XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Xscontainer

    Xen Orchestra
    4
    28
    711
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stormiS
      stormi Vates 🪐 XCP-ng Team 🚀
      last edited by stormi

      So, we found the reason: xscontainer in XCP-ng currently uses a rather old version of python2-paramiko, which seems to insist on using ssh-rsa algorithms, support for which was dropped in recent openssh releases.

      That's why it works for some distros and not for others.

      We'll see it to update the components. Meanwhile, it's possible to fix it by installing python2-pip from EPEL and then upgrading first to "cryptography < 2.6" and then to "paramiko < 3". However, doing this as root may overwrite the files from the RPMs so it's not really clean. I'd advise it only for testing.

      kiuK 2 Replies Last reply Reply Quote 3
      • kiuK
        kiu @stormi
        last edited by

        @stormi OK, thanks. I will try your solution on a small lab.

        1 Reply Last reply Reply Quote 0
        • kiuK
          kiu @stormi
          last edited by

          @stormi I tried to do it but I don't think I succeeded. Could you send me a more specific doc of what you are doing?

          thanks 🙂

          1 Reply Last reply Reply Quote 0
          • stormiS
            stormi Vates 🪐 XCP-ng Team 🚀
            last edited by

            I think these are the steps that worked for me:

            yum install xscontainer
            yum install python2-pip --enablerepo=epel
            pip2 install --upgrade "pip < 21"
            pip2 install --upgrade "cryptography == 2.5"
            pip2 install --upgrade "paramiko < 3"
            

            As this is done outside a virtualenv (I've tried inside a virtualenv, but I think xscontainer runs stuff outside of it, so it didn't work), this will overwrite the contents of RPMs you installed, so, again, only for testing.

            I also had to remove the former host key from the VM metadata:

             xe vm-param-remove uuid=... param-name=other-config param-key=xscontainer-sshhostkey
            
            kiuK 1 Reply Last reply Reply Quote 1
            • kiuK
              kiu @stormi
              last edited by

              @stormi Thanks, I just tried that and it still doesn't work 😞

              1 Reply Last reply Reply Quote 0
              • stormiS
                stormi Vates 🪐 XCP-ng Team 🚀
                last edited by

                Well, I tried it myself on a freshly installed pool, and this worked. Can you elaborate on what doesn't work?

                kiuK 1 Reply Last reply Reply Quote 0
                • kiuK
                  kiu @stormi
                  last edited by

                  @stormi I still have the same problem, the key does not want to install and asks me if I want to try again.

                  1 Reply Last reply Reply Quote 0
                  • stormiS
                    stormi Vates 🪐 XCP-ng Team 🚀
                    last edited by

                    What's the exact error message?

                    kiuK 1 Reply Last reply Reply Quote 0
                    • kiuK
                      kiu @stormi
                      last edited by olivierlambert

                      @stormi

                      Would you like to push a pool-specific public SSH key into the ~/.ssh/authorized_keys file of the specified VM and therefore authorize hosts in the pool to interact with the containers inside the VM?
                      Answer y/n: 
                      y
                      Attempting to push the public xscontainer key to USER@IP.
                      ID@IP's password: 
                      Success.
                      Attempting to refresh the state of the VM
                      Failure diagnosis: Unable to find ncat inside the VM. Please install ncat. 
                      Do you wish to retry?
                      Answer y/n:
                      
                      kiuK 1 Reply Last reply Reply Quote 0
                      • kiuK
                        kiu @kiu
                        last edited by

                        My server is up to date

                        1 Reply Last reply Reply Quote 0
                        • stormiS
                          stormi Vates 🪐 XCP-ng Team 🚀
                          last edited by

                          It's not the same error. Your VM is missing a required package : ncat, as the error message says.

                          kiuK 1 Reply Last reply Reply Quote 0
                          • kiuK
                            kiu @stormi
                            last edited by

                            @stormi My bad. Ok I installed the nmap-ncat package under rockylinux and works perfectly now 🙂 Thank you 🙂

                            1 Reply Last reply Reply Quote 1
                            • F foxy82 referenced this topic
                            • First post
                              Last post