XCP-ng 8.3 updates announcements and testing

dxym

The blog(https://xcp-ng.org/blog/2024/11/15/november-2024-security-update-for-xcp-ng-8-3/) states the following:

Host reboots are necessary after this update.

However, the command output indicates:

# needs-restarting -r
No core libraries or services have been updated.
Reboot is probably not necessary.

Which one is correct?
It might be better to reboot the host, but not everyone checks the blog regularly.

gduperrey

@dxym It is always important to follow the instructions given on the forum or on the blog. In both cases, we indicate that the hosts must be restarted.
This way, we are sure that the hosts will apply the changes coming from the updates, like here changes on Xen and the Intel microcode.

stormi

needs-restarting is a tool from CentOS, which is not aware of the reality of XCP-ng. It's not even able to detect that a Xen or a microcode update requires a reboot. So, as Gaël says.

gduperrey

New update candidates for you to test!

A new batch of non-urgent updates is ready for user tests before a future collective release. Below are the details about these.

amd-microcode: Update AMD microcode to the 2024-11-21 drop
- Updates firmware for families 17h and 19h CPUs. For the first time, AMD published updates for non-server CPUs. One can assume that they started supporting microcode update for these, contrarily to what they did in the past, and that these updates thus fix various bugs and vulnerabilities. This is only (sensible) speculation at the moment, though.
grub: Backport VLAN networking support for UEFI PXE boot.
iperf3: Upgrade to version 3.9-13 from CentOS 7
- Includes a security fix for CVE-2023-38403
kernel: Backport of a fix to correct cooling fan rotation speed on some Lenovo servers. For more information, you can read this thread on the forum.
kexec-tools: Backport of a patch removing kernel_version(). Fixing a bug for kernel with a patchlevel greater than 255.
netdata: Fixed an issue that could occur when quickly uninstalling the package, right after an unfinished installation, and leave a service in an undetermined status.
slang: Fixed display and input issues in optional package mc.
sm: Contains a fix for leaf coalesce where the size of the leaf to coalesce was wrongly computed before deciding if it was a live coalesce or not, it resulted in some leaf having too much data to coalesce not successing the live coalesce and staying in this state indefinitely.
xapi:
- Fixed a malfunction related to the absence of a certificate, which could cause a loop.
- Fixed and improved various points in IPv6, related to management, reboot and re-initialization.
xo-lite: Update to version 0.6.0. For more details, you can consult the blog post on the latest release of Xen Orchestra.

Optional packages:

kernel-alt: Backport of a fix to correct cooling fan rotation speed on some Lenovo servers. For more information, you can read this thread on the forum.
socat: Update the package to version 1.7.4.1 which includes a fix for a buffer overflow and security fixes.
traceroute: Updated to version 2.1.5.
Alternate Drivers: Updated to newer versions.
- broadcom-bnxt-en-alt: From version 1.10.2_227.0.130.0 to 1.10.3_231.0.162.0
- intel-i40e-alt: From version 2.22.20-3.1 to 2.26.8
- More information about drivers and current versions is on the drivers page: (https://github.com/xcp-ng/xcp/wiki/Drivers).

Test on XCP-ng 8.3

From an up-to-date host:

yum clean metadata --enablerepo=xcp-ng-testing
yum update --enablerepo=xcp-ng-testing
reboot

The usual update rules apply: pool coordinator first, etc.

Versions

amd-microcode: 20240503-1.1.xcpng8.3
grub: 2.06-4.0.2.1.xcpng8.3
iperf3: 3.9-13.xcpng8.3
kernel: 4.19.19-8.0.37.1.xcpng8.3
kexec-tools: 2.0.15-20.1.xcpng8.3
netdata: 1.44.3-1.2.xcpng8.3
slang: 2.3.2-11.xcpng8.3
sm: 3.2.3-1.13.xcpng8.3
xapi: 24.19.2-1.9.xcpng8.3
xo-lite: 0.6.0-1.xcpng8.3

Optional packages:

kernel-alt: 4.19.322+1-1.xcpng8.3
socat: 1.7.4.1-6.xcpng8.3
traceroute: 2.1.5-2.xcpng8.3
Alternate drivers:
- broadcom-bnxt-en-alt: 1.10.3_231.0.162.0-1.xcpng8.3
- intel-i40e-alt: 2.26.8-1.xcpng8.3

What to test

Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

Test window before official release of the updates

None defined, but early feedback is always better than late feedback, which is in turn better than no feedback

flakpyro

@gduperrey installed on 2 test machines

Machine 1:
Intel Xeon E-2336
SuperMicro board.

Machine 2:
Minisforum MS-01
i9-13900H
32 GB Ram
Using Intel X710 onboard NIC

Both machines installed fine and all VMs came up without issue after.

I ran a backup job after to test snapshot coalesce, no issues there.

ravenet

@gduperrey

Tested on Multiple systems. Ryzen 1700x andThreadripper 5975. fine so far

Andrew

@gduperrey I have several hosts updated and running. I'm happy to see 8.3 updates on parity with 8.2.

ravenet

@gduperrey
Tested on 4 systems in production

Ryzen 1700x, on asrock rack mb w radeon pro GPU pass through
Threadripper 5975wx on asrock rack mb w radeon pro GPU pass through
Epyc 9224 on Asus
Epyc 7313P on Asus

XCP-ng-JustGreat

Applied latest candidate test updates to 3 x Dell OptiPlex 7040 (i7-6700, 48GB, 10Gbps-attached TrueNAS shared-storage) pool. Update process was error-free and successful. Everything appears to be working normally following the update.

gskger

@gduperrey Update some Dell R720s with GPUs and a Dell R730. Update worked without any problem and VMs operate as expected. Will update this post if that changes during day-to-day operation. Great work!

gduperrey

New update candidates for you to test!

In addition to the previous updates, available for testing, here are some new, non-urgent ones, expected to be released in a few days. Below are the details about these.

blktap: Add an option to use backup footer when vhd-util query is called. This will be used in a future storage driver.
intel-igc: Update to version 5.10.226.
xcp-ng-deps: Added vim-minimal as a dependency, so it is always present on XCP-ng systems.

For XOSTOR users:

drbd: Prevent a dead-lock in some situations, plus other improvements

(Reminder: XOSTOR is still in beta stage on XCP-ng 8.3)

Test on XCP-ng 8.3

From an up-to-date host:

yum clean metadata --enablerepo=xcp-ng-testing
yum update --enablerepo=xcp-ng-testing
reboot

The usual update rules apply: pool coordinator first, etc.

Versions

blktap: 3.54.9-1.2.xcpng8.3
intel-igc: 5.10.226-1.xcpng8.3
kmod-drbd: 9.2.11-1.1.xcpng8.3
xcp-ng-deps: 8.3-13

What to test

Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

Test window before official release of the updates

~ 2 days

flakpyro

@gduperrey Installed on the same 2 hosts as the last batch of test updates released in December.

No issues to report so far, ran a backup job after after without issue.

olivierlambert

Works for me!

gskger

@gduperrey Installed on some R720s with GPUs and everything works as expected. Looks good

Edit: also installed the update on my playlab hosts and a Dell PowerEdge R730. Again no issues and all hosts and VMs are up again.

Clouseau

Upgraded to testing as I had problem with coalesce on 8.3 and VDI of 330GB. Smaller one coalesced fine (50Gb and 100GB) but on 330G it run for 12sec and said something about timeout error. With testing packages coalesce is working fine.

Andrew

@gduperrey Updates installed and running but I don't have 8.3 in production yet...

ph7

Tested OK on
Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz

gduperrey

Update published: https://xcp-ng.org/blog/2025/01/23/january-2025-maintenance-update-for-xcp-ng-8-3/

Thank you for the tests!

manilx

@gduperrey On my 2 hosts on the pool I did a yum update on the slave first. Idiot!
It updated and rebooted. Now wanted to do the same on the master. Doesn't show any updates!

How do I install the updates on the master now?

gduperrey

@manilx Have you tried cleaning the yum cache on the master?

yum clean metadata