Install XOA using Host Internal Management Network

[wugutech]

I run sudo bash -c "$(curl -s https://raw.githubusercontent.com/ronivay/XenOrchestraInstallerUpdater/master/xo-vm-import.sh)"

Can we use Host Internal Management Network with the pre-built XOA? It says VM Started successfully, but I can't even ping from XCP-NG to that XOA,

My XCP-NG is totally fresh install,

Am I missing something?

[wugutech]

[ronivay]

You probably have to use DHCP to put VM into the internal management network (not entirely sure tbh, haven’t used it), it should get a link local address through that, but i wouldn't use it as you can't really access the GUI in any meaningful way. You should configure a network that you can use which preferrably is a "normal" bridged network where VM accesses the network behind a specific physical network interface(s).

See the documentation if you don't have any networks already: https://xcp-ng.org/docs/networking.html

[wugutech]

thanks for replying, I will work upon it,

[wugutech]

I simply re-install it and use name-label="Pool-wide network associated with eth0" I can see now the host able to ping the XOA,

From inside XOA I only can reach the host IP address, but not outside world, therefore I haven't able to access its web gui,

Could you advice? many thanks,

[dsiminiuk]

You may have to bind the VM to one of the Xen Bridge Ethernet devices.

Which xenbr_ bridge device has your management ip?

ip addr
<snip>
5: xenbr4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 38:bb:aa:ss:xx:14 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.xx/24 brd 192.168.1.255 scope global xenbr4

xenbr4 is the only way I can ping outside servers from the command line.

# ping -I xenbr4 www.microsoft.com
PING e13678.dscb.akamaiedge.net (23.203.17.160) from 192.168.1.43 xenbr4: 56(84) bytes of data.
64 bytes from a23-203-17-160.deploy.static.akamaitechnologies.com (23.203.17.160): icmp_seq=1 ttl=58 time=3.74 ms
64 bytes from a23-203-17-160.deploy.static.akamaitechnologies.com (23.203.17.160): icmp_seq=2 ttl=58 time=4.26 ms
64 bytes from a23-203-17-160.deploy.static.akamaitechnologies.com (23.203.17.160): icmp_seq=3 ttl=58 time=4.64 m

Is there a way to bind your XO vm to that?

I think the Host Internal Management network is internal/private to XAPI only.

[dsiminiuk]

Looking at the network code in xo-vm-import.sh It won't give you the xenbr_ device to choose so I would choose "LAN" in my case because that is where all my VMs are bound. And "LAN" is connected to xenbr4 (in my setup).

xe-network-list

[wugutech]

I have the management IP at xenbr0

[21:32 mf-hm80 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 1c:83:41:30:25:4a txqueuelen 1000 (Ethernet) RX packets 5699907 bytes 8553761596 (7.9 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 941861 bytes 77536867 (73.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 345876 bytes 8297282235 (7.7 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 345876 bytes 8297282235 (7.7 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vif4.0: flags=4291<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1500 ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) RX packets 2775 bytes 209562 (204.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 612 bytes 51027 (49.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

xenbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.200.100.101 netmask 255.255.255.0 broadcast 10.200.100.255 ether 1c:83:41:30:25:4a txqueuelen 1000 (Ethernet) RX packets 940601 bytes 8226629518 (7.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 941835 bytes 77577491 (73.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

I thought this below means binded already ?

[20:58 mf-hm80 ~]# xe vm-vif-list uuid ( RO) : 63829bc0-5bea-490f-4a5b-9767a2322452 vm-name-label ( RO): xo-ce device ( RO): 0 MAC ( RO): da:36:3c:2c:03:7f network-uuid ( RO): ec317982-cee3-2a2b-3b50-a18e26355e9c network-name-label ( RO): Pool-wide network associated with eth0

[dsiminiuk]

What do you get from

xe-network-list

[wugutech]

see above from big screenshot attached/uploaded, its already there,

[20:58 mf-hm80 ~]# xe network-list 
uuid ( RO)                : 6a6a2956-70bd-b4ad-8522-fb87ee45039f
          name-label ( RW): Host internal management network
    name-description ( RW): Network on which guests will be assigned a private link-local IP address which can be used to talk XenAPI
              bridge ( RO): xenapi

uuid ( RO)                : ec317982-cee3-2a2b-3b50-a18e26355e9c
          name-label ( RW): Pool-wide network associated with eth0
    name-description ( RW): 
              bridge ( RO): xenbr0

[dsiminiuk]

Oh yes there it is.

[dsiminiuk]

ping -I xenbr0 www.microsoft.com

??

[wugutech]

Yes I can reach outside from host

[21:43 mf-hm80 ~]# ping -I xenbr0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.200.100.101 xenbr0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=24.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=24.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=22.4 ms

[dsiminiuk]

I'm speechless.

[wugutech]

then MAY BE its time to ask XCP-NG forum

[ronivay]

What network configuration you used on the VM, ip-address and gateway. Is it on the same subnet as the host (10.200.100.x) and if not, are you sure that subnet works correctly on that eth0 interface? Since you can access the XO VM via console and ping host, check what routes it has and if you can reach the gateway. If not, then it's most likely just a networking issue on that network where eth0 is connected to.

[wugutech]

host = 10.200.100.101/24 gateway to ethernet laptop 10.200.100.100/24 xoa = 10.200.100.103/24 gateway to 10.200.100.101 (or tried 10.200.100.100),

host can connect internet, or ping 10.200.100.100, laptop can ssh to 10.200.100.101 host can ssh to xoa, while inside xoa, I can ping 10.200.100.101, but not 10.200.100.100, laptop can not ssh to xoa, laptop can reach https://10.200.100.101

[ronivay]

Yeah it should definitely be .100 as the gateway, host doesn't route stuff. Imo that should work just fine as the default networks based on physical interfaces are bridges so the traffic should fly over to your laptop. Yet again, laptop as a router isn't the most widely used setup :) not saying it won't work obviously.

I'm using bonded networks so those default pool-wide networks have PIF disconnected and aren't usable so can't try identical setup myself and don't have another host at hand currently.

But i'd snoop some traffic on laptop and host with tcpdump for example to see if anything is trying to flow over that NIC and pinpoint where the problem actually is.

[wugutech]

If I set below at host level,

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.forwarding=1

now all of them are ping-able, but still xoa can not contact outside internet (it says does not able to resolve), but I can ping to internet IP (not DNS name), tried add nameserver at /etc/resolv.conf, does not help,

from laptop I still can not connect https://10.200.100.103

[ronivay]

You don't (and shouldn't) set those. Not needed as the host isn't a router.

Did you try to dump that VIF interface traffic which is attached to VM? there should be only one in the ifconfig listing on host as you have only one VM. That should show you if any traffic is passed onwards, if yes, do the same on the laptop to see if it gets there and if anything is being sent back.

[wugutech]

Hi its my bad, I use Falkon browser, its probably reject certificate exception, now I can connect just fine,