RE: Introduce yourself!

Greetings! I am seasoned security engineer and that brings with it the need for a lab, automation, and prototyping. Intel NUCs, VMware workstation, and ESXi in my home lab was my MO.

For the past few years I have been putting my home Lab projects on github, and they now include XCP-ng testing. My lab is now split XCP-ng and proxymox. (good-bye Broadcom)

In the Cyber space I'm blue team, shifting more purple. The authentication with XCP-ng bugs me, but I'm happy with the automation potential.

Folding@Home and Unifi are my other fun projects.

@andSmv Thanks for taking a look at it. It's not really needed for a modern platform.

In virtual box I can set the pointing device to PS/2.

How can I set the pointing device to be a PS/2 mouse in XCP-ng 8.3? The first release of Ubuntu Warty Warthog is an example where this is needed.

@splastunov said in Disable TX checksumming with API:

XAPI

Thank you, I found https://xapi-project.github.io/xen-api/networking.html

Greetings! I am seasoned security engineer and that brings with it the need for a lab, automation, and prototyping. Intel NUCs, VMware workstation, and ESXi in my home lab was my MO.

For the past few years I have been putting my home Lab projects on github, and they now include XCP-ng testing. My lab is now split XCP-ng and proxymox. (good-bye Broadcom)

In the Cyber space I'm blue team, shifting more purple. The authentication with XCP-ng bugs me, but I'm happy with the automation potential.

Folding@Home and Unifi are my other fun projects.

Currently I manually disable on TX checksumming on OPNsense firewalls per recommendation.

Is there (undocumented) XO API support for this?

Manual process:
Click the VM
Click the Network tab
Next to each interface is a small settings icon with a blue background
For every interface click the gear icon then disable TX checksumming

I currently have a bunch of Check Point firewall VMs in my lab and they have a several interfaces each. I would like to disable checksumming on all interfaces via API, ansible, and (ideally) terraform.

@Danp thank you for that information.

When I wasn't using Terraform, I followed that advice.

The Windows built-in templates change the boot process fundamentally, requiring "press any key to boot from CD/DVD". If you find another way to resolve it issue, I would love to hear it.

Re-creating the Windows Server 2022 template off of "Other installation media" instead of the built-in template solved the problem.

I will repeat this on the Windows 10 template to confirm.

EDIT: Confirmed Windows 10 working using same solution.

BLUF: creating new VMs from my custom Windows 10 and Windows Server 2022 templates works, but using terraform I get failures.

Console messages
Boot device: Hard Disk - success.
Boot device: CD-Rom - failure: could not read boot disk

No bootable device.
Powering off in 30 seconds.

from my workstations.tf file

data "xenorchestra_template" "workstation-template" {
name_label = "win10-template"
}
[...]
resource "xenorchestra_vm" "branch1-1" {
memory_max = 4294934528
cpus = 1
name_label = "branch1-1"
name_description = "Windows 10 workstation 1 in branch 1"
template = data.xenorchestra_template.workstation-template.id
depends_on = [ xenorchestra_network.vlan_network_201]
disk {
sr_id = data.xenorchestra_sr.local.id
name_label = "workstation-1-1-disk"
size = 137437904896
}
network {
network_id = data.xenorchestra_network.branch1mgt.id
}
}
[...]

I created my own name_label (e.g. "worksation-1-1.disk") based on the system name.

Is there a proper way to clone my windows templates? (i did sysprep on the server 2022 systems before creating the server 2022 template)

Full details https://github.com/doritoes/NUC-Labs/tree/xcp-ng-improvement/XCP-ng/terraform (my entire XCP-ng build is documented there)

Thank you!

EDIT: Add that the original templates I created were based on the build-in templates for Windows, <ins>not</ins> "Other source media"

@AtaxyaNetwork Thank you for the feedback.

It looks like there's now way around completing my VMs and converting to them templates. But that's ok!

I took your advice and am successfully creating my own templates manually. One good thing with VyOS is I can enable xe-guest-utilities in the template, something I wanted to do in cloud-init.

I will use Ansible to configure the router.

To looks like I need to learn about packer since VyOS has some packer builds

https://github.com/vyos-contrib/packer-vyos