RE: Upgrade to XO v5.105 seems broken

@ph7 Thank you. It seems to work like that. I'll wait for this fix.

@olivierlambert Happy to hear

@olivierlambert you are not checking the typescript level traces that's why there's no errors happening at your end.

@olivierlambert PostgreSQL is good at scale, btw I'm opening an issue in the XO repo so that I'll be aware to any action to this feature either now or in future. Thank you.

@olivierlambert said in SQL Database support and XO HA:

wait for the next major modification

what about XO6 the full revamped version of XO?

Hello,

As we know, XO uses Redis as its database for data storage. If something goes wrong at the Redis level, everything goes dark. You mentioned that we can back up the XO configuration and re-import it, but that’s not a complete solution.

If we are fully dependent on XO to manage a large infrastructure, there should be proper persistence at the XO level. Additionally, there should be official documentation on XO HA (High Availability) so that we can implement load balancing and ensure redundancy.

@olivierlambert ack.

@olivierlambert please update.

I created a resourceSet and set the maximum RAM to 4 GiB. Then, I created a VM within this resourceSet and checked the RAM from inside the VM console. It showed the same value as set in XO. However, when I increased the RAM from XO, exceeding the limit defined in the resourceSet, XO allowed me to do so. Upon checking the VM console again, it reflected the new RAM allocation. This leads me to believe that the resourceSet is not enforcing the defined limit.

ss:

After Increament:

I am getting the red error and when I check the error it shows nothing.

@nathanael-h @olivierlambert

extending this thread because still relevant

The console is using RFB protocol for streaming, right now each user who have an access to a VM console is seeing the same console that is seen by other. Is there any way to give each user their own console?

@DustinB

I deleted all data from redis and now I am not able to access anything. Please tell me what is stored in redis? Also How can I import the config without having any access to my admin account?

I am loading web-hooks plugin in my XO which is from sources. I am getting this error.

plugin.load
{
  "id": "web-hooks"
}
{
  "code": 10,
  "data": {},
  "message": "plugin not configured",
  "name": "XoError",
  "stack": "XoError: plugin not configured
    at invalidParameters (/opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-common/api-errors.js:26:11)
    at default.loadPlugin (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/plugins.mjs:224:13)
    at Xo.apply (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/api/plugin.mjs:61:14)
    at Xo.call (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:269:25)
    at file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:421:33
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Task.runInside (/opt/xo/xo-builds/xen-orchestra-202503111011/@vates/task/index.js:175:41)
    at Task.run (/opt/xo/xo-builds/xen-orchestra-202503111011/@vates/task/index.js:159:31)
    at run (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:421:16)
    at Api.#callApiMethod (file:///opt/xo/xo-builds/xen-orchestra-202503111011/packages/xo-server/src/xo-mixins/api.mjs:469:24)"
}

@DustinB We have a redis/valkey cluster deployed and I want to use this redis/valkey for my XO where do I have to configure the connectivity? I do not want put the load on the same VM where XO is deployed.

• I want to have HA between my XO's like this (It's must irrespective of state and backups)

How the syncing will behave between n instances of XO's? assume one request is served by xo1 will this change be visible to xo2? vice versa.

AFAIK, Xen Orchestra (XO) is stateless and relies on Redis for database operations. What happens if my XO instance goes down?

• Will all users created in XO be removed?
• Will it erase all ACLs assigned to each user?
• Will it erase all self-service configurations?
• If we restart XO and reconfigure the pools, will it change the UUIDs of pools, hosts, or servers?
• Will existing VMs and their configurations remain intact, or will they need to be re-imported?
• Will the connection to XCP-ng hosts be lost, requiring manual reconfiguration?
• Does XO store any persistent data that needs to be backed up to prevent loss?
• If XO is restored from a backup, will it automatically reconnect to the existing XCP-ng infrastructure?
• How can we ensure high availability for XO to prevent disruptions?

@nathanael-h I got more information as I am still observing few things regarding the console. I got to know that there is no authentication at all on console level and on per user basis.

My test use case

Vm -> Ubuntu

vm:5173 -> custom app
vm:3000 -> custom api server

vm:ngnix:80/443

• rncp.nayatel.com -> localhost:5173
• rncpbe.nayatel.com -> localhost:3000

My XOA is running on xenorchestra1.nayatel.com which is on private network and my vm is allow in the route so I can connect to it. Now my custom work and XOA is on the same domain with same SSL certs. Now When I go to my rncp.nayatel.com and place any VM ID in the query param then the console for my VM is accessible on my custom web app and my this app is calling an api to rncpbe.nayatel.com for authentication only and returns the wss url to my frontend app and then my frontend app uses that url and create the socket on noVNC and console gets accessed.

From this It is my conclusion that XOA do not perform authentication on console access it only checks the cross-domain and it also do not need token in cookies for console authentication.

@olivierlambert @nathanael-h

I am able to solve this and access the vm-consoles on my web app. I deployed the xen orchestra from sources and run on localhost then I run my custom web app on localhost and pass my admin token to set in the cookies and then I got the access to the consoles.

But when I try to access the console from a different domain then it does'nt work cause it is a cross browser cookie issue. Browser rejects to store the cookie of my production XO. Now I do not know any other way to resolve this cause the authentication mechanism you guy are using is token in cookie.

suggestion: noVNC supports username & password in the url what if we perform authentication for consoles like this too. Also what about token in query params?

@Chico008

ACLs are used to assign rights to the guest users. As you said you have an admin who can do anything. In case you want to go with acl then your guest can get no leverage by using ACL

create vm

You as an admin will create VMs and manage other stuff but you then have ability to give three type of rights to the guest user.

admin, operator, viewer

In case of VMs when you give the admin right to a user then it means that user can have ability to anything with that VM.

Delete, Reboot, etc

But from you query you said that you want to give a right to guest user to

create/run the vms

to achieve this you have to look Self Service feature which is supported in XO from sources and in Premium XOA

In self service you have ability to create resource sets which are pools, storage, networks, templates etc, and assign a user or group to it.

@nathanael-h

this is my code to test console for vms but I am not able to access it. Actually I have to access the console but I do not know how do auth for this.