This is fantastic news! Thanks for sharing it. Olivier mentioned that something might be in the works but didn't mention much more than that.
I've used DRBD on various projects in the past and been nothing but impressed by it. It would be interesting to see if you could reach out to the folks behind HA-Lizard as well; they've got a lot of experience with DRBD on Xen systems.
@stormi So far, so good for my systems with the re-updated kernel.
@stormi No regressions so far on my test pool with both sets of test updates installed.
@stormi Updated my 8.0 test server and all seems to be working just fine so far.
@stormi Yup, I did just before trying to install the test update so I must have gotten it after you published. Everything seems to be working fine here afterward.
@stormi
This seems to be working well on my test pool.
@stormi Some quick testing of the alternate kernel on my test systems seems to be working fine with the not-unexpected issue that the XOSTOR test does not come up and run on it.
@stormi Thanks, I'll give the test script a try on my test Alpine installation and see if it works for me.
My OpenSUSE Leap 15.3 installation works just fine via secure boot with one warning/error message at boot. It's complaining that it can't generate a temporary hibernation key because of a missing EFI_RNG_PROTOCOL. Except for that, it works great under secure boot. If not being able to have hibernation support in the VM's operating system is the only issue, that's definitely minor and something I don't use and won't miss.
EDIT: I'm also going to try a fresh installation of Alpine into a VM set for secure boot and see how that works out. My test was trying to convert an existing VM that was successfully booting under UEFI without secure boot enabled.
EDIT 2: I've managed to get Alpine working as well. It appears that their Wiki entry on setting up secure boot isn't quite right yet. They have a utility which generates keys and creates a signed unified boot image. My best guess is that there is some problem with the signature on the boot image. I was able to get things working by enrolling the generated auth files for the VM uuid on the host system then booting the VM with secure boot disabled and using the sbsign utility to sign the boot image with the generated db key and certificate. It adds a second signature to the boot image which appears to be identical to the first one. Switching to secure boot mode and rebooting works on the re-signed boot image.
@stormi
This seems to be working well on my test pool.
@stormi Some quick testing of the alternate kernel on my test systems seems to be working fine with the not-unexpected issue that the XOSTOR test does not come up and run on it.
@stormi Thanks, I'll give the test script a try on my test Alpine installation and see if it works for me.
My OpenSUSE Leap 15.3 installation works just fine via secure boot with one warning/error message at boot. It's complaining that it can't generate a temporary hibernation key because of a missing EFI_RNG_PROTOCOL. Except for that, it works great under secure boot. If not being able to have hibernation support in the VM's operating system is the only issue, that's definitely minor and something I don't use and won't miss.
EDIT: I'm also going to try a fresh installation of Alpine into a VM set for secure boot and see how that works out. My test was trying to convert an existing VM that was successfully booting under UEFI without secure boot enabled.
EDIT 2: I've managed to get Alpine working as well. It appears that their Wiki entry on setting up secure boot isn't quite right yet. They have a utility which generates keys and creates a signed unified boot image. My best guess is that there is some problem with the signature on the boot image. I was able to get things working by enrolling the generated auth files for the VM uuid on the host system then booting the VM with secure boot disabled and using the sbsign utility to sign the boot image with the generated db key and certificate. It adds a second signature to the boot image which appears to be identical to the first one. Switching to secure boot mode and rebooting works on the re-signed boot image.
@stormi That worked to get the auth files generated using Alpine's instructions enrolled as far as I can tell but switching the VM to secure boot after that still fails, dropping me into a UEFI shell. Alpine 3.15 is the first version with secure boot support and it's possible there are still some glitches there.
Instead of that, I'm now trying to set up a secure boot with a fresh install of OpenSUSE leap 15.3 which I know does support secure boot and will see if that works out.
Testing UEFI VMs. So far working fine without secure boot. Having a problem with secure boot under Alpine Linux. They don't use MS certificates and a shim as a lot of distros do but instead have you generate a set of keys for your installation and then enroll them. It looks like this is a problem with enrolling the generated keys in the TianoCore boot firmware. I'll try with a different distro and see if it's any better with something different.
@stormi said in XCP-ng 8.2.1 (maintenance update) - ready for testing:
@jeffberntsen probably not. We'll need to rebuild some packages, like
smon top of the latest versions else you will lose needed specific patches that are not merged in the main branch yet.CC @ronan-a
That's what I thought but figured it wouldn't hurt to ask.
@stormi
Is it safe to install this on a machine where I'm already testing XOSTOR?
Found this -- https://support.citrix.com/article/CTX335564
Yes, that's how I found it as well. It's still not up on their blog as of this morning. I wonder if that's intentional.