NBD error SSL
-
@andersonvaz It probably makes sense to share more information on your setup (type of hosts and storage system, XCP-ng version, Xen Orchestra version, remotes and backup settings).
-
I use storage with NFS V3 - freenas
5 Nodes xcp-ng 8.2.1
XenOrchestra - https://github.com/vatesfr/xen-orchestra/commit/5b85a01d8340256271e75c9b4737e98dae3a656b
Backup is running Continuous Replication to storage NFS V3 - Freenas -
@andersonvaz Just to double check: Are your running the old FreeNAS (EOL October 2020) or a recent TrueNAS Core or Scale?
-
@gskger TrueNAS CORE
2021 - iXsystems, Inc. -
@andersonvaz Sounds a bit like either the host/XO or TrueNAS want's to talk SSL TLSv1.1 which is depriciated. What version of TrueNAS core are you runing? The latest 13.0-U6? Can you check the TLS Cipher settings on TrueNAS (System - General - HTTPS Protocolls)? Which cipher are enabled?
-
@gskger NBD communication would not be
xenorchestra -> XCP-NG -> NFS STORAGE ?
Therefore, xenorchestra does not have direct communication with TrueNas.From what I saw, xenorchestra does not connect to XCP-NG
-
@andersonvaz All backups go through Xen Orchestra (have a look at the documentation on backups or the excellent YT video How To Use Xen Orchestra and XCP-NG To Backup and Restore Your Virtual Machines by @lawrencesystems.
XO or XOA is the central management tool to visualize, control, backup and manage your XCP-ng hosts and VMs. It must connect to the XCP-ng master host (read/write) to control it. XCP-ng slave hosts are in read only mode, "controlled" by the master hosts settings.
Edit: Backups can also go through Proxies on remote sites.
-
@gskger I've been using XCP-NG for a long time, but I didn't understand what you said about the certificate in relation to truenas https with NBD, since it would only be in XCP-NG.
This explanation you gave about the Truenas certificate is confusing because Truenas does not have NBD -
@gskger Do you use NBD?
-
@andersonvaz I wouldn't call it "using NBD" yet because I'm experimenting with it in my playlab. However, the SSL_CTX_use_certificate:ee key too small error message suggest a TLS cipher problem and since the Xen Orchestra 5.76 blog post states that XO is using TLS by default, so the transfer is secure it might be related. According to that (older) post, you can disable TLS with "insecure NBD" for ruling this out.
But you are right, perhaps others who have more relevant experience with NBD can chime in to help.
-
@andersonvaz said in NBD error SSL:
@gskger This explanation you gave about the Truenas certificate is confusing because Truenas does not have NBD
True, since NBD is the transfer method between the XCP-ng hosts and Xen Orchestra. Sorry for the confusion.
-
@gskger No problem, I just didn't understand the relationship with truenas' tls.
I'll wait to see if anyone else goes through this and in the meantime I'll continue my studies with nbd.
Thanks
