RE: create a new vm using a iso setting cpu ram network via api

@markxc said in create a new vm using a iso setting cpu ram network via api:

Out of curiosity: how do you handle the Xen Orchestra appliance installation?

We use Packer, a Debian iso and an Ansible playbook in the ansible provisioner. See https://developer.hashicorp.com/packer/integrations/hashicorp/ansible/latest/components/provisioner/ansible

With this setup, we achieve these tasks:

• Create VM, mount ISO, perform install, and detect when installation is complete
• Shut down the VM
• Export VM as an OVA template

We also have a CI/CD pipeline doing this automatically.

@irtaza9 I am glad to read you find a solution that works for you. And thanks for sharing!

Hello there, we released a new Pulumi Xen Orchestra provider last month ! It's worth noting that the work on this was started by some contributors from DESY, and that now we (Vates) commit to support and maintain it. This demonstrate the strength of joined work from both community and Vates on free and open source softwares

So what is offered is to declare your infrastructure as code, in Javascript or Typescript, Go, or Python (pick the one you prefer ) and to deploy, maintain, and update it.

https://github.com/vatesfr/pulumi-xenorchestra/

@irtaza9 Hey, I tried quickly on my local laptop but was not able to handle to auth. So I asked internally who already knows how this works. (Unfortunately I cannot spend multiple hours on this)

Hello, the Hub is offered as is. We'll update the available templates soon. In the meantime you can convert any VM to be a template.
More here :

• https://docs.xen-orchestra.com/vm-templates

Hello @nick.lloyd, the logic of expected_ip_cidr = "10.0.0.0/16" is available in Terraform, not in XO. But as you're building a Python script you could implements there the same logic: define a variable for your expected cidr, and poll the IP of the VM until it matches.

Else, as you're using Python, you might be interested by the Pulumi Python SDK we will release this month. It allows you to easily define your infrastructure as code like with Terraform, but using Python There you will also have the expected_ip_cidr param, in Python..

https://pypi.org/project/pulumi-xenorchestra/
https://github.com/vatesfr/pulumi-xenorchestra/
https://www.pulumi.com/product/infrastructure-as-code/

@dsmteam Yes I totally agree, a user who logs out from XO, might also have the choice to logout from all SSO'ed applications. That would be for the feature request list

Many thanks for sharing this @Jonathon ! @Cyrille and I will look for this because we also want to ease the deployment of Kubernetes on XCP-ng/XO.

Hello, thanks for the report. Actually XO does not implement Single Log Out. So it is expected that only the session related to XO is invalidated when the user click on the logout button.
Maybe something to add in XO6 ping @pdonias ?

@Davidj-0 Let me ping @thomas-dkmt about doc

@bufanda I think we'll be able to add backup support to Terraform when 1. the provider will use the new Rest API, and 2. when this API will offer endpoints for backups management. I took note. (This won't be done in minutes )
About Ansible, it'll depends also if/when we start work on it.

@kiu Thanks, it's in our backlog. We'll update you when it would move to planned tasks.

@kagbasi-ngc it looks like the same issue you had in https://xcp-ng.org/forum/topic/10140/bsod-with-inaccessible-boot-device-after-uninstalling-the-xcp-ng-guest-tools/ is the solution suggested by @dinhngtu works here?

@kagbasi-ngc I am not sure, but I would force shutdown it from XO, then boot it again. If it does not work I'd try some fail safe mode, but I did not used Windows VMs that much this last years. Maybe someone else would be more helpful...

Hello, are the guest tools and drivers installed on this Windows VM https://docs.xcp-ng.org/vms/#windows ?

@wezke Hello, can you switch to this latest version of the provider, ensure that your configuration is still valid or fix what would be needed, and report how it behaves?

https://registry.terraform.io/providers/vatesfr/xenorchestra/latest

@HamiltonWDS Thanks for the report. As it works with wget let use it! I'll switch from curl to wget in doc. In the meantime some colleagues will investigate more.

Hi again, I tried to reproduce the issue, but obviously as I do not have the same LDAP server and content as yours it is not easy. So I setup the plugin as follow:

User filter: (|(objectclass=posixAccount))
ID Attribute: uid

Group filter: (objectclass=posixGroup)
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

With this I can see :

• All the groups synced from LDAP to XO
• Users inside the groups (from the groups page)
• Users belong to un number of groups (from the users page)

I also tuned the config as follow:

User filter: (&(objectclass=posixAccount)(uid={{name}})
ID Attribute: uid

Group filter: (&(objectclass=posixGroup)(cn=group1))
ID Attribute: gidNumber
Display name attribute: cn

Group attribute: memberUid
User attribute: uid

• Only the group1 is synced
• User and group matching works as expected.

Then is the two cases, I could create ACL that grant admin priviliges on one or more objects to a group and so its users.

Can you trigger a group sync and look for error in logs?

Hello @propsoft I made a quick test: I'm running Firefox and changed the settings about download location to "always ask where to download files", then from XO-lite, when I export a VM I am being prompted where to save the exported file. I hope this will help you a little bit

Hi @yag ! I will look more on the LDAP group sync topic. But just to share with you how we manage users on a lab : as shared by Olivier we use OIDC, and once the user is created (on first login) we can manually define him as an admin (Permissions column on Users page). Isn't this working with LDAP users as well?