P
Offline
@rzr We've found a regression in the VM revert with the new version of xapi (26.1.11)
The CD VBDs of the pre-revert are not removed when reverting, this means that the reverted VM usually ends up with duplicated VBDs for CDs.
We've verified a fix for it and we're integrating it as soon as possible. This means that this test cycle will take longer.
@mdm Similar to the name-description parameter, the CLI ignores this parameter.
The expected way to use would be to set the field value after the SR has been created.
I'll make a work item to change the CLI and warn of ignored parameters so confusion like this doesn't happen
This is a problem with the CLI, the parameter is not read and instead an empty string is used. The same situation happens with sr-introduce.
It should be a very quick fix, I don't know why it was done since the beginning.
I've opened the PRs upstream:
https://github.com/xapi-project/xen-api/pull/7066
https://github.com/xapi-project/xen-api/pull/7067
@psafont do you know if it's already available since then in XCP-ng 8.3? If yes, worth checking XO team to also making this option visible in the UI
Yes, we're shipping xapi 26.1.3, which includes this enhancement.
Hi @andrew, thank you for your feedback, the fallback option you're suggesting will work but it will downgrade the security of your system, we suggested to update clients:
If users need to take action, I would rather recommend users to do something that raises the security floor, like generating new keys with newer, future-looking ciphers, like ed25519:
ssh-keygen -t ed25519 -C "<email>"
for server in $servers do ; ssh-copy-id $server; done
@MajorP93 It's being packaged at the moment. between this and the testing that needs to be done it might take a couple of weeks to be released, but I can't promise anything yet
@dinhngtu Xenopsd does not have a concept of snapshot. Because I understand that "freezing" the VM means suspending it, I think that the suspend hook will get triggered in any snapshot with memory
@dinhngtu It's possible to run hooks inside the control domain on different stages of VM lifecycle operations, but these need to be installed beforehand, see https://xapi-project.github.io/new-docs/xenopsd/design/hooks/index.html
I think the vm-pre-suspend is the name of the hook the does this, but I can't confirm it. The docuementation is missing the hook, but it exists in the source code: https://github.com/xapi-project/xen-api/blob/master/ocaml/xenopsd/lib/xenops_hooks.ml#L37
@olivierlambert This was fixed by xenserver last year: https://github.com/xapi-project/xen-api/pull/6328
For XCP-ng, the team decided they didn't like the solution, and there's work on a better solution, but it's not ready yet
@olivierlambert Because Andriy did quite a bit of work before this merge, xcp-ng depends on xenserver releasing the package to the clients before we can integrate it into xcp-ng. I'd say we can release the package February at the earliest
@olivierlambert XCP-ng will include an option to keep hosts disabled after reboot. This will be part of the next update for xapi. (25.33.1) This was contributed upstream by Andriy and is used by adding an extra parameter to disable: xe host-disable uuid=$HOST auto-enable=false.
@olivierlambert said in XOCE - ISO upload is renamed after upload to ISO SR:
I think we discussed it internally, IIRC it's not XO doing any renaming, but the toolstack. Adding @andriy.sultanov or @psafont in the loop
I'm not sure about that, xapi is quite conscious it cannot rename these ISOs, in the few places I've seen it mentioned. I did not see any place in xapi that could have renamed these, nor reproduce it in my system.
I see at least on a couple of instances that the pool join is being forced. Please don't do this unless you understand the checks being ignored.
What's the result of a pool join without the force option?
Do both hosts have tls verification enabled?
If not, run xe pool-enable-tls-verification. This will set up the certificates for pool communication correctly for the hosts in that pool and turn on TLS verification for pool communication.
If yes, run xe host-list --minimal | xargs -I _ xe host-param-get uuid=_ param-name=name-label | xargs -I _ xe host-refresh-server-certificate host=_. This will reset the certificates for all the hosts in the pool.
Try running the normal join command after doing these steps, and report whether it went well, or report the error.
@jmannik ah, indeed. Do you know which server / interface holds the IP 192.168.30.13? I suspect is still VMHost13, but a different interface.
Until the members have configured their master as 192.168.30.13, you'll have this error. This can be done by a call, but since it's a delicate operation, it's better if there are no operations running on the pool. SSH into the VMHost13, and run
xe host-list name-label=VMHost13 --minimal | xargs -I _ xe pool-designate-new-master host-uuid=_
This should write the new IP to the files of all the pool members and stop blocking this issue from enabling HA
@jmannik The IPs match, and now I don't have an explanation on why is this happening, I'll take another look at the codepath, but that'll have to take a while, as work is piling up
@jmannik Could you collect the file contents of /etc/xensource/pool.conf from all the other hosts? The command is failing in one of them, not on the master host.
So we probably need to tell XO team the "right way" to enable HA because there's no way to know from "outside it's not meant to, xapi makes the call automatically.
I don't think so, it's xapi's responsibility to make that call
@olivierlambert The call is indeed hidden from the docs, and only callable from inside a pool... it's called as part as Pool.enable_ha
@jmannik
So the problem goes like this:
I'm not sure what has actually happening, but some scenarios come to mind:
things to check out:
= and pressing tab twice.xe pool-param-get uuid=POOL_UUID param-name=master | xargs -I _ xe host-param-get uuid=_ param-name=address
cat /etc/xensource/pool.conf
Let us know how it goes. If the IPs don't match, there's a problem with the configuration of the member, and otherwise it's because the local database is outdated and should be refreshed before enabling HA. I don't know how XO handles it.
@jmannik I have a test build that you can test, it will hopefully provide better error messages by raising an internal error with a reason.
The code is based on the newest builds, so I recommend updating to the latest version of XCP beforehand:
yum update
reboot
Once that is done, the test packages can be installed by [deleted, packages removed from repository]
Note: the repository will only be available for a limited amount of time, after which I will repurpose it and delete the instructions so it's not used anymore by accident.