@olivierlambert This appears to fix it:
https://lore.kernel.org/all/171154167446.2671062.9127105384591237363.stgit@firesoul/
@stormi said in Guest UEFI Secure Boot on XCP-ng:
Feedback is welcome on the docs too: is it clear how to enable SB for VMs on XCP-ng?
Some test feedback:
Documentation was clear enough to get it right on the first try.
Tested on a WS 2019 virtual that has the KB4535680 issue, after enabling SB the updates installed without problems and a test clone of the virtual is now running isolated for a longer period test.
@olivierlambert I think this is exactly what XCP-ng needed. Sure, management and backups with XO centrally is the main point, but at times I need up access the server locally to see what's going on, especially in situations where XO is running somewhere else and the XCP-ng server in question runs the firewall for example and for some reason the firewall never came up after a reboot.
A basic access to the virtuals' consoles and the option to start/stop/reboot them alone will get far, right now I can do that the restarting part over SSH, but not view the console.
I XO Lite would be perfect with these options in addition to being completely locally stored. Right now it seems to just load the script from somewhere else, which doesn't help if the firewall virtual is down.
But yeah, good work, excellent project. I'll be following it with great interest.
@stormi I installed a fresh host from 8.2.1 Test 5 full CD image in my homelab. This host has software RAID1 which was problematic with the last installer, now it went without issues.
Now that I've installed a newer version than what's in the repos, will this work correctly in the future regarding to updates?
@Kajetan321 Your disk image is presented as a block device to the VM. This is done by a kernel module called blktap and its userspace part tapdisk.
You are seeing dom0's kernel messages when these block devices are attached by blktap. It's just an informational message.
@olivierlambert They operate with squeaky wheel mentality, the more "I have this too" presses that report gets, the likely it'll be someone eventually notices.
@olivierlambert Doesn't seem to matter, I tried various installers of the 24.04 beta, they all develop the issue with 6.8 kernel which they get after the first upgrade. I first encountered this with a headless homelab virtual.
I just brought this up here as 24.04 will be out next month and after that there will most likely be a lot of people reacting to the issue. It appears to be related running as a guest under Xen. I couldn't replicate the issue with real hardware or KVM.
While running a test virtual for the upcoming Ubuntu 24.04, I noticed once it went from 6.6 to 6.8 kernel it started flooding the kernel with messages like "BUG: Bad page state in process" about virtually any process that was active at the moment. After a while the guest just hangs.
This is not an Ubuntu specific bug, but it's probably going to be pretty noticeable under Ubuntu and its spinoffs once the new release comes out.
I've created a bug against the kernel package here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056706
After some testing it would appear to be something that gets triggered when the guest is running under Xen. For those who have an account there, could you verify this issue happens on your machine (even with just a barebones install updated to 6.8) and then hit "this affects me too" link on the bug report.
Is this release technically the point where XCP-ng starts to veer off more from the XS source as to my understanding they're already keeping some parts out of public repos nowdays?
It'd be interesting to see newer Xen for example in the future and the SMAPIv3!
@stormi The other (working) machine is indeed installed with test5.
Should I care about the fact that the testing repo no longer exists, so the two first commands fail?
@stormi I diffed this host (originally installed as 8.2.0) and one I installed very recently (during 8.2.1 testing phase). Their differences are:
137d136
< igc-module-4.20.17-1.xcpng8.2.x86_64
274a274
> MegaCli-8.07.14-1.noarch
394d393
< r8125-module-9.003.05-1.xcpng8.2.x86_64
The 8.2.1 installation appears to have network card modules in packages, the old installation has MegaCLI installed because of its RAID controller.
xensource.log is attached, user.log didn't yield anything, neither did daemon.log
As I was running this command again and again, it succeeded once. Out of curiosity, I tried running it again and again on my other hosts that had succeeded the last time. I could introduce a random failure on all of them, maybe 1 out of 20 or more rare.
@stormi I have not touched xapi.conf, iptables has one additional rule to default, which allows port 4949 in. It's copy-paste of other rules in /etc/sysconfig/iptables, save changed port.
# yum reinstall guest-templates-json guest-templates-json-data-linux guest-templates-json-data-other guest-templates-json-data-windows
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding mirror: updates.xcp-ng.org
* xcp-ng-base: mirrors.xcp-ng.org
Excluding mirror: updates.xcp-ng.org
* xcp-ng-updates: mirrors.xcp-ng.org
Resolving Dependencies
--> Running transaction check
---> Package guest-templates-json.noarch 0:1.9.6-1.1.xcpng8.2 will be reinstalled
---> Package guest-templates-json-data-linux.noarch 0:1.9.6-1.1.xcpng8.2 will be reinstalled
---> Package guest-templates-json-data-other.noarch 0:1.9.6-1.1.xcpng8.2 will be reinstalled
---> Package guest-templates-json-data-windows.noarch 0:1.9.6-1.1.xcpng8.2 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================
Reinstalling:
guest-templates-json noarch 1.9.6-1.1.xcpng8.2 xcp-ng-updates 29 k
guest-templates-json-data-linux noarch 1.9.6-1.1.xcpng8.2 xcp-ng-updates 17 k
guest-templates-json-data-other noarch 1.9.6-1.1.xcpng8.2 xcp-ng-updates 12 k
guest-templates-json-data-windows noarch 1.9.6-1.1.xcpng8.2 xcp-ng-updates 14 k
Transaction Summary
==============================================================================================================================================================================================
Reinstall 4 Packages
Total download size: 73 k
Installed size: 61 k
Is this ok [y/d/N]: y
Downloading packages:
(1/4): guest-templates-json-1.9.6-1.1.xcpng8.2.noarch.rpm | 29 kB 00:00:00
(2/4): guest-templates-json-data-other-1.9.6-1.1.xcpng8.2.noarch.rpm | 12 kB 00:00:00
(3/4): guest-templates-json-data-linux-1.9.6-1.1.xcpng8.2.noarch.rpm | 17 kB 00:00:00
(4/4): guest-templates-json-data-windows-1.9.6-1.1.xcpng8.2.noarch.rpm | 14 kB 00:00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 110 kB/s | 73 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : guest-templates-json-1.9.6-1.1.xcpng8.2.noarch 1/4
Installing : guest-templates-json-data-other-1.9.6-1.1.xcpng8.2.noarch 2/4
Installing : guest-templates-json-data-windows-1.9.6-1.1.xcpng8.2.noarch 3/4
Installing : guest-templates-json-data-linux-1.9.6-1.1.xcpng8.2.noarch 4/4
Traceback (most recent call last):
File "/bin/create-guest-templates", line 17, in <module>
loader.insert_templates()
File "/usr/lib/python2.7/site-packages/guesttemplates/loader.py", line 189, in insert_templates
self._insert_template(i)
File "/usr/lib/python2.7/site-packages/guesttemplates/loader.py", line 159, in _insert_template
conn.request("PUT", "/import_metadata?" + params, tar)
File "/usr/lib64/python2.7/httplib.py", line 1041, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1075, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 885, in _send_output
self.send(message_body)
File "/usr/lib64/python2.7/httplib.py", line 857, in send
self.sock.sendall(data)
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 32] Broken pipe
Verifying : guest-templates-json-data-other-1.9.6-1.1.xcpng8.2.noarch 1/4
Verifying : guest-templates-json-data-windows-1.9.6-1.1.xcpng8.2.noarch 2/4
Verifying : guest-templates-json-data-linux-1.9.6-1.1.xcpng8.2.noarch 3/4
Verifying : guest-templates-json-1.9.6-1.1.xcpng8.2.noarch 4/4
Installed:
guest-templates-json.noarch 0:1.9.6-1.1.xcpng8.2 guest-templates-json-data-linux.noarch 0:1.9.6-1.1.xcpng8.2 guest-templates-json-data-other.noarch 0:1.9.6-1.1.xcpng8.2
guest-templates-json-data-windows.noarch 0:1.9.6-1.1.xcpng8.2
Complete!