XCP-ng 8.3 updates announcements and testing
-
@stormi
If You are asking me, I can run theNew update candidates for you to test!on my "production" home lab server if the testing repo still exist -
Yes update candidates that were not urgent security fixes are still in the
xcp-ng-testingrepository (and more is coming soon, today or on
monday). -
@stormi
I ran thexcp-ng-testingand now the migration seems to work
-
New update update candidates for you to test!
Unless major issues are found, this should be the last wave of update candidates before we publish everything as official updates for XCP-ng 8.3.
cifs-utils: update and rebuild based on the sources for the RHEL9 package. This fixes several low priority CVEs (in the context of XCP-ng) and will make future vulnerability patching easier.curl: update to version 8.9.1, based on RHEL 10 package, and apply an additional fix for CVE-2024-8096 (low impact in XCP-ng context).intel-e1000e: major driver update, backported from Linux kernel 5.10.179, to fix issues with recent hardware.kernel: Fix support of dynamic tracepoints when debugging the dom0 Linux kernel with theperftoolncurses: Revert -devel package ABI to version 5 to avoid potential library conflicts in packages built against itopenssh: rebuild against updated ncurses packagepython3-docutils: new dependency of cifs-utilssamba:- Fix CVE-2016-2124, a flaw on SMB1 auth. An attacker could retrieve the password by using NT1.
- Fix CVE-2021-44142, an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code by using VFS_fruit module.
systemtap: rebuild against updated ncurses packagexapi: Remove pvsproxy.service from the list of units restarted on xcp-rrdd update. The service in question attempts to start a proprietary component from XenServer that isn't present in XCP-ng, which led to displaying a not so pretty error in the logs.xcp-ng-release: Enable missing xcp-rrdd plugins by default. Yes, failure to do so was what caused the empty stats issue you have been seeing in previous update candidates.xen: rebuild against updated ncurses packagexo-lite: Update to 0.10.1.
Test on XCP-ng 8.3
From an up-to-date host:
yum clean metadata --enablerepo=xcp-ng-testing yum update --enablerepo=xcp-ng-testing rebootThe usual update rules apply: pool coordinator first, etc.
Versions
cifs-utils: 7.1-2.1curl: 8.9.1-5.1.xcpng8.3intel-e1000e: 5.10.179-1.xcpng8.3kernel: 4.19.19-8.0.38.2.xcpng8.3ncurses: 6.4-6.20240309.xcpng8.3openssh: 7.4p1-23.3.3.xcpng8.3python3-docutils: 0.14-1.el7samba: 4.10.16-25.1.xcpng8.3systemtap: 4.0-5.2.xcpng8.3xapi: 25.6.0-1.5.xcpng8.3xcp-ng-release: 8.3.0-32xen: 4.17.5-10.1.xcpng8.3xo-lite: 0.10.1-1.xcpng8.3
What to test
Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.
Special focus:
- We updated the
e1000edriver. If you have Intel PCI-Express network chipsets, please test this update and verify that network connectivity and features that you depend on work as expected. - SMB shares and SRs.
yumstill appearing to work correctly after the update.- SSH connection to hosts.
- Stats. But I'm sure that's the first thing several among you will test already.
Test window before official release of the updates
Around one week, unless major issues are found.
-
@stormi Updated both of my test hosts.
Machine 1:
Intel Xeon E-2336
SuperMicro board.Machine 2:
Minisforum MS-01
i9-13900H
32 GB Ram
Using Intel X710 onboard NICEverything rebooted and came up fine. The MS-01 i test with uses i40e and intel-igc not the e1000 driver. The other machine with the SuperMicro board uses igb so im afraid i'm not much help in testing that driver.
yum commands did seem to work from the small handful i ran.
And yes, stats do indeed work again
I never noticed the issue with Server 2025 and hanging on reboot since the updates from last week. Were you able to see anything in the dump files i sent?
-
Off topic, how does XCP handle the E and P cores in that 13900 machine? That was one of the considerations that made me skip these Intel processors in favor of AMD.
I'll get mine updated as soon as possible, on going work to clean out my tech room so it can get cut in half for class space. Goodbye future expansion if we need it!
-
@stormi Minor issue: e1000e does not show driver version with ethtool:
# ethtool -i eth0 driver: e1000e version: firmware-version: 0.1-4 expansion-rom-version: bus-info: 0000:00:1f.6 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: yes -
@Greg_E It seems to handle it fine, i have 2 of these systems running without issue with 8.3!
-
@flakpyro No, I'm waiting for more feedback from the devs. All I have from them for now is it looks like either a firmware or a passthrough issue. I don't think we have changed anything to fix it.
-
@Andrew Thanks for noticing that. CC @ThierryEscande
-
@stormi @ThierryEscande I issued a PR for
intel-e1000eto add the version for ethtool. -
@stormi
My old i7 with e1000e is working fine (except the version not shoving) -
@Greg_E It works but it's not designed to work. I'm personally use a system like this at home (Protectli) and no issues so far after a rather intensive use.
-
@Andrew What does a regular linux distro output as a version for the driver? I've been told there's no version in the source code, so does it output anything?
-
@stormi It shows the kernel version, exactly what
uname -rwould. -
@stormi From Debian 11:
# ethtool -i enp0s25 driver: e1000e version: 5.10.0-34-amd64 firmware-version: 0.2-4 expansion-rom-version: bus-info: 0000:00:19.0 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: yes -
Updated my Lab pool consisting of 2 Nodes this morning
Rebooted master first, then slave. No issues VMs migrated between reboots.
Couldn't see any issue til now. -
Updates done on 1x Intel and 1x AMD host, rebooted, no visible issues.
