RE: resourceSet issues

@olivierlambert ack.

@olivierlambert please update.

I created a resourceSet and set the maximum RAM to 4 GiB. Then, I created a VM within this resourceSet and checked the RAM from inside the VM console. It showed the same value as set in XO. However, when I increased the RAM from XO, exceeding the limit defined in the resourceSet, XO allowed me to do so. Upon checking the VM console again, it reflected the new RAM allocation. This leads me to believe that the resourceSet is not enforcing the defined limit.

ss:

After Increament:

I am getting the red error and when I check the error it shows nothing.

@nathanael-h @olivierlambert

extending this thread because still relevant

The console is using RFB protocol for streaming, right now each user who have an access to a VM console is seeing the same console that is seen by other. Is there any way to give each user their own console?

@DustinB

I deleted all data from redis and now I am not able to access anything. Please tell me what is stored in redis? Also How can I import the config without having any access to my admin account?

I am loading web-hooks plugin in my XO which is from sources. I am getting this error.

plugin.load
{
  "id": "web-hooks"
}
{
  "code": 10,
  "data": {},
  "message": "plugin not configured",
  "name": "XoError",
  "stack": "XoError: plugin not configured
    at invalidParameters (/opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-common/api-errors.js:26:11)
    at default.loadPlugin (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/plugins.mjs:224:13)
    at Xo.apply (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/api/plugin.mjs:61:14)
    at Xo.call (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:269:25)
    at file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:421:33
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Task.runInside (/opt/xo/xo-builds/xen-orchestra-202503111011/@vates/task/index.js:175:41)
    at Task.run (/opt/xo/xo-builds/xen-orchestra-202503111011/@vates/task/index.js:159:31)
    at run (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:421:16)
    at Api.#callApiMethod (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:469:24)"
}

@DustinB We have a redis/valkey cluster deployed and I want to use this redis/valkey for my XO where do I have to configure the connectivity? I do not want put the load on the same VM where XO is deployed.

• I want to have HA between my XO's like this (It's must irrespective of state and backups)

How the syncing will behave between n instances of XO's? assume one request is served by xo1 will this change be visible to xo2? vice versa.

AFAIK, Xen Orchestra (XO) is stateless and relies on Redis for database operations. What happens if my XO instance goes down?

• Will all users created in XO be removed?
• Will it erase all ACLs assigned to each user?
• Will it erase all self-service configurations?
• If we restart XO and reconfigure the pools, will it change the UUIDs of pools, hosts, or servers?
• Will existing VMs and their configurations remain intact, or will they need to be re-imported?
• Will the connection to XCP-ng hosts be lost, requiring manual reconfiguration?
• Does XO store any persistent data that needs to be backed up to prevent loss?
• If XO is restored from a backup, will it automatically reconnect to the existing XCP-ng infrastructure?
• How can we ensure high availability for XO to prevent disruptions?

@nathanael-h I got more information as I am still observing few things regarding the console. I got to know that there is no authentication at all on console level and on per user basis.

My test use case

Vm -> Ubuntu

vm:5173 -> custom app
vm:3000 -> custom api server

vm:ngnix:80/443

• rncp.nayatel.com -> localhost:5173
• rncpbe.nayatel.com -> localhost:3000

My XOA is running on xenorchestra1.nayatel.com which is on private network and my vm is allow in the route so I can connect to it. Now my custom work and XOA is on the same domain with same SSL certs. Now When I go to my rncp.nayatel.com and place any VM ID in the query param then the console for my VM is accessible on my custom web app and my this app is calling an api to rncpbe.nayatel.com for authentication only and returns the wss url to my frontend app and then my frontend app uses that url and create the socket on noVNC and console gets accessed.

From this It is my conclusion that XOA do not perform authentication on console access it only checks the cross-domain and it also do not need token in cookies for console authentication.

@olivierlambert @nathanael-h

I am able to solve this and access the vm-consoles on my web app. I deployed the xen orchestra from sources and run on localhost then I run my custom web app on localhost and pass my admin token to set in the cookies and then I got the access to the consoles.

But when I try to access the console from a different domain then it does'nt work cause it is a cross browser cookie issue. Browser rejects to store the cookie of my production XO. Now I do not know any other way to resolve this cause the authentication mechanism you guy are using is token in cookie.

suggestion: noVNC supports username & password in the url what if we perform authentication for consoles like this too. Also what about token in query params?

@Chico008

ACLs are used to assign rights to the guest users. As you said you have an admin who can do anything. In case you want to go with acl then your guest can get no leverage by using ACL

create vm

You as an admin will create VMs and manage other stuff but you then have ability to give three type of rights to the guest user.

admin, operator, viewer

In case of VMs when you give the admin right to a user then it means that user can have ability to anything with that VM.

Delete, Reboot, etc

But from you query you said that you want to give a right to guest user to

create/run the vms

to achieve this you have to look Self Service feature which is supported in XO from sources and in Premium XOA

In self service you have ability to create resource sets which are pools, storage, networks, templates etc, and assign a user or group to it.

@nathanael-h

this is my code to test console for vms but I am not able to access it. Actually I have to access the console but I do not know how do auth for this.

@MathieuRA @Danp Thank you so much

@nathanael-h your comments will help me to a lot. I am not able to access my vm console outside.

this is my url format to access the console.

wss://domain/api/consoles/vmid

I know we have to pass the token and I have a valid admin token but still I am not able to get it done.

@stormi omg, there should be a flag to on/off this feature. like when dom0 goes for update then it check the flag and process accordingly.

@techjeff

I have imported/uploaded my golden template to the pool on a SR then I checked my pool in xcp-ng center about it then I found that It stored my template in the pool on the SR which we attached to the pool and now that template is visible to all the host in that pool. I was looking to achieve the same thing. We are not going with NFS anymore as this is so simple to manage. But cross pool template sharing is still not available. Right now each SR have a unique UUID, It will be nice to have a persistent UUID for each custom template across all the pool.

https://github.com/vatesfr/xen-orchestra/issues/7690

@bvitnik, @techjeff Thank you brothers

olivierlambert created this issue in vatesfr/xen-orchestra

open Custom template replication between pools #7690

@Danp

XOA version: 5.103.1

as /networks endpoint take query params for filtration and return the same values in JSON I want the same in /vm-templates endpoint. I passed the UUID as a value to field key but the response is same.

I want to get more information about templates like which pool have this template available, name, description and other information so that I can extract vm-templates on the basis of pool id.