XCP-ng

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. stormi
    3. Posts
    • Profile
    • Following 0
    • Followers 12
    • Topics 34
    • Posts 855
    • Best 227
    • Controversial 0
    • Groups 3

    Posts made by stormi

    • RE: Updates announcements and testing

      @normanghenderson They do 🙂

      c6ac1e0f-aaef-426c-b1d0-7702183e6cf9-image.png

      posted in News
      stormi
      stormi
    • RE: Host Patch Installation Failure | "global name 'commmand' is not defined"

      The error message about commmand masks the actual error that occurred (it's an error raised during error handling itself).

      Please try to do the update from CLI so that we may see the actual error from yum.

      https://xcp-ng.org/docs/updates.html#how-to-apply-the-updates

      posted in Xen Orchestra
      stormi
      stormi
    • RE: Updates announcements and testing

      @NielsH DRPW and SBDR are related to MMIO (and thus PCI Passthrough), but there are other vulnerabilities that are not related to it.

      posted in News
      stormi
      stormi
    • RE: Updates announcements and testing

      The update is published. Thanks for your tests!

      Blog post: https://xcp-ng.org/blog/2022/06/27/june-2022-security-update-2/

      posted in News
      stormi
      stormi
    • RE: Updates announcements and testing

      New security update (xen, Intel CPUs)

      Xen is being updated to mitigate hardware vulnerabilities in Intel CPUs.

      • Upstream (Xen project) advisory: XSA-404
      • Citrix Hypervisor Security Bulletin (which also covers vulnerabilities that we already fixed in the previous update): https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

      Impact of the vulnerabilities - I'll quote Citrix' security team here: "may allow code inside a guest VM to access very small sections of memory data that are actively being used elsewhere on the system"

      Test on XCP-ng 8.2

      From an up to date host:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
      reboot
      

      Versions:

      • xen-*: 4.13.4-9.23.1.xcpng8.2

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      ~2 days.

      posted in News
      stormi
      stormi
    • RE: XCP-ng 8.2.1 (maintenance update) - final testing sprint

      @KPS Hi. This thread is now inactive sop please open a new thread dedicated to your issue.

      posted in News
      stormi
      stormi
    • RE: XCP simply hangs

      @olivierlambert I don't think so 🤔

      posted in Compute
      stormi
      stormi
    • RE: vGPU AMD mxgpu iso nowhere to find

      Yes, I think so.

      posted in Compute
      stormi
      stormi
    • RE: vGPU AMD mxgpu iso nowhere to find

      It's well hidden in AMD's website and you can't even find it with a text search!

      Select your card model then you'll find a download for Citrix Hypervisor.

      69fb39bc-22a8-49b8-9a60-1b56c20ce018-image.png

      07c14512-402d-4d67-aa70-f99b67806ba9-image.png

      posted in Compute
      stormi
      stormi
    • RE: Updates announcements and testing

      Update released (xen + uefistored). Thanks for your tests!

      Blog: https://xcp-ng.org/blog/2022/06/13/june-security-update-1/

      posted in News
      stormi
      stormi
    • RE: Updates announcements and testing

      New security update (xen)

      Impact: when the conditions are met (roughly: CPU Model, PV guest + PCI passthrough or race condition exploitation), an attacker in a malicious VM may escalate privilege and control the whole host.

      Upstream (Xen project) references: XSA-401 and XSA-402

      Test on XCP-ng 8.2

      From an up to date host:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
      reboot
      

      Versions:

      • xen-*: 4.13.4-9.22.2.xcpng8.2

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      ~2 days.

      posted in News
      stormi
      stormi
    • RE: Updates announcements and testing

      To me, this uefistored update is ready, but I'll group it with the next updates.

      Test feedback remains welcome.

      posted in News
      stormi
      stormi
    • RE: Netdata package is now available in XCP-ng

      Additional notes:

      • my last update attempt ended in curl: (6) Could not resolve host: github.com; Unknown error because the spec file started defaulting to downloading stuff from github when a distro must build everything using only the RPM sources and our build environment has no internet access on purpose. So this means I must re-bundle sources that were unbundled upstream. I had already done such work previously for other components that are downloaded during the RPM build.
      • EPEL now has a netdata RPM that seems to be updated regularly (currently at 1.34.1) and which I could probably light-fork. It will probably be more suited to the needs of a distro maintainer than the upstream spec file which is tailored for the needs of the netdata project itself (you often see this dichotomy between upstream developers and downstream packagers, as in the example I gave earlier of a spec file that does what no distro would allow: download stuff dynamically at build time).
      posted in News
      stormi
      stormi
    • RE: Netdata package is now available in XCP-ng

      The netdata version is rather old because XCP-ng 8.2 is a LTS and netdata sadly doesn't have long term maintenance branches that would guarantee an absence of regressions. And I've had serious issues with netdata on XCP-ng in the past (disk full due to a bug that I reported at the time, fixed since but now I completely disable disk writes and let only netdata use a limited RAM database, just in case), so I'm not eager to update often as long as it is working and no unpatchable major security issues are found.

      And given the pace at which netdata evolves, each update is a significant amount of packaging work for me 🙂

      I will provide an update at some point, in the testing repository at least, but I don't know when exactly.

      posted in News
      stormi
      stormi
    • RE: Windows VM cannot start (FAILED_TO_START_EMULATOR)

      @AlexanderK said in Windows VM cannot start (FAILED_TO_START_EMULATOR):

      @stormi should i try to install what is at the guide?
      running this?
      secureboot-certs install

      If you want to use secure boot, yes. BTW there's an update candidate to fix a recent issue with microsoft servers. See https://xcp-ng.org/forum/post/49373

      posted in Compute
      stormi
      stormi
    • RE: Windows VM cannot start (FAILED_TO_START_EMULATOR)

      @AlexanderK Secure Boot was not supported and the switch did nothing before XCP-ng 8.2.1. Now it really attempts to enforce it and fails because you probably didn't install the Secure Boot certificates to the pool.

      https://xcp-ng.org/docs/guides.html#guest-uefi-secure-boot

      posted in Compute
      stormi
      stormi
    • RE: Windows VM cannot start (FAILED_TO_START_EMULATOR)

      Make sure you haven't enabled secure boot by mistake on the VMs.

      posted in Compute
      stormi
      stormi
    • RE: Updates announcements and testing

      @Andrew That's because install is a sub-command: secureboot-certs install -h.

      Anyway, if download fails (you can test by using "test" as the user agent for example), the option will be mentioned.

      posted in News
      stormi
      stormi
    • RE: Secure Boot Download Fails

      Update candidate available to fix certificate download: https://xcp-ng.org/forum/post/49373

      posted in Development
      stormi
      stormi
    • RE: secureboot-certs install fails

      Update candidate available to fix certificate download: https://xcp-ng.org/forum/post/49373

      posted in Development
      stormi
      stormi