@JurgenDM if you have an active XCP-ng subscription, please create a ticket so we can prioritize some requests
-
I'm just an home/hobby enthusiast who likes to play/test and learn these sorts of things.
So I cannot open a ticket, however if there is something I can contribute in the effort to be able to reproduce and solve the issue i'm happy to help. -
Stay tuned then, we'll publish a more recent version of the drivers at some point. We might have a dedicated profile this year (but this cost a lot, and it's hard to prioritize everything). Hope the best for us in terms of growth and we could deliver in every part of XCP-ng/XO
-
I just pushed a batch of updates to the
8.3/baserepository.You can update your 8.3 testing hosts with
yum update, and reboot.There isn't much on the side of user-visible changes, but this catches up with several months of changes made by both the XenServer team and us. Things are mostly evolving under the hood, so at this stage what matters is that the changes did not cause any regressions. Our internal test suite passed successfully.
Let's mention a few key changes from a very long changelog, though:
- All latest security fixes
- Performance optimizations in XAPI components. This means better performance for dom0 in various situations. This doesn't change the performance of VMs themselves, unless they are in situations where their performance was impacted by XAPI.
- Basic vTPM support (no snapshots, no migration, no HA...). We haven't tested it yet so I can't guide you towards testing it yet.
- Various fixes, as always.
- Work on HTTPS support for all operations (for example storage migration) so that port 80 can be eventually closed. A lot was done, but I'm not sure it's complete yet.
- Beginning of transition from python2 to python3: a few scripts ported to python3, and so python3 is now installed alongside python2 in dom0, and code will be ported progressively.
- Various driver updates
-
@stormi Hi, sounds great
I tried to use the vTPM Management and it seems for me that I am either missing updates (but I have even testing repo enabled) or the feature daemon is missing this entry:
restrict_vtpm
When I try to manage vTPM it generates this error on the server:
Raised Server_error(FEATURE_RESTRICTED, [ restrict_vtpm ])Last added online I see Cloud:
https://github.com/xcp-ng/xcp-featured/blob/master/bin/v6_server.ml#L68Would be great to be able to configure it somehow, even add custom features in a config file, there already exists an similar issue entry for it:
https://github.com/xcp-ng/xcp/issues/184
./var/log/xensource.log:Jan 9 16:13:55 xcp-ng-vm5 xapi: [error||1247 :::80|dispatch:VTPM.create D:6eb04e1f3871|backtrace] 1/9 xapi Raised at file ocaml/xapi/xapi_vtpm.ml, line 24
open Configurable license daemon #184
-
@cocoon Thanks for the feedback. Let me summon @BenjiReis for the missing feature key.
-
@stormi Both host of my playlab are happy with the 73 patches applied by
yum updateandreboot
. I assume that a rolling updated with XO would have worked as well 
-
Hello.
After applying the 73 patches there is a pending task:xe task-list uuid ( RO) : 32fc65c5-3faa-ff27-662d-7cde2f630377 name-label ( RO): xapi events name-description ( RO): status ( RO): pending progress ( RO): 0.000It is still there after applying the most recent updates a day ago.
Progress stays at 0 forever. -
@kaeptn I asked a XAPI developer who told me it's expected: it's the new way to watch over VM events from xenopsd to update the metadata". The positive counterpart is this removes a lot of spurious "INVALID_SESSION" errors from xensource.log caused by the former way of doing it.
-
There's a pending enhancement which might remove the task from the database and thus be more transparent.
-
@cocoon Could try with
xcp-featuredfrom thexcp-ng-testingrepository? It should enable the feature.yum update xcp-featured --enablerepo=xcp-ng-testing -
@stormi Works
-
Thanks @cocoon
So, I just pushed two updates to the 8.3 repositories, that you can get with a simple
yum update:xcp-featured, which enables partial vTPM supportguest-templates-json-*, which adds VM templates for RHEL 9 and derivatives.
-
OK, TPM is visible in Windows Server 2022 but no secure boot atm.
Bios says it is disabled. Installed it in a virtual XCP-NG VM on ESXi.
-
@cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode:
varstore-sb-state user {VM-UUID}varstore-sb-state {VM-UUID} user). -
@stormi said in XCP-ng 8.3 public alpha
:@cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode:
varstore-sb-state user {VM-UUID}).Ah yes, thanks, that works
the command is just slightly different:varstore-sb-state {VM-UUID} user
-
If you want to push the vTPM test further, you can activate bitlocker in a Windows VM and see if after a reboot the drives are decrypted without having to enter passcodes manually.
-
@stormi That was my plan, Bitlocker feature is already installed, will test this yes
-
Small Announcement / Testing Guide
There is a new and easy way for you to help testing XCP-ng 8.3: a few test scripts from the Xen project which deserve to be run on a wide variety of hosts. You don't need to run them on every host if they are truly identical, but it's good to run them on a wide range of hardware.
The first one is XTF (stands for Xen Test Framework)
Be aware that some of the tests may sometimes cause the host to crash.
XTF
Enable HVM FEP on the host. This is not mandatory but if you don't, several tests that require it will be skipped:
/opt/xensource/libexec/xen-cmdline --set-xen hvm_fep rebootBuild XTF
yum install gcc git -y git clone git://xenbits.xen.org/xtf.git cd xtf make -j8(Optional, protects your host from a crash if its hardware is vulnerable to XSA-304) Switch EPT superpages to secure mode:
xl set-parameters ept=no-exec-spRun the tests
# self test ./xtf-runner selftest -q --host # all tests # -q stands for quiet. Remove one or both if you want to see details. ./xtf-runner -aqq --host # check return code. Should be "3" which means "no failures but some tests were skipped": echo $?Switch back EPT superpages to fast mode, if needed
xl set-parameters ept=exec-spThere will be a few SKIPPED tests, but there shouldn't be many.
Known skipped tests:
test-hvm32-umip test-hvm64-umip: skipped if the CPU is not recent enough to support UMIP.test-pv64-xsa-167: always skippedtest-pv64-xsa-182: skipped in default configuration.
You can ignore them.
xen-dom0-tests
The testsuite is very limited in Xen 4.13, but let's still run what's available.
Install:
yum install xen-dom0-testsRun
/usr/libexec/xen/bin/test-cpu-policy # check return code. Must be 0, otherwise this means there was a failure. echo $? -
@stormi I am afraid my playlab host (Dell Optiplex 9010, Intel i5-3550 CPU) is to old to contribute to the XCP-ng 8.3 alpha testing, but I run the XTF test with this results:
[h01]# ./xtf-runner selftest -q --host Combined test results: test-hvm32-selftest SUCCESS test-hvm32pae-selftest SUCCESS test-hvm32pse-selftest SUCCESS test-hvm64-selftest SUCCESS test-pv64-selftest SUCCESSfollowed by
[h01]# ./xtf-runner -aqq --host Combined test results: test-hvm32-umip SKIP test-hvm64-umip SKIP test-pv64-xsa-167 SKIP test-pv64-xsa-182 SKIP [h01]# echo $? 3 [h01]#I have some HP Elitedesk 600 G6 mini coming in to test as a small virtualization lab (i5-10500T, 6 cores, 12 threads, 2.3 GHz base clock, 64GB RAM). Not the target infrastructure but will add to the range of hardware.
