RE: Reworking the 'xe-guest-utilities' Repo

@olivierlambert @stormi

So I have been working on this repo for about a month now and it is in a far worse state than I ever imagined. I showed the codebase to some golang pro's and they pretty much roasted every aspect of the original source code. It uses multiple depreciated packages, breaks multiple best practices that golang considers to be fundamental to portability and future-proofing, has a complete lack of any documentation on a variety of esoteric calls, and the source code does not compile against GOOS=freebsd.

I was hoping I could just make some quick changes to clean up this repo for the XCP-NG community but this is a huge endeavor to get in a good place for the future. I would very much like to continue work on this but it has become clear to me that a small team of developers will be required to finish this in a timely fashion. I would suggest creating a new repo called XCP-guest-tools as a properly upgraded version of this repo would rewrite 40%-60% of the original source code to bring it up to a reasonable standard. I also think at that point it would be extremely unlikely that Citrix would ever merge the changes so splitting off to a newly named package would go a long way to avoid confusion about versions and source.

For those interested, since we have put a ton of work into beefing up os detection, I have forked our work into a separate repo. This was something I needed for a variety of my opensource projects install scripts and I hope it will also be helpful for others.

You can check it out here. https://github.com/JustinTimperio/nixinfo

For example, on my desktop, this single command returns the following:

❯ curl -s https://raw.githubusercontent.com/JustinTimperio/nixinfo/master/nixinfo.sh | sh

Distribution='ARCH'
Full_Name='Arch Linux'
Package_Manager='pacman'
Kernel='5.8.14'
Major='rolling'
Minor='rolling'
Patch='rolling'

Or my Nginx host returns:

❯ curl -s https://raw.githubusercontent.com/JustinTimperio/nixinfo/master/nixinfo.sh | sh

Distribution='FREEBSD'
Full_Name='FreeBSD 12.1-RELEASE'
Package_Manager='pkg'
Kernel='1201000'
Major='12'
Minor='1'
Patch='n/a'

@ravenet Thanks so much! I'll add these examples to our new test case folder I will definitely be in touch when we are ready to test on SLES!

An Update on Progress:

I have a new collaborator working with me on reworking these tools which should help with development. He uses XCP-ng as well and is pretty familiar with all the OS's I'm currently planning on officially supporting.

Actual progress has been a little sporadic as we pull apart these tools. The complete lack of documentation has made auditing the Go tedious, as I personally am not familiar with the xenbus standard and/or the data-structure Citrix is using pass info to dom0. The more I pull apart this repo, the more I am questioning the sanity of the Citrix developers. My gut feeling is a lot of this is legacy code that no one wanted to fix or touch for that matter. At some point when we get closer to a proper release, I'll create a list of all the bizarre and poorly designed code we found.

We do have a working makefile and the tools do compile correctly into a generic package.tgz, but there are still a number of things that need to be fixed before it would function on a guest os. I'm also currently in the process of auditing the use of unsafe.Pointer( ) in the existing wrapper for 'timerfd_settime' calls. I'm not really sure why this was done and using the unsafe package is typically bad practice in any production code. It explicitly breaks Go compatibility guidelines and type safety which is kind of the point of Go IMO

@stormi You bring up some interesting points. I want to make it clear, my intention is not to abandon the creation of a generic tarball. I just also want to include a full package build process for each distro that is officially maintained. My plan was to message the current maintainers of xe-guest-utilites for each distro and strike up a convo.

My goal is to provide that package, that contains the ISO, the ISO itself containing the various variations of the xe-guest-utilities packages and the install.sh script. This my need as XCP-ng packager.

Ahhhh I see what you mean now. Sure that should be pretty easy. I also wanted to create a 'net-install.sh' so users won't even need to mount an iso, just run something like curl net-install-url | sudo bash.

Another maintenance point is that the more distros you support, the more new releases of those distros you'll have to test when they go out.

Yeah, I have def thought about that. I'm still not totally sure how I want to address it, but I currently have custom templates in my cluster for each of these distros. By using the xoapi and PRT I'm pretty confident that I can fully automate the build, and testing process. Another alternative is a custom travis-ci cluster but I'll cross that bridge when I get there.

I don't know, but there are at least test cases: https://github.com/xenserver/xe-guest-utilities/tree/master/mk/testcases

I checked those out but that dir contains /etc/rhel-release rather than /etc/os-release which I generally prefer. We can always figure that out later but currently, this new script provides more os info in way fewer lines. (Sample output here)

O, also do you know anyone willing to help with RHEL and SLES testing? I don't have access to enterprise distros I can test or build on. Idk what is even in their /etc/os-release at this point? (I threw away Citrix distro identification script and rewrote it from scratch. It's 1/3 as long and supports way more distros

don't hesitate to "release early and often" that work of yours so that you can get early feedback and make reviewing easier.

Total agreement here. Unfortunately, I am basically rebasing the entire repo so none of my changes are in a fully functional state and not in a place where I could create a PR. If you want to track my progress check out this repo.

providing makefiles for more package managers is not a priority in my eyes.

For me, this one of my main priorities. I am of an 'open-source first' mentality and placing the burden on each distributions package maintainers is a bit backward in my eyes. Citrix already supports enterprise clients, and basically only updates rpm and deb packages. My goal is to bring all opensource, free distributions up to the same level of compatibility and support as enterprise. In addition, by placing the burden on each distributions team, updates have been largely ignored. Freebsd, Fedora, Ubuntu, CentOS, etc all have xe-guest-utilities that are in some cases, years out of date.

One of my priorities, however, is to build our own binaries instead of using those provided by Citrix

I'm a little confused about this statement. Since I am patching security issues in the go code itself, we will have to compile these into our own binaries, and therefore a separate package(not called xe-guest-utilities for obvious versioning conflict issues). Makefiles will be separated in a similar-ish way to how they are in the Citrix Repo. The core makefile creates a secure temp go build environment, then generates the target binaries. From there, each distribution has it own makefile (in Citrix repo mk/Makefile.deb and mk/Makefile.rpm), which then take the compiled binaries and collects the other various files needed to package these into a xe-guest-utilities.deb or xe-guest-utilities.deb.

If you want to help on that front, the ideal situation would be to be able to build them in Koji.

I can't speak to Koji, I've never used it. Honestly, building the binaries is like the easiest part of this process(you just need to setup some gopaths). I was just gonna use the tool wrote to natively build a package for each distro in its target distro(IE build fedora packages inside fedora), then return the compiled packages to an endpoint.

will you stay around for the next few years to continue maintaining that code, fix bugs, help review PRs, etc?

Just depends if the work I've done gets adopted or not. I usually take on projects when they have a direct impact on my life and also helps the community. I use a lot of distros and I'm really sick of having second rate drivers on non deb and rpm based systems. It solves a problem for me so I will maintain them for at least that reason. My hope obviously, is that this work will be helpful for people using none deb and rpm systems as well, I just try not to get too attached to how many people are using an opensource project I write. It can be really discouraging if you put hundreds of hours into a project for the community that then is never used.

I was trying to avoid making a Citrix account lol. (I have a strong distaste for them, for reasons I will cover below)

After digging through the Citrix repo, I have found somethings that frankly infuriate me. Citrix has really no desire to support the opensource community as seen in this comment and their total lack of responsiveness in fixing issues. For instance, this issue, opened and fixed by a member of the fedora team, has sat for over a year. They also have zero documentation anywhere in the code base, and from issues like this they have no intention of adding it. Citrix has abandoned the opensource model to try and compete with VMWare.

While I can understand your desire to maintain some relation with Citrix, I personally have no desire to help them. They have burned their goodwill with the opensource community and this is why, I assume, you started XCP-ng. Moving forward, my desire is to turn this repo into a peer-reviewed, well documented, and actively maintained repository. If Citrix would like to use the improvements XCP-ng makes that's fine, but I don't want my work to sit for years in a pull request that will never be merged by Citrix.

A quick update on progress:

• Added support in install.sh for OpenSuse
• Rebuilt the security audit process of go binaries from python2 --> python3.
• Improved the audit process pretty dramatically.
• Started patching 23 security issues found by the new audit process.
• Started adding documentation across the entire repo.

Up next:

• New package makefiles for the following package managers.
  - apt/dpkg
  - yum/dnf
  - zypper/yast
  - pacman
  - pkg
  - apk
• New test process for xe-linux-distribution

@stormi I've tried that but all the downloads are behind a login wall.

Hey @stormi could you send me an original Citrix iso with its tagged version? I'm trying to figure out if they are making changes before shipping by comparing checksums.

@olivierlambert @stormi

Having tests will be a great argument to become the new upstream

Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

This weekend I was able to finish the first tool I needed to help streamline the process of testing and building these tools. Its something I'm just calling PRT(Parallel Remote Terminal) for now. I currently have a number of testbeds in my cluster but testing manually on each is a huge pain. PRT is a tool that allows a user to define a group of remote hosts using a yaml file, then send the same command in parallel to each host. PRT returns the connection status, output, and errors on each host directly back to your machine. I hope you won't judge too hard on the quality of my code and docs because this was built in space of 48 hours lol.

You can check it out here:
https://github.com/JustinTimperio/prt

I'll clean this up and improve it over the coming weeks but obviously, this is just tooling to help facilitate the actual work of improving these tools.

Okay yeah, that works. Wow, what the hell then... So basically the management engine is a totally pointless output as far as determining the xe-guest-utilities version. I would have thought that the management engine was == to utilities version.

• FreeBSD 12.1 is xe-guest-utilities-6.2.0_3.txz and Management agent 6.2 detected
• Alpine Linux 3.11 is xe-guest-utilities-7.17.0-r1.apk and Management agent 6.6 detected
• Ubuntu 20.04 is xe-guest-utilities_7.16.0-2_amd64.deb and Management agent 8.0 detected

@stormi said in Reworking the 'xe-guest-utilities' Repo:

Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

Yeah, that is the bain of every multi-distro project. I am actually tooling something right now that can hopefully do that. It won't be the most advanced thing on the face of the earth but it will at least allow for testing on multiple distro's at once. Will prob take me a few days to finish.

Okay, I think I am starting to get the picture here.

XO is reporting what's XAPI is seeing.

@olivierlambert Not sure it's pulling from that command. The only thing that the XAPI returns that is relevant is PV-drivers-detected ( RO): true. If I run xe-param-list someuuid | grep 8.0 I get nothing. (Could totally be wrong here)

Official versioning is, as far as I can tell, that of the tags in

@stormi Okay weird, so they don't use releases but they will bump versions using tags if they edit a file....

It's most likely because they haven't synced the sources recently. I doubt they provide binaries built by Citrix.

@stormi That's disconcerting...

I think there's absolutely no logic, sadly…

Yeah, that's why I wanted to fork this into something that actually follows open-source standards lol. Most of my desire to move this into a separate repo is to avoid all these issues, which IMO, makes the Xen project look kind of poorly. When I was a noob, I spent so many hours trying to understand what guest tools were and why none of the versions were the same. Its been over a year now and sadly it has nothing to do with skill level. The tools are poorly maintained and versioned. Since Citrix is doing such a poor job, I think becoming the new upstream developer and supplier of these tools is a far more achievable option than trying to get Citrix to pull it together. XCP-ng as an open-source project can work directly with distro developers to unify and standardize these tools and make sure all distros are up to date.

Furthermore, by actually developing these tools and adding new features that Citrix is neglecting, XCP can 'corner' the market so to speak. I would way rather see you all grow and succeed over Citrix or VMware.

Hey @stormi

Okay, that clarifies some things. There is a metric ton of stuff to discuss here but rather than try and hit it all I'll try and focus on the really important stuff first.

• So when you say you don't have the build tools yourself, what does that mean exactly? If you have a working go dev environment, there is a makefile that will generate source. It won't make the individual packages (.deb, .rpm, .pkg) but that is pretty trivial in the scope of this. Does this mean you are not building these tools from source for each release?
• Can you clarify the versioning for me? (Let's use ubuntu as a test case to reduce complexity) The official Ubuntu Repos contain version xe-guest-utilities_7.10.0-0_amd64.deb as the most recent version. The XCP-ng tools iso on the other hand contains version xe-guest-utilities_7.16.0-2_amd64.deb. Is this because Ubuntu has yet to accept new versions built by Citrix and provided through their iso?
• What is the meaning of the management agent version in XO? This has been adding to my confusion about what is actually getting versioned here.

@olivierlambert Who on your team maintains/packages the iso? The versioning seems to be way off and I'm not sure what to make of it.

In the 8.1 iso, the iso reports xe-guest-utilities_7.16.0-2_all.tgz but if I build from source I get xe-guest-utilities_6.6.80-121_x86_64.tgz. Even weirder, XO reports management versions that don't even exist.

My Ubuntu 20.04 VM reports xe-guest-utilities/now 7.11.0-1 amd64 [installed,local] but the package you have in the iso is xe-guest-utilities_7.16.0-2_amd64.deb but XO is reporting Management agent 8.0 detected

The only XO VM's that actually report the correct version are the ones provided in official repo's like FreeBSD, Alpine, and Gentoo.

Furthermore, for the life of me, I can't figure out who the hell is responsible for the source code. Like Ubuntu says that the package provides "xe-daemon for monitoring Virtual Machines on a Xen Hypervisor." but Gentoo says that the package is "XenServer Virtual Machine Tools". Is it part of the Xen Project or is it owned by "Citrix XenServer"? All the xe-guest-utilities packages are supported by the official teams (Canonical, Gentoo, RHL) but they don't link to where the code is actually being versioned? Does each team pull from the source then version themselves?

Not sure we could make a case for being upstream because IDK where that even is?

Sorry if this is ranty/sounds like an insane person wrote it, but I am so lost right now. I feel like I'm in versioning hell.

Do you keep a list of all the distro's you support? I am looking at converting the shell into go, but I want to make sure I am accounting for the edge cases.

Currently, I am looking to officially support:

RHL:

• CentOS
• Fedora
• REHL (I don't have a copy to test on)

Deb:

• Debian
• Ubuntu
• Kali
• Mint
• MX
• Tails
• Kylin

Arch:

• Arch Linux
• Manjaro

BSD:

• FreeBSD
• OpenBSD

OpenSuse:

• Leap
• TumbleWeed

Random:

• Alpine Linux
• Gentoo

Yeah, I agree on not growing the gap but from what I have seen looking at the issues and pull requests on the origin repo, they aren't very responsive. I think also a lot of the changes I would like to make wouldn't be very well received. They support so many dead and depreciated distros its kind of insane. Right of the bat, I would want to remove support for CoreOS(EOL), Scientific Linux(Dead), Asianux(Dead), Boot2Docker(Dead), TurboLinux(Dead), etc. (They seem to really want to support Asian distros)

Also, I have every major distro working in my cluster so testing won't be much of an issue for me. We can setup unit tests pretty easy to depending on how much testing is actually needed.

Hi All,

After adding support for Alpine Linux, I found the state of the xe-guest-utilities repo to be in pretty bad condition. This is mostly Citrix fault but at this point, I think XCP-ng has grown large enough that full rework is justified. The Go itself looks reasonable but has somethings worth changing. There also seems to be a large number of 'dead' files and a LOT of very poorly formatted and documented shellcode.

If anyone as an interest in me reworking this repo I can take a look at cleaning this up into something far more 'professional' and better suited for XCP-ng. I currently have a pull request submitted if you would like to look at the work I have done so far.

https://github.com/xcp-ng/xe-guest-utilities/pull/2

Best,
Justin

JustinTimperio opened this pull request in xcp-ng/xe-guest-utilities

closed Major Update To Guest Utilities #2