RE: Limiting access to xo-lite to a specific IP address or ssubnet

@olivierlambert Thank you for replying. Here we get a wider question - is there a built-in firewall in XCP-NG? I don't see any signs of netfilter, iptables, ufw etc. presence on XCP-NG host. So, it may be very helpful if you shed some light on this matter.

I also don't understand how disabling xo-lite may be related to disabling SSH.

@olivierlambert said in Limiting access to xo-lite to a specific IP address or ssubnet:

You can indeed disable XO Lite, it makes sense in the case you want to also disable SSH

SSH is way easier to protect by enforcing private key authentication, while xo-lite may be just a target for brute-forcing. So, yes, what makes sense is that we limit what ports are exposed and who can access them.

Hello, everyone.

I have just come across this discussion on Reddit https://www.reddit.com/r/xcpng/comments/1m9jz2h/83_without_xo_lite/

The moment I read it I thought whether there may be a workaround to limit access to xo-lite to only a specific IP address or a range thereof or a subnet?

Thanks

@Danp Well, it is just a user-definable system summary that may be run on demand or when the terminal session starts. CPU/Memory utilization etc.

Oliver was involved in a discussion related to XCP-NG logo coloring for Neofetch, however this was long time ago. At that time he did not say anything like 'Don't do it, it is bad for your host'.

https://github.com/xcp-ng/xcp/issues/491
https://doc.netwaze.fr/books/xcp-ng/page/neofetch-xcp-ng

I can live without it, but it does not harm to have Neofetch on the host for a quick glimpse at the resources.

undu created this issue in xcp-ng/xcp

open ASCII-based logo for xcp-ng #491

@Forza Not a bash script, a package that requires installation. XCP-NG has all repos wisely disabled. That's why installing it on this specific type of host is not a trivial task.

Hello, everyone.

I am curious what is Vates' standing on neofetch installation/use on XCP-NG. Discouraged? Neutral?
If neutral how do I install it? These approaches did not work
yum install neofetch --enablerepo=base,updates
yum install neofetch --enablerepo=konimex/neofetch

Thank you

@Danp Thank you, trying now.

@olivierlambert Please, how? Not getting my head around it. Thank you

Hello, everyone.

I guess when I installed XO I had a different name set for the VM host and late on I changed it to something else.
I am trying to get the list of available objects by running xo-cli list-objects I get errors returned which point to the wrong host name and DNS errors:

✖ Error: getaddrinfo ENOTFOUND xo1.my-domain.com
    at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:120:26) {
  code: 'ENOTFOUND',
  errno: -3008,
  hostname: 'xo1.my-domain.com',
  syscall: 'getaddrinfo'
}

My new host name is xo1-xyz.my-domain.com. What and where should I update to get the CLI working again?

Thank you very much

@Affonso Something is not adding up. Look at this screenshot. All VMs are down. Some show blue cloud. Some show 'hamburger'-like icon and the name of the host and pool.

@BenjiReis Thank you for your insight.
Here is another screenshot showing 2 pFsense VMs - one is running and the other one is halted. As you can see they both have the same icon regardless of the power state:

@olivierlambert Not an issue at all, I just want to understand and learn more. Here is a screenshot showing 2 VMs with different icons

Thank you

Please enlighten the uninitiated: I currently have a single pool with a single host. Why some VMs in the list show blue cloud icon and pool name and other VMs show host icon and the host name twice separated with a dash?

Thank you

@olivierlambert Thank you. When you say 'reconnect the S3' do you mean recreate the Remotes and then in Backup/Restore click on the Refresh backups list button?

Re: Can the backups created by one XO be restored inside another XO?
@olivierlambert I have a different scenario: a single physical node with XO and a few VMs. The node crashes irreparably. Before the crash I had all metadata and VMs backed up to an S3 endpoint.

If I get a new physical server and install XCP-NG onto it - is there a way to restore VMs from that S3 backup?

Thank you

@Tristis-Oris Alright, so 8.3 is pre-requisite. Thanks for confirming.

Hello, everyone. Please clear my doubt. I am on XCP-NG 8.2 fully patched and I also updated XO to 5.92.
Following the announcement of features in XO 5.87 and I was hoping to see the health of local hard drives and SSDs. The option is present in the Advanced tab of the Hosts page, however it is grayed out. Small message says "Smartctl plugin not installed".

I checked the Plugins page and smartctl is nowhere there.
Simple question - as long as I am not on XCP-NG 8.3 am I not supposed to have the disk drive monitoring available in the WebUI of XO?

Thank you in advance

@olivierlambert This topic was last time discussed in June of 2021.

I am wondering if some sort of solution has been built to add icons to VMs which don't have icons next to them?
I have one VM with FreePBX and while in its core this is a modified CentOS yet the OS reports itself as Sangoma Linux. Another VM is virtualized TrueNAS Scale. Both VMs are bare iconless

Thank you

@planedrop Yes, doing thing like this frequently would not be fun at all. This is a one-off event. So, B is the way to go.

@dredknight Thank you. I did not try A but I was feeling that it would not succeed.

Knowledgeable people, please advise what should be the best sequence for migrating a VM with running pFsense to another host while a NIC is passed through to it:

a) Just try to migrate straight ahead

b) Stop the VM => Remove the PCIe device from the VM => Migrate => Pass the NIC through to the Migrate VM on the Target Host

c) Make a clone of the VM => Migrate the Clone to the Target Host => Pass the NIC to the new VM on the Target Host

Thanks in advance to everyone