RE: XOA deploy error

@HamiltonWDS Thanks for the report. As it works with wget let use it! I'll switch from curl to wget in doc. In the meantime some colleagues will investigate more.

Hi again, I tried to reproduce the issue, but obviously as I do not have the same LDAP server and content as yours it is not easy. So I setup the plugin as follow:

User filter: (|(objectclass=posixAccount))
ID Attribute: uid

Group filter: (objectclass=posixGroup)
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

With this I can see :

• All the groups synced from LDAP to XO
• Users inside the groups (from the groups page)
• Users belong to un number of groups (from the users page)

I also tuned the config as follow:

User filter: (&(objectclass=posixAccount)(uid={{name}})
ID Attribute: uid

Group filter: (&(objectclass=posixGroup)(cn=group1))
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

• Only the group1 is synced
• User and group matching works as expected.

Then is the two cases, I could create ACL that grant admin priviliges on one or more objects to a group and so its users.

Can you trigger a group sync and look for error in logs?

Hello @McHenry I wanted to share with you that we've just build a new images for XOA and the proxy. You might want to try it and keep us posted.

Hello @propsoft I made a quick test: I'm running Firefox and changed the settings about download location to "always ask where to download files", then from XO-lite, when I export a VM I am being prompted where to save the exported file. I hope this will help you a little bit

Hello @guiand888

You could use compose in your inventory file like this:

plugin: community.general.xen_orchestra
api_host: xo.example.com
user: admin
password: mypass
validate_certs: true
use_ssl: true
groups:
    gp1: "'gp1' in tags"
    gp2: "'gp2' in tags"
compose:
  ansible_user: "'admin' if 'gp1' in tags else 'anotheradmin' if 'gp2' in tags"

I made some local tests, this should do what you need. Maybe @shinuza has a better suggestion for writing the Jinja2 expression in the compose key.

Hello @kbsp @stefanflegg and @fatek, a new XOA image has just been uploaded. Can you test it and keep us posted?

@kagbasi-ngc it looks like the same issue you had in https://xcp-ng.org/forum/topic/10140/bsod-with-inaccessible-boot-device-after-uninstalling-the-xcp-ng-guest-tools/ is the solution suggested by @dinhngtu works here?

@kagbasi-ngc I am not sure, but I would force shutdown it from XO, then boot it again. If it does not work I'd try some fail safe mode, but I did not used Windows VMs that much this last years. Maybe someone else would be more helpful...

Hello, are the guest tools and drivers installed on this Windows VM https://docs.xcp-ng.org/vms/#windows ?

@wezke Hello, can you switch to this latest version of the provider, ensure that your configuration is still valid or fix what would be needed, and report how it behaves?

https://registry.terraform.io/providers/vatesfr/xenorchestra/latest

@HamiltonWDS Thanks for the report. As it works with wget let use it! I'll switch from curl to wget in doc. In the meantime some colleagues will investigate more.

Hi again, I tried to reproduce the issue, but obviously as I do not have the same LDAP server and content as yours it is not easy. So I setup the plugin as follow:

User filter: (|(objectclass=posixAccount))
ID Attribute: uid

Group filter: (objectclass=posixGroup)
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

With this I can see :

• All the groups synced from LDAP to XO
• Users inside the groups (from the groups page)
• Users belong to un number of groups (from the users page)

I also tuned the config as follow:

User filter: (&(objectclass=posixAccount)(uid={{name}})
ID Attribute: uid

Group filter: (&(objectclass=posixGroup)(cn=group1))
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

• Only the group1 is synced
• User and group matching works as expected.

Then is the two cases, I could create ACL that grant admin priviliges on one or more objects to a group and so its users.

Can you trigger a group sync and look for error in logs?

Hello @propsoft I made a quick test: I'm running Firefox and changed the settings about download location to "always ask where to download files", then from XO-lite, when I export a VM I am being prompted where to save the exported file. I hope this will help you a little bit

Hi @yag ! I will look more on the LDAP group sync topic. But just to share with you how we manage users on a lab : as shared by Olivier we use OIDC, and once the user is created (on first login) we can manually define him as an admin (Permissions column on Users page). Isn't this working with LDAP users as well?

Hello @guiand888

You could use compose in your inventory file like this:

plugin: community.general.xen_orchestra
api_host: xo.example.com
user: admin
password: mypass
validate_certs: true
use_ssl: true
groups:
    gp1: "'gp1' in tags"
    gp2: "'gp2' in tags"
compose:
  ansible_user: "'admin' if 'gp1' in tags else 'anotheradmin' if 'gp2' in tags"

I made some local tests, this should do what you need. Maybe @shinuza has a better suggestion for writing the Jinja2 expression in the compose key.

@tking-f5 Could you share the version of kubernetes you tried to install, and the raw logs of the task pending?