RE: Hosts compatibility

@wtdrisco said in Hosts compatibility:

As I am starting to build an environment for testing to replace VMWare, I had a question related to hardware.

When setting up multiple hosts, do these need to match the same specs (like VMWare?) for HA (moving VMs from host to host)?

I have several DELL R series servers, and some do not have the exact same CPU model or one has less memory than the other.

When setting up (HOST POOLS??) if I needed to migrate VMs, will this support different host configurations?

If the the hosts don't match by close enough, especially if their capabilities (e.g. instruction sets) and specifications. Then in the case of capabilities then the non-matching ones will be suppressed by XCP-ng so that they all match. Also when migrating the specifications, of hosts really need to match so that when VMs are placed on the hosts. There's no issues when live migrating between the each of the pool member hosts.

As the VMs expect at least a certain number of cores dependent on the hosts, and the number specified per each VM. If this number isn't met then that VM can't migrate to a specific host, which don't meet or exceed it.

@ThierryC01 said in XCP-ng 8.3 betas and RCs feedback :

@bleader Update successful, no issue so far. There is just a message appearing when starting the update: "Delta RPMs disabled because /usr/bin/applydeltarpm not installed."

All VM working for now.

That's harmless. It's just notifying that the system doesn't have deltarpm package installed. This package reduces the size of updates based on what's already installed.

@still_at_work said in First SMAPIv3 driver is available in preview:

Hello @olivierlambert ,

I am joining this topic as I have a few questions about SMAPIv3:

• Will it allow provisioning of VDIs larger than 2TB?

• Will it enable thin provisioning on iSCSI SRs?

Currently, the blockers I encounter are related to my iSCSI storage. This is a major differentiating factor compared to other vendors, and resolving these blockers would significantly increase your market share.

Thanks !

@still_at_work The size limit of the VDI is due to the file format used for these, which is VHD (https://en.wikipedia.org/wiki/VHD_(file_format)). This format can't support more than 2TB, it's known about and are dealing with the issue. It will likely result in a change or addition of a new VDI format likely to be qcow2 unless necessary software for VHDX format is fully open sourced and software for Xen is created which enables create, read, write and use of this format.

It's not a limitation of iSCSI as it also emerges with both NFS and SMB based connections.

@jasonnix The Linux distribution operating system restricts certain commands, operations and/or path (location) to the root account, as well as the location owner.

The path your trying to write to is just one such location as the location is read only to non-root users. If you really wish to write to /usr/local/src then root account is required.

If you use the root account to install then the directory and the Xen Orchestra files will be owner by root. You would need to create a non-root user for the xen orchestra server process. As well as change ownership of the Xen Orchestra files and folders to that non-root account. Though at least the ones which Xen Orchestra should be able to modify as required, when needed.

As well as provide the necessary sudo permissions for the necessary commands to that account.

Using root account to run exposes any vulnerabilities present to the capacity of being exploited as root (aka Administrator) privileges.

Also how good is your internet connection and your connection to GitHub? Cause you could be experiencing a time out packet loss connection issue.

@olivierlambert I created the issue on GithHub. https://github.com/vatesfr/xen-orchestra/issues/7884

MrGrymReaper created this issue in vatesfr/xen-orchestra

open xo-server fix: Update acme-client npm and introduce support for External Account Binding (EAB) #7884

@peb2 said in XOA letsencrpyt module not setting acmeDomain:

Hello,

I'm new to Xen and XOA (migrating from Vmware) and I was wondering if anyone could help me with a problem.

I'm trying to use the Letsencrypt module as specified in:

https://github.com/vatesfr/xen-orchestra/blob/master/%40xen-orchestra/mixins/docs/SslCertificate.md?ref=xen-orchestra.com

However, the XOA doesn't seem to be passing the variable for 'acmeDomain' so I get a certificate without a CN.

Has anyone else seen this problem or know what my mistake may be?

Here's my /etc/xo-server/config.toml:

#=====================================================================

# HTTP proxy configuration used by xo-server to fetch resources on the
# Internet.
#
# See: https://github.com/TooTallNate/node-proxy-agent#maps-proxy-protocols-to-httpagent-implementations
#httpProxy = 'http://jsmith:qwerty@proxy.lan:3128'

# Configuration of the embedded HTTP server.
[http]
# If set to true, all HTTP traffic will be redirected to the first
# HTTPs configuration.

redirectToHttps = true

# Basic HTTP.
[[http.listen]]
# Port on which the server is listening on.
port = 80


# Basic HTTPS.
[https]
#
# You can find the list of possible options there https://nodejs.org/docs/latest/api/tls.html#tls.createServer
#
# The only difference is the presence of the certificate and the
# key.

hostname = '0.0.0.0'

[[http.listen]]
port = 443

# Whether to autogenerate a self signed certificate if the `cert` and `file`
# entries could not be found.
#
# Default: true
#autoCert = false
autoCert = true

# File containing the certificate (PEM format).
#
# If a chain of certificates authorities is needed, you may bundle
# them directly in the certificate.
#
# Note: the order of certificates does matter, your certificate
# should come first followed by the certificate of the above
# certificate authority up to the root.
#cert = '/etc/ssl/cert.pem'
cert = '/etc/ssl/xoa.cert.pem'

# File containing the private key (PEM format).
#
# If the key is encrypted, the passphrase will be asked at
# server startup.
#key = '/etc/ssl/key.pem'
key = '/etc/ssl/xoa.key.pem'

# ACME (e.g. Let's Encrypt, ZeroSSL) CA directory
#
# Specifies the URL to the ACME CA's directory.
#
# A identifier `provider/directory` can be passed instead of a URL, see the
# list of supported directories here: https://www.npmjs.com/package/acme-client#directory-urls
#
# Note that the application cannot detect that this value has changed.
#
# In that case delete the certificate and the key files, and restart the
# application to generate new ones.
#
# Default is 'letsencrypt/production'
acmeCa = 'zerossl/production'

# Domain for which the certificate should be created.
#
# This entry is required.
acmeDomain = 'xoa.mydomain.com'

# Optional email address which will be used for the certificate creation.
#
# It will be notified of any issues.
acmeEmail = 'myemail@mydomain.com'

The acmeDomain needs to be the actual Fully Qualified Domain Name (FQDN) which XOA uses. Also some verification and/or validation will need to be added either as a text file to the XOA appliance (in a web accessible directory) or as a DNS text record for XOA FQDN.

Also update the acmeEmail so its the actual email to be used for receiving the notification of issues. These don't look valid to me this is critical for them to be real, active and valid as the ACME Client uses these to send the certificate requests and renewals to the certificate authority!!

@Statitica said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@ilu said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@nick.lloyd Thankyou...i'll try the last version, reading forums people says HP was problematic, thats why i was asking for help.

Runs fine on my HP hardware, and was pretty easy to install.

@john.c said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@ilu Though note that XCP-ng 8.3.0 when it goes LTS, will be getting a fix for the 2TB VDI limit. This will allow you to handle VMs which have large, disks.

You have a source for this? IIRC, the fix the the 2TB limit will fix a few other storage limitations too so I'm keen to know more.

https://xcp-ng.org/blog/2025/03/14/the-future-of-xcp-ng-lts/

@andsmith said in 8.3 USB Passthrough - Win Server 2019 BSOD:

@dinhngtu Sorry, I failed to mention this is a Windows Server 2019 VM, it appears that Windbg is a Windows 10/11 application. I've googled installing on Server 2019, but haven't had any luck getting it installed.

Update the AppX Package Deployment software via Microsoft Store or its equivalent in Windows Server 2019. Then once winget is updated (or installed) run the following command:

winget install Microsoft.WinDbg

@olivierlambert If this works for andsmith then it may be worth documenting this, for future users of Windows Server 2019, 2022 and possibly if required the upcoming Windows Server 2025.

@lritinfra Are there any entries in the logs on the HPE iLO as its health monitoring may give you some clues?

Depending on maintenance for those problematic servers is it possible to run Intelligent Provisioning then have it perform the in depth tests of Insight Diagnostics tools?

The Insight Diagnostics tools will test all parts of the system hardware including, drives, memory, storage etc. Letting you know about any parts which fail these tests.

As well as more thoroughly than the non-in depth tests so is more likely to ferret out any hardware issues, as long as its up to date so it can notice any issues if and when firmware on hardware is tested.

@olivierlambert @DustinB @Forza May I suggest that it goes a bit further, unless it already does so. Can the VMs in Xen Orchestra show if it was backed up successfully in the most recent job. As well as when it was last backed up, if you happen to not have the report yet (or read it) you can see at a glance. That way it makes decoding the orange status for the backup job easier, so you know which ones you need to do a backup job run for.

Alternatively show which ones failed and were successful, when you get the details for the job (task) in Xen Orchestra following an orange status on Xen Orchestra 6.

@florent said in Our future backup code: test it!:

@john.c the backup on tape is still on the roadmap but won't be for this step

The main change is that we'll have to rework part of the code to ensure we write data sequentially + the management tools ( which backup is on which tape )

You can try the FS on tape , but the performance penalty is heavy

Even if its not part of this rewrite some of what I wrote is my idea or view as to how it could be implemented later on. So that it's implemented in a way, that permits people who don't need tape back ups to still have small Xen Orchestra instances. But at the same time enable those who use tape backups, to have the capacity and an appropriately sized Xen Orchestra.

So is it this new backup code which the tape back up support will be plugging into?

If so I have been thinking may be have it when doing the tape backup support, get the XOA to install the packages when required after prompting the user. Also have xo-server instruct the creation of a new disk image for attaching to xoa. The new disk image would act as storage or cache for the extra data used by tape drive backups.

The tape drive related software wouldn't be installed by default, unless specified as such during deployment with the XOA deploy tool. But instead installed at user request, by selecting to use tape backup destination when setting up back up job, clicking on the shim widget about tape backups or restoring from an online Vates account backup of XOA settings.

@DustinB said in "Block migraton" option on the VM´s Advanced tab:

@abudef The English translation is meant to be "Prevent Migration".

I think some lines were crossed ha.

I agree it really needs to actually read "Prevent Migration", that will then make it pretty clear.

@Statitica said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@john.c Thanks!

Not quite the update I was hoping for, but it's another good step in the right direction...

The disk image (VDI) size limit meant that you couldn't have disks attached, to a VM which is larger than 2TB. This limitation was due to the use of the VHD (not VHDX) format for the disks, prior to 8.3 LTS.

Serious problems then occurred if you went over this limit, ones that couldn't be corrected (or at least easily). But the 2TB limit could be worked around, though a fix was sought and is now in development and testing, which will correct it.

On top of this Vates are refactoring and/or updating the Xen Orchestra backup feature code to be able to cope with this limitation being removed, as well as the qcow2 format.

@Statitica said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@ilu said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@nick.lloyd Thankyou...i'll try the last version, reading forums people says HP was problematic, thats why i was asking for help.

Runs fine on my HP hardware, and was pretty easy to install.

@john.c said in Install XCP-ng in old HP ProLiant DL160 G6 (gen 6):

@ilu Though note that XCP-ng 8.3.0 when it goes LTS, will be getting a fix for the 2TB VDI limit. This will allow you to handle VMs which have large, disks.

You have a source for this? IIRC, the fix the the 2TB limit will fix a few other storage limitations too so I'm keen to know more.

https://xcp-ng.org/blog/2025/03/14/the-future-of-xcp-ng-lts/

@ilu Though note that XCP-ng 8.3.0 when it goes LTS, will be getting a fix for the 2TB VDI limit. This will allow you to handle VMs which have large, disks.

Plus this 8.3.0 version is also equipped with XO Lite, useful for single pool as a light weight environment. Though just using Xen Orchestra will be a step up from using VMware ESXi version 5.1, due to it being an appliance.

Plus with it open source nature this software stack, will be a great home for the VMs.

If your asking as a company I would seriously recommend looking into Vates VMS, it will be a very useful base for professional support. As well as supporting the continued development of this great and outstanding virtualisation stack, as well as its open source code.

Also you'll find this works great with your up to date systems as all of the interfaces are HTML5 based no flash present.

@olivierlambert said in 8.3 Cannot boot from CD Rom:

Can you try with another ISO from, I don't know, Ubuntu or another OS? This is really a basic thing, I don't understand why such simple operation doesn't work for you

What if @escape222 were to try doing it from the NetInst image of Debian Linux 12.9.0 and see if that one boots (in case there's an issue with 12.10.0)? As the 12.10.0 is a new point release, they can always then afterwards do a "apt upgrade" to apply the updates from the point release.

Then if the Debian Linux version 12.9.0 NetInst image does successfully boot, then there may be an issue worth reporting in the 12.10.0 point release.

@olivierlambert said in Our future backup code: test it!:

No change in feature in the end, however the problem with LVM could be easily solved with "Instant restore" feature, coming somewhere in 2025.

Thanks for the reply and all of your company's hard work. When the date gets closer I'll let the Linux System Administration lecturer know about using VMs via XCP-ng, XOA and Instant Restore.

Yes it definitely looks really good. Will it be able to perform File Level restore, on multiple disk images in LVM LVs in a LVM VG on a single VM?

The reason being a lecturer on a Linux System Administration course, who's lecturing based on experience. The lecturer's experience is from over 30 Years of System Administration at a wide variety of Corporations including the Fortune 500.

During the course the lecturer has the student's setup VMs using LVM based drive pools for storage. Then have them learn how to add more drives to the LVM VG and increase the size of LVM LV and the filesystem formatted on the logical volume.

If the current and proposed backup engine can't support File Level restore on LVM could it be added please?

@kagbasi-ngc said in Using Multiple Servers in LDAP Plug-in:

@john.c Thanks for the suggestion - I'm exploring this option.

Oh, forgot a bit of follow up. You can also do something similar with Linux. Using the clustering software configured for failover and also a Samba server. The Samba server needs to be at minimum version 4.0, though to be supported with updates version 4.20 at minimum, to guarantee a long period of support either 4.21 or 4.22.

Though using the in box Samba server from RHEL 9 is best as its supported by Red Hat and is version 4.15. Though you can select another Linux distribution which is new enough to support at minimum the same version of Samba.

Then run the process of setting up the Samba Server as an Active Directory Domain Controller.

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

Also with Windows Server based solution, you can add more servers to the AD Failover Cluster as required. So effectively you could even have 3-5 AD domain controllers, instead of just the 2 AD Controllers for redundancy.