XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.3 public alpha πŸš€

    News
    41
    255
    15978
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • olivierlambertO
      olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
      last edited by

      @JurgenDM if you have an active XCP-ng subscription, please create a ticket so we can prioritize some requests πŸ™‚

      J 1 Reply Last reply Reply Quote 0
      • J
        JurgenDM @olivierlambert
        last edited by

        @olivierlambert

        I'm just an home/hobby enthusiast who likes to play/test and learn these sorts of things.
        So I cannot open a ticket, however if there is something I can contribute in the effort to be able to reproduce and solve the issue i'm happy to help.

        1 Reply Last reply Reply Quote 0
        • olivierlambertO
          olivierlambert Vates πŸͺ Co-Founder🦸 CEO πŸ§‘β€πŸ’Ό
          last edited by olivierlambert

          Stay tuned then, we'll publish a more recent version of the drivers at some point. We might have a dedicated profile this year (but this cost a lot, and it's hard to prioritize everything). Hope the best for us in terms of growth and we could deliver in every part of XCP-ng/XO πŸ˜‰

          1 Reply Last reply Reply Quote 0
          • stormiS
            stormi Vates πŸͺ XCP-ng Team πŸš€
            last edited by

            I just pushed a batch of updates to the 8.3/base repository.

            You can update your 8.3 testing hosts with yum update, and reboot.

            There isn't much on the side of user-visible changes, but this catches up with several months of changes made by both the XenServer team and us. Things are mostly evolving under the hood, so at this stage what matters is that the changes did not cause any regressions. Our internal test suite passed successfully.

            Let's mention a few key changes from a very long changelog, though:

            • All latest security fixes
            • Performance optimizations in XAPI components. This means better performance for dom0 in various situations. This doesn't change the performance of VMs themselves, unless they are in situations where their performance was impacted by XAPI.
            • Basic vTPM support (no snapshots, no migration, no HA...). We haven't tested it yet so I can't guide you towards testing it yet.
            • Various fixes, as always.
            • Work on HTTPS support for all operations (for example storage migration) so that port 80 can be eventually closed. A lot was done, but I'm not sure it's complete yet.
            • Beginning of transition from python2 to python3: a few scripts ported to python3, and so python3 is now installed alongside python2 in dom0, and code will be ported progressively.
            • Various driver updates
            C gskgerG 2 Replies Last reply Reply Quote 5
            • C
              cocoon XCP-ng Center Team 🏚️ @stormi
              last edited by cocoon

              @stormi Hi, sounds great πŸ™‚

              I tried to use the vTPM Management and it seems for me that I am either missing updates (but I have even testing repo enabled) or the feature daemon is missing this entry:

              restrict_vtpm

              When I try to manage vTPM it generates this error on the server:
              Raised Server_error(FEATURE_RESTRICTED, [ restrict_vtpm ])

              Last added online I see Cloud:
              https://github.com/xcp-ng/xcp-featured/blob/master/bin/v6_server.ml#L68

              Would be great to be able to configure it somehow, even add custom features in a config file, there already exists an similar issue entry for it:
              https://github.com/xcp-ng/xcp/issues/184

              2023-01-09_vTPM-001.png

              2023-01-09_vTPM-002.png

              ./var/log/xensource.log:Jan  9 16:13:55 xcp-ng-vm5 xapi: [error||1247 :::80|dispatch:VTPM.create D:6eb04e1f3871|backtrace] 1/9 xapi Raised at file ocaml/xapi/xapi_vtpm.ml, line 24
              

              2023-01-09_vTPM-003.png

              stormi created this issue in xcp-ng/xcp

              open Configurable license daemon #184

              stormiS 2 Replies Last reply Reply Quote 0
              • stormiS
                stormi Vates πŸͺ XCP-ng Team πŸš€ @cocoon
                last edited by

                @cocoon Thanks for the feedback. Let me summon @BenjiReis for the missing feature key.

                K 1 Reply Last reply Reply Quote 0
                • gskgerG
                  gskger Top contributor πŸ’ͺ @stormi
                  last edited by

                  @stormi Both host of my playlab are happy with the 73 patches applied by yum update and reboot πŸ‘ . I assume that a rolling updated with XO would have worked as well πŸ€”

                  1 Reply Last reply Reply Quote 1
                  • K
                    kaeptn @stormi
                    last edited by

                    @stormi

                    Hello.
                    After applying the 73 patches there is a pending task:

                    xe task-list
                    
                    uuid ( RO)                : 32fc65c5-3faa-ff27-662d-7cde2f630377
                              name-label ( RO): xapi events
                        name-description ( RO):
                                  status ( RO): pending
                                progress ( RO): 0.000
                    

                    It is still there after applying the most recent updates a day ago.
                    Progress stays at 0 forever.

                    stormiS 1 Reply Last reply Reply Quote 0
                    • stormiS
                      stormi Vates πŸͺ XCP-ng Team πŸš€ @kaeptn
                      last edited by

                      @kaeptn I asked a XAPI developer who told me it's expected: it's the new way to watch over VM events from xenopsd to update the metadata". The positive counterpart is this removes a lot of spurious "INVALID_SESSION" errors from xensource.log caused by the former way of doing it.

                      1 Reply Last reply Reply Quote 0
                      • stormiS
                        stormi Vates πŸͺ XCP-ng Team πŸš€
                        last edited by

                        There's a pending enhancement which might remove the task from the database and thus be more transparent.

                        1 Reply Last reply Reply Quote 0
                        • stormiS
                          stormi Vates πŸͺ XCP-ng Team πŸš€ @cocoon
                          last edited by

                          @cocoon Could try with xcp-featured from the xcp-ng-testing repository? It should enable the feature.

                          yum update xcp-featured --enablerepo=xcp-ng-testing
                          
                          C 1 Reply Last reply Reply Quote 1
                          • C
                            cocoon XCP-ng Center Team 🏚️ @stormi
                            last edited by

                            @stormi Works πŸ‘

                            2023-01-13_vTPM-001_fixed.png

                            1 Reply Last reply Reply Quote 2
                            • stormiS
                              stormi Vates πŸͺ XCP-ng Team πŸš€
                              last edited by

                              Thanks @cocoon

                              So, I just pushed two updates to the 8.3 repositories, that you can get with a simple yum update:

                              • xcp-featured, which enables partial vTPM support
                              • guest-templates-json-*, which adds VM templates for RHEL 9 and derivatives.
                              C 1 Reply Last reply Reply Quote 2
                              • C
                                cocoon XCP-ng Center Team 🏚️ @stormi
                                last edited by

                                OK, TPM is visible in Windows Server 2022 but no secure boot atm.
                                Bios says it is disabled. Installed it in a virtual XCP-NG VM on ESXi.

                                2023-01-13_vTPM-002_fixed.png

                                2023-01-13_vTPM-003_fixed.png

                                2023-01-13_vTPM-004_fixed.png

                                1 Reply Last reply Reply Quote 0
                                • stormiS
                                  stormi Vates πŸͺ XCP-ng Team πŸš€
                                  last edited by stormi

                                  @cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode: varstore-sb-state user {VM-UUID} varstore-sb-state {VM-UUID} user).

                                  C 1 Reply Last reply Reply Quote 1
                                  • C
                                    cocoon XCP-ng Center Team 🏚️ @stormi
                                    last edited by

                                    @stormi said in XCP-ng 8.3 public alpha πŸš€:

                                    @cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode: varstore-sb-state user {VM-UUID}).

                                    Ah yes, thanks, that works πŸ‘
                                    the command is just slightly different:

                                    varstore-sb-state {VM-UUID} user
                                    

                                    2023-01-16_secureboot-001_fixed.png

                                    2023-01-16_secureboot-002_fixed.png

                                    1 Reply Last reply Reply Quote 2
                                    • stormiS
                                      stormi Vates πŸͺ XCP-ng Team πŸš€
                                      last edited by

                                      If you want to push the vTPM test further, you can activate bitlocker in a Windows VM and see if after a reboot the drives are decrypted without having to enter passcodes manually.

                                      C 1 Reply Last reply Reply Quote 0
                                      • C
                                        cocoon XCP-ng Center Team 🏚️ @stormi
                                        last edited by cocoon

                                        @stormi That was my plan, Bitlocker feature is already installed, will test this yes πŸ˜‰

                                        2023-01-16_bitlocker-001.png

                                        1 Reply Last reply Reply Quote 0
                                        • stormiS
                                          stormi Vates πŸͺ XCP-ng Team πŸš€
                                          last edited by stormi

                                          Small Announcement / Testing Guide

                                          There is a new and easy way for you to help testing XCP-ng 8.3: a few test scripts from the Xen project which deserve to be run on a wide variety of hosts. You don't need to run them on every host if they are truly identical, but it's good to run them on a wide range of hardware.

                                          The first one is XTF (stands for Xen Test Framework)

                                          Be aware that some of the tests may sometimes cause the host to crash.

                                          XTF

                                          Enable HVM FEP on the host. This is not mandatory but if you don't, several tests that require it will be skipped:

                                          /opt/xensource/libexec/xen-cmdline --set-xen hvm_fep
                                          reboot
                                          

                                          Build XTF

                                          yum install gcc git -y
                                          git clone git://xenbits.xen.org/xtf.git
                                          cd xtf
                                          make -j8
                                          

                                          (Optional, protects your host from a crash if its hardware is vulnerable to XSA-304) Switch EPT superpages to secure mode:

                                          xl set-parameters ept=no-exec-sp 
                                          

                                          Run the tests

                                          # self test
                                          ./xtf-runner selftest -q --host
                                          # all tests
                                          # -q stands for quiet. Remove one or both if you want to see details.
                                          ./xtf-runner -aqq --host
                                          # check return code. Should be "3" which means "no failures but some tests were skipped":
                                          echo $?
                                          

                                          Switch back EPT superpages to fast mode, if needed

                                          xl set-parameters ept=exec-sp 
                                          

                                          There will be a few SKIPPED tests, but there shouldn't be many.

                                          Known skipped tests:

                                          • test-hvm32-umip test-hvm64-umip: skipped if the CPU is not recent enough to support UMIP.
                                          • test-pv64-xsa-167: always skipped
                                          • test-pv64-xsa-182: skipped in default configuration.

                                          You can ignore them.

                                          xen-dom0-tests

                                          The testsuite is very limited in Xen 4.13, but let's still run what's available.

                                          Install:

                                          yum install xen-dom0-tests
                                          

                                          Run

                                          /usr/libexec/xen/bin/test-cpu-policy
                                          # check return code. Must be 0, otherwise this means there was a failure.
                                          echo $?
                                          
                                          gskgerG stormiS 2 Replies Last reply Reply Quote 2
                                          • gskgerG
                                            gskger Top contributor πŸ’ͺ
                                            last edited by gskger

                                            @stormi I am afraid my playlab host (Dell Optiplex 9010, Intel i5-3550 CPU) is to old to contribute to the XCP-ng 8.3 alpha testing, but I run the XTF test with this results:

                                            [h01]# ./xtf-runner selftest -q --host
                                            Combined test results:
                                            test-hvm32-selftest                      SUCCESS
                                            test-hvm32pae-selftest                   SUCCESS
                                            test-hvm32pse-selftest                   SUCCESS
                                            test-hvm64-selftest                      SUCCESS
                                            test-pv64-selftest                       SUCCESS
                                            

                                            followed by

                                            [h01]# ./xtf-runner -aqq --host
                                            Combined test results:
                                            test-hvm32-umip                          SKIP
                                            test-hvm64-umip                          SKIP
                                            test-pv64-xsa-167                        SKIP
                                            test-pv64-xsa-182                        SKIP
                                            [h01]# echo $?
                                            3
                                            [h01]#
                                            

                                            I have some HP Elitedesk 600 G6 mini coming in to test as a small virtualization lab (i5-10500T, 6 cores, 12 threads, 2.3 GHz base clock, 64GB RAM). Not the target infrastructure but will add to the range of hardware.

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post