XCP-ng 8.3 public alpha 🚀

gskger

@stormi Both host of my playlab are happy with the 73 patches applied by yum update and reboot . I assume that a rolling updated with XO would have worked as well

kaeptn

@stormi

Hello.
After applying the 73 patches there is a pending task:

xe task-list

uuid ( RO)                : 32fc65c5-3faa-ff27-662d-7cde2f630377
          name-label ( RO): xapi events
    name-description ( RO):
              status ( RO): pending
            progress ( RO): 0.000

It is still there after applying the most recent updates a day ago.
Progress stays at 0 forever.

stormi

@kaeptn I asked a XAPI developer who told me it's expected: it's the new way to watch over VM events from xenopsd to update the metadata". The positive counterpart is this removes a lot of spurious "INVALID_SESSION" errors from xensource.log caused by the former way of doing it.

stormi

There's a pending enhancement which might remove the task from the database and thus be more transparent.

stormi

@cocoon Could try with xcp-featured from the xcp-ng-testing repository? It should enable the feature.

yum update xcp-featured --enablerepo=xcp-ng-testing

cocoon

@stormi Works

stormi

Thanks @cocoon

So, I just pushed two updates to the 8.3 repositories, that you can get with a simple yum update:

• xcp-featured, which enables partial vTPM support
• guest-templates-json-*, which adds VM templates for RHEL 9 and derivatives.

cocoon

OK, TPM is visible in Windows Server 2022 but no secure boot atm.
Bios says it is disabled. Installed it in a virtual XCP-NG VM on ESXi.

stormi

@cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode: varstore-sb-state user {VM-UUID} varstore-sb-state {VM-UUID} user).

cocoon

@stormi said in XCP-ng 8.3 public alpha :

@cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode: varstore-sb-state user {VM-UUID}).

Ah yes, thanks, that works
the command is just slightly different:

varstore-sb-state {VM-UUID} user

stormi

If you want to push the vTPM test further, you can activate bitlocker in a Windows VM and see if after a reboot the drives are decrypted without having to enter passcodes manually.

cocoon

@stormi That was my plan, Bitlocker feature is already installed, will test this yes

stormi

Small Announcement / Testing Guide

There is a new and easy way for you to help testing XCP-ng 8.3: a few test scripts from the Xen project which deserve to be run on a wide variety of hosts. You don't need to run them on every host if they are truly identical, but it's good to run them on a wide range of hardware.

The first one is XTF (stands for Xen Test Framework)

Be aware that some of the tests may sometimes cause the host to crash.

XTF

Enable HVM FEP on the host. This is not mandatory but if you don't, several tests that require it will be skipped:

/opt/xensource/libexec/xen-cmdline --set-xen hvm_fep
reboot

Build XTF

yum install gcc git -y
git clone git://xenbits.xen.org/xtf.git
cd xtf
make -j8

(Optional, protects your host from a crash if its hardware is vulnerable to XSA-304) Switch EPT superpages to secure mode:

xl set-parameters ept=no-exec-sp 

Run the tests

# self test
./xtf-runner selftest -q --host
# all tests
# -q stands for quiet. Remove one or both if you want to see details.
./xtf-runner -aqq --host
# check return code. Should be "3" which means "no failures but some tests were skipped":
echo $?

Switch back EPT superpages to fast mode, if needed

xl set-parameters ept=exec-sp 

There will be a few SKIPPED tests, but there shouldn't be many.

Known skipped tests:

• test-hvm32-umip test-hvm64-umip: skipped if the CPU is not recent enough to support UMIP.
• test-pv64-xsa-167: always skipped
• test-pv64-xsa-182: skipped in default configuration.

You can ignore them.

xen-dom0-tests

The testsuite is very limited in Xen 4.13, but let's still run what's available.

Install:

yum install xen-dom0-tests

Run

/usr/libexec/xen/bin/test-cpu-policy
# check return code. Must be 0, otherwise this means there was a failure.
echo $?

gskger

@stormi I am afraid my playlab host (Dell Optiplex 9010, Intel i5-3550 CPU) is to old to contribute to the XCP-ng 8.3 alpha testing, but I run the XTF test with this results:

[h01]# ./xtf-runner selftest -q --host
Combined test results:
test-hvm32-selftest                      SUCCESS
test-hvm32pae-selftest                   SUCCESS
test-hvm32pse-selftest                   SUCCESS
test-hvm64-selftest                      SUCCESS
test-pv64-selftest                       SUCCESS

followed by

[h01]# ./xtf-runner -aqq --host
Combined test results:
test-hvm32-umip                          SKIP
test-hvm64-umip                          SKIP
test-pv64-xsa-167                        SKIP
test-pv64-xsa-182                        SKIP
[h01]# echo $?
3
[h01]#

I have some HP Elitedesk 600 G6 mini coming in to test as a small virtualization lab (i5-10500T, 6 cores, 12 threads, 2.3 GHz base clock, 64GB RAM). Not the target infrastructure but will add to the range of hardware.

Forza

@olivierlambert said in XCP-ng 8.3 public alpha :

It's an alpha not because it's unstable Just that we can make some updates before the official release. Happy to see it works well!

A thought. Is there a planned list of stuff that we can vote on to have on the next release?

olivierlambert

Hi,

No/not yet/our backlog is already too full to make many choices for something that should be out in a matter of months.

I mean, changing a color somewhere is OK, but anything else is not in the realm of possible for now.

gskger

@stormi My first HP Elitedesk 600 G6 Mini arrived (i5-10500T, 6 cores, 12 threads, 2.3 GHz base clock, 64GB RAM, 256GB NVME) and XCP-ng 8.3 alpha installed and updated right away (but I have the efi: EFI_MEMMAP not enabled message with a boot delay).

The XTF test on this non-enterprise hardware returns

[M01]# ./xtf-runner selftest -q --host
Combined test results:
test-hvm32-selftest                      SUCCESS
test-hvm32pae-selftest                   SUCCESS
test-hvm32pse-selftest                   SUCCESS
test-hvm64-selftest                      SUCCESS
test-pv64-selftest                       SUCCESS

and

[M01]# ./xtf-runner -aqq --host
Combined test results:
test-hvm32-umip                          SKIP
test-hvm64-umip                          SKIP
test-pv64-xsa-167                        SKIP
test-pv64-xsa-182                        SKIP
[M01]# echo $?
3
[M01]#

Have not done anything else with this unit yet.

Strebor

Sorry for being very late to this show, but I would like to thank everybody involved in getting XCP-ng ready for using on modern 10th and 11th gen Intel NUCs! Great job!

So, to replace (in the near future) the old and large power guzzling lab servers in my office, I've just ordered 2x Intel NUC 11 with i5-1135G7 CPU and the intel 2.5 gbit I225 NIC.

Looking forward to testing them and getting ready for XCP-ng 8.3!

Andrew

@stormi I have 8.3 alpha+updates running on an HP DL360 G8 and it's working as expected since currently it's mostly an update to 8.2... I did an ISO install/update and it went ok. I did have to re-install some packages that were installed before on 8.2 and fix options that were removed during the 8.3 install but it keep most of XCP/Network/VM config.

stormi

@stormi said in XCP-ng 8.3 public alpha :

Small Announcement / Testing Guide

There is a new and easy way for you to help testing XCP-ng 8.3: a few test scripts from the Xen project which deserve to be run on a wide variety of hosts. You don't need to run them on every host if they are truly identical, but it's good to run them on a wide range of hardware.

The first one is XTF (stands for Xen Test Framework)

XTF

Enable HVM FEP on the host. This is not mandatory but if you don't, several tests that require it will be skipped:

/opt/xensource/libexec/xen-cmdline --set-xen hvm_fep
reboot

Build XTF

yum install gcc git -y
git clone git://xenbits.xen.org/xtf.git
cd xtf
make -j8

Run the tests

# self test
./xtf-runner selftest -q --host
# all tests
# -q stands for quiet. Remove one or both if you want to see details.
./xtf-runner -aqq --host
# check return code. Should be "3" which means "no failures but some tests were skipped":
echo $?

There will be a few SKIPPED tests, but there shouldn't be many.

Known skipped tests:

• test-hvm32-umip test-hvm64-umip: skipped if the CPU is not recent enough to support UMIP.
• test-pv64-xsa-167: always skipped
• test-pv64-xsa-182: skipped in default configuration.

You can ignore them.

xen-dom0-tests

The testsuite is very limited in Xen 4.13, but let's still run what's available.

Install:

yum install xen-dom0-tests

Run

/usr/libexec/xen/bin/test-cpu-policy
# check return code. Must be 0, otherwise this means there was a failure.
echo $?

I'm still interested in as many users as possible running this on their hardware.