XCP-ng 8.3 betas and RCs feedback π
-
@ecoutinho You can enable TLS verification on the pool then join the new host. Or disable it on the new host but that's a downgrade of this new security feature meant to protect against MITM attacks.
-
@stormi Thanks for your suggestions. I've tried to enable it on the pool:
# xe pool-enable-tls-verification This operation is not supported during an upgrade.
I have to finish the upgrade of the other hosts before enabling it on the pool.
As for disabling it on the new host, I didn't find any way to do it permanently. I just found the host-emergency-disable-tls-verification option, which does not disable it completely, and doesn't allow to add it to a pool without TLS verification. Would you clarify how to disable it on the new host?
I will enable it on the pool when the upgrade is finished.
-
@ecoutinho I don't see a way to disable TLS verification, but anyway I wouldn't join a host to a pool which is currently being upgraded. I even suspect XAPI would refuse.
-
@stormi OK, thanks, I'll finish upgrading the other hosts.
-
@brezlord If you haven't reinstalled it yet, yes, we could use more information about the host, the PCI passthrough setup on it, how the error is triggered exactly, and various logs. And/or a support tunnel to have a look by ourselves.
-
@brezlord Can you sahre the value you put in the xen-cmdline on 8.2?
I think the XAPI awaits this format:
xen-pciback.hide=(pci-id1)(pci-id2)...
and will fail the value doesn't match this format. -
@BenjiReis Sorry I have destroyed the host and loaded a fresh install of 8.3. If you'd like I can install 8.2 on a host and pass through a pci device via the cmd then upgrade to 8.3 and see if the error is reproducible.
-
@brezlord If it's not to much a bother that would be great yeah.
Comparing the xen-cmdline when doing the passthrough manually on 8.2 VS how it looks on 8.3 and when done via the XAPI. -
I'm pushed a new set of updates, hopefully the last one before the release of XCP-ng 8.3.0 RC2, which itself should be followed shortly by the release of XCP-ng 8.3.0 itself.
Main packages
- intel-microcode-20240717-1.xcpng8.3: updated microcode for Intel vulnerabilities
- sm-3.2.3-1.4.xcpng8.3: fix the cause of a warning displayed during update, and restore changes that we had removed because they were suspected to cause issues in some cases with iSCSI, but revealed themselves necessary to support another kind of setup.
- vim-7.4.629-8.el7_9 (which provides
vim-minimal
, installed by default): bugfixes and security fixes - xapi-24.19.2-1.3.xcpng8.3: Fixes an issue where new fields in XAPI DB for certificate fingerprints were not populated, which under some circumstances caused joining new hosts to a pool fail.
- xcp-ng-release-8.3.0-28:
- Update repository files for CentOS and EPEL.
- Point at repo.vates.tech for CentOS since mirrorlist.centos.org was cut
- Add "(EOL)" to repo descriptions for EOL repos
- Drop unused repos
Optional package
- kernel-alt-4.19.316+1-2.xcpng8.3: Enable CONFIG_X86_AMD_PLATFORM_DEVICE in kernel config
- ldns-1.7.0-21.xcpng8.3 + libreswan-4.12-2.3.1.xcpng8.3: security updates
-
On my 8.3 test pool I am unable to create SR ISO libary (SMB/cifs).
On my production pools with XCP-NG 8.2.x it does work as expected.
-
Can you provide a bit more details? Errors and such.
-
@olivierlambert
yes I canon dom0:
mount -t cifs --verbose -o username=admin,password=******** //192.168.1.202/iso /mnt/test mount.cifs kernel mount options: ip=192.168.1.202,unc=\\192.168.1.202\iso,user=admin,pass=******** mount error(112): Host is down
XCP-NG Center:
Creating ISO SR 'SMB ISO library' on 'IT1HALIZARD-TEST1' Unable to mount the directory specified in device configuration request it1xcp-ng-test-slave1 Sep 5, 2024 12:59 PM Dismiss
XO from Sources:
sr.createIso { "host": "c1f34b07-c4dc-4584-8bc0-a01bcec81c5b", "nameLabel": "test", "nameDescription": "test", "path": "\\\\192.168.1.202\\public\\iso", "type": "smb", "user": "admin", "password": "* obfuscated *" } { "code": "SR_BACKEND_FAILURE_222", "params": [ "", "Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)]", "" ], "call": { "method": "SR.create", "params": [ "OpaqueRef:cee521f7-dc00-5d91-1499-6143d2fd0040", { "type": "cifs", "username": "admin", "cifspassword": "* obfuscated *", "location": "//192.168.1.202/public/iso" }, 0, "test", "test", "iso", "iso", true, {} ] }, "message": "SR_BACKEND_FAILURE_222(, Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)], )", "name": "XapiError", "stack": "XapiError: SR_BACKEND_FAILURE_222(, Could not mount the directory specified in Device Configuration [opterr=mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)], ) at Function.wrap (file:///srv/xen-orchestra/packages/xen-api/_XapiError.mjs:16:12) at file:///srv/xen-orchestra/packages/xen-api/transports/json-rpc.mjs:38:21 at runNextTicks (node:internal/process/task_queues:60:5) at processImmediate (node:internal/timers:447:9) at process.callbackTrampoline (node:internal/async_hooks:128:17)" }
The SR is mounted on our production pools.
-
Well, clearly, as it comes from 2 different systems (XOA and XCP-ng) you have an issue to reach this IP address. It's simply not up and running or not connected to this IP (or blocked) from XCP-ng/XO perspective.
-
Don't know if this is the right place for this forum post.
But is it possible to pass through Usb keyboard, mouse or bluetooth adapter to a vm? None of these things appear in Xen Orchestra.
Smart house z-wave usb stick appears right away in Xen Orchestra
Or must I buy a usb to pcie card and passthrough this to vm to make it work
-
I think yes, but probably need some tinkering in the USB script filtering some devices for security reasons. It's documented: https://docs.xcp-ng.org/compute/#passing-through-keyboards-and-mice
-
@olivierlambert ok thanks
-
-
Is there a way to track the progress of applying patches to a host? I'm updating the master of one of my pools and it dropped out of XO and hasn't come back yet. I don't recall applying patches to take this long normally.
-
Yes, you can check the yum history for example, eg
yum history list
-
@olivierlambert I'm seeing 27 EE which seems to indicate that it worked but there was an error?
I have had XO display errors when performing updates but there's currently nothing in the logs and the pool still isn't showing up.
Using yum history info it appears to output EE whenever the scriptlet has an output. In this case it returned ok and I also have lines regarding disabling the repos.
Now I'm getting UND_ERR_SOCKET as an error on the Servers page. If I disable and then enable the server, I get write ECONNRESET.