XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. gb.123
    3. Best
    G
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 8
    • Posts 112
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: XCP-ng 8.3 updates announcements and testing

      @gduperrey
      @olivierlambert

      First of all ...... a BIG THANK YOU for this patch !

      Tested on Minisforum AMD 7945HX based pc; and I can confirm that XCP-ng boots with ACPI PSS & C Cores as mentioned in this post and it works with both options enabled.

      So excited that I have tested this only and replied before testing other things.. πŸ˜ƒ

      UPDATE :
      While updating this, I actually had to do 2 updates (last stable update patch of 7 files + this one)

      After this installation, GPU (Nvidia) passthrough completely seems to be broken. Before the update(s) the host had to be turnoff completely, power cable had to be removed and then replugged to reset the graphics card (which used to work as I was able to run the card); but now attaching the graphics card to VM makes the VM hang on VM boot and at times, the host is also abruptly restarted (as if someone as pressed the HW reset button).

      I am not sure whether the problem is in this update or the last stable one; but graphics card reset for Nvidia ( I think it has to do with ACPI reset ) still remains a problem.

      Would be great if you guys can look into this.

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      @stormi

      Did minor testing. Seems ok.
      Haven't tested Backups.

      posted in News
      G
      gb.123
    • RE: Xen 4.17 on XCP-ng 8.3!

      @stormi

      WHAT THIS VERSION OF XEN CHANGES

      I must admit I haven't done my homework yet here. You can check the upstream changelogs at the Xen Project. I'll update this post if someone provides a useful bullet list.

      Here you go :

      Notable Features
      This release has seen the increase in hardware support for both x86 and Arm, together with the addition of other improvements and features:

      • MISRA-C integration: The project has officially adopted four directives and 24 rules, added MISRA-C checker build integration, and defined how to document deviations. A number of MISRA-C violations have been fixed.
      • Static configuration options for ARM: In many embedded environments, we know ahead of time exactly what resources all guests will need at boot time. In constrained resource environments, allocation on use increases the possibility that the allocation will fail at runtime. With static configuration, resources are allocated statically when the hypervisor boots, removing the possibility of runtime failure. Resources which can be statically configured as of 4.17 include event channels, shared memory, and hypervisor heap.
      • ARM: Add β€œtech preview” implementation for VirtIO. Xen now includes full support for VirtIO on embedded systems, on ARM, for the virtio-mmio transport, allowing a wide range of VirtIO devices to be supported. This includes front-end support in Linux, toolstack (libxl/xl) and dom0less support, and a userspace backend. Currently, the following stand-alone backends are available and have been tested: virtio-disk, virtio-net, i2c, and gpio.
      • dom0less / Hyperlaunch: cpupools can be specified at boot using device tree. This allows the use of cpupools in dom0less / Hyperlaunch -style configurations; in particular, it makes it possible to assign different types of CPUs of an ARM big.LITTLE system to different cpupools at boot time.
      • dom0less / Hyperlaunch: PV frontend / backend connections can now be specified between guests, allowing statically booted guests with PV devices
      • On ARM, p2m structures are now allocated out of a pool of memory set aside at domain creation; this provides better isolation between guests against memory resource failures
      • ARM: Mitigations against Spectre-BHB
      • x86: IOMMU superpage support for all guest types; improving performance of PCI pass-through
      • x86: Security support hosts with up to 12 TiB of RAM
      • x86: Can now set cpuid parameters for dom0 at boot time
      • x86: mwait-idle support: Added SPR and ADL
      • x86: Improved speculative mitigation support, including VIRT_SSBD and MSR_SPEC_CTRL features to help guests know what speculative mitigations they don't need to be done (due to mitigations on the hypervisor side), and to control what kind of speculative mitigations the hypervisor performs on their behalf
      • Out-of-tree builds for the hypervisor now supported
      • ARM: Since addition of Zephyr RTOS guests support (Xen 4.15, Zephyr 3.1.0), work has been done on making it possible to run Zephyr in dom0 improving boot time, stability and paving the way for future safety certification for Xen-based systems

      Source : https://wiki.xenproject.org/wiki/Xen_Project_4.17_Feature_List

      posted in News
      G
      gb.123
    • RE: XOSTOR hyperconvergence preview

      @ronan-a @dthenot @Team-Storage

      Guys, Can you please clarify which method to use for installing XOSTOR in XCP-ng 8.3 ?

      Simple :

      yum install xcp-ng-linstor
yum install xcp-ng-release-linstor
./install --disks /dev/nvme0n1 --thin

      Or the script in the first post ?
      Or Some other script ?

      posted in XOSTOR
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      Installed fine. Didn't get a chance to deep dive and/or test features.

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      @stormi said in XCP-ng 8.3 updates announcements and testing:

      A few days late because internal tests led to a few fixes, here are the pre-release ISO images for a refreshed XCP-ng 8.3 installer:

      https://repo.vates.tech/tmp/

      $ cat SHA256SUMS
22deae59e7c5cff7d4691c447af9dbf27b29a372748c1844c280bdc212ef2a5f  xcp-ng-8.3-20250606-linstor-upgradeonly.pre3.iso
9a5dcc8d98949ee207d28307b8b94320d1ffd24841e34ca74e1c0f0422e5ecab  xcp-ng-8.3-20250606-netinstall.pre3.iso
4d6f5a99da0d70920bc313470ad2b14decab66038f0863ca68a2b81126ee2977  xcp-ng-8.3-20250606.pre3.iso
      1. No need to upgrade XCP-ng 8.3 with these. It is not a new release. It's refreshed installation images, with all updates included.
      2. When we release them, at the same time, XCP-ng 8.3 will be officially labeled LTS. Again, the existing XCP-ng 8.3 that you already use. Not a new XCP-ng release.
      3. This is also when XOSTOR becomes officially supported in XCP-ng 8.3 πŸŽ‰.

      This is definitely the best part... I just installed XCP-NG on my test bench (a few days back) with the previous ISOs to test the updates !
      Will try this ISO as soon as I get my new PC!
      Was eagerly waiting to try XOSTOR in the meantime. πŸ™‚

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 betas and RCs feedback πŸš€

      @olivierlambert @stormi

      I have a suggestion w.r.t interface-rename.
      Can we have a screen at the installation (using iso method) which lists all the NICs and we can rename the interfaces at install time itself ?

      posted in News
      G
      gb.123
    • RE: XOSTOR on 8.3?

      @olivierlambert
      I don't mean to push or ask for an ETA; but since it's been a few months so I was wondering if there is any update on this ?
      Waiting eagerly to have XOSTOR on 8.3

      posted in XOSTOR
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      @stormi
      Just for clarification sake (I know this might have been said before), installing patches is the same as upgrading from iso in this case ?
      (Unlike with previous update where it was mandatory to upgrade using iso)

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      @olivierlambert
      Sure.

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 betas and RCs feedback πŸš€

      Installed in my Homelab. Install went smoothly.

      Small bugs I have noticed :
      1.
      XCP-NG Install Error.jpg

      This ONLY happens when using KVM and 'scaling' the display to fit window.

      XCP-NG Update Error.jpg

      This happens ONLY on the first boot after applying patch ( 6 programs ) once release iso is installed.
      This goes away from the second boot.

      Everything seems to be working smoothly for now. Kudos to the Vates Team !

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 betas and RCs feedback πŸš€

      For everyone who needs to ensure usb-policy.conf remains intact after update/reboot, I have posted a workaround script here.

      Please note this is a workaround script only till a better implementation is done by the xcp-ng team.

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 betas and RCs feedback πŸš€

      @olivierlambert

      Thanks for the prompt reply !

      You are right. The device was filtered. I am now removing from filter and re-testing.

      Update: Re-tested and everything seems to work fine.
      I will further try to use the signature device to see if it actually works inside the VM.

      PS: I see no reason to filter tokens by default. Can we remove the DENY line for smartcards by default ?
      We also need to add : DENY: Class=03 subclass=00 prot=00 # HID
      as this class is used by some MSI motherboards for HID. Since rest of the HID are filtered, this should be added too for consistency sake.

      posted in News
      G
      gb.123
    • RE: EOL: XCP-ng Center has come to an end (New Maintainer!)

      Very excited to receive a wonderful and detailed reply from @michael-manley.

      Thanks @michael-manley for taking over the maintenance of XCP-ng Center!

      posted in News
      G
      gb.123
    • RE: XCP-ng 8.3 updates announcements and testing

      @stormi

      Great Idea!
      Post updated ! πŸ™‚

      Update: I also added 'Automatic Backup' which backs up your original file in case something goes wrong.

      posted in News
      G
      gb.123
    • USB Passthrough Override Script - to ensure usb-policy.conf consistency

      Hello,

      This script is a workaround for saving the USB Passthrough configuration which gets over-riden on XCP-ng updates (known issue).

      The script was earlier removed as per request of stormi in the interest of not overburdening our lovely devs at Vates, but I added it back seeing many people are affected; for helping a greater set of the community.

      Disclaimer:
      This script is made as a workaround to prevent usb-policy.conf from getting overridden by new patches/restarts.

      ⚠ WARNING: Please note that issues caused by this script (if any) shall not be covered by the XCP-NG Support team.

      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

      Testing Status:

      • XCP-ng version 8.3 - Tested & Working.
      • XCP-ng version 8.2 - Untested. (Should Work)
      • Other versions - Completely Untested. Do not use unless you know what you are doing !

      Instructions for Install :

      1. Please Copy and Save this script as install_usb_passthrough.sh
      2. You can either add your settings by editing this file or change it later.
      3. Run chmod +x install_usb_passthrough.sh
      4. Run ./install_usb_passthrough.sh

      Instructions for Usage :

      1. Change /opt/usb_passthrough_conf/usb-policy.conf as per your configuration.
      2. Run the included .sh script (placed in the above directory) or Re-boot for effect.
      3. You configuration will survive on every re-boot/update.

      Instructions for Un-Installation/Removal :

      • Run the originally saved install_usb_passthrough.sh with --remove as parameter to completely uninstall the program. (It leaves no 'residue')
      Script version - v2.1

      Changelog:

      • Saves existing configuration instead of starting from scratch
      #!/bin/bash

## This script installs/uninstalls /etc/xensource/usb-policy.conf to be overwritten on every boot
#Variables
DIR=/opt/usb_passthrough_conf
SCRIPT="${DIR}/usb-passthrough-config.sh"
USB_SCAN_LOG="${DIR}/usb-scan.log"

# Declare variables for Cron
cron_remarks="# USB Passthrough Override"
cron_job="@reboot /usr/bin/bash $SCRIPT > /dev/null"

# Get current UUID required for scanning USB devices
CURRENT_UUID=$(grep -i installation_uuid /etc/xensource-inventory | cut -d'=' -f2- | tr -d "'\"")

# Install
if [ "$1" != "--remove" ]; then
# region Install
    # Create Directory
    echo "Creating Directory ${DIR}"
    mkdir -p "$DIR"
    # Create Config File
    # ^@Edit Config File (only contents, not file-name)
    echo "Creating Config File (from existing setup)"
    if [ -f /etc/xensource/usb-policy.conf ]; then
        cp /etc/xensource/usb-policy.conf "${DIR}/usb-policy.conf"
        echo "USB policy created successfully from original setup"
    else
        cat <<-EOF > "${DIR}/usb-policy.conf"
# When you change this file, run 'xe pusb-scan' to confirm
# the file can be parsed correctly.
# You can also run '/opt/xensource/libexec/usb_scan.py -d' to see
# debug output from the script parsing this configuration file.
#
# Syntax is an ordered list of case insensitive rules where # is line comment
#  and each rule is (ALLOW | DENY) : ( match )*
#  and each match is (class|subclass|prot|vid|pid|rel) = hex-number
# Maximum hex value for class/subclass/prot is FF, and for vid/pid/rel is FFFF
#
# Rules are ordered so that the first matching rule will override
# any other rules for the device below it
#
# USB Hubs (class 09) are always denied, independently of the rules in this file
DENY: vid=17e9 # All DisplayLink USB displays
DENY: class=02 # Communications and CDC-Control
ALLOW:vid=056a pid=0315 class=03 # Wacom Intuos tablet
ALLOW:vid=056a pid=0314 class=03 # Wacom Intuos tablet
ALLOW:vid=056a pid=00fb class=03 # Wacom DTU tablet
DENY: class=03 subclass=01 prot=01 # HID Boot keyboards
DENY: class=03 subclass=01 prot=02 # HID Boot mice
DENY: class=0a # CDC-Data
DENY: class=0b # Smartcard
DENY: class=e0 # Wireless controller
DENY: class=ef subclass=04 # Miscellaneous network devices
ALLOW: # Otherwise allow everything else
EOF
    fi
    # Create Script
    echo "Creating USB Passthrough script"
    cat <<-EOF > "$SCRIPT"
#!/bin/bash
# Script to overwrite usb passthough policy and scan USB devices

# Enable Backup for current config (set to false to disable)
BACKUP_ORIGINAL="true"

# Check if original differs from our config
if ! cmp -s /etc/xensource/usb-policy.conf "${DIR}/usb-policy.conf"; then
    # Get current UUID (required for scanning USB devices)
    CURRENT_UUID=\$(grep -i installation_uuid /etc/xensource-inventory | cut -d'=' -f2- | tr -d "'\\"")
    
    # Backup current Config file (if backup is enabled)
    if [ "\$BACKUP_ORIGINAL" = "true" ]; then
        # Files differ - backup original with incremented suffix
        i=1
        while [ -e "${DIR}/usb-policy\${i}.conf.backup" ]; do
            i=\$((i + 1))
        done
        cp -f /etc/xensource/usb-policy.conf "${DIR}/usb-policy\${i}.conf.backup"
        echo "USB PASSTHROUGH: Backed up original config to ${DIR}/usb-policy\${i}.conf.backup"
    fi
    
    # Copy User Config to /etc/xensource/usb-policy.conf
    cp -f "${DIR}/usb-policy.conf" /etc/xensource/usb-policy.conf
    echo "USB PASSTHROUGH: Copied user config to /etc/xensource/usb-policy.conf"

    # Scan USB Devices
    /opt/xensource/libexec/usb_scan.py -d > "${USB_SCAN_LOG}"
    xe pusb-scan host-uuid=\$CURRENT_UUID
else
    echo "USB PASSTHROUGH: Config files are the same, skipping..."
fi
EOF
    
    # Make Script executable
    chmod +x "$SCRIPT"
    
    # Backup Original File
    echo "Backing up original Config"
    cp -f /etc/xensource/usb-policy.conf "${DIR}/usb-policy.conf.original" 
        
    # Creating Cronjob for running script at every re-start
    echo "Installing Cron Job for USB Pass-through"
    # Remove existing entries (if any) and re-add to ensure they're consecutive
    ( crontab -l 2>/dev/null | grep -v -F "$cron_remarks" | grep -v -F "$cron_job"; echo "$cron_remarks"; echo "$cron_job" ) | crontab -
    
    #Create Scan file
    touch "$USB_SCAN_LOG"
    
    # Running Script once
    echo "Executing USB Passthrough Script"
    /usr/bin/bash "$SCRIPT"
# endregion Install

# Uninstall
else
# region Uninstall
    # Removing Cron
    echo "Removing USB Pass-through cron"
    # Remove both entries in one operation
    ( crontab -l 2>/dev/null | grep -v -F "$cron_remarks" | grep -v -F "$cron_job" ) | crontab -

    # Restoring Original File
    if [ -e $DIR/usb-policy.conf.original ]; then
        cp -f "${DIR}/usb-policy.conf.original" /etc/xensource/usb-policy.conf
        echo "Original Config Restored"
    else
        echo "Original Config not found, skipping..."
    fi

    # Removing Directory
    echo "Removing install directory"
    rm -rf "$DIR"

    #Restoring Original Scan
    /opt/xensource/libexec/usb_scan.py -d > /dev/null
    # shellcheck disable=SC2086 
    xe pusb-scan host-uuid=$CURRENT_UUID
fi
# endregion Uninstall
      Script version - v2.0 (tested on XCP-NG 8.3)

      Changelog:

      • Automatic Change Detection (Only runs when there is a change in configuration.)
      • Automatically backs up previous configuration if changed.
      • Optimized Code
      #!/bin/bash

## This script installs/uninstalls /etc/xensource/usb-policy.conf to be overwritten on every boot
#Variables
DIR=/opt/usb_passthrough_conf
SCRIPT="${DIR}/usb-passthrough-config.sh"
USB_SCAN_LOG="${DIR}/usb-scan.log"

# Declare variables for Cron
cron_remarks="# USB Passthrough Override"
cron_job="@reboot /usr/bin/bash $SCRIPT > /dev/null"

# Get current UUID required for scanning USB devices
CURRENT_UUID=$(grep -i installation_uuid /etc/xensource-inventory | cut -d'=' -f2- | tr -d "'\"")

# Install
if [ "$1" != "--remove" ]; then
# region Install
    # Create Directory
    echo "Creating Directory ${DIR}"
    mkdir -p $DIR
    
    # Create Config File
    # ^@Edit Config File (only contents, not file-name)
    echo "Creating Config File"
    cat <<-EOF > "${DIR}/usb-policy.conf"
# When you change this file, run 'xe pusb-scan' to confirm
# the file can be parsed correctly.
# You can also run '/opt/xensource/libexec/usb_scan.py -d' to see
# debug output from the script parsing this configuration file.
#
# Syntax is an ordered list of case insensitive rules where # is line comment
#  and each rule is (ALLOW | DENY) : ( match )*
#  and each match is (class|subclass|prot|vid|pid|rel) = hex-number
# Maximum hex value for class/subclass/prot is FF, and for vid/pid/rel is FFFF
#
# Rules are ordered so that the first matching rule will override
# any other rules for the device below it
#
# USB Hubs (class 09) are always denied, independently of the rules in this file
DENY: vid=17e9 # All DisplayLink USB displays
DENY: class=02 # Communications and CDC-Control
ALLOW:vid=056a pid=0315 class=03 # Wacom Intuos tablet
ALLOW:vid=056a pid=0314 class=03 # Wacom Intuos tablet
ALLOW:vid=056a pid=00fb class=03 # Wacom DTU tablet
DENY: class=03 subclass=01 prot=01 # HID Boot keyboards
DENY: class=03 subclass=01 prot=02 # HID Boot mice
DENY: class=0a # CDC-Data
DENY: class=0b # Smartcard
DENY: class=e0 # Wireless controller
DENY: class=ef subclass=04 # Miscellaneous network devices
ALLOW: # Otherwise allow everything else
EOF
    
    # Create Script
    echo "Creating USB Passthrough script"
    cat <<-EOF > "$SCRIPT"
#!/bin/bash
# Script to overwrite usb passthough policy and scan USB devices

# Enable Backup for current config (set to false to disable)
BACKUP_ORIGINAL="true"

# Check if original differs from our config
if ! cmp -s /etc/xensource/usb-policy.conf "${DIR}/usb-policy.conf"; then
    # Get current UUID (required for scanning USB devices)
    CURRENT_UUID=\$(grep -i installation_uuid /etc/xensource-inventory | cut -d'=' -f2- | tr -d "'\\"")
    
    # Backup current Config file (if backup is enabled)
    if [ "\$BACKUP_ORIGINAL" = "true" ]; then
        # Files differ - backup original with incremented suffix
        i=1
        while [ -e "${DIR}/usb-policy\${i}.conf.backup" ]; do
            i=\$((i + 1))
        done
        cp -f /etc/xensource/usb-policy.conf "${DIR}/usb-policy\${i}.conf.backup"
        echo "USB PASSTHROUGH: Backed up original config to ${DIR}/usb-policy\${i}.conf.backup"
    fi
    
    # Copy User Config to /etc/xensource/usb-policy.conf
    cp -f "${DIR}/usb-policy.conf" /etc/xensource/usb-policy.conf
    echo "USB PASSTHROUGH: Copied user config to /etc/xensource/usb-policy.conf"

    # Scan USB Devices
    /opt/xensource/libexec/usb_scan.py -d > "${USB_SCAN_LOG}"
    xe pusb-scan host-uuid=\$CURRENT_UUID
else
    echo "USB PASSTHROUGH: Config files are the same, skipping..."
fi
EOF
    
    # Make Script executable
    chmod +x "$SCRIPT"
    
    # Backup Original File
    echo "Backing up original Config"
    cp -f /etc/xensource/usb-policy.conf "${DIR}/usb-policy.conf.original" 
        
    # Creating Cronjob for running script at every re-start
    echo "Installing Cron Job for USB Pass-through"
    # Remove existing entries (if any) and re-add to ensure they're consecutive
    ( crontab -l 2>/dev/null | grep -v -F "$cron_remarks" | grep -v -F "$cron_job"; echo "$cron_remarks"; echo "$cron_job" ) | crontab -
    
    #Create Scan file
    touch "$USB_SCAN_LOG"
    
    # Running Script once
    echo "Executing USB Passthrough Script"
    /usr/bin/bash "$SCRIPT"
# endregion Install

# Uninstall
else
# region Uninstall
    # Removing Cron
    echo "Removing USB Pass-through cron"
    # Remove both entries in one operation
    ( crontab -l 2>/dev/null | grep -v -F "$cron_remarks" | grep -v -F "$cron_job" ) | crontab -

    # Restoring Original File
    if [ -e $DIR/usb-policy.conf.original ]; then
        cp -f "${DIR}/usb-policy.conf.original" /etc/xensource/usb-policy.conf
        echo "Original Config Restored"
    else
        echo "Original Config not found, skipping..."
    fi

    # Removing Directory
    echo "Removing install directory"
    rm -rf $DIR

    #Restoring Original Scan
    /opt/xensource/libexec/usb_scan.py -d > /dev/null
    # shellcheck disable=SC2086 
    xe pusb-scan host-uuid=$CURRENT_UUID
fi
# endregion Uninstall
      posted in Development
      G
      gb.123