Setup Xen Orchestra (XO) Community Edition

XCP-NG + Xen Orchestra Community Edition = a powerful 100% free virtualization environment and backup solution. I’m writing this to provide hand holding for those interested in XCP-NG but intimidated by the required command line setup to get Xen Orchestra Community Edition (XOCE) working.

The installation and update scripts for Xen Orchestra were written by DustinB3403; I’m using information from a few different sources to make an easy to follow guide.

For the purposes of this guide I’ll presume you already have XCP-NG installed and that XOCE will be running as a VM on XCP-NG. I’ll also assume you already have XCP-NG Center installed on a Windows OS. You can download XCP-NG Center at https://github.com/xcp-ng/xenadmin/releases.

*Updated 08-16-19 with TOML instructions for HTTPS. Thanks again to SloopDog for posting the HTTPS instructions.

Step 1: Download Linux ISO

I used Ubuntu Server 18.04 LTS (http://releases.ubuntu.com/18.04/). If you’re not comfortable with Linux I suggest you do the same so you can use the same commands without modification. Otherwise, feel free to use your own flavor. Download the Linux ISO and save it in a shared windows folder.

Step 2: Create Storage Repository for ISOs

If you already have a Storage Repository (SR) setup for ISOs copy the Linux ISO to the your ISO SR and skip to step 3.

Before we can use the Linux ISO we need to create a SR for it. In XCP-NG Center right click your pool and select “New SR.” Click ‘Next” then under ISO library select “Windows File Sharing (SMB/CIFS)” and click “Next.” Rename it if you wish then click “Next” again.

Enter the name of a windows’ shared folder containing the Linux ISO in the following format:

\\ServerName\SharedFolderName

This can be a shared folder on a windows file server or on your own workstation. If you use your local workstation be sure to not interrupt your computer’s connectivity while the ISO is mounted.

Check the box next to “Use different user name” and enter windows credentials with access to the shared folder with the username in the following format:

username@MyLocalDomainName.com

then click “Finish.”

In XCP Center find and click the ISO SR you created and click on the “Storage” tab at the top. If no files are listed click “Rescan.” Confirm you can see the Linux ISO in the list.

Step 3: Create the Xen Orchestra VM

In XCP Center right-click your pool and select “New VM.” Click “Next” then select the OS you are installing (or something close to it) from the list then click “Next” again. Name your VM something profound and click “Next” again. In the “Install from ISO library…” drop down select the Linux ISO you downloaded and click “Next” then “Next” again.

Select the amount of virtual CPUs and memory to assign to the VM. I originally used 2 vCPUs (1 socket with 2 core per socket) with 4096 MB and it worked fine but then later increased it to 8192 MB and found my backups seemed to run a little faster. Don’t sweat it too much, you can always change this later. Click “Next” then “Next” again ignoring the GPU settings.

XCP Center will suggest some virtual hard drive settings. Click “Edit” to change the size and location as desired (I used 20GB) then “Okay” and “Next.” XCP Center will then suggest network settings for the VM. If you want to change things click “Edit” to change the VLAN if desired then click “Okay.” You don’t need to worry about the MAC address or QoS. Click “Next” then “Create Now” to fire up the VM and start the installation process.

Click on the new VM then click the “Console” tab to view it doing its thing. Click through the Ubuntu installation using default options and/or common sense. I suggest changing DHCP to a static ip address at this point. When you reach the Software Selection screen scroll to the bottom then “Continue.” After installation is complete it will prompt you to press “Enter” to reboot.

I strongly suggest taking a snapshot (“Snapshots” tab then “Take Snapshot”) after the VM comes back up so you can quickly roll back any accidental misconfiguration.

Step 4: Configure Linux Networking

If you configured a static ip address in the installation process skip to step 5. If you didn’t or you need to change the address we can do it now.

Login to the VM’s console using the username and password you created then enter the following command to gain root access:
sudo bash (then enter the password again). Use the ifconfig command to view the name of your network interfaces:

ifconfig

You should see something like eth0: or ens33: (just ignore lo:). Use this name in place of eth0 below if it is something different.
Then enter the following command to edit the network settings file:

nano /etc/cloud/cloud.cfg.d/50-curtin-networking.cfg

Change the text so it looks like the text below (with your own networking settings) but with the lines indented the number of spaces as the number in the parenthesis (don’t enter the parenthesis or the number at the end of each line). See pic.

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network: (0)
version: 2 (2)
renderer: networkd (2)
ethernets: (2)
eth0: (4)
dhcp4: no (6)
dhcp6: no (6)
addresses: [192.168.1.2/24] (6)
gateway4: 192.168.1.1 (6)
nameservers: (6)
addresses: [8.8.8.8,8.8.4.4] (8)

Click CTRL-O then Enter to write the changes to the file and CTRL-X to quit. Then enter the following command to make the changes effective:

cloud-init clean

Ping the address from your workstation to make sure it responds and then silently bask in your ascendance from your previous Windows-Admin-Only Self.

Step 5: Update Linux and Install XOCE

Start by installing XCP-NG guest tools. In XCP Center click on the XOCE VM and click the “Console” tab and select “guest-tools.iso” from the DVD Drive 1 drop down. Login to the console and use the following command to get root access:

sudo bash

Then mount the guest tools ISO with the following command:

sudo mount /dev/cdrom /mnt

If you get a “wrong fs type…” error wait a minute then try the command again. After you see the “…mounting read only” message launch the install:

/mnt/Linux/install.sh (capitalization is important)

then hit y. Then install the SSH Service:

sudo apt install openssh-server

and make it listen on port 22:

nano /etc/ssh/sshd_config

Find the line with #port 22, delete the ‘#’ then hit CTRL-O to save and CTRL-X to quit

Use Putty on your workstation to open a SSH session (https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)
to your XOCE VM. You can (and probably should) copy and paste the more complex commands from this guide; use a right-click to paste the copied text into Putty. Note that as network changes are made to the VM you’ll likely have your Putty session disconnected. When this happens give it a bit then right click the title bar and click “restart session” to reconnect.

Login to the SSH session with the username and credentials you already created and use the following command to get root access:

sudo bash

Then enter the following command to update Linux:

apt-get upgrade -y; apt-get autoremove -y

and wait for the update to finish. After that a reboot is in order. Enter the following command:

reboot

Next get root with sudo bash and then install XOCE with the following command:

sudo curl https://raw.githubusercontent.com/Jarli01/xenorchestra_installer/master/xo_install.sh | bash

(The lines above should be entered as one single command; the command launches an installation script written by DustinB3403)
then wait for the installation to finish. It will take awhile; don’t worry if it appears to be stuck at the “Successfully compiled…” screen. Just be patient and keep waiting.

While the initial installation will work okay Git will complain during updates if you don’t select an email address and username. It doesn’t have to be a real email address or username; a fake one will work fine. Enter the following commands with your own fake information to make it happy:

git config --global user.email "TotallyRealEmailAddress@Ipromise.com"
git config --global user.name "CompletelyRealName NotLying"

Reboot again:

reboot

Step 6: Update XOCE

Update XOCE to bring it up to latest version and enable some extra features. I suggest taking a snapshot before updating XOCE.

Get root:

sudo bash

And update XOCE:

sudo curl https://raw.githubusercontent.com/Jarli01/xenorchestra_updater/master/xo-update.sh | bash -s -- -f

(The lines above should be entered as a single command; the command launches an update script written by DustinB3403. Be careful when copying and pasting this line; sometimes the dashes get mangled. If it doesn’t work try erasing and re-adding each dash in the command)

Then reboot. After your VM comes back up you should have a basic working XOCE installation. Give it a few minutes then try navigating to the ip address of the VM in a browser. The default credentials are as follows:

admin@admin.net
admin

Step 7: Configure HTTPS

You can skip to step 10 if you’re just setting up a test environment and/or don’t need to worry about security or LDAP authentication.
If you’re setting up a production environment I suggest configuring HTTPS before connecting XOCE to your hosts. It’s also a good time to take another snapshot.

Major props to SloopDog who wrote the updated HTTPS instructions below:

2019-04-17
TOML config - the new XOA uses TOML, not YAML.
[That's nice, because it's not as picky as YAML.]

The quick and dirty steps.

1) I generate new key and self signed certs.

# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/certificate.pem

[I often use a template OS on a VM, and don’t want to keep using the same key/cert as was originally generated on the initial install. You can skip this step if you like, and/or don’t need a unique cert/key.]

Then make a copy of the TOML file.

# cp /opt/xen-orchestra/packages/xo-server/.xo-server.toml /opt/xen-orchestra/packages/xo-server/xo-server.toml.bak

Now edit the toml file.

# nano /opt/xen-orchestra/packages/xo-server/.xo-server.toml

---
Comment out the port = 80 line and add directives for 443 and your new cert/key
Like so.

#port = 80
port = 443
cert = '/etc/ssl/certs/certificate.pem'
key = '/etc/ssl/private/key.pem'

Save your file.

Restart the service.

# systemctl restart xo-server.service

Now open your browser and try it.

Step 8: Troubleshoot HTTPS

TOML is much easier than YAML so this section almost isn’t needed anymore. If you do run into trouble you can check the logs by following the steps below:

Ssh to your VM, login, and get root with sudo bash. Restart the Xen Orchestra service:

systemctl restart xo-server.service

Then view the service’s system logs:

journalctl -u xo-server -f -n 50

Step 9: Configure LDAP Authentication

Almost done. To setup LDAP authentication first login to Xen Orchestra with the default credentials:

Username: admin@admin.net
Password: admin

1. On the blue column to the left click “Settings” then “Plugins.”
2. Click the blue “+” to the right of “auth-ldap” to expand its settings.
3. Next to “uri” enter the following:
   ldap://**FQDN of Domain Controller** (I left checkCertificate off)
4. Under “bind” click the checkbox and enter the username of an account in AD in the following format:
   username@localdomain.org
   And then the password.

Next to “base” enter the OU in AD containing users allowed to login to Xen Orchestra. If your XO admins were contained in an OU named “xoadmins” inside the “users” OU and your domain was localdomain.org you’d enter it in the following format:

OU=xoadmins,OU=users,DC=localdomain,DC=org

Next to “filter” enter the following:

(sAMAccountName={{name}})

Click “Save configuration” then scroll up and click the switch to the left of “auth-ldap.” It should turn green.

Users in the OU you selected should now able to login to Xen Orchestra. However, they aren’t able do anything until you assign them permissions.

To assign permissions click “Settings” then “Users.”

Users who have logged in before being granted permissions will appear in the list as “users.” Use the dropdown to change to Admin.
For accounts that have not yet logged in, enter the AD username, select Admin, and enter any password (it will be ignored) then click “Create.”

Change the default admin credentials to something else and you’re done.

Step 10: Connect XOCE to Hosts

Finally, the goods. Click “Settings” then “Servers” and add in your server information. You only need to enter the Master of each pool; XOCE will discover the rest. Click the switch to the right of the scarred eye to allow unauthorized certificates and then click “Connect”.

Don’t forget to go back and delete the VM’s snapshots after everything is tested and working.

Official documentation and forum referenced below. Both refer to the installation method above as using Xen Orchestra “from the sources” and the paid Xen Orchestra appliance as XOA.

XOCE can do everything XCP-NG Center can and more, but IMO it has a less intuitive user interface. I still use XCP Center when I want an quick overview of my environment or when I need to quickly move a few VMs around. For everything else though (storage migrations, host updates, etc) you’ll want to use XOCE as it is more reliable. And XO is the de facto backup method for XCP-NG/XenServer.

Backup NG is where you’ll setup your backup jobs in XOCE. Backup is a depreciated method kept around for compatibility.

Src:

https://community.spiceworks.com/how_to/154204-how-to-setup-xen-orchestra-community-edition-free

https://xcp-ng.org/forum/category/12/xen-orchestra

https://xen-orchestra.com/docs/

https://github.com/xcp-ng/xenadmin/releases

https://mangolassi.it/topic/12809/xen-orchestra-community-edition-installing-with-yarn