Xen Orchestra Backup, Single VM Failing

JaredBusch

@olivier said:

Done: https://github.com/vatesfr/xo-web/commit/f9028cb366e6a102a5a0fd54755c7c0163e62a3c

Re job 9: Personally, I would not say finished here. Simply state error or Failure or something.

I know it IS finished. but say you eventually setup an email on job status. how will I route it with rules if both success and failure say finished?

This is how I handle my veeam backup stuff now.

So, all my notices are filtered away unless it has some other status.

https://i.imgur.com/MPZJ1hR.jpg

https://i.imgur.com/D1whu9s.jpg

Well except this warning. These are success too. The damned HP recovery partition always fires a warning on space.

https://i.imgur.com/vztYv2R.jpg

olivier

I'll need to hire 50 lads to release all those ideas/features

dafyre

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

Alex Sage

@dafyre How does it even know what the public IP is?

stacksofplates

@dafyre said:

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

You're running XO in a vm on the XenServer?

DustinB3403

@johnhooks said:

@dafyre said:

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

You're running XO in a vm on the XenServer?

Yes.

That is normal.

stacksofplates

@DustinB3403 said:

@johnhooks said:

@dafyre said:

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

You're running XO in a vm on the XenServer?

Yes.

That is normal.

I just wanted to make sure I understood how he set it up.

DustinB3403

Now it wouldn't hurt to have a separate host, but on the primary host is also normal.

stacksofplates

@dafyre said:

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

Another question, is this a bridge for an internal network? Or did they give you a local network for your server?

dafyre

@anonymous said:

@dafyre How does it even know what the public IP is?

This is what I'd like to know, lol. I am expecting it is something in the XAPI or something with XenServer configs somewhere... It should be noted that this is a Dedicated machine rented from KimSufi in France. I have exactly 1 public IP that I can use for this server.

Dashrender

I was wondering if the XO VM has external DNS servers instead of internal ones. Or maybe both, and it's failed over to the external one.

I've found that I can never have internal and external DNS servers if I have a split-brain/split-horizon DNS situation. I can only use internal DNS or I WILL end up with problems.

dafyre

@johnhooks said:

@dafyre said:

I'm having a similar issue, but different, lol. I am unable to backup any of my XenServer VMs. I am using an XO Machine built with @DustinB3403 's instructions. I am connecting to my XenServer using it's inside IP address (192.168.15.1/24) from my XO Server (192.168.15.2/24).

When the backup jobs try to run, my XO Server tires to connect to the PUBLIC IP address of my XenServer.

This poses a problem this is a hosted XenServer instance with a single public IP address... I am using ports 80 and 443 to run an Nginx proxy as a VM.

Is this a bug in XO, by any chance? @olivier ?

If the answer to that question is "NO", then what can I do to fix XenServer so that it only listens on my inside IP addresses?

Another question, is this a bridge for an internal network? Or did they give you a local network for your server?

The public interface is bridged to my internal VM network... ie:

XenBr1 = MyPublicIP
xapi1 = 192.168.15.1/24 (on the physical XenServer host).

XO = 192.168.15.2 / 24 (VM)
IIS Server = 192.168.15.3/24 (VM)
Nginx = 192.168.15.4/24 (VM)

I can surf the web just fine from all of the VMs (Ubutnu 15 server using Lynx, or Windows 2012 R2 using IE).

When I have my IIS server turned on, my NGINX Proxy does its job and serves up the pages.

And I now have iptables & NGinx working nicely together with XenServer and I can run XenCenter and communicate with the XenServer over HTTPS through the Nginx proxy (Yes, I realize this is convoluted, lol).

The problem that I am now having is that XO is trying to communicate with the XenServer via public IP instead of the private IP. I could fix it by setting iptables up for hairpin NAT, but I want to avoid this.

stacksofplates

@dafyre said:

run XenCenter and communicate with the XenServer over HTTPS through the Nginx proxy

Where is XenCenter running? Local to you, or on a VM in the XenServer? If it's running local to you that might be the issue. XO might be trying to connect to XenServer and nginx is only allowing outside 443 to XenServer.

dafyre

If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.

If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.

My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.

travisdh1

@dafyre said:

If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.

If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.

My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.

Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.

dafyre

@travisdh1 said:

@dafyre said:

If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.

If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.

My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.

Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.

This is a physical server hosted @ Kimsufi in France, lol. Physical trips are not an option.

If I snafu it that badly, I can wipe & reload the machine through their web interface. Once I get it set up right, I'll be locking down the ports for XenCenter, etc, to only allow connections from my home IP address.

travisdh1

@dafyre said:

@travisdh1 said:

@dafyre said:

If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.

If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.

My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.

Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.

This is a physical server hosted @ Kimsufi in France, lol. Physical trips are not an option.

If I snafu it that badly, I can wipe & reload the machine through their web interface. Once I get it set up right, I'll be locking down the ports for XenCenter, etc, to only allow connections from my home IP address.

I haven't tried this myself, but I bet you could get ZeroTier running on a XenServer. I might have to attempt that at work tomorrow actually, would be really handy.

dafyre

I have actually considered that. That doesn't fix my underlying problem though. I can't change the ip or ports that XenServer is listening on through config files, etc that I have found.

stacksofplates

One more question, are the backups being done on a local folder on the XO server or NFS?

dafyre

@johnhooks said:

One more question, are the backups being done on a local folder on the XO server or NFS?

I started with a local folder on XO, and someone else suggested NFS as well. Either makes no difference. I can see in the XO log files that it is connecting to my public IP and failing because by default, IPTables doesn't like hairpin connections.