Upgrading XCP-NG Hypervisor from version 7.6 to version 8.1

My current Hypervisors are running on XCP-NG version 7.6 and the XCP-NG project announced version 8.1 End-of-March here: XCP-ng 8.1 is available. I got the time today to update both of my hypervisor nodes and I’m installing the upgrade remotely over VPN with the remote KVM feature on the management interface of my two servers. The only requirement on site is to create two USB sticks (ISO-Image and Rufus) with the current version of XCP-NG and stick them into the USB ports of the servers.

XCP-NG: Upgrade with USB Stick
XCP-NG: Upgrade with USB Stick

By remote accessing the management port of the servers, I can use the iKVM/HTML5 implementation to get access to the old XCP-NG 7.6 installation. The guys from XCP-NG published the document Upgrade from previous releases and I make sure the recommended requirements are met before I start the upgrade procedure. Detailed screenshots of the xcp-ng-upgrade-to-8.1.htmlXCP-NG Upgrade to 8.1 are available as well.

XCP-NG: Rebooting 7.6 with iKVM over Network
XCP-NG: Rebooting 7.6 with iKVM over Network

After the upgrade procedure (the existing configs, virtual machines, etc. are taken over) the new version 8.1 is shown in the iKVM/HTML5 console. The virtual machines were started automatically as expected and were waiting for their keys for the disk encryption.

XCP-NG After Upgrade to 8.1 (KVM over Network)
XCP-NG After Upgrade to 8.1 (KVM over Network)

However I encountered the issue that in my monitoring system not all data could get queried by SNMP. My understanding is that IPTables and the SNMP daemon need to be configured because both of them are turned off and have a default configuration after the upgrade. To bring back both physical servers into monitoring again I created a simple IPTables rule for SNMP and restart IPTables.

        ~# iptables -N SNMP-Input
        ~# iptables -I INPUT -j SNMP-Input
        ~# iptables -A SNMP-Input -p udp --dport 161 -j ACCEPT
        ~# /sbin/service iptables save  
        ~# service iptables restart
XCP-NG: Creating IPTables rule for SNMP

The first file is /etc/snmp/snmd.conf where I set a configuration similar to this:

        agentAddress udp:161
        view systemonly included .
        view systemonly included .
        view systemonly included .1.3.6
        rocommunity SNMPCOMMUNITYSTRING default -V systemonly
        sysLocation *************
        sysContact *************
        sysServices 72
XCP-NG: SNMP configuration in /etc/snmp/snmpd.conf

The second file is /etc/snmp/snmpd.xs.conf where I change a few lines into something like shown below. After the change, the SNMP daemon must restarted.

        # First, map the community name "public" into a "security name"
        #       sec.name       source        community
        #com2sec notConfigUser  default       public
        com2sec notConfigUser  default       SNMPCOMMUNITYSTRING
        # Second, map the security name into a group name:\
        #       groupName      securityModel securityName
        #group   notConfigGroup v1            notConfigUser
        group   notConfigGroup v2c           notConfigUser

        ~# service snmpd restart
XCP-NG: SNMP configuration in /etc/snmp/snmpd.xs.conf

Note: To verify if SNMP is working, the command snmpwalk -v 2c -c COMMUNITYHOST can be used (if installed on the system).