XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. cocoon
    3. Posts
    C
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 3
    • Posts 39
    • Groups 1

    Posts

    Recent Best Controversial
    • RE: Xen Orchestra User ACLs and UI Privileges

      @lsouai-vates nice to see that there is work going on.
      Long time ago there was already a draft and I had some questions, maybe it can be picked up?

      https://github.com/vatesfr/xen-orchestra/pull/6450

      https://xcp-ng.org/forum/topic/6644/acl-v2-allow-to-run-specific-job

      julien-f opened this pull request in vatesfr/xen-orchestra

      draft WiP: ACL v2 #6450

      posted in Advanced features
      C
      cocoon
    • RE: Managing vAPPs with XOA

      I would just add a wish here:

      Would be great for future (of course best tomorrow) to have all the features from VMware vCloud Director regarding Template vApps + API 😸

      Just a short compact list:

      • Save vApps as templates containing all VMs
      • Organize these Templates in Catalogs
      • Save Network and Firewall Rules with it (in vCloud DIrectory you can isolate each vApp so be able to really contain same MAC-Addresses identical clones and use a router / fw appliance automatically deployed that uses NAT rules to get into the isolated environments, NSX previous vShield Manager)
        a short youtube video (there might be other better ones but it shows the process): https://www.youtube.com/watch?v=fzoV371vnzs
      • be able to use API for automation to deploy vApps and modify network / fw rules

      ...

      • Tenants might be overkill ^^
      posted in Xen Orchestra
      C
      cocoon
    • RE: XCP-ng 8.3 betas and RCs feedback 🚀

      @moussa854
      And after adding it you might need some more prep? I have had no time to try more:

      https://xcp-ng.org/forum/topic/6578/xcp-ng-8-3-public-alpha/121?_=1687790268385

      posted in News
      C
      cocoon
    • RE: XCP-ng Center 20.04.01 for XCP-ng 8.2

      @mortenchristensn
      You can follow exactly every changes between the two versions if you compare the commits:

      https://github.com/xcp-ng/xenadmin/commits/v20.04.01.33
      https://github.com/cocoon/xenadmin/commits/20.11.00.3

      One bigger difference is, that v20.11.00.3 is based on a newer XenCenter codebase than v20.04.01.33.

      v20.11.00.3: Nov 17, 2020
      v20.04.01.33: Mar 10, 2020

      So you can check all the single changes that happened between those dates.

      001.png

      posted in News
      C
      cocoon
    • Website XOA XCP-NG missing

      Hi,

      just something small that I recognized when I read the text about what XOA is for and it does only mention Citrix Hypervisor but not XCP-NG in the text, just in the title here:

      https://xen-orchestra.com/#!/xo-features/webinterface

      Xen Orchestra is designed to give you the tools you need to administrate your Citrix Hypervisor (XenServer) pools and enjoy a complete overview of your whole infrastructure. No agent to install on your hosts, you can access everything from anywhere and from any devices.
      

      Maybe you want to mention XCP-NG there with a link to "xcp-ng.org".

      posted in Xen Orchestra
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi That was my plan, Bitlocker feature is already installed, will test this yes 😉

      2023-01-16_bitlocker-001.png

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi said in XCP-ng 8.3 public alpha 🚀:

      @cocoon Did you enable Secure Boot on the VM, and did you also install SecureBoot certificates on your pool? (and if you installed the certificates to the pool after you first started the VM - with or without SB, you also need to install them to the VM by putting it in user mode: varstore-sb-state user {VM-UUID}).

      Ah yes, thanks, that works 👍
      the command is just slightly different:

      varstore-sb-state {VM-UUID} user
      

      2023-01-16_secureboot-001_fixed.png

      2023-01-16_secureboot-002_fixed.png

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      OK, TPM is visible in Windows Server 2022 but no secure boot atm.
      Bios says it is disabled. Installed it in a virtual XCP-NG VM on ESXi.

      2023-01-13_vTPM-002_fixed.png

      2023-01-13_vTPM-003_fixed.png

      2023-01-13_vTPM-004_fixed.png

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi Works 👍

      2023-01-13_vTPM-001_fixed.png

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi Hi, sounds great 🙂

      I tried to use the vTPM Management and it seems for me that I am either missing updates (but I have even testing repo enabled) or the feature daemon is missing this entry:

      restrict_vtpm

      When I try to manage vTPM it generates this error on the server:
      Raised Server_error(FEATURE_RESTRICTED, [ restrict_vtpm ])

      Last added online I see Cloud:
      https://github.com/xcp-ng/xcp-featured/blob/master/bin/v6_server.ml#L68

      Would be great to be able to configure it somehow, even add custom features in a config file, there already exists an similar issue entry for it:
      https://github.com/xcp-ng/xcp/issues/184

      2023-01-09_vTPM-001.png

      2023-01-09_vTPM-002.png

      ./var/log/xensource.log:Jan  9 16:13:55 xcp-ng-vm5 xapi: [error||1247 :::80|dispatch:VTPM.create D:6eb04e1f3871|backtrace] 1/9 xapi Raised at file ocaml/xapi/xapi_vtpm.ml, line 24
      

      2023-01-09_vTPM-003.png

      stormi created this issue in xcp-ng/xcp

      open Configurable license daemon #184

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      Oh I see, you don't plan to add more system near features?

      All is just around xapi, even the login system. I thougt it would be more like on ESXi systems where you can manage the whole server from a web ui and will get features like the ones you can do from the local console screen.

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @olivierlambert said in XCP-ng 8.3 public alpha 🚀:

      you need to promote a slave to master so you can get back querying the XAPI.

      Yes I know, I mean a limited access mode or as you said, to make it master would be one task for troubleshooting that could be done if you could login (with warnings), generate/checking/exporting logfiles etc ... (and all you can do on xsconsole, see MAC addresses etc ...)

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      I just upgraded a virtual Test-Cluster from 8.2 to 8.3-Alpha and afterwards had on one console that it told me that I don't have a management Interface and even no network interfaces. Am "Emergency Network Reset" did not change anything .

      After checking everything, network was working, even ping was working ... I remembered my problem with the certificates I mentioned here already in November and yes, it was just the same problem with the old too short certificate 🤦

      But this leads me to the new "problem":
      Couldn't the xsconsole be improved to give a better hint than "no network interfaces"?
      Because it really means something like: Could't establish a connection to the master.

      Oh and one more thing:
      Is it by design that I cannot login to XO Light on the VM that is not the master?
      It just tells me "An error has occured"
      ... Ah just check the return value and it says error: "HOST_IS_SLAVE"
      This could also be improved or automatically redirect to the master as it contains the IP of the master in the response ... or in the end it might be good to be able to login if the master is not available for troubleshooting

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @olivierlambert
      I can't explain it, just had seen the error 🤔
      and here it seems to have happened, too:
      https://stackoverflow.com/a/62646075/19868457

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @olivierlambert
      In that Browser I have even more blockers like AdNauseam + uBlock + NoScript, but the problem can be the same, just to remember that Browsers might have blocking utils in it if there is a problem for someone.

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      As I had now a chance to take a quick look, XO Light will be a great addition when it's ready 👍

      Currently I cannot test the Console, but the Dashboard looks nice and of course I would have some ideas what would be great to have there, but you might already have a list.
      But I would say for troubleshooting to extract logs and use the bugtool might be handy to have available.

      I could not get any VM button to do anything, it simply might not be implemented right now, like poweron etc.

      But I have seen at least one possible problems that you might want to add to a FAQ:
      If you have ublock adblocker installed it seems to cause problems if you don't whitelist:

      001-ublock.png

      @jameso said in XCP-ng 8.3 public alpha 🚀:

      No offence to cocoon for doing great work with their release, but will v20.04.01 or variant be made available to support 8.3? 🙂

      Just my 2 cents:
      I think chances are a bit better now, because it looks like both teams (XCP-NG and Citrix) are working more closely together now.
      In the past I would have said that development goes much more in different directions and so new things would usually not be added to the client as nobody is really working on it.

      But now it could happen maybe if release is near or ready. I would not expect it for alphas and betas, but mostly depends on if @borzel will find the time then.

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi I will add some details here:

      https://github.com/cocoon/xenadmin/blob/ddc54106203a6030d6e45955937ea769c7441e67/XenAdmin/MainWindow.cs#L946

      This was my "hardcoded" value, that is not intended to be used here.

      Instead the official way is to extend some Enums with supported API Versions.
      If the Version of the host (for 8.3 it is 2.20) is not found in the enums, it get's set to 99 = Unknown.

      The current enum contain only up to 2.16 (API_2_16) so API_2_20 is not found --> set to 99:
      https://github.com/xcp-ng/xenadmin/blob/development/XenModel/XenAPI/ApiVersion.cs#L38

      Problem is here where it compares the min version to the current and if it is higher (and it is with 99) it refuses to connect.

      https://github.com/xcp-ng/xenadmin/blob/development/XenAdmin/MainWindow.cs#L928

      As I hardcoded it to a lower value (20) it is now lower and allows to connect.

      And btw: my build was based on a slightly newer commit from Citrix than the one at xcp-ng repo.

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @stormi That is my special build where I "fixed" the min version problem that now is in the other "official" client ^^

      was here back when the previous relase had no working client for some time 😉
      https://github.com/cocoon/xenadmin/releases

      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      @psafont

      Yes the key is 1024:

      [11:45 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem
      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number:
                  b2:32:6b:a9:eb:51:99:0c
          Signature Algorithm: sha1WithRSAEncryption
              Issuer: CN=192.168.56.102
              Validity
                  Not Before: May  4 15:23:19 2018 GMT
                  Not After : May  1 15:23:19 2028 GMT
              Subject: CN=192.168.56.102
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                      Public-Key: (1024 bit)
                      Modulus:
                          00:c2:62:b4:fc:54:a0:1b:7c:5d:3e:61:4c:51:ef:
                          ff:a4:a0:da:ab:ea:49:f5:99:3e:14:67:a7:9d:68:
                          28:8e:ea:54:75:45:55:8b:78:fa:46:65:f5:f2:a2:
                          5e:ca:20:8c:c7:d4:4b:c4:21:a2:70:0e:49:d0:aa:
                          f0:2a:21:40:db:39:2f:57:ec:18:dc:82:2e:d0:b5:
                          f4:cb:48:a0:b8:9d:3f:c4:f5:75:cb:1b:1c:4b:47:
                          a2:07:2f:3c:b4:b1:37:d0:e8:11:e6:00:49:cf:89:
                          e6:4f:38:3d:a6:6f:bb:02:84:e8:17:3c:5b:a1:f7:
                          98:87:03:ad:36:26:31:ca:63
                      Exponent: 65537 (0x10001)
              X509v3 extensions:
                  X509v3 Subject Alternative Name:
                      DNS:xcp-ng-vm1, DNS:xcp-ng-vm1
          Signature Algorithm: sha1WithRSAEncryption
               01:dc:44:77:3e:34:3a:b2:06:c5:bc:07:ab:e9:8c:c4:5e:cf:
               c5:33:fc:74:83:cf:4c:14:cc:2f:fb:dc:d5:45:ff:84:76:40:
               fc:b0:9c:00:af:a5:00:85:13:97:90:7e:66:81:36:3b:d3:83:
               55:2c:e2:54:3d:85:d5:1d:d0:fe:1e:b7:2f:4d:76:8b:01:e1:
               a5:be:ed:62:73:e0:44:65:74:6e:e3:eb:5b:72:21:66:7f:03:
               28:c4:f7:d9:dc:72:46:d1:fc:b0:5f:18:bf:bd:ef:44:9c:64:
               09:94:c8:65:1b:6b:06:26:ca:91:ee:ee:19:12:80:f0:f5:5f:
               17:f4
      
      

      I found a slightly different command to reset the cert and it seems to work:

      [11:54 xcp-ng-vm1 xensource]# cat /etc/xensource-inventory | grep -i installation_uuid
      INSTALLATION_UUID='efe93b3d-ce2e-4f37-8a0d-00abf186c688'
      [11:54 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid=efe93b3d-ce2e-4f37-8a0d-00abf186c688
      Error: No matching hosts found
      [11:55 xcp-ng-vm1 xensource]# xe host-list
      uuid ( RO)                : efe93b3d-ce2e-4f37-8a0d-00abf186c688
                name-label ( RW): xcp-ng-vm1
          name-description ( RW): Default install
      
      
      [11:55 xcp-ng-vm1 xensource]# xe host-refresh-server-certificate host uuid='efe93b3d-ce2e-4f37-8a0d-00abf186c688'
      Error: No matching hosts found
      [11:55 xcp-ng-vm1 xensource]# xe host-emergency-reset-server-certificate
      [11:56 xcp-ng-vm1 xensource]# openssl x509 -text -noout -in /etc/xensource/xapi-ssl.pem
      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number: 1652293449990601601 (0x16ee20237764fb81)
          Signature Algorithm: sha256WithRSAEncryption
              Issuer: CN=xcp-ng-vm1
              Validity
                  Not Before: Nov 21 10:56:45 2022 GMT
                  Not After : Nov 18 10:56:45 2032 GMT
              Subject: CN=xcp-ng-vm1
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                      Public-Key: (2048 bit)
                      Modulus:
                          00:a4:4d:a0:35:42:cc:1b:0c:0c:1e:5e:68:84:9e:
                          a0:66:5e:9d:d0:e1:8a:9c:00:d8:e1:d9:be:81:6e:
                          f4:88:dd:ee:e3:ba:cf:19:01:74:05:f6:be:f0:b2:
                          7b:36:3d:99:b1:b8:79:52:10:dc:71:db:5c:4c:cd:
                          03:cc:2d:49:e9:3f:ab:31:5b:f1:f6:8e:33:99:b0:
                          ed:ee:a6:f8:af:f7:46:25:db:fc:2f:05:da:16:de:
                          58:df:c8:70:75:17:1f:a8:d9:ed:d9:31:da:f5:5e:
                          ce:d3:93:d1:00:b4:e8:27:29:cb:a6:a8:e6:e1:97:
                          92:84:74:84:30:b2:09:fc:e4:60:79:6c:4b:f4:07:
                          e3:ba:e6:da:b0:be:6a:35:ef:d8:bc:47:df:58:45:
                          a0:c6:1a:56:ee:2e:32:1c:13:17:66:5c:41:93:1d:
                          da:e2:ac:03:31:16:6d:0c:33:f4:df:67:47:8b:bb:
                          53:6f:cd:12:aa:aa:af:12:25:77:38:20:d5:88:97:
                          cf:35:b7:e2:cb:28:60:15:a8:9a:8f:69:ce:a1:f1:
                          4a:de:bf:6a:9e:f6:4a:fc:a4:1e:07:1c:21:db:c0:
                          db:3c:fb:31:5c:cf:4a:95:05:ca:ef:d1:4e:6e:a1:
                          dd:6b:c8:e2:9c:f4:f3:05:2e:b5:a1:bc:78:54:29:
                          df:35
                      Exponent: 65537 (0x10001)
              X509v3 extensions:
                  X509v3 Subject Alternative Name:
                      DNS:xcp-ng-vm1, IP Address:192.168.220.106
          Signature Algorithm: sha256WithRSAEncryption
               23:bb:bf:fb:78:5e:df:7a:00:15:1a:09:d6:9c:81:b3:ef:e2:
               a3:a1:6c:18:5f:fe:dd:77:ae:99:48:92:d7:b6:76:c7:93:2f:
               40:c3:43:a0:9f:ae:eb:b0:68:56:f0:65:04:29:49:01:b6:c7:
               96:42:85:70:29:d0:cb:bc:21:26:55:5a:9e:af:97:4b:4a:19:
               ad:5d:07:39:e3:e4:e5:6b:4b:2a:f3:7d:de:e5:8f:ea:3a:34:
               0b:5e:6a:06:c4:34:d6:e8:5a:12:70:14:2f:95:12:66:da:79:
               d0:10:43:e9:9d:75:68:e9:aa:56:ae:fe:49:2b:79:b9:f8:16:
               be:7a:86:ff:b5:b4:84:14:cb:d1:91:ca:4d:95:36:91:43:1e:
               1e:50:a6:70:93:77:1c:2e:bb:ee:5f:33:5e:c7:f2:98:2a:b4:
               9d:40:a8:a8:ae:22:71:11:50:f4:62:ff:72:3f:9d:c6:0c:6a:
               7e:34:c8:c1:f9:8f:5c:ac:fa:9b:bf:8b:e7:6b:92:9a:00:dc:
               59:6d:15:23:af:28:c7:b5:b6:0a:a3:d5:98:86:9f:b2:31:1a:
               29:16:ca:60:b2:a8:1e:68:b2:14:37:e6:f0:6c:cd:2b:43:d0:
               18:6a:c0:43:70:ee:8b:c3:b2:fc:15:6c:a4:e7:c2:12:20:41:
               ed:e6:23:60
      
      
      posted in News
      C
      cocoon
    • RE: XCP-ng 8.3 public alpha 🚀

      So still have the problem today on the upgraded VM that no https is available.

      I installed a new VM now and there it works and I found these differences, looks like the /etc/xensource/xapi-ssl.pem file is too old.

      FRESH NEW VM:
      new-vm-001.png
      new-vm-002.png

      UPGRADED VM:
      https-002.png
      https-003.png
      https-005.png

      posted in News
      C
      cocoon