RE: XCP-ng Center: Future

Hey thanks for working on XCP-ng Center -- I find it a really useful tool.

Is this a README that describes how your project differs from XenCenter.

FWIW -- I had a similar problem with VMs going randomly down -- it wasn't windows but various BSD and Linux VM's. Sometimes they would run a few days, other times they would lock up every other day. Logs didn't help because when the VM locked, logs were not written. I even had the xcp-ng installation lock a few times, although it was usually on of the VMs. I started searching for faulty hardware and eventually SMART tested all the drives and mem86 the RAM. Turns out I had some bad RAM modules which I later RMA'd. With new RAM (after after thoroughly testing it), I haven't had any lock ups. I'm not sure this will help you at all.

@nikade Hey thanks for for the link. I ended up just using a LetsEncrypt cert rather than self signed. I think had to add a DNS host override on my router to associate the Local LAN address of the xo server with the domain name of the server contained in the certificate -- Like 10.0.1.50 ---> xo.example.com. Thanks for pointing me in the right direction on this one.

@jmccoy555

I tried the method you linked to with github. I was excited at first when I saw the containers tab in the UI. Later I created a number of docker containers and such within the VM. I came back later to the XO UI and saw none of the new containers. This feature seems a little bit borked to me.

@julien-f

Ahh - very nice -- I guess the point of my post was pointless.

Thanks for help.

@julien-f

I reviewed your commit, however I don't understand your heading (remove TLS config to use native settings).

If not specified in the config.toml file, what are the native settings? Where are these specified?

@julien-f

Snippet of config.toml file:

# These options are applied to all listen entries.
[http.listenOptions]
# Ciphers to use.
#
# These are the default ciphers in Node 4.2.6, we are setting
# them explicitly for older Node versions.
ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA'

# Tell Node to respect the cipher order.
honorCipherOrder = true

# Specify to use at least TLSv1.1.
# See: https:#github.com/certsimple/minimum-tls-version
minVersion = 'TLSv1.2'

secureOptions = null

#secureOptions = 117440512

At least for me including those options didn't work.

Oct 27 14:54:32 ubuntuxo systemd[1]: Started XO Server.
Oct 27 14:54:33 ubuntuxo xo-server[103642]: ✖ Unexpected character, expected "nan" at row 115, col 18, pos 3784:
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 114:
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 115> secureOptions = null
Oct 27 14:54:33 ubuntuxo xo-server[103642]:                       ^
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 116:
Oct 27 14:54:33 ubuntuxo xo-server[103642]: TomlError: Unexpected character, expected "nan" at row 115, col 18, pos 3784:
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 114:
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 115> secureOptions = null
Oct 27 14:54:33 ubuntuxo xo-server[103642]:                       ^
Oct 27 14:54:33 ubuntuxo xo-server[103642]: 116:

If I changed the secureOptions back to prior value with minTLS version the server would at least start, however I have no way to verify if functioning correctly.

Hi I'm referencing a part of the XO configuration found in the config.toml file:

# Specify to use at least TLSv1.1.
# See: https:#github.com/certsimple/minimum-tls-version
secureOptions = 117440512

I visited the site referenced however I don't see any numbers that would indicate the secureOptions directive. The site has examples such as the following:
secureOptions: minimumTLSVersion('tlsv11')

On this site there isn't any mention regarding the use of numbers. How did the configuration decide on this setting?? I'd like to use tlsv12 as minimum.

@stormi

I'll try to install package again manually once I upgrade to 8.1. Unfortunately for me on 8.0 the firewall port wasn't opened. I'll report once I upgrade.

I know this topic is quite old but I thought I might add a point here to installing Netdata manually.

Installing Netdata manually
If you want to do it your way, no problem Just run yum install netdata-ui on each host you want to monitor and that's it. You can just go on http://host_address:19999 and enjoy all the metrics.

These instructions are correct however at least for me in the xcp-ng 8.0 release there is an active firewall in place. You'll need to open the port 19999 within iptables. The config file for iptables is /etc/sysconfig/iptables. Edit the file to open the port and try to be as restrictive if possible possible filtering by source port. Restart the firewall service:

systemctl restart iptables.service

Access can be further restricted as well within the netdata setup as documented here: https://docs.netdata.cloud/web/server/. You can setup psuedo access-control-lists and even add SSL certs if necessary.

Hey thanks for working on XCP-ng Center -- I find it a really useful tool.

Is this a README that describes how your project differs from XenCenter.

Hi I'm running CE XO edition.

I'm getting a lot of this in my log files:

sudo journalctl -u xo-server -f -n 50
-- Logs begin at Sun 2019-03-03 17:19:51 CST. --
Dec 10 14:21:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:22:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:23:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:24:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:25:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:26:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:27:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:28:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:29:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:30:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:31:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:32:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:33:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!
Dec 10 14:34:00 ubuntu_xo xo-server[105558]: [load-balancer]Execute plans!

Just curious the reason why? I don't have any load balancer activity specified.

Small nitpick -- you can tell me to go away. Anyway to install certs so I can view the data using https?