RE: Introduce yourself!

Greetings! I am seasoned security engineer and that brings with it the need for a lab, automation, and prototyping. Intel NUCs, VMware workstation, and ESXi in my home lab was my MO.

For the past few years I have been putting my home Lab projects on github, and they now include XCP-ng testing. My lab is now split XCP-ng and proxymox. (good-bye Broadcom)

In the Cyber space I'm blue team, shifting more purple. The authentication with XCP-ng bugs me, but I'm happy with the automation potential.

Folding@Home and Unifi are my other fun projects.

@splastunov said in Disable TX checksumming with API:

XAPI

Thank you, I found https://xapi-project.github.io/xen-api/networking.html

Greetings! I am seasoned security engineer and that brings with it the need for a lab, automation, and prototyping. Intel NUCs, VMware workstation, and ESXi in my home lab was my MO.

For the past few years I have been putting my home Lab projects on github, and they now include XCP-ng testing. My lab is now split XCP-ng and proxymox. (good-bye Broadcom)

In the Cyber space I'm blue team, shifting more purple. The authentication with XCP-ng bugs me, but I'm happy with the automation potential.

Folding@Home and Unifi are my other fun projects.

Currently I manually disable on TX checksumming on OPNsense firewalls per recommendation.

Is there (undocumented) XO API support for this?

Manual process:
Click the VM
Click the Network tab
Next to each interface is a small settings icon with a blue background
For every interface click the gear icon then disable TX checksumming

I currently have a bunch of Check Point firewall VMs in my lab and they have a several interfaces each. I would like to disable checksumming on all interfaces via API, ansible, and (ideally) terraform.

@Danp thank you for that information.

When I wasn't using Terraform, I followed that advice.

The Windows built-in templates change the boot process fundamentally, requiring "press any key to boot from CD/DVD". If you find another way to resolve it issue, I would love to hear it.

Re-creating the Windows Server 2022 template off of "Other installation media" instead of the built-in template solved the problem.

I will repeat this on the Windows 10 template to confirm.

EDIT: Confirmed Windows 10 working using same solution.

BLUF: creating new VMs from my custom Windows 10 and Windows Server 2022 templates works, but using terraform I get failures.

Console messages
Boot device: Hard Disk - success.
Boot device: CD-Rom - failure: could not read boot disk

No bootable device.
Powering off in 30 seconds.

from my workstations.tf file

data "xenorchestra_template" "workstation-template" {
name_label = "win10-template"
}
[...]
resource "xenorchestra_vm" "branch1-1" {
memory_max = 4294934528
cpus = 1
name_label = "branch1-1"
name_description = "Windows 10 workstation 1 in branch 1"
template = data.xenorchestra_template.workstation-template.id
depends_on = [ xenorchestra_network.vlan_network_201]
disk {
sr_id = data.xenorchestra_sr.local.id
name_label = "workstation-1-1-disk"
size = 137437904896
}
network {
network_id = data.xenorchestra_network.branch1mgt.id
}
}
[...]

I created my own name_label (e.g. "worksation-1-1.disk") based on the system name.

Is there a proper way to clone my windows templates? (i did sysprep on the server 2022 systems before creating the server 2022 template)

Full details https://github.com/doritoes/NUC-Labs/tree/xcp-ng-improvement/XCP-ng/terraform (my entire XCP-ng build is documented there)

Thank you!

EDIT: Add that the original templates I created were based on the build-in templates for Windows, <ins>not</ins> "Other source media"

@AtaxyaNetwork Thank you for the feedback.

It looks like there's now way around completing my VMs and converting to them templates. But that's ok!

I took your advice and am successfully creating my own templates manually. One good thing with VyOS is I can enable xe-guest-utilities in the template, something I wanted to do in cloud-init.

I will use Ansible to configure the router.

To looks like I need to learn about packer since VyOS has some packer builds

https://github.com/vyos-contrib/packer-vyos

Hey, new to forum.

BLUF: How can I create a VM from ISO file using terraform? Things seem to have changed--I have tried what I found online and keep running into issues.

Xen Orchestra latest commit cb6cf
XCP-ng 8.2.1 (GPLv2)
vatesfr/xenorchestra v0.29.0

Want to use terraform to create a VyOS router in XCP-ng. I have done before manually. I would like to create the VM for the VyOS router from the ISO with the correct interfaces.

It looks like I can't use the template "Other install media" and supply a cdrom{}. When I try, the iso file is not found.

In the future, I would like to use cloud-init to spin up the VyOS router. Until then, I'm looking to spin up with terraform and configure using Ansible.

Here is the full code.
https://github.com/doritoes/NUC-Labs/tree/xcp-ng-improvement/XCP-ng/terraform

The full XCP-ng build steps I used are documented there too.

data "xenorchestra_network" "wan" {
  name_label = "Pool-wide network associated with eth0"
}
data "xenorchestra_network" "build" {
  name_label = "build"
  depends_on = [xenorchestra_network.vlan_network_100]
}
data "xenorchestra_template" "template" {
  name_label = "Other install media"
}
data "xenorchestra_sr" "local" {
  name_label = "Local storage"
}
data "xenorchestra_sr" "ISO" {
  name_label = "ISO"
}
data "xenorchestra_vdi" "vyos_rolling" {
  name_label = "vyos-1.5-rolling-202407010024-amd64.iso"
}
resource "xenorchestra_vm" "vyos" {
  memory_max = 1073733632
  cpus       = 2
  #cloud_config  =
  name_label = "vyos"
  name_description = "vyos router"
  template = data.xenorchestra_template.template.id
  cdrom {
    id = data.xenorchestra_vdi.vyos_rolling.id
  }
  disk {
    sr_id      = data.xenorchestra_sr.local.id
    name_label = "vyos-router-disk"
    size       = 8589869056
  }
  network {
    network_id = data.xenorchestra_network.wan.id
  }
  network {
    network_id = data.xenorchestra_network.build.id
  }
}