RE: XCP-ng 8.0.0 Beta now available!

@cocoon said in XCP-ng 8.0.0 Beta now available!:

... ah forget it, I see, CentOS is using the old versions since long time ...

Yeah the chances that we'd change the version of such a low level package just for added functionality are very low.

@AllooTikeeChaat yum considers that your medata are recent enough. Ask it to clean them: yum clean all.

@AllooTikeeChaat You can now try.

That's why I told that I'm waiting for the main mirror to sync
And the build machine is having a "I'm feeling all slow" moment.

zfs is not part of the default installation, so you need to install it manually using yum from our repositories. Documentation on the wiki has not been updated yet for 8.0: https://github.com/xcp-ng/xcp/wiki/ZFS-on-XCP-ng
Now the zfs packages are directly in our main repositories, no need to add extra --enablerepo options. Just yum install zfs.

I've just built an updated zfs package (new major version 0.8.0 instead of the 0.7.3 that was initially available in the repos for the beta) in the hope that it solves some of the issues we had with previous versions (such as VDI export or the need to patch some packages to remove the use of O_DIRECT). I'm just waiting for the main mirror to sync to test that it installs fine.

No one raised their hands, and yet an update candidate for 7.5 is available with the fixes backported from 7.6.

Install it with

yum update --enablerepo='xcp-ng-updates_testing' microcode_ctl xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools

We've tested it locally, works fine for us.

Installing Xen Orchestra Appliance directly from the browser

The Xen Orchestra team has provided us with a way to install XOA directly from your browser by simply visiting the IP address of your freshly installed host.

Try it!

Good morning, afternoon, evening or night to everybody.

The beta release of XCP-ng 8.0 is available right now .

What's new

• Based on Citrix Hypervisor 8.0 (see https://xen-orchestra.com/blog/xenserver-7-6/).
• New kernel (4.19), updated CentOS packages (7.2 => 7.5)
• Xen 4.11
• New hardware supported thanks to the new kernel. Some older hardware is not supported anymore. It's still expected work in most cases but security cannot be guaranteed for those especially against side-channel attacks on legacy Intel CPUs. See Citrix's Hardware Compatibility List. Note: in 7.6 we've started providing alternate drivers for some hardware. That's something we intend to keep doing, so that we can extend the compatibility list whenever possible. See https://github.com/xcp-ng/xcp/wiki/Kernel-modules-policy.
• ). Note: in 7.6 we've started providing alternate drivers
• Experimental UEFI support for guests (not tested yet: have fun and report!)
• An updated welcome HTML page with the ability to install Xen Orchestra Appliance directly from there (see below). Tell us how it works for you and what you think of it!
• A new implementation of the infamous emu-manager, rewritten in C. Test live migrations extensively!
• Mirrors: you can offer mirrors and yum now pulls from them: https://github.com/xcp-ng/xcp/wiki/Mirrors
• Already includes the latest patches for MDS attacks.
• The net-install installer now checks the signature of the downloaded RPMs against our GPG key, which is becoming more important now that we're delegating downloads to mirrors.
• Status of our experimental packages:
  • ext4 and xfs support for local SR are still considered experimental, although no one reported any issue about it. You still need to install an additional package for it to work: yum install sm-additional-drivers.
  • We still have the experimental ZFS support and zfs packages have been updated to 0.7.13. The known limitations (no VDI export...) remain for now.
  • No more modified qemu-dp for Ceph support, due to stalled issue in 7.6 (patches need to be updated). However the newer kernel brings better support for Ceph and there's some documentation in the wiki: https://github.com/xcp-ng/xcp/wiki/Ceph-on-XCP-ng-7.5-or-later.
  • Alternate kernel: none available yet for 8.0, but it's likely that we'll provide one later.
• New repository structure. updates_testing, extras and extras_testing disappear and there's now simply: base,updatesandtesting`. Extra packages are now in the same repos as the main packages, for simpler installation and upgrades.
• It's our first release with close to 100% of the packages rebuilt in our build infrastructure, which is Koji: https://koji.xcp-ng.org. Getting to this stage was a long path, so even if it changes nothing for users it's a big step for us. For the curious ones, more about the build process at https://github.com/xcp-ng/xcp/wiki/Development-process-tour.

Documentation

At this stage you should be aware that our main documentation is in our wiki and you should also know that you can all take part in completing it. Since the previous release, it has improved a lot but there's still a lot to improve.

How to upgrade

As usual, there should be two different upgrade methods: classical upgrade via installation ISO or upgrade using yum.

However, the yum-style update is not ready yet. Since this is a major release, Citrix does not support updating using an update ISO, and the consequence for us is that the RPMs have not been carefully crafted for clean update. So it's all on us, and we plan to have this ready for the RC (release candidate).

Before upgrading, remember that it is a pre-release, so the risks are higher than with a final release. But if you can take the risk, please do and tell us how it went and what method you used! However, we've been testing it internally with success and xcp-ng.org already runs on XCP-ng 8.0 (which includes this forum, the main repository and the mirror redirector) !

Although not updated yet, the Upgrade Howto remains mostly valid (except the part about yum-style upgrade, as I said above).

• Standard ISO: http://mirrors.xcp-ng.org/isos/8.0/xcp-ng-8.0.0-beta.iso
• Net-install ISO: http://mirrors.xcp-ng.org/isos/8.0/xcp-ng-8.0.0-netinstall-beta.iso
  • Do not use the pre-filled URL which still points at XCP-ng 7.6. Use this instead: http://mirrors.xcp-ng.org/netinstall/8.0
• SHA256SUMS: http://mirrors.xcp-ng.org/isos/8.0/SHA256SUMS
• Signatures of the sums: http://mirrors.xcp-ng.org/isos/8.0/SHA256SUMS.asc

It's a good habit to check your downloaded ISO against the SHA256 sum and for better security also check the signature of those sums. Although our mirror redirector does try to detect file changes on mirrors, it's shoud always be envisioned that a mirror (or in the worst case our source mirror) gets hacked and managed to provide both fake ISOs and SHA256 sums. But they can't fake the signature.

Stay up to date

Run yum update regularly. We'll fix bugs that are detected regularly until the release candidate. Subscribe to this thread (and make sure to activate mail notifications in the forum parameters if you need them): we'll announce every update to the beta here.

What to test

Everything!

Report or ask anything as replies to this thread.

A community effort to list things to be tested has been started at https://github.com/xcp-ng/xcp/wiki/Test-XCP

Latest XCP-ng security bulletin, dedicated to the recently discovered MDS attacks on Intel CPUs. Update available but also requires extra steps for full mitigation.

Full story here: https://xcp-ng.org/blog/2019/05/21/xcp-ng-security-bulletin-mds-hardware-vulnerabilities-in-intel-cpus/

Raise your hands if you're still using XCP-ng 7.5 and badly need an update. As you know, we try to support the N-1 release of XCP-ng on a best-effort basis, but backporting the fixes may not be trivial, and 7.5 is very close from end of support from us with the upcoming release of XCP-ng 8.0.

Announcement live: https://xcp-ng.org/blog/2019/05/21/xcp-ng-security-bulletin-mds-hardware-vulnerabilities-in-intel-cpus/

Was a long write but should be a short read

I have pushed the update to the updates repo. Security bulletin should follow shortly on the blog.

Upping this thread in the hope for more test results.

@Ultra2D For this update, I think you could try with a slave first, since it's only an update of xen (and microcode_ctl), so I don't expect incompatibilities in pool management. But I wouldn't guarantee that cross-host operations such as migrations would work fine.