Upgrading XCP-NG Hypervisor from version 7.6 to version 8.1

Table of contents

  1. Upgrading XCP-NG Hypervisor
  2. Remote access server management
  3. After upgrade to 8.1
  4. Fixing SNMP monitoring issues
    1. Fixing iptables
    2. Fixing snmpd

Upgrading XCP-NG Hypervisor

My current Hypervisors are running on XCP-NG version 7.6 and the XCP-NG project announced version 8.1 End-of-March here: XCP-ng 8.1 is available. I got the time today to update both of my hypervisor nodes and I’m installing the upgrade remotely over VPN with the remote KVM feature on the management interface of my two servers. The only requirement on site is to create two USB sticks (ISO-Image and Rufus) with the current version of XCP-NG and stick them into the USB ports of the servers.

XCP-NG: Upgrade with USB Stick

Remote access server management

By remote accessing the management port of the servers, I can use the iKVM/HTML5 implementation to get access to the old XCP-NG 7.6 installation. The guys from XCP-NG published the document Upgrade from previous releases and I make sure the recommended requirements are met before I start the upgrade procedure. Detailed screenshots of the xcp-ng-upgrade-to-8.1.htmlXCP-NG Upgrade to 8.1 are available as well.

XCP-NG: Rebooting 7.6 with iKVM over Network

After upgrade to 8.1

After the upgrade procedure (the existing configs, virtual machines, etc. are taken over) the new version 8.1 is shown in the iKVM/HTML5 console. The virtual machines were started automatically as expected and were waiting for their keys for the disk encryption.

XCP-NG After Upgrade to 8.1 (KVM over Network)

Fixing SNMP monitoring issues

Fixing iptables

However I encountered the issue that in my monitoring system not all data could get queried by SNMP. My understanding is that IPTables and the SNMP daemon need to be configured because both of them are turned off and have a default configuration after the upgrade. To bring back both physical servers into monitoring again I created a simple IPTables rule for SNMP and restart IPTables.

    ~# iptables -N SNMP-Input
    ~# iptables -I INPUT -j SNMP-Input
    ~# iptables -A SNMP-Input -p udp --dport 161 -j ACCEPT
    ~# /sbin/service iptables save  
    ~# service iptables restart

Fixing snmpd

The first file is /etc/snmp/snmd.conf where I set a configuration similar to this:

    agentAddress udp:161
    view systemonly included .
    view systemonly included .
    view systemonly included .1.3.6
    rocommunity SNMPCOMMUNITYSTRING default -V systemonly
    sysLocation *************
    sysContact *************
    sysServices 72

The second file is /etc/snmp/snmpd.xs.conf where I change a few lines into something like shown below. After the change, the SNMP daemon must restarted.

    # First, map the community name "public" into a "security name"
    #       sec.name       source        community
    #com2sec notConfigUser  default       public
    com2sec notConfigUser  default       SNMPCOMMUNITYSTRING
    # Second, map the security name into a group name:\
    #       groupName      securityModel securityName
    #group   notConfigGroup v1            notConfigUser
    group   notConfigGroup v2c           notConfigUser

    ~# service snmpd restart

Note: To verify if SNMP is working, the command snmpwalk -v 2c -c COMMUNITYHOST can be used (if installed on the system).