RE: "No Stats" Issue

Good news everyone!
For anyone that comes across this after the fact. From what I can gather, the issue is in fact it is looking for a valid certificate when going to an IP to get the stats. So even a valid certificate will fail.
The solution that I have found, is the "Enable Unauthorized Certificates" option in Settings > Server.

And to be clear, it is obvious in hindsight...
What tripped me up is the fact that I'm now only connected to the pool master (After joining the second host), which has valid certificates.
So why would I allow unauthorized certificates?

Well this is why, so when the calls go out from the master with an IP address, it doesn't get tripped up.

Cheers!

Good news everyone!
For anyone that comes across this after the fact. From what I can gather, the issue is in fact it is looking for a valid certificate when going to an IP to get the stats. So even a valid certificate will fail.
The solution that I have found, is the "Enable Unauthorized Certificates" option in Settings > Server.

And to be clear, it is obvious in hindsight...
What tripped me up is the fact that I'm now only connected to the pool master (After joining the second host), which has valid certificates.
So why would I allow unauthorized certificates?

Well this is why, so when the calls go out from the master with an IP address, it doesn't get tripped up.

Cheers!

@PGibson I wonder if there is enough memory allocated to dom0?
https://docs.xcp-ng.org/guides/dom0-memory/

Did some more digging, and found this from 2018.
https://github.com/vatesfr/xen-orchestra/issues/2723
Curious if that is still relevant almost 7 years later

If it is, then I wonder if there is another way to allow the connections other than xe host-emergency-disable-tls-verification
Not going to try that yet though.

jcharaoui created this issue in vatesfr/xen-orchestra

closed SSL certificate verification fails in stats query #2723

@ph7 I suppose if I could read, I would have seen that
I'll check and see if over the next day it corrects itself.

@TS79 I pawed though that a few times, because I have installed lets encrypt certificated. I should have included the rest of the error message:

  "result": {
    "code": "ERR_TLS_CERT_ALTNAME_INVALID",
    "reason": "IP: 192.168.10.81 is not in the cert's list: ",
    "host": "192.168.10.81",
    "cert": {
      "subject": {
        "CN": "xcp-ng2.disappointnetwork.com"
      },
      "issuer": {
        "C": "US",
        "O": "Let's Encrypt",
        "CN": "R11"
      },
      "subjectaltname": "DNS:xcp-ng2.disappointnetwork.com",
      "infoAccess": {
        "OCSP - URI": [
          "http://r11.o.lencr.org"
        ],
        "CA Issuers - URI": [
          "http://r11.i.lencr.org/"
        ]
      },

It looks like its giving back the valid certificate. But its making the call with an IP, not the host.domain. Unless I overlooked over something?

EDIT: I did not change the IP address after installation.

@ph7 I decided to do a reboot like you did, but it did not resolve the issue. During the time the second host was offline, the stats works as expected.

Good day everyone,
I'm racking my brain trying to find a solution for my stats not working on a member of my pool and the pool itself.
Currently using XO Community Edition, set on commit 749f0.

What I can see so far is that the call for the stats is using an IP rather than the FQDN.

{
  "id": "0m7j80y0c",
  "properties": {
    "method": "vm.stats",
    "params": {
      "id": "8cf0448f-8c00-fa2b-8649-da0edda14b39",
      "granularity": "seconds"
    },
    "name": "API call: vm.stats",
    "userId": "c373ef53-7433-450e-814e-74df95dfad68",
    "type": "api.call"
  },
  "start": 1740411424812,
  "status": "failure",
  "updatedAt": 1740411424843,
  "end": 1740411424843,
  "result": {
    "code": "ERR_TLS_CERT_ALTNAME_INVALID",
    "reason": "IP: 192.168.10.81 is not in the cert's list: ",
    "host": "192.168.10.81",
    "cert": {

I'm guessing I've made a mistake in my pool creation, so any insight would be greatly appreciated!

James

P.S. I'm also getting multiple hung Xapi#getResource /rrd_updates tasks, if that's relevant.