That's great and very cool.
Unfortunately Microsoft doesn't publish the containers in a place like docker hub, rather they distribute a PowerShell script that installs and configures the containers on a Windows server, specifically. Updates to the Microsoft Enterprise Connected Cache is also updated via Windows services/tools.
The Microsoft Enterprise Connected Cache node is intended to be installed on a Windows Server where the Windows clients use that cache server.
Since XCP-ng cannot do nested virtualization, you are correct: the use Microsoft Enterprise Connected Cache is not available unless a separate server running Windows bare-metal or Hyper-V (or ESXi, ...) with nested virtualization enabled.
Most places use a hypervisor on all bare-metal servers and virtualize the compute. That was my situation. Which means I was unable to improve InTune Win32 app deployment, because we had switched to XCP-ng.
What's different in this situation is that if I install Microsoft Enterprise Connected Cache on a VM, that Windows VM requires nested virtualization to run a Linux container. That means nested virtualization is required.
Linux containers on a Linux VM do not require nested virtualization.
That's interesting. Microsoft's Enterprise Connected Cache is a containerized setup on Linux containers, however the installer is only available for Windows. Running Linux-based containers requires nested virtualization.
This is what got me wondering about nested virtualization support for XCP-ng.
@olivierlambert I stumbled across this here while searching for something else: https://xcp-ng.org/forum/topic/3671/xo-cli-help/5
I need to specify "json:8" to set the CPUs to 8. I did see the use of the "json:" prefix here (https://docs.xen-orchestra.com/architecture#xo-cli-cli), but the example shows using that prefix for a list rather than a single value. Not to mention that when setting the memory with vm.set, using "json:" is not required, so I didn't think to try that. I figured it out eventually though.
Also more details regarding how vm.createCloudInitConfigDrive works would be good.
The help information from xo-cli list-commands has the following
vm.createCloudInitConfigDrive vm=<string> sr=<string> config=<string> [networkConfig=<string>]
Is the string for config and networkConfig supposed to be the id of objects created using cloudConfig.create?
Does the template= parameter for cloudConfig.create accept the yaml string for cloud-init?
Is there an online reference for xo-cli with examples? I can't find it. I know that xo-cli has help output, but it isn't detailed enough for me to understand fully how to use it.
Here's my specific example:
xo-cli vm.set auto_poweron=true id="f329c1f2-424e-1451-7c61-fee57273e6c4" CPUs=8 memory=17179869184 secureBoot=false
ā invalid parameters
property @./CPUs: must be integer
After I create the VM with xo-cli vm.create, I am trying to set the number of CPUs to 8 and the RAM to 16GB.
@olivierlambert Does the xe command interact with the XAPI solely or is there some other service/API that Citrix has made that the xe command line utility depend on?
@olivierlambert NICE!! I super love PowerShell. I hope Unix socket interaction is part of it. I'd love to help contribute, except I am a super noob when it comes to development. I've written c# tools before, but I am all self taught and there's so much about C# I don't know.
I totally overlooked the "for XO". The Unix socket thing doesn't apply there. It is still really awesome though and wish I could help.
@bvitnik .Net core supports connecting to Unix sockets (socket types). PowerShell can, but would need to create .Net objects to do it. My goal was to still use the Citrix PowerShell module, but I would need to edit the .Net SDK as well as the PowerShell module code that uses the .Net SDK. The scope might be too large for a noob such as I.
I'm sure I could figure it out eventually, but it would take me forever. I'm a sysadmin that's loves writing code (all basic tools and automations though) and I wish I could do it more, so I could get better at it.
EDIT: Citrix has two editions of the PowerShell module, one written for Windows PowerShell and one written for PowerShell core.
@Byte0 Oh, I may have just found it. It's written on ocaml? Uh oh. Might be well out of my ability to make this happen. 
I am a huge fan of PowerShell and there is a PowerShell module for managing XenServer/XCP-ng, however it requires connecting to the Xen system with a username/password before using it even if the PowerShell module is installed on XCP-ng itself.
I noticed that the version of xe that I install on my workstation needs to make a connection (of course), but the xe utility on XCP-ng host does not need to do this. It seems there is some way of interacting with the XCP-ng server that doesn't require auth if running on the server as root.
I was hoping I could figure out a way to replicate this with with PowerShell, so that if I am logged into XCP-ng as root, I can immediate run Get-XenVM without needing to run Connect-XenServer first.
@BenjiReis The xapi is written in OCaml? That is pretty cool. I would love to learn OCaml one day.
Anyways, doesn't seem intuitive to design it this way:
Going to file an issue in that repo to see what happens. I suppose they would have to fix the OCaml code you linked as well.
@BenjiReis just checked the repo: https://github.com/xcp-ng/xcp-ng-xapi-plugins/tree/master/SOURCES/etc/xapi.d/plugins
That doesn't even have the firewall-port script in it, so not sure what repository contains that to send a fix to.
@BenjiReis am I crazy or does the firewall-port script have a bug? If I use the firewall-port script to open the port then use firewall-port check 3493 tcp as a way to check, it reports that it is not open. The code needs to be fixed from
check)
if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
then
echo "Port $PORT open: true"
else
echo "Port $PORT open: false"
fi
;;
to
check)
if [[ -n `iptables -S $CHAIN | grep " $PORT "` ]]
then
echo "Port $PORT open: true"
else
echo "Port $PORT open: false"
fi
;;
or
check)
if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
then
echo "Port $PORT open: false"
else
echo "Port $PORT open: true"
fi
;;
If I knew how to do a git pull request and all that I'd do it, however I do not.
I have a UPS connected to XCP-ng via USB. I have a backup server I need to setup to monitor the UPS for shutdown as a secondary NUT host.
XCP-ng blocks NUT server communication. What would be the best way to edit iptables (or nftables, I forget which XCP-ng uses) to allow the NUT secondary server to communicate with the primary NUT service running on XCP-ng?
I am finding myself in this really unfortunate situation. We want to use Microsoft Connected Cache which requires Hyper-V. Microsoft Connected Cache is a way to cache inTune installation packages to reduce internet usage.
@Danp Oh for sure!
I have 3 delta backups that backup to an NFS share on a QNAP NAS.
1 of the backups is weekly and the other 2 are daily.
Is that sufficient information or did I forget a detail?
