My current Hypervisors are running on XCP-NG version 7.6 and the XCP-NG project anncounced version 8.1 End-of-March here: XCP-ng 8.1 is available. I got the time today to update both of my hypervisor nodes and I'm installing the upgrade remotely over VPN with the remote KVM feature on the management interface of my two servers. The only requirement on site is to create two USB sticks (ISO-Image and Rufus) with the current version of XCP-NG and stick them into the USB ports of the servers.
By remote accessing the management port of the servers, I can use the iKVM/HTML5 implementation to get access to the old XCP-NG 7.6 installation. The guys from XCP-NG published the document Upgrade from previous releases and I make sure the recommended requirements are met before I start the upgrade procedure. Detailed screenshots of the XCP-NG Upgrade to 8.1 are available as well.
After the upgrade procedure (the existing configs, virtual machines, etc. are taken over) the new version 8.1 is shown in the iKVM/HTML5 console. The virtual machines were started automatically as expected and were waiting for their keys for the disk encryption.
However I encounterd the issue that in my monitoring system not all data could get queried by SNMP. My understanding is that IPTables and the SNMP daemon need to be configured because both of them are turned off and have a default configuration after the upgrade. To bring back both physical servers into monitoring again I created a simple IPTables rule for SNMP and restart IPTables.
~# iptables -N SNMP-Input ~# iptables -I INPUT -j SNMP-Input ~# iptables -A SNMP-Input -p udp --dport 161 -j ACCEPT ~# /sbin/service iptables save ~# service iptables restart
The first file is /etc/snmp/snmd.conf where I set a configuration similar to this:
agentAddress udp:161 view systemonly included .220.127.116.11.2.1.1 view systemonly included .18.104.22.168.22.214.171.124 view systemonly included .1.3.6 rocommunity SNMPCOMMUNITYSTRING default -V systemonly sysLocation ************* sysContact ************* sysServices 72
The second file is /etc/snmp/snmpd.xs.conf where I change a few lines into something like shown below. After the change, the SNMP daemon must restarted.
#### # First, map the community name "public" into a "security name" # sec.name source community #com2sec notConfigUser default public com2sec notConfigUser default SNMPCOMMUNITYSTRING #### # Second, map the security name into a group name:\ # groupName securityModel securityName #group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser ~# service snmpd restart
Note: To verify if SNMP is working, the command snmpwalk -v 2c -c COMMUNITY HOST can be used (if installed on the system).