XCP-ng 8.3 betas and RCs feedback 🚀
-
@gsrfan01 said in XCP-ng 8.3 beta :
Not sure if this is related to 8.3 quite yet, but having trouble joining a newly installed 8.3 beta server into a pool that was started from 8.3 alpha and updated.
Attempting to add the new host generates this error
POOL_JOINING_HOST_TLS_VERIFICATION_MISMATCH
which I only see a single other reference to mentioning CPU settings which as far as I can tell match between the 2 hosts.It is definitely an interesting finding. It would be worth testing whether this will happen in final release when upgrading a 8.2 pool to 8.3 (will this flip the setting to True automatically or keep as False?) and then trying to add a freshly installed 8.3 member to the existing pool.
If the tests show users of the final release, upgrading from 8.2 and then adding new hosts, may encounter the same issue, we'll have document this clearly in the 8.3 release notes.
By the way, was your pool initially ugraded from 8.2 to 8.3 alpha, or was it directly installed with 8.3 alpha?
Many thanks for your investigation and feedback! I'm creating a card in our kanban to keep track of this.
@gsrfan01 said in XCP-ng 8.3 beta :
Solution
Ended up running xe pool-enable-tls-verification and xe host-emergency-reenable-tls-verification on the existing server and was then able to get the new server added to the pool.
I was able to find very little documentation on these commands so I'm crossing fingers emergency-reenable-tls-verification doesn't cause any issues down the line but all seems good so far.
This is indeed a pending task: documenting the new TLS verification feature. Citrix Hypervisor Cloud (8.3) once had a pre-release documentation available, then it was taken down when they canceled the Citrix Hypervisor Cloud preview and renamed it XenServer 8 Stream.
-
@stormi I was originally fairly confident it was fresh from 8.3 Alpha but can't recall with 100% certainty if it wasn't an in-place upgrade from 8.2.
Is there anything in the file system I can check to see if it was a fresh install or an upgrade?
-
How to add vTPM in Xen Orchestra?
I have XCP-ng 8.3 beta and XOA 5.83.3
-
It's not exposed yet in the web UI.
-
@moussa854 You can create a vTPM with
xe vtpm-create vm-uuid=UUID_OF_YOUR_VM
. -
@moussa854
And after adding it you might need some more prep? I have had no time to try more:https://xcp-ng.org/forum/topic/6578/xcp-ng-8-3-public-alpha/121?_=1687790268385
-
xe vtpm-create vm-uuid=UUID_OF_YOUR_VM
was enough to enable the vTPM in my case. Thank you so much.
-
This post is deleted! -
@olivierlambert said in XCP-ng 8.3 beta :
@rRobbie can you disable/re-enable the "Auto power on" toggle, reboot and see if it works?
If it doesn't, if the problematic VM is hosted on a storage repository that's inside a VM on the same host? (could be a "dependency" auto boot issue)
I disabled / enabled the auto power on option, then rebooted the host and it worked fine. The vm started automatically along with the other vms with auto power on which started regularry the first time after upgrade to beta.
Btw, the vm is running on local storage.
Thanks
RP -
I think the upgrade disable auto power on at the pool level (so even when your VM got it, disabling and then re-enabling will also re-enable it on the pool).
I'm not sure there's an ideal solution, except maybe display if there's a discrepancy visible in XO when you have VM with auto power on enable while the pool doesn't.
-
I am migrating from Proxmox and have installed 8.3 beta. So far everything looks nice.
Is SMAPIv3/ZFS-ng available in this release?
https://xcp-ng.org/blog/2022/09/23/zfs-ng-an-intro-on-smapiv3/ -
SMAPIv3 is "working", but you won't be able to live migrate the storage, export, backup etc. So it's not fully baked yet.
It's better for now to use local ext SMAPIv1 for your local disks
-
Thank you for the clarification. If I would like to test ZFS-ng, how can I do that?
-
IIRC, there some hints here: https://xcp-ng.org/blog/2022/09/23/zfs-ng-an-intro-on-smapiv3/
-
I saw your post on https://github.com/xapi-project/xapi-storage/issues/101 about the status of SMAPIv3. I also saw another comment on the project that the code has been merged with xen-api. Is SMAPIV3 stable? When you say it is not fully baked yet, are you referring to SMAPIv3, ZFS-ng or both.
Can we expect ZFS-ng support in XCP-ng at least by 2024?
-
SMAPIv3 isn't fully baked because:
- Doesn't support live storage migration
- No migration path from v1 to v3 and vice versa
But it's the future of the platform. ZFS-ng is just "one driver" written to work for SMAPIv3, which is the "framework" if you prefer
-
So, if I understand correctly, it seems that SMAPIv3 may currently lack some features, and until those features receive upstream support, XCP-ng might not be able to provide full support for it.
I'm curious about this because, from what I've seen, Vates has been making admirable efforts to enhance XCP-ng with new features. However, if this specific feature relies on upstream support, it might take some time before we can expect its implementation.
-
Let's say it's harder with the upstream, since it requires a good collaboration with other entities, that might have other priorities or not really interesting in reviewing/validating your contributions. Note it's better with some projects and harder with others.
-
@gsrfan01 The error happens because the joining host has TLS certificate checking enabled for pool connections while the joined host don't.
This mismatch happens because on fresh installs TLS certificate checking is enabled, while for updates from previous versions is not.
To enable TLS certificate checking in a pool simply running
xe pool-enable-tls-verification
.The emergency command is not needed in this case, it's useful to re-enable certificate checking in a single host after is has been disabled using the emergency disable
-
@psafont Will a 8.2 to 8.3 upgrade (through the installation ISO) leave TLS verification disabled, or will it enable it by default?
In other words: must we expect any user who upgrades from 8.2 or lower and then later wants to add a new host to the pool to see this error (and likely ask for help, even if we document it properly - and we would of course)?