XCP-ng 8.3 public alpha π
-
Congratulations for your new release!
I am very interested in new features, still waiting for raw storage devices, new xo and hopefully the job where I could revert a VM always to its latest snapshot ^^
I had short time today to try an Upgrade of an old VM (could have still been 7.6 in Virtualbox) and the installation went OK.
But no https available. Quickly checked on the host with netstat, only :80 was used.
Had not much time today, but found out port 443 might be planned to be used by stunnel, I tried to manually run stunnel with the config in etc, but got an error about a too short key or something.
I will do a fresh installation next to it in a new vm and compare and troubleshoot tomorrow if possible.
-
Port 443 should work with XO Lite by default
-
@olivierlambert
Yes that's what I expected because of course I wanted to try XO Lite, but had no chance to see it today.Port 80 seems to automatically redirect to https if opened in a Browser, but I will analyse as soon as possible and report what I find.
-
There's no redirect for now in XCP-ng, are you sure it's the right IP address?
-
@olivierlambert you're right, there was an error message, no redirect! Something like access denied or similar ...
-
I did not know about XO Lite. Impressive.
-
@olivierlambert @stormi Thanks for the shot out in the blog post! I'm happy to help.
I think 8.3 has gone a little crazy with the purple theme... but that's not a functional issue.
ISO 8.3 installs/upgrades have worked fine so far on anything I have tried that ran XCP 8.2. I'll have some more time soon to do better testing.
Thanks for the ongoing quality work on open source software.
-
@Andrew said in XCP-ng 8.3 public alpha :
I think 8.3 has gone a little crazy with the purple theme... but that's not a functional issue.
I wasnβt going to say it myself but I agree. Personally it doesnβt matter as long as it worksβ¦ but itβs a LOT of purple.
-
Great to see the next iteration of XCP-ng
What is the status on the base OS choice for XCP-ng instead of CentOS?
-
So still have the problem today on the upgraded VM that no https is available.
I installed a new VM now and there it works and I found these differences, looks like the /etc/xensource/xapi-ssl.pem file is too old.
FRESH NEW VM:
UPGRADED VM:
-
@Forza As explained in the blog post, no big change on that aspect so far. The goal is to build a new version that will be used as a base for more changes later. The biggest change is probably related to XAPI (huge bump)
-
@olivierlambert OK thanks for the info. What is the plan for leaving the old CentOS 7?
-
The plan is to first be able to use a more recent Xen version (matters the most), then to upgrade the kernel. CentOS 7 is indeed old, but only used for non-critical pieces. Remember, we do NOT use a kernel or Xen made by CentOS, but by XenServer and us.
Also, before moving to something more recent in terms of distro, we have to finish to upgrade all the Python 2 code to Python 3 (among other thing). So it's kind of "hardest" task and lower priority vs "new Xen" and "new kernel"
-
@cocoon
The best thing we can do here is inspect the actual certificate:
Please runopenssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem
xenserver has generated host certificates with 2048-bit RSA keys for years, these should be able to be loaded by stunnel (through openssl) just fine.
If the key is smaller that this then the fix is easy: generate a new certificate for that host:
xe host-refresh-server-certificate host uuid=<>
Be mindful that clients that trusted the previous certificate will need to trust the new one in order for the TLS connections to be established -
The good news is that I eventually got 8.3 installed and it is looking good.. I had a few problems, but this was mostly down to something weird with the partition layout.
Every time I installed 8.3 (fresh install) onto a machine, it would refuse to create any "Local Storage". I bounced around in circles many time and gave up, installing 8.2 (fresh install) and got the same result. What I had to do eventually is "ALT+Right Arrow" until I got to a # prompt, do a lvdisplay to find the VG and then do a lvremove on the VG + a wipefs -a -f /dev/sda3 to clear EVERYTHING out. It was somehow picking up that the drives I were using previously were used in a ZFS pool (btw.. This is really weird as these drives were used in a different machine, on a different RAID system, etc.. I have no idea how it figured out there was a ZFS pool, but whatever).
Once I did the above, the fresh install worked just fine (8.2), joined it my my existing pool, promote it to a pool master and then do an upgrade to 8.3
After the upgrade, local storage was showing offline for about 5 minutes, but then it magically kicked itsself into life. I am assuming it was doing something in the background as the new pool master.
As a point of note, it looks like XCP-ng Center V20.11.0.3 is still compatiable as I am using that as well as XO to manage the pool with no issues (so far)
-
@Anonabhar said in XCP-ng 8.3 public alpha :
As a point of note, it looks like XCP-ng Center V20.11.0.3 is still compatiable as I am using that as well as XO to manage the pool with no issues (so far)
This looks suspicious. It should have complained about the version. Are you sure the upgrade went fine on all hosts?
-
@stormi Yea.. I though it was weird as well, but I was happy to see it work.. Here is a screen shot of the XCP-ng screen.. I havent upgraded the Peg02 yet (as I have to get more disks in there tonight in order to migrate things around), but notice the version number on the Peg03
-
Yes the key is 1024:
[11:45 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem Certificate: Data: Version: 3 (0x2) Serial Number: b2:32:6b:a9:eb:51:99:0c Signature Algorithm: sha1WithRSAEncryption Issuer: CN=192.168.56.102 Validity Not Before: May 4 15:23:19 2018 GMT Not After : May 1 15:23:19 2028 GMT Subject: CN=192.168.56.102 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c2:62:b4:fc:54:a0:1b:7c:5d:3e:61:4c:51:ef: ff:a4:a0:da:ab:ea:49:f5:99:3e:14:67:a7:9d:68: 28:8e:ea:54:75:45:55:8b:78:fa:46:65:f5:f2:a2: 5e:ca:20:8c:c7:d4:4b:c4:21:a2:70:0e:49:d0:aa: f0:2a:21:40:db:39:2f:57:ec:18:dc:82:2e:d0:b5: f4:cb:48:a0:b8:9d:3f:c4:f5:75:cb:1b:1c:4b:47: a2:07:2f:3c:b4:b1:37:d0:e8:11:e6:00:49:cf:89: e6:4f:38:3d:a6:6f:bb:02:84:e8:17:3c:5b:a1:f7: 98:87:03:ad:36:26:31:ca:63 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:xcp-ng-vm1, DNS:xcp-ng-vm1 Signature Algorithm: sha1WithRSAEncryption 01:dc:44:77:3e:34:3a:b2:06:c5:bc:07:ab:e9:8c:c4:5e:cf: c5:33:fc:74:83:cf:4c:14:cc:2f:fb:dc:d5:45:ff:84:76:40: fc:b0:9c:00:af:a5:00:85:13:97:90:7e:66:81:36:3b:d3:83: 55:2c:e2:54:3d:85:d5:1d:d0:fe:1e:b7:2f:4d:76:8b:01:e1: a5:be:ed:62:73:e0:44:65:74:6e:e3:eb:5b:72:21:66:7f:03: 28:c4:f7:d9:dc:72:46:d1:fc:b0:5f:18:bf:bd:ef:44:9c:64: 09:94:c8:65:1b:6b:06:26:ca:91:ee:ee:19:12:80:f0:f5:5f: 17:f4
I found a slightly different command to reset the cert and it seems to work:
[11:54 xcp-ng-vm1 xensource]# cat /etc/xensource-inventory | grep -i installation_uuid INSTALLATION_UUID='efe93b3d-ce2e-4f37-8a0d-00abf186c688' [11:54 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid=efe93b3d-ce2e-4f37-8a0d-00abf186c688 Error: No matching hosts found [11:55 xcp-ng-vm1 xensource]# xe host-list uuid ( RO) : efe93b3d-ce2e-4f37-8a0d-00abf186c688 name-label ( RW): xcp-ng-vm1 name-description ( RW): Default install [11:55 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid='efe93b3d-ce2e-4f37-8a0d-00abf186c688' Error: No matching hosts found [11:55 xcp-ng-vm1 xensource]# xe host-emergency-reset-server-certificate [11:56 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1652293449990601601 (0x16ee20237764fb81) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=xcp-ng-vm1 Validity Not Before: Nov 21 10:56:45 2022 GMT Not After : Nov 18 10:56:45 2032 GMT Subject: CN=xcp-ng-vm1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a4:4d:a0:35:42:cc:1b:0c:0c:1e:5e:68:84:9e: a0:66:5e:9d:d0:e1:8a:9c:00:d8:e1:d9:be:81:6e: f4:88:dd:ee:e3:ba:cf:19:01:74:05:f6:be:f0:b2: 7b:36:3d:99:b1:b8:79:52:10:dc:71:db:5c:4c:cd: 03:cc:2d:49:e9:3f:ab:31:5b:f1:f6:8e:33:99:b0: ed:ee:a6:f8:af:f7:46:25:db:fc:2f:05:da:16:de: 58:df:c8:70:75:17:1f:a8:d9:ed:d9:31:da:f5:5e: ce:d3:93:d1:00:b4:e8:27:29:cb:a6:a8:e6:e1:97: 92:84:74:84:30:b2:09:fc:e4:60:79:6c:4b:f4:07: e3:ba:e6:da:b0:be:6a:35:ef:d8:bc:47:df:58:45: a0:c6:1a:56:ee:2e:32:1c:13:17:66:5c:41:93:1d: da:e2:ac:03:31:16:6d:0c:33:f4:df:67:47:8b:bb: 53:6f:cd:12:aa:aa:af:12:25:77:38:20:d5:88:97: cf:35:b7:e2:cb:28:60:15:a8:9a:8f:69:ce:a1:f1: 4a:de:bf:6a:9e:f6:4a:fc:a4:1e:07:1c:21:db:c0: db:3c:fb:31:5c:cf:4a:95:05:ca:ef:d1:4e:6e:a1: dd:6b:c8:e2:9c:f4:f3:05:2e:b5:a1:bc:78:54:29: df:35 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:xcp-ng-vm1, IP Address:192.168.220.106 Signature Algorithm: sha256WithRSAEncryption 23:bb:bf:fb:78:5e:df:7a:00:15:1a:09:d6:9c:81:b3:ef:e2: a3:a1:6c:18:5f:fe:dd:77:ae:99:48:92:d7:b6:76:c7:93:2f: 40:c3:43:a0:9f:ae:eb:b0:68:56:f0:65:04:29:49:01:b6:c7: 96:42:85:70:29:d0:cb:bc:21:26:55:5a:9e:af:97:4b:4a:19: ad:5d:07:39:e3:e4:e5:6b:4b:2a:f3:7d:de:e5:8f:ea:3a:34: 0b:5e:6a:06:c4:34:d6:e8:5a:12:70:14:2f:95:12:66:da:79: d0:10:43:e9:9d:75:68:e9:aa:56:ae:fe:49:2b:79:b9:f8:16: be:7a:86:ff:b5:b4:84:14:cb:d1:91:ca:4d:95:36:91:43:1e: 1e:50:a6:70:93:77:1c:2e:bb:ee:5f:33:5e:c7:f2:98:2a:b4: 9d:40:a8:a8:ae:22:71:11:50:f4:62:ff:72:3f:9d:c6:0c:6a: 7e:34:c8:c1:f9:8f:5c:ac:fa:9b:bf:8b:e7:6b:92:9a:00:dc: 59:6d:15:23:af:28:c7:b5:b6:0a:a3:d5:98:86:9f:b2:31:1a: 29:16:ca:60:b2:a8:1e:68:b2:14:37:e6:f0:6c:cd:2b:43:d0: 18:6a:c0:43:70:ee:8b:c3:b2:fc:15:6c:a4:e7:c2:12:20:41: ed:e6:23:60
-
@stormi That is my special build where I "fixed" the min version problem that now is in the other "official" client ^^
was here back when the previous relase had no working client for some time
https://github.com/cocoon/xenadmin/releases -
@cocoon Ah great news then!